June 29, 2022, Dothan, Alabama – RealTime, LLC is proud to announce the successful launch of the RealTime IT Co-Op Program. RealTime has partnered with Dothan City Schools (DCS) to provide a hands-on learning experience for high school students in their junior/senior year(s) of high school.

 “This Co-Op experience is invaluable to any young person interested in working in the Information Technology field,” said Deidre Frith, Director of Marketing and Culture. “We created this program for high school students who have exhibited qualities that lend themselves to being tech-savvy as well as holding a deeper interest in tech as a potential career. This Co-Op is hands-on for the student but more importantly, connects them with a mentor. Being shown the ropes at such a young age can change the trajectory of their career path.”

 Jayden McCory, an incoming DCS junior and student of Mr. Rodney McCloud, was selected as the first RealTime IT Co-Op student and began working with RealTime on June 14, 2022, in the Field Services Department under Tommy Price, RealTime Field Services Manager.

 “Jayden is doing great,” said Price. “He has had the opportunity to do everything from off-boarding PCs to setting up new PCs, and he has been onsite with our Field Tech, Jared, visiting several clients. I mean, he has gotten exposed to a lot of different things; he learns very quickly and is doing great.”

 During the RealTime IT Co-Op, McCory will learn and develop trade skills focused on IT Field Services and receive extensive on-the-job training while being immersed in the day-to-day operations. McCory has been learning how to coordinate with clients on repairs, set up and install PCs for client deployments, and the process to escalate issues to the necessary department. The exciting aspect of this Co-Op is that McCory is being mentored by an experienced Field Services tech while he conducts client-onsite visits for networking, installations, and other tickets that may be assigned on a normal business day. McCory will continue the RealTime IT Co-Op during the 2022-2023 school year while attending Dothan High School.

STUDENT SELECTION PROCESS
During the 2021-2022 school year, Frith, along with Director of IT Operations, Brian Lapham, visited several different classes at Dothan High School to promote the RealTime Co-Op program thanks to the partnership with Ryan Richards, DCS Central Office Coordinator for Workforce Development. Students were asked to submit a letter explaining their interest in IT as a career. All students who applied were then offered in-person interviews with Lapham. Offering students the opportunity of a physical interview for the position allowed everyone, even those not hired, the opportunity to gain real-life experience from this program. Each student was able to learn what the interview process felt like in a real-world setting. RealTime had five submissions from interested DCS students who were contacted for interviews. Three candidates participated in the interview process and ultimately McCory was selected as the best candidate for the position.  

RealTime plans to continue growing the program and expanding it to other surrounding school systems in the Wiregrass. The RealTime IT High School Co-Op is a valuable learning opportunity as well as a paid, part-time position that begins in the summer and continues through the next school year. If you are interested in having your school participate in the RealTime IT Co-Op program, please contact Deidre Frith at dfrith@realtime-it.com.

ABOUT REALTIME LLC

RealTime LLC provides fully managed Information Technology services for businesses in the Wiregrass area and beyond that include business continuity and disaster recovery planning, cyber security protection, HIPAA compliance, threat prevention, private cloud backup, and more. RealTime has been providing elite IT managed services to the Wiregrass area since 2000. For more information about RealTime IT, visit www.realtime-it.com.

RealTime LLC also provides Revenue Cycle Management for a broad range of specialties in the medical field including Hematology, Oncology, Chemotherapy, Mental Health, Hospitalist, OB/GYN, Ophthalmology, Optometry, Family Care, Pain Management, Pediatrics, Rheumatology, Internal Medicine, Wound Care, Chiropractic, Cardiology, Aviation Medicine, Otolaryngology, Plastic Surgery, Allergy Medicine, Dental, Reference Lab, Speech, Physical Therapy, General Surgery, Outpatient Surgery, Neuro Surgery, and Cardio-Thoracic Surgery. For more information about RealTime RCM, visit www.realtime-medical.com

###

Statement and Release from The White House

VIEW ORIGINAL POST HERE

Cyber Insurance Prep for 2022

Are you a business who is looking at a cyber insurance policy and just not ready to commit?

Or, perhaps you haven’t renewed your cyber insurance policy recently?

Read on, because this article is written just for you…

RATES ARE GOING UP

No surprise that rates are going up especially since we’ve been seeing SMB rates for cyber insurance rise as much as 100% or more. The reason this is happening is because some insurers are taking unacceptable losses and are raising rates accordingly. Other insurers are not renewing or offering new cyber insurance policies going forward. A few are “pausing” writing new policies, probably trying to decide if they can weather the storm. 

MFA TO HELP AVOID COVERAGE REJECTION

Requirements to get a policy are real! If you apply for a policy (or renew your policy) the following are hard requirements you need to have in place if you want to be covered. Don’t risk getting a ‘no’ from your insurance provider, be prepared starting with Multi Factor Authentication (MFA).

MFA is required for the following:

1. Microsoft 365 or other Hosted email services

2. VPN users

3. When enabling your Remote Desktop Protocol

WHY DO THEY REQUIRE MFA?

The above three areas are where most cyber incidents being which is why insurers will not cover your business if you won’t take these very basic (and often no cost) precautions. These days, not following this type of guidance is akin to inviting the bad guys in. Your business is NOT too small for the bad guys. They have an automated process which makes everyone a target, large or small.

WANT TO HEAR SOMETHING SCARY?

We received notice from our dark web monitor just yesterday that a client account was up for sale due to a phishing scam – this person’s email account credentials were up for sale and it was a current password! I logged in using the info the bad guys had, and lo and behold, someone from Russia was logged into the account too. Yikes! There was a 99.9% chance that this would not have happened if MFA was in use.

ON AVERAGE, 1.2 MILLION MICROSOFT
ACCOUNTS ARE COMPROMISED MONTHLY.

WHEW! CHECKLIST

1.     Enable MFA for everyone using Microsoft 365, G-Suite, etc. and enforce this.

2.     If you allow direct RDP access to computers and servers in your office, you really need to turn this off and pick a more secure method of remote access.

3.     If you use VPN’s for remote access, enforce MFA usage.

4.     Train your folks to recognize social engineering attempts and phishing (the most common form of social engineering we see) attempts along with clear guidance on what they should do when (not if) they encounter these situations.

5.     Shore up your password policies. Require long, unique credentials for everything, backed up by MFA where possible. No password reuse either – it’s just inviting problems. Then, use a password manager to easily keep up with your good, unique passwords.

References

https://www.zdnet.com/article/microsoft-99-9-of-compromised-accounts-did-not-use-multi-factor-authentication/ 

https://www.insurancebusinessmag.com/us/news/cyber/preparing-for-cyber-insurance-2022-renewals-319072.aspx

As Tropical Storm Fred is traveling towards Southeast Alabama, now is the time to take action and be prepared to protect your computers, printers, files and data.

1. ENSURE YOU HAVE A BACKUP

• Backup your files! It's good practice to frequently backup your data files. We recommend a hybrid-cloud image-based backup that can be used to restore data and applications even if your server is destroyed, and that can restore data from different points in time.

• Print a copy of your important/emergency contacts and take them with you if you do not have access to them from your phone or computer, you'll have them available to use via a landline.

• RealTime Clients: Everyone who is on our Business Continuity Service – Your servers are backed up and replicated offsite daily. If there is a problem, we correct that as part of the service. As hurricanes approach your physical location, we’ll be talking with you and confirm things are backed up and replicated prior to you shutting your operations down as part of your storm prep.

2. SECURE YOUR EQUIPMENT

• COMPUTERS

  • Shutdown the operating system.

  • If connected to a surge protector or UPS - unplug from the wall outlet (or unplug power cables from the surge protector or UPS if wall outlet isn't accessible).

  • Unplug Ethernet cable from the back of computer or docking station.

• PRINTERS

  • Power off the printer.

  • If connected to a surge protector - unplug as described above.

  • Unplug the Ethernet cable from the back of the printer.

  • Unplug the phone cable from the back of the printer (if a fax line is connected).

• SERVERS AND NETWORK EQUIPMENT

  • Perform a normal shutdown of the servers. RealTime clients: Please coordinate with RealTime service desk. 

  • Unplug all connections - Take photos to document how things were prior to the event. 

  • Firewalls, Switches, Access Points - unplug them from power. Unplug the firewall from the internet connection as well. Ideally, unplug all the network connections (surges can travel through the network cabling).

  • Battery backups - power these off and then unplug them.

  • Phone systems - Check with your vendor to see what steps you can take to protect it.
     

3. PROTECT FROM WATER/WIND

When a major storm is predicted, elevate your CPUs, printers, servers, and other network devices, as well as other electrical appliances like space heaters, off of the floor.  For high winds, move computers away from windows.  If there is a possibility of water leakage, cover computer equipment with plastic.

4. CONTINUING OPERATIONS AFTER THE STORM

•  If you are in the path, power and internet connectivity may be hard to come by for a few days. Generators can provide enough power to run your critical computer equipment – just be sure you are connecting up to something that can deal w/ the power fluctuations many generators have. Please ask RealTime before connecting things up to generators as they can damage sensitive equipment. Modern battery backups may have the capability to condition the power off of a generator – check with the manufacturer to confirm before trying this.

• 4G USB modems or Mifi can get you connected in an emergency. Everything you do may not work, but basic web browsing.

• Forward your phones – If the office is expected to be out a few days, most phone service providers have a way for you to forward calls to your business to a cell phone or alternate number. Get the steps now, before you need them.

5. BE PREPARED

Knowing what steps to take ahead of time will help you be prepared in the worst-case scenario. RealTime is committed to ensuring our clients are prepared with the proper technology to meet their current/future needs as well as advising them about safeguarding their business from weather-related, cyber and other disasters. 

If you would like further information about RealTime managing Information Technology for your business, contact us at info@realtime-it.com.

Blog: Todd Swartzman, RealTime Chief Information Security Officer

LET’S BEGIN AT THE END

Let’s go a bit out of order and focus on the end of these types of events, the recovery. After all, if your business falls victim to a ransomware attack or some other type of breach, eventually you will get to the recovery phase. In talks with business owners over the past couple of years, no one thinks too much about what recovering from an event looks like for them. At RealTime we hear “I’ll call you guys!” or “our insurance will handle it”, “our IT guy will deal with it.” Are these courses of action something to stake your business on? Let’s use a real world example happening now:

COLONIAL PIPELINE EVENT/RECOVERY FACTS

1.  Event May 5, 2021

2. Took five days and there are still intermittent service interruptions happening.

3. Budget? Unlimited. This was a recover at all costs exercise.

4. Government help – there for the asking

5. Temporary lifting of regulations to help deliver product.

6. Colonial Pipeline paid $4.4 million in ransom within hours of the attack. They opted to pay the ransom because it was unsure of the extent of the breach. The hackers provided the company access to a decryption program following the payment, but Colonial Pipeline was not able to immediately restore operations with the tool.

 HOW WOULD THIS COMPARE TO YOUR BUSINESS RECOVERY?

1. Do you have unlimited funding and is FedGov offering every assistance available to you?

2. Can you go 24x7 until it’s recovered? What about your primary business serving customers, who’s going to do that while all hands are on deck dealing with the current fire? If you have one IT guy, this isn’t realistic, even if they did have the requisite skills, and they probably don’t.

3. Do you assume you’ll only be down for a few days? Average time to recover a small business is about two weeks, but that can vary wildly.

 CLOSING

CYBERSECURITY IS NOT JUST A TECHNICAL PROBLEM. IT’S A BUSINESS PROBLEM.

Use this as a lesson you can learn at someone else’s expense. Review your own controls, backups, response plans, insurance policy, and your budget to make sure that your plan is documented, understood, and most importantly is realistic.

 CISA (Cybersecurity & Critical Infrastructure Agency) put out an alert on Best Practices for Preventing Business Disruption from Ransomware Attacks. And if you are curious, yes, Colonial Pipeline would be subject to adhering to CISA requirements as they are critical infrastructure.

Article link: https://us-cert.cisa.gov/ncas/alerts/aa21-131a