OCTOBER 2015

10 Cybersecurity Tips For Small BusinessesEvery October since 2004, National Cyber Security Awareness Month—administered by the Department of Homeland Security (DHS)—reminds us of the importance of protecting not only our individual identities, finances, and privacy but also our country’s national security, critical infrastructure, and economy. Cyber security is a responsibility shared by all—the public sector, the private sector, and the general public.

Broadband and information technology are powerful tools for small businesses to reach new markets and increase sales and productivity. However, cybersecurity threats are real and businesses must implement the best tools and tactics to protect themselves, their customers, and their data. Visit www.fcc.gov/cyberplanner to create a free customized Cyber Security Planning guide for your small business and visit www.dhs.gov/stopthinkconnect to download resources on cybersecurity awareness for your business.

Here are ten key cybersecurity tips to protect your small business:

1. Train employees in security principles. Establish basic security practices and policies for employees, such as requiring strong passwords and establish appropriate Internet use guidelines, that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data.

2. Protect information, computers, and networks from cyber attacks. Keep clean machines: having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available.

3. Provide firewall security for your Internet connection. A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall.

4. Create a mobile device action plan. Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.

5. Make backup copies of important business data and information. Regularly backup the data on all computers.

Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud.

6. Control physical access to your computers and create user accounts for each employee.

Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly

easy targets for theft or can be lost, so lock them up when nattended. Make sure a separate user account is created

for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.

7. Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.

8. Employ best practices on payment cards. Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.

9. Limit employee access to data and information, and limit authority to install software. Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.

10. Passwords and authentication. Require employees to use unique passwords and change passwords every three months. Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactorauthentication for your account.

The FCC’s Cybersecurity Hub at www.fcc.gov/cyberforsmallbiz has more information, including links to free and low-cost security tools.

Create your free small business cyber security planning guide at www.fcc.gov/cyberplanner. To learn more about the Stop.Think.Connect. Campaign, visit www.dhs.gov/stopthinkconnect.

2

From The Desk of

ACTSmart’s Year-To-Date Protection Stats for our “Total Control” clients

For more info about email security, archiving, and encryption go to GoAmerican.com/technology/reflexion

• 1,436,399 messages delivered successfully• 5,167,655 messages blocked as spam• 172,302 messages sent outbound• 5,791 viruses blocked• 98,948 messages blocked to unknown recipients

Happy Cyber Security Month! October is the month for being scared –

and Cyber Security threats are scarier than chainsaw wielding zombies! We’ll be posting security information all month long on our website and our Facebook page. Be sure to follow us at Facebook.

com/ACTSmart or Facebook.com/ACTSmartDental

Pam and I are off to Nashville again where we’ll be meeting with Shark Tank’s Robert Herjavec who owns the largest IT security company in Canada. He’s one of several speakers on IT security issues at this conference.We'll share this information with you when we get back!

October is Cyber Security Month BEWARE!!

33

OCTOBER 2015

Apple’s iOS App Store Suffers First Major Attack www.VentureBeat.com

Apple Inc said on Sunday it is cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet.

The company disclosed the effort after several cyber security firms reported finding a malicious program dubbed XcodeGhost that was embedded in hundreds of legitimate apps.

It is the first reported case of large numbers of malicious software programs making their way past Apple’s stringent app review process. Prior to this attack, a total of just five malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks Inc.

The hackers embedded the malicious code in these apps by convincing developers of legitimate software to use a tainted, counterfeit version of Apple’s software for creating iOS and Mac apps, which is known as Xcode, Apple said.

“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in an email. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

She did not say what steps iPhone and iPad users could take to determine whether their devices were infected.

Palo Alto Networks Director of Threat Intelligence Ryan Olson said the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack.

Still, he said it was “a pretty big deal” because it showed that the App Store could be compromised if hackers infected machines of software developers writing legitimate apps. Other attackers may copy that approach, which is hard to defend against, he said.

“Developers are now a huge target,” he said.

Researchers said infected apps included Tencent Holdings Ltd’s popular mobile chat app WeChat, car-hailing app Didi Kuaidi and a music app from Internet portal NetEase Inc.

The tainted version of Xcode was downloaded from a server in China that developers may have used because it allowed for faster downloads than using Apple’s U.S. servers, Olson said.

Chinese security firm Qihoo360 Technology Co. said on its blog that it had uncovered 344 apps tainted with XcodeGhost.

Apple declined to say how many apps it had uncovered.

4

To Review Or Not To Review…That Is The Question

5 Ways To Reduce The Fear...by Nancy Kagan, SummitDentalPartners.com • 781-724-7975Just the word review seems to strike fear in the hearts of many dentists. Historically, the word review was synonymous with the word raise and I believe this is where the fear comes from. But despite the assumption that the only reason an employee wants a review is to get a raise is simply not true. Oh sure, some if not most employees want a yearly raise but in fact based on my experience most value the review just as much.

Let’s start by defining the word review. “A formal assessment or examination of something with the possibility or intention of instituting change if necessary.” With this in mind let’s look at 5 ways to implement this assessment so that you can make necessary changes in your practice.

1. Define the review-make sure that the expectation of the review is clear. It is a chance for the employee and employer to sit down together in order to evaluate performance, assess strengths and weaknesses and to set the course for change. It gives your employee a voice and allows you, the employer, to listen to concerns in order for you to make change as well. It is not a compensation review but a performance review.

2. Schedule annual reviews at the same time every year. This eliminates the anticipation of whether or not there will be reviews. It also allows your employees a chance to prepare. If you hold reviews every September, for example, you could schedule appropriate merit raises for January. This would allow each employee time to make any necessary corrections that were discussed at their review.

3. Have your employees review themselves-It is always interesting to me how candid most employees are when asked to come to the review with a self-evaluation. Strengths, areas of concern and contributions above and beyond should be included and discussed from the perspective of both the employee and the employer.

4. Allow enough time-Do not hold reviews on the fly. Make sure there is adequate time for both parties to relax (a bit) to ensure that there is time for a full dialogue.

5. Encourage your employees-Since performance above and beyond is the basis for a compensation review (at a future date) Suggest that your employees keep track throughout the year of anything they did that might be considered outside of their job description. Not only is it easy for them to forget over the course of a year but you, in fact, may not even be aware. This will encourage the very behavior that you want to see…employees looking for ways to contribute to the business that will help you and help them come review time.

Compensation changes should be considered merit raises and are based on many factors - the profitability of the company, the economic climate, industry standards and practice needs. Most importantly though, they should be based on merit. Having a review first will allow both parties to determine merit and can allow time for necessary corrections to take place. An employee would then have the opportunity to make changes that were discussed at the review which could improve their chances of getting that raise.

5

by Angela M. Donovan, CDPMA • NEDentalManagers.com • 781-820-8485

The Team That Learns Together

Succeeds Together!

OCTOBER 2015

New England Dental Office Managers

Continuing education is a necessity for any dental practice. Are you reaping the benefits as a team?

As an office manager, there is nothing more

frustrating than when the doctor attends a continuing education course and returns ready to go and expects you to know how to bring the rest of the team up to speed. He or she hands you a printout of some PowerPoint slides with their notes scribbled in the margin and they tell you that effective immediately, we’re implementing this into the practice. 99% of the time, the new system fails. It fails because the team wasn’t at the course. They did not get the comprehensive training that the doctor did. It’s unfair and confusing to the team to be expected to know how to implement a new product, technique or system without being given the proper training to do so.

Continuing education isn’t just learning. It can be used for a number of positive aspects including team building. Plan an entertaining night out after the course. Some teams plan dinners at trendy restaurants, concerts, bowling, ball games, etc. Make the events surrounding the course so much fun that your team can’t wait to take another

one. Everyone will return to the practice refreshed and ready to get the ball rolling on what they learned.

Making the most out of your continuing education through team learning

Another benefit of the team approach to continuing education is marketing. Take lots of pictures of your team learning together at these courses. Post them to your website, Facebook, Twitter, Instagram and other social media sites. Brag to your patients that your team is always on top of the latest trends in dentistry. Patients will be extremely impressed by the amount of education and training that your team has. It’s a win-win situation.

Continuing education can be costly. Make sure you get the most out of it, by ensuring that your team is educated for success!

6

Can You Pay Another Dentist As An Independent Contractor?by Attorney Brian T. Hatch • www.HatchLegalGroup.com • 508-222-6400

One of the most difficult questions many dental offices have to face is how to classify their dentists who work for them part-time, either as an employee or an independent contractor. The answer is complex, and legal counsel is definitely needed, for federal and state authorities and labor boards are very strictly enforcing the rules requiring

workers to be named as employees and receive a W-2 statement and not a 1099. At stake is whether employers have to bear the administrative burden of taking FICA taxes out of pay, and paying workers compensation and unemployment taxes and insurance.

There are twenty questions that should be answered in order to classify a worker properly. For this article, I will go over the most important points the IRS considers with regard to dentists.

The key aspect the labor board and IRS look at when deciding whether an professional such as a dentist has been properly classified is whether the owner has the “right to control” the dentist’s work.

Right to control has a number of components, most of which have to do with whether the contractor can do the work independently of the owner.

A dentist is paid in many situations on a production or collections basis, and so has an investment in the work done. Being paid on that basis rather than per diem or hourly show more independence.

Does the dentist follow the owner’s instructions and is trained by the owner dentist? The dentist should be able to work on his or her own depending on previous academic or work experience. The more direction in the workplace the more likely the dentist is an employee and not an independent contractor.

Does the dentist work at more than one location? It is for this reason that many dentists who work part-time at other offices may be considered independent enough

to classified as independent contractors. Are they so integrated into the business that the practice couldn’t function without them? Part-time dentists are often not so key to the practice that the practice could not function without them.

Do the dentists hire and pay their own assistants? The more involved the dentist is in the process of hiring the personnel who work alongside them, the more likely they exercise independence enough to be considered an independent contractor.

Does the dentist use his or her own tools and equipment? An independent contractor should bring most of the equipment he or she uses with them to the workplace, though large equipment like dental office chairs do not have to be owned by the dentist.

Must the dentist give the owner reports accounting for his or her actions? Since many of the patient files are technically the property of the treating dentist, this may allow some leeway in this area, though reports on payments or insurance should be prepared by the office staff.

Does the office have the right to determine the order in which services are performed? If the dentist confirms the time of the next visit with the patient, and the patient is going to be put on the individual dentist’s schedule for that time, it is possible that this type of scheduling may indicate less control.

Does the dentist set his or her own hours? This may be difficult to achieve, but with some mutual cooperation and dentist input into setting the work schedule and hours, the necessary independence can be shown.

The question of whether a part-time dentist must be considered an employee or independent contractor is important enough so that an attorney should be consulted to draw up an independent contractor agreement to avoid the ever increasing chances of getting audited, and paying significant penalties if the part-time dentist is misclassified.

7

by Roland Lacey, MediaRightDental.com • 781-924-1141

A Powerful and Simple Strategy for Reviews

SEPTEMBER 2015

Getting Google reviews can be difficult. This month I am going to share with you a process one of my clients and I came up with that really works to get you more positive reviews, fewer negative reviews and valuable feedback from your patients. If you care about being found when someone searches for a dentist in your area you are going to love it.

Google’s search results have changed a lot over the last several years. When someone searches for a dentist on Google the map results dominate what they see. In fact, the paid listings and the map push the natural results pretty far down the page.

So how can you increase your chances of appearing in the map – which now shows ONLY 3 results vs. the 7 they showed until recently? Google reviews is the answer. Not only does having lots of reviews on Google improve your positioning on the map but having the 5 stars and a number of reviews makes your listing stand out both to the eye and to the prospective patients confidence in choosing you.

But getting patients to leave a Google review can be difficult. Not everyone is fluent if Google after all. Here’s a way to make it easier. After a patient’s appointment with you send out an email that looks like this:

The GREEN button takes them to a page on your site that looks like this:

Each blue button links to YOUR Google or Yelp page where the Write Review button is available. Easy-peasy.Now if they hit the RED button it links to a FEEDBACK form on your site where you ask them to explain why they were less than pleased. This does 2 extremely important things. First and foremost you can reach out and try to resolve their concerns and save the relationship. Secondly, they are leaving FEEDBACK for you and NOT a NEGATIVE REVIEW online! It allows them to get it off their chest as well. Win/win/win.

There are services that will automate this whole process for you but they are not cheap. Email me if you want to learn more about that. Meanwhile share this with your webmaster and I am sure they can implement the 3 pieces (email, review page and feedback form) by looking at these examples. If you email me at roland@mediarightdental.com I will be happy to email you back a package with the HTML and images to use on your website.

As I outlined in last month’s article the Map Results underwent a significant change in August. Implementing this strategy will help you get more Google reviews and improve your chances of being “one of the three”. It will also help your overall search results and make you more inviting to the person looking for a dentist in your area.

70 Corporate Park Drive, Suite 1225-1230Pembroke, MA 02359-4953781.826.9665 • www.ACTSmartDental.com

You've got enough to do already!Relax and Put Our Team To Work!Did you know that as part of our service to our ProWatch clients (you!) is to roll out your practice management software’s updates for you?

That’s right – you don’t have to hang around and do all those tedious updates! We’ll complete them for you! We can do them during your down time or after hours – whichever works best for you!

Next time updates come your way, just give us a call and then RELAX! We’ll do the rest!

Computer Service and Support - ProWatch Pro-Active Computer Care - Onsite Computer Service/Support - Network Management/Support - Network & Server Installations - Network Security & Firewalls - Cloud Solutions and Hosted Email - Secure Remote Access / VPNsHealthcare Service Providers - Medical, Dental & Chiropractic - Software & Hardware Integration - Security Solutions (including Mass 201 CMR, HIPAA & Hi-Tech Compliance)Backup & Disaster Recovery - Business Continuity - Secure & Compliant Offsite BackupEmail & Web - Spam Filtering & Email Hosting - Email Encryption & Archiving- Hosted Microsoft Exchange & Outlook

Like us on Facebook! Facebook.com/ACTSmart

...& many more!