Recent Blog Posts

What is Log4j? Log4j is a Java library, which may not mean much to you. All you need to know about these libraries is that they are used by programmers to develop software. If an application uses the Log4j library, it suffers from a major vulnerability that was just discovered. The problem is, this particular Java library has been used extensively over the years, which means that the vulnerability impacts most of the big names in software and the applications and cloud services they offer. Big names, like? Amazon Web Services Apple Cisco Fortinet Google IBM Microsoft  SonicWall Sophos VMware ?as well as others, large and small. Even the United States? Cybersecurity and Infrastructure Security Agency (CISA) is affected. How Vulnerable Could Log4j Leave My Business? In a word: extremely. This vulnerability is so bad, it?s been demonstrated that using a single script in some applications could give a hacker near-ubiquitous access. This vulnerability isn?t new, either? it?s been around for years, but was only recently discovered on a wide scale. As a result, more people than ever are able to take advantage of it. What to Do to Fight Back Against Log4j This is where the real challenge comes in. Naturally, if you rely on some of the systems that have been affected, there are some steps you need to take. Much of the onus falls on the developers and companies who used the Java library to go back and fix the issues. Rest assured, it is pretty much guaranteed that the list of developers we mentioned above will do something about it. Many of them already have. However, it also falls on the impacted websites and businesses to apply the patches that these developers put out. For example, let?s assume for a moment that you?re an annual user on a fantasy football website. If that website relies on technology that Log4j impacts and they don?t apply the fixes, the information you?ve provided to the website?account details, financial information, and whatever else?would be vulnerable. Again, this applies to every website, so if that website doesn?t react, your account with them could be vulnerable. How to Protect Yourself from Log4j, as an Individual and as a Business While it won?t totally solve the problem, everyone (private users and businesses alike) should take the steps to lock down their passwords. Weak passwords like ?password1? isn?t going to cut it. This involves following the basic password best practices that we always talk about, like: Using a unique password for each account and website Using a mix of alphanumeric characters and symbols Using a sufficiently complex passcode to help with memorability without shorting your security Keeping passwords to yourself Individual Users Need to Know That the Internet is Even Less Safe Don?t get us wrong? the Internet is never totally secure, but for now, the dangers are that much more severe. You need to be very discerning about who you trust with your information for the time being, as various websites and developers make the updates to their platforms that will resolve these issues. Businesses Need to Enlist the Help of a Professional  All organizations need to bring in a professional to audit all of their technology and update what can be updated to remove the influence of Log4j. Not only will this […]

Let?s go over some of the challenges your organization might face, as well as questions that must be asked if you want to optimize chances of success when implementing new hardware. Before we jump into the hardware acquisition process, we should preface this by saying what not to do when it comes to replacing technology. The biggest pitfall that so many businesses fall into with technology replacement is relying too much on break-fix IT. They only replace technology when it is so broken that it cannot be repaired, and even worse, they wait until the technology breaks before they replace it. The reason this is particularly unforgivable is due to the downtime that this approach causes. For example, if you wait for the server unit to fail before you replace it, then how are you accessing the data found on that server? If a workstation breaks beyond repair, how are you going to get work done? All of this time spent waiting around while you make a decision about replacement is wasteful and unnecessary, especially when preventative maintenance and a technology roadmap could have prevented it all. The first question that needs to be addressed is, ?Should you consider new hardware in the first place?? Oftentimes businesses find themselves upgrading needlessly just to have the most up-to-date model of something. If your current technology works perfectly fine, then there is a good chance that maybe you don?t need to upgrade immediately and can instead get by with technology that, while not the top-tier hardware, will get you through the workday without incident. When your technology starts to cause disruptions to operations, on the other hand, you will have to make a decision about an upgrade or replacement. The second question is, ?What will this hardware be used for?? For example, hooking a video editor up with a thin unit or your standard office workstation probably is not going to cut it. These types of graphic-intensive devices need to have powerful specifications so that the user can fulfill their duties. If you don?t consider what the end user will need the device to do, you are going to be setting them up for failure and establishing unrealistic expectations for them, which is never a good way to implement new technology. Third and finally, you should ask, ?What is the timeline for replacing this hardware?? By this, we are circling back to earlier in this article when we mentioned a technology roadmap. This is a policy that showcases when and how you plan to approach upgrading your organization?s technology. It might include a schedule of upgrades that happen at specific points in time so that they stay current while minimizing the chances of hardware failure. This might feel a bit like preemptively replacing technology even when it is no longer needed, but it?s different in this case, as you are actively planning for it rather than making a spur-of-the-moment purchase. Regardless of your hardware implementation strategies, you can rely on White Mountain IT Services to help steer you in the right direction. To learn more about how we can help your company adopt new hardware solutions, reach out to us at (603) 889-0800.

That?s right; some hackers have the gall to fool users into believing that their systems have been infected by ransomware. They then use the ensuing fear to their advantage in a plethora of ways. Just think about how you might react the second you see that there?s a message on your computer claiming that your device has been infected by ransomware. What would your knee-jerk reaction be? Would you panic and fall into their hands, or would you follow the established policies? It?s a tough question to answer because it is difficult to know just how we might respond in the event of a stressful situation like a ransomware attack, but the general consensus is that it?s of paramount importance to not panic and report the supposed attack to your trusted IT resource, be it someone within your organization or us, if we handle your network. The reasoning for this is simple: there is no way to know the scale or scope of the attack unless you get a professional involved, if there is even a breach at all. In some cases, hackers might use the panic and fear of a ransomware attack to scam someone out of hundreds or thousands of dollars. They might use language indicating that they must pay a ransom in advance, otherwise, their computer will be locked down in the near future. Think about it this way; let?s say you get an email saying that someone has caught you on camera doing something incriminating or embarrassing. There is an attachment to this email of a picture, but you know how these threats operate?after all, what if the picture itself is infected? Then again, what if they actually do have dirt on you in some way? In a panic and fearing the worst, you pay their fee. Then, after the fact, you get IT involved and they discover that, as expected, the picture is not even of you. Now you are both embarrassed and out of some cash. These fake ransomware attacks work in much the same way, and they are most effective when the fees are low compared to the massive price tags that some hackers are able to demand for their ransoms. Other times, hackers might send an email with an attachment for the ?decryption key,? but it?s really just a different threat that can then install on the device. In other words, these fake ransomware attacks have a solid chance of either a) Not being a threat at all or b) A different threat in disguise. Again, we want to reiterate that you should consult with a professional before jumping to conclusions, especially in the realm of ransomware and cybersecurity. If you do not have a professional to consult, White Mountain IT Services would be happy to take that place amongst your ranks. We can not only protect your business from ransomware, but also assist with responding to threats as they unfold. To learn more about our services, reach out to us at (603) 889-0800.

To begin, let?s discuss what makes it so important to establish a healthy company culture in the first place. Company Culture is Key to Your Continued Productivity The whole point behind having a healthy company culture is to help keep your employees engaged with the overall goals that the company has established, as well as to attract additional talent to the business. Interconnectivity is crucial to developing these kinds of relationships, with visibility into the progress made by the entire team. Naturally, remote work has made this kind of connection a lot more challenging to sustain. In fact, a global survey found that 51 percent of respondents had experienced a loss of connection to their company culture after the COVID-19 pandemic forced them into remote work. Out of the interactions with their coworkers, in-person collaboration, or having a definite line between work and home, these respondents actually indicated that they most miss spending time with their fellow employees. On top of this, company culture is very high on the average prospect?s list of considerations. Another study found that 57 percent of job seekers consider it equally as important as pay, while 75 percent of recruiters rank how well an applicant fits into the culture a company has established more highly than the prospect?s experience. On top of this, 73 percent of this survey?s respondents closely associated a company?s culture with its reputation as a whole. iCIMS chief people officer Jewell Parkinson credits a company?s culture for spurring on a list of common business priorities: Engagement Productivity Profitability Customer Satisfaction Customer Retention All of which would presumably suffer if there were to be any drop in culture as a result of remote work (as the first survey we mentioned suggests indeed did indeed happen for many). This means that there needs to be direct activities to remedy these impacts amongst your remote workers. Let?s go into a few such activities for your consideration: How to Keep a Remote Team Engaged See to Your Remote Workers? Needs This one may be a little boring and predictable, but it is invariably important for any business utilizing a remote workforce to see to. If your team members are able to work from home, you should be doing everything that you can to facilitate their efforts. This may range from providing them with the equipment they?ll need to do so effectively to subsidizing their Internet costs. Tying into this, your workers will also need to know what your expectations of them will be. You?ll need to have policies and expectations developed and dispersed to your team members that cover matters like: If remote workers are expected to stick to regular office hours, or if their work schedule can be more flexible. Which tools remote team members should use to collaborate with the rest of their team. Whether remote employees are able to work remotely while traveling, and how remote time-off requests are to be handled. Establish Company Culture and Create Reasons to Socialize It?s a simple equation: the less time your employees spend around one another, the fewer opportunities they?ll have to form the bonds that encourage teamwork and loyalty. For all its benefits, this is one of the biggest drawbacks that remote work brings with it. Therefore, you need to do what you can […]

ZDNet reports that, ?A hacker leaked the entirety of Twitch’s source code alongside a 128GB trove of data that included creator payouts going back to 2019, proprietary SDKs and internal AWS services used by Twitch, as well as all of the company’s internal cybersecurity red teaming tools.? Most users simply focused on the earnings of high-profile streamers, but as time has passed, more folks are looking at the event as something that can be learned from, particularly in regards to data privacy and security. Twitch?s official response was that users should protect their bank accounts and other affected credentials, resetting the stream keys that are used to connect Twitch to various streaming platforms and broadcasting systems. At this time of writing, there has been no indication that credit card information or login credentials were exposed, but when it comes to network security, one can never be too careful. This issue stems from a configuration error that left certain information exposed to the Internet. Several of these errors have popped up for various software developers, whether they are actual errors or negligence on the service side of things, and these errors have led to data breaches for other services. In any case, there isn?t much to be done besides taking the appropriate precautions yourself. The biggest issue that comes from this event is that the Twitch application?s source code was leaked online, meaning that hackers can now use this information to discover more flaws in the source code and release it online. Plus, considering that Twitch is far from the only video streaming service out there, imagine the intellectual property complications of other streaming services getting their hands on this source code. Ultimately, you must always remain vigilant; even if you do everything right, one muck-up on the service provider?s end, like a configuration issue, could spell trouble for your organization. You should only work with providers whom you know you can trust. White Mountain IT Services wants to be one such provider for your technology management needs. You can count on us to honor your security expectations. To learn more, reach out to us at (603) 889-0800.