Recent Blog Posts

The modern work environment is a scary place, and you never know when someone is looking. Hackers have used spyware for ages to lurk on a device and collect data for various purposes, but the threat needs to be directly installed on the device in order for this to work. It doesn?t work when the data is most vulnerable–while it?s in transit. This is the issue that created the need for a virtual private network. A virtual private network is an encrypted network that gives you a secure way of connecting to your organization?s in-house infrastructure. In this case, the encryption protects your data by scrambling it into an undecipherable mess of characters while it?s in transit. The only way that anyone can unscramble the data is by having the decryption key that goes with the encrypted message. In essence, only those authorized by your organization can make heads or tails of the data. Otherwise, it?s just a jumble of something useless to hackers. This is why a virtual private network is so important to the security of your business. Often times data can be intercepted while it?s in transit to or from a device, placing it at risk. With the VPN, the tunnel between your infrastructure and the receiving device is a bit more opaque, meaning that it?s not as easy to see the true data, as it will be obscured and unreadable should it be stolen by anyone who doesn?t have the encryption key. VPNs are useful for any business correspondence where sensitive or proprietary information is sent over an unsecured Internet connection. This provides the security needed to send files and data when being asked to connect to wireless or other Internet connections that may be risky. White Mountain IT Services can help you implement the right VPN for your business. To learn more, reach out to us at (603) 889-0800.

Defining Disasters Any business, particularly those that are reliant on their technology solutions, are susceptible to a variety of disasters. These disasters can be split into three categories: natural disasters, technological disasters, and human disasters. Natural Disasters – With effectively every environment on the planet having one form of extreme weather or another, these events are always a risk for a business. Whether a business needs to contend with flooding, severe storms, earthquakes, or any other extreme environmental event, these kinds of disasters can have very real business ramifications if not mitigated. Technological Disasters – While there are some ways to reduce the risk of a technological disaster striking your business, like maintaining your hardware to ensure it doesn?t fail or keeping your critical applications up to date, others are unfortunately out of your control. For instance, if your power goes out, it?s unlikely that operations can continue, and any unsaved data from before your systems died will be lost. What if your suppliers make a mistake, and leave you without a critical component to your processes? These kinds of events can easily suspend operations. Human Disaster – Unfortunately, one of the key components of your company is also the thing that can cause the widest variety of issues in your operations. From workplace accidents to human error to issues with former employees, your business is arguably most vulnerable from the inside. Of course, there are some disasters that can arise from typical events going awry? What happens when one of your key employees needs to go on an extended leave of absence? Which Risks Concern You? Each of these can have serious consequences to your business, its processes, and ultimately, its success. However, your level of risk for each will vary. This means that the first consideration you make is which events will have the greatest impact on your operations. Once you?ve established this, you are ready to tackle the rest of your plan with your priorities more effectively planned out. What Your Strategy Should Cover As you prepare your business for a potential disaster in the future, you need to focus your efforts toward accomplishing three benchmark goals: Protecting your employees and infrastructure Preserving your data and proprietary information Permitting operations to be resumed quickly (if not maintaining business continuity through the disaster) With these goals in mind, you need to take everything in your business into account before you run into an issue, putting measures into effect proactively. This means your backup plan needs to address how your data backups are to be managed and maintained, that your backup will remain operational throughout the disaster, and any processes that your business will need to replace resources after the disaster has ended. Preparing the Business as a Whole You should also be sure to keep the entire team in the loop as far as backup procedures are concerned, as well as what to do in case of disaster. Not only is there a chance that one of them may have to enact it, new employees are going to need someone to introduce them to your business? processes. Furthermore, as your business continues to develop over time, you should regularly return to your backups and reevaluate the data you?re protecting, and how it ties into your greater business continuity […]

From Apple?s Siri, to the Google Assistant, to Microsoft?s Cortana, to Amazon?s Alexa, these voice-activated solutions have appeared in our computers, our mobile devices, and in stand-alone devices. As they have become more commonplace, they have grown in capabilities. Many of these capabilities are admittedly well-suited for the workplace – but the always-on microphones that these devices rely on to function make many pauses. After all, there?s the potential for sensitive data to be sent along to a third party if it is merely spoken aloud in this device?s presence. This has created a quandary for those wishing to leverage these devices – do the benefits outweigh the potential risks of such an implementation? Here, we?ve assembled a few considerations that should help make these risks less of a factor. Just Another Internet of Things Device The risks inherent in Internet of Things devices have been clearly documented. One notable example was the Mirai botnet, which enslaved IoT devices to power its attacks. Furthermore, it seems to be easy to forget that these virtual assistants are simply another Internet-connected device. However, if you keep that in mind, you may find it much simpler to outline policies for these devices that can help to reduce your potential security risk. For instance, if there is a location in your office where sensitive information is spoken aloud, a virtual assistant shouldn?t be placed there. Furthermore, you don?t want to put your business? network at risk, so it would make more sense to establish a secondary wireless network for these devices to use. That way, even if these devices are infiltrated, the rest of your network isn?t made vulnerable as a result. Whose Devices are They? Data privacy and ownership is a big deal in business, which could potentially complicate our issue further. Let?s say an employee were to bring in their own virtual assistant. While this may reduce the business? capital investment into the use of a virtual assistant, there are a lot of concerns regarding security and privacy. How can you enforce data privacy if the data is being accessed by a device that you can?t control? Policies Are Your Greatest Asset In order to keep your business safe, while still embracing the benefits that virtual assistants can bring to the workplace, you need to set firm controls on how they can be used. There should be the assumption that one of these devices can always be listening, leading to a policy of keeping these assistants out of areas where sensitive information is regularly discussed. This awareness should also spread over to your other devices. There are already plenty of microphones and potential vulnerabilities in the office. Phones can have their firmware hacked, and laptops can have monitoring software installed without your knowledge. White Mountain IT Services can help you be sure that your business remains secure against a variety of threats while still enjoying the use of different technologies. Call us at (603) 889-0800 to learn more.

The Everyday SituationSmall businesses sometimes have issues working within their constraints. More often than not, budgeting issues mean that a dedicated in-house IT department is nothing but a pipe dream. Instead, they rely on employees doing more than they are trained to do. This means that many IT-related tasks may be done incorrectly, leading to more issues than would otherwise be present. Alternatively, small organizations that do have an in-house IT department likely generate a lot of duties that fall into that department?s purview. Countless little tasks can pile up and get in the way of critically important responsibilities, like patching and network maintenance. How the Right Tools Can HelpMany automated management solutions are seen as most effective because their processes can be done remotely, meaning that technicians don?t have to be on-site to make sure the work gets done properly. Whether it?s scheduling updates or automating processes, these solutions can be deployed so that minimal involvement is needed on your end. With these tools, you can also identify suspicious activity on your network. This is especially helpful to detect logins in remote locations to ensure that they aren?t coming from, say, halfway across the world. You can be alerted if someone accesses your network from a suspicious IP address. To learn more about how a we can deploy such a solution to help your business, reach out to White Mountain IT Services at (603) 889-0800.

Endpoint SecurityCybersecurity is the management of the security protocols of your organization?s computing endpoints. Since the endpoints are the ones that touch the Internet, keeping these machines clear from threats is extremely important. That is why when you talk about cybersecurity, you have to talk about the ability to sufficiently train your staff with the knowledge they can use to ensure they aren?t the ones giving hackers and other malcontents an avenue to infect your business? network and central infrastructure with malware, spyware, or any other software that isn?t supposed to be there. The first thing you?ll have to understand in order to successfully secure your business? computing environments are that upwards of 94 percent of cyberattacks that affect business computing environments are made possible by the people that work for the company–trained or not–that do the wrong thing. It is astonishing that nearly all cyberattacks that have short and long-term effects on an organization’s ability to conduct business are completely avoidable. With this knowledge in hand, it?s up to an organization and their IT administrator to put together a strategy to take their organization?s security seriously. Strategy #1: Network-Attached SoftwareFor the company looking to secure their network, the first place they should start is to put together the resources that are needed to insulate their data, network, and infrastructure from the harmful elements found on the Internet. Software solutions like monitoring, a firewall, a spam filter, an antivirus, antispyware, an access control system, an intrusion detection system, virtual private networks, and a content filter all present value for keeping your IT secure. Strategy #2: TrainingThis goes without saying, but if your people are sufficiently trained to be skeptical about where digital correspondence originates, your business? chances of keeping unwanted code and users off of your network gets expeditiously better. How do you go about this? It?s pretty simple. First you should start with their email training. This is where most of the problems originate, after all. Here is the strategy you should use: Promote awareness of phishing, social engineering, and cybersecurity. Continually test your staff to determine which users are susceptible to phishing. Re-train deficient employees and frequently test all staff. These actions may seem like common sense, but you would be surprised how many organizations will ignore that their employees are the number one reason why they may deal with a major data loss disaster resulting from malware or a network breach. Strategy #3: Don?t Forget About MobileMobility is more important for businesses today that ever before. As a result, more data is being shared between people using mobile devices. Every phone, every smartwatch, every tablet, is a potential endpoint, and needs to fit under the organization?s network security umbrella in order to be effective at securing these endpoints, and thus your central infrastructure, from threats. Strategy #4: Testing and LogsOnce you?ve got all the software, solutions, and other strategies in place it is important to test all of your network security platforms. This means testing your network devices, your servers, your DNS, and all other platforms for potential or active vulnerabilities and threats. The first set of tests should be aimed at your internet-facing systems. These include firewalls, web servers, routers, switches, and mobile platforms. If these come back clean (they likely won?t), you want to make […]