Recent Blog Posts

You should work toward centralization of your company?s IT assets as swiftly as possible, as it can provide your organization with enhanced accessibility and flexibility. If your business? assets are all located in the same place, you might be surprised at how many possibilities are opened up, including the ability to access data anytime, anywhere, on any device. Most businesses think of centralization as hosting company assets in one location where they can be accessed at any given point. For a lot of companies, this means implementing cloud computing of some sort. This includes taking your assets and moving them into a virtual environment, where they can be accessed by anyone who needs them. Examples of cloud computing include the following: Constant accessibility: If you host applications in the cloud, you?re allowing for simplified access by approved individuals. This also means that you?ll be able to access these solutions on any connected device, providing on-the-go access for your busier employees. User-based access: Your employees have different roles and responsibilities, and with these come varying degrees of data security clearance. You need to limit access to specific data depending on the user?s role. This keeps your employees from accessing data that they?re not supposed to. Security: If all of your data is located in the same place, it becomes easier to protect. This security also needs to extend to any devices that have access to this data. If you can control security, your business can utilize centralized IT assets with minimal risk. If your business wants to take full advantage of centralized IT, we recommend reaching out to White Mountain IT Services at (603) 889-0800. We can consult you on any number of technology topics and help you maintain your infrastructure.

The basic gist of this law is that U.S. officials and others involved with them could potentially obtain digital information that isn?t hosted on their home turf. This law garnered overwhelming support from both the U.S. Department of Justice and major technology companies, prompting Congress to push it through. What Does This Mean? At a glance, this law represents a significant loss for the individual. It?s now easier than ever before to conduct criminal and civil investigations. Part of this law also allows for access to personal information and communication as well. Prior to the passing of this law, foreign governments would have to go through the proper channels in order to access information from U.S.-based technology companies. Naturally, these companies wouldn?t necessarily consent so easily. Due to the multitude of nations that the United States deals with on a regular basis, before submitting to a request for information from a foreign entity, there would be much thought put into factors such as records of human rights abuses and other pressures placed on the company to make the decision. As a member of the Mutual Legal Assistance Treaty, or MLAT, the United States is hesitant to provide any information that could place human lives at risk, but the CLOUD Act can potentially shake these responsibilities up. In the wake of this new law, the executive branch of the United States government will be able to control who this information is shared with, as well as who it?s not shared with. At the helm of such decisions are U.S. President Donald Trump and Attorney General Jeff Sessions. Data can now effectively be used as bargaining chips by the executive branch. Consequently, there has been a lot of power placed in the hands of appointees that haven?t necessarily been directly elected to positions of authority. The United States and other law enforcement agencies around the globe will have powerful new ways to seize data for any express purpose. Therefore, the average user?s private messages via email or social media can now be confiscated and looked upon without a search warrant. This puts the personal information of so many users right in the crosshairs of people who now have a legal right to view it. Below is a short explanation for what changes the CLOUD Act will bring about: Enable foreign police to collect and wiretap people?s interpersonal communications without obtaining a warrant to do so. Allows foreign nations to demand records saved and stored by American companies. Allows the U.S. President to enter ?executive agreements? designed to help foreign police agencies obtain data regardless of that regime?s human rights record. Allows foreign police to obtain and collect data without notifying the party. Gives U.S. police the right to grab data anyplace, no matter where it is stored. The Electronic Frontier Foundation has been a particular opponent of this new law. They issued a public statement that decreed it a ?dangerous expansion of police snooping? and that it would ?erode privacy protections around the globe.? They go on to state: ?Legislation to protect the privacy of technology users from government snooping has long been overdue in the United States, but the CLOUD Act does the opposite, and privileges law enforcement at the expense of the people?s privacy. EFF strongly opposes the bill.? Clearly […]

Password The old standby of authentication, a well-thought-out password can be an extremely effective security measure, but a password with little effort put into it can just as easily be a considerable security risk. Despite this, a password (or its cousin, the passphrase) can be the strongest security measure available for your mobile device. However, there is one major shortcoming to the password, in that it very quickly becomes tedious and inconvenient to enter each time your phone needs to be accessed. Pattern Lock Another option that many elect to use is the pattern lock, which allows the phone to be accessed only when the correct pattern is traced out on a three-by-three square. This natural and intuitive lock becomes a very quick way to access a phone once the user becomes accustomed to it, and if all nine dots are used in the pattern, provides close to 400,000 possible access codes. Unfortunately, the pattern lock falls short in a few ways. First, many people elect to use shapes that are easily guessed out of simplicity and convenience, and it is fairly simple for someone to simply watch one?s hand to ascertain the pattern they?re using. PIN Number Like a password, a PIN number is a relatively strong form of authentication, as the typical 4-digit option has over 10 thousand potential combinations. While this would admittedly be very difficult to remember, an Android device can be secured by a 16-digit PIN, boosting the number of potential codes to 10 quadrillion. However, there is a shortcoming to the PIN number, as many people may succumb to the temptation of, again, making an oversimplified PIN number that could potentially be guessed quite easily. Fingerprint Scanner This unlock method has quickly become the preferred method to access a mobile device, and for good reason: not only is it secure enough to be trustworthy, it?s also quite fast. However, even this method has its weaknesses. For instance, the fingerprint scanner itself isn?t always positioned in the most convenient place on the phone itself. Furthermore, gloves make this method impossible to use. Facial Recognition/Iris Scanning/Intelligent Scan The way things are going, it is likely that this will soon become the preferred method of authenticating your identity to access a phone. However, in their current states, these methods just aren?t quite secure enough to safely authenticate things like purchases and other financial tasks with 100 percent confidence, although things are getting better as far as that goes. Smart Lock – Other Security Measures Many phones now also offer security features that rely on alternative forms of authentication. On-body detection keeps the device unlocked whenever it is being carried – regardless of who is carrying it. You can also teach a device to ?trust? certain places, devices, and faces. Another option is to use the Google Assistant to unlock your phone by saying ?Okay Google.? However, these features don?t serve your security very well, and are primarily for the sake of convenience. So Which is Best? The generally accepted school of thought is that, until face and iris scanning is more widely available and some of the wrinkles are ironed out, a fingerprint scan with a PIN or password backup is the safest route to take. Regardless, any form of authentication measure is better than nothing, so […]

You might be wondering how it?s even possible that Google?s quality control manages to miss so many of these apps. Here?s how. How These Apps Make it to the Play Store It?s clear that Google understands just how important security is, so it?s a bit concerning that malware can find its way to the Play Store. Still, this doesn?t mean that it?s easy for threats to do so, as hackers still have to meet Google?s standards in order to post their content on it. Malware developers, however, have found ways to sneak their apps past the automated security that Google implements. They do this by uploading an app that initially has no malicious intent, and can therefore circumvent the security of the Play Store. Once the app has been downloaded, it reaches out to a third-party server that then proceeds to install malware directly to the device. This is the process that many malicious applications use to sneak past Google?s security. How to Spot the Fakes Google has taken a stand against malicious and fraudulent apps on the Play Store, but measures like Google Play Protect aren?t nearly enough. Vigilance is one of the best ways to keep your business secure from fake apps. If you ever find yourself needing to install an app in the future, be sure to check this list to make sure that the app is actually legitimate first. Name, description, and other details: The first sign that an app isn?t legitimate will be its name or description. Malicious applications have traditionally tried to replicate original applications as often as they can, laughing in the face of Google Play?s impersonation policy. Sometimes these apps aren?t caught and pulled immediately, so you have to be extra careful to read the description. Often times, impersonated apps will have descriptions written in broken English. This is why the description is the best indicator that an application is legitimate. Check the reviews: The Google Play Store lets users leave reviews, and you can use these reviews as a way to identify dangerous applications. However, a fake application could also be subject to fake reviews, which might make it difficult to identify the good from the bad. Either way, any negative reviews might give you the chance to reconsider your choice to download the app anyway, so if it?s a bad apple in the barrel, you?ll be saving yourself some stress anyway./ The Developer: Is the app really from the developer that it claims to be from? If it?s a well-known application, you should be able to tell who developed it, but you might need to put on the brakes and take a closer look before downloading a business application. If it?s from an unknown developer with no history, think twice before downloading it. Number of downloads: How popular is the app that you want to download? If it?s been downloaded billions of times, it?s probably more legitimate than one with hundreds, thousands, or even millions of downloads. How many fake apps have you come across on Google Play or the Amazon App Store? Let us know in the comments, and be sure to subscribe for more technology tips and tricks.

In short, it amounts to being as vigilant as you can be. You should always be looking for reasons not to click on links in your emails if you can help it, as it?s better to err on the side of caution than risk suffering from a data breach or malware infection. Here are three warning signs to look for in a potentially malicious email attack. Spelling and Grammar Errors The first warning sign of a fraudulent email is that it?s filled with all sorts of spelling and grammar errors. Professional messages sent from reputable sources will likely have passable grammar, but if it?s incoherent and difficult to understand, chances are that the message is risky at best–especially if it contains links. There are always exceptions to this rule, however. Phishing emails are often so discreet that it can be difficult to identify them through this method. Therefore, you?ll have to keep other information in mind when clicking on any links. Links Leading to Obscure Targets Sometimes you?ll get an email and you won?t be sure if it?s fraudulent or legitimate. In cases like this, it?s always best to approach the link carefully by making sure that the link leads to where it claims to. You can do this easily enough by simply hovering over the link with your mouse without clicking on it. You?ll see the linked URL right in a little bar at the bottom of your browser showcasing the link target. If it?s not something that it should be linking to, stay away from it. Messages from Unknown Senders Another major red flag that gives away the nature of a message (and its links) is who is the actual sender. If it?s from someone who you don?t recognize or someone who you don?t think should be reaching out to you, immediately reconsider clicking on any links or messages found in it. Even if the sender is known to you, but the message is suspicious, you can see if the email address matches anything that you have on record for that user. If it doesn?t, you know that you can?t trust whoever sent the message to you. In a worst-case scenario, you could be looking at a phishing or whaling scam, in which case you want to notify your IT department immediately so that proper measures can be taken. The good news about suspicious or fraudulent emails is that you can keep the majority out of your inbox with an enterprise-level spam filter. The bad news is that even this sometimes isn?t enough for more dangerous threats. As we said before, the best security measure you can implement is good old-fashioned caution. If you teach your employees how to effectively identify threats, they will be more likely to avoid them; or, better yet, they?ll report them to IT for proper analysis. To learn more about security tools and training, reach out to White Mountain IT Services at (603) 889-0800.