Recent Blog Posts

Password The old standby of authentication, a well-thought-out password can be an extremely effective security measure, but a password with little effort put into it can just as easily be a considerable security risk. Despite this, a password (or its cousin, the passphrase) can be the strongest security measure available for your mobile device. However, there is one major shortcoming to the password, in that it very quickly becomes tedious and inconvenient to enter each time your phone needs to be accessed. Pattern Lock Another option that many elect to use is the pattern lock, which allows the phone to be accessed only when the correct pattern is traced out on a three-by-three square. This natural and intuitive lock becomes a very quick way to access a phone once the user becomes accustomed to it, and if all nine dots are used in the pattern, provides close to 400,000 possible access codes. Unfortunately, the pattern lock falls short in a few ways. First, many people elect to use shapes that are easily guessed out of simplicity and convenience, and it is fairly simple for someone to simply watch one?s hand to ascertain the pattern they?re using. PIN Number Like a password, a PIN number is a relatively strong form of authentication, as the typical 4-digit option has over 10 thousand potential combinations. While this would admittedly be very difficult to remember, an Android device can be secured by a 16-digit PIN, boosting the number of potential codes to 10 quadrillion. However, there is a shortcoming to the PIN number, as many people may succumb to the temptation of, again, making an oversimplified PIN number that could potentially be guessed quite easily. Fingerprint Scanner This unlock method has quickly become the preferred method to access a mobile device, and for good reason: not only is it secure enough to be trustworthy, it?s also quite fast. However, even this method has its weaknesses. For instance, the fingerprint scanner itself isn?t always positioned in the most convenient place on the phone itself. Furthermore, gloves make this method impossible to use. Facial Recognition/Iris Scanning/Intelligent Scan The way things are going, it is likely that this will soon become the preferred method of authenticating your identity to access a phone. However, in their current states, these methods just aren?t quite secure enough to safely authenticate things like purchases and other financial tasks with 100 percent confidence, although things are getting better as far as that goes. Smart Lock – Other Security Measures Many phones now also offer security features that rely on alternative forms of authentication. On-body detection keeps the device unlocked whenever it is being carried – regardless of who is carrying it. You can also teach a device to ?trust? certain places, devices, and faces. Another option is to use the Google Assistant to unlock your phone by saying ?Okay Google.? However, these features don?t serve your security very well, and are primarily for the sake of convenience. So Which is Best? The generally accepted school of thought is that, until face and iris scanning is more widely available and some of the wrinkles are ironed out, a fingerprint scan with a PIN or password backup is the safest route to take. Regardless, any form of authentication measure is better than nothing, so […]

You might be wondering how it?s even possible that Google?s quality control manages to miss so many of these apps. Here?s how. How These Apps Make it to the Play Store It?s clear that Google understands just how important security is, so it?s a bit concerning that malware can find its way to the Play Store. Still, this doesn?t mean that it?s easy for threats to do so, as hackers still have to meet Google?s standards in order to post their content on it. Malware developers, however, have found ways to sneak their apps past the automated security that Google implements. They do this by uploading an app that initially has no malicious intent, and can therefore circumvent the security of the Play Store. Once the app has been downloaded, it reaches out to a third-party server that then proceeds to install malware directly to the device. This is the process that many malicious applications use to sneak past Google?s security. How to Spot the Fakes Google has taken a stand against malicious and fraudulent apps on the Play Store, but measures like Google Play Protect aren?t nearly enough. Vigilance is one of the best ways to keep your business secure from fake apps. If you ever find yourself needing to install an app in the future, be sure to check this list to make sure that the app is actually legitimate first. Name, description, and other details: The first sign that an app isn?t legitimate will be its name or description. Malicious applications have traditionally tried to replicate original applications as often as they can, laughing in the face of Google Play?s impersonation policy. Sometimes these apps aren?t caught and pulled immediately, so you have to be extra careful to read the description. Often times, impersonated apps will have descriptions written in broken English. This is why the description is the best indicator that an application is legitimate. Check the reviews: The Google Play Store lets users leave reviews, and you can use these reviews as a way to identify dangerous applications. However, a fake application could also be subject to fake reviews, which might make it difficult to identify the good from the bad. Either way, any negative reviews might give you the chance to reconsider your choice to download the app anyway, so if it?s a bad apple in the barrel, you?ll be saving yourself some stress anyway./ The Developer: Is the app really from the developer that it claims to be from? If it?s a well-known application, you should be able to tell who developed it, but you might need to put on the brakes and take a closer look before downloading a business application. If it?s from an unknown developer with no history, think twice before downloading it. Number of downloads: How popular is the app that you want to download? If it?s been downloaded billions of times, it?s probably more legitimate than one with hundreds, thousands, or even millions of downloads. How many fake apps have you come across on Google Play or the Amazon App Store? Let us know in the comments, and be sure to subscribe for more technology tips and tricks.

In short, it amounts to being as vigilant as you can be. You should always be looking for reasons not to click on links in your emails if you can help it, as it?s better to err on the side of caution than risk suffering from a data breach or malware infection. Here are three warning signs to look for in a potentially malicious email attack. Spelling and Grammar Errors The first warning sign of a fraudulent email is that it?s filled with all sorts of spelling and grammar errors. Professional messages sent from reputable sources will likely have passable grammar, but if it?s incoherent and difficult to understand, chances are that the message is risky at best–especially if it contains links. There are always exceptions to this rule, however. Phishing emails are often so discreet that it can be difficult to identify them through this method. Therefore, you?ll have to keep other information in mind when clicking on any links. Links Leading to Obscure Targets Sometimes you?ll get an email and you won?t be sure if it?s fraudulent or legitimate. In cases like this, it?s always best to approach the link carefully by making sure that the link leads to where it claims to. You can do this easily enough by simply hovering over the link with your mouse without clicking on it. You?ll see the linked URL right in a little bar at the bottom of your browser showcasing the link target. If it?s not something that it should be linking to, stay away from it. Messages from Unknown Senders Another major red flag that gives away the nature of a message (and its links) is who is the actual sender. If it?s from someone who you don?t recognize or someone who you don?t think should be reaching out to you, immediately reconsider clicking on any links or messages found in it. Even if the sender is known to you, but the message is suspicious, you can see if the email address matches anything that you have on record for that user. If it doesn?t, you know that you can?t trust whoever sent the message to you. In a worst-case scenario, you could be looking at a phishing or whaling scam, in which case you want to notify your IT department immediately so that proper measures can be taken. The good news about suspicious or fraudulent emails is that you can keep the majority out of your inbox with an enterprise-level spam filter. The bad news is that even this sometimes isn?t enough for more dangerous threats. As we said before, the best security measure you can implement is good old-fashioned caution. If you teach your employees how to effectively identify threats, they will be more likely to avoid them; or, better yet, they?ll report them to IT for proper analysis. To learn more about security tools and training, reach out to White Mountain IT Services at (603) 889-0800.

Why You Want to Keep Your Technology Clean, Inside and Out If your business is like most, you rely on technology to help manage things. While your particular operations may use different solutions than one in another industry will, your technology is an essential piece of your business. Therefore, you need to make sure that it can meet two criteria. First, it needs to remain in proper working order, and secondly, it needs to be organized so that the resources you rely on it for are easy to access and utilize. In order for these criteria to be met, your office technology needs some attention to both its physical components, and the information those components give you the ability to store, access, and edit. Furthermore, an unkempt technology strategy can have some detrimental effects to your overall productivity and even your general success as a business. Benefits of Digital Office Organization First, consider the state of your digital file storage. Is it organized properly, with documents and resources saved in the correct folders, with proper labelling and an intuitive, hierarchical system? If not, it will do you quite a bit of good to take the time and organize these files so that they can be found for reference more easily in the future. This is because this organization will enable you and your employees to find the things you need more easily, which means you and your employees will therefore be able to find them more quickly. This creates time savings that, while apparently insignificant when considered individually, can add up to be fairly significant after all. Secondly, taking the time to establish a filing system will also give you the opportunity to audit your old materials as you organize them into it. Perhaps some of them are due to be revisited and updated, and others are outdated to the point where they can be archived away or deleted safely. Going through your materials and making this call can easily save you some headaches in the future, and help build beneficial habits for the future. If part of your clutter problem is due to your reliance on physical files that are stored in bulky filing cabinets around the office, you might consider adopting a digital file storage solution and starting off with this hierarchical system in place. Not only does this make sense from a financial standpoint (fewer paper files means less paper and ink to buy), it is also environmentally responsible and allows you greater control over who in your organization has access to particular files. Organizing Your Inbox We?ve all learned the hard way how easy it is for a mess to pile up, and few places make that piling up more visible than your email inbox. While you know that there are certainly important messages mixed and buried in there, there?s also going to be plenty of conversations that you were privy to, but not really involved in, or situations that have long since been resolved and no longer require your attention. However, while these messages may not currently seem important, there is always a chance that they will be at some point in the future. It is better to take messages like these and, similarly to your business data and files, create a filing system to […]

The Internet is notorious for being a minefield of threats, many of which lurk hidden behind innocent-looking links. In order to go about business safely, you need to be able to identify which links you can click; and, which should be skipped. Unfortunately, spotting fraudulent links isn?t an exact science, but there are ways to become proficient at the art of it. Trust No One… …or at least, trust no one?s links. It is exceptionally common for malicious links to be shared through emails or social media messages. In your email client, an easy check is to select the option to view the full header of the message. This will allow you to view the sender?s full email address, as well as the reply-to address, enabling you to judge if the sender is legitimate. If it just so happens that one of your regular contacts has sent you a link without any context, it is better to reach out to them through some other means to confirm that they did, in fact, send you the mysterious link. Similar actions can take place over social media accounts. Less security-savvy contacts can easily have their accounts hijacked to spread a malicious link, and so you should always be careful of messages that come without warning — even if you know and trust the apparent source. Sometimes, an attacker will create a clone of someone?s social media account to try and trick their target into accepting friendship. While this may seem initially harmless, keep in mind that the person behind the account now has access to a running record of your activities. Further Defenses It is also important to remember that the attackers that use these messages are becoming much more convincing. Many of these phishing attempts will draw upon data stolen from other breaches or drawn from any online accounts to make their attempts more convincing. Your best defense against links like these is to hover your cursor over the questionable content to see if the link matches what it should. In addition to these practices, you should also keep an eye out for egregious misspellings in the surrounding message, as these are an excellent sign of a malicious attack. Google Makes Its Move Google has adopted a policy of flagging any website that doesn?t have a Secure Sockets Layer, or SSL, certificate. This means that, in order to avoid your website displaying with a prominent ?Not Secure? in the address bar, you need to obtain a certificate as quickly as possible. Not only will this encourage a sense of trust from your web visitors, it will encrypt their sensitive information and keep them safe from cybercriminals. Now that you know how to identify malicious links like these, you should call White Mountain IT Services so that we can stop as many as we can. Call (603) 889-0800 for more information.