Recent Blog Posts

A surprising number of security issues come from inside your organization. User error on the part of the employee can present major problems for your workflow, data security, and the integrity of your business. User error could be something as simple as an employee clicking on the wrong links when they receive a suspicious email in their inbox, or if they are accessing data that they simply have no business accessing in the first place. Sometimes businesses will even completely forget to remove employee credentials when they leave a project or the company creating a breachable hole in your network. Regardless of the reason, user error can be a detrimental occurrence, and one which must be prepared for. Restrict User PermissionsYou may notice that every time you try to download an application to your computer, it requests specific permissions from the user. If it were your personal computer, you could just click OK without thinking twice. However, this isn?t your personal computer–it?s your office workstation. If you let your employees download whatever apps they want to their devices, who knows what kind of nonsense you?ll find on them? They could accidentally download malware or install something to give hackers remote access. This is why you limit what your users can do on their workstations. The only users who should have administrative access to your company?s devices are your network administrator and any IT technicians you employ, as they will be the ones primarily installing new software on your devices. Minimize Data AccessIf you give your entire staff access to every little part of your data infrastructure, they are bound to run into data that?s not meant for their eyes. For example, an employee might gain access to your business? payroll, which could cause unnecessary friction. They also might find other sensitive information that they aren?t supposed to see, like personal information or financial details. The best way to keep this from happening is to partition off your infrastructure so that employees can only access information that they need to do their jobs. Just ask your IT provider about your access control options. Remove Employee CredentialsWhat happens when an employee leaves your organization, but is still able to access their email, your network, and their workstation? You could run into an employee sabotaging your organization. This isn?t something that you want to deal with, and the easiest way to make sure it doesn?t happen is to begin the process of removing this employee from their accounts before they leave. Passwords need to be changed so that the employee cannot access your infrastructure any longer. You don?t want to delete the accounts entirely, though. You might want to check through the accounts, particularly because you might find reasons why they have chosen to leave your organization. Can your business keep itself safe from user error and other threats? White Mountain IT Services can help you keep the negative results of user error to minimum. To learn more, reach out to us at (603) 889-0800.

There are many organizations in the world that simply can?t have cybercriminals and hackers interfering with their data. One of these organizations, CERN (whose acronym translates to the European Laboratory for Particle Physics) has far too powerful of a computer grid to allow hackers to access it. To keep it safe, CERN has deployed what may be the future of cybersecurity: artificial intelligence. The use of artificial intelligence in security makes a lot of sense for a few reasons. First and foremost, it gives us a chance of keeping up with the changes that malware undergoes. To combat this, the scientists at CERN have been busy teaching their AI to identify threats on their network and to take appropriate action against them. This is no easy feat when one considers the resources that CERN requires to operate its Large Hadron Collider and Worldwide LHC Computing Grid. The LHC collects a truly vast amount of data–around 50 petabytes between the beginning of 2017 to June–and shares it across a network of 170 research facilities worldwide, also providing computing resources to these facilities as needed. This creates a unique challenge to maintaining cybersecurity–how to maintain computing power and storage capabilities while keeping the global network secured. As a result, CERN is turning to AI and machine learning to allow their security to identify between typical network activity and that of a more malicious nature. While CERN is still testing its new artificial intelligence, there are ways that businesses can leverage similar concepts to help protect their own networks. As of right now, when we say AI, we?re not talking about machines with human-like qualities you?d see in movies today. CERN isn?t going to be teaching their security AI the concept of love and friendship anytime soon. Instead, it?s actually a very simple tool you probably use every day. Take Google, for example. When you do a Google search, you are getting results that are indexed and categorized without the direct influence of a human operator. Google?s computers crawl the Internet and use machine learning and hundreds of various factors to deliver the search results most relevant to what you need based on a whole slew of conditions. The benefit of using this form of AI means results are delivered incredibly quickly, and a mind-numbing amount of data can be collated and delivered at the blink of an eye. If Google employed humans to deliver search results, the system would be flawed by human biases, the costs of employing so many people to meet demand, and it would simply be slow to get the results on-demand. AI empowering security could quickly scan for flaws on a network, run ongoing penetration tests, and constantly patch vulnerabilities. It could work day and night to improve spam and firewall capabilities. AI would have access to a lot of security resources and be able to react much faster, making it harder for hackers to overcome. Although we?re a long way out from seeing something like this fully implemented, we?re already seeing a lot of virtually intelligent systems collating and delivering data, and we can?t wait to see more? Just as long as we don?t flip the switch on Skynet. Do you think that AI is a viable resource to keep business networks secure, or is the technology […]

If you?ve watched the news lately, chances are you?ve seen the Equifax breach and the ridiculous fallout it has caused. Over 133 million personal records have been stolen. While it?s difficult not to feel individually victimized by such a breach, it?s important to remember that it?s often not your specific credentials targeted by hackers. Since businesses often hold onto valuable information, they have big crosshairs painted onto them. It doesn?t even stop there–any vendors or partners you deal with are also in danger of hacking attacks. The Equifax breach, which resulted in 143 million records being stolen, has many people concerned about their data security and data breach notification laws–and rightfully so. One of the biggest points of contention with the Equifax breach was that it took so long for them to notify the public following the incident. We?re not here to argue the ethics of Equifax?s decision to withhold information on this breach–we just want to make sure that you understand the technicalities behind why it was acceptable for them to wait before notifying their customers. State LawsAt the time of writing this, 47 of the 50 states in the United States have data breach laws, with the only holdouts being Alabama, New Mexico, and South Dakota. While Alabama and New Mexico have at least introduced bills regarding data security and notification, South Dakota has yet to do so. Another issue comes from the fact that these laws are state-exclusive with no unifying standards. Therefore, the laws could be very different from state-to-state. For example, New York?s law demands that notification of a breach should be given as soon as possible and without any unreasonable delay. Wyoming?s laws, on the other hand, require that notice of the breach be reported within a reasonable amount of time that does not exceed 45 days after the company is made aware of the breach. Florida requires notification within 30 days. These notification deadlines aren?t necessarily steadfast, either. Did you notice how each of them allows companies to delay notification if there is a valid cause? Depending on the state, there may be various reasons for delay in notification. For example, criminal investigations and national security are both perfectly valid reasons to keep a notification of a breach delayed. Federal LawsWhile there is no data breach law on the federal level, there are various industry-specific regulations. For example, there is the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA), both of which have specific data breach policies enforced by the federal government. Unfortunately, there is no federal law which spans a general data security policy, so states will be dealing with these issues in their own ways. Due to Equifax being a financial institution, it?s expected to hold fast to the standards put into place by the GLBA. Since the GLBA doesn?t have a deadline to inform affected users, Equifax technically adhered to the regulations. In the eyes of the law, they did nothing wrong–even if they should have been morally obligated to inform users as soon as possible. Even though there are different notification laws for each state, there are other aspects of data security laws that vary based on both the industry and the state vs federal level. Every state has different policies regarding who the laws […]

It?s football season once again, and this year, we want to show you how to set up Cortana to follow your favorite teams–football or otherwise. It?s actually easier than you might think! Before we begin, remember that this only works on devices that have Cortana, so it will likely need to be set up on your Windows PC. First, you?ll want to tell Cortana which teams to follow by going through Cortana?s Notebook. You can find the notebook by clicking in your Search bar at the bottom of the screen, which will open up your Cortana interface. Right underneath the Home icon in the Cortana window, you?ll see a little notebook icon that you?ll want to click on. The next step is to share your interests with Cortana so that you can use the application to track your teams. Once Cortana is set to view your interests, you can scroll down in the notebook to the subsection Sports. Under the Teams I?m Tracking section, you should select Add a team. The next step is just to search for your team and find it in the search results. On the next screen, make sure to check the buttons that display the scores and notifications on your device. Once you?re all set, click the Add button. To add more teams, just repeat the same steps. To get more value out of Cortana, you can do the same for media like television, movies, news, and so much more. Keep in mind, however, that you should use Cortana with a grain of salt–especially if you value privacy. Microsoft has been at the head of this argument for quite some time over its use of data collected via Cortana, so choosing to give up this information to the application should be a conscious decision made only after careful consideration. What are some of the teams you?d have Cortana follow? Share your thoughts in the comments below.

VoIP uses your business? Internet connection, rather than telephone lines, to transmit your voice to the recipient, and it has the potential to completely change the way your organization operates. Here are six benefits that your business can gain from VoIP. VoIP Provides a Lower Cost per CallSince VoIP uses your Internet connection–or, rather, your IP address–to send calls, you?ll get more value out of your telephone network in the long run. This is especially true for long-distance calls. As long as your bandwidth can handle the additional strain, you actually save money by implementing VoIP. VoIP Offers MobilityWhen you implemented your office telephone solution, you installed lines that run directly to specific handsets for each of your employees. This makes changing numbers or moving offices a huge pain, as you would typically need to contact the telephone company to get your services transferred elsewhere. VoIP eliminates this issue entirely and provides your business with the freedom to move things around as you see fit. VoIP Has Dynamic FeaturesYou may have all of the traditional telephone services with your landline connection, but more advanced features are likely out of reach for you. VoIP offers plenty of features, such as voicemail transferring, video chat, instant messaging, and much more, so that you can spend your time wisely during a telephone call. VoIP Includes Simple Telephony SolutionsWhile VoIP provides great additional features that you can customize as your needs see fit, you still retain access to all of the basic services that make the telephone such a great solution in the first place. You?ll still retain access to conference calling and call forwarding the same as usual, so there?s plenty of room to grow and add services as your business needs change. VoIP Offers Great Client InteractionHave you ever had the phone ring in your office, but you?re simply too busy to answer the call? Well, with VoIP, there?s no excuses. You can have the call transferred to specific phones or devices if it?s not answered within a certain number of rings. This improves your business? reputation with clients. VoIP is Reliable When You Need it MostMore than anything, VoIP can be used on multiple devices. It can be accessed through mobile devices, or on a desktop or laptop. You can even use traditional handsets if you so desire. It?s a highly customizable solution that your business can leverage to its advantage. White Mountain IT Services can equip your business with a powerful, enterprise-grade VoIP solution designed to work for your business. To learn more, reach out to us at (603) 889-0800.