Recent Blog Posts

A new malware swept across the globe Tuesday, incorporating facets of many ransomwares that have made headlines recently. While it originally appeared to be a variant of the Petya ransomware, it has been determined that it shares more in common with WannaCry. However, ?NotPetya,? as it has been named, has a few additional features that experts say make it worse than either of its predecessors. Why NotPetya Isn?t Really a RansomwareThe first clue that researchers had that NotPetya had a different motivation was the fact that the ransom only demanded the Bitcoin equivalent of $300. Secondly, the only means of getting the decryption key was to send an email to an address hosted by German email provider Posteo. Despite the lack of preparation the payment method appeared to have, NotPetya itself was clearly designed to be able to infiltrate as many networks as possible and do maximum damage once inside. A Hybrid Hacking AttackSince the attack commenced, researchers have ascertained that despite its initial similarities with Petya, NotPetya shares many traits with other malicious programs. Like WannaCry, the attack that affected much of Europe, NotPetya leverages EternalBlue. EternalBlue is a National Security Agency hacking tool that targets unpatched systems and steals the passwords that allow administrator access. In addition to EternalBlue, NotPetya also utilizes EternalRomance, another code that was stolen from the NSA. Once NotPetya has infected one computer, it extracts passwords from its memory or the local filesystem to allow itself to spread–including onto updated and patched Windows 10 systems. How To Protect Your FilesFirst off, don?t expect that you can retrieve your files just by paying the ransom. Even if those responsible for NotPetya intended to keep their word and return them once paid, Posteo has shut down the provided email account victims were to receive their keys from. As a result, unless a victim was already following certain best practices, their files are as of yet unrecoverable. However, this does not mean that everyone is vulnerable to this attack. Before the EternalBlue and EternalRomance exploits were distributed on the dark web, Microsoft had already released patches for the vulnerabilities. However, if these patches were not applied, a user?s systems were (and are) still vulnerable. The best method to avoid infection from this kind of attack is to ensure your users understand the importance of cyber security efforts, and that all of your business? systems are reinforced against the latest threats by keeping your defenses up-to-date. Furthermore, even an infected user is not without hope if they have been backing up their files. If they have done so, all they have to do is disconnect their computer from the Internet, reformat their hard drive and restore their data from their backup solution. However, for this to work, you have to also be sure that your backups are up-to-date, and that your backup is stored in an isolated location, separate from your network. White Mountain IT Services has the experience and expertise to help prevent you from becoming a victim of a malware like this, whether we help you manage your backups or help educate your users to avoid attacks like these in the first place. Give us a call at (603) 889-0800 today.

Before Proceeding: We strongly advise against disabling the Windows Password Screen, under all circumstances. What may seem like an inconvenience that wastes your time, may actually prevent your personal data from falling into the wrong hands. Furthermore, an additional word of caution: this scenario works best for a personal PC that not on a network of any kind, has minimal chance of theft, and only a single user. If you try to enact the following steps on a workstation, you may find that you can?t, due to network settings. When making such major changes regarding the security of your work computer, be sure to first check with your IT administrator. We also don?t recommend doing this to a laptop you travel with. If you’re okay with the risks to your data security, here’s how to get started: Press Windows+R and then type netplwiz in the form. Then click OK. This will open the User Accounts window. Deselect the box for Users must enter a username and password to use this computer. Next, with the account selected that you wish to disable the Password Screen for, go ahead and click Apply. This will take you to a new window where you will be prompted to enter your password. Do so, enter your password a second time, then select OK, and OK again to exit the User Accounts window. By following these steps, your changes should now be applied. To find out for sure, restart your computer. Upon rebooting, you should now be taken directly to your desktop, completely bypassing the Windows Password Screen. By disabling this screen, you?ll save time from having to remember and enter your Windows password each and every time you access or restart your PC. For more PC tips and best practices, check back at our blog every week.

Seeing just how much this issue monopolizes an employee?s workday, there are many different angles you can take to tackle this problem and streamline operations. One of the biggest areas you can start with happens to also be a medium that you personally have the most control over, meetings. For starters, making meetings more efficient means thinking about how meetings are actually run. Now, you?re likely already doing this to some extent. After all, no leader just shows up to a meeting without a plan or some sort of agenda in place. Instead, we?re suggesting that there?s value in taking a step back and reevaluating the purpose of your meetings. Upon doing so, you may discover that the goal of your meetings can even be achieved in better ways than having everyone gather in one room. If this is the case, then you may be able to forgo the meeting altogether. This is a helpful exercise to go through because of how easy it is to get stuck in the rut of ?meeting for the sake of meeting.? Once you?ve made the determination that having a meeting is the best way to achieve your goal, you?re next going to want to communicate the purpose of the meeting to all who are involved. When everybody understands what the intended outcome is regarding why they?re gathered, everybody will be on the same page and wasting time by getting off topic will be minimized. As a bonus, this move will help you wrap up meetings earlier. This could even help change the way certain employees think about meetings, particularly workers that may be so tied to their schedules that they feel obligated to keep a meeting going until it?s scheduled to end–even if the goal was achieved early on. It should go without saying that ending a meeting earlier than scheduled will lead to workers being able to spend more time, you know, working. Another proactive measure you can take to streamline your meetings is to create an outline and send it to everyone at least 24 hours in advance. By doing this, participants will know what to expect and be able to provide quality input before and during the meeting. This due to the simple fact that they?ve had adequate time to run through the meeting in their head and formulate thoughtful questions and responses. As a bonus, you can send information to the participants relating to the topic at hand, and ask them to have it read before the meeting, sort of like assigning homework. This will make meetings feel less like everyone is ?shooting from the hip,? and more like all involved are contributing in meaningful ways. When the meeting ends, you can streamline the process further by getting honest feedback. By taking time to hear the participants’ thoughts on whether or not the goals were met, and what ideas they may have about improving how meetings are run, you?ll be able to tweak and enhance future meetings based on such feedback. Of course, when it comes to streamlining communications around the office, equipping your workforce with the right technology can be a tremendous help. For example, technology can serve as an aid to make meetings more efficient, like utilizing video conferencing tools so people can participate in a virtual […]

The responses we?ve seen over the years is either employers trying to curb it by supplying company devices, or nixing mobile devices altogether. Both of these options have some serious side effects that must be taken into consideration. I?ll Just Issue Business-Approved Mobile DevicesDepending on the kind of work your employees do, this might be a good perk. You can take serious considerations into the platform (iOS, Android, Windows), contract terms, and how the company will control and protect its data. You can also map out how you will separate work from personal use on the device, clearly lay out what you can do and what the employee can do, what happens if the device is lost, what happens if the employee quits, etc. The problem with this method is that it?s often seen as a quick fix. Throwing money at this problem and forcing employees to use work-issued devices won?t solve the problem of controlling data without putting together the plan. Plus, while statistics do show that employees aren?t necessarily unhappy with corporate devices, if they feel strong-armed into using a device, the staff who were using their own devices to actually work harder and more effectively might feel slighted. That said, other employees might like the idea of getting a new smartphone on the company?s dime. It?s really going to depend on your employees and company culture. I?ll Just Ban All Mobile Devices in the WorkplaceIt?s a big ultimatum: no email access, no file access, no messengers, no note-taking, no mobile devices, period. Anyone caught using a personal device will be penalized or written up. You?ll certainly protect your data this way. Chances are though, you?ll also create agita with staff who were really just trying to do their jobs better. Employees won?t think about the ramifications of lost data, they will just think their boss is making it harder for them to be effective. Fortunately, most employers haven?t resorted to this, but it still happens. Beyond just stirring up emotions, this can drastically set your company back compared to competitors that are welcoming mobility and benefiting from it. It Sounds Bad, But There are OptionsThere is a middle-ground between banning devices altogether and enforcing company-issued devices. Policies can be put in place that protects company assets like email and access to data while respecting the privacy of your employees. Employers can push policies – like enforcing users to set up passwords, patterns, or pins to log into the device, grant the ability to revoke access to email, and even wipe the device remotely if it is lost or stolen. Personal laptops can be granted company antivirus and remote monitoring, or better yet, employers can offer a VPN or hosted desktop solution so they won?t have to worry about the state of the device. The latter can also address other needs such as software licensing and accessing company data while on public Wi-Fi. White Mountain IT Services Can HelpThe best way for a business owner to handle mobile devices in the workplace is to implement a BYOD strategy–one that addresses every security risk while enhancing all the benefits of mobile technology. Every business is different, which is why it?s best to have a consultant like White Mountain IT Services work with you to develop a BYOD strategy that?s tailored to enhance your company?s goals. […]

This blog focuses on the most recent version of OneNote: 2016. Older versions might lack some of the same features, so if you are running an older version of Microsoft Office, it might be time to consider an upgrade to a more recent version. The BenefitsOneNote was designed with the intention of providing businesses with a tool to foster collaboration. You can save your Notebooks on either your local network drive or to Microsoft?s OneDrive cloud. You can then share these Notebooks with other users within your organization, allowing users to collaborate on projects and share notes through a virtual environment. OneNote might not be able to create a myriad of documents like the other Microsoft Office apps, but it can be described as the ultimate highlight reel of the other Office 365 software. You can write, build simple tables, display charts and graphs, and draw on documents. Just keep in mind that it won?t be useful enough to completely replace the features of these other Office 365 apps. Note-Taking CapabilitiesOneNote offers many features that allow you to create notes and organize information. When you create a Notebook, you can divide it into tabs, and further divide them into pages. There are even pre-made templates online that you can use. Alternatively, you can create your own template that best accommodates your specific needs. Your notes can even include more than just simple text. OneNote lets you take clips of web pages and directly insert them into your note. OneNote also allows for the pulling of text directly from images. All you have to do is right-click them, or search for the text that appears in the images. You might be surprised by how accurate this search function can be. This is very handy when taking photos of physical documents and business cards. OneNote even supports handwritten note-taking with the ability to convert it into a font-based text. It also has a great math function. This allows you to type or draw out a simple equation. It can then convert them to text and solve them. You can also format your pages to suit your specific needs. Alongside this, OneNote offers functionality that allows you to link content on one page to other OneNote locations for quick and easy access. In terms of security, notes can be assigned password protection, which means that only those who are given this privileged credential can access them. It?s clear that OneNote is great for any business environment, but how are you using it? Do you currently have OneNote installed, or are you hoping to take better advantage of it in the future? Let us know in the comments, and be sure to subscribe for more great information on SMB technology.