We?ve put together a list of easy ways that you can mitigate the risks associated with oversharing your personal information on the Internet: Mind what you post: You need to understand that there is some information that?s not supposed to be shared on the Internet. A fairly obvious example of this is personal information like Social Security numbers; if someone shared their Social Security number online, and a fraudster got ahold of it, they could easily steal the identity and perform who knows what with it. Other information that shouldn?t be shared includes birthdays, home addresses, phone numbers, and so on. Even something as simple as your dog?s name could be used to crack a potential security question for an online banking account. Basically, you should keep your personal life off the Internet; otherwise, you?re inviting disaster. Side note: You may trust your privacy settings and your contacts, but you should still be conservative about posting your agenda and your physical address online. Never announce when your home will be empty on social media. Doing so could lead to uninvited guests while you?re vacationing in Tahiti. Limit your employment details: Sites like LinkedIn can help you work on your professional networking, but they also provide identity thieves with a treasure trove of personal information. Unless you?re actively seeking employment, it?s a good idea to include only information that?s absolutely necessary. It should be just enough to get people to view your profile, and information on how they can get in touch with you. Take advantage of privacy settings to maximize your personal security. Perform an online audit: The Internet is a huge place. Your information could be, quite literally, in a thousand different locations. Friends and contacts of yours could post information about where you are and what you?re doing. Plus, information could exist outside the realm of your social media accounts, lingering in online databases, waiting to be picked up by hackers or other thieves. Perform a social media audit: This is often called a ?friend purge,? where you go through your social media contacts and remove those whom you have fallen out of contact with, or those who you simply don?t know. Ask yourself if you would let your social media contacts into your home, or share intimate details about your life with them. Chances are that the majority of them don?t need access to your full account and information. Social media can be a great way to connect with people, but you need to take your personal security into your own hands. If you don?t, who will? For more information about how to stay safe online, keep tabs on our blog; or, call White Mountain IT Services at (603) 889-0800.
Microsoft has a certain way of handling support for their software. For five years following the release of a software or operating system, Microsoft provides what?s known as ?mainstream support,? where they accept requests for new features and fixes for key issues. After mainstream support ends, the product enters an ?extended support,? period, where all warranties end, and the only thing provided to the solutions are key security fixes. Once extended support ends, a product reaches its ?end of life,? where Microsoft cuts off support completely. This also means that your systems will no longer be patched for critical security flaws. Below, we?ve listed all of the Microsoft products that will be reaching their end of support date on July 10th and July 12th, 2016. If your organization is still taking advantage of any of these solutions, it?s important that you consider upgrading to a more recent version of the software, or to an entirely different solution. Failing to do so will place your important business systems at risk. Service Packs Reaching End of Support Microsoft Dynamics CRM 2013 Microsoft Dynamics SL 2011 Service Pack 2 Microsoft SQL Server 2014 Business Intelligence Microsoft SQL Server 2014 Developer Microsoft SQL Server 2014 Enterprise Microsoft SQL Server 2014 Enterprise Core Microsoft SQL Server 2014 Express Microsoft SQL Server 2014 Standard Microsoft SQL Server 2014 Web Microsoft System Center 2012 Configuration Manager Service Pack 1 Microsoft System Center 2012 Endpoint Protection Service Pack 1 Microsoft System Center 2012 R2 Configuration Manager Microsoft System Center 2012 R2 Endpoint Protection Microsoft System Center 2012 R2 Endpoint Protection for Linux Microsoft System Center 2012 R2 Endpoint Protection for Mac Products Moving from Mainstream to Extended SupportProducts marked with * expire on July 10th, 2016, rather than July 12th, 2016. * Microsoft Dynamics Retail Management System Headquarters 2.0 * Microsoft Dynamics Retail Management System Store Operations 2.0 Microsoft Project Server 2010 Microsoft Dynamics SL 2011 Microsoft SQL Server Compact 4.0 Windows MultiPoint Server 2011 Premium Windows MultiPoint Server 2011 Standard Products Moving to End of Support Microsoft ActiveSync 4.2 Microsoft BizTalk Server 2006 Developer Edition Microsoft BizTalk Server 2006 Enterprise Edition Microsoft BizTalk Server 2006 R2 Branch Edition Microsoft BizTalk Server 2006 R2 Developer Edition Microsoft BizTalk Server 2006 R2 Enterprise Edition Microsoft BizTalk Server 2006 R2 Standard Edition Microsoft BizTalk Server 2006 Standard Edition Microsoft Commerce Server 2007 Developer Edition Microsoft Commerce Server 2007 Enterprise Edition Microsoft Commerce Server 2007 Standard Edition Microsoft Connected Services Framework Billing Standard Business Event 3.0 Microsoft Connected Services Framework Order Handling Standard Business Event 3.0 Microsoft Connected Services Framework Server 3.0 Microsoft Connected Services Framework Standard Server 3.0 Microsoft Connected Services Framework Standard Server with Standard Business Events 3.0 Microsoft Visual J# Version 2.0 Redistributable Package Microsoft Visual Studio 2005 Team Foundation Server Is your business still using any of these technologies or services? If so, contact White Mountain IT Services at (603) 889-0800. We?ll work with you to ensure that your systems aren?t left unsupported. Doing so is a liability that your business shouldn?t have to deal with.
Before you do anything else, it?s important to remain calm and not to make any rash decisions concerning your systems, like going public with your hack immediately following the breach. Before informing those who were affected, you need to know who actually was affected. This includes determining how deep the breach has gone, how much data was stolen or destroyed, and whether or not there are still underlying issues within your IT infrastructure, waiting to resurface. Understand the Full Scope of the AttackBefore jumping to conclusions, begin by assessing what exactly happened to your IT systems. Was it a data breach, and if so, how did the intruders get in? Did they infiltrate through a spam email, or did they brute force their way into your network? Was it the cause of user error, or the result of a neglected vulnerability in your software solutions? These are all important questions that need to be asked, and you need to know the full impact of the hacking attack before anything can be done about it. Check Which Data, If Any, Was StolenThe next part of handling a data breach is checking what data was affected by it. Did the hacker make off with any valuable information, like Social Security numbers, credit card numbers, account usernames, passwords, or other credentials? If you know which files have been accessed, you?ll have a good grasp on the extent of the damage. However, if health records have been compromised, you might be more trouble than you?d care to admit. Give Your IT Department Room to Clean Up the MessYour business needs to conduct a full investigation into the hacking attack, and take preventative measures to ensure that the system has been completely purged of the threat. This includes having an environment available for work while your IT is busy containing the problem and resolving it as quickly as possible. This also includes having the resources available to do so; your budget should be ready to deal with hacks whenever possible. Find the Real IssueSometimes smaller hacking attacks are used as distractions to the real problem. For example, a virus that infects a PC could simply be a distraction to hide a trojan, which may allow the hacker to later access your network. If this happens, any attempts to clean up your systems might be rendered useless, especially if you haven?t found the trojan. You could just be inviting another hacking attack, which is counterproductive and costly. Keep in mind, sometimes your business might not be the target, but instead just unfortunate enough to be a victim. Phishing attacks, malware, and other threats travel virally, spreading between contacts and getting picked up on unsafe websites by users. Know Your Compliance LiabilityDepending on the types of files that have been exposed to hackers, you might have a full-fledged violation of compliance laws on your hands. This can lead to expensive fines that can break your budget. Knowing where you stand on compliance, as well as what?s involved for reporting it, is a crucial step in handling a data breach. White Mountain IT Services can help your business handle any potential data breach, and our trusted IT professionals can assist with implementing new solutions to prevent future breaches. To learn more, give us a call at (603) 889-0800.
Virtualization is the act of taking a physical IT component, like a server or a desktop, and storing it in a virtual environment for access through an online interface. This is the interface through which users access applications or data storage clients. When you access information through the cloud, you?re basically accessing the virtual server where your data is stored through a software like Microsoft OneDrive or Google Drive. Therefore, you can think of the cloud as a computer that?s hosted off-site and (hopefully) maintained by trained IT professionals. The main benefit of using cloud-based storage, especially that which is stored off-site, is that your business isn?t responsible for the upkeep and maintenance of the hardware used to store your data. Of course, if you have an internal IT department, the option for a self-hosted cloud is available, but if you want to get the best return on investment for your cloud, you?re better off letting a managed service provider host and maintain your cloud solution. Here?s where most business owners get held up on cloud adoption; they don?t know what their business needs, and get hung up on the details of implementing a cloud. The issue at hand here is that the cloud has so many variants that businesses don?t really know what they want or need from the cloud. While it?s recommended that you communicate with an IT professional to figure out your cloud strategy, you can make the decision easier by asking yourself a few key questions. To make things simple, ask yourself how much control you want over your data, and whether you want to take care of your own technology solutions. If you want to maximize control over your data, a private cloud is the right choice for your business. If you?d rather get started quickly without focusing too much on customization and IT maintenance, the public cloud is a better option. What type of cloud solution you?ll implement is, more or less, largely dependant on these two factors. A hybrid cloud solution is good middle ground for a small business that wants to maximize control while maintaining a hands-off approach to management. Either way, the cloud you?ll implement will undoubtedly need to reflect your business?s specific needs. Worse yet, talking about the ?cloud? inevitably leads people to discuss cloud computing, rather than the actual act of virtualization. The fact remains that cloud computing is only a small part of virtualization. Instead of limiting your business?s scope to just cloud computing, you should consider the other savings that can come from virtualizing your networks, servers, and desktops. Doing so allows you to simplify your IT infrastructure and remove unnecessary costs. Since your technology will be handled by trained IT professionals, you can remain confident that it?s being maintained properly. For all of your business?s cloud computing and virtualization needs, you only need to make one phone call. To learn more about how the cloud and virtualization can improve your business model, contact White Mountain IT Services at (603) 889-0800.
Employees will often neglect security measures because they find them to be inconvenient or time-consuming. This happens every day with solutions that are designed to help keep data secure. For example, a Bring Your Own Device policy is designed to help your business keep secure information from hackers, but if your employees don?t want to go through the process of implementing BYOD on their devices, they could unnecessarily be putting your data at risk. In the end, it comes down to freedom vs security. Employees want to use their mobile devices and have a sense of freedom for how they work, but you can?t allow this to happen without some sort of security oversight. Otherwise, you could be putting your entire business infrastructure at risk of infiltration from outside entities. Ensuring that your business follows proper security best practices is crucial to the continued functionality of your organization. This is especially true in light of employees who don?t follow security best practices. As is the case with many online threats, employees will continue to be the weakest link in your business?s defenses if you don?t take action to remedy this. You can make patching up this vulnerability easier by reinforcing security best practices, including: Regularly changing passwords: While changing your passwords is important, it can be difficult to remember passwords for all of your different accounts. This is why many organizations implement enterprise-level password managers that can securely store your passwords and call them when they?re needed. Passwords should always be complex strings of lower and upper-case letters, numbers, and symbols. Spotting phishing scams: Employees should be trained on how to identify phishing scams. This includes educating them on how hackers will use phishing scams to coerce information out of them. White Mountain IT Services can help your employees understand how best to avoid, and detect, phishing scams. Using two-factor authentication: Any accounts that have access to critical information should be equipped with secondary security features, like two-factor authentication. This makes it more difficult for hackers to access accounts remotely. Two-factor authentication often means that hackers will need physical access to your device, which makes it extraordinarily difficult to hack into an account. If you?re concerned that your team needs additional security measures put into place to enforce best practices, you can implement what?s called a Unified Threat Management (UTM) solution. A UTM consists of firewall, antivirus, spam blocking, and content filtering solutions, which are all designed to limit your business?s exposure to threats. For more information about cyber security and other data security best practices, give White Mountain IT Services a call at (603) 889-0800.