Phishing It should be seen as no surprise that phishing?a form of social engineering that uses subterfuge to extract data, credentials, and other important information from its targets?is a serious threat. Not only can it be carried out through a variety of communication methods, there is no shortage of tactics that phishers can use to trick their targets. This flexibility makes it all the more challenging for businesses to resist phishing attacks. Challenging, however, is much different than impossible. A critical aspect of protecting your business from phishing is simple awareness. Ensuring your team is knowledgeable of the risks that phishing poses and trained to mitigate the risk of this attack vector is critical. Ransomware On a closely related note, ransomware has continued to be a serious threat that no business can overlook, either in terms of its severity or its popularity. By locking a business out of its data (or even its entire network) and demanding a payment for its return and/or the cybercriminal not leaking it, this particular form of malware has been utilized to great effect over the past few years to take advantage of businesses to the tune of millions upon millions of dollars. So, how is ransomware so closely related to phishing? It?s simple: because ransomware needs to gain access to a business? resources in order to encrypt them, phishing attacks are commonly used by cybercriminals to get this access. Therefore, understanding the dangers of phishing becomes even more important, as does knowing how to address ransomware properly (here?s a hint: make sure you have a comprehensive backup and disaster recovery strategy prepared). Malware Taking a step back from ransomware for a brief moment, let?s consider all the other examples of malware out there that can and do impact businesses of all shapes and sizes. Viruses and other nasty malicious software (which is where the term malware comes from) can have a variety of influences on a business and its processes. As a result, it is important to have every defense in place to minimize the chance of malware being able to have this influence. Things like firewalls, antivirus software, and good old-fashioned employee training and awareness will go a long way toward this goal. Insider Threats Unfortunately, it can sometimes be your team members that are the most direct cause of your cybersecurity challenges?intentionally or not. Regardless of their intentions or motivations, it is important that you have the safeguards in place that can minimize the risk that your insiders pose. Things like access controls and permissions based on the rule of least privilege are all invaluable to this goal. While you want to be able to trust your team members, of course, trusting them doesn?t mean you need to leave yourself vulnerable. Password Issues Finally, we need to address the issues that are so common amongst passwords and the habits people have gotten into where they are concerned. Too many of them are woefully inadequate, unfortunately, meaning that anything protected by them really isn?t. For this reason, it is critically important that you reinforce the importance of sufficient passwords with your team, ideally while giving them the resources to assist them in using them, like a password manager. White Mountain IT Services can help you resolve all of the above, so make sure you reach out […]
What Is a Backup? A backup, in the context of business technology, is when a business copies their data (or entire computing environment) to build data redundancy should something bad happen. It is effectively insurance should the business have to deal with some type of information system failure. What Are the Risks of Not Having Backup? Unfortunately, there are plenty of things that can go wrong with technology, and there are some that simply can?t be helped. These include physical damage that comes from normal wear and tear on hardware or environmental damage; premature malfunction; user error; hackers; theft; long-term power failure; malware; or major disasters that create major operational problems for a business. The result of any of these scenarios is that you would lose access to your critical information systems, making it impossible (or very difficult) to continue operations. Consider it this way: Have you ever gone to a store and when you get up to pay they apologize because their ability to take payment with payment cards isn?t working? It?s frustrating, right? Well, instead of your payment card system, imagine if the whole computing infrastructure that you depend on won?t work. It is an impossible situation. In fact, without an easily restorable backup, any of these situations can end up burying your business. A Good Backup Is More than Just Copying Data We?ve established that without a backup your business is at constant risk. That doesn?t mean that just copying your files over once in a while will help your business. Think about how much data your business creates every day. You need a solution that will keep an up-to-date backup, that will allow your business to be as current as possible should some system need to be restored. This Is the BDR The BDR is more than just data backup; it is a system that incrementally backs up your organization?s data in both an onsite BDR device as well as in an offsite data center. This system not only gives you options should something happen that requires fast, onsite restoration of data systems, it gives organizations options should those data systems become unusable. What?s more, should something actually happen to your onsite technology, the BDR can be virtualized to run as a temporary server. This contingency could be the difference between staying in business or closing your doors forever. If you think that statement is dramatic, consider that well over 90 percent of all organizations that suffer data loss from a lack of functional backup platforms close and never reopen or are out of business within two years of the incident, you will agree that having a system that will keep your business safe, and that is run and tested by reliable and expert IT technicians, is extremely valuable for your organization?s long term health. If you would like to talk to one of our experts about how the BDR works to keep your data backed up, ready to restore, and secure, give the IT experts at White Mountain IT Services a call at (603) 889-0800 today.
Let?s consider how your IT may need to meet certain compliance standards, and how we can help ensure it does. How Do IT Compliance Needs Impact a Small or Medium-Sized Business? To get some context, let?s begin by identifying what IT compliance specifically looks like when a business incorporates it properly. By definition, IT compliance is a business? practice of abiding by various regulatory requirements that pertain to the use of technology as a means of ensuring the security of client or customer data. These regulations can come from different sources. Some are established by law for different industries, like the Health Insurance Portability and Accountability Act (HIPAA) does for the medical field, and others are implemented by industry authority groups, like the Payment Card Industry Digital Security Standard (PCI DSS) was agreed upon by a consortium of payment card providers. Failure to comply with such standards and regulations can have various consequences to the organizations expected to do so, ranging from monetary fines to lost privileges. Let?s make one thing very, very clear: these fines are not something to be taken lightly. Depending on the compliance framework that your organization has violated, these fines can reach truly painful levels. A business that severely violates the United Kingdom?s General Data Protection Regulation (GDPR), for example, could be fined 20 million euro or four percent of their global turnovers. It defaults to the higher penalty, too. This is just one of many regulations that your business could potentially be held accountable for, depending on your industry and what it is you do. Common Compliance Standards with IT Ramifications What follows are a list of standards that you could likely need to consider, particularly where your IT is concerned: HIPAA (The Health Insurance Portability and Accountability Act): Amongst other requirements, HIPAA establishes standards regarding patient information confidentiality and security for the healthcare industry and any affiliated parties. NIST SP 800-171: This standard, established by the National Institute of Standards and Technology, places various cybersecurity requirements on businesses working with federal and state agencies in the U.S. GDPR (The General Data Protection Regulation): This law, established to protect the information of European Union citizens and residents, applies to any company?globally?that utilizes this data. PCI-DSS (The Payment Card Industry Data Security Standard): This standard, implemented by PCI Security Standards Council, puts data security requirements on any business that wants the ability to accept payments via card. Again, this is just a selection of some of the more well-known standards?more could easily apply to your specific situation. Fortunately, you don?t have to navigate your IT compliance needs alone. Turn to Us for Assistance in Meeting Your IT Compliance Requirements As part of our managed services, White Mountain IT Services can help ensure that your business technology is not only functional, but is aligned with the standards it needs to meet. Find out more by giving us a call at (603) 889-0800.
Let?s talk about why browser-based password managers are the inferior choice as compared to their standalone predecessors?and it?s not all about the difference in security. A Dedicated Password Manager is Better First Off, They Are More Secure Like we said, convenience should never precede security, but that?s precisely what browser-based password managers have historically done. The key is the use of zero-knowledge encryption (where a platform has no visibility into what is stored on it), or rather, the fact that Google doesn?t use it. Google?s option to encrypt passwords on the device also keeps the key on the same device as the data?which is effectively like leaving a key to your front door hanging next to the lock. Not exactly effective, if someone were to breach your network and the hardware on it. They are Also?Ironically?More Convenient That?s right?despite the idea being that a browser-based password management system would be more convenient, the limitations of it being tied to the browser limits its convenience substantially. After all, your browser isn?t the only place you need your passwords, but the browser-based manager keeps them there exclusively. Consider all the mobile applications that require you to log in on your mobile device, for instance. A browser-based password manager restricts them. Finally, Stand-Alone Password Managers Offer More Features In addition to being restricted to the browser that hosts it, a browser-specific password manager is just that?a password manager, exclusively. By comparison, stand-alone options not only store your passwords, they also help you generate secure ones, save other sensitive details like payment card credentials and account numbers, and even addresses. Dedicated password managers also offer additional features, like password strength checks, password sharing, and even biometric support. All That Said, Not All Password Managers are Created Equally We?ve seen the impact that an insecure password management system can have, so it is important that you select one that is reputable and trustworthy. Fortunately, you can trust White Mountain IT Services to select one for you, just like we can help shape the entirety of your IT infrastructure. Give us a call at (603) 889-0800 today for our assistance with your business technology.
Ransomware Usually Starts With Phishing Phishing is the number one way that hackers gain access to your business? network and infrastructure. The process includes sending messages to your staff that creates a subterfuge to get them to give over personal information or login credentials to your network. After they get in, they will then deploy the malicious code that will lock down files or full drives. The Ransom is the Point When ransomware is deployed the ransom will be up front and center. Typically, it will communicate the demands of the hackers and then have an integrated timer. Presumably, this is the amount of time you have to make a decision on whether or not to pay the ransom fee. These ransom demands are always payable in Bitcoin or some other type of cryptocurrency, but can you really trust someone that is willing to hold your organization?s data hostage to not continue to extort your business, or worse, ruin files if you decide the best course of action is to not pay the fine? Probably not. What You Need to Do, Should You Get Infected I know it might sound redundant or even contrived, but if you happen to become a victim of ransomware, you can?t panic. Of course, your first instinct will be to panic, but you need to get through that quickly and keep a level head because it’s going to take some focus to get out of this situation. The first action you should take is to take a picture of the ransomware message. This is because you will likely need it later to restore your data and to prove that you?ve been hacked to law enforcement. You?ll then want to immediately turn the computer off and unplug it from the network and from the power outlet it was plugged into. If you leave the computer online, it exponentially enhances the risk that other devices will be infected, making the whole situation that much more difficult to navigate. The next action is to notify your IT department. Technology professionals, like our technicians at White Mountain IT Services, may be able to obtain a solution to this problem that will unlock data by getting in contact with security vendors that they work with. If your business has cybersecurity insurance, you will want to contact them at this stage as well (if your IT management team doesn?t do this for you). You will also want to speak with legal representation to cover your bases. At this point, it?s a waiting game. What you shouldn?t do is sit on a ransomware attack. You need help to remediate the situation and the fear of ridicule or loss of reputation shouldn?t supersede your acknowledgment of this fact. You also shouldn?t quickly pay the ransom with the hope that this will go away. If it is just a fear tactic, your IT management team will expose this; but on the chance that your data or systems are encrypted, you will want more eyes on it to ensure you make the right decisions for your business. Ransomware is Scary Make no mistake, if your business is the victim of a legitimate ransomware attack, it is extremely stress inducing. That?s why you need experts on your side to help you solve the big problems that you may not […]
