Recent Blog Posts

So, Your Data Was Breached? What Do You Do Now?

Yes, We Know: Part of Our Job is Preventing Data Breaches Don?t get us wrong, we?ll do everything in our power to help prevent our clients from experiencing a data breach. Having said that, there is only so much we can do to stop them. Whether we?re talking about zero-day threats, unreported software vulnerabilities, successful phishing attacks, or a lost device going unreported, there are plenty of ways that an attack can slip past even our team. So, while our services and solutions can greatly reduce the number of threats that your team is exposed to, we cannot realistically catch them all. Therefore, we wanted to discuss how you need to respond if your data is eventually breached. Of course, we?ll also get into a few best practices to help your team avoid data breaches as well. So, Your Data Was Breached? Now What? Step One: Notify Everyone Impacted Let?s make one thing clear? if your company experiences a data breach, it probably isn?t just ?your? data that was affected. Anyone whose data you have collected, from your clients to your employees to your vendors, could now be at risk. This means there are a lot of people you have to alert, just in case their data was impacted in the breach. We do mean ?have to?, as well? each of the 50 states has some kind of legislation that sets standards for data breach notification, so not doing so can land you in some very, very hot water, regardless of where you are located or where you do business. Step Two: Make Things Right with Those Affected Once you?ve discovered the breach and informed your clients of the situation, it is also on you to make amends to them. This may be to offer a complimentary service to them, or a discount. The one thing you don?t want to do is pretend that nothing happened, or gloss over the situation? particularly if the breach caused issues for them. Have a frank and honest conversation with your clientele, doing whatever you can to help them out. Step Three: Identify, Disclose, and Rectify the Issue Internally, you need to make sure you fix whatever problem enabled the breach in the first place. We can help you run a complete network audit to figure out if a problem with your network allowed someone to access your systems, or to find out if someone employed by your company let in the attack (whether or not they meant to). Once you know why the breach was possible, you need to remove the vulnerability. This may require you to update the defenses you have around your network, or to better educate your team on security procedures and best practices. Either way, you need to do whatever it takes to fix the problem, all the while keeping the affected people listed above apprised of your progress? of course, respecting everyone?s privacy. Step Four: Do Better, and Restore from Your Backup This part is simple? whatever needed to be done that wasn?t initially and allowed the breach in, make sure that you implement it into your standard procedures. Any data breach that you survive is a learning experience, if nothing else. Make sure you take advantage of it. If necessary, you?ll also need to turn to your […]

ALERT: Log4j is the Most Dangerous Vulnerability in Recent History and Your Business Needs to Act NOW

What is Log4j? Log4j is a Java library, which may not mean much to you. All you need to know about these libraries is that they are used by programmers to develop software. If an application uses the Log4j library, it suffers from a major vulnerability that was just discovered. The problem is, this particular Java library has been used extensively over the years, which means that the vulnerability impacts most of the big names in software and the applications and cloud services they offer. Big names, like? Amazon Web Services Apple Cisco Fortinet Google IBM Microsoft  SonicWall Sophos VMware ?as well as others, large and small. Even the United States? Cybersecurity and Infrastructure Security Agency (CISA) is affected. How Vulnerable Could Log4j Leave My Business? In a word: extremely. This vulnerability is so bad, it?s been demonstrated that using a single script in some applications could give a hacker near-ubiquitous access. This vulnerability isn?t new, either? it?s been around for years, but was only recently discovered on a wide scale. As a result, more people than ever are able to take advantage of it. What to Do to Fight Back Against Log4j This is where the real challenge comes in. Naturally, if you rely on some of the systems that have been affected, there are some steps you need to take. Much of the onus falls on the developers and companies who used the Java library to go back and fix the issues. Rest assured, it is pretty much guaranteed that the list of developers we mentioned above will do something about it. Many of them already have. However, it also falls on the impacted websites and businesses to apply the patches that these developers put out. For example, let?s assume for a moment that you?re an annual user on a fantasy football website. If that website relies on technology that Log4j impacts and they don?t apply the fixes, the information you?ve provided to the website?account details, financial information, and whatever else?would be vulnerable. Again, this applies to every website, so if that website doesn?t react, your account with them could be vulnerable. How to Protect Yourself from Log4j, as an Individual and as a Business While it won?t totally solve the problem, everyone (private users and businesses alike) should take the steps to lock down their passwords. Weak passwords like ?password1? isn?t going to cut it. This involves following the basic password best practices that we always talk about, like: Using a unique password for each account and website Using a mix of alphanumeric characters and symbols Using a sufficiently complex passcode to help with memorability without shorting your security Keeping passwords to yourself Individual Users Need to Know That the Internet is Even Less Safe Don?t get us wrong? the Internet is never totally secure, but for now, the dangers are that much more severe. You need to be very discerning about who you trust with your information for the time being, as various websites and developers make the updates to their platforms that will resolve these issues. Businesses Need to Enlist the Help of a Professional  All organizations need to bring in a professional to audit all of their technology and update what can be updated to remove the influence of Log4j. Not only will this […]

Adding to Your Infrastructure Doesn?t Have to Be a Headache

Let?s go over some of the challenges your organization might face, as well as questions that must be asked if you want to optimize chances of success when implementing new hardware. Before we jump into the hardware acquisition process, we should preface this by saying what not to do when it comes to replacing technology. The biggest pitfall that so many businesses fall into with technology replacement is relying too much on break-fix IT. They only replace technology when it is so broken that it cannot be repaired, and even worse, they wait until the technology breaks before they replace it. The reason this is particularly unforgivable is due to the downtime that this approach causes. For example, if you wait for the server unit to fail before you replace it, then how are you accessing the data found on that server? If a workstation breaks beyond repair, how are you going to get work done? All of this time spent waiting around while you make a decision about replacement is wasteful and unnecessary, especially when preventative maintenance and a technology roadmap could have prevented it all. The first question that needs to be addressed is, ?Should you consider new hardware in the first place?? Oftentimes businesses find themselves upgrading needlessly just to have the most up-to-date model of something. If your current technology works perfectly fine, then there is a good chance that maybe you don?t need to upgrade immediately and can instead get by with technology that, while not the top-tier hardware, will get you through the workday without incident. When your technology starts to cause disruptions to operations, on the other hand, you will have to make a decision about an upgrade or replacement. The second question is, ?What will this hardware be used for?? For example, hooking a video editor up with a thin unit or your standard office workstation probably is not going to cut it. These types of graphic-intensive devices need to have powerful specifications so that the user can fulfill their duties. If you don?t consider what the end user will need the device to do, you are going to be setting them up for failure and establishing unrealistic expectations for them, which is never a good way to implement new technology. Third and finally, you should ask, ?What is the timeline for replacing this hardware?? By this, we are circling back to earlier in this article when we mentioned a technology roadmap. This is a policy that showcases when and how you plan to approach upgrading your organization?s technology. It might include a schedule of upgrades that happen at specific points in time so that they stay current while minimizing the chances of hardware failure. This might feel a bit like preemptively replacing technology even when it is no longer needed, but it?s different in this case, as you are actively planning for it rather than making a spur-of-the-moment purchase. Regardless of your hardware implementation strategies, you can rely on White Mountain IT Services to help steer you in the right direction. To learn more about how we can help your company adopt new hardware solutions, reach out to us at (603) 889-0800.

Fake Ransomware Shows That Fear is Often Our Worst Enemy

That?s right; some hackers have the gall to fool users into believing that their systems have been infected by ransomware. They then use the ensuing fear to their advantage in a plethora of ways. Just think about how you might react the second you see that there?s a message on your computer claiming that your device has been infected by ransomware. What would your knee-jerk reaction be? Would you panic and fall into their hands, or would you follow the established policies? It?s a tough question to answer because it is difficult to know just how we might respond in the event of a stressful situation like a ransomware attack, but the general consensus is that it?s of paramount importance to not panic and report the supposed attack to your trusted IT resource, be it someone within your organization or us, if we handle your network. The reasoning for this is simple: there is no way to know the scale or scope of the attack unless you get a professional involved, if there is even a breach at all. In some cases, hackers might use the panic and fear of a ransomware attack to scam someone out of hundreds or thousands of dollars. They might use language indicating that they must pay a ransom in advance, otherwise, their computer will be locked down in the near future. Think about it this way; let?s say you get an email saying that someone has caught you on camera doing something incriminating or embarrassing. There is an attachment to this email of a picture, but you know how these threats operate?after all, what if the picture itself is infected? Then again, what if they actually do have dirt on you in some way? In a panic and fearing the worst, you pay their fee. Then, after the fact, you get IT involved and they discover that, as expected, the picture is not even of you. Now you are both embarrassed and out of some cash. These fake ransomware attacks work in much the same way, and they are most effective when the fees are low compared to the massive price tags that some hackers are able to demand for their ransoms. Other times, hackers might send an email with an attachment for the ?decryption key,? but it?s really just a different threat that can then install on the device. In other words, these fake ransomware attacks have a solid chance of either a) Not being a threat at all or b) A different threat in disguise. Again, we want to reiterate that you should consult with a professional before jumping to conclusions, especially in the realm of ransomware and cybersecurity. If you do not have a professional to consult, White Mountain IT Services would be happy to take that place amongst your ranks. We can not only protect your business from ransomware, but also assist with responding to threats as they unfold. To learn more about our services, reach out to us at (603) 889-0800.

Is Remote Work Eroding Your Company Culture?

To begin, let?s discuss what makes it so important to establish a healthy company culture in the first place. Company Culture is Key to Your Continued Productivity The whole point behind having a healthy company culture is to help keep your employees engaged with the overall goals that the company has established, as well as to attract additional talent to the business. Interconnectivity is crucial to developing these kinds of relationships, with visibility into the progress made by the entire team. Naturally, remote work has made this kind of connection a lot more challenging to sustain. In fact, a global survey found that 51 percent of respondents had experienced a loss of connection to their company culture after the COVID-19 pandemic forced them into remote work. Out of the interactions with their coworkers, in-person collaboration, or having a definite line between work and home, these respondents actually indicated that they most miss spending time with their fellow employees. On top of this, company culture is very high on the average prospect?s list of considerations. Another study found that 57 percent of job seekers consider it equally as important as pay, while 75 percent of recruiters rank how well an applicant fits into the culture a company has established more highly than the prospect?s experience. On top of this, 73 percent of this survey?s respondents closely associated a company?s culture with its reputation as a whole. iCIMS chief people officer Jewell Parkinson credits a company?s culture for spurring on a list of common business priorities: Engagement Productivity Profitability Customer Satisfaction Customer Retention All of which would presumably suffer if there were to be any drop in culture as a result of remote work (as the first survey we mentioned suggests indeed did indeed happen for many). This means that there needs to be direct activities to remedy these impacts amongst your remote workers. Let?s go into a few such activities for your consideration: How to Keep a Remote Team Engaged See to Your Remote Workers? Needs This one may be a little boring and predictable, but it is invariably important for any business utilizing a remote workforce to see to. If your team members are able to work from home, you should be doing everything that you can to facilitate their efforts. This may range from providing them with the equipment they?ll need to do so effectively to subsidizing their Internet costs. Tying into this, your workers will also need to know what your expectations of them will be. You?ll need to have policies and expectations developed and dispersed to your team members that cover matters like: If remote workers are expected to stick to regular office hours, or if their work schedule can be more flexible. Which tools remote team members should use to collaborate with the rest of their team. Whether remote employees are able to work remotely while traveling, and how remote time-off requests are to be handled. Establish Company Culture and Create Reasons to Socialize It?s a simple equation: the less time your employees spend around one another, the fewer opportunities they?ll have to form the bonds that encourage teamwork and loyalty. For all its benefits, this is one of the biggest drawbacks that remote work brings with it. Therefore, you need to do what you can […]