Damage Control Your first step needs to be getting a handle on the situation at hand. While hacking on any scale is a bad thing to experience, cutting it off as quickly as possible will serve you well. Here are a few steps that you need to take in order to do so: Contact Your IT Provider IMMEDIATELY If your IT provider is anything like us, they are more than likely aware of something happening on your network if they are monitoring it closely. That said, you?ll want to notify them immediately if you are suspicious of malevolent activity.  Depending on what the issue is, IT will take specific actions to remove the threat, mitigate the damage, and then harden your network to prevent it from happening. Threats can sometimes be removed easily, or it could take a lot of hunting to chase down the cause of the problem if it isn?t being done proactively. Here?s an example of a nightmare recovery scenario. IT may decide it?s best to take the nuclear option and wipe all affected devices completely before restoring them from a data backup. Doing so should remove the chance that a lingering threat could continue causing problems. We strongly recommend that you reach out to us for assistance with this, as we?ve seen plenty of cases where the business goes through an intense amount of labor only to experience the same hack after everything is back online. It has to be done carefully, and it has to be done correctly, and even then, the risks are still there. Once that?s been accomplished, you need to be sure that all of your cybersecurity protections are fully updated and that you are as secure as possible. Check your firewalls, antivirus, spam protection, everything. Seek Out Assistance Many small businesses fully place their IT issues (or more accurately, dealing with them) on their staff members. Obviously, this isn?t a good situation. For a business? purposes, it is much better to have a professional, dedicated resource to answer any questions your team has. A solid and reliable expert, like the ones that we employ here at White Mountain IT Services, can be key to making it through these kinds of situations in the best position possible. Be Prepared to Inform Clients and Prospects Finally, we come to the last (but by no means least) part of making it through a cybersecurity incident: disclosing it. Of all of your interactions with your clientele or staff, this is the time when clarity and concision is most crucial. Bring everyone up to speed on the situation, what the possible ramifications are, and what needs to be done next to minimize the damage the event ultimately causes. The hard truth of the matter is that you will ultimately lose some people when this happens. Of course you will. While the data practices of some people in their personal lives are questionable at best, the onus is still on you if they?ve entrusted you with the same data? and they?re not wrong. This means that you are accountable, and therefore need to be open and forthcoming with anyone involved. Every state and most industries have their own rules and requirements for data privacy, so you?ll want to understand exactly how you need to handle the communication involved with a […]

The Less Inclusive Internet We all use the Internet for multiple purposes, and we all get extremely annoyed when we come across a webpage or an app that is poorly designed and provides a terrible user interface. For people with disabilities it can be even more frustrating. In fact, for some, it makes getting the goods and services they desperately need all but impossible to do online.  Defining Accessibility  In the context we mean here, accessibility is basically the usability of a website or app. When people can?t properly navigate, understand, and successfully interact with a web-based platform, its accessibility is limited. A few standards have been outlined, known by the acronym POUR:  Content and the overall user interface must be perceivable by everyone, accounting for those who rely primarily on visuals as well as those who require sound or tactile input. A website must be operable, which requires that those with limitations must be able to identify and navigate through different elements of a webpage. A user must also find the website understandable, with the information presented on it in such a way that the meaning is clear, and the formatting is consistent. Finally, a website must be robust, which here means capable of operating properly on a variety of technologies?including assistive technologies. As the COVID-19 pandemic hit, social distancing guidelines were implemented, making the accessibility of services to people with disabilities extremely important. With everyone thrust into a new system, the inconsistency of the accessibility of applications and websites became frightfully apparent. In America, one-in-every-four people have been diagnosed with some form of disability, so the pandemic made things difficult for nearly a billion people.  Common Disabilities Here are a few common disabilities that may make it difficult to work with web pages and apps that don?t work:  Visual disabilities, including blindness, color blindness, and low vision. Hearing disabilities, including deafness and hearing impairments. Neurological disabilities, including conditions and disorders that impact the nervous system. Cognitive disabilities, including those that impact attention, learning, and logic. Motor disabilities, including those that limit fine motor skills, slow muscles, or prevent the full use of one?s hands. These are officially listed in the Web Content Accessibility Guidelines, a standard that was created by the World Wide Web Consortium and specifically designed to establish some basic oversight over the Internet. It became clear that it woefully neglects some people with disabilities. The WCAG has been a foundational guideline for disabled Internet use around the globe. This includes Title III of the Americans with Disabilities Act (ADA), while others (like the European Standard EN 301 549 of the EU Web Accessibility Directive) incorporate the WCAG?s guidelines into its own contents. While it?s a good start, these guidelines still seemingly come up short.  The pandemic exposed the lack of inclusivity. Take a look at the state unemployment sites. Based on research completed by the Information Technology and Innovation Foundation, 86 percent of these sites failed at least one basic evaluation for mobile loading speed, mobile friendliness, or accessibility.  Additionally, telehealth interfaces, something that has gained a lot of traction during the pandemic, have been exposed for their lack of usability, consistency, and availability of services like closed captioning have underperformed.  Furthermore, a survey conducted by Pew Research Center in 2016 revealed that adults with […]

Keep Your Software Up to Date To spy on you through your webcam, a cybercriminal (which is what that person would be) needs to have access to it. This can be as simple as simply hijacking an insecure program that has already been granted this desired access. Keeping your software up to date helps to eliminate the likelihood that the hacker will have that opportunity, from the programs and apps you have installed to the operating system itself. When working on a PC, navigating to Settings and to Update & Security will bring you to the option to schedule your Windows Update. Rather than being interrupted mid-workflow, you can Change active hours to have these updates implemented after hours. Maintain a Firewall When it comes to keeping unwanted guests out of your network, a firewall is one solution you certainly need to prioritize. Making sure it is up, activated, and effective is a relatively simple process. In Settings, once again under Update & Security, you should find Firewall & network protection in the left sidebar. The menu that opens when you click it will offer Windows Defender Firewall, one rudimentary way to stave off threats. This is a good enough solution for home users, but businesses will want to deploy an enterprise-level firewall that is designed to protect every facet of their network. Securing Your Wi-Fi It isn?t uncommon that attackers will target your network via the router, rather than the computer that uses it to connect to the Internet. If they can access this piece of your network infrastructure, there?s a considerable list of devices they?ll then be able to access. Better securing your router equates to better securing your entire network. The first step is to rename your wireless network to something that doesn?t tie back to your business and lock it down with a strong, complex password. You?ll need to remember it, of course, but using a passphrase with some added symbols and alphanumeric switching will help keep it memorable to you and bamboozling to cybercriminals. Cover Up Your Webcam If you?re really and truly worried that someone may be peeping at you through your webcam, the simplest way to prevent the possibility is to simply obscure their view. Covers are available to make it simple to ?deactivate? the camera when it is not needed, and in a pinch, a sticky note will do the job just fine. Privacy always needs to be prioritized, in the office, the home, and in the home office. For more tips, practices, and advice on keeping your data secured, make sure to check back on our blog every few days.

Let?s explore this trend, and what it implies for your cybersecurity. Understanding the Concept of Dwell Time Dwell time is the term for the duration that a cyberattack is present on the network before it is detected. According to figures compiled by Mandiant, their researchers have found that the median dwell time around the world is 24 days. This number continues a decade-long trend of shortening dwell durations, with 2011 seeing a median dwell time of 416 days. So, over the past ten years, the median dwell time has shrunk to about a fifth of what it once was. On the surface, this sounds great? and it makes sense, too. Organizations are investing more into their cybersecurity, so their policies are better and they are simply more able to detect threats. Therefore, cyberattacks aren?t spending nearly as much time on a network before the infiltrated business becomes aware of them, so the damage they can do should be limited? right? As much as we?d like to wrap this blog up right here and say ?Right, and here are some best practices to follow?? we can?t. The situation is just a bit more complicated, and those complications are important. The Shifting Threat Landscape Plays a Role Here?s the thing: as the dwell time that cyberattacks spend on a network undetected has shrunk, the methodology behind the attacks?more specifically, the type of attacks commonly being used?has shifted. Nowadays, ransomware plays a much larger part, increasing from 14 percent in 2019 to 25 percent in 2020. Ransomware (the malware that locks down a targeted system and demands payment to release it) has a much shorter dwell time than most other attacks. Taken as a group, other attack methods had a median dwell time of 45 days. Ransomware: just five. This difference is what contributed to the overall median dwell time of 24 days. So, these shorter dwell times can be attributed to ransomware intrusions progressing to full-scale attacks much more quickly. Ransomware Has Gotten Worse Unfortunately, a business? troubles don?t end there. In addition to these accelerating attacks, hackers have grown more aggressive. This has translated to higher ransom demands, as well as the unsettling development of so-called ?multifaceted extortion??where the attacker threatens to also publish the data they steal if payment isn?t made. Other Attacks Are Still Prevalent, Too Businesses still need to worry about other methods of attack as well. For instance, exploits (codes that take advantage of programming bugs or other vulnerabilities) have risen in popularity again as a way for an attacker to first get into a business? network. They?re now seen in 29 percent of intrusions, as compared to phishing attacks and their 23 percent prevalence. Other commonly used tools included misused tools meant to provide security teams with the resources needed to run their evaluations. These backdoors were found in 24 percent of incidents. Moreover, privately-developed malware?the kind that makes responding to a security incident more challenging?was seen in 78 percent of attacks. This Is All Concerning, So Your Business Needs to Prepare Accordingly How do you do that? Proactively, and keeping in mind that the modern threat landscape is just too diverse to be covered by a single, simple fix. The measures needed to respond to each are all very different. If you?re finding this to […]

Let?s begin by looking at some of the positives to remote work, in terms of the environment. Environmental Benefits of Remote Work Diminished Fuel Demands and Emissions According to the Environmental Protection Agency, transportation is the largest source of greenhouse gas emissions, and that such emissions increased by a not-inconsequential 3.7 percent from 1990 to 2019. Furthermore, the U.S. Energy Information Administration reported that 2019 also saw 142.71 billion gallons of gas burned. If you?re reaching for a calculator, that?s an average of around 390.98 million gallons per day. Consider, for a moment, how much of a difference it would make if we could remove a large portion of that expenditure by adopting widespread remote work. If just 3.9 million people worked from home for half the time, the reduction in greenhouse gases would be akin to taking 600,000 cars off the road for a full year. Back in 2015, Xerox implemented a telework strategy, cutting 41,000 metric tons of emissions and saving 4.6 million gallons of gasoline. On a related note, a remote workforce also allows a business to decrease their use of energy in terms of climate control and lighting?which often (but not always) means that less energy is being used to control a large space as compared to a smaller one. We?ll dig into this further a little later. Cleaner Air On a related note, there are various benefits associated with fewer emissions that remote work can help to promote, reducing the level of air pollution a common thread between them. A study taken in London in the midst of the COVID-19 pandemic revealed that emissions reduced by 25 percent during the morning commute and by 34 percent in the evening. This is not nothing. Decreasing the amount of air pollution also decreases the amount of acid rain that occurs, makes algae blooms (sudden increases in algae in water systems that kill off the local biome) less likely, and helps to support our own health. Decreased Waste Did you know that the average American uses, on average, 680 pounds of paper each year, and that the world produces 300 million tons of plastic in the same span of time? Working from home, however, helps reduce these levels by encouraging the use of paperless solutions, while simultaneously creating an environment that relies less on single-use plastic products and more on sustainable methods. However, now that we?ve gone over the major environmental benefits, we?d be amiss if we didn?t address the problems that remote work introduces as well. Environmental Issues in Remote Work Energy Mismanagement Okay, so remember how we discussed how a remote workforce allows a business to use less energy to keep its workspace climate under control? Here?s the problem with this: research conducted in the United Kingdom reveals that?at least in the winter?the energy used to heat the office was less than the total it took to heat each remote worker?s home. As a result, working from home could in this way be counter-productive, environmentally speaking. That said, most people keep their homes fairly livable even while they are at work. Global Inconsistencies There?s a lot to dig into here, so let?s start by laying out the groundwork: different regions around the world produce and use their energy in very different ways, creating different environmental scenarios […]