Recent Blog Posts
No Strategy Going In Here, we start with the move that many are guilty of: adopting a cloud-based model for the sake of adopting a cloud-based model. While there?s a lot of benefits that the cloud can offer to businesses, these benefits will only come if the cloud is utilized properly. This means it is crucial that the business seeking to migrate to the cloud should start by establishing a reason to migrate at all. Identifying how your processes could be improved through a shift to the cloud should be the first step of that shift. Up In the Air Costs While the cloud can offer businesses some considerable cost savings through various means?streamlining processes, cutting administrative costs, adopting various productivity benefits?accomplishing these ends can feel expensive in and of itself. There are numerous benefits to be had from the adoption of the cloud, assuming that it?s done with the right preparation and consideration. Otherwise, runaway costs derived from the service itself (compounded with the cost of migration, monetary risks, and training users to the new service) could easily derail your business? cost-saving intentions. Security and Compliance Issues Naturally, many companies balk at the idea of handing their data (in many ways, the keys to the metaphorical castle) over to an external provider. While cloud platforms are generally trustworthy, the risk that these companies face of backlash should the data they entrust to the provider be breached leads to no small amount of hesitance. Human Error Finally, we come to one of the most prevalent and prolific challenges to any technological improvements to a business? processes: the employees who must make use of them. Without the knowledge of the tools that the cloud offers, or any familiarity with using them, your team may be hesitant or even resistant to using your cloud solutions. Worse, they could potentially make use of them incorrectly and thereby open your business to risk. Working With Us Allows You to Bypass These Challenges White Mountain IT Services is here to help. Considering our role, it should be no surprise that we are well-acquainted with today?s advanced solutions and the hoops that sometimes must be jumped through in order to use them? including cloud services. Instead of dealing with your provider, you could simply pass your needs along to us and we?ll see that they are fulfilled, supporting your team every step of the way. To learn more about the cloud and what it is capable of doing for your business, please reach out to us by calling (603) 889-0800.
11 Ways to Make Sure Your Team is On Their Guard Gamification In order to fully absorb the lessons that your security training is meant to impart, your team members need to be engaged in the training. One famously effective way to encourage this is to make it fun (at least to some degree). Running simulated attacks, with incentives given out to motivate your employees to do their best in identifying and reporting them, with help to reinforce the positive behaviors you want your team to exhibit if and when they have to contend with the real McCoy. This also allows your employees to gain practical experience with a live threat, so to speak. Incorporate Security Awareness into Onboarding Strategies There?s a lot that has been said about the impact that a first impression can have, so it only makes sense to have one of the first impressions you place onto your newly-hired employees be the importance of cybersecurity. Instilling good security habits early on will only help your organization resist more threats in the future. Make It Understood that Mistakes are Expected Accidents happen, and the best-laid plans of mice and men often go awry. Regardless of how well your team is prepared, there is almost certainly going to be a slip-up somewhere down the line. Part of your security training has to be the acknowledgment that there will be mistakes made by your employees, and the publicized acceptance of that outcome. If your team members expect to be punished for their mistakes, they will only work harder to hide them. You need to know about these issues so that they can be resolved, and your team members educated so that these mistakes are not repeated. Shape Training to Your Team?s Situation, Work Roles, and Age Groups Chances are, your team members are not a monolith? in addition to the many different roles that they likely fill, they come from a variety of backgrounds, age groups, and other differentiators. As a result, a single method of teaching isn?t likely to work equally effectively amongst them all. While it is important that everyone is trained, it is equally important to remember that not everyone will respond to a given form of training in the same way. You need to diversify your training strategy to involve a variety of methods to account for the various learning styles your team members are likely to exhibit. Keep it Short, Sweet, and Frequent Long, cookie-cutter training sessions are a great way to disengage your team from the lessons that your training is meant to impart. Substituting marathon-style training for shorter, more frequent ?sprint? sessions will help keep your team interested, and will allow for more consistent training to take place. Use Different Mediums Much in the same way that your training needs to account for various learning styles, your training should come in different formats. Basically, you don?t want your training to exclusively be presented as group lectures delivered to the team (or whatever your chosen default is). By switching up the format, you help to make your training more impactful, which will help it stick better with your teammates. Encourage Them to Share Lessons with Their Families One of the best ways to ensure that your employees fully understand the cybersecurity principles that […]
What Happened to JBS S.A.? Over the last weekend of May 2021, JBS? global IT systems were targeted by a ransomware attack that completely shut down the meat processor?s operations in North America and Australia. Seeing as effectively each step of the company?s operations (from livestock procurement all the way to export and shipment) rely on some kind of technology, everything was put on pause. Fortunately, JBS had implemented backups, and have therefore been able to restore their systems and are returning to operation. Furthermore, there has been no apparent evidence discovered suggesting that any customer, employee, or supplier data was compromised in the attack. However, this does not mean that there is nothing more to examine surrounding these events. Let?s go into the major takeaways that need to be addressed. First of All, Who?s Responsible, and Who is Involved in Fighting Back? There has been no indication that any activist groups were involved in the attack. Rather, sophisticated cybercriminals?the sort that have been previously associated with Russian cyberattacks?have been assigned blame for this attack. Along with the Federal Bureau of Investigation?s interest in the cyberattack, the United States government has been in communication with Russia concerning these efforts. The Australian Cyber Security Centre has also been providing their assistance, although they would not disclose what the nature of this assistance was, while the company was also working with both the Australian government and the Australian Federal Police to more assuredly identify the responsible party. The Impacts of Ransomware and Other Threats While ransomware is still relatively new in terms of mainstream threats, it has grown from a concerning eccentricity to a global concern in the few years it has been popularized. More than a threat that simply locks down a computer or network, ransomware now involves an element of exfiltration?not only is the target?s data deleted unless a ransom is paid, it is also stolen and sold unless a second ransom demand is also paid up. This form of attack is closely associated with exactly the groups that are suspected of conducting the attack on JBS. Fortunately, JBS was smart and had protected themselves ahead of time by implementing a backup solution. This is precisely why we always encourage businesses to do just that: the backup serves as your business? insurance policy should your operations ever be targeted by such an attack. Unfortunately, this isn?t unlikely as many such attacks are spread through automated phishing campaigns and other hands-off means of dispersing malware. At White Mountain IT Services, we?re committed to helping businesses resist cybersecurity issues of all shapes and sizes, along with helping you manage your IT in the operational sense. Start a conversation with us by calling (603) 889-0800 today.
First, we would be amiss if we didn?t start with what makes them different. HIPAA and HITRUST, contrary to what you may assume, aren?t both regulatory frameworks. HIPAA very much is, but HITRUST is actually an organization that itself developed its own framework (the Common Security Framework, or CSF) that assists businesses in complying with HIPAA, as well as PCI DSS, NIST guidelines, and other regulations. What is the Health Insurance Portability and Accountability Act? Signed into law in August of 1996, HIPAA establishes the many requirements that healthcare organizations and their partners must adhere to, with these requirements expanded upon further by the addition of the HIPAA Omnibus Rule that better integrated the demands of the HITECH (Health Information Technology for Economic and Clinical Health) Act. What Does the Health Information Trust Alliance Do? HITRUST, as a coalition, works to integrate the tenets of HIPAA into its own CSF. By establishing certain requirements of businesses that align with what HIPAA mandates, the HITRUST CSF makes the portability and accountability act far more actionable. How Do These Two Acronyms Coexist? Building on HIPAA, the HITRUST CSF creates a standardized framework and certification process for the healthcare industry to abide by, while also integrating the demands of HIPAA with those passed down by other compliances and frameworks, as we mentioned above. In many ways, HITRUST is therefore the larger challenge to comply with. Speaking plainly. HIPAA lays out the rules that healthcare providers, organizations, and affiliated businesses must abide by. HITECH gives them the strategies and solutions needed to do so. As a result, both are critically important considerations for any healthcare-affiliated business that wishes to avoid considerable challenges. Do You Need Assistance in Keeping Your Business Compliant? There is no shortage of security protocols and protections that assorted businesses in different industries must be cognizant of in order to continue their operations without being subjected to assorted fines. White Mountain IT Services is here to help you and your practice see to it that you are, with all the technical parts handled for you. Find out exactly what our team can put in place for you and assist you in managing by calling (603) 889-0800 today.
Let?s take a look at how some of the most popular browsers integrate password management, as well as how you can disable them should they be deemed untrustworthy or insecure. Just How Secure Are They? See below for a quick rundown of how the major browsers on the market handle password management. Google Chrome Chrome?s password manager is tied to the user?s Google account. It offers quite a few features that you might expect to see from a password manager, such as two-factor authentication and random password generation. This password generation encourages users to use different, secure passwords for each of their accounts rather than recycling the same old one–a practice that could put the user at risk of a data breach. Mozilla Firefox Whenever you access an account through Firefox, the browser will ask you if you want to save the username and password used on the device so that it can be viewed through the browser?s Options menu. These credentials can be saved, though it should be noted that the default setting for this is quite insecure. One way that this is addressed is through a master password that can be used to protect the browser?s contents. Microsoft Edge Compared to the other browsers, Microsoft lagged behind in terms of password management. As of January 2021, Microsoft Edge now has this feature. One of the coolest new features associated with this is Password Monitor which can inform the user of data breaches, as well as the ability to create a password whenever a new account is created. Apple?s Safari Safari holds a password generator and management tool which gives the user the ability to autofill passwords on websites they visit. But that?s only the start? they can also save contact and credit card information, both of which can be accessed through iCloud Keychain. Unfortunately, this platform is only available on Apple devices, which is not that bad of a loss when you consider the fact that most third-party password management tools offer similar options, as well as two-factor authentication not being available. What?s the Most Secure Offering? If there are no other options available to you, these integrated password managers are passable, but we do recommend that you use a dedicated password management tool. Most integrated password management platforms do not require that the passwords be secure, which is absolutely not the case with dedicated password management programs. While these might sacrifice convenience, improved security is worth every penny. In addition to your password management tool, we recommend that you supplement password security with the use of two-factor authentication, as well as additional best practices. Here are some key ones to keep in mind: Always update your browsers and devices; doing so will keep security as optimal as possible. Steer clear of unsecured websites; if the website does not have ?https? in its URL, that means that the website is not secured and could potentially be at risk on public Wi-Fi connections. You can also look for the little lock icon in the browser?s address bar. Stay vigilant about your browser extensions and installed software. Don?t put yourself at risk unnecessarily! Deactivate Your Built-In Browser Password Management In the event that you do not wish to use your built-in password management, you can always disable these features. Here?s […]