Recent Blog Posts

 How Did the Attack Happen? In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations?18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including: The U.S. Department of State The U.S. Department of the Treasury The U.S. Department of Homeland Security The U.S. Department of Energy The U.S. National Telecommunications and Information Administration The National Institutes of Health, of the U.S. Department of Health The U.S. National Nuclear Security Administration When the attackers gained access to SolarWinds? network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company?s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application. Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds? recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain. While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That?s why there is still no estimate of this attack?s true scope. This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out. This Wasn?t the Only Attack, Either Another attack was also discovered on SolarWinds? network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source. What This Needs to Teach Us Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office. Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it. While we likely will not know how deeply this threat went for some time, you can at least be sure that White Mountain IT Services is here to help keep your IT as safe as possible. If you have any questions for us regarding your business? technology, do not hesitate to give us a call at (603) 889-0800.

It is important that we review the various situations that downtime can have on a business. These, let’s call them problems, can be felt in your customer relationships, via: Customer dissatisfaction and displeasure Decreased loyalty to your business and brand There are also impacts your business will experience directly: Lost revenue Cost of recovering, repairing, and/or replacing crucial technology Lost or wasted materials Regulatory non-compliance Repercussions to your supply chain Overtime costs to make up for lost time so deadlines can be met Decreased employee morale and increased stress Lost internal productivity and the costs of still reimbursing your employees Let?s examine this last factor a little more closely, as calculating losses of productivity may be a little difficult to calculate. It will require you to estimate each employee?s technology utilization percentage, which is effectively how much of their work requires the technology in question to complete. You will then multiply that number by each employee?s salary per hour. If you have multiple employees with the same salary and utilization percentage, you can then multiply this number by the number of employees affected by the downtime to find your total lost productivity per hour. This gives us the following equation: (Salary per Hour x Utilization Percentage) Number of Affected Employees = Lost Productivity Combining all of the costs detailed above, you can then calculate the total hourly cost of a downtime incident: Downtime per Hour = Lost Revenue + Recovery Costs + Lost Productivity + Intangibles This number might be a little shocking to you, but it should also reinforce just how wasteful downtime truly is. There?s just no getting around that fact. As a result, it is extremely important for your business? sustainability that you prevent as much downtime as possible. Our professional technicians can help with that. Our monitoring and management service uses cutting-edge technology to catch potential causes of downtime and resolve them before they have an effect on your business? operational effectiveness. If you would like to learn more about how we can help reduce your business downtime, give us a call today at (603) 889-0800.

Jangle sighed. His to-do list for the day was growing by the moment. Despite it only being 10:23 in the morning, he already had far more tasks on his agenda than he could possibly accomplish by deadline. He took another sip of cocoa and set the mug back down on his desk, staring at the screen in front of him. Santa?s Workshop was bustling around him, with elves scurrying around the floor in a mad dash to get everything made, packaged, and processed before the Big Man?s departure time. Clicking into his Glee-mail, Jangle saw three new messages, all marked urgent. With another sigh, the elf opened them up and reviewed their contents. ?URGENT ISSUE NEEDS YOUR ATTENTION? ?re: re: re: cookies for wrap party? ?santa sleigh engine troubles? Jangle shook his head, the bell on his hat tinkling. The ?URGENT ISSUE? was sent out to the entire staff, despite it only pertaining to the Coal Department?far out of his purview as a Toy Assembly Manager. He had responded to the cookie email days ago with his input, but the conversation had continued and fractured off into whether skim milk or two percent should be served along with them and whether roasted chestnut milk would be on the menu. Out of the three, only one of the messages really had anything to do with him. The Mechanical Department was requesting to borrow himself and one of his elves from Toy Assembly for another look at the sleigh?s magic induction system. Fortunately, Jangle?s team was well-prepared this year, and many of his elves were ahead of schedule enough that he could spare them. ?Ginger!? Ginger jumped up from her seat and bounded over to Jangle?s desk. ?Yes, sir?? ?How are you with magical engineering?? ?Pretty good, sir. I interned there for a while before being assigned to Toy Assembly.? ?Excellent. Come with me, they need a few extra sets of eyes in the garage.? ?Okay!? Jangle and Ginger set off for the North Pole?s garage, where the Big Man kept his famous sleigh and Mrs. Claus kept her less-well-known motorcycle. As they walked over, Jangle couldn?t help but sigh once again. Ginger glanced at him, concerned. ?Everything okay, boss?? Jangle replied, ?Yeah, it?s okay. There?s just a lot piling up on my day that it really doesn?t seem like I should be involved in. I mean, I shouldn?t be venting to you about this, but some of the technology we use just seems to get in the way.? Ginger nodded. ?I know what you mean. I couldn?t figure out why my workstation was running so slowly this morning. Garland had to come over and help me fix it? and I?m not even sure that it helped all that much.? They continued walking in silence. Almost hesitantly, Ginger spoke up again. ?You know, I have a cousin who works in a shoe factory, and he says that IT isn?t really a problem for them.? Jangle snorted. ?Yeah, maybe after they?ve invested half of their annual magic into it.? ?That?s just the thing,? Ginger persisted. ?They don?t have to. They work with this company called White Mountain IT Services, they?re something called a managed service provider.? ?A managed service provider? What?s that?? ?Well, you know how we usually handle technology issues? We all kind of try […]

Security Software It?s pretty evident that the best thing you can do is invest on solutions designed specifically to help keep your business safe. It?s understood that having all the proper firewalls, antivirus, and encryption services in place, and ensuring that they are properly updated, can keep a majority of the threats off your network. By protecting your data at its source, you gain the peace of mind of knowing your data has some defenses around it. Backup Your Data Every business should have some type of data backup strategy in place. There is information that your business has that, if it were lost, could make running your business impossible. The resulting downtime can be extraordinarily expensive, but that is really the best you could ask for without data backup. Today, it?s not enough to simply back up your data to a hard drive or NAS device. You need to also keep copies of your data online. With a Backup and Disaster Recovery (BDR), your business gets just that. Not only can you back up your data in increments up to every 15 minutes, it happens while you work. The data is stored on the BDR device and simultaneously sends a copy to the cloud, stored in an offsite data center. Your business? most important data is secure and ready for retrieval. Have a Plan There are plenty of security options for the modern business, but in security, it?s easy to have redundant costs. Here are a few ways to invest in your business? security, without wasting capital. Physical Security Unfortunately, threats come from every direction. You need to have a plan for your business? security. Not only do you need to prioritize cybersecurity, you need to consider physical security. Today, there are inexpensive digital security options that could be highly effective for protecting the physical security of your investments and your staff. In fact, a compelling case could be made for the small business to combine their IT and physical security initiatives. Some options businesses could employ include: Security Cameras ? Affordable security camera systems are all over the place, nowadays. They improve rapidly too, so you get what you pay for. Access Control Systems ? To keep unauthorized people out of your workspace is to protect your physical assets, and your digital ones. IoT ? Smart tools can be great for security both as a deterrent, but also as integration that can make it simpler to do the right things. Whatever combination of tools you decide to deploy, you will want to ensure that they do the job they are being deployed for and aren?t going to be difficult to configure with other solutions. Solution overlap could open vulnerabilities, not close them. Train Everybody Small businesses need to prioritize comprehensive training for their entire staff. This includes a subsequent testing strategy to ensure that the people that tend to be problematic can be trained properly. Here are a few subjects that your employees need to know about, and how to resolve them without issue. Phishing ? Many of today?s most successful threats are the result of successful phishing messages. Staff members will have to know how to identify a phishing message and understand what to do when one is detected. Password Hygiene ? Improper password security causes millions […]

What Are Chrome Actions? With Chrome Actions, the Chrome browser has a bit more utility crammed into its address bar (also known as the ?omnibar?). In addition to helping users navigate to a webpage or network location, or facilitating a Google search, the omnibar can now accept and carry out a select few basic commands. For example, if a user types ?incognito? into the omnibar, pressing Enter will open a new window in Incognito mode. Right now, Google has implemented just a few Chrome Actions into their browser: Clear Browsing Data – type ?delete history?, ?clear cache ? or ?wipe cookies? Manage Payment Methods – type ?edit credit card? or ?update card info? Open Incognito Window – type ?launch incognito mode? or ?incognito? Manage Passwords – type ?edit passwords? or ?update credentials? Update Chrome – type ?update browser? or ?update google chrome? Translate Page – type ? translate this? or ? translate this page? With this starting list came the promise of more Chrome Actions coming with future updates to the browser. Will You Use Chrome Actions? Tell us why?or why not?in the comments, and don?t forget to subscribe. For more assistance with anything relating to your business? IT, make sure your first call is to White Mountain IT Services at (603) 889-0800.