Recent Blog Posts

Introducing Confidential Mode in Gmail We?re all familiar with the secret agent that has a mission briefing that will self-destruct when it finishes. Made popular recently by the Mission Impossible franchise of movies, Gmail now gives users the ability to essentially do this. Users that don?t want messages to disintegrate over time can also send a passcode via text message that the recipient must enter to read the contents of the email. Pretty useful stuff. Using Gmail?s Confidential Mode Once you have the Compose window up, you will want to click on the little icon of the padlock and clock next to the Send button. This will toggle confidential mode on/off. Clicking on it will bring up a compose window in Confidential mode. From here you can set the message?s expiration date if you so choose. It ranges from a day to five years, and you can select to provide a passcode for further security. If you do select to have a passcode, you will then be prompted to enter the phone numbers for both your phone and the recipient. On mobile, Gmail offers additional confidentiality, using a similar process. To compose a confidential email, open the three-dot menu and select Confidential mode, and then select the preferences you?d like for that particular message.  Obviously, this doesn?t guarantee security, but it will go above and beyond just sending a standard email.  If you would like more tips and tricks, subscribe to our blog and check back to our site regularly.

What Are the Key Parts of Data Backup? The ideal data backup solution consists of three major parts, all of which have important roles to play in its eventual success. These three variables are: Incremental backups: Backups that are taken periodically throughout the workday are your best bet to minimize data lost to disasters. The more data you can protect, the better, after all. These backups should be taken as often as every fifteen minutes to guarantee minimal data loss. Quick data recovery: Your ideal backup solution needs to have rapid data recovery that can be implemented within a moment?s notice. This is to minimize downtime, which can be devastating to a business? bottom line if it is left unresolved for any amount of time. Testing to ensure proper backups: Your organization should periodically test backups to make sure they are working effectively.  Why Testing is Important Testing any system for problems is a good practice, but this goes double for data backup. Your business relies on its IT and its data, and there are dozens upon dozens of potential situations that could lead to data loss. Something as simple as a power surge can fry the components of a system, creating a scramble to get the data off of the device. Sure, there are steps you can take to protect all of your IT infrastructure against threats, but the BDR (backup and disaster recovery) service gives you a chance to protect your assets with one solution.  If you don?t test your backup system, you could think that you are protected when you aren?t. When a circumstance comes where you need to recover data–and it will come–if you don?t have a properly functioning backup system in place, you are going to lose assets. It?s that simple. Testing your backup ensures that your backup platform is working as intended. Not only does it give you the peace of mind that you are protected should something happen, it actually works to find functionality problems that can literally save your business. At White Mountain IT Services, our technicians want all of our clients to have a backup platform that makes data backup and recovery simple. If you want to protect your company?s assets to ensure that, should something happen with your data, your organization has the resources in place to be back in action fast, call us today at (603) 889-0800.

For your business? data and operations to remain secure, you will need to take a two-pronged approach?both teaching your team to avoid phishing and evaluating them on their overall preparedness through simulated attacks. How a Phishing Attack is Carried Out To start, let?s review the overall process that the average phishing attack tends to follow: Posing as someone else, an attacker sends a message. This message can be written in a few different ways, framed as an enticing offer, a very unremarkable email, or a serious alert. Whatever the case may be, the user is encouraged to react by opening an attachment or following a link. Because these elements are what introduces the actual threat, these emails can often bypass security protocols and reach the unsuspecting target. This?and the fact that a phishing attack against you is practically guaranteed to happen at some point?is precisely why it is so important that your team is prepared to spot them as they come in. Elements to Identifying a Potential Phishing Attack Have Your Team Think Like a Hacker Hackers and scammers are unfortunately very crafty when it comes to their schemes, often tying in current events to add some perceived legitimacy. The past year has seen no shortage of COVID-19-themed phishing attacks, seeming to offer updates and information. Hackers rely on user panic and impulsive reactions, so reinforce the importance that your users take an extended look at them before acting on them. Demonstrate Risky Links Hackers will also commonly use spoofed links to fool their targets. A spoofed link can take a few forms, but regardless of how it looks, it will direct a user to a website different from the one they expected to go to. Spotting these links can be tricky, so here are a few best practices to follow. Let?s assume that the spoofed link is meant to look like one that directs to the payment application Venmo as we go through some examples: If the email is from Venmo, a link should lead back to venmo.com or accounts.venmo.com. If there is anything strange between ?venmo? and the ?.com? then something is suspicious. There should also be a forward slash (/) after the ?.com.? If the URL was something like venmo.com.mailru382.co/something, then you are being spoofed. Everyone handles their domains a little differently, but use this as a rule of thumb: venmo.com – Safe venmo.com/activatecard – Safe business.venmo.com – Safe business.venmo.com/retail – Safe venmo.com.activatecard.net – Suspicious! (notice the dot immediately after Venmo?s domain name) venmo.com.activatecard.net/secure – Suspicious! venmo.com/activatecard/tinyurl.com/retail – Suspicious! Don?t trust dots after the domain! vemno.com ? Suspicious! Be careful to pay attention to the spelling! As you can imagine, some of these tricks are easier to spot than others, so extra diligence will be called for here. Provide Your Team with Approved Links To be particularly cautious, you could also consider giving your team the safe versions of the URLs they are to use. That way, they can seriously investigate the validity of an email without exposing themselves to risk. Maintain Secure Password Standards Finally, you need to ensure that your team?s passwords are secure enough that your business isn?t vulnerable that way?because if passwords are too easy to deduce, there isn?t going to be any need for phishing in the first place. Your team should […]

BDR (or backup and disaster recovery) won?t necessarily prevent any disasters, mind you. What it will do is help prevent any disasters that do strike from halting your operations indefinitely. The fundamentals of a successful BDR include the following: Your data is saved in a minimum of three places: the original copy on your network infrastructure, along with additional copies in an on-premises backup and a cloud-based backup. Backups are automatically updated in increments throughout the day, not just after the day ends. Your cloud backup can take over for your on-site infrastructure, enabling you to continue operations if your local solutions were to fail. This provides your business with some significant benefits. Reliability and Flexibility With data being so particularly critical to a business? success, it is important to keep it protected against all kinds of situations. With the BDR solution, data will be kept safe?and with the BDR also capable of acting as a server for you, downtime can be mitigated. Simplicity The whole point of the BDR is to keep your business? data safe in case of disaster, so it only makes sense to keep this process as simple as possible. In exchange for a predictable monthly fee, your data remains protected and accessible to you even if something were to happen to your original copy. Restoring your data from the BDR is also a very simple process, whether it is stored in the cloud or your on-site backup. Cost Efficacy Finally?and arguably, most importantly?maintaining a BDR is one of the most effective means of controlling your investments. Because BDR is billed as a service, it is considered an operational expense and requires no additional investments into the hardware and software required. Interested in finding out more about BDR and other means of protecting your business? data? Give us a call at (603) 889-0800 today.

Let?s discuss this means for your business? security. The Discovery In mid-January, a team of cryptography researchers published a report that detailed their findings after closely examining the security measures that were implemented in modern mobile devices. Their study, entitled Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions, sought to determine three things: What security measures are currently in place to help deter unauthorized access to user data How unauthorized access is obtained on modern devices How mobile security can be improved to prevent unauthorized access moving forward After an in-depth analysis of both platforms, the results were clear, but could still surprise a loyalist to Apple and their reputation for untouchable security. While both operating systems performed admirably, neither Android nor iOS had extensive enough security preparations?enabling anyone who had the right equipment, so to say, to access the operating systems. While the report did state that the researchers were able to ?find a powerful and compelling set of security and privacy controls, backed and empowered by strong encryption? in iOS, these tools simply were not used consistently enough to sufficiently secure these devices. Android?s issue laid more in the diversity of phones and manufacturers that Android can be found in, with lacking communications between Google and phone developers, slowly implemented updates, and differences in software architecture leading to inconsistencies in the platform?s security and privacy controls. Both platforms share a weakness where their data is synchronized with cloud services. Mind you, these are all vulnerabilities in the physical device and its software infrastructure itself. In the rest of the report, the researchers detailed the specific vulnerabilities that each platform presents. Apple-Specific Weaknesses Apple enables users to securely store their data in its iCloud cloud solution, but according to these researchers, that?s not all the data that Apple takes possession of. When the service is initially activated, a ton of other user data is sent to Apple, where it is remotely accessible by lawbreakers and law enforcement alike (although one of these parties would need a subpoena for it). Adding to the security concerns, the defenses that Apple had included in their devices against unauthorized use even seem to be less effective than originally thought. Based on analysis of available evidence, the research team hypothesizes that a tool has existed since 2018 that enables an attacker to bypass these protections and effectively guess a user?s passcode. Android-Specific Weaknesses Android presented some serious problems in its local data protection measures. One glaring example can be found in Android?s equivalent of Apple?s Complete Protection encryption (which removes decryption keys from the device?s memory after it is locked). The big difference between Apple?s solution and Android?s solution is that Apple?s solution exists, whereas Android retains these keys?making them easily capturable. Hence, why the Federal Bureau of Investigation can access either platform without assistance. What Does All This Mean? Frankly, while these discoveries are unwelcome, they aren?t all that surprising. It is never wise to assume that data is inherently safe, just because it happens to be stored on a particular brand of device. There is no such thing as impenetrable security, so you need to do everything you can to make sure the data that your business possesses?that your users might have access to from […]