Recent Blog Posts

11 Ways to Make Sure Your Team is On Their Guard Gamification In order to fully absorb the lessons that your security training is meant to impart, your team members need to be engaged in the training. One famously effective way to encourage this is to make it fun (at least to some degree). Running simulated attacks, with incentives given out to motivate your employees to do their best in identifying and reporting them, with help to reinforce the positive behaviors you want your team to exhibit if and when they have to contend with the real McCoy. This also allows your employees to gain practical experience with a live threat, so to speak. Incorporate Security Awareness into Onboarding Strategies There?s a lot that has been said about the impact that a first impression can have, so it only makes sense to have one of the first impressions you place onto your newly-hired employees be the importance of cybersecurity. Instilling good security habits early on will only help your organization resist more threats in the future. Make It Understood that Mistakes are Expected Accidents happen, and the best-laid plans of mice and men often go awry. Regardless of how well your team is prepared, there is almost certainly going to be a slip-up somewhere down the line. Part of your security training has to be the acknowledgment that there will be mistakes made by your employees, and the publicized acceptance of that outcome. If your team members expect to be punished for their mistakes, they will only work harder to hide them. You need to know about these issues so that they can be resolved, and your team members educated so that these mistakes are not repeated. Shape Training to Your Team?s Situation, Work Roles, and Age Groups Chances are, your team members are not a monolith? in addition to the many different roles that they likely fill, they come from a variety of backgrounds, age groups, and other differentiators. As a result, a single method of teaching isn?t likely to work equally effectively amongst them all. While it is important that everyone is trained, it is equally important to remember that not everyone will respond to a given form of training in the same way. You need to diversify your training strategy to involve a variety of methods to account for the various learning styles your team members are likely to exhibit. Keep it Short, Sweet, and Frequent Long, cookie-cutter training sessions are a great way to disengage your team from the lessons that your training is meant to impart. Substituting marathon-style training for shorter, more frequent ?sprint? sessions will help keep your team interested, and will allow for more consistent training to take place. Use Different Mediums Much in the same way that your training needs to account for various learning styles, your training should come in different formats. Basically, you don?t want your training to exclusively be presented as group lectures delivered to the team (or whatever your chosen default is). By switching up the format, you help to make your training more impactful, which will help it stick better with your teammates. Encourage Them to Share Lessons with Their Families One of the best ways to ensure that your employees fully understand the cybersecurity principles that […]

What Happened to JBS S.A.? Over the last weekend of May 2021, JBS? global IT systems were targeted by a ransomware attack that completely shut down the meat processor?s operations in North America and Australia. Seeing as effectively each step of the company?s operations (from livestock procurement all the way to export and shipment) rely on some kind of technology, everything was put on pause. Fortunately, JBS had implemented backups, and have therefore been able to restore their systems and are returning to operation. Furthermore, there has been no apparent evidence discovered suggesting that any customer, employee, or supplier data was compromised in the attack. However, this does not mean that there is nothing more to examine surrounding these events. Let?s go into the major takeaways that need to be addressed. First of All, Who?s Responsible, and Who is Involved in Fighting Back? There has been no indication that any activist groups were involved in the attack. Rather, sophisticated cybercriminals?the sort that have been previously associated with Russian cyberattacks?have been assigned blame for this attack. Along with the Federal Bureau of Investigation?s interest in the cyberattack, the United States government has been in communication with Russia concerning these efforts. The Australian Cyber Security Centre has also been providing their assistance, although they would not disclose what the nature of this assistance was, while the company was also working with both the Australian government and the Australian Federal Police to more assuredly identify the responsible party. The Impacts of Ransomware and Other Threats While ransomware is still relatively new in terms of mainstream threats, it has grown from a concerning eccentricity to a global concern in the few years it has been popularized. More than a threat that simply locks down a computer or network, ransomware now involves an element of exfiltration?not only is the target?s data deleted unless a ransom is paid, it is also stolen and sold unless a second ransom demand is also paid up. This form of attack is closely associated with exactly the groups that are suspected of conducting the attack on JBS. Fortunately, JBS was smart and had protected themselves ahead of time by implementing a backup solution. This is precisely why we always encourage businesses to do just that: the backup serves as your business? insurance policy should your operations ever be targeted by such an attack. Unfortunately, this isn?t unlikely as many such attacks are spread through automated phishing campaigns and other hands-off means of dispersing malware. At White Mountain IT Services, we?re committed to helping businesses resist cybersecurity issues of all shapes and sizes, along with helping you manage your IT in the operational sense. Start a conversation with us by calling (603) 889-0800 today.

First, we would be amiss if we didn?t start with what makes them different. HIPAA and HITRUST, contrary to what you may assume, aren?t both regulatory frameworks. HIPAA very much is, but HITRUST is actually an organization that itself developed its own framework (the Common Security Framework, or CSF) that assists businesses in complying with HIPAA, as well as PCI DSS, NIST guidelines, and other regulations. What is the Health Insurance Portability and Accountability Act? Signed into law in August of 1996, HIPAA establishes the many requirements that healthcare organizations and their partners must adhere to, with these requirements expanded upon further by the addition of the HIPAA Omnibus Rule that better integrated the demands of the HITECH (Health Information Technology for Economic and Clinical Health) Act. What Does the Health Information Trust Alliance Do? HITRUST, as a coalition, works to integrate the tenets of HIPAA into its own CSF. By establishing certain requirements of businesses that align with what HIPAA mandates, the HITRUST CSF makes the portability and accountability act far more actionable. How Do These Two Acronyms Coexist? Building on HIPAA, the HITRUST CSF creates a standardized framework and certification process for the healthcare industry to abide by, while also integrating the demands of HIPAA with those passed down by other compliances and frameworks, as we mentioned above. In many ways, HITRUST is therefore the larger challenge to comply with. Speaking plainly. HIPAA lays out the rules that healthcare providers, organizations, and affiliated businesses must abide by. HITECH gives them the strategies and solutions needed to do so. As a result, both are critically important considerations for any healthcare-affiliated business that wishes to avoid considerable challenges. Do You Need Assistance in Keeping Your Business Compliant? There is no shortage of security protocols and protections that assorted businesses in different industries must be cognizant of in order to continue their operations without being subjected to assorted fines. White Mountain IT Services is here to help you and your practice see to it that you are, with all the technical parts handled for you. Find out exactly what our team can put in place for you and assist you in managing by calling (603) 889-0800 today.

Let?s take a look at how some of the most popular browsers integrate password management, as well as how you can disable them should they be deemed untrustworthy or insecure. Just How Secure Are They? See below for a quick rundown of how the major browsers on the market handle password management. Google Chrome Chrome?s password manager is tied to the user?s Google account. It offers quite a few features that you might expect to see from a password manager, such as two-factor authentication and random password generation. This password generation encourages users to use different, secure passwords for each of their accounts rather than recycling the same old one–a practice that could put the user at risk of a data breach. Mozilla Firefox Whenever you access an account through Firefox, the browser will ask you if you want to save the username and password used on the device so that it can be viewed through the browser?s Options menu. These credentials can be saved, though it should be noted that the default setting for this is quite insecure. One way that this is addressed is through a master password that can be used to protect the browser?s contents. Microsoft Edge Compared to the other browsers, Microsoft lagged behind in terms of password management. As of January 2021, Microsoft Edge now has this feature. One of the coolest new features associated with this is Password Monitor which can inform the user of data breaches, as well as the ability to create a password whenever a new account is created. Apple?s Safari Safari holds a password generator and management tool which gives the user the ability to autofill passwords on websites they visit. But that?s only the start? they can also save contact and credit card information, both of which can be accessed through iCloud Keychain. Unfortunately, this platform is only available on Apple devices, which is not that bad of a loss when you consider the fact that most third-party password management tools offer similar options, as well as two-factor authentication not being available. What?s the Most Secure Offering? If there are no other options available to you, these integrated password managers are passable, but we do recommend that you use a dedicated password management tool. Most integrated password management platforms do not require that the passwords be secure, which is absolutely not the case with dedicated password management programs. While these might sacrifice convenience, improved security is worth every penny. In addition to your password management tool, we recommend that you supplement password security with the use of two-factor authentication, as well as additional best practices. Here are some key ones to keep in mind: Always update your browsers and devices; doing so will keep security as optimal as possible. Steer clear of unsecured websites; if the website does not have ?https? in its URL, that means that the website is not secured and could potentially be at risk on public Wi-Fi connections. You can also look for the little lock icon in the browser?s address bar. Stay vigilant about your browser extensions and installed software. Don?t put yourself at risk unnecessarily! Deactivate Your Built-In Browser Password Management In the event that you do not wish to use your built-in password management, you can always disable these features. Here?s […]

The blockchain first gave us a look at what the benefits of a decentralized ledger could be, and the many ways they could be put into practice. However, some of the aspects of Bitcoin (namely, how much energy it requires to operate, amongst other shortcomings) made that form of blockchain a poor choice for many businesses and their needs. While we?ll discuss it in more detail momentarily, this is because Bitcoin operates on the public blockchain? something that obviously can?t be used to store sensitive information or proprietary data. As such, other forms quickly emerged to meet these needs, so there are for all intents and purposes now four varieties of blockchain to consider. Public Blockchain The public blockchain is the most open form of blockchain, where anyone can participate in transactions and maintain their own copy of the ledger so long as they can access the Internet. This was the first form of blockchain, as we mentioned, and commonly powers the assorted cryptocurrencies that suddenly became all the rage to talk about. Other potential uses for the public blockchain involve voting and fundraising, thanks to the openness of the system as a whole. This openness is one of the public blockchain?s greatest advantages, along with its inherent transparency and trust-based nature. However, the public blockchain does have a few issues. For one, it can only register transactions at a very slow rate. This compounds into a second disadvantage: the fact that the blockchain network itself is limited in scope, simply to prevent the rate of transactions dipping down further. Private Blockchain A private blockchain is very similar to the public blockchain, with a few key differences setting it apart and resulting in a different sample of advantages and disadvantages, alike. Instead of being accessible by anyone, a private blockchain is kept in a closed network and maintained by a singular entity?typically, a business that wants to see a similar level of trust and security within its own operations?requiring permissions to be extended to any participants. Apart from this more centralized nature, the private blockchain is made in very much the same way that the public one is. While adding this level of centralization to the blockchain makes the entire system much more efficient, it also requires the sacrifice of some of its security. This is important to consider as a private blockchain is often used for key internal processes like supply chain management, internal voting, and asset ownership. Hybrid Blockchain Combining public and private blockchains, a business can take advantage of the capabilities that each presents in concert. These capabilities make it possible to connect to public networks while maintaining privacy, with customizable rules allowing an organization to keep its data close to the chest. For all these advantages, there are some drawbacks to hybrid blockchains?namely, the fact that the hybrid blockchain lacks some of the transparency of other blockchains, and there is no prerogative for a business to undergo the extensive and challenging adoption process. However, there are still effective use cases in real estate, retail, and various other markets that are beholden to steep regulations. Federated Blockchain Finally, we come to federated blockchains. Similar to the hybrid blockchain, the federated blockchain combines the beneficial features present in both the public and private blockchains. This makes some records […]