People depend on mobile computing. Whether that comes in the form of content creation, app usage, or some other reason, people want a device that can handle everything they throw at it. Here are a few of the very best smartphones available right now. Samsung Galaxy s20 Ultra Samsung?s annual contribution to the smartphone market tends to be taken for granted, but they typically are some of the best devices on the market each year. The Galaxy s20 Ultra is no exception. Made on an aluminum frame with Gorilla Glass 6 front and back and featuring a ridiculous 6.9-inch Dynamic AMOLED 2x display, it runs on a Qualcomm Snapdragon 865. The Galaxy s20 Ultra comes with either 12 or 16 GB of RAM and features an in-screen fingerprint reader for security.  On the Galaxy s20 Ultra, the camera profile is elite. The rear-facing cameras include a 48 megapixel telephoto lens that zooms up to 10x, a 108 megapixel wide angle lens, a 12 megapixel ultra wide angle lens, and a DepthVision Time of Flight camera. The device can record 8K video on Android 10. It comes with a 5,000 mAh battery and 45 watt fast charging with the plug and 15 watt charging with a Qi wireless charger.  It is available in Cosmic Grey, Cloud White, and Cosmic Black and is available on all major carriers. Samsung Galaxy s20 UltraBody: Aluminum with Gorilla Glass 6 Front and BackDisplay: 6.9-inch Dynamic AMOLED 2x (~511 ppi)OS: Android 10Chipset: Qualcomm Snapdragon 865Memory: 12-to-16 GB RAMExpandable Memory: Yes (microSDXC)Cameras: Rear – 108 MP (wide), 48MP (periscope telephoto) 10x, 12 MP (ultra wide), .3 MP( Time of Flight). Front – 40 MP wide.Sounds: Stereo Speakers, No Headphone JackBattery (endurance rating): 5,000 mAh (87 hours)Security: In-screen fingerprint readerMiscellaneous: Accelerometer, Gyrometer, Proximity, Barometer, Compass, Bixby assistant, IP68 dust/water resistantOther versions: Galaxy s20, Galaxy s20+, Galaxy s20 FE iPhone 12 Pro Max Apple has been at the top of the smartphone market each year with its new iPhone. This year?s best version, the iPhone 12 Pro Max, features the same stainless steel construction as recent iterations of the iPhone with Gorilla Glass 6 front and back. This one comes with a massive 6.7-inch Super Retina OLED display with a screen resolution of 1,284 x 2,778. The iPhone 12 Pro Max features Apple?s A14 processor, the first 5 nanometer processor in any smartphone, 6 GB of RAM, and up to 512 GB of onboard storage. Unfortunately, there isn?t an option for expandable memory, but carries an efficient 3,687 mAh battery and comes with 20 watt fast charging plugged in and 15 watt wireless Qi charging. It currently runs on iOS 14.1. The cameras on the iPhone 12 Pro Max are much the same as they were in the iPhone 11 Pro Max with three 12 MP lenses, but Apple has added a Time of Flight sensor for better depth in photos. Available in Silver, Graphite, Gold, and Pacific Blue, the iPhone 12 Pro Max will be released this week in November 2020. Apple iPhone 12 Pro MaxBody: Stainless Steel with Gorilla Glass 6Display: 6.7-inch Super Retina OLED (~458 ppi)OS: iOS 14.1Chipset: A14 BionicMemory: 6 GB RAM, up to 512 GB onboard storageExpandable Memory: NoCameras: Rear: 12 MP (wide), 12 MP (ultra wide), 12 MP (telephoto) 2.5x Front: 12 MP […]

Patch Management Software is notoriously imperfect, as indicated by the constant updates and patches that are rolled out for different titles and platforms. Cybercriminals are highly motivated to identify these imperfections and take advantage of them to achieve their own ends. As a result, the importance of promptly installing these packages is elevated to help avoid experiencing the ill impacts of such threats. Many businesses will only patch after testing the update (if they manage their patches at all). While this isn?t necessarily a bad policy, it is crucial that this process happens as quickly as possible to avoid exposing you to more risk. Device Control To state it plainly, you need to have some level of control over the security of any and all devices that connect to your business? network?regardless of whether they belong to the company, or if they are privately owned. This will help to ensure that vulnerabilities aren?t making their way into your business by piggybacking in on devices that may have connected to an insecure network. As more people than ever are also taking advantage of remote work, you should also make sure that your employees are able to securely access the resources they require to successfully complete their responsibilities. Again, the networks they use at home aren?t likely to be as secure as the one your business relies on should be. Implementing the use of virtual private networking to facilitate secure remote work should be considered a must. Benchmark Comparisons It is also valuable to know A: which solutions you are currently using and B: how well your security best practices line up to what can be considered acceptable. This can be accomplished by contrasting your own with the levels that have been previously established. With the information and data gleaned from such assessments, you will be better able to identify your most pressing security shortcomings and resolve them accordingly. Identity Management Of course, we can?t discuss network security without also bringing up the idea of controlling access to data based on a user?s role and associated need for the data in question. After all, someone in one department may have no need for the very same data that another department finds absolutely essential. Even more pressing is the fact that you need to ensure that only authorized users can access the network and its stored resources at all. Many security experts have shared opinions about how best to do so, and the modern consensus is swiftly migrating away from relying solely on passwords for authentication. Instead, a shift to multi-factor authentication?where an additional proof of identity is required?has become the prevailing wisdom. This can range from implementing time-sensitive generated codes into your authentication processes, to providing your users with a hardware-based security key that will provide them with access. Are you looking to improve your company?s network security? White Mountain IT Services is here to help. Our experts have the expertise gained from years of experience to evaluate your IT infrastructure and its protections to make recommendations as to the best improvements to make. Reach out to us at (603) 889-0800 to learn more.

Cybercriminals don?t care what kind of good will you?ve forged, all they want is your data or access to your network. This blind determination is a major threat to businesses like yours. One of the most prevalent scams is what is called a Display Name Spoof. It isn?t just your regular phishing scam, and today, we?re going to teach you everything you need to know to ensure that you aren?t a cybercriminal?s next victim. What is Display Name Spoofing? Display name spoofing is a spear phishing tactic where hackers will target an individual?who typically has access to the network or resources that the hacker wants access to?and sends them a vaguely worded email that is seemingly sent from a trusted source, often an authority figure. Since the email address and title look legitimate, subordinates who forsake security for alacrity can put your whole business in jeopardy. It works like this: Many professional emails will have a signature. Display name spoofers use  this to their advantage. What they will do is target a person, research them to find someone that could potentially get them to act impulsively, and use that information to phish the user. Below is an example of a display name spoof phishing attempt: As you can see, the only thing that looks illegitimate here is the actual email address and since some email clients don?t actually show the address by default, you wouldn?t blame a dutiful employee for following the instructions in the spoofed email.  What Can You Do to Combat Display Name Spoofing?  At your business, you have cameras, You have locks on the doors. You?ve developed secure access control procedures to ensure your employees have the authorizations they need to do their jobs. Why would your strategy change when aiming to protect your business? most important asset?  Just like with physical security, you need a strategy to protect your digital assets. Part of that strategy has to confront the fact that your business is going to get phished and that it is your responsibility to ensure that your employees are well trained, and therefore knowledgeable about how to identify and respond to these situations.  Here are a few tips on how to ascertain if a message is legitimate: Thoroughly inspect both the name and sender?s email address before you take action. Check the content for misspellings or completely incorrect uses of grammar. Consider if the sender would send a message asking you to take cavalier action. Consider if the sender would ask you to send them authorization credentials through email. If there is any reason that the recipient has a notion that the email is not legitimate, implore them to verify. Getting a verification of the email?s legitimacy typically takes minutes and can really help eliminate the risks that display name spoofing can bring to your business. If you need help understanding how to identify phishing tactics, train your employees to do the same, and knowing what steps to take when you realize you are dealing with a phishing attack, contact the IT professionals at White Mountain IT Services today at (603) 889-0800.

What are the Costs of Ransomware? Here?s the situation: in today?s increasingly connected world, cybercriminal activities can be conducted from essentially anywhere and target essentially anyone. It isn?t like the old-fashioned stick-?em-up robbery, where the criminal had to be present to commit the crime. Now, someone in Portugal could presumably rob the Federal Credit Union of Poughkeepsie without getting up out of their poltrona. One particularly effective tool that many cybercriminals will now use to do so is ransomware?a malware that encrypts a system and renders it effectively useless, only offering the user the means to pay the criminal responsible some fee in exchange for resumed access to their resources. Whether the cybercriminal holds up their end of the bargain is another, highly unlikely story. As we?ve said, we recommend that you never pay these attackers? but we do understand why you may feel that is your best option. After all, it seems like the fastest way out of a bad situation and when your business is hemorrhaging money due to downtime, you?re going to want to fix the situation as quickly as possible. This is precisely what the cybercriminals are counting on. Despite this, it really is a bad practice to pay for resumed access to your data for a number of reasons, not the least of which being the fact that you?ve no guarantee that your data will actually be returned and that the money you send will only fuel more attacks. However, that?s just the start of your problems, should you elect to pay up. Uncle Sam Wants to Dissuade Businesses with Different Tactics To try and discourage ransom payments, the Treasury Department is doubling down on the advice that the Federal Bureau of Investigation has been giving for years. Rather than simply discouraging businesses from paying, the Treasury Department has warned that the federal government could severely fine the businesses that pay out these ransoms for violating terms laid out by the Treasury?s Office of Foreign Assets Control. In their Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, OFAC outlines how many cybercriminal groups?including the North Korean Lazarus Group, the Russian cybercriminal syndicate Evil Corp, and individuals tied to SamSam and Cryptolocker?operate out of regions that are already subject to economic sanctions, or have had sanctions levied against them. These sanctions make it a crime to make any transactions with them?including ransomware payments. After all, once that ransom is paid over, who’s to say that the money doesn?t wind up in the hands of some entity that poses a direct threat to security? Unless given a special license by the Treasury, a business that facilitates ransomware by paying up could not only see losses in the amount of the exorbitant ransom demands, but also in the fines that could be levied up to millions of dollars. Technically speaking, this advisory isn?t an outright ban on ransomware payments, per se. Instead, companies are encouraged to contact law enforcement to obtain clearance to pay the ransomware or to try to obtain an OFAC license to do so. However, these requests are more than likely to be denied. There is also no telling how much these policies will be enforced, but it is almost certainly wiser to take them at face value and act accordingly. Impact on the […]

How to Properly Design Your Backup Strategy To establish a data backup strategy that works effectively, there are a few different steps you need to undergo, in addition to the given requirements that implementing such a strategy will take. 1. Specify What Your Recovery Goals Are This one may be a little obvious on the surface, but deeper consideration makes it clearer how specific these specifications must be. Naturally, you want as much of your data and operations to be restored as possible, as quickly as possible, but it is important to put definitive objectives here. How much data do you need to restore to restart (to some level) your operations? How long can you sustain downtime before it becomes too much? Identifying this is crucial to your successful recovery? and your success at not joining the far-too-many businesses that fail within a year of a significant downtime event. 2. Train Your Team Secondly, having a backup is a great start, but you also need to know that your team can put it into action if need be. Backups are only useful when they can be implemented, and they can only be implemented if your team understands how to do so properly. Taking the time to train your team members to utilize the resources at their disposal?especially in this context?will only benefit your overall operations. 3. Build Your Procedures Once your goals are in place and your team is prepared to use the tools at their disposal, you need to make it an established practice for them to do so. While we are not suggesting that you encourage your team to make errors of any size, it will help to periodically run your employees through the processes that you have in place for data recovery purposes. Scheduling a test of your backup, and having your business run off of the backup will help you prepare for a real data loss event. Following these steps as you adopt your backup policies and procedures will only help to make them more effective. For even more assistance, turn to White Mountain IT Services. We?ll help you manage your business? IT, down to your backups and more. Find out what we can do for your operations by calling (603) 889-0800.