Recent Blog Posts

Warnings from Federal Agencies The issue of voice phishing is currently being pressed by the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency alike. Vishing is the same as any other phishing attack, just conducted through a voice call instead of an email or other form of message. These agencies have announced that cybercriminals have begun a vishing campaign, directed toward those that are working from home. By extracting login credentials for corporate networks, these criminals can turn a profit by selling access to other cybercriminals. The Vishing Strategy According to the FBI and CISA, cybercrime groups have registered facsimile domains to mimic legitimate company resources before developing phishing sites to live on these fake domains. These domains commonly had a structure like the following: support-[company] ticket [company] employee-[company] [company]-support If someone were to visit these pages, they would find a page that looked very much like a company?s login page to their virtual private network?so as a result, if someone were to input their credentials, the cybercriminal would then have the means to access the business? network. These pages can even capture multi-factor authentication measures. Once these pages are completed, the criminal groups responsible then begin to research a company?s employees to build a profile on them. Names, addresses, phone numbers, workplace titles, and how even how long an employee has even been employed at a company are all included in these dossiers. Then, using random or spoofed VoIP numbers, hackers call these employees and swiftly gain their trust. Once this trust is acquired, the attacker directs the targeted employee to the spoofed VPN page. Quicker than you can say ?social engineering?, the hacker can then access the legitimate account. From there, the attacker is free to do as they please?collecting data on other employees and contacts to take advantage of or extracting other data for financial gain. With attackers now directing these vishing scams toward remote workers, it is more important than ever that your team understands how they can identify phishing scams Identifying Scams Be suspicious of unsolicited messages?including calls and voicemails?from those you don?t know. If possible, verify their identity through another means to ensure that they are legitimate. Keep track of the number that any suspected vishing messages come from, as well as the Internet domain you were directed to. Don?t visit a website on a whim after a caller directs you to it, unless you have reason to believe it is legitimate. For more assistance with your business? security, reach out to the IT pros at White Mountain IT Services. Give us a call at (603) 889-0800 to start a conversation.

Managed IT Services It?s true that many businesses that are looking to cut back on their expenses have already moved over to a managed service provider (MSP) in order to reduce their IT support costs. Many of today?s businesses depend on their technology, and one of the best ways to cut back on your IT-related expenses is to outsource some or all of the management. Your business has probably committed to a certain level of productivity, and more than likely COVID-19 has reconfigured those expectations. When your staff was laid off or working remotely, you may have seen the effect it has on your bottom line already, but more likely as things return to ?normal? you will see revenues hindered from all types of outside factors and the productivity of your staff may not be your biggest concern. It may be keeping people employed. Unfortunately, in today?s austere business climate, that may not be possible. By outsourcing your IT management and support to an MSP, you can get the comprehensive IT support your business needs, while reducing your technology-related expenses dramatically. IT services providers excel in keeping downtime to a minimum by constantly monitoring and actively managing all supported technology to ensure that problems are mitigated and downtime is left to a minimum. Additionally, MSPs provide around-the-clock IT support for all of your staff through our help desk.  When looking to cut costs, maintain support, and still get the IT support your business demands, choosing the right MSP will go a long way toward keeping your IT working for your staff and not the other way around.  Migrate to the Cloud Another service model that can reduce upfront costs is to migrate internal IT over to the cloud. This goes double for companies that were looking to spend this year?s IT budget on a new hardware refresh. Since committing to large investment is not a prudent strategy right now, utilizing the cloud for new operational strategies might be just what you need to stem the tide until your company can afford that new server.  Think about it: consider that a hardware replacement could come with a five-to-six figure price tag (depending on the size of your company), paying for the computing that your company uses in the cloud can be a great short-term sacrifice that will allow you to get through lean times with more of your business? technology intact.  Committing to Security With so many businesses using hosted solutions, there is a concern that it will make information systems less secure. It?s for this reason that prioritizing your physical, network, and cybersecurity strategies has to be a priority.  Physical security – Your business? physical security always has to be a priority, and in recessionary times, that priority is heightened. Digital camera systems, access control, and secure authentication systems are important when you need to monitor, control, and protect your business? assets.  Network security – Ensuring that you have the protections needed to detect intrusion and eliminate threats will go a long way toward ensuring your internal IT continues functioning proficiently.  Cybersecurity – Protecting your remote endpoints and having a mobile security plan are important to ensure that your cybersecurity is maintained. You will also want to properly train your staff on the myriad of cybersecurity threats that could decimate […]

Take, for instance, Microsoft. But First? What is Passwordless Authentication? Passwordless authentication is precisely what it sounds like. Instead of requiring a person to authenticate their identity by inputting a predetermined passcode, passwordless authentication looks to other measures to confirm validity. Does the user have access to a verification application? Do they possess a security token? Do their biometrics match the reference data? Have they already been authenticated by another service or application? If your phone unlocks when it recognizes your face or fingerprint, you?ve used passwordless authentication before, or if you?ve received an access code via text message or email. While not all forms of passwordless authentication are equally secure, they generally resist the weaknesses that the traditional password is prone to: Insufficient strength, making brute-force attempts much simpler for cybercriminals Without a password, users cannot reuse passwords across different accounts Brute force attacks require a password to be present to work, which passwordless authentication negates The Benefits of Passwordless Authentication Cost Efficacy Passwords can be shockingly expensive to maintain. Forrester Research has estimated that each password reset costs the company $70, finding that large organizations spent $1 million in staffing and infrastructure alone to handle them in 2018. However, if there is no password to reset, there will be no cost associated with resetting it. Improved Convenience in the User Experience When the average user nowadays is expected to remember literally dozens of passwords, there?s little wonder that so many users resort to just picking one and recycling it over and over. From the user?s perspective, it?s more convenient, which means they can access what they need and get down to business more efficiently. Of course, this doesn?t encompass the full reality of the situation. Therefore, to ensure that your security is maintained, it makes sense to make the most secure option the most convenient one as well. Passwordless authentication removes all the pressure of remembering all those credentials. As a result, your employees will both be under less stress and in a position to securely work towards your organizational goals. Security Finally, and most crucially, passwordless authentication is safer. Think about it: cybercriminals are targeting the human element more and more frequently as they leverage their attacks. Phishing is a common means for a cybercriminal to gain access to your business? data, and there are plenty of other attacks that target your authentication measures anyways, like credential stuffing and brute force attacks. Each of these attacks relies on a set, concrete password being the key to the castle, so passwordless authentication measures can minimize the threat they pose. Reasons like these are why Microsoft is putting so much effort into passwordless technologies. What Microsoft is Doing with Passwordless Authentication In no uncertain terms, quite a bit. In addition to 150 million consumer and enterprise accounts using passwordless authentication measures as of May 2020, Microsoft itself has effectively made an internal transition to passwordless. Up to 90 percent of their own 150 thousand employees have opted into passwordless authentications?saving Microsoft 80 percent of the support costs that once went to internal password management. Microsoft has accomplished this by pairing passwordless measures with secure multi-factor authentication. Their strategy now can be summed up as saying, ?Okay, so this user appears to be who they?re supposed to be. Let?s make […]

One of the major problems a business owner needs to confront is the situation surrounding sustained downtime. Business continuity demands a lot of assessment and a whole lot of action be taken in a short amount of time. After all, downtime is a business killer. The establishment of a continuity plan not only solves the immediate problems (e.g. a server failure), they return your business to a productive state, fast. All businesses struggle with hiccups of continuity. Something as simple as a cloud application being down for 20 minutes can cost a company a lot of money. When downtime is sustained, however, the costs add up by the second. A business that is forced into stagnation by downtime can fail within days.  Modern Continuity Today?s business continuity plan is not much different than it was 50 years ago. The assets have just changed. Today, most of the assets that need to be protected are through reliable digital means. This means that if you want to look for a place to start, look at your organization?s IT. Like you would have done with established business continuity methods, you will want to make a list of the people who need to know if continuity is broken, and who is in charge of relaying that information down the corporate tree. Typically, there will be one person that is tasked with relaying information to department heads, and they will take it from there. Ensuring that there is a plan in place to mitigate cost in the case of sustained downtime is essential to mitigating problematic situations. Take Action In business continuity, action is the name of the game. Depending on the situation, after your people are informed of a breach of continuity, the next step is to mitigate the problem. Some situations are more difficult to rebound from than others, but ultimately a solid business continuity plan is an incremental approach to getting your business back up and running properly. It could take a minute or a couple of weeks, but ensuring that every mission-critical resource is covered under your plan, and that there are defined actions that need to take place will work to return operations to normal more effectively. All continuity tasks should be assigned a specific timeline for completion, with the highest priority tasks coming first. Customer Relations Customer care is a big part of a business? continuity strategy. In fact, if you are dealing with a major outage, keeping your customers supported can work to stem service mutiny. You?ll need to contact your suppliers and vendors to keep other company?s supply chains from grinding to a halt. Keeping your relationships solid will alleviate one big headache if you are dealing with sustained downtime. Technology and Data You will want to have identified what hardware and software are essential, as well as have a good idea about how long it will take to restore your data and other systems into working condition. This also applies to any equipment that is necessary to restore operations. You?ll want to make sure that you know exactly what tools you need and the length of time that it will take to get things back up and running. You will also want to have identified your data needs and have a data backup and recovery platform […]

The ?Work First? Mentality For many, the very concept of a break is itself a dirty word. In fact, many North American employees (20 percent of them) think that taking a lunch break will negatively impact their boss? view of them, while some (13 percent) are concerned that their coworkers will think less of them. A lunch break. The thing that many states legally require them to take. For goodness sake, 38 percent don?t feel encouraged to take a lunch break? and no wonder, when 22 percent of North American bosses say that taking a lunch break makes them ?less hardworking.? Of course, there is evidence to support that the exact opposite is the case. One survey measured that 90 percent (a clear majority) of North American workers cite their lunch break as the reason that they work as well as they do in the afternoon, refreshed by their respite. Of course, the half-hour-to-an-hour that an employee is granted to eat lunch (and run whatever errands they need to run) isn?t the only time that an employee can?or should?take a break. The average workday presents many opportunities for a break to become an asset to the business? organizational productivity. The Length of the Break Doesn?t Always Matter When you think of a ?break? in the workday sense, it?s safe to assume that you are thinking of a 15-minute increment of time. For our purposes, let?s agree upon that measurement. Not many people take what are referred to as ?microbreaks? into consideration. As their name would suggest, these breaks are much shorter than the 15 minutes we?ve established that breaks are best known to take. These microbreaks could range from 15 seconds to 5 minutes, from the quick second to clear your head to the moment it takes to refill your water bottle. Breaks like these have shown to improve mental acuity and sharpness by 13 percent each?and taking a few seconds every ten minutes to look away from your screen to clear your head? Doing so can halve the fatigue you feel. These microbreaks have shown to have various benefits to users, not the least of which being considerable advances to productivity. Do you have pain in your hands, wrists, and/or forearms? Taking five minutes each hour to recover can help get rid of that pain. So, it?s clear that breaks can benefit your team, and?as counterintuitive as it may seem?they have clear benefits to your operational productivity. Therefore, it only makes sense that you encourage your team to ease back every so often to collect themselves. For the solutions that enable your team to work even more productively when they aren?t breaking, reach out to White Mountain IT Services. We offer solutions that can keep your IT in tip-top shape, and your employees working efficiently. Reach out to White Mountain IT Services to learn more about what we have to offer.