Defend Your Staff Regardless of where your employees are doing business from, having the protections in place to cover your data and infrastructure is important. Since data security is extremely important for almost every business, it won?t hurt to remind your team how they fuel data and network security. Here are some practices you should consider training your staff on: Maintain password hygiene: Passwords and passphrases need to be unique and complex enough as to not be guessed by hackers. Best practices for password hygiene include: Not reusing your passwords Updating your passwords frequently Not sharing your passwords Using a password manager Only use secure connections: Data can be intercepted and stolen when sending it from an insecure connection. Be sure to have the tools, like a VPN, that will allow for reliable and secure data transmission, regardless of what network it is on. Push software updates: You?ll want to update and patch software regularly.  Use MFA: Multi-factor authentication gives authentication a second step, further securing your data behind an alternate, randomly-generated passcode.  Secure Your Business? Physical Assets You would be surprised how much digital theft is done by someone who gained access to credentials in person. To secure your place of business, you will want to: Control access: The best way to secure physical access to your hardware is to control who has access to what. By requiring authentication to get access to physical assets, you won?t have to worry as much about theft and user-based catastrophe.  Keep an eye on your business: Monitoring your business using digital cameras, and access logs is a great way to both deter people, and allow for quick resolution if something were to happen.  Insulate Your Data Storage Systems Possibly the largest risk to continuity that your business will face, your data isn?t inherently resilient. It can be damaged, deleted, and manipulated. That?s why you will want to: Track your data: Knowing where data is, how it is being used, and who is using it are important considerations.  Restrict access to those who need it: The less exposed your data is, the less that can go wrong. To protect your data from loss, you should be diligent about controlling access to it. Maintain a data backup: You will need to keep your data secured by backing it up. Using the 3-2-1 rule is a solid practice here. That is keeping three copies of your data on two separate types of media, one of which is offsite. There is a lot to take in here, but we think that once you understand, your data will be safer than ever. Call the IT professionals at White Mountain IT Services today at (603) 889-0800 if you need more information.

What Is Involved in a Security Audit? The goal of a security audit is to determine that your security solutions are doing their job, but it doesn?t just stop with hardware. Some security audits can test the strength of your network policies, your overall infrastructure, and even your employees. The point is to determine if your overall security strategy is adequate. Sometimes the end result might be decommissioning or consolidating security hardware and software, and other times it might require additional solutions to be installed, or additional configuration to your current environment. At the end of an audit, you should have a clear understanding of what vulnerabilities were detected, and how to deal with them. Since technology changes so fast, especially in a business environment, it?s important to run regular security audits, as even process changes and software updates could result in new vulnerabilities that weren?t there before. Documentation is key here. A proper audit will result in very extensive, very clear documentation on what was discovered, how business objectives related to security were (or were not) met, and the steps or tools required to meet those goals. Sometimes this might mean breaking down objectives to individual departments – your HR department might have more stringent requirements than your sales floor. The end result should be clear, prioritized action items to resolve issues all across the board. Some Things an IT Security Audit Might Discover This isn?t a comprehensive list, as there are hundreds of issues that could be flagged in a thorough audit, but these are some of the most common items that are often discovered: Poor password hygiene Data retention/backup policies not getting followed Granting permissions to users who don?t need them Misconfigured or outdated security software Inconsistent access control levels on folders on the network Non-compliant, unauthorized software installed on workstations Sensitive data being stored incorrectly Undocumented, outdated, or untested incident response plans Insufficient (or non-existent) activity auditing …and many more. Security Audits are Required for Compliance If your business needs to comply with one of the many types of regulatory compliance standards, you need to perform regular audits in order to stay compliant. Here are just a few of the more common types of compliance audits. SOC 2 type I SOC 2 type II ISO 27001 GDPR (General Data Protection Regulation) SOx (Sarbanes-Oxley Act) HIPAA PCI-DSS FINRA FISMA …and many more. If any of these apply to your business, then regularly scheduled security audits are required in order to maintain compliance. If you aren?t sure, or you need to have your security checked, reach out to the IT security experts at White Mountain IT Services. Give us a call at (603) 889-0800 to set up a consultation to discuss your cybersecurity posture.

1.  Set the Precedent for Communication The importance of communication is always present, but it is even more critical to your operations when your people are working from home. To encourage your team to communicate with one another properly, you will need to actively take the first steps and establish procedures that require them to. What do I mean by this? It?s simple enough. Rather than relying on your team to take it upon themselves to reach out to their coworkers, add a morning meeting time that involves everyone on a given team or within a certain department. By requiring your team to actively communicate with one another you are establishing a standard for your employees to live up to throughout their workday. Don?t be afraid to reach out to your employees on an individual basis to check in on them and see how they are doing as well, whether this happens each week or even every other week. 2.  Provide the Tools Needed for Collaboration Again, when people are working in the office setting, collaboration is frequently as simple as facing one another and starting a dialogue. Remote work complicates this process considerably. You can simplify it again by making sure your team has the solutions they need to communicate efficiently with one another. Plenty of tools are now available that give your team the means to communicate their messages in the best way possible. You should make sure that your team has the tools needed to do so, including email, instant messaging, VoIP (Voice over Internet Protocol), and conferencing platforms that provide them with different options for the assorted kinds of communication that will have to be exchanged. Emails aren?t the best for quick-response-needed messages, for instance, so having a combination of programs at your team?s disposal will help. 3.  Embrace Business Casual No, I?m not talking about the work-from-home dress code. One of the big shortcomings of remote work is the inherent lack of company engagement it can frequently cause. To counter this and prevent the burnout that many remote workers can see, make use of your communication tools and share some fun, not-strictly-work-related things. Encourage your employees to share what they?re having for lunch with each other, or any pictures they took while out on a weekend walk. The unity and low-key competition that these activities foster will help your team keep up the coworker relationships that help move business along. With the tools and support that we offer, White Mountain IT Services can provide your team with the means to exercise this kind of collaboration. Give us a call at (603) 889-0800 to learn more today.

Let?s go over a few of the technologies that we recommend you embrace as you get back to business. Updated Solutions It is no secret that many cybercriminals have taken advantage of the current situation to hit businesses while they are down. This means that you need to prepare to deal with these attempts moving forward. The first step to doing so is to make sure that your business? assorted hardware and software solutions are up to date with any applicable updates and have been replaced when a better option becomes available. Not only will this make your solutions more secure, you will also see improved productivity and overall capability from newer solutions. As a result, your team will be able to accomplish their goals safely and effectively with the best tools available. Monitoring and Maintenance Once your team is back in the office, they will need to work at maximum efficiency to make up for lost ground. To accomplish this, they will need their tools and solutions to be available to them as much as is possible. Working with an IT resource who has the capability to monitor your solutions and resolve any issues they find remotely will prevent challenges from interrupting your staff. Oftentimes, these issues can be mitigated before your team is even aware that they are present. Cloud-based Technology The increasing development of cloud-based tools has opened possibilities to many businesses across the industry spectrum, with solutions to see to general business needs to the highly specified needs of each vertical. In addition to that, using the cloud also has the potential to expand your business? functional mobility through telework, as we will touch on next. With cloud technology by your side, you can have the mobility and efficiency that your successful operations require. Telework and Communication If conditions once again cause businesses to shut their doors, the right solutions can help prevent this from interrupting your operations a second time. Remote work is far easier with the support of the right technology, especially when paired with the communication tools your team will need when not working side-by-side. Fortunately, the cloud can cover many of these needs through Software-as-a-Service, Voice over Internet Protocol, and the far too many options to list here that it can support. If you elect to go through this route, however, you will want to be certain that your team isn?t inadvertently exposing your data to risks as they work. This will require a few safeguards to be in place. Security and Authentication To ensure your use of remote operations and telework doesn?t do more harm than good, you need to be sure that your employees are following the proper procedures. The use of a Virtual Private Network, or VPN, will help protect the data that your employees access as they are working remotely, in addition to the security solutions that you should have installed on each endpoint your team uses. Furthermore, your team should also be required to use authentication measures that meet best practices. This includes passwords that are sufficiently secured and multi-factor authentication wherever it is available. In the office, your solutions should have all the requisite defenses against downtime as well, to eliminate the possibility that they could be rendered unavailable to your team. White Mountain IT Services can help you […]

Yes, Small Businesses ARE a Target Somehow, the false idea that a smaller organization is immune to cyberattacks by virtue of its size seems to persist. The reason that this is untrue is a simple one: data, the target of modern cybercriminals, has equal value to a cybercriminal regardless of its source. This persistent idea of size-based invulnerability means that many small businesses overestimate their safety. It also doesn?t help that many modern cyberattacks require little effort on the cybercriminal?s part, so it only makes sense to attack a wider swath of targets. Finally, it should be mentioned that much of the data that a cybercriminal would want is precisely the kind that a small business would have. For instance, there are countless small medical practices out there. The financial data and medical records they keep are no less valuable than those kept at a major hospital or medical facility, so why would a cybercriminal be any less interested? Humans are the Weakest Link The DBIR also reiterated how many attacks focused on exploiting the imperfect nature of the user, rather than seeking out vulnerabilities or brute-forcing their way in. There is a reason that phishing attacks are so common, after all, and it isn?t as though every cyberthreat is maliciously motivated, either. Plenty of data loss occurs through honest human error, something that cybercriminals have not been shy about leveraging in phishing attacks and social engineering. The Best Protection is Proactive If you are to keep your business safe from the threats that could harm it, you need to take it upon yourself to keep up with these trends and take the steps needed to prevent such attempts before they become necessary. The expert team at White Mountain IT Services is here to help with that. Find out more about our services by giving us a call at (603) 889-0800, or by exploring the rest of our website.