What are Phishing and Whaling? The first thing to understand is the basics of phishing and whaling. If you’ve heard these terms but are not 100% sure about how it works, then you’re lucky enough to have never been a target. Phishing Phishing is the original practice. It involves sending a fake email address to a targeted employee. The email pretends to be from someone that the employee knows and would trust. A coworker, their boss, or a friend whom they have emailed with at work before. Or it might be a generic message pretending to be from the person’s bank or a social media platform. The email is usually simple and usually involves a request to open an attached file. In the file, of course, is malware that will sneakily download and install itself on the computer the moment the employee clicks the link. Spear-Phishing  Spear-phishing, which you also may have heard of, is simply more targeted. It involves the hacker doing more research on the person they’re targeting and the person they’re impersonating. The hacker may research social media to try and type with the same phases and cadence as the person they’re impersonating. They may try to use gleaned personal information to add authenticity. And they are trying to pull on the relationship between the target and whoever they are impersonating.  Whaling Whaling is an evolution of spear-phishing in which the targets involved are higher in the authority chain and, therefore, have more power to give the hacker something beyond a malware-infested click. In other words, spearing “bigger fish,” hence whaling. In a whaling scenario, the hacker usually tries to impersonate someone very high up in the business, like the CEO, a VP, or a department head. They study the exec’s social media to learn how they talk, and who they most often talk with. Then the hacker sends an email impersonating this exec to either an employee or another higher-up in the company in order to get something. That ‘something’ is usually either money (as a wire transfer or other online means) or insider information about the company. Phishing is a Threat to Every Business The problem is that most companies underestimate the damage that phishing can do. If you’ve been aware of cybersecurity for some time, you know that phishing is ‘old news.’ It’s also not a very complicated kind of hack, because it relies on human error rather than infiltrating your defenses. But the reason hackers still use it and use it so abundantly, is because it works.  No matter how secure your data security infrastructure is, one misguided click from an employee checking their media can get your business network infected and breached. And the worst part of malware-phishing is that usually, the employee has no idea what they’ve done. Whatever they clicked will appear to open a legitimate file. Whatever little question was used to lure them will be answered. But somewhere on your network is ransomware, spyware, or a rootkit waiting to strike. How Whaling Works Now let’s talk about whaling, which is a whole other kettle of fish — so to speak. Unlike phishing, the primary goal of whaling is almost never to spread malware. Instead, the hacker works hard to impersonate someone important and then use the power of that authority […]

What is VoIP? VoIP is short for Voice over Internet Protocol. Instead of using a telephone connection, your company?s telephone system is delivered over your broadband connection. Since the average business already pays for more bandwidth than it needs, using a solution that relies on bandwidth makes a lot of sense. You?ve probably already used VoIP before. If you?ve chatted with others using Skype or Facetime or Facebook Messenger, you?ve used VoIP. While helpful, these applications are aimed toward users, not whole organizations. VoIP platforms aimed toward businesses have many more options. Let?s take a look: What Makes VoIP Superior? A VoIP system holds many operational advantages over a traditional phone system. They include: Cost VoIP platforms are typically less expensive and more valuable than a plain old telephone system (POTS). You get access to more dynamic tools and options, while also paying less in overall costs. Sure, to get a VoIP platform that has all the bells and whistles (which we?ll go through later in this post), you may pay a little extra, but it pales in comparison to how much you would pay if you had a POTS and paid for individual solutions that integrates other tools you can get through VoIP. Simply put, because VoIP is a digital system, it will cost less to run than comparable analog/digital systems.  Simplicity To run a simple VoIP system, the only thing you?ll need is a VoIP capable phone. You don?t have to find the time to run cable, you simply sign up, plug your VoIP-enabled phone and you are ready to use your VoIP platform. Additional services, like video conferencing, and mobile enabled VoIP softphones are just as simple to set up. New users are added easily through a control panel that either you can use, or we can manage everything for you. Functionality VoIP features dozens of features that you can use to properly manage your business? communications. Here are a few: Call forwarding Personalized extensions Call routing Call recording Automated receptionist Call queues Instant messaging Text messaging Find me, follow me Audio and video conferencing Integrated voicemail Line-of-business integration …and more. With VoIP, your company can get the services that can help you manage your business? communications, get more sales, and improve your operational collaboration. To find out more about VoIP, call our IT professionals today at (603) 889-0800.

Communication The capability to share information and collaborate with others is crucial to a business? processes and its overall success. Reflecting on this, it only makes sense that there are more solutions available to small businesses that ever before with this exact goal to motivate them: VoIP ? As an alternative, cost-effective means of telephony, a Voice over Internet Protocol solution can provide a business with top-tier phone services and features that promote both client contact and internal networking. Messaging ? From email to short-form communication methods (like instant messages), messaging solutions are the cornerstone of a business? capability to interact both within itself and with external parties. Cloud collaboration ? As just one of many applications that cloud technology can be used for, sharing documents and working cooperatively on them is another important facet of a business? communications. Security All aspects of a business? security, from data protection to infrastructural resilience to unwanted access, are as important to companies and organizations as they ever have been. In order to resist the growing number of threats out there, more means of maintaining this security are now available: Access management ? Applicable to both your information and your infrastructure, restricting access to resources is one of the central goals of any business? security strategy. With assorted solutions to see to both, small businesses aren?t left vulnerable due to their size. Password management ? If users are being appropriately diligent in their password hygiene, they will have a great variety that they are supposed to remember. This can be difficult (which in of itself discourages poor password hygiene) but using a password management solution can help alleviate this difficulty. Firewall and antivirus ? Why worry about a huge percentage of the threats out there if there are solutions that can be implemented and prevent them? Putting these measures in place and maintaining them over time can eliminate a great many of these threats. Productivity As the underlying goal of anything a business does, it may be assumed that any modern solution is (at least indirectly) meant to enable a team to be more productive. However, this standard is much more apparent in some solutions, as compared to others: Cloud storage and applications ? Returning to the cloud, cloud solutions are available to give your employees access to the data and tools they will need to work productively, even as a part of a remote workforce strategy. Remote access ? If you prefer to keep your resources on-site to monitor them more closely, remote access tools can still give your team the ability to work productively from home if need be, from a variety of devices. Automation ? It stands to reason that the fewer steps to a process an employee must worry about, the faster they will be able to accomplish their responsibilities. Automating parts of your processes can help boost efficiency while reducing human error. As a managed service provider, White Mountain IT Services is here to help your business adopt and utilize various technology solutions to resolve your business? challenges and problems. Give us a call at (603) 889-0800 to find out what we can provide for your benefit today!

What online spies are after Cyberespionage goes after whatever information is valuable. Sometimes the spies want it for their own use, but more after they expect to sell it. Crime has its specialists, and networks exist for black markets. The thieves don’t care much about where they get the information, just about how much they can get for it. These are a few samples of what criminals like to grab from business servers and networks: Information on top management. What are their plans? Where do they think the markets are going? Should investors buy or sell their stock? Account access. Getting into servers and databases is the first step toward grabbing vast amounts of information or installing malware. The techniques include password guessing, exploiting application vulnerabilities, privilege escalation, and luring people to fake login pages. Trade secrets. Any employee might have access to valuable inside information. Intercepting email or other communications lets a thief get a steady stream of data. Badly configured Wi-Fi networks make it easy for someone nearby to snoop. Unauthorized access to servers can yield whole documents full of information that competitors would love. Supplier information. Where a company gets its supplies and materials and what it pays is valuable information to competing suppliers. It also helps someone whose aim is to disrupt the supply chain. Information on employees. Recruiters would love to know how much employees are making, whether they show signs of dissatisfaction, and what their promotion record is. Negative information such as reprimands is also useful to recruiters.   Damage to reputation. Someone who doesn’t like a business might pay for information that makes it look bad. A more direct form of damage is to publish confidential information for everyone to see, killing trust in the company’s data privacy. Types of threats Spies use whatever methods will work best, and they constantly change their approach to stay ahead of system defenses. Several kinds of attacks remain perennially popular, though. Targeted phishing. It’s called “whaling” or “spearphishing.” Carefully crafted email messages trick executives into disclosing valuable secrets. Those messages are the result of careful profiling and research, so they look as if they come from a trusted employee or colleague. Password acquisition. The techniques for grabbing passwords and breaking into accounts include brute-force guessing, luring employees to fake login pages, and finding poorly protected information that contains passwords. Advanced persistent threats (APT). That’s security jargon for malware which gets onto a server and stays unnoticed for weeks or months. It steadily gathers information and sends it to the thief’s server. It works slowly enough that there isn’t an obvious burst of unexplained activity. Exploitation of software vulnerabilities. Old software that hasn’t been patched in a long time has known vulnerabilities. An outsider can exploit them to deliver malware or gain access to files. Information worth stealing isn’t just on servers. Mobile devices and desktop computers are favorite targets. They usually aren’t as well protected, and keeping their software up to date is a lower priority. Data on mobile devices can be stolen the old-fashioned way: by grabbing and running. If they aren’t encrypted, they could have a wealth of data ready for the taking. Wi-Fi access points that aren’t properly configured are vulnerable points. A spy just has to bring a device somewhere close by […]

Getting a Hold on IT Infrastructure Monitoring Infrastructure monitoring covers quite a few critical business considerations. They include the physical condition of your infrastructure, how your software is being utilized, and how much of your bandwidth is being consumed. It also encompasses how well your systems are performing.  Of course, hardware failures are the priority as they can have a major impact on your business. Teleworkers often need access to centrally-stored data and if something were to happen to the systems, productivity has the chance to grind to a complete halt. In order to avoid this situation, it?s important that you deploy the right infrastructure monitoring platform and have the right practices in place to mitigate potential interruptions.  How to Make the Most of Infrastructure Monitoring Today, we?ve assembled a couple important considerations about infrastructure monitoring. Let?s take a look: Identify the Most Crucial Parts of Your Infrastructure There are parts of your IT infrastructure that are more important than others, especially if you are looking to support a remote workforce. Since your staff probably relies on nearly every piece of your IT, however, you need to identify which part of your IT gets the most attention, and then ensure each subsequent part is monitored properly. You?ll also want to consider adding backups of your climate control systems to take over if your primary ones should fail. You?ll also want systems in place that will allow technicians to reboot unresponsive systems remotely to ensure that they remain accessible for your remote team. Ensure Your Alerts Are Routed Properly. You will want to ensure that if something were to go wrong that the detection system contacts the person that will be able to fix it properly. Make sure that whomever is supposed to be contacted when something goes haywire, is the one being contacted. This will typically speed up the remediation process. Check In Periodically Have a technician routinely go to the office and check around your infrastructure for both issues with your infrastructure and with your monitoring system. This means checking connections, sensors and other tools used for successful reporting. To learn more about implementing tools to successfully monitor your infrastructure while you are out of the office call the IT professionals at White Mountain IT Services today at (603) 889-0800.