Recent Blog Posts

Let?s Help You Understand PCI Compliance

Understanding PCI Compliance The credit card companies listed above make up what is called the PCI Security Standards Council. They have created a mandate that any business who wants to accept payment cards needs to adhere to. That means every business. So from the largest multinational corporation to the smallest street vendor, if that company needs to accept payment by credit, debit, or affiliated gift cards, they need to be PCI compliant. This means that any business that stores information or processes payment using digital payment cards would have to maintain PCI compliance. Here are 10 actions those business need to take to meet compliance regulations: Change passwords from system default Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data Encrypt transmission of card data across public networks Restrict the transmission of card and cardholder data to ?need to know? basis Assign user ID to all users with server or database access Make efforts to protect physical and digital access to card and cardholder data Monitor and maintain system security Test system security regularly Create written policies and procedures that address the importance of securing cardholder data Train your staff on best practices of accepting payment cards Fortunately, many businesses already do these things to keep the data they store safe. Companies that don?t will likely be in breach of the regulation, and therefore, face the ire of PCI regulators.  PCI and Business Size According to PCI regulators, the size of your business is in direct proportion to the amount of risk you take on. That?s why PCI Security Council mandates break businesses into four different merchant levels. They are: Merchant Level #1 – A business that processes over six million payment card transactions per year. Merchant Level #2 – A business that processes between one million-to-six million payment card transactions per year. Merchant Level #3 – A business that processes between 20,000-to-one million e-commerce payment card transactions per year. Merchant Level #4 – A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year. Let?s take a look at the responsibilities businesses in each merchant level have to stay PCI compliant: Merchant Level #1Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to: Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA) Allow an Approved Security Vendor (ASV) to complete a quarterly network scan Complete the Attestation of Compliance Form for PCI Council records Merchant Level #2As transactions begin to decrease there are less stringent standards. Level two?s include: Perform a yearly Self-Assessment Questionnaire (SAQ) Allow an ASV to complete a quarterly network scan Complete the Attestation of Compliance Form for PCI Council records Merchant Level #3Many medium-sized businesses will fall under this level and need to: Perform a SAQ Allow an ASV to complete a quarterly network scan Complete the Attestation of Compliance Form for PCI Council records Merchant Level #4The majority of small business fall into level #4 status and like levels two and three need to: Perform a SAQ Allow an ASV to complete a quarterly network scan Complete the Attestation of Compliance Form for PCI Council record Data privacy is more important now than […]

Tip of the Week: How to Keep Your Wireless Printer Secure

Understanding the Threats to Your Printer There are a surprising number of ways that an unsecured printer can be compromised. Once something is printed, just about anyone could stroll on by and retrieve the paper. Print jobs could also be routed to other printers or manipulated, again breaking the chain of custody of the produced documents and potentially dispersing fraudulent data. Data stored on the printer itself can also be harvested, and attackers have been known to use printers to infiltrate or directly attack a network system. Printing over Wi-Fi introduces similar security issues as well. However, printers still play an important role in most offices and other businesses today? So how can these threats be overcome? By following some simple best practices, you may find that these security challenges aren?t quite so challenging to address. Practices for Printer Protection If you want to make sure that your own printing infrastructure is secure, you need to follow a few best practices: Keep your printers updated: Software updates are commonly released to help resolve potential security issues that may be within your technology solutions. In order to take advantage of these improvements, you have to actively apply these updates to the solutions you rely on. Implement access controls: Just as is necessary with anything that is connected to your network, your printing infrastructure needs to require some validation before someone can use it. Requiring access credentials that meet security recommendations is a good starting point. Require MFA: To further secure your printing infrastructure, you should also supplement your access controls with multi-factor authentication requirements. Disable unused services: The more services that you have active on your network (including those on your printing devices), the more access points there are for an attacker to take advantage of. White Mountain IT Services can help you see to your cybersecurity on every level, including protections for specific pieces of infrastructure like your printers. To learn more about the solutions you need to maintain comprehensive cybersecurity standards, reach out to White Mountain IT Services at (603) 889-0800.

Phishing Attacks Masquerading as VoIP Voicemails

Just a quick recap: what is phishing? Phishing is when a quote-unquote hacker sends you an email disguised as a legitimate email from someone else. Usually a phishing email might look like your bank trying to get you to log in to check your statement, or PayPal telling you that there was a recent charge they want you to look into. Phishing attacks can also be very personal and specific, like an email from your CEO asking you to quickly move some funds to a certain bank account or authorizing a payment. The hacker will spoof the email in a way to make it look legitimate – the email would have all of the logos and header and footer information that, at a glance, makes it look real. When the user falls for the trap though, they end up providing sensitive information to the hacker. It?s one of the leading cybersecurity threats in the playing field right now.  Phishing attacks are annoying, and they trick a lot of users, and this latest one even made me double take. The Fake Voicemail Phishing Attack Most modern phone systems, especially VoIP phone systems, have a convenient feature that will email you voicemails. That way, you can check them easily from your email instead of dialing into your phone. I like this feature a lot–it gives me one less place to check for communication–and I already spend a lot of time in my email. It?s really handy to be able to listen to a voicemail message directly from my inbox on any device. That said, hackers have figured out that a lot of businesses use this feature, and now they are crafting phishing emails to look like voicemails. The email comes in very much like it would from your phone system. The subject line will say something like ?New Voicemail from: (555) 555-5555? (but with a real number) and attached will be a file that looks like it could be an audio clip of the voicemail. Be very wary of this. That file could contain malware. Some of these emails also contain links or buttons to click on to download the voicemail. These could lead to sites that might try to steal your information or infect your computer with malware. In other words, if you get one of these, don?t click on anything or download anything. How to Tell the Difference Between a Real Voicemail and a Phishing Attack? This is where things get tricky, because hackers are going to continue to experiment and try to increase the accuracy of this spoof. Right now, the best way to ensure that you don?t fall for fake voicemail phishing attacks is to ensure that your REAL voicemail get labeled in your inbox. Depending on your VoIP system, your voicemail emails will come from a specific email, and have a specific subject line. You?ll want to filter these emails so you know they are legit, and when you get one that doesn?t get labeled as a voicemail, you know you should be suspicious. Look for your previous voicemail emails. Note the email address they come from and the subject line. In Gmail use these steps: Click on the Gear icon and go to Settings.  Click Filters and Blocked Addresses and scroll down and click Create a […]

Automation Will Be Key for Future Businesses

The Current Situation The novel Coronavirus that has economies all over the world shrinking came at a time when most of them were expanding rapidly. Businesses were suddenly faced with some very difficult decisions to make. Some businesses were deemed essential and could continue to operate, but most were forced to either move their employees out of their workplace or shut operations down completely.  To try and keep from losing money, some of these businesses started exploring the capabilities of the tools they already had in place, finding that many of them could offer more automation. In fact, in the face of the virus, and the uncertainty surrounding it at this juncture, it isn?t a surprise that companies are innovating quicker than they probably would have if they weren?t faced with the COVID-19 situation.  The Future With the increased reliance on software-based automation, you are likely to see businesses begin to trust in technology more than they do today. At this point, if automation can offer alternatives to businesses struggling with their costs, it stands to reason that when the pandemic finally fades, that they won?t go back to spending money on parts of their business covered by this newfound automation. The truth is that some workers are going to be made expendable by this forced innovation. The shift was slowly inching along, but COVID-19 changed all that.  You have to decide whether or not you are going to jump at the opportunity that this situation has given you. Automation isn?t going to replace your workers, it will just change their jobs. If they don?t adapt, they don?t fit. The future of your business is tied to how efficient and streamlined it can be, and automation looks like it will give it the best opportunity to accomplish that.  Big changes are happening in business. Some sources say that automation will replace almost 60 percent of jobs in the next five years. It?s your choice. Call the IT consultants at White Mountain IT Services today at (603) 889-0800 for more information about automation and where it fits in your business.

Taking a Look at the Problems Behind Smartphone Addiction

Addicts in Plain Sight There is a stigma that comes along with being an addict. Whether a person is addicted to smoking cigarettes, having sex, or something much worse, the notion that they have lost the ability to moderate their behavior is a big deal, and carries with it serious problems.  Using a mobile phone can be an addictive behavior. The problem becomes, how can you tell smartphone addiction and what negative consequences does this addiction have? The normal person probably uses the smartphone more than is healthy, but people use it for work, to keep in contact with the people in their lives, to recreate, to read, or to interact with their digital community. If your smartphone is both a personal and a work hub, how can using it all the time be problematic? Telltale Signs of Smartphone Addiction Smartphone addiction is similar to drug addiction according to the DSM-5. Using the device releases dopamine creating a physical dependence on having the device at the ready. Some of the most prevalent symptoms include: Conscious use of smartphone in dangerous situations or when it is prohibited to use (driving, walking stairs) causes social conflict A loss of interest in other social or group activities Withdrawal, panic, and anxiety when smartphone isn?t in hand Lack of focus Social anxiety Relationship stress Eye pain Neck pain Insomnia Dependence on digital validation Smartphone Addiction?s Effects While it can be something as benign as not getting enough sleep, smartphone addiction can also have many negative effects on a person?s day-to-day wellbeing. Serious problems such as depression and anxiety can develop, even when the phone is nearby. One study suggests that people with smartphone addiction can have as much as a 270-percent higher-than-normal chance of developing depression. If you think that someone you love has a smartphone addiction, here are some things you can do to aid them:  Monitor usage – if you can, help them monitor their use of their phone.  Don?t use your phone for everything – Phones have very useful features, so substituting the things that a smartphone emulates can work. Things like an alarm clock or physical books can cut down on the dependence on the mobile device.  Turn off notifications – Most people have a steady flow of notifications that come in during the day. Turning off these notifications can go a long way toward getting someone?s mind off their device.  Do you know someone that could use some help controlling their use of their smartphone? Call our consultants at (603) 889-0800 today to find out more ways you can go about working around a smartphone addiction.