Let?s discuss a few things that need to be included in one of these policies so you can make yours as effective as it can be (whether you?re first implementing it or you?ve had one for a while that needs a refresh). Keeping Things Secure While mobile devices can provide considerable benefits to your business, these benefits will be moot if your security is compromised via these devices. Therefore, you need to make sure that your mobile device policies contain guidelines to help – and yes, make – your employees use their devices more securely. While these examples aren?t a comprehensive list of precautions to make (and the same can be said for any of the examples in this blog), they do help illustrate the kinds of precautions and restrictions you will have to enforce: All mobile devices must be protected by a password that meets the standards set by your company?s guidelines, and set to lock automatically if idle for a set amount of time. Any applications must be approved by the company before they can be installed and used for work purposes. Any devices not included in the BYOD policy, or are not supported by it, may not connect to the business? network. If a device is misplaced, IT detects a threat on it, or the owner leaves the company, IT may wipe the device to protect company data. Managing Risks Of course, while you always need to have security measures in place, it can greatly help to have the means of minimizing threats before any can materialize? especially those that originate from inside your organization. Your mobile device policy is a good place to outline the protections you have in place, and what you reserve the right to do with them to protect the good of the company. For instance: All devices that are lost or stolen should be reported to IT within 24 hours, and the mobile carrier should be notified immediately. Any employee who uses their mobile device does so knowing that it signifies their consent to the acceptable use policy, and their intention to abide by it. Any mobile device may be disconnected from the company network or have its access to services revoked without notice. While IT will make their best efforts to preserve a user?s data, any device that needs to be remotely wiped for security purposes will be wiped to protect the company. This means the user is responsible for maintaining their own backups. Acceptable Device Use Finally, you need to make sure you include a section in your guidelines that dictate how these devices can be used in the office (or out of it, for that matter) to conduct work tasks. Some will be based on your personal preferences, while others are more related, again, to your security. A few sample policies that your overall mobile device policy should include are: Designated guidelines clarifying the differences between business and personal use of devices, and what is acceptable for either on company time – and what is not allowed at any time, like storing illegal materials or conducting harassment. A comprehensive list of business materials and resources that an employee can access with a mobile device. All approved applications that may be downloaded, as well as those that may not be, […]

Determine What Data You Have How can you possibly expect to be able to keep all of your data protected if you aren?t sure of its extent? In simple terms, you can?t.  Therefore, you need to identify everything that you have, taking note of how your storage is set up and where the kind of data that needs particular protections is saved. This is a great opportunity to reorganize your data storage strategy if need be, adjusting who in your organization can access what. What information do you collect for your business? use – customer contact and financial information, including their credit card credentials? What about information you?ve collected about your employees, or any job applicants you?ve encountered? Knowing what kind of data you have, and how much of it you have, will be crucial to appropriately allocate the security resources to protect it all. Downsize Your Data Once you?ve surveyed where your data is stored, you should look more closely at its contents with a critical eye. Is all of it really necessary for your operations, or are there other ways to accomplish the same things that are better for your data security? For instance, take customer credit card information – unless there is a real business-related reason to retain it, you shouldn?t. The longer you have this kind of data in your possession, the greater your risk of losing it in a breach. As you are minimizing the data you?re keeping, you should also make sure that you are also limiting who has access to your data – even preventing your different departments from accessing data unrelated to their processes. Defending Data Finally, in order to keep your data secure, you need to consider a few things, like the format in which this data is to be stored… and how to best protect that particular format. Any sensitive files and such materials need to be stored on designated devices, with sufficient access controls to prevent unauthorized users from viewing or altering this data. The same needs to apply to any data you store in hard copy format. In case of a worst-case scenario (where your data storage is breached) you also need to have the means to identify if this has occurred, as well as solutions in place to minimize the damage that can be done. White Mountain IT Services can assist you with all of the above, and more, when it comes to keeping your company?s data secure, especially that information that reveals personally identifiable details. To learn more, reach out to one of our professionals at (603) 889-0800.

Remote Management Before we start, we?d be remiss if we didn?t remind you why managed IT services are superior to the break/fix method. All technology will fail, it?s inevitable, but with managed IT services, that hardware is constantly monitored, managed, and maintained so that small issues–that typically would be cause for concern–don?t turn into costly problems for your business. The more time and effort taken to ensure that your business? technology is running properly, the longer that technology will last. All the problems that are circumvented through remote monitoring and management will pay for a managed services agreement, and then some.  Failing Technology and Resulting Downtime Since your technology is monitored carefully, if a piece of hardware is going to fail, our knowledgeable technicians will know before it does, allowing you to replace the technology before it starts to have a negative effect on your business? operations. Under the break/fix method, once the technology breaks, that?s it. You?ll either have to get the technology fixed or purchase new technology. The same is true under a managed services agreement, but the big differentiator is that you won?t be dealing with downtime. Downtime is the most expensive part of failing technology. Sure, a server can cost up to $10,000, but if it breaks it?s going to take a long time to get a new one up and working. Think about how much revenue would be lost paying for your staff?s salaries, and all of your other business expenses, without the benefit of the revenue streams that make your business run. How long could you last like that, realistically?  Onsite Managed Services Since most of a managed IT services company?s value is keeping your technology up and running, we try not to spend a lot of time supporting your IT onsite. The simple reason is that if we can complete a lion?s share of your IT support and services remotely, it cuts down on each of our costs. That being said, however, if you need to deploy new technology, you need someone to organize your networking, or any other technology initiative you roll out, a managed services provider will be there in person to complete any assigned work.  If your technology breaks, your managed IT service provider will actively try to remedy the situation quickly to keep downtime to an absolute minimum. These technicians are professionally trained and provide all the benefits of a break/fix vendor as a part of a monthly flat-rate agreement. After all, their job is to support your business? technology.  Not All Managed IT Vendors Are the Same Since managed IT services are very common, especially for small and medium-sized companies, you then have to make a determination of which one to use. Often times, managed service providers (MSPs) will claim to be the answer for your technology cost overruns only to take advantage of the compromised position a company?s IT is in to make a quick buck.  At White Mountain IT Services, however, we understand that ours is an extremely competitive market, and take pride in bringing the value of comprehensive outsourced IT services to New Hampshire businesses. If you have any questions about how our brand of managed IT services is not only better than break/fix, but also better than our competitors, call one of our knowledgeable IT consultants today at […]

How is VoIP Different than the Normal Telephone Service? To the casual onlooker, there isn?t really any difference between VoIP and traditional telephony? the phone rings, you answer it, and you have a conversation with whoever is on the other end. However, when you?re the one using it (or at least paying for its use), VoIP offers a few advantages that set it high above the traditional approach, in addition to the aforementioned cost savings. Like the cost savings, most of these advantages can be attributed to how Voice over Internet Protocol data is delivered: over the Internet. This method allows for other useful capabilities. It is important to mention that many of these capabilities are available through a traditional phone solution, but there are those that are only possible with VoIP, and all of them will cost extra. Standard VoIP solutions usually include these same capabilities, making a traditional telephone service the more expensive (and less impressive) alternative. Here are just a few such capabilities that VoIP offers: Call Forwarding/Mobile Applications You never want to miss a business call if it can be helped, which is why VoIP?s ability to integrate with your mobile device or even an existing landline is so useful. If a call goes unanswered in the office, other numbers for that contact can be tried. Most VoIP solutions offer mobile applications that also allow calls to be answered from the mobile device in question. As a result, you and your staff are capable of maintaining communication from anywhere that there?s Wi-Fi available or that a mobile signal can be established. This means that your employees who travel for work can remain in the loop, and your productivity is that much less reliant on your team being in the office. Call Recording We?ve all been an important phone call where a key piece of information has been shared, only to later realize we can?t remember specifically what was said. VoIP solutions help to resolve this by offering the option to record a conversation, allowing you to return to different spots for reference. As an added benefit, you can also use these recordings as training materials, demonstrating practical examples of certain kinds of calls. Collaboration On a related note, VoIP can be extremely useful as a conferencing tool, as long as your team can handle it. With most of your VoIP options conference-bridging, more of your staff can participate in the dialogue. To learn more about VoIP and the other benefits it offers, give us a call at (603) 889-0800.

Control Access, Based on Role Let me ask you a question: how many people outside of your accounting department need to see the business? financials? Outside of the people involved in managing payroll, who needs to see how much each of your employees are making? There is a lot of potentially sensitive information floating around your business, and without the right solutions in place to protect it, anyone in your business could potentially access it. Role-based access management solutions can do a lot to help fix this problem. These solutions simplify the process by assigning permissions to roles, rather than individuals, so all a manager needs to do to remove a user?s permissions is to remove them from a certain role. As a result, it is easier to grant and rescind permissions as necessary without worrying about missing one in the process. The Principle of Least Privilege While we?re discussing role-based access control permissions, we should touch on the concepts behind the principle of least privilege. Consider a high-ranking member of one of your departments (we?ll call it department A). It stands to reason that the manager of department A should be able to access all of department A?s resources and data. However, the manager of department A probably has no need for the resources and data that department B or C have. Likewise, the managers of B and C each have complete access to the data they utilize but should not have this access to data controlled by other departments. Access control simply creates a relatively simple system of enforcing this kind of specified access. Multifactor for Multi-Layers of Protection While, on paper, passwords should be the apex of security measures, they have proven countless times to be less than adequate for security. The reason for this is twofold: first, the technology available to crack passwords is advanced enough to do so much faster, and second, users aren?t creating them to the standard that ?the apex of security measures? should be held to. Chances are the second reason is the one that will give you more trouble. When you consider that the launch code for the entirety of the United States? nuclear arsenal was simply ?00000000? for almost two decades, how likely does it seem that one of your employees has become lax in their passwords? This is why it makes sense to protect your resources by requiring multiple factors of authentication. Typically, to log into a system and access its data, you need to provide your identity via a username, and verify that identity through an agreed-upon form of authentication – traditionally, the password. However, if that password is easily guessed or cracked, that alone isn?t technically enough to fully verify that a user is who they say they are. That?s why multifactor was developed. It takes one factor – the password – and requires another in addition to it to fully confirm an identity. Preferably, this additional factor wouldn?t be another password – it may be biometrics, or a physical security key, or a code that is generated on demand. You have a lot of power when it comes to controlling your company?s data, so you need to find a balance between access and restriction that both protects this data and allows your business to leverage it […]