Recent Blog Posts

Compliance Fatigue Unfortunately, in a world as heavily reliant on security measures as ours is, this is the threat to cybersecurity that makes the most sense – businesses simply giving up under the increasing weight of the growing list of compliances and regulations that they are beholden to. As more and more standards are outlined for businesses to uphold–without much apparently being done to enforce them–businesses are just more likely to let a few things slip through the cracks. I hope I don?t have to explain how this could be dangerous. It goes without saying that these compliances are put in place for good reason, and as such, are meant to protect the welfare of a business and its clients. ?Letting things slide? therefore translates to ?putting all involved parties at greater risk.? Furthermore, there are also concerns around the idea that some businesses could be beholden to overlapping regulations that demand contradictory or prohibitive elements. Faced with mounting demands, cybersecurity may suffer through oversight or worse, omission, due to an overtaxed resource. Misconfigured Cloud Environments Cloud solutions have seen explosive growth as their benefits to businesses have been made clear. Unfortunately, this growth far outpaces the development of the workforce needed to maintain these cloud infrastructures and security configurations. As should come as no surprise, Gartner attributes a full 95 percent of public cloud security failures to the customers, not the providers of the platform. There are countless examples of misconfigured cloud solutions creating major security issues, many of which have taken place throughout 2019, like the infamous Capital One breach. Based on history like this, it can reasonably be expected that 2020 will see more of the same. Mobile Malware Again, surprising almost no-one, our increased reliance on mobile devices for many of our needs has led to a similar increase in malware intended for these mobile devices. In 2018, Kaspersky Lab discovered a considerably larger number of malware attacks meant to target banking applications, and the number of malware files rose from 18,501 to 29,841 within that year. That increase certainly isn?t nothing, and can be attributed to the simple fact that more people are using mobile banking applications. The cybercriminals have just shifted their focus as their targets have. Phishing Attacks One thing that no amount of algorithm tweaking or patching is ever going to fix is the nature of the person sitting at the keyboard. Your users (AKA you and your employees) are the weakest parts of your cybersecurity implementation, as you are the easiest to fool and will continue to be going into 2020 and beyond. Without the right training into effective cybersecurity practices, your company is going to be vulnerable to phishing attacks and similar scams. White Mountain IT Services can help. To learn what we can do to help protect your business in the new year, give us a call at (603) 889-0800 today.

First Off, What Does Google Collect, and Why? There are a lot of obvious things that Google knows about you. For example, it knows what you search for, and what result you click on. Google watches traffic across the web to determine what web pages are the most popular or the most authentic. Google can tell approximately where in the world you, and that gets even more accurate when you are using a mobile device. Google uses all of this data to refine search results. If you are looking for a place to order lunch, Google wants to give you results that would be feasible.  When it comes to data privacy at this scale, you have a few options. You can either: Ignore it and just allow any entity to collect, store, and share your personal information at any time. Disconnect from the grid, throw your phone into a lake, and move to a self-sufficient cabin in the woods. Do your best to understand and control what data gets collected, and find a balance between being private and being connected. As nice as option two sounds sometimes, most of us are probably better off with option threen. Let?s dive in and discover what Google knows about us, and how we can control what information they use. Let?s Look At Your Public Google Profile and Lock Things Down First, go to https://myaccount.google.com/ and sign in with your Google account.  This page is going to look a little different depending on what services you have and use through Google, but we?re going to be focused on privacy and security-related options. On the left-hand side, click Personal Info.  Google will display your basic information, such as your name, your date of birth, and any contact information Google has for you. If you scroll down, you?ll see an option that says Go to About me. Click that and Google will let you control what other people can see about you. You can click the pencil icon to edit any of the information, and click the green globe if you want to hide a particular piece of information from the rest of the world. This is just a small tip of the iceberg. Next we?re going to look at Google?s historical record of everything we?ve ever done online. How to Pause Google?s Web and App Tracking Google keeps a historical record of all of your Google searches and other online activity to cater their results to you. While you are signed in to your Google account, go to myactivity.google.com to review your activity. You can scroll through years of your personal search history, YouTube videos you?ve watched, apps you?ve used, and more. Go to https://myaccount.google.com/ while signed in with your Google account. This time, on the left-hand side, click Data & Personalization. Look for Activity Controls.   From there, select Web & App Activity. You can pause all web and app tracking by clicking the blue switch on the right. This will prevent you from seeing relevant search results or recommendations that are catered to you. It doesn?t delete the tracking data Google has on you, but we will go over that in the next step. Google will warn you that they still might temporarily use information from your recent searches in order to improve […]

Don?t Neglect the Tried and True Rules While we want a password to be easy to remember, we also don?t want it to be easy to guess. This is why we can?t help but shake our heads at the top-15 results of an analysis of data collected from the security website Have I Been Pwned: 123456  123456789  qwerty  password 1111111  12345678  abc123  1234567   Password1 12345  1234567890 1123123  000000  Iloveyou 1234  Many of these passwords clearly break some of the cardinal rules of password security, such as ensuring that there is a mix of character types included in the password, making sure that the password is of sufficient length, or using obvious words, like ?qwerty? or ?password.? What?s worse, it is probably a safe bet that many of the owners of these passwords had a tendency to recycle them across their accounts, putting more of their accounts at risk. None of this is a good thing for security, of course.  You definitely should not be using the same password to get into different accounts. This is not a good practice. The reason is pretty easy to explain: If a password were to be compromised for one account, that would mean that multiple accounts would be compromised.  A Proven Means of Securing Your Accounts There are several different ideas about how to do this. One means is to use a passphrase – a series of random words, rather than characters, that is both significantly more secure than most passwords and is easier for a user to remember. However, as is so often the case, you can start to encounter difficulties once the human element is introduced. We, as a species, tend to gravitate towards patterns, so we have difficulties creating a truly random series of words in our own. To counter this, an IT professional named Arnold Reinhold developed Diceware, a reliable means of generating a passphrase for yourself. Referencing the Diceware word list, roll five dice (or one die, five times) and find the corresponding word to the values you rolled. Repeat this process until you have a total of six or seven words, and you?ve got your passphrase. Why the dice? Simple – it makes it much more random, even than a user ?randomly? selecting words from the list of potential words to include. A Demonstration Let?s say we were to use this method now, and rolled the following number sets: 21633 16521 31336 13263 52452 33535 Referencing the word list, this gives us the following words… Criss Choke Gluing Bambi Rust Ice …and, as a result, our passphrase. The webcomic xkcd provides an illustrated explanation of why passphrases are so effective: However, many users will understandably hesitate to use passphrases, because this means that – assuming they subscribe to best practices – they will have to remember a series of six completely random words for each of their accounts. This is where password managers prove their worth. Utilizing a password manager to save your passphrases, and securing it with one, allows you to optimally secure your accounts without the need to worry about forgetting all of your access credentials. For more means of improving your business? use of technology, subscribe to our blog, or reach out to us directly at (603) 889-0800.

This year we decided to keep a detailed ledger of all of the major data breaches to see where organizations dealing with these issues are going wrong. Here is a comprehensive list from the beginning of September.  September 9/5  Providence Health Plan – 122,000 members of the Providence Health Plan had personal information leaked when an unauthorized party accessed the company?s servers. Information that was stolen included plan member names, addresses, email addresses, dates of birth, Social Security numbers, member ID numbers, and subscriber numbers. Facebook – Facebook had an unprotected server with over 419 million records accessed.  Users had their Facebook?s user ID and phone number exposed. In some cases, user?s names, genders, and locations were also leaked. 9/16 Dealer Leader, LLC. – 198 million prospective car buyers were left exposed by an unprotected server. The information that was left out there included names, email addresses, phone numbers, addresses, and IPs. 9/27 DoorDash – The popular food delivery app had 4.9 million customers? information breached by a third-party. The information left exposed included the names, delivery addresses, phone numbers, hashed passwords, order history, and the last four numbers of each?s credit card number. In the same hack, over 100,000 delivery drivers had their driver’s license information leaked.  9/30 Zynga – The mobile game maker, Zynga, the developer of popular mobile games such as Farmville and Words with Friends has announced that 218 million players had their data exposed after their network was breached by a hacker.  The company had player names, email addresses, login IDs, phone numbers, Facebook IDs and more left exposed. October 10/17  Methodist Hospitals of Indiana – The Methodist Hospitals of Indiana fell victim to an email phishing scam and it allowed hackers to steal 68,000 records that included names, addresses, dates of birth, Social Security numbers, driver?s licenses, and more.  10/21 Autoclerk – Autoclerk, a hotel property management software developer had an open database infiltrated exposing data that included names, dates of birth, home addresses, phone numbers, dates of travel, travel costs, room numbers, and some masked credit card details of hundreds of thousands of guests.  10/22 Kalispell Regional Healthcare – Over 130,000 Social Security numbers, addresses, medical record numbers, dates of birth, medical histories and treatment information, and names of treating physicians were exposed by hackers. 10/26 Adobe – Data was exposed that included email addresses, usernames, location, Adobe product licenses, account creation dates, and payment statuses. 7.5 million users were affected. 10/27 Network Solutions – The world?s oldest domain name provider has exposed in a hack. Millions of individual?s data that include names, addresses, phone numbers, email addresses, and service information were compromised. November  11/9  Texas Health Resources – The Texas-based health care provider reported a data breach where 82,000 patient records were exposed. Included in the breach were names, addresses, email information, health information, and more.  11/16  Magic the Gathering – The popular online strategy game has reported that an unsecured website database has exposed 452,000 player records that include names, usernames, and more.  11/18 State of Louisiana – The State of Louisiana has been a victim of a ransomware attack that took down many state agencies? servers. Although no data is said to be lost, the state?s crucial computing infrastructure was down for several days as systems were restored from backup. […]

The global cost of cybercrime is on the rise, and is now estimated to be near $600 billion total. Cyberattacks are becoming more frequent which means your cybersecurity needs to be more vigilant. Automation is what is causing these frequent attacks, and the only way to combat this is to fight fire with fire.  There are a few ways automation does just that.  Security Automation Has Become Intelligent Data needs to be processed and analyzed in order to become usable information. Often times, the rate in which data needs to be processed simply cannot be achieved manually. This inability to meet required data processing rates can leave your business vulnerable.  Look at it this way. Every device on your network, from your workstations, to your servers, to your firewall, your antivirus, and everything else that handles cybersecurity, all generate logs of what goes through them. These logs can help you determine problems and threats on the network, but there tends to be so much data in the logs to go through that a single person can?t be thorough enough to catch everything. Automation can utilize machine learning and spot anomalies and only report the important things back to IT. This system can also be set up to automatically isolate a device from the rest of the network as soon as a potential problem is detected, to prevent it from spreading. Automation processes data at a rate which cannot be matched by employees. More so, automation has the ability to learn and adapt. This makes the accuracy in which it processes data unsurpassable. Automation Cybersecurity Beneficiaries  Where does automation provide the greatest value in advancing your business? cybersecurity?  Data-Supported Interfaces Without data organization or processing, drawing conclusions or making predictions is a difficult task. Reading and comprehending the data that has been organized by automation ensures you will catch threats more effectively.  A Stronger Defense Than Offence Cybersecurity is almost like a game of football. However, if your defense fails the cybercriminal doesn?t get a point on the scoreboard. Instead, they receive all of your data, and your business will experience devastating effects. Cybersecurity relies on defending against threats before they make it far enough down the field. Automation utilizes machine learning and rapid processing rates to protect your business from threats you otherwise never would have seen coming.  Detecting Threats When automation is utilized, your business will be able to detect faults in your cybersecurity. Even if your IT staff is on site for eight hours a day, five days a week, if a fault is detected, time is of the essence. You don?t want your business? data being served on a silver platter over the weekend if a fault is detected and nobody is available to react to the insecurity. White Mountain IT Services is your local leading expert in cybersecurity. Implementing automation does not need to feel like a troublesome task, in fact it can be quite simple. Our experts have the know-how to optimize your cybersecurity strategy, so call us today at (603) 889-0800!