What are Managed Services, and How Can They Boost Productivity? When managed services are discussed, a lot is typically said about how proactive the support that these services offer is. This proactivity is the difference between managed services and just about any other kind of IT support – including any in-house resources you have on payroll. This leads into the big difference between managed services and the other support options businesses have – because managed services take a proactive stance, more time-wasting issues can be minimized, if not avoided entirely. This is largely due to the solutions that a managed IT provider can offer. By using their resources to remotely keep an eye on a business? systems via cutting-edge monitoring tools, potential threats and issues can be mitigated before they have an impact on that business? ability to operate.    Compare this to other forms of outsourced IT support, where an employee having difficulties needs to call a provider and explain their issue before the provider steps in, or even to what your in-house IT resources are capable of doing? again, only after they have been alerted to an issue. This means that, in the meantime, your employee is limited in what they can accomplish until the issue is resolved. So, it only stands to reason that the more time an employee can spend actually making use of the solutions you provide them with, the more productive they have the potential to be. This is precisely what the goal of managed services is – to keep a business? IT operating as efficiently as it possibly can. When certified technicians have the tools needed to monitor your systems and resolve potential problems before they influence your operations, your business benefits. How Proactivity is Key to Managed Services Why is a managed service approach such a superior option for the modern business?  The answer is pretty simple: with the speeds that business can be conducted nowadays, paired with the sheer amount of options that are out there for your audience to find what they are looking for, an organization can?t really afford to be out of commission for very long at all. By working proactively, a managed service provider is able to minimize the time a business spends dealing with IT issues, affording that business more time and opportunity to serve their clientele. White Mountain IT Services specializes in providing managed services to businesses in the New Hampshire area, and we?d be happy to show you what we can do to benefit your business. Call us at (603) 889-0800 for a consultation, and if you?re still not convinced, stay tuned for more of this series!

The URL Before we get into the manipulation of the URL, let?s define its parts.  At the beginning of the URL there is the protocol. This tells the computing network which language is being used. For most Internet-based directions, the protocol will be HTTP, for Hypertext Transfer Protocol. Other protocols you?ll see include File Transfer Protocol (FTP), News, and Mailto. The next part is the ID and password. Since most people don?t want their login credentials exposed, they leave this information out of the URL. Safety first.  The next part of the URL is the server name. The server name provides users a path to access information stored on specific servers whether they are loaded through a domain or through the IP address associated with that server. The fourth part of the URL is the port number. This number is associated with the services on the server and tells them what type of resources are being requested. The default port is port 80, which can be left off the URL as long as the information that is being requested is associated with port 80. You?ll often not see the port number during day-to-day surfing, because most legitimate sites use the standard port 80. The final part of the URL is what is called the path. The path gives direct access to the resources found tied to the IP (or domain). Manipulating the URL When a hacker looks to manipulate a URL, he/she does so by changing parts of the URL to test access. Since most users navigate a website through traditional means–that is that they use the links provided on the website–sometimes hackers can find vulnerabilities by a trial and error approach.  By manipulating the parameters to try different values, hackers can test directories and file extensions randomly to find the resources they are after. This provides access to resources that typically wouldn?t be available and would otherwise be protected. Today, hackers have tools that allow them to automate these penetrations, making it possible to test a website (and more specifically, find vulnerabilities) in seconds. With this method, these hackers can try searching for directories that make it possible to control the site, scripts that reveal information about the site, or for hidden files.  Directory traversal attacks, also known as path traversal attacks, are also popular. This is where the hacker will modify the tree structure path in a URL to force a server to access unauthorized parts of the website. On vulnerable servers, hackers will be able to move through directories simply. What You Can Do? By securing your network against URL attacks, you are eliminating major vulnerability points. One thing you can do is to ensure that all of your Internet-based software is updated and patched with the latest threat definitions. In doing so you gain a lot more control over your network and data.  The IT experts at White Mountain IT Services can help you keep your business? IT infrastructure from working against you. Call us today at (603) 889-0800 for more information about how to maintain your organization?s network security.

Typically, Microsoft releases patches on ?patch Tuesday?, or every second Tuesday of the month, but because of the threats these vulnerabilities created, they went ahead and patched them. Let?s take a look at the two patches they released in their rare out-of-band patch.  Internet Explorer Zero-Day The major vulnerability that was patched was a zero-day vulnerability found in their antiquated Internet Browser, Internet Explorer. Being a zero-day vulnerability, it had already been exploited in the world, explaining the need for the unscheduled bug fix.  Not much is known about the vulnerability, but Microsoft has suggested it was a remote code execution exploit that, if taken advantage of, could give an attacker complete control over the account of another user. The exploit requires that the hacked party click on a link in a phishing email while using Internet Explorer.  Fortunately, IE is only used by under two percent of users, but attacks have already happened so remaining vigilant about any use of IE is important. Stay away from IE and you won?t have to worry about security problems coming from the old browser.  Microsoft Defender DOS Bug The second patched issue in the out-of-band patch was a denial of service exploit in Microsoft Defender, the antivirus shipped with Windows 10. The bug doesn?t seem to be overly troubling, as a hacker would need unfettered access to a computer and the ability to execute code. The code would disable Windows Defender?s components enough to give hackers access, and the ability to take over the system with malware or ransomware.  Keeping your software patched and running smoothly is extremely important. Reach out to our expert IT technicians today to see how White Mountain IT Services can help you manage your system updates and software management at (603) 889-0800.

Understanding G Suite G Suite is effectively Google?s collection of applications that businesses can leverage to assist their operations. Originally released as ?Google Apps for Your Domain? about 12 years before the time of this writing, this solution was slowly added to over the years – eventually being rebranded to ?G Suite? in September 2016. Today, the solution is kept free of any advertisements, and even better, none of the data stored within is used to inform advertisements, either. What?s Included in G Suite? G Suite includes a wide variety of solutions under its blanket, so this will not be a comprehensive list. Instead, we will focus on the commonly known highlights, as these are the ones that can clearly deliver value for you and your users. Gmail Gmail is Google?s email software, first released in 2004. As a part of a G Suite plan, it offers each user 30GB of storage and assorted email options. For instance, not only can you have unlimited Google Group email addresses (so instead of listing everyone in your customer service department as an email?s recipient, you can send one email to your entire customer service department), you can also customize your email addresses to match your business? domain. This looks much more professional than having ?@gmail? at the end of a business email. Docs, Sheets, and Slides Added to the platform in 2006, these solutions make up Google?s answer to the word processing, spreadsheet generating, and presentation building programs that have a useful place in just about any business. Featuring full collaborative capabilities, these solutions encourage your team to work together to accomplish their objectives by giving them the tools to do so simply. With all progress automatically saved – including a complete, restorable revision history – working on tasks as part of a larger, collaborative group becomes that much easier to pull off successfully. Drive Launched in 2012, Google Drive is the cloud storage platform included with G Suite. With this platform, your business users can have access to all of the content and files that they need to fulfill their responsibilities. It is also compatible with assorted file formats, eliminating the need to install plugins or additional pieces of software to view its contents. Thanks to Drive, collaboration is much more simple to accomplish, and different plans offer different storage options based on your business? specific needs. Calendar Integrating with Gmail, Google Calendar is an easy way for your team to keep their schedules and responsibilities straight. Let?s say a user has to arrange a meeting with a few coworkers. Google Calendar permits them to see their coworkers? availability, preventing the productivity-killing, ?No, that time doesn?t work for me? how about…? discussions. Other Capabilities With a Business account, you are able to access your own G Suite Admin Panel. Essentially your control room, the Admin Panel allows you to manage each and every setting. Here?s a brief overview of just a few of the options available on the Admin Panel: Users This is where you add new users to your account. From here, you can also manage what attributes your users have (or essentially, the details about them that you have recorded – like start date, location, job titles, et cetera) and when they last signed in. Groups You can organize […]

What Exactly Is Phishing? Remember those weekend fishing trips you spent as a kid, staring endlessly unsure which bait to use? The goal was for your bait to look as real as possible, ensuring you wouldn?t leave without a bite. Phishing has been appropriately named due to the similarities. Unfortunately for most businesses, your employees are the fish?s replacement and that wall-mounted trophy fish becomes an unaffordable amount of data loss.  Posing as a fraudulent website or persona with the intentions to steal data or access credentials yields a high reward for cybercriminals. Trial and error has revolutionized phishing into a much more effective means of theft. There are numerous different kinds of attacks, which can be split into two categories. The first category is general phishing. This makes use of an email that is written to apply to as many people as possible. The sheer volume of emails sent, typically rewards a cybercriminal with at least a few hits. The second is commonly known as spear phishing. This method of phishing is a much more personalized cyberattack. Cybercriminals typically do an uncomfortable amount of research to increase their odds of fooling a specific target. This method has proven to be extremely effective, especially since these messages typically appear to have been sent from an authoritative figure.  What reward does this yield? Phishing attacks can be used to steal credentials, infect a workstation or network with malware, or just fool a business user into making false orders with business funds.  Phishing 101 – Types of Bait There are many different baits cybercriminals are using. Most of them fall within the same outline, so learning what to look for applies to most cyberattack attempts.  The message?s content provides clues. Oh dear! The program I use was under an attack, so changing my password is recommended! How convenient though, the password-change link has been provided! If something is too convenient, especially password changes, chances are it?s phony. Phishing attacks are only successful if a user cooperates with the cybercriminal. If you are under the impression that an application has been a victim of a data breach, and you feel as though changing your password holds a value, then do so. However, navigate to the application?s website in order to do so. Convenient links are often spoofed links.  Observe the language within an email. If an email is sent to ?Customer? rather than you, chances are this is our first method of phishing we discussed — general phishing. Lack of personalization indicates lack of legitimacy.  Does the email make you feel threatened? If a supposed sender communicates a sense of urgency, potentially including a threat of serious consequence, ask yourself the following question. ?Does this seem like the best way for a legitimate business to communicate with a client?? If the answer is no, avoid exploring the email further.  Look before you click! As humans, we make mistakes. However, a typo in an email address is unacceptable. If a provided link says something like amzon.com or payal.com/secure, it is wise to avoid it. If there are any additional periods following a domain, but before the first forward slash, this also indicates phishy activity. Something like www.amazon.com.ru/passwords is an easily identified phony email address. If you aren?t able to see the full link provided […]