We get it, people everywhere are sharing all this data without a care in the world, but businesses are targeted and are losing revenue, data, and face in the process. What can you do differently? We will discuss three things you can do right now to improve your organizational data security. #1 Keep Sensitive Data Behind Your Firewall The majority of data is secure behind your business? defenses, but with the clear capital benefits brought by cloud computing, more organizations than ever are moving their business-critical data and applications outside of their control to the cloud. This could lead to detrimental situations like your data being intercepted or your cloud platform being breached.  That?s not to say that cloud platforms don?t provide passable security, most of them absolutely do, but what happens when one of your employees go on a trip and use the airport Wi-Fi? That cloud platform filled with critical information is just lying in wait for some hacker to come along and steal it. Using a virtual private network is a good option, but not as good as keeping your sensitive data in-house.  If you want to keep your business? data secure, one of the best things you can do is to ascertain which data needs to be secured and protected and then store that data on locally hosted hardware. This gives your ability to control access, security, and the overall management of the data system a boost.  #2 Keep Continuous Backups Protecting data assets is one of the first steps of organizational risk management. There is no better solution on the market today to do just that than a backup and disaster recovery platform (BDR). Not only does this allow you onsite local backup, it also pushes copies to the cloud, ensuring that you don?t keep your proverbial eggs (data) in one basket (server). Another suggestion we have to make is that you should frequently test your data backup solution to make sure that it is working properly. It would be devastating if you needed to restore your data only to have the backup system you use unavailable, or worse yet, corrupted when you went to use it. By testing the backup system, you will know that your data is, in fact, available in the event that something goes wrong and you have to restore it.  #3 Monitor Your Information Systems Backup or no, the best way to ascertain if there are problems with your IT is to monitor those systems closely. In doing so you will be able to decipher whether or not hardware is functioning properly, whether the systems are properly secured against outside infiltration, and where you need to prioritize your management efforts.  Our expert IT technicians use some of the most dynamic remote monitoring software on the market to mitigate anything that stands in the way of your organization?s productivity and security initiatives. If you would like to know more about White Mountain IT Services or how to ensure that your software is up to date, deployed, and monitored closely, call our knowledgeable professionals today at (603) 889-0800.

The Public Cloud When you see advertisements in magazines or on television for cloud computing, it is likely a public cloud that they are talking about. The public cloud is simply a cloud platform that uses shared virtualized computing resources. Public cloud resources are readily available from Google, Amazon, Microsoft, Dropbox, Adobe, and a slew of other providers. Essentially, you share the computing hardware with hundreds of thousands of other users. That?s not to say it?s available to anyone else, as it is protected by a login platform, but overall public cloud resources have the highest risk of being insecure. The price is generally a small, per month, per user fee. For that, you get the storage/applications you need at a price that is advantageous for any business. The Private Cloud If a business is looking to take advantage of remote access of data, but needs that data to stay as secure as possible, they will build a private cloud. Essentially, a private cloud is hosted on hardware that is dedicated to that lone organization and has a significant amount of security and customizations available to keep the data behind the organization?s firewall, and therefore secure. It allows an organization to completely control how sensitive data is distributed, and is the most secure cloud platform a business can have. Costs are usually substantial as you will need to either buy and maintain the hardware on-premises or purchase dedicated space in an enterprise data center. There are ways to minimize the cost a bit, but ultimately you will be on the hook for large capital costs, with smaller operational costs. The Hybrid Cloud The hybrid cloud is part-public cloud and part-private cloud. It is also well-known to be harder to manage as there are considerations about where data is stored and called from. The main draw is that an organization can take full advantage of the cost savings that public cloud services provide, while also keeping sensitive information secured on a dedicated private cloud server. The integrations needed to make a hybrid cloud work properly are usually in place, but can also be developed by the organization looking to use hybrid cloud architecture. An orchestration layer, as it is called, connects public cloud resources to an organization?s private cloud servers. This provides end users a seamless experience, with no extra work needed to access data from public or private cloud interfaces.  Which Is Right For Your Business? The million-dollar (or multi-million-dollar) question is: what works for your business? For the average small business, a private cloud solution makes the most sense as it gives you complete control over your data and applications–and keeps your data and infrastructure onsite–generally thought of as a best practice for smaller businesses. If you want to use public cloud resources for your business, to cut costs, or because your company?s needs don?t call for building a dedicated private cloud, you will want to understand just how your business? data is stored and accessed, and if you will need more security at the end points.  There are cloud resources for all types of business processes, so finding one that will work for your business won?t be difficult. They include: Accounting Operations Productivity Project Management Collaboration Communications Email Telephone Conferencing Document management Storage and backup Security …and much […]

What are Managed Services, and How Can They Boost Productivity? When managed services are discussed, a lot is typically said about how proactive the support that these services offer is. This proactivity is the difference between managed services and just about any other kind of IT support – including any in-house resources you have on payroll. This leads into the big difference between managed services and the other support options businesses have – because managed services take a proactive stance, more time-wasting issues can be minimized, if not avoided entirely. This is largely due to the solutions that a managed IT provider can offer. By using their resources to remotely keep an eye on a business? systems via cutting-edge monitoring tools, potential threats and issues can be mitigated before they have an impact on that business? ability to operate.    Compare this to other forms of outsourced IT support, where an employee having difficulties needs to call a provider and explain their issue before the provider steps in, or even to what your in-house IT resources are capable of doing? again, only after they have been alerted to an issue. This means that, in the meantime, your employee is limited in what they can accomplish until the issue is resolved. So, it only stands to reason that the more time an employee can spend actually making use of the solutions you provide them with, the more productive they have the potential to be. This is precisely what the goal of managed services is – to keep a business? IT operating as efficiently as it possibly can. When certified technicians have the tools needed to monitor your systems and resolve potential problems before they influence your operations, your business benefits. How Proactivity is Key to Managed Services Why is a managed service approach such a superior option for the modern business?  The answer is pretty simple: with the speeds that business can be conducted nowadays, paired with the sheer amount of options that are out there for your audience to find what they are looking for, an organization can?t really afford to be out of commission for very long at all. By working proactively, a managed service provider is able to minimize the time a business spends dealing with IT issues, affording that business more time and opportunity to serve their clientele. White Mountain IT Services specializes in providing managed services to businesses in the New Hampshire area, and we?d be happy to show you what we can do to benefit your business. Call us at (603) 889-0800 for a consultation, and if you?re still not convinced, stay tuned for more of this series!

The URL Before we get into the manipulation of the URL, let?s define its parts.  At the beginning of the URL there is the protocol. This tells the computing network which language is being used. For most Internet-based directions, the protocol will be HTTP, for Hypertext Transfer Protocol. Other protocols you?ll see include File Transfer Protocol (FTP), News, and Mailto. The next part is the ID and password. Since most people don?t want their login credentials exposed, they leave this information out of the URL. Safety first.  The next part of the URL is the server name. The server name provides users a path to access information stored on specific servers whether they are loaded through a domain or through the IP address associated with that server. The fourth part of the URL is the port number. This number is associated with the services on the server and tells them what type of resources are being requested. The default port is port 80, which can be left off the URL as long as the information that is being requested is associated with port 80. You?ll often not see the port number during day-to-day surfing, because most legitimate sites use the standard port 80. The final part of the URL is what is called the path. The path gives direct access to the resources found tied to the IP (or domain). Manipulating the URL When a hacker looks to manipulate a URL, he/she does so by changing parts of the URL to test access. Since most users navigate a website through traditional means–that is that they use the links provided on the website–sometimes hackers can find vulnerabilities by a trial and error approach.  By manipulating the parameters to try different values, hackers can test directories and file extensions randomly to find the resources they are after. This provides access to resources that typically wouldn?t be available and would otherwise be protected. Today, hackers have tools that allow them to automate these penetrations, making it possible to test a website (and more specifically, find vulnerabilities) in seconds. With this method, these hackers can try searching for directories that make it possible to control the site, scripts that reveal information about the site, or for hidden files.  Directory traversal attacks, also known as path traversal attacks, are also popular. This is where the hacker will modify the tree structure path in a URL to force a server to access unauthorized parts of the website. On vulnerable servers, hackers will be able to move through directories simply. What You Can Do? By securing your network against URL attacks, you are eliminating major vulnerability points. One thing you can do is to ensure that all of your Internet-based software is updated and patched with the latest threat definitions. In doing so you gain a lot more control over your network and data.  The IT experts at White Mountain IT Services can help you keep your business? IT infrastructure from working against you. Call us today at (603) 889-0800 for more information about how to maintain your organization?s network security.

Typically, Microsoft releases patches on ?patch Tuesday?, or every second Tuesday of the month, but because of the threats these vulnerabilities created, they went ahead and patched them. Let?s take a look at the two patches they released in their rare out-of-band patch.  Internet Explorer Zero-Day The major vulnerability that was patched was a zero-day vulnerability found in their antiquated Internet Browser, Internet Explorer. Being a zero-day vulnerability, it had already been exploited in the world, explaining the need for the unscheduled bug fix.  Not much is known about the vulnerability, but Microsoft has suggested it was a remote code execution exploit that, if taken advantage of, could give an attacker complete control over the account of another user. The exploit requires that the hacked party click on a link in a phishing email while using Internet Explorer.  Fortunately, IE is only used by under two percent of users, but attacks have already happened so remaining vigilant about any use of IE is important. Stay away from IE and you won?t have to worry about security problems coming from the old browser.  Microsoft Defender DOS Bug The second patched issue in the out-of-band patch was a denial of service exploit in Microsoft Defender, the antivirus shipped with Windows 10. The bug doesn?t seem to be overly troubling, as a hacker would need unfettered access to a computer and the ability to execute code. The code would disable Windows Defender?s components enough to give hackers access, and the ability to take over the system with malware or ransomware.  Keeping your software patched and running smoothly is extremely important. Reach out to our expert IT technicians today to see how White Mountain IT Services can help you manage your system updates and software management at (603) 889-0800.