Recent Blog Posts

Don?t Be Afraid of Reusing an Email! How often do you find yourself sitting down to write a response to an email, only to think of all the other times you?ve had to do the same thing, effectively verbatim? You know the messages: the ?thanks, but I?m not interested,? the ?you should have emailed this other person,? or the ?yep, got it, need anything, thanks!? These messages are the modernized cousin of the form letter, so why not use a standardized template for them? Your email platform of choice should have the capability to create these templates for your messages, or as they are referred to in Outlook, ?quick parts.? In Gmail, they are called ?canned responses.? By setting up these templates, you can save your future self a lot of time rewriting the same message. Use Groups! Let?s say you frequently share news with your team and its various departments, or a particular team you?ve put together internally for a project. Whatever the case may be, you want an easier way to send a message to a set group of people. In Gmail, you can create groups to send messages to later, that make a sort of forum in an email message. It really simplifies the task of reaching out to large groups of people in the office regularly. Stay Organized, or in Other Words, Don?t Be Afraid to Archive! One of the most common reasons that even the most organized inboxes get cluttered again: those emails that you just keep around in your inbox.  Whether they came in from a newsletter you?ve subscribed to, or if they were shared in a particular email chain that you keep going back to, these emails get in your way. Maybe there was an idea in there that you really liked, as in, this was a good idea, one that could potentially take your business to the next level, even the level after that. But wouldn?t you know it, now just isn?t the right time to do something like that, but we want to someday! So, to make sure that you had the seed that planted the idea when the moment was right, so you could swoop in and embrace the opportunity at some later date, you?ve kept this email? and a bunch of others that also had good ideas. Honestly, how likely is it that you will ever actually put one of these ideas into practice? You?re likely better off deleting messages like these. However, if you really, really want to keep them, try creating a folder called ?Future Plans? After all, your good intentions should be put somewhere. Now, we kid, but don?t miss out on the improvements that small adjustments like these can potentially make. Make sure you subscribe to our blog for more tips to help you get the most out of the technology that drives your business!

Compliance Fatigue Unfortunately, in a world as heavily reliant on security measures as ours is, this is the threat to cybersecurity that makes the most sense – businesses simply giving up under the increasing weight of the growing list of compliances and regulations that they are beholden to. As more and more standards are outlined for businesses to uphold–without much apparently being done to enforce them–businesses are just more likely to let a few things slip through the cracks. I hope I don?t have to explain how this could be dangerous. It goes without saying that these compliances are put in place for good reason, and as such, are meant to protect the welfare of a business and its clients. ?Letting things slide? therefore translates to ?putting all involved parties at greater risk.? Furthermore, there are also concerns around the idea that some businesses could be beholden to overlapping regulations that demand contradictory or prohibitive elements. Faced with mounting demands, cybersecurity may suffer through oversight or worse, omission, due to an overtaxed resource. Misconfigured Cloud Environments Cloud solutions have seen explosive growth as their benefits to businesses have been made clear. Unfortunately, this growth far outpaces the development of the workforce needed to maintain these cloud infrastructures and security configurations. As should come as no surprise, Gartner attributes a full 95 percent of public cloud security failures to the customers, not the providers of the platform. There are countless examples of misconfigured cloud solutions creating major security issues, many of which have taken place throughout 2019, like the infamous Capital One breach. Based on history like this, it can reasonably be expected that 2020 will see more of the same. Mobile Malware Again, surprising almost no-one, our increased reliance on mobile devices for many of our needs has led to a similar increase in malware intended for these mobile devices. In 2018, Kaspersky Lab discovered a considerably larger number of malware attacks meant to target banking applications, and the number of malware files rose from 18,501 to 29,841 within that year. That increase certainly isn?t nothing, and can be attributed to the simple fact that more people are using mobile banking applications. The cybercriminals have just shifted their focus as their targets have. Phishing Attacks One thing that no amount of algorithm tweaking or patching is ever going to fix is the nature of the person sitting at the keyboard. Your users (AKA you and your employees) are the weakest parts of your cybersecurity implementation, as you are the easiest to fool and will continue to be going into 2020 and beyond. Without the right training into effective cybersecurity practices, your company is going to be vulnerable to phishing attacks and similar scams. White Mountain IT Services can help. To learn what we can do to help protect your business in the new year, give us a call at (603) 889-0800 today.

First Off, What Does Google Collect, and Why? There are a lot of obvious things that Google knows about you. For example, it knows what you search for, and what result you click on. Google watches traffic across the web to determine what web pages are the most popular or the most authentic. Google can tell approximately where in the world you, and that gets even more accurate when you are using a mobile device. Google uses all of this data to refine search results. If you are looking for a place to order lunch, Google wants to give you results that would be feasible.  When it comes to data privacy at this scale, you have a few options. You can either: Ignore it and just allow any entity to collect, store, and share your personal information at any time. Disconnect from the grid, throw your phone into a lake, and move to a self-sufficient cabin in the woods. Do your best to understand and control what data gets collected, and find a balance between being private and being connected. As nice as option two sounds sometimes, most of us are probably better off with option threen. Let?s dive in and discover what Google knows about us, and how we can control what information they use. Let?s Look At Your Public Google Profile and Lock Things Down First, go to https://myaccount.google.com/ and sign in with your Google account.  This page is going to look a little different depending on what services you have and use through Google, but we?re going to be focused on privacy and security-related options. On the left-hand side, click Personal Info.  Google will display your basic information, such as your name, your date of birth, and any contact information Google has for you. If you scroll down, you?ll see an option that says Go to About me. Click that and Google will let you control what other people can see about you. You can click the pencil icon to edit any of the information, and click the green globe if you want to hide a particular piece of information from the rest of the world. This is just a small tip of the iceberg. Next we?re going to look at Google?s historical record of everything we?ve ever done online. How to Pause Google?s Web and App Tracking Google keeps a historical record of all of your Google searches and other online activity to cater their results to you. While you are signed in to your Google account, go to myactivity.google.com to review your activity. You can scroll through years of your personal search history, YouTube videos you?ve watched, apps you?ve used, and more. Go to https://myaccount.google.com/ while signed in with your Google account. This time, on the left-hand side, click Data & Personalization. Look for Activity Controls.   From there, select Web & App Activity. You can pause all web and app tracking by clicking the blue switch on the right. This will prevent you from seeing relevant search results or recommendations that are catered to you. It doesn?t delete the tracking data Google has on you, but we will go over that in the next step. Google will warn you that they still might temporarily use information from your recent searches in order to improve […]

Don?t Neglect the Tried and True Rules While we want a password to be easy to remember, we also don?t want it to be easy to guess. This is why we can?t help but shake our heads at the top-15 results of an analysis of data collected from the security website Have I Been Pwned: 123456  123456789  qwerty  password 1111111  12345678  abc123  1234567   Password1 12345  1234567890 1123123  000000  Iloveyou 1234  Many of these passwords clearly break some of the cardinal rules of password security, such as ensuring that there is a mix of character types included in the password, making sure that the password is of sufficient length, or using obvious words, like ?qwerty? or ?password.? What?s worse, it is probably a safe bet that many of the owners of these passwords had a tendency to recycle them across their accounts, putting more of their accounts at risk. None of this is a good thing for security, of course.  You definitely should not be using the same password to get into different accounts. This is not a good practice. The reason is pretty easy to explain: If a password were to be compromised for one account, that would mean that multiple accounts would be compromised.  A Proven Means of Securing Your Accounts There are several different ideas about how to do this. One means is to use a passphrase – a series of random words, rather than characters, that is both significantly more secure than most passwords and is easier for a user to remember. However, as is so often the case, you can start to encounter difficulties once the human element is introduced. We, as a species, tend to gravitate towards patterns, so we have difficulties creating a truly random series of words in our own. To counter this, an IT professional named Arnold Reinhold developed Diceware, a reliable means of generating a passphrase for yourself. Referencing the Diceware word list, roll five dice (or one die, five times) and find the corresponding word to the values you rolled. Repeat this process until you have a total of six or seven words, and you?ve got your passphrase. Why the dice? Simple – it makes it much more random, even than a user ?randomly? selecting words from the list of potential words to include. A Demonstration Let?s say we were to use this method now, and rolled the following number sets: 21633 16521 31336 13263 52452 33535 Referencing the word list, this gives us the following words… Criss Choke Gluing Bambi Rust Ice …and, as a result, our passphrase. The webcomic xkcd provides an illustrated explanation of why passphrases are so effective: However, many users will understandably hesitate to use passphrases, because this means that – assuming they subscribe to best practices – they will have to remember a series of six completely random words for each of their accounts. This is where password managers prove their worth. Utilizing a password manager to save your passphrases, and securing it with one, allows you to optimally secure your accounts without the need to worry about forgetting all of your access credentials. For more means of improving your business? use of technology, subscribe to our blog, or reach out to us directly at (603) 889-0800.

This year we decided to keep a detailed ledger of all of the major data breaches to see where organizations dealing with these issues are going wrong. Here is a comprehensive list from the beginning of September.  September 9/5  Providence Health Plan – 122,000 members of the Providence Health Plan had personal information leaked when an unauthorized party accessed the company?s servers. Information that was stolen included plan member names, addresses, email addresses, dates of birth, Social Security numbers, member ID numbers, and subscriber numbers. Facebook – Facebook had an unprotected server with over 419 million records accessed.  Users had their Facebook?s user ID and phone number exposed. In some cases, user?s names, genders, and locations were also leaked. 9/16 Dealer Leader, LLC. – 198 million prospective car buyers were left exposed by an unprotected server. The information that was left out there included names, email addresses, phone numbers, addresses, and IPs. 9/27 DoorDash – The popular food delivery app had 4.9 million customers? information breached by a third-party. The information left exposed included the names, delivery addresses, phone numbers, hashed passwords, order history, and the last four numbers of each?s credit card number. In the same hack, over 100,000 delivery drivers had their driver’s license information leaked.  9/30 Zynga – The mobile game maker, Zynga, the developer of popular mobile games such as Farmville and Words with Friends has announced that 218 million players had their data exposed after their network was breached by a hacker.  The company had player names, email addresses, login IDs, phone numbers, Facebook IDs and more left exposed. October 10/17  Methodist Hospitals of Indiana – The Methodist Hospitals of Indiana fell victim to an email phishing scam and it allowed hackers to steal 68,000 records that included names, addresses, dates of birth, Social Security numbers, driver?s licenses, and more.  10/21 Autoclerk – Autoclerk, a hotel property management software developer had an open database infiltrated exposing data that included names, dates of birth, home addresses, phone numbers, dates of travel, travel costs, room numbers, and some masked credit card details of hundreds of thousands of guests.  10/22 Kalispell Regional Healthcare – Over 130,000 Social Security numbers, addresses, medical record numbers, dates of birth, medical histories and treatment information, and names of treating physicians were exposed by hackers. 10/26 Adobe – Data was exposed that included email addresses, usernames, location, Adobe product licenses, account creation dates, and payment statuses. 7.5 million users were affected. 10/27 Network Solutions – The world?s oldest domain name provider has exposed in a hack. Millions of individual?s data that include names, addresses, phone numbers, email addresses, and service information were compromised. November  11/9  Texas Health Resources – The Texas-based health care provider reported a data breach where 82,000 patient records were exposed. Included in the breach were names, addresses, email information, health information, and more.  11/16  Magic the Gathering – The popular online strategy game has reported that an unsecured website database has exposed 452,000 player records that include names, usernames, and more.  11/18 State of Louisiana – The State of Louisiana has been a victim of a ransomware attack that took down many state agencies? servers. Although no data is said to be lost, the state?s crucial computing infrastructure was down for several days as systems were restored from backup. […]