This might sound pretty boring, but you can do a LOT to control your users and protect your business. On the other side of the coin, if your Active Directory isn?t set up very well, you could be leaving things wide open, preventing you from meeting industry compliance regulations or granting your users with more access than they really should have. We?re going to discuss some of our Active Directory best practices, but a quick disclaimer first: there isn?t a one-size-fits-all solution for all organizations. Depending on your security needs, the type of permissions you need to have, and any compliance regulations your business falls under, some of these policies won?t apply as-is for you. Still, if you are coming from a situation where you don?t have anything (or hardly anything) in place, this is a great place to start. Nobody Needs to be an Administrator When users log into their PC on your domain, they are logging in with their domain account, which is centralized in Active Directory.  Not a single user on your network, whether it?s the owner of the company, or your onsite IT person, or the Pope, needs to log into Windows on a daily basis with administrative privileges. This includes both privileged access as the Domain Admin, AND as a local admin on that particular machine. Why? It?s just too risky. This overrides all other settings and there is just no reason for it. Instead, we suggest following the least privilege administrative model. Each user should only have the minimum permissions to complete their work. You can always elevate access temporarily if needed. Otherwise, if a user gets a virus, that virus will have the same access the user does and could do a lot more damage because the user has access he or she didn?t need in the first place. The virus has the capability to spread across the network, whereas if the user?s permissions were locked down, the virus would only have a minimal impact. This means that everyone on the network, including the business owner, IT staff, and/or the Pope, log in as a regular non-administrator to do their normal day-to-day work. If they need to get administrative control, they can log in with a separate admin account. Keep that administrative account secret, safe, and carefully guarded (by the Swiss Guard if need be). Force Strong, Complex Passwords and Set Password Expirations Human beings are terrible at creating and memorizing complex passwords. Unfortunately, hackers, or at least the tools that hackers use, are very good at guessing passwords that aren?t complex enough. Quick tip: Teach your staff to use passphrases instead. Combining multiple random words is actually more secure than using an eight-character complex password. Keep in mind, the words need to be very random. Here?s a quick example: Bad Passphrase Examples:classofeightyfiveEyeofthet1g3rgameofTHRONE$25November24!1982pizzaisdelicious42 Good Passphrase Examples:SstructureBalloonmamm0thPeanutbutterdoghousellamatown5!ExileSausageYodelNoodleMagnet!82BLUEdisneyhockeylasagna64captainamericapancakesbbqALF80 Back to Active Directory, you should require passwords to be long – at least 12 characters and lock a user out after three failed attempts. Forcing passwords to expire every 30, 60, or 90 days is a good idea too, and Active Directory can remember the password history to prevent a user from rotating back to last month?s password. Delegate Permissions to Security Groups, not Individual Accounts This is something we catch pretty often when we audit […]

Determine the Computer?s Role Before you get too far into the specifications, you should know why you are purchasing new hardware. Are you looking to upgrade the systems in your office? Do you need new systems for a startup enterprise?  Are you just looking for one computer to do some very specific task? Understanding why you are buying a system can dictate your priorities in regard to specific hardware.  The CPU The CPU is how your computer processes all the actions and data that you ask it to. Since most people know what a CPU is, we?re not going to go into detail about it. The processor–actually microprocessor–is the core component of a computer?s CPU. Most CPUs feature microprocessors manufactured by one of two companies, either Intel or AMD. Let?s take a look at the processors you may find in a new PC: Intel  Intel is the largest processor manufacturer in the world. It has recently begun to tier the processors they build, providing consumers with an easier-to-understand menu of processors to choose from. Here are the newest products: Intel Core i3: Ideal for low-end work, like editing documents, checking email, and surfing the Internet. The latest generation of Core i3 should also suffice to stream video on YouTube and Netflix. Intel Core i5: The i5 processor is a little more powerful than your average i3, as it can handle some light photo editing and gaming. It?s a decent choice for your average office workstation. Intel Core i7: i7 processors are more high-end for video editing and gaming. Intel Core i9: i9 is a tier that has only just recently surfaced. For the average business? needs, it?s overkill, but it?s perfect for 3D animation, rendering, gaming while streaming, scientific calculations, and so on. The price tag is just as high as you would think. AMD California-based AMD may be dwarfed in market share but has taken advantage of Intel?s inability to keep up with demand and has expanded its market share with its Ryzen line of processors. AMD has also begun to tier their options, providing consumers a general idea of what processors will fit their computing requirements. Options include: AMD Ryzen 3: To put it simply, this is AMD?s version of the Intel Core i3 processor, capable of editing documents, surfing the web, and? not much else. AMD Ryzen 5: The Ryzen 5 is about on par with the Intel Core i5, and while you might pay a little bit more for it, the performance of your desktop will improve substantially. AMD Ryzen 7: The Ryzen 7 is similar to Intel?s Core i7; this is where you?ll start to see costs increasing quite a bit. AMD Threadripper: This is where the overkill starts. The Threadripper is capable of handling heavy loads like 3D animation, gaming while streaming, and other intense computing that your average desktop doesn?t need to do. How Much Does the GHz Matter? The speed of a CPU is measured in Gigahertz (GHz). Until the manufacturers started tiering their products, consumers had to keep an eye on the speed of the device. While you still find some higher-end commercial processors clocked lower than you?d expect, you still can be confident that if you are shopping by tier, you are getting the right product for your needs.  Do […]

Business, Reimagined We often talk about the benefits organizations see from investing in technology. In effect, the integration of targeted technology can go a long way toward changing the way that your business operates. Since a budget isn?t necessarily a ledger designed to manage every dollar and cent your business uses, having the right mindset when creating it is important. If you go into your budget resenting the capital you propose to spend, you likely will have a more difficult time creating one that works for your company. After all, your budgets are business tools, that if completed competently, a properly formed budget can really put your business on a fast track to success. What Does an IT Budget Do? Like budgeting for any other reason, the IT budget is the process of allocating money to fund the programs a business undertakes. Most of the IT budget will be taken up with recurring costs that come with the technology that your business already uses, including hardware and software support, software licensing, and the like. Since most line-items on an IT budget are just reaffirming familiar costs, you may only be using your IT budget as a wish list for funding new technology. The typical IT budget covers two major expenses for a business: Ongoing IT expenses Project expenses As far as the ongoing IT expenses go, this makes up every dollar your business plans on paying for the IT it uses day in and day out, the support and management for those machines, and any other expenses that will be necessary to account for as they pertain to your organization?s IT.  Examples of ongoing IT expense include: Hardware (servers, workstations {and any other client}, networking hardware, cloud subscriptions, support and management) Software (licenses, cloud subscriptions, support and management) Staff (internal IT support staff, remote IT support contractors, and recruiting costs.)  Project expenses are any expenses that a project would further cost the company. These include: Any outsourced consulting and/or management service costs Any administrative costs (e.g. any new infrastructure or temporary development platforms) Any special software Any special hardware More sophisticated organizations could try to incorporate certain IT-related costs into their departmental budgets, using what are known as chargebacks to officially itemize these expenses. This method can get much more convoluted, but it may be an ideal way to successfully prioritize expenses.  Why Do You Need an IT Budget? Regardless of what your organization uses its IT for, there is a good chance that it is a core part of any budgetary coordination your business will do. The IT budget allows a business to itemize (and earmark) capital specifically for IT-based initiatives. In doing so systems that automate tasks, provide a reduction in operational downtime, and ultimately run your business from top-to-bottom have the necessary funding behind them, rather than having to have managers justify every IT expenditure to their superiors; a venerable nightmare for any manager looking to maintain productivity. Another reason is that organizations are going through somewhat of a culture shift at this moment. Businesses are removing antiquated technology and processes for ones that are more computer-driven–even automated–and are using new tech to fill in gaps in workflow. Ultimately, the addition of high-end technology is used to drive down costs (typically from bloated payrolls). With this shift, […]

How This Economy Works Much like a business can turn to a provider and purchase the tools they need to operate effectively, cybercriminals of all levels of expertise can do the same via the Dark Web. A relative amateur can procure a fittingly simplistic hacking tool, while those with some experience can make some alterations to these programs, and a veteran hacker will often offer their services in creating custom products for others to use. How the Costs Compare to the Payouts According to researchers, these prices can vary wildly, some phishing and data harvesting kits putting an aspiring cybercriminal back a mere $28, while others cost an oddly specific $1601. A complete ransomware kit (which would bring in revenue for the wannabe-hacker) could cost anywhere between $391 and $1044. However, when comparing the investment that a cybercriminal makes to the potential payout they could make from their scheme, even the higher costs can be seen as chump change. Researchers have estimated that the economic damage incurred by cybercrime is approximately $600 billion per year. How to Foil Cybercriminals While it may seem that the natural way to stop a particular cyberattack is to take out a particular tool?s teeth, this is unfortunately a less-than-effective methodology in the face of cybercriminals? ingenuity. Instead of focusing specifically on the tools being put to use, the behavior of hackers should also be taken into account. By focusing on an attacker?s methods and tactics, their efforts can quickly become far less cost effective for them and make it more difficult for them to successfully leverage an attack against your business. White Mountain IT Services has the tools and resources to help you fight back, and we can even monitor your infrastructure to catch incoming threats. To learn more about what you may be up against and how we can help you succeed in the face of adversity, reach out to us at (603) 889-0800.

Let?s explore a hypothetical situation: a mouse asks you for a cookie. If you were to give this mouse a cookie, which do you think would be more likely: he says ?Thanks!? and goes on his merry way, or he simply increases his demands of you until they are untenable? The latter is almost certainly going to be the case, and the same goes for cybercriminals. How Ransomware Has Proven Effective It is no secret that holding valuable things for ransom has long been a choice tactic of criminals of all kinds, but via ransomware, cybercriminals have taken it into the digital world. The way ransomware works is that, by infecting a device (frequently via phishing or spam), a cybercriminal is able to leverage encryption to lock down their target?s device and potentially the rest of the network the device is attached to. In order to maximize the efficacy of these attacks, cybercriminals will often leverage spear phishing tactics to minimize any suspicion surrounding the attack. One of the other reasons that ransomware is taken so seriously is the fact that – despite the number of infections dropping – the FBI?s Internet Crime Complaint Center states that the damages experienced by targets have risen. This is where the attacks on municipalities come into play. Why Municipalities Have Been Targeted In the early summer of 2019, two Florida cities, Lake City and the City of Riviera Beach, were effectively shut down by ransomware attacks. Indiana?s LaPorte county paid a ransom of about $130,000 worth when their domain controllers were infected by a ransomware known as Ryuk. One of the primary reasons that municipalities and governments have been targeted by ransomware is the fact that insurance coverage is available for such attacks, meaning that there is less of a risk to municipalities in paying the ransom. As a result, these cities, towns, and counties have less to potentially lose, and are more inclined to just pay the ransom. However, if your business is targeted, this is not a strategy that we can recommend. Instead, You Have to Be Prepared To help minimize the risk of your data being lost to a ransomware attack, you need to make sure that you maintain up-to-date backups of your data that are kept isolated from the original copy. It is also crucial that these backups are tested, as the only thing worse than losing your data to a ransomware attack is losing your data to a ransomware attack after your backup failed. Furthermore, you need to be sure that your employees remain educated on how to spot and avoid attacks like ransomware and phishing. Ideally, your employees won?t have more access to your systems than their roles require. For more help and assistance in securing your IT, reach out to White Mountain IT Services at (603) 889-0800.