Why Do You Need Business Continuity? You?d think the answer to this question is pretty simple, right? You need a business continuity plan so that when some horrible thing happens, that all the people that depend on your business aren?t victims of your lack of preparedness. Having to shutter your business is never a happy time, so if something were to happen that puts that option squarely on the table, having a plan in place that will allow your business regain solid footing is only practical. What Exactly is a Business Continuity Plan? It?s easy to talk about the things that you need to do to protect your business, but no matter how big your business is on the surface, once you realize how many people it affects, how many people have come to depend on it, and how many considerations are needed to keep everything in order in the face of an operational interruption, you realize you need a plan. The business continuity plan is exactly that. It is a strategy that takes into account all the parts of a business, and makes contingencies for them all. Successful businesses manage risks better than less successful businesses, and a business continuity plan is put in place to manage all the potential risks that could jeopardize your business? sustainability. The Strategy Behind Business Continuity In order to properly strategize a continuity plan, you?ll first have to ascertain what scenarios you would need one for. Of course there are the ones you first consider: Disaster. When people think of disaster they typically think of fire, flood, tornado, and the like; but, what needs to be understood is that any situation that could cause an interruption to regular operations needs to have a continuity strategy. That?s not to say that a little Internet downtime that you?ll inevitably receive from your ISP needs to have a BC strategy tied to it, but any meaningful operational downtime could be incredibly costly, so having a plan to proactively avoid risky problems puts your business in a position to avoid those events. Some Business Continuity Tips for the Business New to Business Continuity The first thing you have to identify the risks you have. Risk is the number one variable you need to know to establish a useful business continuity strategy. Establishing what your business? most prominent risks are, and what effect they will have on your business can lead you to understanding where to start. For example, if your business is in a flood zone, you can be fairly sure that one of the biggest risks to your sustained operational effectiveness will certainly be flood. Since you know that flood is something you have to ward against, your business continuity strategy will be to set your business up to be able to sustain itself even if you are inundated with flood waters. Some risks you are going to run into are inherent in the course of doing business, but some risks; and, often some of the worst ones, are specific to the situations your business will get into. This leads us to our second tip. We suggest that you give some thought to how to most effectively, and affordably, address the risks you?ve identified. Oftentimes the answers are common sense, but sometimes resolutions can be difficult […]

What?s the Difference Between Phishing and Spear Phishing? In a word, personalization. Your typical phishing campaign, in keeping with the analogy, casts a wide net to try and catch as many victims as possible. By writing a very vague and generic email that appears to be from some large company or organization, the typical phishing attack can be leveraged against almost anyone with a reasonable chance of success – although this also makes them easier to spot if one knows what to look for. Spear phishing, on the other hand, goes for quality over quantity. Instead of casting out a wide net to snare a large group, spear phishing requires a focused approach, as it targets a single, influential individual. In order to do this effectively, a cybercriminal can?t just rely on a generic message. Instead, the hacker will do some digging, finding out everything they can about their target – where they work, who they work with, and what it is that they do. Once they?ve collected the information they need, the hacker will spoof an email – often referencing some project or mutual contact to prove their ?legitimacy? – with a link to a downloadable file. This link will take the recipient to what appears to be a login page for Google Drive or Dropbox, but is actually another part of the hacker?s trickery. Once the user enters their credentials, the scammer has them to use for themselves, completely undermining the user?s security and potentially causing a business crisis. How Do Spear Phishers Fool People? There are a variety of ways that hackers can make their messages more convincing, especially when they?re leveraging a spear phishing strategy. These methods combine some practical skills with a bit of psychology, supported by the research that these types of hackers do. As a result, instead of the phishing message being vague and generic, it might reference actual events, people, and things relevant to the target. They will often be spoofed to appear to come from an authority figure, like a manager or the CEO, to encourage the recipient to do as the email says without really thinking about it or questioning it too much. Unlike many other phishing messages, spear phishing messages are typically well written, without spelling or grammar errors. These cybercriminals can be especially devious and will even buy close-match domains to make their attacks that much more convincing. Let?s say that you owned the domain example-dot-com. Someone trying to phish someone else by posing as you could purchase their own domain, example-dot-com. Looks the same, but by using a capital ?i? instead of a lowercase ?l?, the phisher can create a lookalike site that truly appears to be legitimate. Who Do Spear Phishers Target? This is one of the main reasons that spear phishing requires so much research – not only does the hacker have to identify who they are going to target; they have to also identify the best way to scam them. As a general rule, however, spear-phishing attackers will target those people in an organization who have access to the information that the phisher wants, but not enough clout to question a request from (what appears to be) up the chain of command. In other words, a business? end users. So, what can you do […]

How to Create a Secure Password The best passwords are ones that are easy to remember while being difficult to guess. Furthermore, they need to include letters (both upper and lower case), numbers, and symbols. The problem is that these security measures make the password difficult to remember, making it an inconvenience whenever you have to use it. The best way to make sure this doesn?t become a problem is to use what are called passphrases, or alphanumeric phrases that are designed to be easy to remember while still maintaining security standards. Making too many passwords that are complex or hard to remember means that any progress you?re trying to make could be halted before it even begins. There are solutions like the password manager that make ?remembering? your passwords much easier. Password managers assign one complex password as the ?gatekeeper? password, meaning that the only one you?ll need to know to access your secure database of passwords is the gatekeeper. Two-Factor Authentication Passwords are most effective when there is a secondary method of authentication that can guarantee the authenticity of the one plugging in the password. Two-factor authentication is a way of guaranteeing this authenticity. A passcode can be sent to a mobile device via a text message or phone call, or a biometric code like a thumbprint or face scanning software can detect the user?s identity. Regardless of what the method is, a two-factor authentication solution makes it less likely that a hacker will be able to infiltrate your account, as it means they either need to do twice the work or get their hands on a device that?s connected to the account. More often than not, they?ll see it as something that?s simply not worth the effort. White Mountain IT Services wants your business to take password security seriously. To learn more about password management tools and two-factor authentication, reach out to us at (603) 889-0800.

First, let?s take a look at some of the basic principles of BYOD. Basically, instead of an employee being given a device by your business, they use their own personal devices for work purposes. Why BYOD Has Become So Popular On paper, BYOD seems like the perfect solution. Businesses that take advantage of BYOD practices can save up to $350 a year per employee and using portable devices for work purposes can save employees about an hour per workday, as well as improve productivity by up to 33 percent. Other benefits include, but are not limited to, the following: Access to Better Technology You might have a laundry list of technology solutions you want to implement, but at the end of the day, you?re at the mercy of your budget. You always run the risk of a new solution affecting your operations in a negative way. While this might have an effect on your decision making for business technology, your employees have a different mindset, replacing devices as they want. It?s more likely that your business? employees will replace outdated technology, leading to happier and more productive employees overall. Reduced Financial Toll on Businesses Your technology acquisitions will largely be driven by the budget behind them. For example, you might want to replace your workstations, but if the budget doesn?t allow for this, then it just simply can?t happen. Rather than hope your budget accommodates these changes, you can instead give your employees the option of using their personal devices, freeing your business from the responsibility of acquiring said technology. The expenses of BYOD are basically limited to securing access to information and implementing it. Employee Satisfaction You might find that your organization?s technology simply isn?t pleasant to work with. Forcing productivity is rarely effective, and aging workstations certainly aren?t going to make the process any easier when they have just bought a shiny new laptop. If you force employees to work using technology that doesn?t work properly for no good reason, they will naturally push back. You avoid this situation entirely by giving them permission to use their own devices. The Potential Issues with BYOD Distractions Compared to the amount of productivity applications on the app stores, there are plenty of ways to get distracted by BYOD. While you can whitelist and blacklist applications on your company-owned devices, you don?t have too much control over devices your employees utilize. Loss of Control Losing control of devices is a recurring issue for businesses, especially with BYOD on the playing field. Policies can be put in place, but they require the employee?s consent, which they are probably not going to give. What happens if an employee leaves with company data on their device? What if they are careless with the way they access this information? All of this needs to be considered. Compliance Shortcomings How will your BYOD implementation interact with other parts of your organization, namely compliance? Requirements put in place by laws like HIPAA and Dodd-Frank mean that IT administrators need to be particularly aware of how data is being distributed to BYOD devices. How Do You Leverage BYOD Securely? The best way to make sure BYOD is being managed properly is to work with a managed service provider with professional IT technicians on staff who can help you […]

I want you to think back to how your business operated just a few short years ago. How similar was it to the way you currently do things? Hopefully, not very. Consider this: in 2013, mobile technology was just starting to become more commonly used for computing than the PC. In 2016, ?unified communications? was still a buzzword, and collaborative solutions were experiencing widespread adoption. Today, just a few short years later, these are some of the basic solutions that all organizations should be leveraging. Many businesses can easily fall into the trap of believing that their past success guarantees more of the same in the future. This comes with a few operational and behavioral warning signs. For example: Are any potential changes or growth opportunities avoided or rebuffed through the use of highly selective facts? Do conversations amongst your team skirt around topics like new markets, possible competition, or other developing business opportunities? Are failures used to postpone new attempts instead of as learning moments? Do meetings frequently end in a holding pattern? These factors all signal that a business has slipped into patterns that are comfortable, rather than habits that are operationally sound. ?Okay? becomes the standard, as do shortcuts and cut corners. The question is, do you want your business to be ?okay?, or do you want it to be a success? Fortunately, once you?ve identified it, there are many ways to mitigate complacency. Ask yourself a few more questions about your business, its policies, and its culture: Is there any way that your processes could be made more efficient? Is your service offering a good fit for your current audience? What needs will they have in the near future? Are there any technologies that could soon cause a disruption in your market, or could be used as an invaluable tool? How engaged are your employees? Many of these questions will require a big-picture perspective of both your business and your industry. Macro-views like these can be challenging, especially when one is accustomed to the micro-perspective into a single business. Answering these questions on your own will prove to be challenging as well, and then you still have to resolve any issues that they unearth. White Mountain IT Services has plenty of experience with managing the technology that businesses rely on to be successful and efficient. While up-to-date technology isn?t the only thing necessary to avoid becoming complacent in business, it is a good start, and one that we can help with. Reach out to us at (603) 889-0800 to learn more.