What a Smart City Should Be On the surface, a smart city sounds like a great idea. Using technology and heavily leaning on Internet of Things principles, a smart city collects data and leverages it to improve public services, inform the local government?s actions, and generally improve the population?s contentedness. Traffic flows more smoothly, infrastructure is better maintained, and life is good. At least, in theory. There is an unfortunate tendency for consumer-focused IoT devices to be vulnerable to attack, a trait shared by the systems that control a smart city. The Effects of an Attack To fully grasp the influence that an attack on a smart city could have, it would help to take a closer look at some of the systems that a smart city would have in place. As we’ve established, the motivation behind a smart city is to improve the population?s quality of life, a goal that requires data collection and analysis to be reached. This data will be collected via sensors that examine a wide variety of factors, like the weather, traffic conditions, and even air quality and radiation. While this data would once be delivered to human decision makers, automated systems would be able to make changes to resolve any issues. For example, if traffic was starting to become congested in a certain area, the surrounding traffic signals could be automatically manipulated to relieve the gridlock. The trouble starts when these systems don?t have enough security to keep them safe from cyberattack, potentially leaving the city?s infrastructure wide open. In a preliminary study of three companies that could supply the systems that a smart city would be built upon, their products had 17 basic vulnerabilities – and we?re talking very basic vulnerabilities, like easily-guessed passwords, avoidable authentication requirements, and bugs that could let in malware. Why This is Important Speaking in a geopolitical sense, enacting a smart city with vulnerabilities like these is like painting a target on one?s back. You only have to look at the fairly recent attacks on both the energy grid and electoral systems of the United States for evidence that infrastructure and civic systems are considered very fair targets. While there are actions in process to shore up these vulnerabilities, opening up metropolitan areas to attack through obvious security flaws would not be a good idea. Of course, we don?t mean to say that scaling the Internet of Things to a metropolitan scale is inherently not a good idea, either, it?s just there needs to be more security protecting the well-being of the populace that lives there. The same can be said of any business that relies on Internet-connected technology. If the devices and network components that a business uses aren?t patched and secured, that business is vulnerable. White Mountain IT Services can help. Give us a call at (603) 889-0800 to learn about our security solutions and how they can protect your business.

Evernote, Explained Evernote is essentially a cloud-based virtual filing system that allows users to create and organize an assortment of file types, saving them as ?notes? within ?notebooks.? A variety of its capabilities make it well-suited to business use, including support on a computer and a mobile device, integrations with other business-friendly applications, and its capacity for collaboration. Evernote is available in a few tiers, with a free version, a paid premium version, and another paid business-centric version. This final tier delivers a few features that are unique and useful to a business audience, such as administrative capabilities and Spaces, a means for direct collaboration. However, we?ll instead focus on the free version, which has plenty to offer a business user as well. Speaking the Language To better appreciate Evernote?s organizational capacity, it helps to understand its internal terminology. Notes – a note is how Evernote refers to any document, in any of the formats that Evernote plays nicely with. This includes typed-up text, content clipped from the Internet, or visual content. Notebooks – a notebook is what your notes are stored and organized in by category. Tags – a tag is a keyword that you can add to a note, allowing it to be searchable via that keyword. These keywords allow notes to be viewed as a collection, even if they exist in separate notebooks. Openly Available Features As we said, the free version of Evernote, while not designed for business use, has no shortage of features that a business user would find extremely handy for their work processes. Shareability – Any content that you have on Evernote can be shared with anyone else, whether or not that person also uses Evernote. While this power would need to be used responsibly in a business setting to maintain security, this could also be a useful feature to leverage. Assistant Compatibility – For those users who rely on Siri or the Google Assistant throughout the day, they can be used to navigate Evernote and edit your notes by voice command. Scrapbook-Style Note-Taking – If you happen to find pertinent content while surfing the Internet, Evernote also has a browser extension that lets you pull whatever it is into the correct notebook. Self-Management – Evernote offers various capabilities that can assist in organization. From to-do lists to built-in reminders, you won?t miss another deadline. Is Evernote a good fit for your business operations? It could be! For any of your other IT-related questions or needs, don?t hesitate to reach out to White Mountain IT Services at (603) 889-0800!

First, we should mention that with many public cloud resources that are managed and maintained by the service provider often provide backup and recovery options as a part of their recurring monthly value. This integrated redundancy typically protects the work stored on these platforms from loss, but if the data that you store in the cloud is the lifeblood of your business, you have to think that putting together a strategy to have control over the protection of that data is crucial to the sustainability of that endeavor. This strategy is called an Enterprise Cloud Redundancy Plan, and it could save your business. One way that businesses are making their cloud resources more redundant is by using a technique of placing their data on multiple cloud servers. Many of today?s top cloud vendors provide options for an organization to store its data. If, for some reason, your cloud platform doesn?t offer this, you can do the same by utilizing multiple vendors. By having more copies of backed up data stored in different places, you can ensure that if anything were to happen to your data in one location, it will still be available. The other part of the Enterprise Cloud Redundancy Plan is to have a management system and enough viable infrastructure available to handle restored data. Today, there are some pretty powerful cloud management software from some reputable vendors including VMware, Microsoft, and BMC. These solutions provide around the clock monitoring which make it simpler to take a cloud-based resource out of commission if it were to go down. In fact, the point of this whole strategy is to protect your end users from downtime. Since many cloud providers experience limited downtime, the actual redundancy isn?t as much the issue for backed up files as is the restoration of the data if called upon. For this, you should have a solid understanding of some data restoration metrics: Recovery Point Objective (RPO) is measured in time. It is effectively how long can an organization’s redundancy infrastructure go without update. The higher the RPO, the more data an organization can stand to lose. Recovery Time Objective (RTO) is also measured in time. It is the maximum amount of time the data recovery process will take. The higher the RTO, the longer a company can go without its data. Recovery Level Objective (RLO) is measured in granularity. The higher a RLO, the more intricate the recovery process is. In completely understanding these data recovery terms, you can find the right recovery plan for your data. When dealing with cloud-hosted environments, in which many of these collaborative resources are hosted, understanding your service level agreement (SLA), and your responsibilities in the management of your data will both work wonders in the data recovery process, if it is needed. In all fairness, since the best backup and recovery system is the one that you never have to use, ensuring that your continuity strategy, for both local and hosted data, applications, and infrastructure, have been planned in a way where it is able to be tested, and will work effectively for your company if, for some reason, you do need it. At White Mountain IT Services, we offer a full list of some of today?s most useful IT solutions that not only keep your business up and running […]

More often than not, employees aren?t very aware of IT security threats or the ramifications of improper data-sharing habits. It?s not uncommon for IT security to start and end with the password for non-technical employees, and sometimes even that feels like asking a lot. This point isn?t to sound negative. You probably didn?t hire most of your employees for their knowledge and understanding of network security. The real problem lies when you, the business owner, rolls out a new security policy. As a simple example, let?s go back to passwords: A Real-World Example of Employees Rejecting IT Security Let?s say your IT provider suggests that you set up group policies on your network to enforce secure passwords across the board. That includes forcing users to reset their network password every 30 days, not repeating the same password, and having complexity requirements. If you are like most business owners, you approve the change and move on. IT implements the change, and suddenly your employees start getting prompted to change their passwords. It?s likely some users are going to simply follow the prompts and do so without a hitch, some are going to idly mutter about the change, and a few are going to protest it. This might not even get directly to you right away either – they?ll complain to their immediate manager or their friends around the water cooler. In the worst cases, seemingly simple security change can bring out the poison. When it does finally trickle up to C-level, it?s going to feel insane how much it has escalated. After all, it?s just over a simple password policy, and it is to protect the data of the business that signs their checks! I?m not even the victim of this and the idea heats me up too! This is a little bit of an extreme case and not typically the norm, but I assure you it does happen. It?s worth mentioning some other policies that could rile up your employees: BYOD (Bring Your Own Device) Policies – From employees not wanting their employer to dictate how they manage their personal mobile devices, despite setting up company email and cloud accounts to use the device for work, to bringing in unprotected devices and connecting them to the network, this security concept always seems to be a major hit or a major miss for people. Firewalls and Content Filters – ?What do you mean, YouTube is blocked?? You?d be surprised how many businesses suffer from wasted time from video streaming sites and social media, or maybe you wouldn?t. While common, it?s usually just a handful of provocateurs who regularly misuse the Internet while at work. Still, the solution is locking things down, and for some reason, that can be upsetting to some users. Implementing New Technology – This is probably the most common. Let?s say you roll out a new line of business app or move your data to the cloud. You put your managers and staff through training to learn the new system and provide instructions for proper use and follow up a week or two later only to find some employees are following the new procedures and others are pushing against the grain and going their own way. The list goes on though. Almost any kind of security implementation could […]

What Makes a Hacker? A hacker is an individual or group that, using their programming skills, finds a way into systems by identifying and exploiting gaps in the security protocols protecting them. That said, should we always be afraid of them? There are three overarching delineations that a hacker can fall into, as well as different subtypes that they could be classified into, based on their motives and modus operandi. The Three Main Types Black Hat These are the hackers that most likely first pop into your mind. Using their skills to steal the information they want from their victims or to manipulate their victims into paying them, black hat hackers are the criminals that give the term ?hacking? the reputation it has today. Their work is for their own personal gain, illegal, and usually results in the harm of others. White Hat On the side of the angels, you?ll find white hat hackers. These hackers use their skills to assist businesses and other entities in identifying weak points and vulnerabilities in their IT systems so that these weaknesses can be resolved. In fact, if we were to run a penetration test on your business, we would be acting as white hat hackers. A white hat hacker works for your benefit, and exclusively at your request – they do not hack into systems unless it is requested of them. Gray Hat As one might imagine based on their name, gray hat hackers are those hackers who are a little white hat and a little black hat. They aren?t quite black hat, because they aren?t personally profiting from the hack, but they aren?t quite white hat either, because they are hacking without the target?s consent or knowledge. Some grey hat hackers will inform an organization of their vulnerability, while others will enable others to leverage it by leaking it over the Internet. Additional Subtypes Script Kiddies Script kiddies are very amateur hackers, in that they don?t care to learn how or why the codes they use work. Instead, they leverage the code that has been written by others to launch basic attacks, often to draw attention to themselves or to impress their peers. Blue Hat A blue hat hacker can be summed up as a script kiddie with an axe to grind. Rather than trying to impress others by launching basic cyberattacks, blue hat hackers are out for revenge against those who have angered them. Again, these hackers don?t want to learn how to actually hack, they simply want to strike back. Green Hat Another variation of script kiddie, green hat hackers are the field?s equivalent of a greenhorn – new and inexperienced, but ready to learn. Green hat hackers are those that grow and become better over time and are known to ask a lot of questions among hacking communities. Red Hat These hackers are effectively the vigilantes of the hacking world, striving toward a similar goal as a white hat hacker would but taking a much different approach. Rather than reporting an attack, a red hat hacker will go on the counteroffensive and give their black hat target a taste of their own medicine. Using cyberattacks and malware as their tools of choice, a red hat hacker aims to hamstring their target?s computing ability. State-Sponsored These hackers are those […]