This VPN bug can leverage the ASA operating system to enable hackers to breach Cisco security devices. According to Cisco, this Secure Sockets Layer (SSL) can ?allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.? This means that an attacker could hypothetically gain complete access to a system and control it – a prospect that any business should see the threat in, especially where their physical security is concerned. In fact, this vulnerability has been ranked as a 10 out of 10 on the Common Vulnerability Score System, making it one of the top vulnerabilities ranked. Granted, this vulnerability only goes into effect if WebVPN has been enabled, but that doesn?t mean that you can overlook this threat. ZDNet provides the following list of affected devices: 3000 Series Industrial Security Appliance (ISA) ASA 5500 Series Adaptive Security Appliances ASA 5500-X Series Next-Generation Firewalls ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers ASA 1000V Cloud Firewall Adaptive Security Virtual Appliance (ASAv) Firepower 2100 Series Security Appliance Firepower 4110 Security Appliance Firepower 9300 ASA Security Module Firepower Threat Defense Software (FTD). When it was first discovered, this bug had yet to be used ?in the wild,? but Cisco was aware of some attempts to change that. This exploit targeted a bug from seven years ago, with a proof of concept demonstrating the use of the exploit – or at least trying to. The proof of concept only resulted in a system crash, but that doesn?t change the fact that this vulnerability can be exploited in other ways, too. Unfortunately, this vulnerability has now been observed in use, and worse, Cisco?s first attempt to patch it didn?t see to all considerations. As it turned out, there were more attack vectors and features that were not yet identified, as so were not addressed by the patch. However, Cisco has now released an updated patch, which you need to implement as soon as possible. Otherwise, you are opening up your business security to greater risk. It is always a better practice to attend to known vulnerabilities post haste, as the longer your business is vulnerable, the more likely it is that someone will take advantage of that. Furthermore, it is also crucial that you stay cognizant of any and all vulnerabilities that are present in your mission-critical software and hardware solutions. This bug is not an isolated case. Others like it have been found before, and more will certainly pop up in the future. Hackers and cybercriminals are constantly working to overcome the security features that software developers implement. It is your responsibility to ensure that you protect your business by implementing security patches and updates promptly. White Mountain IT Services can assist you with that. We can help you ensure that your patches and updates are up-to-date, often without needing to take the time needed for an on-site visit and handling it all remotely. For more information, give us a call at (603) 889-0800.

A Look at the Cybersecurity Industry Since the landscape of the Internet is rife with threats, the risks an organization faces by not doing all they can to protect their information systems presents real organizational issues. As a result, the Internet security industry has expanded so far as it will do annual revenues of over $170 billion by 2020, with the Internet of Things presenting an ongoing security issue for most businesses. For one indicator that gives away just how risky the Internet is for an organization, check out how much money is being spent on securing computers and networks. To address the innumerable threats, cybersecurity markets have begun to pop up for gadgets, appliances, cars, and other frequently utilized goods. Moreover, cybersecurity insurance is now being offered by major insurers. PricewaterhouseCoopers forecasts that $7.5 billion will be spent on data insurance by 2020. Another indicator that cybersecurity is prioritized by many businesses is how major financial institutions address these risks. Organizations like J.P. Morgan Chase, Bank of America, Citigroup, and Wells Fargo, with their breadth of risk-averse financial services, spend upwards of $1.5 billion per year on cybersecurity. Get Started with Browser Security The browser is generally the end point where the data stored on the Internet is disseminated to users. As a result, small businesses, who unlike major financial organizations (or most enterprise businesses), don?t have the financial resources to spare, have come to rely on their browser?s built-in security features to do a lot of the heavy lifting in their cybersecurity strategies. By understanding which browser gives you the best opportunity to succeed, you can be ahead of the game instead of constantly playing from a disadvantaged position and putting your data and network at risk. Browsers The most well-known browsers are the most utilized. Google?s Chrome, Apple?s Safari, Mozilla?s Firefox, and Microsoft?s new Edge browser are currently the most utilized browsers on computers that run Windows or macOS, while Chrome, Safari, and UCBrowser are most popular on mobile. We?ll take a look at some of these browsers (and their security features) to help you ascertain whether or not a particular browser will work for your needs. The best protection is actually from producing secure connections. In the browser, any site that has a secure connection will feature the protocol ?https://?. By encrypting data sent and received through the browser, it keeps the transmission of data from being intercepted, stolen, or leaked. In encrypting the exchange of information, it highlights the two variables that need to be present for secure browsing: identification and privacy. We?ll go through the most popular browsers to see what they offer users in the way of security and privacy: Google Chrome Google Chrome is the most popular and utilized Internet browser in the world. For security?s sake, it features a powerful ?sandbox?. The sandbox is an encrypted environment that attempts to keep the communication between the user and the website separate to offer another layer of security. Google also has the fastest response time to security vulnerabilities. One security problem users get into when using Chrome is if they use Chrome apps. The Chrome apps themselves may not be a vulnerability, but the more endpoints that potentially expose users, the higher the risk is. Privacy in Google Chrome is another matter altogether. […]

But wait? why would you want to outsource a project that?s meant for your in-house team? Wouldn?t you want your in-house team to handle this project? While it?s certainly a logical argument–after all, nobody knows your business like your business–you should never discredit the value of outsourcing something like project management to a third party. This value is only strengthened for a small business. Smaller organizations are generally created around a singular idea that focuses on delivering quality goods or services to an area. It would be wrong for your business to have to worry about implementing a project if it doesn?t need to. Any time spent managing the project would be time better spent ensuring that you?re offering the highest quality of product or service to your consumers. This is the major benefit that you get from outsourcing project management to a third party like White Mountain IT Services. Even if you have an in-house IT department, chances are that you can benefit considerably from outsourcing project management. This is specifically due to the fact that time is a valuable thing for your in-house IT team. They probably have their hands full with their other responsibilities, which could include anything from putting out fires to offering simple, everyday technology assistance. Either way, we?re sure that they have a little too much work to handle during the workday, and you can bet they are a bit too busy to implement any major project. White Mountain IT Services makes project management easy for your business by removing the burden from your company. This doesn?t mean we aren?t willing to cooperate and work toward a common goal, though. We will always keep you in the loop regarding major decisions, and you can rest assured that your project is being implemented according to your business? specific needs. To learn more about outsourced project management, reach out to us at (603) 889-0800.

Passwords are all over the place these days, whether they?re required to access an online account, or access the devices used to open these accounts. While both types of passwords can make for ideal security conditions, this is only the case if the passwords are strong. If your passwords can be guessed by just about anyone, can you really call it a security measure? New insights from SplashData show that passwords aren?t being considered as much as they need to be. SplashData collected and examined passwords that were leaked in 2017, resulting in the most common passwords being ?123456? and ?password.? These also happened to be the most cracked passwords for the past four years. The University of Phoenix?s annual cybersecurity survey has also provided some interesting insights: Only 42 percent of Americans use different passwords across different websites. Only 35 percent regularly update their passwords. Only 24 percent update their passwords before they have to travel. Furthermore, 43 percent of adults have experienced a data breach over the past three years, and 29 percent of workplaces have password protection as an official part of their cybersecurity policies. While these statistics aren?t the best situation, it?s important to understand why this is the case. One of the biggest issues regarding password security is that people don?t have enough confidence in their ability to remember complex passwords. This is augmented by the fact that multiple passwords are needed to ensure all accounts are secure. You can use some tips and tricks to remember them, though. Passcodes A random string of letters, numbers, and symbols simply isn?t user-friendly or easy to remember. When you?re restricted by length and content requirements, implementing a password that is easy to remember is borderline impossible. Since you don?t want to use just a single word either, you can boost the security of your password by lengthening it into a passphrase–sort of like a secret phrase that you, and only you, should know. For example, the phrase ?starwars? was one of the most used passwords in the SplashData survey. If information on a user?s social media profile indicates that they are a Star Wars fan, a cybercriminal could use this information to guess the password and cause all sorts of trouble. By lengthening your password into a full sentence, like ?I really like star wars,? you can drastically improve security for your account. Substitution If security is a further issue, you can improve the strength of your passwords by replacing numbers and symbols for specific letters. For example, the previous example of ?I really like Star Wars? can be changed to ?1 really l!ke St@r W@rs.? This makes it more difficult for a hacker to guess the password. Implement a Password Manager The security industry is completely aware of how difficult passwords are to remember. This is why password managers have become a major implementation of any security-minded organization. Instead of having to remember multiple complex passwords, a password manager provides a secure vault for storage of any complex passwords, all of which are controlled by a master password. Does your business need help with cybersecurity? White Mountain IT Services has the solution. To learn more, reach out to us at (603) 889-0800.

Automated ContractsBlockchain technology can ensure that the agreements made in contracts are kept, triggering when the conditions of these agreements have been met. This is possible through the use of smart contracts that have the involved parties? information, terms, and payment processes populated, allowing the entire process to be securely automated. Identity AuthenticationSince it serves as a permanent record, of sorts, the blockchain may soon be used as an identification and authentication tool. Rather than continuing to use the assorted insecure methods that we do today to identify ourselves, as well as birth certificates, passports, and other digital identities, we may soon rely on the blockchain to verify that we are who we say we are. VotingThe blockchain can also be used to help fight potential voter fraud as well. If applied to the voting process, the blockchain would not only allow the identity of each voter to be verified, their vote couldn?t be altered by someone else afterwards. As a result, the democratic process becomes more transparent. Notary FunctionsIn order for many documents to be properly signed, they require a notary to be present. This is to confirm that all parties are willfully signing the document at a given time, the notary acting as a neutral third-party witness. The blockchain can serve a similar purpose. By adding a timestamp to the blockchain along with data, the entire chain becomes a witness of sorts to the agreement. There?s no denying that focus is currently on cryptocurrency, but it likely won?t be long between the blockchain is used for many other purposes. What do you think the blockchain should be used for? Share your ideas in the comments!