Sacrificing Security for ConvenienceFor starters, most of the threats to be found online are of the sort that can be avoided somewhat easily by developing responsible habits. Unfortunately, it is much easier to develop bad habits, which only opens you up to increased threats. For example, passwords. While it may be a pain to remember more than one password, it is even more of a pain to find yourself locked out of all of your accounts if your single password is discovered by a cybercriminal or leaked. Each of your accounts should have its own unique password, preferably composed of a random string of numbers, letters, and symbols. If you anticipate that you will have trouble remembering your passwords, resist the urge to write them down. Instead, use a password manager program, which allows you to securely save your passwords for various sites and services, protected by a single master password. Speaking of passwords, you should also do some password management on your networking equipment. If a hacker can gain access to your router, everything on your network is then vulnerable to them. A great way to make it easier for a cybercriminal is to leave your router set to the default password. Like any password-protected account, you need to devise a new password for your router that meets the best practices that were discussed above, changing it periodically. Of course, there are other considerations to make to truly be secure when on the Internet in addition to good password practices. Additional StrategiesOne of the easiest ways to boost your online security is to make sure that you?re using the most up-to-date tools and programs, including your web browser. The relationship between the programs you rely on and the threats that target you means that the two are effectively locked in an arms race over your security. As threats improve and find new vulnerabilities, solutions have to shore up their defenses and eliminate these vulnerabilities. This means that you need to be diligent about updating your solutions promptly, so that these improvements can be put into effect and protect your system. Look for the LockWhenever submitting sensitive information to the web, such as your credit card number when shopping online, check for the lock in your browser address bar. This will show up to the left of the URL. For example, if on Amazon, you?ll see it to the left of https://www.amazon.com. The lock means that your connection is encrypted, so the data you send to Amazon can only be understood by Amazon, and not someone sneaking around in between you and the store. This applies to any site where you enter in secure information, so be mindful that the lock is there before you share anything personal. Of course, this is a very shallow dive into how to surf the web more securely. In fact, this is barely dipping a toe into the water. For more details, reach out to White Mountain IT Services by calling (603) 889-0800.

Google Play Protect is one measure that is helping users identify malicious apps on their phones. It?s not an actual app on your device–rather, it?s a feature that is implemented on the Google Play app store. Google Play Protect basically scans your apps in the background to detect any dangerous applications on your device. You can manually scan your device for threats as well, improve harmful app detection by extending the scanning to any apps not installed through the Google Play store. To do so, open the Google Play Store App, tap the menu on the left, and scroll down and select Play Protect from the menu. One noteworthy downfall of Google Play Protect is that it doesn?t immediately scan an installed app. Instead, what we recommend is before opening the app for the first time, scan it with Google Play Protect first. However, we do recommend approaching any new app with a grain of salt, starting even before you download it from the Google Play store. While Google Play Protect can offer some ways to keep your mobile devices safe, you should still consider the following tips to approach downloading new apps as mindfully as possible. Download apps from trustworthy sources: Sometimes you might find a link to an app while looking through frequently asked questions or message boards. Be sure that you don?t download apps from external sources, as there is a higher chance that they could put your business in harm?s way. Make sure that any apps you download are reputable and from the Google Play Store. Most Android phones are set up to not allow this by default. Check app permissions before downloading: Depending on the type of app you?re downloading, it might ask for access to certain information or functions on your device. It?s up to you to determine whether or not the app is accessing too much, or something that doesn?t make sense. For example, a flashlight app shouldn?t need access to your calls or text messages. Implement a Bring Your Own Device (BYOD) policy: Chances are that your employees have multiple devices that they will bring to the office every day, including a laptop, tablet, and smartphone. Therefore, it makes sense that you have a solution implemented that manages risk from these devices. We recommend a BYOD policy that includes whitelisting and blacklisting apps, remote wiping of compromised devices, and comprehensive mobile security. To improve the way that your business handles mobile devices and security, reach out to White Mountain IT Services at (603) 889-0800.

What Makes Social Engineering Effective?Social engineering is the equivalent of pointing to an imaginary spot on someone?s shirt, only to flick their nose when they look down — by posing as someone trustworthy, a cybercriminal is given the opportunity to do as they will with a business? data. These attacks have two factors going in their favor. First, a social engineering attack isn?t the kind of attack that the average user is on the lookout for. They will have instead heard about botnets and ransomware and other big, external threats, and so won?t think to question what seems to be a legitimate-looking message. Secondly, there is plenty of data readily available on the Internet to help build a convincing social engineering attack. This data is referred to as open-source intelligence. Open-source intelligence can come from a vast array of data sources, which only assists an aspiring social engineer. Through some digging on the Internet, a social engineer can find plenty of information that better informs their attack. What the Internet Can ProvideWith the right research, a social engineer can compile an unnervingly comprehensive profile of a business, its employees, its operations, and more. Some very brief and incomplete examples are as follows: TechnologyInformation about the kind of technology a business leverages is surprisingly common online. Job postings, for example, often identify the hardware and operating system a company uses to ensure that an applicant has a familiarity with the systems they would be working with. The trouble is, this also helps a criminal by identifying which exploits will be effective against a company. Furthermore, if a company isn?t careful, their social media images could provide a cybercriminal with information about their networking hardware. Employee InformationIt is also common for people to overshare on social media, which can easily lead to company information being shared as well. This includes, in addition to the access of information many allow to be publicly available via social media, images from within the workplace. Such images often reveal the kind of computer used by employees, as well as the contents of their screens and any information displayed on them. Additionally, many people will discuss their work schedule on social media, as well as provide a detailed account of their professional experience, giving a social engineer more data to work with. Vendors and Other CompaniesExternal services that provide for a company can help a social engineer gain access to that company, especially if the service provider uses them as evidence of value on their website. Janitorial services and trash pickup services are especially valuable, as data could potentially be stolen after it leaves a business? premises. In short, while protecting your data with firewalls, authentication requirements, and other digital measures is crucial, it is just as crucial to also ensure that your employees are aware of the dangers that social engineering can bring. Establishing processes to help thwart social engineering attempts is something that every company should do, as it will help to protect them from these attacks. For help in planning these processes, reach out to White Mountain IT Services at (603) 889-0800.

AwarenessSince smartphones are able to connect to the Internet via Wi-Fi, and they can connect to other devices over Bluetooth, the utility these devices bring us is actually immense, even if it?s chock full of potential threats. Today?s hackers have begun to target smartphones and other mobile devices through the use of a litany of breach techniques. To ease the risks that come from the growing mobile malware trend, you?ll have to be cognizant of where your Wi-Fi and Bluetooth connections come from. By only connecting to networks that are reliable and secure, you can pretty much use your smartphone as you please, where you please. Your carrier?s cellular signal is encrypted and therefore much more secure than a public connection, including in public charging stations. Another thing that every mobile user has to be cognizant of are the permissions they provide certain applications with. Many applications can demand that you share information with their developers that is completely unnecessary. Being aware of what an application wants can help you know when it is prudent to choose when to use an app, and when to rely on your Internet browser. Considering how important your personal data is, understanding when and why it is being used, and keeping control over it will invariably keep you more secure. SecuritySpeaking of security, there are some security options built-in to your smartphones. No modern day device has as much private information on it as your smartphone. When someone picks up your phone, you obviously don?t want them to have access to everything on it. Users can protect themselves by choosing any number of options that ensure that only authorized parties can get into their smartphone. Most phones come with either options to secure the device with a custom PIN, passcode, or pattern. The new flagships, however, ratchet it up a notch. They provide biometric options through fingerprint readers or facial recognition to secure the contents of a device. By utilizing these security features you can ensure that no one but you gets into your phone without your permission. Since data security should always be a major consideration, especially when you hold data that you personally don?t own, understanding how to insulate that data from others is key. If your business need to improve your mobile device security policies, contact the IT professionals at White Mountain IT Services today at (603) 889-0800.

A Social IntranetWhen we talk about an intranet solution, what we really mean is a unified way of staying connected to your staff and internal resources. You can think of it like a sort-of portal which connects your employees to just about anything that they need access to during the workday. This includes direct connections to online resources, assets, and any important contact information for personnel or services that your company takes advantage of. Some examples of services could include your managed service provider or help desk number. Instant MessagingSometimes there are pressing matters to attend to that can?t wait for a response to an email that could take all day. In cases like this, instant messaging helps you get the signal across that what you?re requesting is urgent and cannot wait. Aside from this, instant messaging is important in that it allows your employees to communicate in a moment?s notice, cutting down on time wasted due to miscommunications during project implementation. Some features to look for in an instant messaging system are the ability to create group chats and private rooms. Internal Blogs and DocumentationYour employees want something to look at that can help them effectively do their jobs. Some companies have internal blogs available through their intranet solutions that explain certain concepts more in-depth for users to examine at their leisure. The same can be said for documentation regarding more complex procedures. This saves your supervisors from spending more time than necessary on training. Discussion BoardsIn much the same way as internal blogs and documentation, discussion boards can be used by your team to brainstorm ideas and engage each other in a less formal environment. This can be in the form of asking open-ended questions regarding workflow or simply getting feedback for an upcoming project. Either way, discussion boards can be used with the intention of making information both more consumable and more accessible. A Ticketing System and Help DeskLet?s say that your company experiences technology issues that your employees don?t necessarily know how to fix. Instead of wasting time trying to get in contact with someone who can help, you could implement a ticketing system put in place by a managed service provider like White Mountain IT Services. You can then have your employees submit a ticket when they need help. The MSP would then respond as per your service level agreement, eliminating the majority of downtime caused by technology troubles. Ultimately, communication and your intranet are going to rely on a collective sharing of knowledge within your organization. Are you ready to implement these types of strategies for your business? Get started by calling us at (603) 889-0800.