The two-factor authentication platform, adds a valuable layer of security to your existing solutions by requiring an additional credential beyond just your typical username and password. This can be a PIN that is generated by an application or even a physical token like a key fob that provides access. To make a long story short, your employees may not feel entirely comfortable with your organization requiring them to keep an application on their phone as they may value the autonomy they have over what they do and don?t keep on their personal device. As a result, they are bound to have questions that you will need to answer. To assist you with this, we?ve compiled a few questions you may have to field, and how to answer them truthfully and diplomatically if you choose to implement two-factor authentication for your business. What is it?Two-factor authentication is another way to improve data security and prevent threats from infiltrating business network?s access points. Picture your network as a house that your data lives in, with the front door being the access point. The lock that you find in the doorknob is your usual access credentials, username and password. 2FA adds a deadbolt to that door. In other words, 2FA is the added security that can keep many threats out, at the cost of a tiny bit of convenience. Why do I have to do this?This line of questioning is indicative that an employee is resistant to change–unfortunately, information technology is built on change. Threats to a business? security are always improving so they have the best chance of creating the most impact. To counter this, a business must acknowledge the risks inherent in powerful technology platforms and do everything they can to control access to their network. 2FA is just one of many ways to do that. It is also important to remember that a chain is only as strong as its weakest link, so the entire business could be made vulnerable if one person doesn?t have the same dedication to organizational network security as the rest of the team. By implementing 2FA as a team, the business is better protected by the team. Why do I have to do it on my personal phone?This answer has two parts to it, one being of best interest to the business, the other being for the employee?s benefit. First off, economics. Does your business have the capital to spare to distribute mobile devices for the singular purpose of enacting 2FA? Typically, this isn?t the case. Furthermore, which device is an employee more likely to favor? Their personal device that they have conditioned themselves into bringing everywhere, or the new, unfamiliar device they were just given for work? What happens if I lose or forget my phone?There are ways to get around a forgotten or misplaced device. In many cases, an organization can adjust an employee?s 2FA settings to allow them access via a new 2FA code, but this will require the employee to change their credentials. If the phone is lost, the company is still safe, as the Mobile Device Management platform that the 2FA implementation was likely part of will allow network administrators the requisite authority to handle the situation. Can you see my personal stuff?This question will likely come up. You should […]

The first protocol is called POP, or Post Office Protocol. Your imagination might immediately jump to ?snail mail,? a common term for sending messages through the traditional postal service. POP works by downloading messages to your device through your installed email client. These messages are then deleted from the email server. This keeps you from downloading the same messages to your other devices. This means that if you wanted to check your email on a desktop, you would then be unable to see the same message on your smartphone. This is why the preferred method of handling multi-device email is IMAP, or Internet Message Access Protocol. Compared to the way POP handles your email messages, IMAP actually keeps the messages stored live on the email server rather than downloading them directly to the device. Basically, whenever you perform any action with a message in your inbox, you?re performing that message directly on the mail server. Any email clients that you use will see the changes as they happen. Naturally, this is the best way to experience email, as your messages will always be in sync. Most modern email solutions allow for IMAP, with some going so far as to default to it. Some of the solutions that support IMAP include Google?s Gmail, Microsoft Outlook, Mozilla?s Thunderbird, with Apple?s iCloud mail defaulting to it. Depending on your business? communication solutions, you?ll want to work with your service provider to ensure that your email access protocol is right for you. This is especially important if your business requires the use of multiple devices. For example, most employees have at least a smartphone, but they also might have a laptop or tablet that they use for work purposes. If these devices don?t have unified access to company information, you might encounter miscommunications which result in loss of productivity. Therefore, you should take the time to ensure that your business is using email as effectively as possible. Does your business need assistance with email or integrating it on your staff?s mobile devices? White Mountain IT Services can help. To learn more, reach out to us at (603) 889-0800.

Network security is a crucial consideration for every single business, especially ones that utilize the Internet. There were a lot of negatives and some positives that came out of 2017 in regards to cybersecurity. Below we have listed some of the most troubling cybersecurity statistics collected in 2017, and we?ve followed it up with suggestions on how to keep your business safe in 2018. Statistic for 2017: In the United States, 61% of small businesses experienced a cyberattack and 54% experienced a data breach that had severe financial consequences in 2017. This year saw phishing/social engineering scams out number web-based attacks for the first time. Phishing (or the attempt to use fraudulent emails that look legitimate to obtain sensitive information to exploit for financial gain), and social engineering (or the psychological manipulation that persuades others into offering personal information), make up about 48% of all cyberattacks. SMB Action for 2018: One way to reduce the risk that your company will fall victim to phishing and social engineering to make sure that your employees are aware of up-to-date cybersecurity best practices and follow them at all times. Even something as simple as opening an email attachment can have a catastrophic impact on your business. Creating an Acceptable Use of Technology policy is a great way to make sure that your employees know what is expected of them when it comes to technology and your business. Statistic for 2017: Despite that fact that many business owners feel like their employees and/or contractors would never do anything to cause data loss or put their network at risk, more than half (54%) of the data breaches for small business in 2017 came from employee/contractor negligence, up from just 48% the previous year. While negligence was at the top of the list of was followed closely by third party mistakes (43%) and errors in system or operating processes (34%). Surprisingly, however, nearly ? of those companies who experienced a breach stated that their company could not determine what caused the incident. SMB Action for 2018: Short of having a computer forensics unit on standby, businesses will need to improve their resilience by properly training their staff in, at the very least, the industry standard of protecting an organization?s network. Enforcing strict guidelines on how people access and interact with data will go a long way toward mitigating organizational risk. Employing the use of virtual private networks (VPNs) to encrypt remote access data flow provides a strong defense against the interception of data. Organizations will also need to follow strict procedure to close any vulnerabilities they may have with software systems, or former employee, contractor, or vendor access to their network infrastructure. The more diligent organizations are in training staff, and enacting a fast-acting strategy against closing vulnerabilities, the better chance they have of coming through 2018 unscathed. Statistic for 2017: One question that is frequently overlooked during most run-of-the-mill security surveys is what it is that small businesses believe to be the most likely target of cybercrime attacks on their business – and are therefore most likely to be protected by SMBs. According to the results of this survey, about 63% of small business owners felt that the theft of their customer records was of primary concern. Followed by the theft of their intellectual property […]

Defining CrimesAs we mentioned, while credit card theft and identity theft are related to one another, they aren?t terms that should be used interchangeably. Rather, credit card theft is just one of many kinds of identity theft. Think of it this way: cars, trucks, and SUVs are all types of motor vehicle. In this example, credit card theft is the car, while identity theft is represented by all varieties of motor vehicle–including trucks and SUVs. Summed up, credit card theft is what happens when someone is able to access your account and make purchases without your permission. While this isn?t the only form of identity theft, it is certainly a prevalent one. A 2015 report from the Bureau of Justice Statistics, a section of the U.S. Department of Justice, states that 8.6 million Americans of age 16 or older were victimized in 2014 alone, out of a total of 17.6 million affected by identity theft. Identity theft is a blanket term for criminal activity that falls into one of three categories: Fraud or misuse of an existing account — This kind of identity theft is the most common, with 16.4 million of 2014?s 17.6 million victims being targeted by this variety of identity theft. When a thief obtains access to an account of yours–through a credit card, for example–and uses it to their own ends, or passes bad checks through it, it falls under this category. Fraud or misuse of a new account — If a criminal obtains your personal information and uses it to open an account in your name, you are made a victim of this kind of identity theft. This kind of identity theft can range from relatively small, like opening a line of credit or a checking account, to large, like applying for a fraudulent mortgage on a house. This was reported about 1.1 million times in 2014. Fraud or misuse of personal information — All other uses of stolen personal information or data fall under this category, which held 713,000 of 2014?s reported cases. In this form of identity theft, someone improperly uses your information for their benefit. This may be to find employment, rent property, see a doctor or even to lie to the authorities. Protecting Yourself (and Your Clients and Employees) from Identity TheftOf course, you?ve probably already considered how much personal or otherwise sensitive data you have stored on your business network. There?s your business? financial data, with employee information if they are paid through direct deposit bundled in there. Additionally, if any of your clients have financial data on file, that certainly counts as well. This also includes any non-financial records your business may keep on your clients. In short, you have plenty of data that needs to be protected, including credit card and other personally identifiable information. White Mountain IT Services can help you keep it safe. Call us at (603) 889-0800 for more information.

Insider threats contribute to a significant number of data breaches. These cases of data exposure are enabled by a member of your staff, whether they intended to harm your business or simply made an honest mistake. With so much focus directed toward the threats out in the world, sometimes we forget that the biggest dangers can be among our ranks. To make up for this, we?ll discuss a few ways to keep insider threats from doing your business too much harm. As we begin, let?s refer to some stats that were drawn from a Forrester Research study. Insider threats cause 40% of data breaches. 26% of these data breaches are malicious. Accidents and general use cause 56% of these breaches. Clearly, simple mistakes contribute the most to data breaches. To prepare for these circumstances, let?s examine some of the most common errors made by end users. Misplacing Devices while TravelingMost workers have some sort of commute to look forward to as they go to and from the office, and business often requires an employee to travel on behalf of the company. This creates an opportunity, should the employee have a work device with them, for that device to be lost–left at airport security or in the backseat of an Uber–or stolen. Remind your employees how easily such devices can disappear, and that they need to be cognizant of them as they are traveling. Using Unfamiliar Flash DrivesFlash drives are everywhere these days, which isn?t necessarily a good thing for your business. While many are harmless, the little storage devices can easily be converted into a vehicle for malware. If this is the case, once the USB drive is plugged in, the workstation and quite possibly your entire network could be infected. While this doesn?t mean that flash drives should be forbidden from your office, you should mandate that IT takes a look at them all before they are used. Letting Devices Connect Willy-NillyChances are almost everybody in your office has a smartphone, along with a laptop and various other devices that all utilize an Internet connection–which means that potential points of access to your network have increased considerably. To counter this, you need to put a Bring Your Own Device (or BYOD) policy in place that protects both your employees and your business. Utilizing a comprehensive mobile device management platform, a BYOD policy will dictate what control you have over user access and data transmission using employee and customer mobile devices. Being Careless With Company InformationBack in World War II, there was a propaganda campaign by the United States Office of War Information warning citizens against the possibility of providing enemy spies with information: ?Loose lips sink ships.? The same can be said of most business operations. Seemingly innocuous choices, like using a personal email account for business purposes, could potentially lead to a data leak. Personal email simply doesn?t have the same protections as business-class email does–and that?s just one example of how your data could be left vulnerable through employee negligence. If your organization has difficulties with your end users making mistakes, reach out to us for help. Call White Mountain IT Services at (603) 889-0800 for more information.