The issues present in voting infrastructure have been known for years. By using expensive electronic voting machines, many polling places are putting themselves in the position of being stuck with old, outdated systems without the necessary funds to replace them. In fact, it was predicted that 43 states would use ten-year-old electronic voting machines, an age that is uncomfortably close to the total lifespan of the machine. This could easily result in machine crashes and failures, potentially causing votes to be lost or–with some touch-screen machines–registered for a different candidate than the voter input. Adding to this issue is the fact that, with exclusively digital voting machine, there is no way to check the results against anything else if there needs to be an audit. This issue was only proven further during the 2017 DefCon conference, where the unprecedented Voting Village revealed what a hacker could do to an actual voting machine. This kind of activity had never been done before because, until late 2016, it had been illegal to tamper with voting machines–even if just for research purposes. Researchers discovered that there were plenty of ways to breach voting systems through both remote access and physical tampering. Influencing an election doesn?t even necessarily require tampering with the votes themselves, either. By slowing the systems to a crawl, or simply rendering them inoperable, hackers can easily keep many people from voting. Lawrence Norden, of the Brennan Center for Justice, argues that going low-tech is the best way to combat this kind of interference, supplemented by the use of encryption, blockchain, and other technological solutions. According to a blog post by Norden, the voting process needs to reintroduce paper. As he says in his blog: ?Specifically, every new voting machine in the United States should have a paper record that the voter reviews, and that can be used later to check the electronic totals that are reported. This could be a paper ballot the voter fills out before it is scanned by a machine, or a record created by the machine on which the voter makes her selections?so long as she can review that record and make changes before casting her vote.? According to Norden, this would eliminate the risk of an undetected change or error in software causing an undetectable change or error in the outcome of an election. Just like your organization, having accurate data and computing infrastructure that doesn?t work against your goals is key here. When hardware and software becomes out of date, not only do you deal with the same quirks and problems that were baked in from the beginning, but you also deal with new problems and unreliability. When your data is at stake, this can be a major issue. If your business has embraced digital filing (which we highly recommend), imagine putting the integrity of your data at risk by using an old computer. While going back to physical paper documents might be a solution, it will cost your business a lot of time and effort to accommodate, when compared to the cost of upgrading your IT. What are your thoughts? Leave them in the comments section below.

A surprising number of security issues come from inside your organization. User error on the part of the employee can present major problems for your workflow, data security, and the integrity of your business. User error could be something as simple as an employee clicking on the wrong links when they receive a suspicious email in their inbox, or if they are accessing data that they simply have no business accessing in the first place. Sometimes businesses will even completely forget to remove employee credentials when they leave a project or the company creating a breachable hole in your network. Regardless of the reason, user error can be a detrimental occurrence, and one which must be prepared for. Restrict User PermissionsYou may notice that every time you try to download an application to your computer, it requests specific permissions from the user. If it were your personal computer, you could just click OK without thinking twice. However, this isn?t your personal computer–it?s your office workstation. If you let your employees download whatever apps they want to their devices, who knows what kind of nonsense you?ll find on them? They could accidentally download malware or install something to give hackers remote access. This is why you limit what your users can do on their workstations. The only users who should have administrative access to your company?s devices are your network administrator and any IT technicians you employ, as they will be the ones primarily installing new software on your devices. Minimize Data AccessIf you give your entire staff access to every little part of your data infrastructure, they are bound to run into data that?s not meant for their eyes. For example, an employee might gain access to your business? payroll, which could cause unnecessary friction. They also might find other sensitive information that they aren?t supposed to see, like personal information or financial details. The best way to keep this from happening is to partition off your infrastructure so that employees can only access information that they need to do their jobs. Just ask your IT provider about your access control options. Remove Employee CredentialsWhat happens when an employee leaves your organization, but is still able to access their email, your network, and their workstation? You could run into an employee sabotaging your organization. This isn?t something that you want to deal with, and the easiest way to make sure it doesn?t happen is to begin the process of removing this employee from their accounts before they leave. Passwords need to be changed so that the employee cannot access your infrastructure any longer. You don?t want to delete the accounts entirely, though. You might want to check through the accounts, particularly because you might find reasons why they have chosen to leave your organization. Can your business keep itself safe from user error and other threats? White Mountain IT Services can help you keep the negative results of user error to minimum. To learn more, reach out to us at (603) 889-0800.

There are many organizations in the world that simply can?t have cybercriminals and hackers interfering with their data. One of these organizations, CERN (whose acronym translates to the European Laboratory for Particle Physics) has far too powerful of a computer grid to allow hackers to access it. To keep it safe, CERN has deployed what may be the future of cybersecurity: artificial intelligence. The use of artificial intelligence in security makes a lot of sense for a few reasons. First and foremost, it gives us a chance of keeping up with the changes that malware undergoes. To combat this, the scientists at CERN have been busy teaching their AI to identify threats on their network and to take appropriate action against them. This is no easy feat when one considers the resources that CERN requires to operate its Large Hadron Collider and Worldwide LHC Computing Grid. The LHC collects a truly vast amount of data–around 50 petabytes between the beginning of 2017 to June–and shares it across a network of 170 research facilities worldwide, also providing computing resources to these facilities as needed. This creates a unique challenge to maintaining cybersecurity–how to maintain computing power and storage capabilities while keeping the global network secured. As a result, CERN is turning to AI and machine learning to allow their security to identify between typical network activity and that of a more malicious nature. While CERN is still testing its new artificial intelligence, there are ways that businesses can leverage similar concepts to help protect their own networks. As of right now, when we say AI, we?re not talking about machines with human-like qualities you?d see in movies today. CERN isn?t going to be teaching their security AI the concept of love and friendship anytime soon. Instead, it?s actually a very simple tool you probably use every day. Take Google, for example. When you do a Google search, you are getting results that are indexed and categorized without the direct influence of a human operator. Google?s computers crawl the Internet and use machine learning and hundreds of various factors to deliver the search results most relevant to what you need based on a whole slew of conditions. The benefit of using this form of AI means results are delivered incredibly quickly, and a mind-numbing amount of data can be collated and delivered at the blink of an eye. If Google employed humans to deliver search results, the system would be flawed by human biases, the costs of employing so many people to meet demand, and it would simply be slow to get the results on-demand. AI empowering security could quickly scan for flaws on a network, run ongoing penetration tests, and constantly patch vulnerabilities. It could work day and night to improve spam and firewall capabilities. AI would have access to a lot of security resources and be able to react much faster, making it harder for hackers to overcome. Although we?re a long way out from seeing something like this fully implemented, we?re already seeing a lot of virtually intelligent systems collating and delivering data, and we can?t wait to see more? Just as long as we don?t flip the switch on Skynet. Do you think that AI is a viable resource to keep business networks secure, or is the technology […]

If you?ve watched the news lately, chances are you?ve seen the Equifax breach and the ridiculous fallout it has caused. Over 133 million personal records have been stolen. While it?s difficult not to feel individually victimized by such a breach, it?s important to remember that it?s often not your specific credentials targeted by hackers. Since businesses often hold onto valuable information, they have big crosshairs painted onto them. It doesn?t even stop there–any vendors or partners you deal with are also in danger of hacking attacks. The Equifax breach, which resulted in 143 million records being stolen, has many people concerned about their data security and data breach notification laws–and rightfully so. One of the biggest points of contention with the Equifax breach was that it took so long for them to notify the public following the incident. We?re not here to argue the ethics of Equifax?s decision to withhold information on this breach–we just want to make sure that you understand the technicalities behind why it was acceptable for them to wait before notifying their customers. State LawsAt the time of writing this, 47 of the 50 states in the United States have data breach laws, with the only holdouts being Alabama, New Mexico, and South Dakota. While Alabama and New Mexico have at least introduced bills regarding data security and notification, South Dakota has yet to do so. Another issue comes from the fact that these laws are state-exclusive with no unifying standards. Therefore, the laws could be very different from state-to-state. For example, New York?s law demands that notification of a breach should be given as soon as possible and without any unreasonable delay. Wyoming?s laws, on the other hand, require that notice of the breach be reported within a reasonable amount of time that does not exceed 45 days after the company is made aware of the breach. Florida requires notification within 30 days. These notification deadlines aren?t necessarily steadfast, either. Did you notice how each of them allows companies to delay notification if there is a valid cause? Depending on the state, there may be various reasons for delay in notification. For example, criminal investigations and national security are both perfectly valid reasons to keep a notification of a breach delayed. Federal LawsWhile there is no data breach law on the federal level, there are various industry-specific regulations. For example, there is the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA), both of which have specific data breach policies enforced by the federal government. Unfortunately, there is no federal law which spans a general data security policy, so states will be dealing with these issues in their own ways. Due to Equifax being a financial institution, it?s expected to hold fast to the standards put into place by the GLBA. Since the GLBA doesn?t have a deadline to inform affected users, Equifax technically adhered to the regulations. In the eyes of the law, they did nothing wrong–even if they should have been morally obligated to inform users as soon as possible. Even though there are different notification laws for each state, there are other aspects of data security laws that vary based on both the industry and the state vs federal level. Every state has different policies regarding who the laws […]

It?s football season once again, and this year, we want to show you how to set up Cortana to follow your favorite teams–football or otherwise. It?s actually easier than you might think! Before we begin, remember that this only works on devices that have Cortana, so it will likely need to be set up on your Windows PC. First, you?ll want to tell Cortana which teams to follow by going through Cortana?s Notebook. You can find the notebook by clicking in your Search bar at the bottom of the screen, which will open up your Cortana interface. Right underneath the Home icon in the Cortana window, you?ll see a little notebook icon that you?ll want to click on. The next step is to share your interests with Cortana so that you can use the application to track your teams. Once Cortana is set to view your interests, you can scroll down in the notebook to the subsection Sports. Under the Teams I?m Tracking section, you should select Add a team. The next step is just to search for your team and find it in the search results. On the next screen, make sure to check the buttons that display the scores and notifications on your device. Once you?re all set, click the Add button. To add more teams, just repeat the same steps. To get more value out of Cortana, you can do the same for media like television, movies, news, and so much more. Keep in mind, however, that you should use Cortana with a grain of salt–especially if you value privacy. Microsoft has been at the head of this argument for quite some time over its use of data collected via Cortana, so choosing to give up this information to the application should be a conscious decision made only after careful consideration. What are some of the teams you?d have Cortana follow? Share your thoughts in the comments below.