When looking at your option, you?ll quickly discover that tape backup is the most commonly used method, but it pales in comparison to what a backup solution like BDR (Backup and Disaster Recovery) can do. Granted, having tape backup is better than not having any data backup at all. However, you could be holding your business back and putting your data in jeopardy if you don?t have a more proactive solution. BDR Establishes a Crucial Recovery Point ObjectiveThe recovery point objective is the time it takes to have a successful restoration of your business?s data infrastructure following a disaster. How much data can you afford to lose following a breach or data loss incident? Of course, the answer to this question should be zero, or a negligible amount, but tape doesn?t allow for this. With tape backup, you could easily lose an entire day?s worth of data, since tape backups are so resource-intensive that they?re often performed after hours. Alternatively, cloud-based BDR takes backups of your data as often as every fifteen minutes, and since they only take snapshots of data that?s been changed since the last backup was taken, this process is minor enough to not interrupt operations. BDR Allows for a Fast Data Recovery Speed Tape backups are often so large that they could take anywhere from a couple of hours to an entire day to deploy. This means that you?ll be experiencing more downtime–i.e., time not spent working as intended. Compound this by the number of employees you have and you have a significant cost that could break your budget. Thus, it makes sense to take measures that ensure you experience minimal downtime. This is the advantage of cloud-based BDR. Since your data can be recovered instantaneously through the cloud, you can get back in business as soon as possible following an incident. Plus, you don?t have to worry about not having extra equipment on hand to access your restored data, as the BDR device itself can serve this purpose. BDR Offers Off-Site StorageOften times, organizations using tape backup will store their backup tapes on-site. While this is convenient, it can become problematic in the event of a crippling disaster such as a fire or flood–one that damages your facility. Backing up locally on your network can also be problematic, as you could lose access to your network for a host of reasons. This is why off-site storage is considered a best practice. With BDR, your data is stored both off-site in a secure data center, and in the cloud for easy access, making it an ideal solution that places your data at minimal risk. To learn more about our Backup and Disaster Recovery solution, reach out to White Mountain IT Services at (603) 889-0800.

A new malware swept across the globe Tuesday, incorporating facets of many ransomwares that have made headlines recently. While it originally appeared to be a variant of the Petya ransomware, it has been determined that it shares more in common with WannaCry. However, ?NotPetya,? as it has been named, has a few additional features that experts say make it worse than either of its predecessors. Why NotPetya Isn?t Really a RansomwareThe first clue that researchers had that NotPetya had a different motivation was the fact that the ransom only demanded the Bitcoin equivalent of $300. Secondly, the only means of getting the decryption key was to send an email to an address hosted by German email provider Posteo. Despite the lack of preparation the payment method appeared to have, NotPetya itself was clearly designed to be able to infiltrate as many networks as possible and do maximum damage once inside. A Hybrid Hacking AttackSince the attack commenced, researchers have ascertained that despite its initial similarities with Petya, NotPetya shares many traits with other malicious programs. Like WannaCry, the attack that affected much of Europe, NotPetya leverages EternalBlue. EternalBlue is a National Security Agency hacking tool that targets unpatched systems and steals the passwords that allow administrator access. In addition to EternalBlue, NotPetya also utilizes EternalRomance, another code that was stolen from the NSA. Once NotPetya has infected one computer, it extracts passwords from its memory or the local filesystem to allow itself to spread–including onto updated and patched Windows 10 systems. How To Protect Your FilesFirst off, don?t expect that you can retrieve your files just by paying the ransom. Even if those responsible for NotPetya intended to keep their word and return them once paid, Posteo has shut down the provided email account victims were to receive their keys from. As a result, unless a victim was already following certain best practices, their files are as of yet unrecoverable. However, this does not mean that everyone is vulnerable to this attack. Before the EternalBlue and EternalRomance exploits were distributed on the dark web, Microsoft had already released patches for the vulnerabilities. However, if these patches were not applied, a user?s systems were (and are) still vulnerable. The best method to avoid infection from this kind of attack is to ensure your users understand the importance of cyber security efforts, and that all of your business? systems are reinforced against the latest threats by keeping your defenses up-to-date. Furthermore, even an infected user is not without hope if they have been backing up their files. If they have done so, all they have to do is disconnect their computer from the Internet, reformat their hard drive and restore their data from their backup solution. However, for this to work, you have to also be sure that your backups are up-to-date, and that your backup is stored in an isolated location, separate from your network. White Mountain IT Services has the experience and expertise to help prevent you from becoming a victim of a malware like this, whether we help you manage your backups or help educate your users to avoid attacks like these in the first place. Give us a call at (603) 889-0800 today.

Before Proceeding: We strongly advise against disabling the Windows Password Screen, under all circumstances. What may seem like an inconvenience that wastes your time, may actually prevent your personal data from falling into the wrong hands. Furthermore, an additional word of caution: this scenario works best for a personal PC that not on a network of any kind, has minimal chance of theft, and only a single user. If you try to enact the following steps on a workstation, you may find that you can?t, due to network settings. When making such major changes regarding the security of your work computer, be sure to first check with your IT administrator. We also don?t recommend doing this to a laptop you travel with. If you’re okay with the risks to your data security, here’s how to get started: Press Windows+R and then type netplwiz in the form. Then click OK. This will open the User Accounts window. Deselect the box for Users must enter a username and password to use this computer. Next, with the account selected that you wish to disable the Password Screen for, go ahead and click Apply. This will take you to a new window where you will be prompted to enter your password. Do so, enter your password a second time, then select OK, and OK again to exit the User Accounts window. By following these steps, your changes should now be applied. To find out for sure, restart your computer. Upon rebooting, you should now be taken directly to your desktop, completely bypassing the Windows Password Screen. By disabling this screen, you?ll save time from having to remember and enter your Windows password each and every time you access or restart your PC. For more PC tips and best practices, check back at our blog every week.

Seeing just how much this issue monopolizes an employee?s workday, there are many different angles you can take to tackle this problem and streamline operations. One of the biggest areas you can start with happens to also be a medium that you personally have the most control over, meetings. For starters, making meetings more efficient means thinking about how meetings are actually run. Now, you?re likely already doing this to some extent. After all, no leader just shows up to a meeting without a plan or some sort of agenda in place. Instead, we?re suggesting that there?s value in taking a step back and reevaluating the purpose of your meetings. Upon doing so, you may discover that the goal of your meetings can even be achieved in better ways than having everyone gather in one room. If this is the case, then you may be able to forgo the meeting altogether. This is a helpful exercise to go through because of how easy it is to get stuck in the rut of ?meeting for the sake of meeting.? Once you?ve made the determination that having a meeting is the best way to achieve your goal, you?re next going to want to communicate the purpose of the meeting to all who are involved. When everybody understands what the intended outcome is regarding why they?re gathered, everybody will be on the same page and wasting time by getting off topic will be minimized. As a bonus, this move will help you wrap up meetings earlier. This could even help change the way certain employees think about meetings, particularly workers that may be so tied to their schedules that they feel obligated to keep a meeting going until it?s scheduled to end–even if the goal was achieved early on. It should go without saying that ending a meeting earlier than scheduled will lead to workers being able to spend more time, you know, working. Another proactive measure you can take to streamline your meetings is to create an outline and send it to everyone at least 24 hours in advance. By doing this, participants will know what to expect and be able to provide quality input before and during the meeting. This due to the simple fact that they?ve had adequate time to run through the meeting in their head and formulate thoughtful questions and responses. As a bonus, you can send information to the participants relating to the topic at hand, and ask them to have it read before the meeting, sort of like assigning homework. This will make meetings feel less like everyone is ?shooting from the hip,? and more like all involved are contributing in meaningful ways. When the meeting ends, you can streamline the process further by getting honest feedback. By taking time to hear the participants’ thoughts on whether or not the goals were met, and what ideas they may have about improving how meetings are run, you?ll be able to tweak and enhance future meetings based on such feedback. Of course, when it comes to streamlining communications around the office, equipping your workforce with the right technology can be a tremendous help. For example, technology can serve as an aid to make meetings more efficient, like utilizing video conferencing tools so people can participate in a virtual […]

The responses we?ve seen over the years is either employers trying to curb it by supplying company devices, or nixing mobile devices altogether. Both of these options have some serious side effects that must be taken into consideration. I?ll Just Issue Business-Approved Mobile DevicesDepending on the kind of work your employees do, this might be a good perk. You can take serious considerations into the platform (iOS, Android, Windows), contract terms, and how the company will control and protect its data. You can also map out how you will separate work from personal use on the device, clearly lay out what you can do and what the employee can do, what happens if the device is lost, what happens if the employee quits, etc. The problem with this method is that it?s often seen as a quick fix. Throwing money at this problem and forcing employees to use work-issued devices won?t solve the problem of controlling data without putting together the plan. Plus, while statistics do show that employees aren?t necessarily unhappy with corporate devices, if they feel strong-armed into using a device, the staff who were using their own devices to actually work harder and more effectively might feel slighted. That said, other employees might like the idea of getting a new smartphone on the company?s dime. It?s really going to depend on your employees and company culture. I?ll Just Ban All Mobile Devices in the WorkplaceIt?s a big ultimatum: no email access, no file access, no messengers, no note-taking, no mobile devices, period. Anyone caught using a personal device will be penalized or written up. You?ll certainly protect your data this way. Chances are though, you?ll also create agita with staff who were really just trying to do their jobs better. Employees won?t think about the ramifications of lost data, they will just think their boss is making it harder for them to be effective. Fortunately, most employers haven?t resorted to this, but it still happens. Beyond just stirring up emotions, this can drastically set your company back compared to competitors that are welcoming mobility and benefiting from it. It Sounds Bad, But There are OptionsThere is a middle-ground between banning devices altogether and enforcing company-issued devices. Policies can be put in place that protects company assets like email and access to data while respecting the privacy of your employees. Employers can push policies – like enforcing users to set up passwords, patterns, or pins to log into the device, grant the ability to revoke access to email, and even wipe the device remotely if it is lost or stolen. Personal laptops can be granted company antivirus and remote monitoring, or better yet, employers can offer a VPN or hosted desktop solution so they won?t have to worry about the state of the device. The latter can also address other needs such as software licensing and accessing company data while on public Wi-Fi. White Mountain IT Services Can HelpThe best way for a business owner to handle mobile devices in the workplace is to implement a BYOD strategy–one that addresses every security risk while enhancing all the benefits of mobile technology. Every business is different, which is why it?s best to have a consultant like White Mountain IT Services work with you to develop a BYOD strategy that?s tailored to enhance your company?s goals. […]