In a recent security report released by security company phishd by MMR InfoSecurity, the company simulated attack campaigns targeting almost a million users. ITProPortal reports that ?Almost a quarter of users clicked a link to be taken to a fake login screen. Out of that number, more than half (54 percent) provided user credentials, and 80 percent downloaded a file.? These findings translate roughly to more than 10 percent of targeted users falling victim to the first two stages of the simulated attack and disclosing their user credentials. When you compare this rate to a traditional hacking method like spam email where the success rate is a fraction of a percentage point, you can see why hackers and scammers are turning to social media in droves. Diving deeper into this study gives business owners even more reason to worry. James Moore, Managing Director of phishd by MWR InfoSecurity, observes, ?More concerning is that out of those targeted with a social media request or a promotional offer, more than 10 percent downloaded a potentially malicious file via their corporate email accounts.? This means that a significant number of users have connected their social media activity to their work email accounts, a bad move that increases the risk of a company experiencing a data breach. This study highlights the importance of businesses safeguarding their data by including strategies to protect them from phishing scams. Ultimately, this requires a multi-prong approach. In addition to implementing standard security tools like antivirus, spam blocking, and content filtering (which you can use to block social media websites on your network), you?ll want to include training so users will know how to spot a phishing scam, be it found on social media or elsewhere. Otherwise, hackers will utilize a lure so convincing that a user will bypass all of the security measures you?ve put in place–all so they can take advantage of a bogus deal, connect with a fake Facebook friend, respond to a fake job offer, etc. Today?s businesses must protect their data from threats on every side: social media, email, mobile devices, malicious websites, and more. Is your business prepared to deal with the complex world of network security? If not, then scammers will take advantage of your blind spots and lure your network users into their traps. To make sure that your business is protected from the worst of the web, call White Mountain IT Services at (603) 889-0800.

Here are six measures that you can take when you accidentally crack your screen. Do NothingYes, this is an option if you don?t want to invest in a new screen. It might be tempting to just deal with the cracked screen, especially if the phone still works perfectly fine. If you must bear with the cracked screen, it?s not the end of the world, especially if your contract has yet to expire and provide you with another option. If you think that the screen might start to fall apart, a screen protector can be used to hold it in place. Of course, if the crack is on the outside and your fingers are swiping against the edge of glass, you might need to resort to the next option. Ask Around for a ReplacementSmartphones these days are easier to find than you might think. Since they are often replaced prematurely, someone you know might have a spare on-hand that they are willing to part with. In most cases, all you have to do is move your SIM card over to the replacement and you?ll be able to continue using your device. Keep in mind, typically the replacement needs to be on the same or a similar carrier. Perform a Risky DIY RepairIf you don?t want to buy a new phone or ask around for a hand-me-down, you could always try to replace the screen yourself. There are plenty of resources on the Internet that can help you fix a phone, but only if you?re willing to take some risks. In a way, it?s a very high-risk high-reward investment, so only do this if you want to commit to fixing the device, regardless of whether it works or not. Typically you can find a replacement screen on eBay, but replacing it is about as complex as it sounds. Get Someone Else to Fix ItIf you don?t want to take the risk yourself, you can hire someone to do the job for you. However, taking it to the manufacturer is sure to result in a pricey repair bill. Instead, if you have an IT department or a managed IT provider on your side, they might be able to help point you in the right direction. For companies that are looking to provide smartphones to their staff, a comprehensive insurance plan is important in order to mitigate your organization?s liability. Much like the managed services we provide, insurance will replace the phone with a similar device for a fraction of the cost of replacing it yourself (which will likely cost your business hundreds of dollars). Trade Away or Sell Your PhoneIf you?re willing to invest a bit into a new phone, you can trade it in or sell your old one for a bit of extra cash toward the new one. While this doesn?t really help you fix the screen itself, a new phone can be a gift in and of itself. Just make sure to properly wipe your device of any sensitive data prior to doing so. If you don?t know how, we?d be happy to help. Keep an Eye Out for a Good DealFor the average small business, providing your staff with smartphones can boost productivity, even off the clock. You will be surprised just how much communication and collaboration can be […]

When you turn on your device?s Wi-Fi capabilities, do you ever take the time to look at some of the names of your neighbors? connections? You?ll see some rather boring names as well; some might just use the name of their organization or the family?s name, or even just the default SSID used by the router. The fact of the matter is that a wireless network name that?s easy to gloss over is a best practice for network security. The users who go out of their way to name their Wi-Fi networks something nonsensical have the right idea–making your SSID something that?s easy to miss is a great way to protect your network against possible infiltrators. Think about it this way; if a robber was trying to break into your home and he knew the address, it would make it much easier for him to do so. On the other hand, if he doesn?t know your address and only knows that it?s on a specific street, he?ll have to do some guesswork, which could make all the difference in preventing a robbery in the first place. If there?s one website that showcases just how important an inconspicuous Wi-Fi network name is, it?s WiGLE. This service collected information from the countless wireless networks and places it in an online database that users can search through. WiGLE also offers the ability to map, query, and update the available databases. The information collected by WiGLE can be used for a myriad of purposes, such as research projects, journalism, site surveys, educating the public, analyzing wireless usage, and locating networks that you can connect to while you?re traveling. Now that you know this tool exists, have you asked the important questions yet? If your information is being collected, is it at risk of being stolen and used against you? Should you be worried about someone being able to find your network through an online application? If you don?t want it to be available to the public, how can you remove your information from WiGLE? The service has answered all of these questions in its own FAQs section: ?If your network is in WiGLE and you don’t like it, we’ll take it out immediately, but you should look into making your network harder to detect AND more secure; remember that you’re the one bombarding passers-by with your signal. We aren’t affiliated directly with any particular community or interest (other than our own), but we applaud the efforts of the people who wrote the stumbling software that feeds our project, the people looking to use wireless in innovative ways, and especially the community of people who just dig wireless network access and dig sharing it.? What do you think about WiGLE? If it has you concerned, perhaps it?s time to take a look at your organization?s network connections and see what can be done to reinforce them. To learn more, reach out to us at (603) 889-0800.

What?s Being Done?Wells Fargo has created an initiative that lets members access their accounts through an ATM, even without their ATM cards, through a mobile device. The application in question allows the account holder to receive a temporary pass code that they can use at a Wells Fargo ATM alongside their PIN. At the time of this writing, while Wells Fargo is certainly the one leading the pack in terms of app-based ATM access, there are others who are following suit. These organizations include Chase, Bank of America, and Citigroup, all of which have already started to implement similar measures for their ATMs. However, that?s just the beginning. Wells Fargo?s ATMs also feature near-field communication (NFC), which lets their users access their funds without the need of their card. Users can also use their mobile device to scan their fingerprint, alongside entering their PIN. Only 40 percent of the ATMs are currently equipped with this feature, but it seems to be a great way to help card users in a pinch. Will These Advancements Work?These advancements might be a great way to help users stay more secure, but criminals will still find ways around these functions. This is apparent, as six times as many ATMs have been compromised since 2014. Scammers are also taking advantage of cameras and card skimming technologies to steal information when a bank member accesses an ATM. Some of the more advanced card skimmers can be inserted directly into the ATM?s card scanning mechanism, giving thieves direct access to individual?s account information and security credentials. Even schemes like pinhole cameras can let hackers get a great view of a user?s PIN or card number. To make matters worse, hackers might try to sabotage machines that don?t have their devices installed on them. This forces bank members to use the devices that have been tampered with, putting themselves at risk. Therefore, if you see a group of ATMs and only one of them works, you may want to avoid using it. Even those who have chip-based cards aren?t safe from hackers, as scammers can use a method called ?shimming? to steal the information located on the chip. While this is somewhat rare to encounter, chances are that hackers will eventually be able to streamline the process and it will become more popular over time–especially considering how common chip cards are now. That?s not even mentioning that the chip cards still have magnetic strips, which means that they might decide to just swipe the card. A Couple of ProblemsKeep in mind that ATMs are still rather vulnerable to scammers for a number of reasons. For one, these security features often are only added to the machine?s features rather than replacing old or ailing ones. For example, the Wells Fargo ATMs that allow for temporary PINs will still allow for access with less secure methods. Considering how there are only about 20 million Wells Fargo app users out of their 70 million members, there?s a majority that are still using less-secure features for their banking purposes. Even further, this assumes that those 20 million app users will bother to take advantage of them in the first place. Sometimes a habit can be hard to break, especially when you?ve been using the same technology for so many years. Regrettably, some […]

Today, we want to talk about something that not a lot of businesses would want to think about. What would happen to your organization if it were to suddenly experience a hacking attack? While security solutions can go a long way toward protecting your organization, you still want to make sure that you?re not relying solely on your security tools for protection. Rather, you should always stay vigilant, even if you don?t think something could go wrong. Don?t Get ComplacentWhen you?re protected behind enterprise-level security solutions, it?s easy to think that nothing can harm your business or its data. After all, if you have a Unified Threat Management tool actively monitoring your organization?s network infrastructure, surely nothing could go wrong? right? The unfortunate truth of this matter is that threats will still find ways into your organization?s infrastructure, regardless of how proactive you are about its security. Viruses and malware created by hackers are constantly evolving to wrestle control of your business?s technology from you, so it?s your responsibility to make sure that your solutions are capable of adapting to trends in security. For an example, let?s take a look at threats like trojans or spyware. They will often plant themselves in your infrastructure so as not to be detected. The primary function of these threats is often to steal data or create a window for remote access, so they will be designed to avoid detection from security solutions. The only way to ensure that these threats don?t infiltrate your network and lay low, hidden somewhere, is to monitor access in real time–something that?s often better handled by trained security professionals than an automatic solution. What Happens If Your Security Fails?Let?s face it; nobody expects their security to fail, especially when you go the extra mile to implement powerful enterprise-level solutions. While automatic security measures are enough to protect against minor threats, customized attacks directed right at your business will most likely be able to find a way around them. Plus, keep in mind that you and your IT administrators are not the only ones who will be dealing with cybersecurity threats. Your employees will be, too. Hackers know that the weakest link for many organizations is their staff. A classic example of this is what your employees would do if they received an email that looks a little out of place. Does the employee know how to identify spam messages? If not, they may accidentally click on a link to ?claim their prize,? where they will fill out a form and hand over all of the information a hacker needs to steal their identity. Furthermore, they could accidentally hand over sensitive information. This is why it?s crucial that your business trains employees on how to identify all kinds of threats, including phishing scams, CEO fraud, and spam in general. Network Security is Part of Business ContinuityThe only way to guarantee that your business can continue functioning in the wake of a cyber breach is to ensure that your business continuity plan includes hacking attacks. How can you recover if an unexpected hacking attack exposes sensitive data, or causes you to lose it entirely? White Mountain IT Services can help you with our Backup and Disaster Recovery solution (BDR). If your data is stolen or rendered useless following a hack, restoring it with […]