1. The greatest threats come from the inside. Angry or troubled employees pose the greatest threat to a company’s digital integrity. The oil and energy exploration company, EnerVest, discovered this after an employee who was on the verge of being terminated purposely deleted years of historical data from the company’s file servers and backups. EnerVest did not discover the loss until well after it occurred, and it was never able to recover the data.  2. Size is irrelevant. A company that relies on its small size or limited exposure to the online world can still be a stepping stone for hackers who are searching for a bigger prize. Through a hacking process known as “leapfrogging”, a cybercriminal can gain access to the digital networks of a small vendor and then use that access to break into a larger customer’s digital environment. Hackers recently used this technique to break into a White House server that housed scheduling and other non-critical information about the President’s daily activities. The hackers first gained access to State Department servers and found a channel into the White House through those servers. Smaller companies that do not have strong cyber security systems often provide an easy entry point for hackers that are targeting larger organizations. 3. Hacking is inexpensive and hacking expertise is easy to find. Cybercriminals now sell their expertise on the “dark web” and through other obscure platforms. Someone with limited knowledge of the workings of networks and IP addresses can purchase a “cyberbot” for as little as a few hundred dollars that can initiate a widespread distributed denial of service (“DDoS”) attack to shut down servers at a particular IP address location. While those servers are overloaded with login attempts and cyber defense teams are distracted with their efforts to shut down the DDoS attack, the hackers can then more readily sneak into a network to steal critical data. 4. Digital alarms fail to provide advance warnings of attacks. Hacking expertise has increased in sophistication such that an organization might not discover a network incursion for weeks or months after the hack was initiated. Hackers can install key stroke loggers and other monitors into a network to steal passwords and data over long periods of time. The damage from this type of data loss will not become apparent until long after the thefts have occurred. 5. Redundant internal systems cannot stop modern hacking techniques. Hackers inevitably rise to the challenges presented by every new internal cyber security technique. In-house security teams place too much reliance on their internal systems and fail to adapt as quickly as the hackers do to new tools and hacking methods. Regardless of internal cyber defense expertise, no organization can remain fully and adequately prepared for all external hacking threats. Managed IT service companies like those provided by White Mountain IT are a stronger solution to the new and advanced cyber security threats that arise every day. Please contact us for more information about how our managed IT services can enhance the cyber security of your digital environment.

In a culture where people take great pride in car ownership and driving skills, it?s no wonder why self-driving cars are a tough sell. After all, when riding in a self-driving car, you?re essentially giving up complete control of what happens on the road. For many drivers, that?s a scary thought–as evidenced by this elderly woman experiencing automated driving for the first time. Despite the sheer terror associated with handing over the wheel to a computer, the technology behind self-driving cars (advanced driver assistance systems) can already be found in many of today?s vehicles. Plus, new forms of this technology are being added to the latest vehicle models. Here are some examples of ADAS technology from Wikipedia: Adaptive high beamAdaptive high beamGlare-free high beam Adaptive light control: swiveling curve lightsAutomatic parkingAutomotive navigation system Automotive night visionBlind spot monitorCollision avoidance system Crosswind stabilizationDriver drowsiness detectionDriver Monitoring SystemElectric vehicle warning soundsEmergency driver assistantForward Collision WarningIntersection assistantHill descent controlIntelligent speed adaptation Lane departure warning systemLane change assistancePedestrian protection systemTraffic sign recognitionTurning assistantVehicular communication systemsWrong-way driving warning How many of these ADAS systems can be found in your own vehicle? One way that the automotive industry is currently taking advantage of ADAS technology is to have it assist drivers when needed. This is a much different approach than using it to fully automate the entire driving experience. As seen by companies like Toyota with their ?Guardian Angel? program, ADAS technology can be effectively used to assist drivers. This is achieved by having cars learn the driver?s habits for the sake of providing them feedback on becoming better motorists, as well as having the car take complete control of the vehicle in order to prevent a crash. The goal here is to leverage this technology to improve safety, and ultimately, reduce the number of deaths associated with car crashes (30,000 deaths per year in the U.S.). Of course, the current challenge faced by developers is to know when it?s appropriate for the car to take control away from its human driver. Gil Pratt, CEO of Toyota Research Institute, explains to CIO, ?Your car may someday warn you several times about a particularly dangerous driving habit you have before taking control of the wheel. Autonomous driving capabilities are measured on a government scale of zero to four, with zero being no automation, and four being fully automated. The focus of most of the discussion among car makers today is how far up the scale they should go and how quickly. There’s a lot of discussion in the industry whether we go incrementally up the scale or whether we jump.? Eventually, this technology will be fully realized and mass produced. In fact, CIO reports that, ?The U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) and the Insurance Institute for Highway Safety (IIHS) announced earlier this year that 20 automakers have pledged to make automatic emergency braking (AEB) standard on their cars by 2022.? Like other useful technologies that the public was initially skeptical or even scared of (like electricity and airplanes), it will just take time for people to get used to it. What about you? How willing are you to ride in a self-driving car? Would you trust assisted-driving technology to take over for you when the situation on the road becomes dicey? Share with […]

How CEO Email Fraud Works In a CEO email scam, fraudsters use LinkedIn and other sources to glean information about a company’s CEO or other top executive. They gain insight into how to pose as the CEO or executive in order to send a convincing email to an employee ordering an immediate bank transfer. It works because the email uses specific language that persuades an employee, who is often eager to do a good job and please the boss, to initiate the urgent transaction. Scammers often send the fraudulent email when the boss is traveling out of town, making it seem all the more genuine. These cyber criminals are well-organized and understand the structure and practices of the businesses they attack. They may also impersonate a trusted business partner such as a lawyer, auditor, payroll representative, or outside accountant. They directly contact a manager or employee in accounts payable using language that Deloitte reports incorporates these persuasive techniques: Authoritative Order: It is an order to do this Secrecy: This project is still secret and its success depends on this transaction Responsibility: I count on you for your efficiency and discretion Pressure: The success of the project rests on your shoulders To make matters worse, it is unlikely that criminals will be caught perpetrating CEO email fraud. Email sources are easily blocked by sending them through anonymous proxy clients or virtual private networks.  Steps to Prevent CEO Email Fraud Criminals also find other ways to gain access to the sensitive information needed to add convincing details in the fraudulent emails. Some victims reported to the FBI that they first received ?phishing? e-mails requesting details about the business or individual being targeted such as names, travel dates, etc. Others were victims of various Scareware or Ransomware cyber attacks prior to the BEC incident.  Global Risk Insights points out, “CEO email fraud is one of the least sophisticated social engineering schemes. It is low cost, low risk, and can generate high rewards.” It is important that your company develops internal IT policies and accounting procedures to help detect and prevent these simple yet devastating scams.  Education and Awareness Educate employees about the means and methods criminals use to commit CEO email fraud. Simply becoming aware of the fraud is highly effective in detecting it. The scam relies heavily on preying on people’s judgment and desire to do a good job. Discussing ahead of time the potential for exposure to CEO email fraud builds an employee’s confidence in handling the situation. This will help them make the right decisions if it actually does occur. Two-Step Verification Process Implement a policy requiring that significant transactions requested by email must also be confirmed through telephone verification. It is important that employees don’t use the phone numbers provided in the suspicious email. Rather, they should use established contact information to reach the person who is allegedly requesting the transfer. Contacting the person directly by cell phone is preferable. IT Prevention Methods The FBI recommends several methods IT can help prevent intrusion by cyber criminals. Incorporating these tips into your company’s policies makes good business sense and increases communication security. Delete Spam: Immediately delete unsolicited email from unknown parties. Do not open spam email, click on links in the email, or open attachments. They often contain malware to gain access to your entire computer system. Forward vs. Reply: Do not use […]

1. Employees expect professional IT support, and they don’t seem to care how your company provides it. Your employees can be receptive to getting help from off-site support technicians. Bottom line, they want to submit a helpdesk request and receive a solution as soon as possible. This is especially true if the technical problem they have involves something they should already know or involves a technology solution that isn’t working according to its design. If you’ve ever worked in an organization where it takes days to get a resolution to a helpdesk ticket, then you can appreciate why expert IT support matters. 2. Customers benefit from employees who are supported in their jobs, especially in their daily use of computing tools. Think back to your office job two decades ago. It took ten minutes to boot up your computer and wait for all desktop applications to open. You had plenty of time to return phone calls and review old paperwork. You probably spent much less time responding to email. All of the modern communication tools were in their earlier stages or didn’t exist. In that environment, you would spend hours working in Microsoft PowerPoint to finish a report, and you weren’t accustomed to instant results. Technology moved slowly. Today’s employees consult multiple information sources on their smartphones and computing devices. They make rapid decisions. They have tight deadlines, and they have to accommodate demanding customers who can monitor their work, so to speak. They can’t afford to deal with server downtime or their inability to make an application respond to their request for information. They need expert IT support regardless of the time of day or night. They have a whole new set of tasks that will require their attention tomorrow.  3. We can help managers alleviate their employees’ IT concerns. The key is to help your employees become more efficient now by supporting their business applications. What we love about working in IT managed services is that we can easily scale our services up or down to fit your organization. We have our own IT experts running our consultancy, our helpdesk, maintaining our data centers, and performing many other tasks. We can offer as much or as little support as your company needs to get through the day. It’s starts with setting up the right service agreement and letting our people work for you. We have some secret strategies that help us to keep our rates for managed IT services cost-effective even for small and medium businesses. We can take the time to explain our services in ways that fit your present business model. In 2017, give your employees the gift of professional and responsive IT support. We will gladly write your business a competitive plan for IT services that fits your current business needs and keep up with the provisions of your service agreement. For more details on getting cost-effective and professional IT services, please contact us today.  

Windows 10 lets you schedule your updates with its Anniversary Update. This is thanks to the Active Hours feature, which lets users set times to update when their PC will most likely not be in use. By effectively using Active Hours, you can essentially set a restart schedule to make sure that the Anniversary Update doesn?t initiate an unplanned restart. First, make sure that you have the Anniversary Update installed, which you can do by going to your PC settings. If you need to install this update, you can do so through the Update Assistant, which can be found here: https://www.microsoft.com/en-us/windows/features Once you have the update, just follow this guide to set up Active Hours. First, click on the Start menu and navigate to Settings. If you want to do this with minimal difficulty, just press the Windows Key + i. After that, go to Update & Security. In the Windows Update tab, you?ll see a link where you can Change active hours. Click it. You can then set your active hours, but keep in mind that any times that exceed 12 hours cannot be plugged in. Finally, click Save. Your PC will now only install updates during the hours that you have set. Still, it?s imperative that you keep in mind that this only applies to a 12-hour period. If you?re working on a major project that demands more rigorous working hours (like an overnight binge), you?ll want to take measures to make sure that this doesn?t happen while you?re in the middle of a task. To do this, you can adjust your restart settings by staying in the Update & Security menu of your PC?s settings. Click on Restart options. Turn this feature On. Finally, set the time and day that you want Windows to install updates. You won?t have to save anything, so as long as you make sure the switch is turned On. If you notice that the switch is grayed out, this means that you don?t have any updates available, and therefore, shouldn?t be concerned about updates becoming a problem and forcefully restarting your computer. Just check back from time to time if you find yourself needing to run your PC during your scheduled restart time. For more tips and tricks, reach out to White Mountain IT Services at (603) 889-0800.