Encryption has become a very important part of maintaining an acceptable standard of security while browsing the web and storing data. Large enterprises and organizations have been using encryption for a long time, and even the average consumer uses encryption each and every time an online purchase is made. Did you know that the protection afforded users by encryption is made possible thanks to security certificates? Websites that have security certificates take advantage of HTTPS, which stands for Hypertext Transfer Protocol with an S at the end for security. These certificates are used to provide security for a website?s visitor. Ordinarily, when a user plugs data into a form, like an email address or Social Security number, this data wouldn?t be protected while in transit. However, thanks to most organizations that collect this type of data now having security certificates on their websites, your data is safe. For examples of how HTTPS is used, look no further than banking websites or just about any online retailer like Amazon or eBay. A great way to describe online encryption is by comparing it to a pipe. With a normal HTTP connection, your data is traveling through a transparent pipe. Anyone looking at it from the outside can see that which flows through it. Hackers can spy on it and steal data while it?s moving from one location to the next. If you?re using an HTTPS connection, however, the pipe has more of an opaque tint to it. While you can still see the insides, it?s unclear what is traveling through it and very difficult to get a clear glimpse of it. This is why it?s so difficult for hackers to take advantage of encrypted data. They might have the data, but it?s often so jumbled and difficult to piece together that it?s not worth the effort, or impossible, to decipher it. While you can?t expect your employees to understand the finer details of how HTTPS works, you can expect them to understand online security best practices–especially those which pertain to keeping credentials like passwords and usernames secure. Make sure that your employees know not to input sensitive data into websites without first checking for these security identifiers. Make Sure It Has a Security CertificateBefore plugging in a password or sensitive credential to a website, make sure that it?s protected by a security certificate. To find out if it?s equipped with one, look for a green padlock icon that appears next to the URL?s name in the address bar. Granted, even if it has a security certificate, you want to check which type of encryption it?s using, as there is a significant difference between SSL and TLS. For example, SSL is vulnerable to threats like POODLE (a man-in-the-middle exploit), making TLS a more desirable protection. Be Wary of Suspicious URLs and DomainsHackers will often create fake sites that are designed to mimic a reputable organization?s own website, only it will be designed to harvest credentials. These sites might have misspellings in the domain name, or numbers in the place of letters to make it look as legitimate as possible. Before plugging in your credentials, make sure that you?re actually looking at the organization?s website. Be sure to check the domain and cross-reference it with the information that you have on file. For more […]

Vizio (which was acquired last year by LeEco) was fined by the Federal Trade Commission for collecting data on its users about what their televisions were displaying, down to the second! To make matters worse, this monitoring extended beyond the built-in smart TV apps. Literally, whatever the TV displayed, Vizio knows. We?re talking over the air broadcasts, cable set-top boxes, the TV?s IP addresses, even DVD players. The fine levied against Vizio by the FTC totaled $2.2 million. Plus, a federal court ordered Vizio to delete any data it collected before March of 2016. Prior to this date, Vizio TV owners were uninformed by the company of the data collection practice. Now, however, Vizio?s customers can find information on the company?s data sharing practices in the automated content recognition section of their TV?s settings menu. To help make amends, Vizio began sending users on-screen notifications on viewing data collection practices, a feature they initiated before the settlement was announced. Vizio General Counsel Jerry Huang said in a statement, ?Instead, as the complaint notes, the practices challenged by the government related only to the use of viewing data in the ‘aggregate’ to create summary reports measuring viewing audiences or behaviors. Today, the FTC has made clear that all smart TV makers should get people’s consent before collecting and sharing television viewing information and Vizio now is leading the way.? What was Vizio doing with all of this detailed data? In a best-case scenario, the company would use data on the product?s usage to better understand the resilience of its hardware (like how often the TV is turned on and off) so they can make improvements on future models. Although, it?s more likely that the collection of such detailed data was sold to partners for marketing purposes. Data collection practices like these make for a very lucrative industry, so it?s no stretch of the imagination to see how Vizio would want a piece of this pie. While the ethics of data collection can be debated, it?s clear that, in retrospect, Vizio would have been better off giving customers the option to opt in or opt out of its data collection practices. Does the revelation of Vizio?s actions make you think twice about how you use your own Internet-connected devices? Or have you let go of any semblance of privacy long before the FTC handed down this ruling? Share your thoughts with us in the comments below.

Staying on top of updates must happen routinely This is one of the major shortcomings of break-fix IT companies. If the only time they come and work on your IT equipment is for a repair visit, it?s unlikely that they will make a special trip to your office to install needed software updates as soon as they?re released. And why would they, when their entire business model revolves around your equipment breaking down? Instead, you need someone assigned to the task of staying on top of the latest software updates, which includes both knowing when the updates and patches are scheduled to be released, as well as applying them in a timely manner that won?t disrupt office productivity (applying updates after-hours is preferable). Does your IT staff even have time for routine maintenance? For many organizations, keeping software up-to-date is the job of the in-house IT staff, and given the negative ramifications of mishandling these updates, it?s not a task to give to an employee lacking technical training. Alternatively, if it?s not in your budget to onboard new IT staff, then you can outsource this responsibility to a managed IT service provider. The managed service advantage is that you?re getting trained technicians to remotely apply your network?s needed updates, and at an ideal time that fits your company?s schedule. As a bonus, for businesses that do have an IT department (but find their IT staff is overstretched from having to do routine tasks like applying updates), White Mountain IT Services offers a co-managed IT service where our techs work with your techs to take care of the small stuff, so your team can be freed up to work on important IT initiatives. Thinking beyond updating your security patches, you need to stay on top of all available updates for your company?s technology. Here are just a few technologies that technicians look at when determining what needs to be upgraded. Operating systems: We all have our favorite operating systems, but clinging to an OS after the manufacturer stops supporting it (simply because it?s preferred) is a dangerous move that opens up your network to all kinds of trouble. In order to have your OS offer adequate protection for your business, it must be supported with patches and security updates. Legacy applications: Upgrading software can be tricky because an update that?s untested has the potential to clash with a legacy application and cause some serious downtime. For example, you shouldn?t overlook how application upgrades running locally on PC hardware can also influence whether or not end-user hardware requires an upgrade. Therefore, be sure to look into the upgrade requirements (such as processing power, memory, graphics, etc.) before clicking the install button. This is one reason why many businesses prefer hosting their legacy applications in the cloud; to protect workflows from the unintended consequences of a bad upgrade. Hardware quality: Computer hardware requires some update love too. Eventually, computers break down. By not staying on top of your hardware, you?re opening yourself up to faulty equipment hindering productivity, or even dreaded downtime. If you?re currently facing a need to upgrade your hardware, then now is a great time to consider making the move to the cloud. By hosting your applications in the cloud, you?re able to access the data you need with inexpensive hardware like thin […]

Most businesses will collect data from both clients and employees for various purposes. For example, your human resources department will collect Social Security numbers, dates of birth, and perhaps even routing numbers for your employees? direct deposit. Since you?re collecting all this data, you become a very lucrative target for hackers. On the other hand, if you collect payment details for your clients, those are also at risk, and any employees handling this information will be responsible for protecting it. Therefore, you need to implement policies that are designed to protect your business?s data, and reinforce them with established best practices. We?ll break down some of the basic ways that your business can make data security a top priority. Consider a Paperless PolicyIf there?s one thing that an identity thief loves to take advantage of, it?s a paper trail. Consider this: how often have you received something in the mail like a bank statement that you?ve simply thrown out? These documents could then be found later on by someone sifting through the trash. The same can be said for sensitive documents that are left out in the open in the office. Another thing to note is that physical documents don?t have access logs that can tell you if they?ve been examined by unapproved users, making digital storage arguably a better option for managing risk. Never Leave Workstations UnattendedThere is a lot that can go wrong when you don?t protect your organization?s workstations with passwords. While the threat of a coworker attempting a harmless prank by messing with your settings isn?t necessarily malicious, there is always the chance that someone will gain access to sensitive data that they?re not supposed to see. This risk can include non-employees that find their way into your office. Equip Your Business with Enterprise-Level Security SolutionsWhile you can enforce all the best practices that you want, do you know how to handle a data breach? One of the most important parts of protecting your sensitive data is to implement security solutions like firewalls and antivirus to keep threats out of your network. You can implement a Unified Threat Management (UTM) solution, which includes enterprise-level firewall, antivirus, spam-blocking, and content-filtering solutions to maximize your resistance to data breaches. Train Your Employees on What to Look ForEver since email became a thing, there have been scammers out there who want to take advantage of unaware employees and regular PC users. While the best spam blocking solution available will help to ensure most spam doesn?t make it to your inbox, the messages that do could be targeted spear phishing attempts designed to trick your users. To protect against these, train your employees to identify them. For example, is the message is unsolicited? Does it ask for sensitive information? Does it come from an email address that you have on file? Cross-checking these details is an important practice that your business can?t afford to overlook. Are you ready to take the next steps toward protecting your business?s identity? To learn more about our proactive security services, reach out to White Mountain IT Services at (603) 889-0800.

This service–hardware procurement–is one of the best ways that your organization can save money when performing a technology revamp for your office. Considering the fact that nothing lasts forever, including your workstations and server units, you?ll need to have a plan in place just in case you need to replace a workstation in a pinch. This is what hardware procurement allows for, as it presents a much more affordable alternative to purchasing hardware solutions outright. Procuring New HardwareNormally, procuring new hardware can break the bank and cause a problem for months, or even years. Despite this, hardware refreshes are an important part of ensuring that your network is functional. How can your organization take advantage of these helpful practices without limiting your business?s IT budget in the future? One way that you can get around this roadblock is by working with your IT provider. Depending on your service agreement, you might be able to procure hardware at a more reasonable price, perhaps even at a flat monthly rate instead of a large up-front cost. We like to call this Hardware as a Service (HaaS), and it provides businesses more freedom in their budget and lets them take advantage of the latest and greatest technology solutions without going over the edge. If you?re unsure if White Mountain IT Services provides this service, be sure to ask. Start with an AssessmentIf you?re unsure of where you stand in terms of hardware procurement, we know where you can start. An assessment from White Mountain IT Services is a great way to start thinking about a hardware refresh. This takes into account much more than just the condition of your current assets. In fact, it also covers where you hope to be in the near future. This strategy helps your business on track for where you want to be down the road. Upgrading your hardware routinely is also an important part of staying up-to-date with security protocol. Old hardware might not be capable of running more recent versions of operating systems or enterprise software, which will in turn affect your ability to resist threats like malware and viruses. Even if you don?t think you need the assistance with hardware upgrades, an assessment is a great way to see how you can improve the current status of your network. To schedule your IT assessment, call us today at (603) 889-0800.