Clicking on Risky Websites – The web is pretty big, so when an employee has been searching for something and finally manages to find a link, they might not always think about the source. As a result, your network and files could be subject to any number of threats. Be sure to emphasize to your employees that there is such a thing as ?too good to be true,? especially on the Internet. Weak or Personal Passwords – As much as your employees might love their dogs, cars, or a particular date in time, a password is no place to express that love. Also, if they actually use ?password? as their password, they are just begging for trouble. Encourage them to use private, randomized strings of numbers and letters as insistently and consistently as possible. Lax Habits in Mobile Security – You may have the latest versions of spyware and virus blockers on your company desktops, but do your employees have the same on their tablets, phones, and other portable electronics? Without the same security, once they are connected to your network, these devices leave your network wide open for breaches. Be sure your employees aren?t leaving points of access to your network without safeguards by establishing mobile device policies and a BYOD (Bring Your Own Device) policy. Using Insecure Connections to Access Sensitive Data – Are your employees reviewing company files on their lunch break by using the local fast food franchise?s free Wi-Fi? If they are, it is recommended that you put a stop to it; as public Wi-Fi hotspots are prone to have malware lurking about. Lost or Stolen Unencrypted Tech – So an employee is riding the bus to work, and leaves their company phone behind when they disembark. Without encryption software, that phone is potentially an encyclopedia of company data and information for sale to competitors, as well as a free pass into company files and email. Enforcing encryption policies helps to mitigate this risk. Shadow IT – An employee decides that they prefer a different program to perform their job-related task and downloads a copy of that program onto their company desktop without the knowledge of the IT department. Besides the question of compatibility with your systems, it spreads your company data into yet another system, but this time you don?t have control over it. Plus, there is always the risk that the download will come with a bonus – vulnerabilities that could allow malware to hitch a free ride into the network. Be vigilant regarding the use of unapproved, personally downloaded applications. Phishing Calls/Personalized Phishing Emails – One of your HR employees checks their email and finds what looks to be a job application directed specifically to them, using their name, title, and other personal identifiers. They click on the included link, not realizing that the email was actually from a hacker who did a bit of research on Facebook and LinkedIn, and downloads a mess of viruses. Impress upon your employees the importance of private social media accounts and the careful consideration of any linked content from unknown senders. Similarly, make sure your employees can recognize and appropriately handle phishing telephone calls for both live callers and robocalls, and understand the importance of not sharing company information compulsively. Personal Email Use – The news […]

The law in question is the Electronic Communications Privacy Act (ECPA), which was originally passed in 1986. What makes this situation rather precarious is that this 30-year old law is used to justify accessing emails today. To fully grasp how odd this is, consider how much email usage has changed during this time period, much less the technological landscape in general. The wording of this law makes it so that any stored electronic communication (like email) that?s more than 180 days old is considered ?abandoned,? and therefore, is subject to law enforcement agencies accessing it without a warrant. This presents a major problem for modern computer users that communicate primarily through electronic communication and store everything (going way further back than 180 days) in an Internet-connected database, like the cloud. Obviously, this describes pretty much everybody and the majority of organizations today. Recently, legislative action has been enacted to try and close this loophole. CompTIA reports: On April 13th, the House Judiciary Committee unanimously passed an amended version of the Email Privacy Act (H.R. 699)… The Email Privacy Act would put an end to this outdated 180 day rule and require a warrant for law enforcement to access the content of all stored communications. While the current iteration of the bill is not perfect, we were happy to see that it does not contain a carve out to the warrant requirement for civil agencies, nor does it alter ECPA?s emergency exception procedures. The goal behind closing this loophole is to protect citizens from government overreach, as well as the service providers who store digital information for the population. As society grows hugely dependent on digital information, it?s more important than ever to update the laws that govern data usage in order to protect privacy rights. Is all of this news to you or did you already know about the ECPA loophole? Is data privacy something that concerns you, or do you not much care if the government reads your emails? Share your thoughts with us in the comments.

Types of Cloud SolutionsImplementing the cloud into your current business model is easier said than done. In order to get the best return on investment for your cloud technology, you need to take your various options into account. We?ve outlined some basic information about the various types of cloud computing your business should know about. Public cloud: The public cloud is a solution that?s designed to maximize efficiency for the user. The management and maintenance of the public cloud is handled by the provider. This is great for businesses that want a hands-off cloud experience at the expense of control over data. Private cloud: The private cloud is often hosted either in-house or by an outsourced IT provider. As such, they require proper management and maintenance to ensure functionality. The private cloud is preferred by companies that want to maximize data security and want the most control over their data. Hybrid cloud: The hybrid cloud is a solid middle ground for users who don?t want to exchange data security for operational efficiency. What to ConsiderIn order to make the most educated decision you can, we recommend taking the following variables into account when choosing your cloud solution. Data security: Businesses that want to maximize data security will appreciate the private cloud. The private cloud allows for additional security measures, like secondary hardware-based security solutions, that can maximize the security of your data. Access control: If you don?t want that much control over your data, the public cloud is a good choice. However, users who want to maximize access control and role-based user access will want to invest in a private or hybrid cloud. Management responsibility: Just like other computing hardware and software, a cloud solution requires a certain expertise that should be administered by a qualified IT technician. If you don?t want this responsibility, the public cloud is for you; though it should be mentioned that a hybrid cloud allows your business to take advantage of the many benefits of both private and public clouds. White Mountain IT Services can help your business integrate and adjust to a new cloud computing solution. We can assist and consult your team through each and every step of the cloud adoption process. To learn more, give us a call at (603) 889-0800.

Hold the PhoneA lot can be said about the days of having one phone line per household that only allowed one person at a time to use the phone. This meant getting creative in order to ensure that the phone was available when you needed it. For example, if you were expecting a phone call, one sneaky trick was to call an automated phone service like your local movie theater for showtimes and then wait to hear the phone notify you that your call was coming in. This way, when someone else picked up another phone or walked by, they wouldn?t hear the dial tone. Use Collect Calls for Quick MessagesBack in the ?90s, collect phone calls were all the rage with dozens of collect call services like 1-800-COLLECT to choose from. If you remember how they worked, you would typically get a brief spot during the call setup where you were supposed to tell your name to the person you?re calling so they can accept the charges. Though unethical, many callers would use this portion of the call to relay a quick message and then hang up before the charges for the call could be applied. It was a dark time before text messages. \We all had to do what we had to do. Blow On Your Video Game to Make it WorkFor cartridge games, this was the go-to troubleshooting procedure. Even though blowing on the game seemed to have worked on many occasions, the science behind this doesn?t back it up–it actually corrodes the connectors. Instead, any success from this was likely the result of plugging in the game a second time. Keep a Disposable Camera in Your Car?s Glove CompartmentIn a time before everybody had a camera phone in their pocket, disposable cameras were widely used. One common place to keep a disposable camera was in your car?s glove compartment box, just in case you were to ever get in an accident and needed to document what took place–and then wait for hours at the local drug store to get your photos. Carry Extra AA Batteries for Your Portable CD PlayerListening to music on the go didn?t use to be nearly as convenient as it is today. Portable CD players required you to carry your CD collection, and if you were serious about listening to music, you would bring some extra batteries along for when your CD player ran out of juice. Some might look back at these obsolete tips with fondness, while others may see these tips as a cause to celebrate how far we?ve come. Do you have any more obsolete tech tips from the 90s to add to this list? Share them with us in the comments!

Once the file has been downloaded, Petya causes a Windows error and forces the system to endure the typical ?blue screen of death,? causing a reboot. The computer will then display a red skull and crossbones, and a fraudulent ?system check? infects and encrypts the master file table (MFT) with military-grade encryption protocol. This causes the computer to basically forget which files it has, and where they are stored. Rather than closing access to particular files, Petya completely locks the user out of the system by overwriting the computer?s master boot record. The computer is essentially rendered useless by the user, who can?t even log in. Petya will display a list of demands, as well as how to meet them. As is the case with most ransomware, the ransom must be paid in Bitcoin. Once this has been done, the criminal supplies a decryption key that?s used to regain access to the files. The initial cost for the decryption key is .99 Bitcoins, which is an estimated $430. However, paying for the decryption key isn?t that simple. Once the user accesses the payment page, they?re given a limited amount of time to access the key before the price is doubled. While there are some websites that claim there are commands that can allow users to skip the lock screen, the MFT will still be encrypted, rendering the files useless. Even if the user pays the ransom, there?s still no guarantee that the decryption key provided by the hackers will work. This is why we always suggest that you don?t pay the ransom, and instead contact a professional technician who can consult you on the situation. In particular, business owners and human resources representatives who are responsible for the hiring procedure are the preferred targets. Petya is distributed through emails that are disguised as potential job seekers. The message will often contain a hyperlink that redirects to a Dropbox containing a resume, which is really just a Trojan horse containing Petya that?s capable of weaseling its way past your antivirus solution. Petya had been causing significant trouble for German businesses, but a programmer has found a solution. Admittedly, it?s a tricky solution to implement, but it?s still preferable to paying a ransom. As is the case with most ransomware, your best chance of escaping unscathed is by dodging the attacks altogether. Ransomware is notoriously difficult to crack, even for seasoned IT veterans, but keeping a watchful eye on anything you find on the Internet can help you avoid infections. With White Mountain IT Services?s security solutions, you can proactively detect and eliminate threats to your IT infrastructure. To learn more, give us a call at (603) 889-0800.