Recent Blog Posts

According to a 2015 study from CompTIA, employee errors are at the root of roughly 52% of corporate security breaches. Employee errors that compromise your cyber security include the following:?    Careless Internet browsing and email use; for example, thoughtlessly downloading email attachments.?    An inclination to take online communications and websites at face value and quickly trust them.?    A failure to protect sensitive data; this includes sharing passwords, transferring confidential files over insecure connections, and neglecting to apply encryption.?    A lack of awareness about cyber security threats.?    Ignorance or negligence regarding your company’s cyber security policies. Any of these behaviors can expose you to a devastating cyber attack. For example, a quickness to trust people at face value can lead your company to fall victim to a successful phishing attack. Phishing is a common cyber crime that involves tricking someone into disclosing sensitive information. Recently, for instance, cyber criminals obtained employee tax records from a variety of organizations. One method involved sending an email supposedly from the company’s CEO and requesting the information. Rather than double-checking the authenticity of the request, and remaining suspicious about a demand to send tax forms over email, employees complied. Any organization, large or small, can fall victim to these attacks. Cyber criminals attempt to exploit every vulnerability in a company’s IT configuration. And they can often count on human error to give them openings for an attack. What can you do about these kinds of employee errors?To begin with, your company needs to come up with a comprehensive cyber security plan that includes clear policies governing employee behavior in various IT scenarios. Whether it’s transmitting files or using only approved applications for work, your employees should have guidelines and standards to follow. However, as important as it is to devise comprehensive cyber security policies, those policies won’t make much of a difference if employees neglect them. Their neglect will undermine any efforts you make to secure your data and network. For example, a recent article from Business Cloud News reports that “employee negligence and indifference” weaken security when companies rely on cloud-based programs. How can you combat employee neglect? First, you must enforce your policies. If employees assume that their poor cyber habits won’t result in lost privileges or other consequences, they won’t have as much motivation to follow policies. At the same time, you shouldn’t make them so afraid of punitive action that they fail to quickly report errors that compromise security and require a rapid response. Having your employees undergo cyber training is an important step. Training should emphasize how cyber security is critical for a company’s success and that employees can apply it at home to make their personal computing safer as well. Good training will lead to a deeper understanding of cyber security risks and the need to question online communications, protect data, and collaborate in efforts to keep your company secure. Management should also model good cyber security habits to employees; when company executives don’t appear to care about cyber security, employees won’t concern themselves with it either. The key is to promote an overall culture in your company that stresses the importance of cyber security. Instead of leaving security solutions entirely in the hands of your IT personnel, make everyone a part of the solution. To further help your […]

The end of life event for SQL Server 2005 took place on April 12th, which means that if you haven?t upgraded yet to a more recent version, then you really, really need to. Let?s face it, 10 years is a long time to run any software without updates, much less SQL Server. You?ll want to upgrade to a version that?s supported by Microsoft?s security patches and updates. By going with the latest versions like SQL Server 2014 or Azure SQL Database, your data will be protected for years to come. White Mountain IT Services can assist you with such an upgrade so that you won?t experience any surprises with a lack of compatibility of your mission critical apps. Running into an error like this can severely hinder operations. Additionally, upgrading your SQL Server may require apps to be reconfigured and upgraded, which is much more challenging than simply plugging in a new version of SQL Server and walking away. Tim Hegedus, senior manager of the analyst team with Miro Consulting, explains to CIO, ?The biggest risk stems from continuing to use the product when there is any kind of uncontrolled or external access to that database. Any security breach can be damaging not just monetarily but also reputationally.” Additionally, organizations that work with sensitive data need to understand that using unsupported software like SQL Server 2005 (or any other unsupported software) can open themselves up to some hefty fines. Some of these violations can result in fines amounting to thousands of dollars, per record. For businesses looking to upgrade, now may be an opportune time to try out Microsoft’s Azure offering. An Azure SQL VM is a legitimate option to consider, especially if you?re wanting to move away from having to buy and maintain a new server unit, install a bunch of software, and move all of your data. Depending on your needs, there are many other options, and White Mountain IT Services can help you weigh the pros and cons of each solution. For help upgrading away from SQL Server 2005, or any other unsupported software that may be putting your company at risk, give our professional IT technicians a call at (603) 889-0800.

Notification When a Server Goes DownRemote network monitoring software can tell you when a server has gone down. Manually checking the status of each server is time-consuming, while waiting for user complaints only ensures that you find out about a downed server hours after failure takes place. Remote network monitoring software continuously checks the status of your servers and notifies you if something goes awry. Notification When Disk Space Runs LowRemote network monitoring software can notify you when a system is low on disk space. Systems can run low on disk space because anomalous activity has caused logs to fill the disk or because your applications or users have begun to fill the disk with their material. A full disk can cause your server to fail in unexpected ways. Remote network monitoring can notify you when a disk starts to fill so that you can take the appropriate corrective action. Automated LAN DiscoveryRemote network monitoring software can automatically detect when new computers have been added to your network. It can send alerts when it detects a new device; this can make you aware when an authorized user adds their own personal computer to your network or an unauthorized person attaches a device that might compromise your network. Easy and Fast DeploymentThe right network monitoring software can be deployed easily and quickly. It does not require installation of system monitoring software or require long training cycles. Comprehensive ReportsRemote network monitoring software can provide comprehensive reports on the status of your systems. As the network administrator, you can customize these reports to focus on the items that you find most important. You can also schedule them to be sent periodically and automatically. Reports can be sent to email and exported to HTML, MS Word or Excel formats. Event Log MonitoringRemote network monitoring software can watch your servers’ event logs for incidents that are important to you. It can notify you when changes happen or when system-specific software detects an incident and writes it to the event log. This helps you to address problems before they lead to downtime. Alert on FIle Changes and ViolationsRemote network monitoring software can let you know when critical files have been changed, or when someone has tried to access a file that they shouldn’t. This can help you to detect viruses or intrusions within your network. Notification When Traveling Users ConnectRemote network monitoring software can let you know when off-site users connect to your systems. Odd patterns in off-site user connections can indicate a security breach or that a user’s credentials have been compromised. Remote network monitoring helps you to detect these types of issues. Remote network monitoring makes it easier for you to manage, administer and secure more systems more easily. It provides notifications when a system goes down, when a computer is low on disk space, or when specified events have been written to a log. Instead of fixing a server when users complain, you can address root causes before they become big problems. If you are interested in remote monitoring for your network, please contact us.

We see this all the time in certain industries like manufacturing and retail, where there?s no longer a need for specific positions due to autonomous systems taking their place. While this trend is capable of increasing these organizations? bottom lines, it simultaneously puts people out of work. Surprisingly, the quality of work by automated systems could be largely variable and unpredictable. So, until the details get sorted out, it?s likely that automated systems will have to be babysat, with humans jumping in to save the day should something go wrong. This presents another possibility; rather than replacing workers, automated technology could be used to augment their capabilities. For example, there are writing programs that are capable of putting together articles much faster than the way the human mind can. However, these articles are often devoid of emotion and can?t connect on the same level as a human author can. So, for now, there are certain jobs that automation can?t touch, but how long will it take for automation technology to catch up? Please keep in mind that we?re not insinuating that technological advancement is bad; we?re just trying to raise awareness for how it affects the worldwide economy and job market. It doesn?t matter if a specific technology can eliminate work for manufacturers and businesses if it puts hundreds of thousands of people out of work. Yet, in many cases, technological advancement can be exceptionally beneficial. Consider, for a moment, how outsourcing can help your business. When you outsource to a third party, you?re essentially receiving a good or service from someone else. You?re purchasing their professional skills for the good of your business. So, in a manner of speaking, you?re augmenting your business?s IT with a valuable automated service in the form of our talented technology professionals. At White Mountain IT Services, we aren?t looking to replace your internal IT department. Rather, we want to work with them and help your business achieve its greatest potential. Regardless of your current IT?s role in management and maintenance, we can pick up the slack where they fall short. We?re firm believers in working together for the betterment of our clients. If your internal staff doesn?t have the time or skill necessary to perform regular IT maintenance, White Mountain IT Services can step in and handle this responsibility for you. If the opposite is true, and your team doesn?t have time to implement new innovative solutions, we can perform this role for you. Ultimately, our professional IT technicians are more potent and valuable than any robotic IT system can be. To learn more about co-managed IT, give us a call at (603) 889-0800.

It?s not unheard of for users of Internet of Things devices to forget to secure them, especially in the case of security cameras. If this happens, an unsecured security camera that?s connected to the Internet can be used for some nefarious things. Lisa Vaas of Naked Security reported on a study saying that these IoT devices have plenty of security holes. Her report, ?DVR snaps stills from CCTV surveillance and sends them to China,? goes into detail about findings from researchers at UK-based Pen Test Partners. The study analyzed data from Shodan, the search engine dedicated to Internet-connected devices like buildings, smart appliances, webcams, and so much more. These researchers chose to focus on Internet-connected surveillance cameras. Just a quick note: we want everyone who uses web-connected security cameras to know that even an average PC user can create a Shodan account and use it to search for, access, view, and control unsecured cameras. We weren?t sure how well this works, but it definitely does. Take a moment to view these stills from random surveillance cameras that we came across on Shodan: These are just a couple of random shots that we came across. There might not be much going on here, but one thing we do know, monitoring strangers in their homes is certainly unethical. These cameras are just random ones that we stumbled upon. However, Shodan has been criticized for giving its users easy access to cameras that are sensitive in nature. Vocativ cites findings by Ars Technica: These webcams show feeds from sensitive locations like schools, banks, marijuana plantations, labs and babies? rooms. Shodan members who pay the $49 monthly fee can search the full feed at images.shodan.io. A Vocativ search of some of the most recently added images shows offices, school, porches and the interior of people?s homes. Accompanying each of these grabs is a pinned map that shows the location of the device capturing that footage. If you?re still not sold on how creepy and intrusive this whole concept is, let?s go back and take a closer look at the first study we mentioned by Pen Test Partners. Vass reports: The device also has no Cross-Site Request Forgery (CSRF) protection, so attackers can trick users into clicking on links to carry out malicious actions; it has no lock-out, so attackers can guess as many passwords as they like; it sends communications without HTTPS that can be intercepted and tampered with; and there?s no firmware updates, so ?you?re stuck with these issues,? Pen Test Partners said. But weirdest of all, the thing is capturing still images from video feeds and emailing them to an address that appears to be hosted in China. Why exactly are surveillance images being sent to China? This is a question that Pen Test Partners was never able to answer. Rather than speculate on what?s going on here, we?re going to take the objective road and attempt to address the real problem: the fact that surveillance cameras are unsecured in the first place. If your organization needs assistance with securing your Internet-connected devices, White Mountain IT Services can help. We can help you understand how Internet of Things devices work, and what you can do to ensure that maximum security for your network. To learn more, give us a call at (603) 889-0800.