Talk to Your EmployeesIt?s not just a question of having your personnel read and sign a document regarding your organization’s IT policies. What you need to do is to also communicate the likelihood of a cyber attack and stress the potential negative impact on the functioning of the organization. Get your employees involved by explaining that they have obligations to the company in this respect. Involve the Whole CompanyIt?s important to include executives and top management. Cyber ?pirates? can aim their malfeasance at traveling executives using free hotel Wi-Fi without encryption. Keep in mind that potential damage and financial rewards can be much larger for cyber criminals if top level management is targeted. Hold Regular Training SessionsTraining in cyber security should be mandatory for all new employees and refresher courses conducted for everyone. Training needs to happen before there?s a problem. Specific rules should be put in place with respect to Web browsing, e-mails, file transfers, application downloads, mobile devices and social networks. Employees should be made aware of suspicious links from unknown sources. They also should be trained to recognize suspicious contacts from individuals posing as co-workers and asking seemingly innocuous questions ? what these persons are really doing is gathering information about the company and its operations. Give your attendees regular quizzes to test their cyber security knowledge ? make it relevant, fun, and rewarding with incentives for good responses. Collect FeedbackEncourage your employees to make it known if they find some procedures too difficult to comply with. For example, if you make it mandatory for everyone to change their passwords on a weekly basis, be aware that they will find less secure workarounds such as writing them down in their personal on-line documents or on post-it notes in their cubicles. Don?t Discourage Your Employees from Reporting an IncidentEven if it transpires that it’s a false alarm, never disapprove or make a joke out of an employee who puts up a red flag. If you do, all you will accomplish is to make the individual think twice before speaking up again. If you think that there are too many false alarms, take a look at your training methodology. Alert Your Workforce Promptly to a ProblemIf you do have an incident, communicate this to your employees as soon as possible. A delay in getting this information out may significantly increase the adverse impact of the situation. Establish PlansOne plan should contain step-by-step instructions about what employees should do if they believe they have encountered a cyber incident. Another plan should provide internal communications and public relations strategies to ensure a prompt and calm response to a cyber attack. ConclusionYou need to defend your business against cyber crime and malware. However, you don?t have to try to do this alone; we have the expertise to help you. Please get in touch with us to learn how you can significantly reduce your organization?s security-related risks from inside and outside sources.

On January 9, 2016, the former scouting director of the St. Louis Cardinals plead guilty to five counts of unauthorized access to a private computer for utilizing a former employee?s credentials to hack into a rival team?s scouting database, opening up the threats of data security to all competitive sports franchises. Christopher Correa, a longtime member of St. Louis? front office, is charged with taking liberties with his former boss? login credentials. The contemporary, listed in the indictment as ?Victim A?, and largely believed to be current Houston Astros General Manager Jeff Luhnow, apparently used the same login credentials as he did when he was a member of the Cardinals? front office. Correa used this information to hack into Houston?s scouting database several times around the MLB First-Year Player Draft last June. The government has subsequently valued the information Correa gained as a result of the hack at $1.7 million. Correa had also accessed employee emails and 188 separate pages of confidential information by using ?Victim A?s? credentials. Since ?Victim A? had universal clearance within his organization?s databases, it gave Correa some useful information on who St. Louis was scouting. Correa has subsequently admitted his crime and was quoted as telling the presiding judge, Lynn Hughes that it was a ?stupid,? thing to do. Sentencing will commence on April 11, 2016. Luhnow recognized the security problem and changed his credentials, which resulted in Correa hacking into the Astros? email-server and getting credentials of two more of the organization?s employees. Despite taking the GM job in Houston in 2011, Luhnow?s lack of password protection put his whole organization?s data infrastructure at risk. He made the following statement shortly after Correa?s plea: I absolutely know about password hygiene and best practices. I?m certainly aware of how important passwords are, as well as the importance of keeping them updated. A lot of my job in baseball, as it was in high tech, is to make sure that intellectual property is protected. I take that seriously and hold myself and those who work for me to a very high standard. Despite his comments, it took a rival hacking into his organization?s database for him to follow industry best practices and alter his login credentials. This situation presents a poignant example of how network security is an end-to-end initiative. It?s just as important for people to follow best practices of password management as it is to have integrated intrusion security and access control solutions for your network. You don?t get three strikes to secure your network against malicious entities that may want to get in. To get more information about the best practices for comprehensive network security, or to speak with our certified technicians about remote monitoring and management or other comprehensive network security solutions, call us today at (603) 889-0800.

It seems that ever since the nuclear disaster in Chernobyl, Ukraine (1986), nuclear plants have cracked down on minimizing the chances of incidents. Barring Chernobyl, there has only been one other disaster that?s rated 7 on the International Nuclear and Radiological Event Scale (INES), and that was the Fukushima Daiichi nuclear disaster of 2011. These two are rated 7, the top of the scale, due to the disastrous effects that they had not only on the immediate vicinity, but also for the worldwide environment. The Chernobyl disaster was the result of an uncontrolled nuclear chain reaction, which led to an enormous explosion that ejected fire and radioactive core material into the vicinity of the power plant. However, a significant portion of the damage caused by Chernobyl could have been prevented if the plant practiced better safety measures, and if there was a containment system in place to handle the worst-case scenario. On the other hand, the Fukushima incident was prepared to handle a failure of operations. The disaster was triggered by the 2011 Tohoku earthquake and the resulting tsunami. The plant at Fukushima had measures put in place to shut down the plant in the event of a disaster, but these measures were rendered useless by the awesome power of nature. The tsunamidamaged power lines and the backup generators, which led to heat decay, meltdowns, and major reactor damage. These disasters lead professionals to find solutions to new and emerging problems and to ensure that such catastrophes are prevented in the future. For example, the Fukushima incident forced plants to consider what would happen if power generators were flooded and rendered obsolete. In response, emergency off-site power generators and other equipment are planned to be implemented as soon as November 2016. Another way that nuclear plants have coped with these new risks is by allowing external third parties to investigate and manage the reliability of their backup systems. These investigators are in charge of making sure that any and all systems are properly maintained. They function in a similar manner to a business?s IT management, making sure that all systems are operating smoothly, and that no unauthorized changes are made to a functioning infrastructure. The main takeaway from this article is that nuclear plants expect the worst to happen, and they take steps to prevent it before it even takes place. This is the type of proactive stance that your business needs to take. Granted, there?s a lot more at stake if a nuclear power plant fails to function properly, but the fact remains that if your mission-critical systems fail, you could be experience significant downtime and increased costs. In order to keep your business functioning properly, White Mountain IT Services suggests utilizing a comprehensive backup and disaster recovery (BDR) solution that?s specifically designed to minimize downtime and data loss risk. The BDR takes regular backups of your business?s data and sends them to a secure, off-site data center, as well as to the cloud for quick recovery. In the event of a hardware failure or similar disaster, these backups can quickly be deployed to the BDR device, which can temporarily replace your server until you find a suitable replacement. Furthermore, you can compound the BDR solution with our remote monitoring and maintenance solution, which is designed to detect issues within your IT infrastructure and […]

Before we dig into the nitty-gritty details, let?s discuss why you would want to add a new Gmail account to your device in the first place. While Google doesn?t like it when someone has more than one Gmail account, users may need a second ?burner? account that?s used for junk mail and signing up for online promotions. Another example might be if your workplace uses Gmail as its preferred email client, and you want to add a work account to your smartphone. Adding your Gmail account to your device will also give you access to your email, calendar, and Google Drive all through your smartphone, even while you?re on the road for business purposes. Regardless of why you have more than one Gmail account, adding these accounts to your device can make for a significantly more convenient experience. Here?s how it?s done. Adding a New or Existing Gmail AccountWhen you?re ready to add your account to your smartphone, open the Gmail app. You should see your inbox for the default Google account set up on your phone. Check the side menu and tap the hamburger menu (the three-line menu in the top-left corner). Scroll all the way down to the bottom of the page, and select Settings. You?ll then see a list of your current accounts. Next, select Add account. Tap Google, and then select Next. Just follow the instructions displayed on the screen and you?ll be all set. Switching Between AccountsOnce you?ve added your new account to the Gmail app, you can easily switch between your account inboxes and accounts. Go back to the hamburger menu, and you will see your accounts in the form of icons at the top of it. All you need to do is tap the icon, or select the down arrow next to the icon, to see your inbox. It?s a pretty handy feature to have while on the move. For more great ways to improve your Android user experience, subscribe to White Mountain IT Services?s blog.

Business Application A clearly defined policy serves three business specific purposes: Expectations ? A good policy will establish the behavioral expectations of the employer regarding all email sent or received with corporate-owned equipment and services, as well as company email addresses. Security ? All policies should emphasize the need for users of all corporate-owned equipment and company email address to employ common sense awareness regarding modern cyber-threats. Well written policies will underscore that it is ultimately up to the user to ensure company equipment and email systems are not leveraged for malicious purposes. Liability ? A detailed policy will reduce a business?s liability by establishing that well-defined expectation?s, as well as consequences that will follow if/when the policy is breached, were clearly spelled out to all users upon employment, and routinely throughout their tenure. Technology Monitoring & Restrictions Regardless of the infrastructure used to provide email services (cloud, hosted, or on-premise), technology-based monitoring and communication restrictions must be utilized to ensure compliant business use. Restrictions should include: Suspicious Email ? Whether inbound or outbound, all suspicious emails need to be blocked. Blocking suspicious inbound emails will protect the organization from phishing and malware attacks.  Blocking suspicious outbound email will safeguard a business?s email domain reputation ? preventing it from being blacklisted and interrupting email flow. Emails Containing Protected Information ? The communication of protected information across digital media is heavily regulated in many industries ? HIPAA, SoX, and PCI-DSS are the most common examples. Technology restrictions must be in place to monitor for, and prevent the public exposure of, personally identifying information, financial information, Social Security numbers, private medical information, etc.  Failure to comply with these regulations, especially in the wake of a breach, comes with heavy financial penalties. Harassing & Unlawful Correspondence ? Threats and harassment (cyberbullying) is a well-documented issue in the US that comes with steep fines and penalties, depending on the outcome. Emails containing vulgarity or harassing/threatening language must be monitored for, reported on, and blocked to protect a business from civil and criminal prosecution.  Additional Items For Consideration There are several additional items your business should consider when creating a comprehensive policy: Training ? Many Federal regulations require that a business establishes and documents a routine training program to ensure that all staff members, individuals that may use corporate-owned equipment, and all users of company-owned digital communication systems are provided training covering the areas discussed in this article, as well as industry-specific topics. Insurance ? Even the best plans, policies, and practices cannot account for all eventualities or future threats. Maintaining a sufficient level of liability insurance is the only way to safeguard your business when something unforeseeable occurs. Assessment ? Certain regulations, such as HIPAA, require an organization to routinely review their policies, training, monitoring systems, and technology used to prevent the communication of protected information or harassing communication. Regulations aside, it is a good idea to, at the least, review your policies and procedures internally on a yearly basis. Takeaway  The general acceptance of email by businesses as the go-to tool for internal and external communication requires many companies in various industries to create and enforce well-documented policies to protect themselves, their customers, and their users. These policies should include language to cover common issues, such as expectations, security, and liability. Further monitoring […]