It?s clear that the average PC user won?t choose passwords that are as secure as they should be, primarily because users will prioritize ease-of-remembrance as one of the best qualities of a password. As explained in an essay from the University of Southern California, written by Marjan Ghazvininejad and Kevin Knight, it?s best to use randomly generated 60-bit strings (basically, a series of 60 ones and zeros), and convert these strings into words or phrases. This concept is based on a XKCD comic that depicts the pains of remembering complex passwords. The idea behind the comic is that you can take a string of numbers, like 10101101010100101101010101010, and convert segments of the string into English words. For example, the above string would read, ?correct horse battery staple,? which is ridiculous and doesn?t make any logical sense. However, if used as a password, users can create a mental image or a story to associate with the password, helping them remember it. Ghazvininejad and Knight suggest that, unlike the 44-bit string in the above example, users should opt for a 60-bit string, and give the password a poem-like structure. Doing so could make the password easier to remember. In other words, to put it in very simple terms, the idea is to make the password as easy to remember as possible for the user, while making it extraordinarily difficult for a computer to guess. By today?s standards, the 44-bit string would take around an hour to crack, while a 60-bit string would take well over a decade. That?s the kind of password security that your organization wants. If you don?t feel like getting overly technical with 60-bit code strings, it?s possible that you can use lines from existing poems to create a password. The creators of the passpoem, however, don?t suggest that you do so. There are millions of poems on the Internet, and the chances of this type of password getting hacked are much higher than if the string of characters were truly random. Still, using a line from your favorite poem is likely much more secure than a simple password like ?MOM385? or ?password,? so the idea shouldn?t be dismissed completely. You still need to be aware of the issues that come with this password strategy; for example, the risk of dictionary-type attacks could become a problem, even with using a long password. It?s up to you to know the complications and risks that come with your preferred password management policy. One of the biggest pain points about password management is that you need multiple/different passwords for all of your different accounts. When you have multiple complex passwords, it can be difficult to remember them all. This is what makes a password management system so effective. White Mountain IT Services can help your business get set up with the best password manager on the market. To learn more, give us a call at (603) 889-0800.

Gmail will soon inform users of whether or not messages were sent to them over an unencrypted network, in the hopes of improving online security for all users (and providers) of webmail. It?s a way of increasing awareness, as well as emphasizing the necessity of encryption for sensitive online services. While Gmail already takes advantage of an HTTPS encryption protocol for its own mail service, this is only a small step toward increasing the security of online email services. The HTTPS only encrypts the browser?s connection with the server, rather than all of the traffic to and from senders and receivers. In other words, unless the email provider is taking full advantage of encryption while messages are in transit, external parties could potentially be snooping around looking for information that doesn?t concern them. Providers like Google, Comcast, Microsoft, Yahoo, and some others, are taking advantage of protocols that can limit outside intervention by using STARTTLS. As explained by ZDNet: A lot of providers don’t support STARTTLS, meaning that any email encrypted by the sender can’t be read when it’s received on the other end. This so-called opportunistic encryption works when both email providers support STARTTLS. If one doesn’t, then the other provider falls back to an unencrypted form. Therefore, the most important aspect of this new email encryption protocol is the fact that it will encourage email providers to offer the same security measures that big names like Google and Microsoft do. While this new encryption notification policy can improve the way you read and interpret emails, you don?t want to rely on this method to keep your business?s communications solution safe. What you want to integrate is a comprehensive security protocol that?s capable of defending your business?s infrastructure from a variety of both internal and external threats, like viruses, malware, and spyware. While a firewall and an antivirus solution can go a long way toward limiting your business?s exposure to threats, you want a more powerful solution that encompasses all aspects of network security. The perfect solution for a small or medium-sized business is the Unified Threat Management tool, which combines a firewall and antivirus solution with preventative measures like content filtering and spam blocking capabilities. Such a comprehensive solution is optimized for maximum protection from threats of all types. For more information, give us a call at (603) 889-0800.

Gartner predicts that Windows 10 will be used by half of all businesses come January 2017, which means that it will be one of the most widely used Windows versions so far. This is somewhat surprising, considering how its adoption rate thus far has been relatively tame. Businesses still like using their familiar Windows 7 operating system, and thus, feel little need to upgrade at the present moment. However, there are several noteworthy factors that will affect the adoption rate for Windows 10 over the next few years. For one, Windows 7 is slated for its end of support date in January 2020. This means that eventually, just like previous versions of Windows, like XP, Microsoft will cut the cord on its aging operating system. This means that users of Windows 7 will be forced to upgrade to something more recent, and considering the fact that Windows 8 and 8.1 are as unpopular as ever, Windows 10 is the natural choice for a replacement. According to ZDNet: Gartner said many organizations are planning to begin pilots for Windows 10 in the first half of 2016, and will broaden their deployments later in the year. It expects that at least half of organizations will have started some production deployments by the beginning of 2017, with an eye to completing their migrations in 2019. In other words, it will be quite some time before most businesses adopt Windows 10, but they?re still making plans to do so in the near future. In fact, up until very recently, the Windows 10 adoption rate was staggering, surpassing both Windows 7 and Windows 8. Granted, these figures fail to take into account the primary reason adoption has been so incredible: the free download. This free download is only for the first year that Windows 10 is available to consumers, but businesses want to make sure that they?re going to run into minimal resistance when upgrading to their new operating system. Just because everyone else is waiting to take advantage of the latest Windows operating system, doesn?t mean that you have to. You can get a leg up on the competition by upgrading to Windows 10 early, before your competitors decide to finally make the switch to Microsoft?s latest operating system. Doing so will give you access to great new features that will help you fully utilize your business?s technology solutions, as well as provide the peace of mind knowing that your tech is up to date and ready to go. It?s still recommended that you consult an IT professional before making this commitment, as legacy applications and other complications can arise that will need to be addressed by experts. White Mountain IT Services can answer your business?s questions about Windows 10, including how and when you should make the switch. To learn more, give us a call at (603) 889-0800.

Snap To is a nifty feature that automatically moves your mouse pointer to dialogue boxes that might pop up while you?re using your PC. The dialogue boxes usually appear when you delete a file, close a window, or perform other similar tasks. When using Snap To, it?s important to make sure that you?re not just clicking the Ok button blindly. Otherwise, you might accidentally delete a file that you shouldn?t have, or you change a setting that otherwise wouldn?t normally be touched (like, ?are you sure you want to delete all files?). Paying attention to the messages as they appear will make it much easier to handle damage control. To enable this feature, go to Control Panel > Mouse Properties. Next, click on the Pointer Options tab and then checkmark the Snap To box that says ?Automatically move pointer to the default button in a dialog box.? Click OK or Apply when you?re done. Keep in mind that using Snap To might take a little while to get used to, primarily because it?ll be different from dragging your mouse pointer to each dialogue box manually. Just in case you don?t want to enable Snap To, you can usually just press the Enter key to select the Ok button in dialogue boxes. While Snap To might not seem like a very dynamic feature, by using it, you might find yourself saving quite a bit of time in the long run. The productivity-minded worker will understand the value that Snap To presents, and will enjoy the ease-of-navigation that comes without working with the mouse so often. Plus, some laptops have quirky touchpads, making Snap To an ideal candidate when you need to close out of dialogue boxes and get back to work. For more productivity tips and tricks, subscribe to White Mountain IT Services?s blog.

This kind of security oversight is known as role-based access control. While role-based access control has always been a major component of network security, for some reason (perhaps due to the cloud?s ease-of-use), user permissions can be overlooked when it comes to cloud computing. With a traditional, in-house IT infrastructure, user permissions and other aspects of network security are overseen by an in-house IT staff member or your trusted IT guru. The advantage of having an in-house network is that your IT technician is familiar enough with the company to know who the users are, along with their roles within the organization (this is especially the case for SMBs). With cloud computing, security oversight is often outsourced to the cloud provider, who may not know every user or understand what their roles are within your company?s organizational structure. To be clear, we?re by no means advocating against outsourced network security. Instead, we want to raise the concern of not blindly rushing into a cloud computing service without first properly vetting its security measures. For example, you?ll want to make sure that your cloud computing solution gives you enough control that you can implement different levels of access to sensitive data based on the roles within your company. Doing so will require you or an administrator within your company to set these parameters, or maintaining a relationship with your cloud provider so they can understand the role-based access control needs of your business. NetworkComputing explains: When you have employees with different roles in your company, access control is a key feature that can help ensure basic cloud administrative security. You?ll need to exercise caution to prevent credentials from being compromised, and to ensure menial errors don?t spoil your day. Implementing robust and powerful access control is important to protect company resources. Additionally, you?ll want to implement ways for the information that one?s granted access to (due to their role) to only be seen by them, and not shared with others who have no business accessing it. For example, in-house IT workers have access to more information than the average worker, much of which is sensitive in nature. Despite this, according to a recent study by Intermedia and Precision Sample, IT workers are 10 percent more likely than non-IT staff to give away their login credentials for superfluous reasons. What precautions do you have in place to prevent scenarios like this from happening? One extra layer of protection you can add to your cloud service is two-factor authentication. This will mandate another form of authentication, like a text message or phone call, in order for the user with the proper role to access the information they need. A security solution like this will make it much more difficult for a user to exchange account information with those outside of their roles. The many benefits of cloud computing are obvious, which is why enterprise-level cloud services are growing so rapidly. The best approach to cloud security is to understand the intricacies of the services you?re using, as well as to lean on a cloud service provider that you can trust. To that end, White Mountain IT Services is here to assist your business with all of its cloud computing needs, including the management of who in your organization can access your cloud data, and who can?t. […]