What is Passwordless Authentication? A simple way to look at passwordless authentication is to consider what can be involved in multifactor authentication and simply omit the password element of it. The hard truth of the matter is that passwords just aren?t that secure?in fact, they were never really intended as a security measure. The original shared networks more used them to confirm which data to retrieve than they did to keep others from accessing this data. It wasn?t security, it was convenience. So, technically speaking, we?ve all been relying on what was never really meant to be a security system in the first place. The other forms of authentication, however, have always meant to be security measures, which is why we?ve seen more and more personal identification numbers (PIN) or biometric-based forms. Google is Implementing Passkeys in Chrome and Android This is a big step for Google to make in exacerbating the difficulties that an attacker will have. The idea of the passkey is that a user can create and store them in their hardware, also backing them up in the cloud, to access their different accounts and data without a password. By eliminating passwords in this way, phishing risks are greatly diminished, password reuse is eliminated, and it isn?t as though you can reuse something you don?t know at all.  Again, this is big. Reducing, if not eliminating outright, these passwords can significantly improve your cybersecurity. Time will only tell how widespread these alternatives will become in the near future? but considering that the market is currently valued in the billions and growing, we?re confident that we?ll continue seeing news. In the meantime, White Mountain IT Services is here to assist you with your cybersecurity needs. Give us a call at (603) 889-0800 to learn more about what we can do to assist you.

Here?s the thing though; those common email scams we look back on and laugh about today were common for a reason?they worked sometimes. Folks fell for them. Gullible widows wired cash overseas in the hopes that the Prince of Nigeria would share some of his vast fortunes with them, and life-sentence bachelors fell for the steamy romance that started with a canned email. Modern spammers are driven by success. The goal isn?t to just flood your inbox with junk mail, but instead they see it as a numbers game. A certain percentage of users fall for different spam campaigns, and the scammers have learned over the many years that certain tactics have a better conversion rate. With these tactics, they know if they send x-number of emails out, a certain percentage of people will fall for the trap. To protect yourself from dangerous spam scams today, you need to be aware of these tactics. Email Spoofing You wouldn?t expect an email from Amazon, Paypal, your bank, Microsoft, or Google to be dangerous, right? What about an email from your family or friends, your boss, or your partner? Spammers can easily mimic email addresses that look legitimate in order to give you a sense of trust. Traditional email phishing attacks have been doing this for a long time, where the scammers pose as legitimate companies like Google, Amazon, or your bank. These types of attacks are easy to just blanket out to a million inboxes, because there?s a pretty good chance most recipients will have an Amazon account, or a Google account, or a Microsoft account, etc. They can also be targeted toward specific contacts who definitely do business with an entity. If your bank suffers a data breach where the list of email addresses of their users are leaked, spammers can easily target all of them with personalized scams. Thanks to social media, it?s also pretty easy to determine who a person interacts with in their daily life. You could easily look up a friend or colleague and usually figure out their family members, and with a little digging, figure out what their email addresses are. It only takes a little technical knowhow to spoof those email addresses and run highly personalized spam campaigns. Homograph and Punycode Attacks These tactics are a little harder to wrap your head around if you aren?t technical, but essentially this is one method scammers can use to make an email seem more legitimate. A homograph, in the English language, is where two words look the same and are spelled the same, but have different meanings. For example, the word bow (like a bow made of ribbon on a gift) and the word bow (like to take a bow after a performance), or the word tear (like what comes out of your eyes when you cry) and tear (the act of ripping something). When it comes to online scams, homograph attacks are used to trick a recipient into trusting an email or website. It?s a little complicated to explain, but essentially non-traditional keyboard characters get translated to look like traditional letters. This means someone can easily spoof, say, Paypal.com, without actually owning or controlling the domain for Paypal.com. Homograph and Punycode attacks don?t just take place in email either. Fake versions of legitimate websites can […]

What Is Zero-Trust? Basically, it is the removal of IT-related trust from your network. That means devices that you?ve put on the network yourself. Essentially, what this means is that even devices that are on the correct side of your network, those being the ones that have already connected to it, cannot be trusted to be inherently secure. How Does It Work and Is It Right for Me? Zero-trust security policies are not for all businesses, because they can actually do more harm than good as far as productivity goes. You will have to ascertain if your company?s network fits the bill here. It is important that organizations think of this less as a guideline and more like an approach to network design, meaning that this should not be considered a steadfast rule. Naturally, all businesses will have different needs, and some companies just might not be able to make a zero-trust policy work. This is particularly notable for companies that have large computing infrastructures, as the number of devices involved and the sheer cost of moving in this direction could eat holes in your business? budget for as long as you are building the strategy out. Businesses might have to acquire new hardware and services, train technicians, and frequently update all of this technology to keep up with security standards. Furthermore, companies that utilize a Bring Your Own Device policy (BYOD) have an even harder time implementing a comprehensive zero-trust policy. Despite these difficulties, it doesn’t hurt to consider a zero-trust policy for your business. Here are five reasons why it works: You gain greater control over data delegation to the appropriate users. Provides a construct for stronger authentication and authorization policies. It can provide a much cleaner user experience (single sign-on). Every action and device is subject to policy, leaving nothing to chance. Mandates the need for comprehensive access logs. Start Securing Your Systems Today There is a lot to be done to protect your business from the plethora of threats out there, and we guarantee that working with a cybersecurity professional like those at White Mountain IT Services will give you the best shot at protecting your business as possible. To learn more, reach out to us at (603) 889-0800.

First, let?s review what this idea of a four-day workweek looks like in practice. A Four-Day Workweek Doesn?t Mean Four Longer Days or Less Pay The concept of the four-day workweek is based on the expectation that the workers involved will be paid the same as they would have if they had worked a five-day week. It?s based on the 100-80-100 model posed by 4 Day Week Global (a non-for-profit community that supports a four-day workweek), that suggests that employees should get 100% of the pay for working 80% while still accomplishing 100% productivity. A lofty goal, for certain?and one that it seems is perfectly attainable, based on recent events. Assorted Pilot Projects Have Proved the Efficacy of the Four-Day Workweek 4 Day Week Global, as its name would suggest, is a global organization. As such, there have been pilot projects conducted not only in the United Kingdom and the rest of Europe, but also in the United States, Canada, New Zealand, Australia, and South Africa. While we may have already spoiled the results, the level of success that participating companies have exhibited is impressive, to say the least. For instance, in the UK?s pilot of the four-day workweek, which ranged across industries and involved 3,300 workers from 70 companies, a full 95% of surveyed companies reported consistent or even improved productivity. The breakdown of these responses is as follows: 46% reported maintained productivity 34% reported slight improvements to productivity 15% reported significant productivity improvements Most telling, perhaps, is that 86% are considering making the switch a permanent one. Why Does the Four-Day Workweek Produce as Much as the Five-Day Workweek? Admittedly, it sounds counterintuitive to the point of craziness?how is it that less time spent at work results in equal, if not more, work being done? There are actually a few ways that businesses that have switched to a four-day week have seen benefits. A reduction of ?work theater,? or an employee trying to look busy instead of actually being busy, is one impact that has led to more efficiency. Staff burnout and turnover are also greatly reduced and their impacts on productivity are diminished as a result. Microsoft Japan actually saw productivity jump up 40% after it adopted the four-day workweek. The cornerstone of this kind of strategy is to focus less on the time spent working, and more on the output that is achieved. Similar Impacts Were Seen During the Remote Work Boom It hasn?t been nearly long enough to warrant a reminder of why remote work suddenly became such a popular option for so many. However, similar trends were seen with the sudden adoption of remote operations?indicating that the old ways of working are no longer the best option available. Now, while the adoption of remote work happened very quickly out of necessity, any widespread adoption of the four-day workweek is likely to take more time?it really comes down to the company culture of each organization and the willingness of its leadership to adopt whatever new thing is making waves. Therefore, how soon it will be before a widespread four-day work week is seen is anyone?s guess. Regardless of When You Work, We?re Here to Make Sure You Can That?s the big benefit of managed IT services?we?re here whenever you need us and our support to […]

IT is an Investment It?s easy to look at IT in sort of the same way you would look at car insurance?as a necessary evil. You?ve got to have it, it comes in handy when you need it, and you even like doing business with the folks that offer it, but you only rarely see the value. Technology could (and should) be more than that though. The problem is, as business owners we?re so used to only having the ?money? conversation when it comes to IT. How much is it going to cost? Oh, the prices are going up? Oh, I need to upgrade? Before long, it?s easy to feel like you are just signing checks without really seeing the value. We get that! For the clients we completely manage and maintain, it?s pretty rare that some of the people in the company even see us throughout the year, simply because we?re able to prevent issues remotely. This leads to fewer onsite visits and fewer support calls, but at the end of the day, that?s way more productivity. If you want a more drastic example, think about what your business could be doing without ANY computers. It?s almost a silly thought experiment today, but it just shows you how critical IT really is for most organizations. The entire point of utilizing technology is to improve productivity, increase performance, reduce problems, and get more done. There are likely plenty of inefficiencies in your organization right now that technology can improve for you, it?s just a matter of ironing them out with an IT consultant who understands your business. What Should Be Included in a Yearly IT Budget? You can break down your IT budget into three categories. One-time expenses Ongoing expenses Support/Emergency expenses One-time expenses are exactly what they sound like. When you need to purchase new hardware or software, or pay for a consulting fee, that will fall under a one-time expense. Sometimes, hardware can be leased, and software often falls under a subscription model, but usually there are still some upfront costs. The biggest one-time expense most business owners miss is going to be your regular upgrades. You can usually expect to get about 3-to-4 years of life out of your typical workstation or laptop. Proper maintenance and support can usually add an additional year or two, but consider that a bonus. Servers tend to have a longer lifespan of about 5-to-8 years, and proper maintenance and a clean, controlled environment will keep them operational towards the higher end of that range. If you have hardware that is reaching the end of its lifecycle, you need to budget the replacement of that hardware. Ongoing expenses range from your software and subscriptions, to cloud hosting, support contracts, and any other costs. For businesses that have their own internal IT department, you?ll want to include the salaries, promotions, and benefits of your IT staff, as well as any costs you might need to have for recruiting. This should cover the upkeep of everything on your network. Expect that you?ll need to allot time to keep your devices updated, ensure that antivirus is ran, and backups are checked. This can be a pretty significant part of your IT budget, and when this type of work isn?t done properly, the next category (support/emergency […]