To begin, let?s analyze what social engineering really is, and why it works so well on us. Social Engineering is Emotional Hacking When all is said and done, that?s really what it boils down to. Instead of trying to find the right combination of 1s and 0s to bypass your cybersecurity, social engineering is the use of the right emotions and thought processes to bypass your human employees. Let?s examine the stained shirt example I provided above. While it probably wasn?t as effective coming in through text, chances are good that you?ve also experienced the old-fashioned version where someone pointed at your shirt and flicked your nose when you looked down?more than likely, many times. Why do we keep looking? We do so for the same reason that social engineering works?hearing that we have something on our shirt has some effect on our emotions. We fear that we?ll look silly, or sloppy, in front of people we respect and (more importantly) we want to respect us. The need to confirm that the stain is there becomes so urgent in the moment that we have to look down immediately, despite being intimately familiar with this kind of trick. In addition to all this, this trick is usually played by someone we trust. This will be important to keep in mind later. Of course, in a business-focused social engineering attack, the stakes won?t often involve a bit of the special sauce from the #5 value meal on your shirt. The professional kind of social engineering plays on different fears and anxieties that are more directly related to the workplace. Since this usually takes some preparation, let?s go through the steps that the person behind the attack will generally take: How an Attacker Prepares Their Social Engineering Attack With some variance in the time spent by an attacker based on how sophisticated they want their attack to be, the first step the attacker will take is to plan their attack, doing their research to figure out their most effective option to fool someone. Let?s step into their shoes for a moment and run through what this research might look like. Let?s say we wanted to attack XYZ Widget Company. As social engineers, our first step is to collect as much data as we can on them. The Internet and its plethora of open-source intelligence (OSINT) make this easier than you might expect. For example, we could turn to the company?s LinkedIn, and discover that Jane Doe and John Q. Public both work there in customer-facing roles. A quick jaunt over to Facebook might reveal that Jane enjoys doing crossword puzzles and fantasy sports, while John is big into DIY activities, ranging from cheesemaking to quilting. From there, it?s an easy matter for us to reach out to either Jane or John using the OSINT we?ve collected and gain some of their trust. Once this trust has been established, we stand a pretty good chance of convincing them to give us more access than is warranted, or share information that they shouldn?t have shared. Of course, we could also take the simple route and instead try our luck with fear tactics. It?s generally a safe bet that an employee doesn?t want to get in trouble in the workplace, so sending a message that claims […]

What Does the Threat Landscape Look Like? First, let?s take a look at the threat landscape as a whole. It?s always changing, so you have to be capable of reacting to shifts in the way threats present themselves or launch their attacks. After all, these hackers are trying to subvert the attempts of the best security researchers on the planet, so you can bet they are bringing their A-game against your business, too. What are some of the challenges you can expect to run into with the cybersecurity environment? Let?s find out. The Most Common Threats The most common threats are made up of phishing attacks, ransomware threats, and distributed denial of service attacks. Phishing Attacks Hackers launch phishing attacks against users to try and gain unauthorized access to their accounts. These phishing attacks can be as simple as an email, a social media post, a telephone call, or other similar tactics, and they often request that the user take action as quickly as possible. While there are plenty of telltale warning signs to look for, it?s often after the fact that people realize what they have done. Many of the other threats we will discuss in this blog are spread primarily through phishing scams. Ransomware Threats Few threats pose as much danger to your organization as ransomware does. It locks down files on your system until you pay a ransom, often in a cryptocurrency like Bitcoin. Ransomware has developed into even more dangerous variants in recent years, now utilizing methods like double-extortion to increase its profitability and success rate. To ensure users pay the ransom, they threaten to release the stolen and locked-down data online, putting their victims in a lose-lose situation. Distributed Denial of Service (DDoS) DDoS attacks use the might of millions of infected devices, collectively known as botnets, to bring down networks and websites, overloading them with traffic all at once. Worse yet, these devices aren?t doing anything special?they just use their normal functionality to ping a network over and over until the system crashes. With so much traffic overwhelming the transfer protocols, all productivity grinds to a halt. DDoS attacks can be mistaken for malware or other network issues, and by the time they begin, it?s too late to do anything to stop them. Other options for hackers do exist, of course, but you?ll encounter the above three most frequently, and they will often perpetuate other types of attacks against your infrastructure. How Can You Protect Your Business? To take the fight to cyberthreats, we recommend you use the following strategies: Improve Awareness The greatest challenge you will face is that your employees might not be aware of the dangers posed by cyberthreats. You should do everything in your power to ensure they know that their actions while on the company network could impact the business. We recommend implementing a comprehensive training program that is complete with routine testing and review sessions. Some of the topics you should touch on include multi-factor authentication, how to spot phishing attacks, and how to build a secure password. Training your employees can pay off in spades, so long as it is done well and done often. Update Your Infrastructure All it takes is one weak link in your infrastructure to expose it to untold threats. Be sure to […]

With today?s technology, there are a few ways available to you. Let?s briefly review them. How Can I Protect My Employees? Health in the Workplace? Depending on how your workplace processes are shaped, you have a few options that the right IT can facilitate for you. First, and perhaps most obviously, comes the prospect of having fewer people in the workplace at a time. Take Advantage of Remote/Hybrid Work Policies It’s a relatively simple probability function: the fewer people that are present in the office at any given time, the less likely it will be that one of them is carrying some germ or virus. Taking advantage of today?s technology to facilitate remote or hybrid work makes it far easier for your employees to continue working productively and safely. This will require you to obtain the technology necessary to enable remote and hybrid work, as well as develop workplace policies that reflect these options. Reconsider Your Workspace Furniture As our understanding of human physiology has advanced, so has our view of how we should be spending our time working. Sitting has been viewed as the new smoking, with extended time spent seated associated with increased chances of a heart attack. Standing and convertible desks help to keep employees out of their chairs more throughout the day. Other options include holding walking meetings whenever possible and otherwise moving around more whenever able. Don?t Forget About Mental Health Needs, Too Mental health is a significant aspect of overall health, so it is important that you put safeguards and other preventative measures in place to protect that of your employees. One way to do so: encourage a healthy work/life balance by giving them a positive office environment to operate in and providing the support your employees need. Seeking out feedback on how to support your team members more effectively is a great start. Healthy and Safe Employees are Productive Employees It truly is in your best interests to take care of your team, both in terms of their physical well-being and otherwise. We?ll take care of the IT they use during their day-to-day responsibilities. Give us a call at (603) 889-0800 to learn more about our managed IT services.

What is Unified Communications? Unified communications is the act of integrating multiple communications tools into one platform to improve management and user experience. With a unified communications platform, a user can switch seamlessly between different modes of communication on whichever device they are using at the time. This is made possible through the use of software that supports real-time communications and asynchronous communications, keeping important conversations going whether they are internal or external.  How Does Unified Communications Work? A UC platform is usually supported by software that integrates the types of communications under one system. This makes it possible to quickly switch between a chat and a video conference with the support of Voice over Internet Protocol (VoIP) with a click of a button. The speed and utility brought by UC effectively speeds up business, making projects move faster, support better, and increase productivity.  The benefits don?t stop at efficiency and productivity. Today, there are UCaaS platforms that not only allow a business to get all the communications tools they could want under one platform, they can do so on a per-user basis that allows a company to scale their communications tools quickly and effectively. More than that, many of today?s cloud-based UC platforms can integrate with social media platforms, customer-facing applications, and other useful business resources to bring additional value.  What Are Some of the Components You?d Find in a UC Platform? When we talk about unified communications, we are serious about unifying the entire lot of communications tools your business uses. These include: Enterprise email Text messaging Chat programs Mobile  Instant messaging VoIP Transcription Video Conferencing Collaboration Calendars and scheduling Social networking File sharing Most businesses could benefit from unifying their communications. If you would like to have a conversation with one of our knowledgeable professionals about leveraging unified communications for your business, give us a call today at (603) 889-0800.

First, let?s consider what kind of data you might have that a cybercriminal would be interested in stealing. What Does My Business Have That’s Worth Protecting? Regardless of your organization?s size or industry, you almost certainly?actually, scratch that, you definitely?have data that is of value to cybercriminals. You accept payments, don?t you? Chances are, some if not most of these payments are in the form of credit. This data alone is worth quite a bit. Then you also have to consider your own company?s financial accounts and details, the other data you?ve collected regarding your clients, or any of your company?s trade secrets. There?s also the possibility that your business isn?t the final target at all, and that you?re simply being used as a convenient means of accessing their true target. So there?s plenty that any business has to offer that a cybercriminal would be interested in, at the expense of the business? finances (both in terms of rectifying the attack and losing business opportunities) and of its reputation. The Right Cybersecurity Solutions Can Help Ensure Your Business? Data Remains Safe There are a variety of things that you can (read: should) do to protect your business, from training your employees to be more security-conscious throughout the workday to maintaining a comprehensive backup and disaster recovery strategy. Even more fundamentally, however, you need to ensure that your business? network is protected through dedicated and properly-configured cybersecurity tools. These tools involve: Network Firewalls The most desirable threat to your business (stay with me here) is one that you don?t have to deal with at all. A properly-configured firewall will help keep these threats at bay by blocking them before they enter your network. Antivirus Again, the best threats are the ones that are neutralized before you ever have to worry about them. An antivirus program with updated threat definitions can help keep your network free of the vast majority of issues. Multi-Factor Authentication This is a security feature that augments the traditional password authentication measures we?re all so familiar with. The hard truth of the matter is that passwords aren?t all that great of a security measure, as they?re either too easy to guess or too difficult to remember. While we recommend that you still use unique passwords for all of your accounts, MFA takes the security they offer and increases it exponentially by requiring an additional proof of identity?oftentimes, a generated code or a biometric identifier. Physical Security While it might seem odd to bundle the locks on your doors and a security camera system with your cybersecurity, the digitized nature of these solutions and the capabilities they allow, make them an invaluable part of your cybersecurity stance. Data theft can include someone copying your data onto their own hardware, or even walking off with some of your data storage devices, so keeping those who would do so out of your business is critical as well. We Can Help You Accomplish All This and More At White Mountain IT Services, we take our clients? cybersecurity very seriously, as our success is tied directly to theirs. Find out more about how we could help protect your business by calling (603) 889-0800.