Recent Blog Posts

New Android Malware Wants to Spend Your Money

Is Malware Spending Your Money? This type of malware is especially tricky. Where ransomware is immediately in your face, demanding money in order to give you access back to your computer and data, toll fraud malware just spends your money without your consent. It works by subscribing you to paid content and adding the charge to your phone bill. It might temporarily disconnect your device from Wi-Fi in order to force your phone to use the cellular network. It will also try to hide any one-time passwords, two-factor messages, and verification messages in order to keep its work hidden from you. This isn?t an entirely new concept?toll fraud was a problem years ago that would affect users with dial-up internet connections, and it has made a few appearances over the years with the popularity of mobile phones. Microsoft, however, has issued a warning that toll fraud malware is becoming a very big problem for a lot of users. How to Prevent Getting Malware on My Device To protect yourself, you need to be aware of what you install on your device. You can?t trust everything. While Google and Apple both do a pretty good job at vetting applications, the system isn?t perfect. An app on a trusted app store isn?t always going to be safe to use. Often malware is found on apps in popular categories found in the app store, like wallpaper and lock screen apps, or apps claiming to speed up your device or protect it from viruses. When you install an app on your phone, it will ask for permissions that don?t make sense (there?s no reason that your new wallpaper app needs to have access to SMS or notification listening privileges). You do, however, want to avoid installing apps that aren?t on the Google Play Store. There?s an even higher chance that an app that isn?t on the Play Store might be dangerous. It?s all about being careful. Don?t install things that you don?t really need, and if you are having an issue with a device, have someone take a look at it. An application usually isn?t going to improve the performance of a device, but if you feel like you need to speed up an older device, a professional can help you determine the best way to do that, if it?s possible. You can also look at reviews for the app, and take your time reading the app description and information about the developer. If something seems suspicious, it?s worth scrutinizing. If you are having an issue with any technology, don?t hesitate to give us a call at (603) 889-0800.

How to Create a Risk Management Process for Your Cybersecurity

Why is Risk Management Crucial to Your Cybersecurity? In a word, preparedness? but a strategic approach to it. Let me ask you this: if your business was located in the middle of the Sahara Desert, would you be terribly concerned about a snowstorm interrupting your processes? Of course not, so you certainly wouldn?t prioritize any efforts that were specifically intended to fight a snowstorm?you wouldn?t keep a supply of snow shovels to clear off the roof, for instance. Risk management is the practical approach behind this extreme example, and when applied to your cybersecurity, it is based on the unique balance of cybersecurity risks that your business exhibits. By developing a cybersecurity risk management plan, you are able to adjust your approach to match this balance. How to Fulfill Cybersecurity Risk Management Generally speaking, the process behind cybersecurity risk management is as follows: Identify Potential Threats First, consider your business? hardware infrastructure and the software that it hosts. Are there any known vulnerabilities that might affect it? What threats could potentially bypass your existing protections? Having a comprehensive list of these potential threats from the start will be crucial. Weigh Out Each Threat?s Potential Risk Once you?ve created your list of potential threats, you need to determine how likely each threat is to occur?and whether or not you can live with that likelihood. As you do so, you should keep the impact that each threat might have in mind. After conducting this impact analysis, you should have a tiered list of potential threats arranged by their risk. Establish a Response to Each Risk Level Using this list, you are ready to determine how each risk level should be approached. Generally speaking, there are four responses that you can take that are known as the four Ts of risk management: Tolerate – If you determine the risk is unlikely enough or not severe enough to address, you accept that you may encounter it. Treat – If the risk is sufficiently concerning, you put security measures in place to reduce its likelihood. Transfer – If there?s a risk that is beyond your capabilities to control, you involve other parties in the risk?outsourcing your protections, and/or taking out cybersecurity insurance. Terminate – If the risk is severe enough, you fully avoid it by altering the processes that create the risk, if not suspending them entirely. Continue to Monitor These Risks and Adjust as Appropriate After addressing your risks, based on the above responses, you should continue to keep an eye on them. Reexamine your potential threats every so often to see if your level of risk has changed and if you need to reconsider if your established response is still appropriate. With the threat landscape changing constantly, it?s almost guaranteed that your responses will have to change at some point. We Can Assist You with Your Cybersecurity Risk Management Remember the transfer option we reviewed above? White Mountain IT Services is one such party you can outsource some of your protections to. Our comprehensive cybersecurity measures can help to treat and terminate many of your largest business risks. Give us a call at (603) 889-0800 to start mitigating those things that threaten your business.

Do This Right Now to Ease the Stress of a Cybersecurity Incident

Build an Emergency Contact Sheet as a Part of Your Business Continuity Plan Yep, it sounds simple. In fact, it?s probably something that you already have, but let?s make sure that it?s up-to-date and includes some good information that will help you and your staff in case there is a major disruption to your business. What do we mean by a disruption? Let?s assume you can?t access any of your systems; your line of business apps, your email, your contacts, and the documents on your server. Let?s assume that something big locks you and your staff out of everything for a day or two. It?s not ideal, and obviously we want businesses to work with us to be more prepared for this, and have safeguards in place to prevent this type of threat. Even so, having a really good contact list is going to be key for communication. Open up a Word document and list out the name and personal phone number of each employee, starting with management. Note if that number is a cell phone (so you know which numbers can be texted).  Next, list out emergency contact information?the local fire department, police, 911, etc. List out insurance contact information. If you have an alarm company, add them to the list, and other vendors you might need to reach. We recommend adding (603) 889-0800 so you can call us if you need help. Finally, depending on your business, you may want to add some of your biggest, most important clients to that list. You?ll want to contact them first thing and let them know that there may be a disruption of services. If one morning you get alerted that your entire network is down and nobody can access anything, you?ll be so glad you had this. That?s a Good Start, But Business Continuity Doesn?t End There Having a thorough, tested business continuity plan is an important tool for any organization. Communication is key, and you?ll want to be able to keep your staff and customers in the loop if something disrupts your services. At White Mountain IT Services, we help businesses prepare for emergencies with our iron-clad data backup and disaster recovery services, and we can help protect your business from online threats and other problems that could cause major disruptions. For more information, give us a call today at (603) 889-0800.

When Does Cloud Computing Start to Make Sense?

What Are Your Options? Nowadays, cloud computing has become reliable enough to do about any type of computing your company needs. With this fact, you now have to decide whether adding new hardware to your server stack is the best option; or, should you seriously consider deploying virtual environments through the cloud. Let?s go through some of the pros and cons of each. New Onsite Server Before we talk about some of the considerations that go into hardware purchases, let?s talk about some of the pros and cons of deploying onsite servers. The first, and probably the most important benefit of utilizing onsite hardware is that you have complete control over the infrastructure. Not only can you set it up the way you want, you maintain access and don?t necessarily need an Internet connection. This can be extremely beneficial if you house sensitive and proprietary data.  Since the business environment has changed substantially over the past several years one of the leading talking points in the discussion between cloud and on-site infrastructure is the question: who needs access to it? With a lot of people now being able to work remotely, they need access to company data. This creates two big issues: How do you get your new onsite server set up reliably and ready to work for your company? How do you get remote workers access to the data and applications they need on that server? These are important questions and ones that any business that decides they would like to get the benefits of hosting their own servers have to immediately confront. After all, if you don?t set your infrastructure up effectively, you will be constantly tinkering with your IT and it won?t bring your organization the value it should.  Cloud-Based Servers Over the past several years, cloud computing has become a mainstay for businesses of all types. Before that, enterprise businesses were the only ones that were able to take advantage of these hosted servers, as the costs associated with data transmission?the way many of these systems are charged?were seen as prohibitive to businesses and organizations with smaller technology budgets. Prices have dropped substantially and now, with the needs of many businesses including catering systems to remote workers, cloud servers are now one of the most utilized by all businesses. Obviously, if your servers are outsourced and hosted in a public cloud environment, you lose the capabilities to set up your machines. For most business purposes such as application deployment, communications, and collaboration, this doesn?t have the ?risks? it once did. Additionally, cloud-based infrastructure can always be scaled to the amount of computing and storage your business needs, putting an end to the constant hand-wringing over software licensing and storage costs.  What you will absolutely need to take full advantage of cloud-based servers is a reliable and fast Internet connection. This can be a sticking point, especially if your organization likes to use innovative new communications platforms hosted in the cloud. Your end-users may not always have access to the type of bandwidth needed to reliably take advantage of the cloud-based tools. As far as cost goes, the cloud-based infrastructure doesn?t demand that your organization make huge financial decisions with their IT infrastructure, but it does require that you pay the per GB or service subscription fees […]

Why a Single Sign-On Actually Improves Security

What is Single Sign-On? Imagine that you use a single password or username to sign into multiple different accounts, not even those that are necessarily related. This is basically what single sign-on is. It is a centralized authentication platform where you use one set of credentials to access multiple applications or platforms. As explained by CSO, ?In the most common arrangement, the identity provider and service provider establish a trust relationship by exchanging digital certificates and metadata, and communicate with one another via open standards such as Security Assertion Markup Language (SAML), OAuth, or OpenID.? You log in once, and that login can be used to sign you into other accounts associated with that login. Think about it like this; rather than authenticate the user themselves, the application asks another application to authenticate the user for them, then allowing the user to access the application as if they had used a username or password pair in the normal way. Why Is Single Sign-On Useful? There are many reasons why single sign-on can be useful. Here are some of the following: Passwords are hard for employees: Employees who have to remember multiple complex passwords and usernames for various different accounts can often make mistakes or forget their passwords. Cloud sprawl is a very real thing: The more applications businesses implement, the more difficult it becomes to manage them all. SSO provides businesses with ways to authenticate users in a way that is beneficial for productivity and security. Easy IT management: IT administrators can more easily revoke privileges for accessing various services or applications, since there is only one pair of credentials associated with SSO. Isn?t That a Security Discrepancy? It?s easy to see how single sign-on could create a security issue if it is implemented incorrectly. After all, what happens when that one credential gets stolen by a hacker? In reality, SSO does the exact opposite. It reduces the attack surface considerably, and with fewer opportunities for employees to create insecure passwords, the likelihood of attacks falls somewhat. In short, SSO is more likely to help than it is to hinder your security. The biggest issue you are likely to encounter with single sign-on is adding new technologies or making adjustments to your IT infrastructure, as SSO implicitly ties together many different services. The biggest benefit you can expect from SSO is by far the improvements to productivity. Since users will be logging in fewer times throughout the day, they can instead focus on getting work done, meaning more opportunities to improve your bottom line. White Mountain IT Services can advise you on the appropriate way to secure your organization and potentially offer solutions for how to approach cloud sprawl. To learn more about what we can do for your organization, reach out to us at (603) 889-0800.