Let?s go over what this will mean for your business? location and processes. 1.  Face Masks and Temperature Checks All Around Common knowledge and good sense have had many people wearing protective face masks for a few months now, with some states mandating it whenever someone makes any public appearance. Don?t expect this to change once you?re in the office, especially when you?re moving about your workplace or using the bathroom. It is possible that you may be able to remove it once at your desk, but only if the recommended social distancing measures can be maintained as you do so. It is also likely that temperature checks could become a prerequisite to enter the workplace, with anyone displaying a temperature of 100.5 degrees Fahrenheit sent home and advised to call their doctor. These actions will help to minimize the risk of someone potentially carrying the virus into your workplace and spreading it amongst your employees. 2. Staggered Shifts and Floor Plan Changes Speaking of your employees, it is recommended that you minimize the number of people in the office at any given time by implementing shifts. Rather than everyone working on-site from nine to five each weekday, perhaps you stretch the workweek out to seven days, but with only certain employees working on certain days. Perhaps you adopt, if your processes allow it, more remote operations, allowing your employees to still work from the safety of their own home. Those workplaces that tout modern innovations like the open floor plan will need to regress back to the cubicle for the time being, to help minimize the potential spread of COVID-19. 3. Adjusted Meetings and Canceled Events On a related note, meetings and company gatherings are guaranteed to shift. How often have you attended meetings held amongst a few people in a small room, crammed into close quarters? How many people have you chatted with at the office coffee pot? How many office parties or events have you attended? Moving forward, these kinds of activities will need to be placed under moratorium, at least until a workable resolution to the current health crisis is developed and distributed. Such events are the perfect antithesis to social distancing. Instead, you should shift your meetings from in-person gatherings to online collaborative sessions, and rather than acknowledging birthdays or anniversaries with break room cake, send your well-wishes in an email thread. For safety?s sake, the modern workplace will have to see significant changes if operations are to continue. White Mountain IT Services can help you make any adjustments to your technology that these changes may require. For more information about the way that we can help you sustain your operations, reach out to us at (603) 889-0800.

Consider Your Employees? Position Think about how your team may react to the idea that they suddenly won?t have a stable source of income. Chances are, they will swiftly be open to the idea of alternative sources of income. Scam artists are very aware of this and will take full advantage of this opportunity. The Better Business Bureau has collected data within a study that revealed a clear increase in cons and attacks toward businesses and workers currently out of work. Specifically, these attacks have taken the form of a kind of phishing known as employment scams. Employment scams or job scams are just another way that cybercriminals gain access to your personal data. Basically, their hunting ground consists of the online job sites and gig opportunities that your employees may be tempted to peruse as their job prospects. By roping in your employees?potentially extracting their financial data as they do so?these scammers seek to profit for themselves. Scammers will post fraudulent job postings on job sites to rope in victims and require them to pay for training materials or special certifications that never come, or to cash a bad check before being ?hired.? Warning Signs to Watch Out For To help protect your employees from these impacts, make sure that they look out for the following warning signs: Interviews are conducted over messaging services. If a company reaches out to you over a casual messaging service, like Facebook Messenger or Google Hangouts, it is highly unlikely that the offer is legitimate. This is only more the case if they request your personal information over these platforms. Most businesses will instead use their own messaging platform if they need to. Job descriptions and requirements are unclear. If an ad that you find is vague, it is almost certainly a trap. Businesses will be specific as possible to get the best candidates they can. Since scammers don?t have an actual job to fill, they aren?t nearly as particular in their job descriptions. Personal information is requested during or prior to an interview. A fake job ad will often ask for these kinds of details. Do not give them over. The time for that will come when the HR department is settling your paperwork once you?ve secured the job. Payment is required to apply, or they offer career counseling instead of a job. Desperation is a powerful motivation, so scammers have realized that they can leach money out of people who are job seeking or offer them career counseling services in exchange for a fee. Make sure that you do everything you can for your employees as they are trying to make ends meet, and if they are looking for some extra freelance work, encourage them to keep a few best practices in mind: look up the company you?re interviewing online, keep your information to yourself, and take everything with a grain of salt. White Mountain IT Services also can provide your business with the technology that allows your team to work remotely, sustaining your operations and keeping them employed. Learn more about how we can assist you by reaching out to us at (603) 889-0800.

All Business Requirements and Responsibilities It simply needs to be said: your employee handbook should be the consummate resource for any questions your employee has about their employment and the conditions of such. This ensures that each member of your team will at least have access to a resource that provides a lot of information that they will need, such as: FMLA (Family and Medical Leave Act) information Non-discrimination policies Sexual harassment policies Worker?s compensation policies Furthermore, it should also provide them with a guide to your internal policies, like: Paid-time off policy Payment times and promotion/review policy Employee behavior expectations Employee dress code Benefit structure Remote work policy Social media and employee device policy It also isn?t a bad idea to include some content to help set the tone of your organization for your employees. For instance, including your company?s mission and history into your handbook and endorsing the company culture you want to encourage is a good way to set the tone from the get-go. Consider Your Layout For your handbook to be optimally useful, you need to organize it so that it is as useful as you can make it. Arranging its contents to feature the most useful information at the very beginning can make them, well, more useful. Explaining all your policies in great detail and summarizing them in depth will help to do this, as well. Update It Here?s the thing: circumstances change over time, which means that you may eventually have to amend your policies to match. This is especially the case when the cause of these changes is based in the development of the technology that is available to businesses. As these changes are important to keep up to date with, your handbook will need to be adaptable? which, as you may have predicted, means it should be digital. While it may seem silly to focus so much on what seems to be such a small detail, a good handbook can set the tone for your entire administrative and IT strategy. For assistance in creating the IT policies that will do your business the most good, give White Mountain IT Services a call at (603) 889-0800.

Breaking Down the Numbers According to the 2020 Black Hat Attendee Survey, these professionals were significantly concerned with potential cyberthreats and infrastructure beaches as the ongoing health crisis continues. Significantly concerned, as in 94 percent of respondents seeing COVID-19 increasing the threats to enterprise systems and their data, 24 percent seeing this threat as ?critical? and ?imminent.? A lot of these respondents were concerned with the idea of vulnerabilities in their remote access systems, with 57 percent of them responding in the affirmative. 51 percent were concerned about possible social engineering and phishing attacks. Adding to the concern, a full 90 percent of these cybersecurity professionals predict that there will be an attack on the critical infrastructure of the United States within the next two years, rising from the 2019 prediction stat of 77 percent and the 2018 stat of 69 percent. In 2019, 21 percent of these professionals thought that there were sufficient preparations in place for government and private industry to handle these attacks. Comparatively, only 16 percent feel the same this year. Clearly, this does not bode well for businesses, and the current COVID-19 crisis only adds another level of difficulty to their operations. After all, many business owners may disregard one issue in the face of an admittedly much more visible one. Furthermore, with so many now operating remotely, there is the added insecurity that often comes with untrained remote operations. For instance, many common security concerns are associated with the tools meant to secure precisely this kind of operativity, such as: Passwords were only rated as 25 percent effective Antivirus tools were rated as 31 percent effective Cloud security providers and cloud security tools received less-than-stellar ratings?41 and 46 percent saw them as ineffective. What?s worse, 70 percent of these cybersecurity experts foresee a major security breach within their own organization within a year, with 59 percent citing insufficient security staffing and 56 percent citing insufficient budgetary resources to protect their operations. Perhaps most discouraging is the idea that 53 percent of surveyed cybersecurity professionals stated that they felt serious burnout setting in. Considering that 2019?s stats placed this number at 40 percent, this jump is certainly severe. What Can Be Done? Based on the results of this survey, it?s clear that there needs to be a paradigm shift within businesses. Not only should cybersecurity be taken more seriously as these businesses go about distributing their available budgets, there also needs to be a greater awareness of the importance of cybersecurity on every level. Take, for instance, the importance of cybersecurity measures and how half of today?s available tools had such poor efficacy ratings. When passwords were only rated as effective by 25 percent, but multifactor authentication (84 percent), encryption (74 percent), and endpoint security (63 percent) saw much higher efficacy ratings, it seems pretty clear that the overall technology strategy that many businesses utilize needs to shift in the near future. White Mountain IT Services can help in this regard, as our team can assist your business in implementing and utilizing these improved cybersecurity measures?even now. To learn more about how you can protect your business from cybercrime through strategic technology and improved user training, reach out to us at (603) 889-0800.

Understanding PCI Compliance The credit card companies listed above make up what is called the PCI Security Standards Council. They have created a mandate that any business who wants to accept payment cards needs to adhere to. That means every business. So from the largest multinational corporation to the smallest street vendor, if that company needs to accept payment by credit, debit, or affiliated gift cards, they need to be PCI compliant. This means that any business that stores information or processes payment using digital payment cards would have to maintain PCI compliance. Here are 10 actions those business need to take to meet compliance regulations: Change passwords from system default Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data Encrypt transmission of card data across public networks Restrict the transmission of card and cardholder data to ?need to know? basis Assign user ID to all users with server or database access Make efforts to protect physical and digital access to card and cardholder data Monitor and maintain system security Test system security regularly Create written policies and procedures that address the importance of securing cardholder data Train your staff on best practices of accepting payment cards Fortunately, many businesses already do these things to keep the data they store safe. Companies that don?t will likely be in breach of the regulation, and therefore, face the ire of PCI regulators.  PCI and Business Size According to PCI regulators, the size of your business is in direct proportion to the amount of risk you take on. That?s why PCI Security Council mandates break businesses into four different merchant levels. They are: Merchant Level #1 – A business that processes over six million payment card transactions per year. Merchant Level #2 – A business that processes between one million-to-six million payment card transactions per year. Merchant Level #3 – A business that processes between 20,000-to-one million e-commerce payment card transactions per year. Merchant Level #4 – A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year. Let?s take a look at the responsibilities businesses in each merchant level have to stay PCI compliant: Merchant Level #1Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to: Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA) Allow an Approved Security Vendor (ASV) to complete a quarterly network scan Complete the Attestation of Compliance Form for PCI Council records Merchant Level #2As transactions begin to decrease there are less stringent standards. Level two?s include: Perform a yearly Self-Assessment Questionnaire (SAQ) Allow an ASV to complete a quarterly network scan Complete the Attestation of Compliance Form for PCI Council records Merchant Level #3Many medium-sized businesses will fall under this level and need to: Perform a SAQ Allow an ASV to complete a quarterly network scan Complete the Attestation of Compliance Form for PCI Council records Merchant Level #4The majority of small business fall into level #4 status and like levels two and three need to: Perform a SAQ Allow an ASV to complete a quarterly network scan Complete the Attestation of Compliance Form for PCI Council record Data privacy is more important now than […]