Lesson One: Track Your DataThe Yahoo and Equifax data breaches led to countless individuals losing track of their data and how it?s used online. These breaches made it unbearably clear that even some of the largest organizations in the world aren?t immune to the dangers of the Internet, and even they could become victims if they didn?t pay particularly close attention to their security. In some cases, these breaches remained unannounced for months. This observation led to the belief that small and medium-sized businesses must be much more careful with their data than they previously had been. If large companies can be toppled by security threats, then so too can small businesses (since they likely have smaller security budgets and less comprehensive solutions put in place). Therefore, a small business should also take as many measures as possible if it should hope to secure its future. Lesson Two: Patches Are Extremely ImportantPatches and security updates are one of the best ways to prevent data breaches. In the Equifax case previously mentioned, it would have been vital. Patches are implemented by developers with the express purpose of resolving holes in their solutions. Yet, 2017 has shown that some companies need to put a higher priority on patching, as many of the issues that 2017 saw could have been prevented with proactive patching. Everything starts with the developers, though. If the developers don?t issue the patches and updates in the requisite timetable, the problems posed by the threats could have plenty of time to cause as much damage as possible. For example, the bug that allowed the EternalBlue exploit wasn?t patched until a month after the issue had become known. The exploit was then used alongside other threats, like WannaCry and NotPetya, to cause even more trouble for organizations and individuals, alike. Therefore, we recommend that you apply patches as soon as possible after they are released. We also recommend that you maintain a consistent patching schedule, routinely deploying them as you can. After all, the longer you wait to deploy a patch, the longer you have to become infected by the very bugs that they are designed to fix. Plus, the longer the patch is available, the longer it is available to hackers. These nefarious actors could take it apart and discover what vulnerability is being addressed, affording them time to create code that would negate the effects of the designated patch. Lesson Three: So Many Ways for Data TheftCisco has found that business email and account compromise attacks are five times more profitable than your typical ransomware attacks. In fact, the Federal Bureau of Investigation estimates that BEC attacks have lost businesses over $5 billion. Therefore, your organization needs to take a stand against common security threats. One way you can shore up defenses for your infrastructure is with traditional endpoint security. If you can keep threats from accessing your network in the first place, you?re setting yourself up for success. You can use access controls to ensure that a hacker can?t access your entire infrastructure from a single unsecured endpoint. We also recommend educating your employees through security training so that they are made more aware of their role in network security for your organization. Don?t let your business fall victim to security threats in 2018. To learn more […]

The breaches that were seen throughout 2017 actually had a lower average cost than other years, dropping by 10%. However, this still makes the average cost of a breach a considerable $3.62 million, and the particular bodies that were breached are cause for equally considerable concern. Furthermore, while there was a decrease in the average cost of a data breach, there was more data lost in the first half of 2017 than there was in the whole of 2016. Looking back at the nature of some of these data breaches, there?s little wonder that so much data was lost. The Equifax breach provides one of the most stunning examples of a data breach, and on a related note, one of the biggest examples of how a breach shouldn?t be handled. Not only were 143 million customers made vulnerable between May and July of 2017, the credit monitoring company waited until September to come clean that a breach had occurred. As a result, a little over a third of the American population was put at risk by having their personally identifiable information like social security numbers and birth dates stolen, without any knowledge of it. The CEO of Equifax put out an apology video that was widely seen as insincere, before losing his job. In March, a database belonging to business analytics firm Dun & Bradstreet was exposed, allowing 33.7 million contact information records to be accessed. The database included contact information from a variety of recognizable organizations, including Walmart, AT&T, and most disconcertingly, 100,000 employee records from the Department of Defense. This information included the names and job titles of these employees as well. Verizon also found itself in hot water in July when 14 million of their customers had enough data to access their accounts exposed. While there was no indication that this database was actually ever accessed by a cybercriminal, the fact that it could be accessed by anyone who happened to type it the right URL provides proof, along with the countless other examples of data breaches, that businesses need to take their data security more seriously than they are. The most effective means of doing so may be to outline the cost that each industry faced for each breached record. Reportedly, records for the following industries cost the breached business the associated amounts, for each record that was breached. Healthcare: $355 Education: $246 Financial: $241 Services: $208 Life science: $195 Retail: $172 Communications: $164 Industrial: $156 Energy: $148 Technology: $145 Hospitality: $139 Consumer: $133 Media: $131 Transportation: $129 Research: $112 Public: $80 These are the numbers for 2016, so while 2017?s average cost per breached record will be lower, it is important to remember how many more breaches were seen in 2017, and how many more records were therefore accessed. As a result, while the average cost will be lower, the total can be expected to be much, much higher. This applies to more than just the major companies and other large businesses and enterprises that are out there, as well. Reports have indicated that, not only do over 70% of attacks target small businesses, but over half of all small businesses have been a target of a cyberattack. Even worse for the small business, the estimated cost per breach can reach over half a million […]

Be Aware of Return on InvestmentAny technology that your business implements should present a clear return on investment. If it doesn?t, then you can?t justify implementing it. A good IT project manager will be able to identify whether or not a project will yield sufficient return on investment for your business. Some questions you should ask yourself are if it will bring more profits in and if your operations will become more efficient. If the answer to either of these is a yes, chances are the solution is worth implementing, and an IT project manager needs to know how to read these situations. Identify Potential IssuesAn analytical mind is critical to the success of any IT initiative. Your IT project manager needs to not only be able to identify potential roadblocks, but how to respond to them as well. This includes extensive knowledge of how IT systems work, including networking components, software solutions, hardware (like servers and workstations), and cloud-based applications. The true IT professional will be able to identify what your business needs, any roadblocks that will be encountered along the way, and the ideal way to approach them. Have Patience with Non-Technical WorkersLet?s be realistic; nobody knows the ins and outs of IT terms, definitions, and technologies quite like a project manager. Therefore, you?re likely to run into situations where your business will have non-technical employees or administrators who don?t necessarily know all of the details regarding your project. It?s up to the project manager to bridge this gap of understanding and ensure that even the most untechnical workers understand both the benefits and shortcomings of the various technologies you?ll implement. Make Tough CallsIt?s not always easy working with technology, and nobody knows that more than your IT project manager. Sometimes they will need to make decisions that nobody likes, be it the implementation of a content filter to limit employee use of social media networks or pulling the plug on a solution when it?s just proving to be too stubborn to yield a return on investment. These tough choices are what ultimately defines the project manager position, and you only want one who can separate the bad from the good to make an objective decision. Does your business need a quality project manager? White Mountain IT Services can give you a whole team of IT experience ready and willing to help you ensure success. To learn more, reach out to us at (603) 889-0800.

MiraiAs a malware strain that leveraged Internet of Things devices to create a zombified botnet and launch Distributed Denial of Service attacks, Mirai was responsible for no small amount of trouble on the Internet. Its developers, 20-year-old Josiah White and 21-year-old Paras Jha, have pled guilty to developing and leveraging Mirai to their own ends. The two established a company called Protraf Solutions LLC, which was dedicated to mitigating DDoS attacks. Using this company in tandem with their creation, White and Jha would launch a DDoS attack against a company and then sell their solutions to that company, or would collect money through the other side, accepting payment from their victims to stop the attack. White and Jha also teamed up with an accomplice, 21-year-old Dalton Norman, to leverage Mirai as the driving force behind a click fraud scheme. This scheme alone brought them around 200 Bitcoin, with 30 going to Norman. Mirai was also responsible for powering the DDoS attack on Dyn, one of the largest data centers east of the Mississippi River. The trio was charged with click fraud conspiracy, each being sentenced to a five year stay in prison and a fine of $250,000. Jha and White were also charged with conspiracy for writing and using Mirai, to which they pled guilty. This added another five years to their time in prison, another $250,000 fine, along with three years of supervised release. NSA DataOn December 17, 2017, an employee of the National Security Agency pled guilty to ?willful retention of national defense information.? According to the United States Justice Department, Nghia Hoang Pho was hired as a developer for the Tailored Access Operations, or TAO, unit in 2006. The TAO unit was tasked with creating hacking tools to be used to collect data from overseas targets and their information systems. In the time between 2010 and March of 2015, Pho took classified data and stored it on his home system. This system had antivirus software from Kaspersky Lab installed on it. There are suspicions that Russian hackers have exploited Kaspersky Lab in order to steal documents, quite possibly the ones taken home by Pho. The US Department of Homeland Security issued a directive that disallows the use of software made by Kaspersky Lab in federal agencies. Pho faces up to 10 years in prison, and will stand for sentencing on April 6. YahooIn March of 2017, four men faced indictment for hacking into Yahoo, effectively exposing the personal account information of one billion users. 22-year-old Karim Baratov has been charged with cooperating with two members of the FSB, or the Federal Security Service of the Russian Federation. As part of his work for the FSB, the young Canadian hacked into 80 accounts, in addition to the more than 11,000 webmail accounts he had hacked since 2010. Utilizing customized spear-phishing content, Baratov also provided a service that granted access to Google, Yahoo, and Yantex accounts. Baratov has entered a guilty plea for all nine counts he faces. The first count is for aggravated identity theft, and carries a mandatory sentence of two years. The other eight counts are for violating the Computer Fraud and Abuse Act, and could each carry a sentence of 10 years and a fine of $250,000. Fortunately for Baratov, the United States? federal sentencing […]

Managed IT maintenance is the ideal solution for small organizations for several reasons. For one, it?s simply more efficient and less reactive than a break-fix IT provider. Instead of only resolving problems when they happen, you can instead prevent them all together, before they cause a lot of frustrations and downtime. Here are some ways that managed IT can help your business effectively care for technology. Improving FlexibilityIf you hire more employees, this means that you have more users to provide software to. If you?re not careful, this can lead to unexpected costs associated with software licensing and other accounts. This also leads to having more devices to secure and more employees accessing your network. The idea here is that the more technology you have in your infrastructure, the more work you have on your hands. White Mountain IT Services can help your business ensure flexibility no matter how many employees or services your organization needs. Assisting with In-House MaintenanceAssuming you have an IT department on-hand for your small business, it?s likely a small group of IT technicians whose sole responsibility is either general upkeep or implementing new solutions. However, their workload is likely to be too much for both–it?s generally only one or the other. Outsourcing your technology maintenance and management can be a great way to make sure that all responsibilities are fulfilled, regardless of the workload. For example, we could act as a help desk while your in-house team manages a critical project, or vice-versa. This helps to create success in the workplace regardless of how much work has piled up. Managing Your VendorsThere are several vendors that you work with to find products to suit your business, and all of these products require some sort of service at some point. For example, you might need to reach out to your vendors in order to procure new hardware or software for your business. It can be costly, time-consuming, and frustrating to constantly reach out to your vendors, which is why White Mountain IT Services offers vendor management. We take multiple points of contact and consolidate it into one, making it simple and easy for you to reach out for assistance. Generally Improving Operational EfficiencyA managed service provider can improve the way that your business functions on multiple levels. There?s something to be said about having hands-off IT maintenance to keep your business running as smoothly as possible. We firmly believe that you should remain focused on running your business instead of running your technology, so why not let us take the responsibility off your shoulders? To learn more about how you can make your technology work for you, reach out to us at (603) 889-0800.