Consider these three factors when thinking about which cloud solution fits your business needs. Who?s Hosting and Maintaining It?Managing a cloud solution is no simple task, and unless your business is focused on technology, chances are that you don?t have the skills required to manage one. More than that, you certainly don?t have the time to do it, either, and your budget probably doesn?t allow for the hiring of an internal IT department. In cases like this, a cloud solution that?s hosted and maintained off-site by professional technicians is of great value. Out of the three types of cloud solutions available to SMBs–public, private, and hybrid–your organization can make any of them work for hosting and maintenance. Public clouds are stored and hosted in an online space that?s managed by the provider. Private clouds, on the other hand, can be hosted either on-site on your own private network, or virtually in a secure data center. Hybrid clouds combine the best aspects of both types of cloud solutions to offer the convenience of public with the functionality of private. How Much Flexibility Do You Need?It?s natural for a business to grow over time. You?ll likely add more users and other types of technology in the near future, especially as your company becomes more successful and more clients are onboarded. This next factor is one that you?ll only be able to answer if you?ve put considerable effort into thinking about the future of your business. Where do you see yourself in the next five or ten years? Will your infrastructure be able to support change? Thankfully, the cloud is a great tool that helps organizations adapt to changes in both the number of users and the type of devices accessing the data. No matter which cloud solution you get, you?ll have control over the numbers of users and the amount of storage you have. Just keep in mind that the public cloud will likely cost more as your needs expand, while a private cloud will require investment on your end if you manage your own cloud. How Much Security Do You Want?Security is one of the most important parts of running a business, especially when it comes to cloud-based storage. Since it?s located in a virtual environment, it?s easier for hackers to gain access to, and therefore must be protected by security solutions designed to prevent breaches before they occur. The problem, though, is that cloud solutions don?t all offer the same level of protection. How can you know which is right for you? Depending on the cloud solution, you?ll only have a certain amount of built-in security. The public cloud usually only offers a set level of protection since you don?t have the freedom to augment it with external features. Keep in mind that the public cloud is still relatively safe, as public cloud providers tend to have full IT teams behind the maintenance and management of them (plus they risk their own business if they can?t keep their customers? data safe), but if you want to improve security, a private or hybrid cloud solution is your best bet. With additional security features available to you, your business can thrive without having to worry about how protected its cloud-based data and applications are (provided that you are protecting your infrastructure). For […]

Security issues can have any number of causes, meaning that every business needs to have a comprehensive security solution. This doesn?t mean, however, that there aren?t additional, small measures to implement that can give your organization?s security an added boost. Here, we?ll talk about two: keeping your software patched, and identifying social engineering attempts. Applying Software PatchesThis method of boosting your security is a bit of a no-brainer, as patches are literally fixes to security vulnerabilities. Yet, despite how simple it seems on the surface, there are a few levels to consider as you go about patching up your software. First of all, are you prioritizing your patches correctly? It?s simple: while ideally you would be patching up all of your software solutions, you just may not know that there are patches available, or you may not have the time to do so. In reality, there are usually programs on a company?s network that go unpatched. Fortunately, due to the nature of exploits, hackers and other malicious parties tend to reach for the low-hanging fruit instead of putting in the extra work and devise an exploit for each instance of the vulnerability. This could ultimately total up to thousands upon thousands of programs. In a hacker?s mind, it?s much easier to just strike the lowest common denominator and use just one exploit. Nevertheless, you should still do your best to keep every piece of software on your system up-to-date and patched. Just remember to put the most likely targets first on your list. It also helps to keep your systems as clear of unused programs as possible. After all, the fewer pieces of software there are to exploit, the fewer opportunities there are for someone to exploit your software. Plus, that?s fewer solutions for you to maintain and patch, saving you time. Foiling Social Engineering AttemptsSocial engineering is a method that nefarious users will employ to get you to play right into their hands. If you have ever received a phone call or email message claiming that your systems have been jeopardized and you ?need? to provide them with access to your computer for them to resolve it, you?ve likely been the target of a social engineering attempt. From those who reach out online with an offered benefit or warning to those who literally follow employees past locked doors, these malicious users can be foiled through some simple vigilance. Remind employees that they shouldn?t accept an unknown face wandering about the office. Your employees should also exercise caution in their inboxes, as well. If they receive an unexpected email from an unfamiliar source, make sure they know to avoid it. This is just the start of the potential improvements you can make to your security strategy. For more information, be sure to reach out to White Mountain IT Services at (603) 889-0800.

At first glance, a college would be one of first places any hacker would look to steal information. Not only do today?s colleges have vast, powerful networks, they have many people that regularly compute on those networks who don?t take network security into account in the least. Despite the work of diligent IT administrators, the actions of the students and faculty on the network can really cause a lot of problems, so can direct attacks on the same students and faculty. For this reason, many colleges are starting to implement two-factor authentication procedures to ensure that even security-negligent college students aren?t putting their entire organization?s network at risk. Two-factor authentication, for those who do not know, is the practice of requiring two steps to gain access to the network in the form of questions. The design is pretty simple, and has been around for a while. Traditionally, a user would type in a password which would prompt another access authenticator code. That electronic authenticator (also called, fob) would provide the user a code to use to access the door. Nowadays, most of the two-factor authentication credentials can be sent to an individual?s mobile device, as an overwhelming majority of people rely on smartphones. In an article on KrebsOnSecurity, the Director of IT security and Infrastructure at Bowling Green University, Matt Haschak, stated that these attacks had grown from a relatively benign 250 in 2015 to over 1,000 in 2016. These attacks are carried out to steal credentials used to access BGSU?s MyBSGU portal, the main hub for student, staff, and administration affairs for the university. With these credentials, hackers can then infiltrate a system that is populated with thousands of people?s personal information. Bowling Green isn?t the only example. Other universities have recently been targeted by what their IT security personnel calls ?spear phishing? attacks, going after specific people associated with the college. This includes club officers, athletics administrators, and other people who would have access to ?fast cash?. While IT administrators are cognizant of these relatively new threats, they tend to evolve and victimize before anything can be done about them. One instance of this happened at the University of Delaware where scammers are targeting international students. These extortion attempts tell the target that if they don?t pay, they will face deportation under U.S. law. This shows that these attacks are specifically tailored to the recipients, making detection nearly impossible for IT administrators to ward against. ?This is something unusual,? UD IT communications group manager Richard Gordon said, ?This is a scam that had not been seen at other universities before. It shows how these scammers are always looking for ways to try to hit students.? Gordon advocates diligence and integrating some type of two-factor authentication system for all accounts that hold sensitive information. ?If the account information is stolen, then someone can get into your account. But if you have two-factor authentication, then they can?t access it because they need the extra security code. It?s an extra security piece.? While college IT administrators have their hands full, your business is often considered low-hanging fruit for these hackers. If you want to learn more on how to protect your network, staff, and your business from these types of phishing attacks, contact our trusted team of IT technicians today. We […]

Tavis Ormandy showed that LastPass? browser extension can allow malicious websites to access the passwords stored within–even with LastPass? considerable security measures. This vulnerability can be found in all extensions for major browsers, including browsers used by Windows, Linux, and potentially even Apple. To make matters worse, the only requirements for this vulnerability to be exploited is that the extension needs to be installed. Any user who logs in or out could receive malicious code from the website that they are accessing. Like any good developer, LastPass has expressed its commitment to solving this problem, acknowledging the threat as a legitimate issue that must be resolved. Two days after the initial reporting of the incident, LastPass released information discussing the problem more in-depth, including recommendations as for what you should do to minimize your chances of being affected:   Launch websites from the LastPass vault: To retain the highest level of security as possible, it?s better to access websites from the LastPass vault itself. Use Two-Factor Authentication wherever possible: This will add an extra layer of security to prevent leaked credentials from granting easy access to your accounts. Keep an eye out for phishing attacks: Malicious links spread by phishing scams, so before you click on a link in a received message, take a moment to ask yourself if the link in your inbox makes sense. You would think that developers are offended when people find problems in their services, but LastPass has accepted the issue report quite graciously. After all, it?s better that vulnerabilities are found before they are a problem rather than after they have been exploited in the wild. Joe Siegrist, a cofounder and Vice President of LastPass, has this to say regarding the information: ?We greatly appreciate the work of the security community to challenge our product and uncover areas that need improvement.? As per the policies of Project Zero, LastPass has 90 days before Ormandy and friends release the technical details of the vulnerability. In the interim, it?s best to keep LastPass? advice in mind as you go about your daily duties–for your own network?s sake. To ensure your credentials are protected, and to schedule a full security audit, contact White Mountain IT Services at (603) 889-0800. 

Not all hackers are the same. There are different motivations each have, as well as different targets that they generally don?t deviate from. In order to understand the threats you face online, it helps to know who might go after you, as well as their motivations. To accomplish this, let?s review 9 classifications of hackers that may be encountered. The Good Guys White Hat Hackers: As the sole member of this unfortunately brief list, white hat hackers follow a strict code of ethics as they use their skills to benefit average users everywhere. The goal of a white hat hacker is to track and eliminate threats to other users. Most white hat hackers are sanctioned security researchers, but there are those, known as ?grey hats,? who operate outside of the law?s jurisdiction. The Politically Motivated Hacktivists: These are groups of hackers who unite to achieve a common cause, generally crusading for a particular ideology or political stance. Their modus operandi is more often than not to expose their target through a DDoS attack, or embarrass them by defacing websites. Nation State Actors: A nation state actor is one who is directly connected to the government they hack for, often as a part of the military or intelligence gathering branches. Despite their long-term goals and truly considerable budgets, they will often resort to common hacking tools to avoid expending their high-end methods wastefully. Nationalist Hackers: A step down from the nation state hacker, nationalist hackers are given a blind eye by the legal system of their country because their activities are beneficial to the goals of their country. The Amateurs Script Kiddies: These actors are the delinquents of the hacking spectrum, accomplishing little, for little-to-no financial gain. Typically those with limited skills, script kiddies will often attempt to write basic malware or take part in a larger group?s attack. The Criminally Motivated Cyber Mercenaries: Cyber mercenaries are exactly what they sound like: mercenaries who operate in cyberspace. They are hackers-for-hire, in a sense, often brought on to assist another attacker for a stake in the bounty. Organized Criminals: As their name would suggest, organized criminals are hackers who have a firmly defined web of responsibilities within an equally firmly established supply chain. This discipline enables the organized criminal to profit from their crimes with relative ease. Repeat Offenders: Similar to the organized criminal, these hackers are not without some skill, but they lack the underworld network of the organized criminal. As a result, the repeat offender is not able to profit as much from their crimes. Malicious Insider: These are the cybercriminals who sit next to you in the workplace, actively working to undermine the company or organization. Whether they are motivated by a grudge or money, they leverage their position to commit their crimes. Of all of these threats, which would you guess causes the greatest problems for SMBs? If you guessed the malicious insider, you?d unfortunately be right. However, that doesn?t mean that you are immune from negative influence from the other hacker types. You?re going to need a solid security solution in place to keep your business safe. White Mountain IT Services can help with that. Give our experts a call at (603) 889-0800 before one of these groups targets you.