IT Compliance is Important: Here are Some Requirements You May Need to Know

Let?s consider how your IT may need to meet certain compliance standards, and how we can help ensure it does. How Do IT Compliance Needs Impact a Small or Medium-Sized Business? To get some context, let?s begin by identifying what IT compliance specifically looks like when a business incorporates it properly. By definition, IT compliance is a business? practice of abiding by various regulatory requirements that pertain to the use of technology as a means of ensuring the security of client or customer data. These regulations can come from different sources. Some are established by law for different industries, like the Health Insurance Portability and Accountability Act (HIPAA) does for the medical field, and others are implemented by industry authority groups, like the Payment Card Industry Digital Security Standard (PCI DSS) was agreed upon by a consortium of payment card providers. Failure to comply with such standards and regulations can have various consequences to the organizations expected to do so, ranging from monetary fines to lost privileges. Let?s make one thing very, very clear: these fines are not something to be taken lightly. Depending on the compliance framework that your organization has violated, these fines can reach truly painful levels. A business that severely violates the United Kingdom?s General Data Protection Regulation (GDPR), for example, could be fined 20 million euro or four percent of their global turnovers. It defaults to the higher penalty, too. This is just one of many regulations that your business could potentially be held accountable for, depending on your industry and what it is you do. Common Compliance Standards with IT Ramifications What follows are a list of standards that you could likely need to consider, particularly where your IT is concerned: HIPAA (The Health Insurance Portability and Accountability Act): Amongst other requirements, HIPAA establishes standards regarding patient information confidentiality and security for the healthcare industry and any affiliated parties. NIST SP 800-171: This standard, established by the National Institute of Standards and Technology, places various cybersecurity requirements on businesses working with federal and state agencies in the U.S.  GDPR (The General Data Protection Regulation): This law, established to protect the information of European Union citizens and residents, applies to any company?globally?that utilizes this data. PCI-DSS (The Payment Card Industry Data Security Standard): This standard, implemented by PCI Security Standards Council, puts data security requirements on any business that wants the ability to accept payments via card. Again, this is just a selection of some of the more well-known standards?more could easily apply to your specific situation. Fortunately, you don?t have to navigate your IT compliance needs alone. Turn to Us for Assistance in Meeting Your IT Compliance Requirements As part of our managed services, White Mountain IT Services can help ensure that your business technology is not only functional, but is aligned with the standards it needs to meet. Find out more by giving us a call at (603) 889-0800.

Just Because Google Chrome Offers Password Management Doesn’t Mean You Should Use It

Let?s talk about why browser-based password managers are the inferior choice as compared to their standalone predecessors?and it?s not all about the difference in security. A Dedicated Password Manager is Better First Off, They Are More Secure Like we said, convenience should never precede security, but that?s precisely what browser-based password managers have historically done. The key is the use of zero-knowledge encryption (where a platform has no visibility into what is stored on it), or rather, the fact that Google doesn?t use it. Google?s option to encrypt passwords on the device also keeps the key on the same device as the data?which is effectively like leaving a key to your front door hanging next to the lock. Not exactly effective, if someone were to breach your network and the hardware on it. They are Also?Ironically?More Convenient That?s right?despite the idea being that a browser-based password management system would be more convenient, the limitations of it being tied to the browser limits its convenience substantially. After all, your browser isn?t the only place you need your passwords, but the browser-based manager keeps them there exclusively. Consider all the mobile applications that require you to log in on your mobile device, for instance. A browser-based password manager restricts them. Finally, Stand-Alone Password Managers Offer More Features In addition to being restricted to the browser that hosts it, a browser-specific password manager is just that?a password manager, exclusively. By comparison, stand-alone options not only store your passwords, they also help you generate secure ones, save other sensitive details like payment card credentials and account numbers, and even addresses. Dedicated password managers also offer additional features, like password strength checks, password sharing, and even biometric support. All That Said, Not All Password Managers are Created Equally We?ve seen the impact that an insecure password management system can have, so it is important that you select one that is reputable and trustworthy. Fortunately, you can trust White Mountain IT Services to select one for you, just like we can help shape the entirety of your IT infrastructure. Give us a call at (603) 889-0800 today for our assistance with your business technology.

This is How Ransomware Works to Ruin Your Business

Ransomware Usually Starts With Phishing Phishing is the number one way that hackers gain access to your business? network and infrastructure. The process includes sending messages to your staff that creates a subterfuge to get them to give over personal information or login credentials to your network. After they get in, they will then deploy the malicious code that will lock down files or full drives.  The Ransom is the Point When ransomware is deployed the ransom will be up front and center. Typically, it will communicate the demands of the hackers and then have an integrated timer. Presumably, this is the amount of time you have to make a decision on whether or not to pay the ransom fee. These ransom demands are always payable in Bitcoin or some other type of cryptocurrency, but can you really trust someone that is willing to hold your organization?s data hostage to not continue to extort your business, or worse, ruin files if you decide the best course of action is to not pay the fine? Probably not. What You Need to Do, Should You Get Infected I know it might sound redundant or even contrived, but if you happen to become a victim of ransomware, you can?t panic. Of course, your first instinct will be to panic, but you need to get through that quickly and keep a level head because it’s going to take some focus to get out of this situation.  The first action you should take is to take a picture of the ransomware message. This is because you will likely need it later to restore your data and to prove that you?ve been hacked to law enforcement. You?ll then want to immediately turn the computer off and unplug it from the network and from the power outlet it was plugged into. If you leave the computer online, it exponentially enhances the risk that other devices will be infected, making the whole situation that much more difficult to navigate.  The next action is to notify your IT department. Technology professionals, like our technicians at White Mountain IT Services, may be able to obtain a solution to this problem that will unlock data by getting in contact with security vendors that they work with. If your business has cybersecurity insurance, you will want to contact them at this stage as well (if your IT management team doesn?t do this for you). You will also want to speak with legal representation to cover your bases.  At this point, it?s a waiting game. What you shouldn?t do is sit on a ransomware attack. You need help to remediate the situation and the fear of ridicule or loss of reputation shouldn?t supersede your acknowledgment of this fact. You also shouldn?t quickly pay the ransom with the hope that this will go away. If it is just a fear tactic, your IT management team will expose this; but on the chance that your data or systems are encrypted, you will want more eyes on it to ensure you make the right decisions for your business.  Ransomware is Scary Make no mistake, if your business is the victim of a legitimate ransomware attack, it is extremely stress inducing. That?s why you need experts on your side to help you solve the big problems that you may not […]

OK, I have a dispute with my current IT provider, can you help me lock them out?

The short answer is YES, we can help protect your business. It is very rare that an outside vendor or employee would ever intentionally cause your business harm or disruption, but we understand that it is your job to protect the businesses and minimize risk.  As the adage goes, “It’s better to be safe than sorry.” If you feel that things don’t seem right, we can help in several ways. The first step is to have a private & confidential conversation to discuss the situation and assess the risks to the business.  The risk assessment will prepare the foundation for an action plan outlining the steps required for a rapid lock-down. As you can imagine, having been in business for over thirty years, we have helped with similar situations before.  Often we have responded with an overnight data backup, lock-down, and extraction; and sometimes, we have even helped clear up a misunderstanding which resulted in getting a relationship with an existing vendor back on track.  Either way, we are happy to help. And remember, we make changing IT vendors EASY! Thanks for visiting, we look forward to hearing from you. Frequently Asked Questions Here are some common questions that we hear from companies your size. How did you know our IT guys name is Larry? What is involved with setting up a cyber security training program? What should be included in a written security policy? Should we be considering moving to the cloud? My IT person is the only one that knows my systems, won’t it be painful to switch? I have a dispute with my current IT provider, can you help me lock them out? OK, I want to know more, what’s the next step?

My IT person is the only one that knows my systems, won’t it be painful to switch?

If your systems are currently working, we can easily back them up and then document them, if your systems are not currently functioning properly then it is already painful and your business is at risk, the sooner you make the change, the better.  We often find that even when a new client that we are onboarding has told us that things were “ok” with the previous vendor when they see how much of a difference having professional IT management can make, they are relieved and excited about the change.  I can’t tell you how often a new client tells me that they wished they had made the change years ago! Our systems and process are very transparent, as a client, you have access to our systems, records and all of the documentation about your network.  With White Mountain, you are as involved as you want to be and will never feel that you are being left in the dark.  Don’t settle for a vendor who uses knowledge as job security. Let us help you get the situation resolved. At White Mountain, we make changing IT vendors EASY! Thanks for visiting, we look forward to hearing from you. Frequently Asked Questions Here are some common questions that we hear from companies your size. How did you know our IT guys name is Larry? What is involved with setting up a cyber security training program? What should be included in a written security policy? Should we be considering moving to the cloud? My IT person is the only one that knows my systems, won’t it be painful to switch? I have a dispute with my current IT provider, can you help me lock them out? OK, I want to know more, what’s the next step?