CryptoLocker Case Study

The following event depicts a real-life malware attack that infected a New England manufacturing firm. The company has chosen to share its story anonymously to help other businesses avoid a similar fate.

The unsuspecting sales rep certainly reacted in a way anyone would expect. He received an email with a voicemail attachment that looked like it came from the company CEO. When the CEO calls, reps jump to attention, and at this particular manufacturing firm based in New England, the business relies on a communication system that sends voicemails as email attachments. So the sales rep had no reason to suspect anything was wrong.

As it turns out, something was very wrong.

Click the link below to read the full article.

Bryley — CryptoLocker Remediation — 2013

Bryley Data-Backup Guidelines for 2014

Please note that this document has been depreciated, and a more up to date version can be obtained from our articles page.

Bryley Systems is pleased to present our updated Data Backup Guidelines for 2014.  This free guide is updated annually and includes these topics:

  • The Importance of Backups
  • Backup Technologies
  • Cartridge-Based Backups and Scheduling
  • Backup-Rotation Calendar
  • Backup-Event Log

 

 

5 Facts About Malware

One of our folk compiled this brief list on malware issues:

  • Vulnerabilities in Java are the #1 exploited vulnerability.  (Java is a popular, computer-programming language used in web-based applications.)
  • One of the main causes of malware is “Drive-By Downloads” where all you have to do is browse a website or click on a website from a search engine (Google, Yahoo, Bing, etc.) and you are downloading an infection.
  • Sales, R&D, HR, and other, multi-user email-boxes are targeted by malware distributors since these recipients are the most customer-facing employees; they typically have busy mailboxes and are accustomed to receiving a lot of email and opening it.  They are also accustomed, as part of their jobs, to regularly downloading attachments (resumes, pdfs, etc.).
  • 88% of attacks are on non-government (private) entities.
  • Small businesses with less than 250 users are the most-targeted group.

Are you curious about how to avoid any of these common vulnerabilities?  A member of our staff would be more than happy to discuss the steps you can take to secure your data.

Deploying software systems to manage a growing organization

Most organizations use software to manage at least these items:

  • Accounting – Perform vital bookkeeping and accounting functions
  • Contacts – Organize and manage clients, prospects, vendors, etc.
  • Operations – Match assets to organization’s need on a daily basis

In organizations with funding limitations, deployment of a software-based system to manage specific functions often starts as a cost-based decision, which can lead to several miscues along the way since cost is only one of the factors that should guide the decision.

I’d categorize deployment options in this manner:

  • Build your own using all-purpose, brand-name, productivity software
  • Purchase stand-alone applications and manually integrate them
  • Deploy an integrated, all-inclusive system
  • Outsource this mess to someone else

I’ll address the first three options now and provide some feedback on deployment.   Outsource is a large topic that will be covered separately.

Build your own

Organizations with a do-it-yourself perspective often turn to the build your own approach; you basically use the functionality of productivity software (like Microsoft Office) to create a custom-built solution.  Generally, this works OK to start, but can be difficult to manage and maintain with growth.

Popular productivity-software options include:

  • Microsoft’s Office suite (currently Microsoft Office 2013), which includes:
    • Outlook to manage contacts, calendar, email, and tasks
    • Excel to create proposals and track financial information
    • Access to build and manage contact and production databases
  • Microsoft Office 365, a Cloud-based alternative to the Microsoft Office suite
  • Google Apps for Business, which is a direct competitor to Microsoft Office 365

When Bryley Systems first started in the mid-1980s, we used Lotus 123 (a then-popular spreadsheet application) as our primary tool for everything financial; it quickly became unwieldy, so we purchased an accounting-software package.

Stand-alone applications

Stand-alone applications target a specific function and provide work-flows and best-practices to address this function through use of the software application.

Stand-alone applications are often categorized by function (as described above):

  • Accounting
  • Contacts
  • Operations

Below is a brief summary of these categories.

Accounting

The accounting system is very important; it automates the various accounting and bookkeeping functions (Accounts Receivable, Accounts Payable, Inventory Control, Payroll, etc.) and provides a shared foundation for other capabilities.

Intuit’s Quicken is easy to use as a checkbook replacement, but QuickBooks is a full-function accounting system that leads this market.  Peachtree is another popular accounting package, but with only a fraction of the market share.  Intaact is making headway in mid-sized businesses.

FindAccountingSoftware.com provides an easy-to-use, online guide at http://findaccountingsoftware.com/software-search/.

Contacts

Contact-management applications permit the input and retrieval of contact information with tracking and communications activities, including scheduling.  (You can manage your contacts within your accounting system, but this becomes less practical as your account base grows.)

ACT was one of the original contact managers and claims to be the market leader.  It is now owned by Sage Software (which also owns Peachtree and other accounting packages) and can be purchased or leased online.

Other popular options include:

  • Salesforce
  • OnContact
  • Prophet

We started with ACT in the early years, but shifted to Prophet in the early 2000s since it integrated with some of our other systems.

For a recent ranking and review, please visit http://contact-management-software-review.toptenreviews.com/.

Operations (both manufacturing and service-delivery)

 

In a manufacturing environment, a production-management system enhances control over materials flow (from raw materials coming into the organization to finished goods flowing out), production resources (tooling, equipment, and employees), and scheduling.  It is the glue that binds these items together, permitting the company to manage its flow of work.

We often see these packages at our manufacturing clients:

  • Exact Macola
  • Exact JobBOSS
  • GlobalShop Solutions
  • IQMS  Enterprise IQ

Capterra lists many of these options at http://www.capterra.com/production-scheduling-software.

Service-delivery management is a bit more diverse; what works for one type of service operation might not be appropriate for another type.  Typically, these are industry-specific solutions.

For example, we started with BridgeTrak, which is a service-ticketing application with scheduling and limited contact management.  It served well for a number of years, but we found it difficult to integrate with our accounting package (Peachtree at the time) and with other applications.

Stand-alone applications can be deployed internally, but many companies exist to assist with this process. Multi-user versions should have a dedicated, Windows-based server or be Cloud-based.

The lines are blurring between stand-alone applications and integrated, all-inclusive systems, but the primary issues with stand-alone systems:

  • They can become separate islands of information
  • They do not readily integrate with one another

Integrated, all-inclusive system

ERP (Enterprise Resource Planning) and PSA (Professional Services Automation) systems integrate all company functions and departments; it provides one repository for all organization data, which is available to all employees.  A related option, Customer Relationship Management (CRM), software is similar, but has less functionality and is often a component of an ERP or a PSA system.

High-end, all-inclusive systems from SAP, Oracle, Epicor, etc. cost hundreds of thousands or even millions to procure and deploy, but integrate every aspect of the organization.  Most large organizations work with one of these vendors and use their software nearly exclusively for all functions.

For mid-sized and smaller companies, there are many accounting-based systems that can be expanded through modules and customization to provide ERP and PSA-class alternatives.  Three of the more-popular options:

  • Microsoft Dynamics/GP (formerly Great Plains)
  • Sage 100 (formerly MAS 90)
  • NetSuite

There are also many software-development firms that focus on a specific, vertical market and provide a complete, market-specific solution.  In the mid-2000s, we chose this direction and purchased a PSA system from ConnectWise which is custom-tailored to our industry.

ConnectWise handles all facets of our business and integrates with our accounting system and with our sales-quoting tool.  All employees are required to enter every scrap of data into ConnectWise; our adopted slogan is “If it is not in ConnectWise, it did not happen”.

We also use QuickBooks, but primarily because it integrates with ConnectWise in a downstream direction.  We create our proposals through QuoteWerks, which integrates with both QuickBooks and with ConnectWise.

The initial investment is significant, but the time spent deploying an integrated, all-inclusive system solution within the organization and training employees can far surpass the cost of the software licensing. It is a demanding process, but it pays big dividends in uniting all functions and groups.

The primary benefits:

  • All functions integrate together
  • The system can usually integrate with other applications
  • All employees use the same interface and share the exact-same information

Deployment

To deploy these packages on-premise (rather than in the Cloud), you would need:

  • Infrastructure hardware – Physical server with reliability items (UPS, RAID, redundant power supplies, backup solution, etc.).  We recommend HP servers, but also support Dell.
  • Infrastructure software – Most business software are compatible with Microsoft Windows Server and Microsoft SQL Server.  Microsoft Exchange Server may be needed for email integration.
  • Infrastructure deployment – Setup the Infrastructure hardware and software (listed above), configure the end-user devices (PCs and mobile), etc.
  • Business software – Usually sold in a series of modules with add-ons and licensed to match your user count.
  • Business-software deployment – Usually sold as a project, which includes all of the setup stages needed to get the business software operational and assist in the transition.  A fair amount of process customization is needed; report customization is also part of this stage.  (Most folk select an internal “champion” or a “deployment team” to evangelize, build enthusiasm, watch-over the process, and keep things on-track.)
  • Training – We recommend several, time-spaced sessions followed by occasional tune-ups to allow acclimation and to provide hand-holding for those that will have the most challenges.

Cloud-based deployments eliminate the Infrastructure stages (except setup of client devices) and price the business software in per-user increments; however, customization and training are still needed.  The major incentives to Cloud-based deployments include:

  • Reduce capital expenditures (Infrastructure equipment and software)
  • Shift to operating expenses on a per-user basis
  • Speed-up time to deploy

Cloud-based deployments requires great trust in the business partner providing these services, but they can free-up cash (by eliminating the need to purchase Infrastructure) and get you setup quicker.

Summary

Many cash-strapped organizations start with build-your-own and later morph to one or a combination of the other three options as they grow.  However, deploying an integrated, all-inclusive system provides significant benefits and is now easier to budget and deploy with Cloud-based alternatives that spread costs over time.

Comparing Cloud-based services – Part 2: Storage

Many Cloud-based services fall into one of these categories:

  • Productivity suites – Applications that help you be more productive
  • Storage – Storing, retrieving, and synchronizing files in the Cloud
  • Backup and Recovery – Backing-up data and being able to recover it
  • Prevention – Prevent malware, typically spam and related components
  • Search – Find items from either a holistic or from a specialty perspective

In this issue, we’ll explore popular options within Storage, the highlighted item above, and compare them with one another.

Storage often comes in a free version with separate professional/business (paid) versions that includes advanced features.  The basic premise is that your data is stored in the Cloud – hopefully in a secure manner with sufficient redundancy – is available from any location on any device, and is synchronized between devices.

Most free versions offer these minimum features:

  • At least 2Gb of storage with synchronization across multiple computers
  • Easy access from mobile devices and PCs via downloadable client software
  • Direct access to files through a web browser
  • File sharing with other users

However, you typically must upgrade to a paid version to receive these capabilities:

  • Access control – Define and control who can access what, where, and when
  • Additional storage – Purchase extra storage once your limit is exceeded
  • Auditing – Identify and record what files are stored where and by whom
  • Integration – Integrate with other platforms (i.e.: Active Directory)
  • Security – Enable advanced encryption and security techniques

Popular services (alphabetically) include:

  • Box – 10 Gb free storage with NetSkope’s second-highest rating
  • Dropbox – 2 Gb free storage with over 200 million subscribers
  • Google Drive – 15 Gb free storage shared with Gmail and Google+ Photo
  • SkyDrive – 7 Gb free storage and integrated within Microsoft Office apps

Box

Box (www.Box.com) is a Q3-2013 leader in Forrester’s “File Sync & Share Platforms”.  It offers a free version, but is built for professional use with available integration to Active Directory and LDAP, security with rotating encryption keys, access control, and auditing.

According to Netskope’s review of Cloud-based applications, Box was the second highest-scoring Cloud application, coming in the number two spot on the NetSkope Q3-2013 Cloud Report.  (Please visit Netskope’s http://www.netskope.com/reports-infographics/netskope-cloud-report-q3-2013 for the complete report.)

My take:  Box is the most-comprehensive offering, but a bit more complex due to its advanced features.  It is a serious choice for those that value advanced features (access control, auditing, integration, etc.) and are willing to pay to get them.

Dropbox

With over 200 million users, Dropbox (www.Dropbox.com) claims market leadership.  It is built upon Amazon’s S3 storage and is easy to use.  The free version offers 2 Gb, but there is a professional (Dropbox Pro) version with greater functionality (and storage) and a business version (Dropbox for Business) that offers team collaboration.  All three versions offer synchronization and file-sharing; the help screens are brief, useful, and entertaining.

My take:  Dropbox is the easiest and most-fun to use, but it has the least amount of free storage and its paid plans are a bit more expensive than others.

Google Drive

Google offers Google Drive (www.GoogleDrive.com) as a stand-alone service or bundled within Google Apps.  The free version offers 15 Gb with synchronization among devices and sharing among peers.  It is a no-frills alternative with little glitz, just reliable storage at reasonable cost.  It is the base of Google Apps.

My take:  Google Drive has fewer doodads and the least amount of whimsy, but it is reliable and offers the greatest amount of free storage.

SkyDrive

Microsoft offers its free version of SkyDrive (www.SkyDrive.com) with seven Gb plus an additional three Gb for students.  SkyDrive is an option in newer versions of Microsoft Office and integrates to Facebook, Twitter, LinkedIn, and Bing.  You can also “fetch” files from your base computer via web-browser on a remote computer.

My take:  SkyDrive offers the most for the least, although there is some buzz about slow synchronization between devices.  Its “fetch” feature is unique among these alternatives and its integration within Microsoft Office is a killer feature.

Kids Companion Halloween Costume Shop a Great Success

Congratulations to Kids Companion on last weekends successful Halloween Costume Shop

We would like to thank Olivia Banks, Jen Kallin, Samantha Johnson, Allyson Waddell, and Julia Frias, all students at Hudson High School, for allowing Bryley Systems Inc. to host their annual Halloween Costume Shop.  Through their effort, with over 70 costumes sold at an average of $2.00 each, these young ladies helped to ensure that this year, the children of Hudson MA, will have a happy Halloween.

Bryley participates in 25th Assabet Valley Chamber Downtown Trick or Treat

Bryley Systems distributed candy to approximately 1500 children who walked the streets of Hudson, MA on the Thursday before Halloween during the Assabet Valley Chamber of Commerce’s 25th Downtown Trick or Treat.  Shown are Cathy and Gavin Livingstone meeting trick-or-treaters at the door of Bryley Systems.

For more information, please visit http://www.assabetvalleychamber.org/trick_or_treat.shtm.

Gavin and Cathy Livingstone welcome trick or treaters

Kathy Mills joins Bryley Systems

Kathleen Mills, an experienced HR professional, administrator, and entrepreneur, has recently joined Bryley Systems Inc. of Hudson, MA, a provider of managed IT services.

Ms. Mills. is a graduate of Rivier University in Nashua, NH having earned a Bachelor’s Degree in Business Management and certification in Human Resource Management.  She worked for Sentry Insurance for a number of years as HR Operations Manager for the Northeast Region.  In 2000 she joined the Human Resource Team at Cabot Corporation before starting her own company, HR Off Site Resources, in 2003.

Beware CryptoLocker

We have seen a rise in CryptoLocker virus attacks; these attacks can cripple the data files on your computer and on your computer network.

CryptoLocker is a destructive, ransomware virus; once downloaded, it locates and encrypts data files, which renders them inaccessible.  CryptoLocker does not announce its presence until all data files (Microsoft Office files, PDF files, etc.) are encrypted; it then asks for payment (ransom) to unencrypt these files.  (This type of ransomware is called “cryptoviral extortion”.)

The usual virus-delivery method is via email; the email looks legitimate and includes an attachment.  Once the attachment is clicked, the virus starts and then continues until all data files are encrypted or until the computer is powered-down.

You will not be able to unencrypt these files.  There is no cure.  There is no fix.

If the infected computer is connected to a computer network, data files on other computers and/or on the server(s) may also be encrypted and made inoperable.

Although payment is demanded to unencrypt the files, it should not be sent since any type of response to these criminals could open your computer network to future attacks.  The only recommended recovery method is to restore the encrypted data files from the latest backup.

Please visit http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information for more information on CryptoLocker.

Mike Morel, Engineer at Bryley Systems, suggests adopting these practices to reduce the risk of activating the CryptoLocker virus on your computer:

  • Do not open attachments within emails from sources that look legitimate, but are unexpected.
  • If you are expecting an attachment from someone, save the attachment first (without opening it) and then scan the attachment with your malware and anti-virus scanners before opening it.
  • Backup all data files regularly.

If you discover this virus, please immediately power-down the offending computer; if it is connected to a computer server, shutdown the computer network.  Then, call Bryley Systems at 978.562.6077 and select option one for technical support.

For additional information, see our lead article “Cybercrime targets smaller organizations” from the September 2012 edition of Bryley Tips and Information at

https://www.bryley.com/news/newsletter/bryley-tips-and-information-september-2012/.

Upcoming changes to major Microsoft products

Microsoft Windows 8.1 released on October 18th

The second iteration of Microsoft Windows 8, 8.1, occurred on October 18th.  Significant changes to this operating system include:

  • Boot to Desktop – Yes, you can restore the Start button and bypass the tiles, but don’t expect the traditional Start menu to appear since pressing Start takes you to the live tiles of the current Start screen.  (You can, at least, shut-down from the Start button once again.)
  • Help + Tips – Helpful clues are sequenced to usage, permitting an easier start-up and shortening learning times.
  • Smart Search – Windows 8 Search charm on steroids; all search results, local and otherwise, pooled together in a comprehensive summary.
  • Snap – Open up-to four applications and display them simultaneously on a single screen.

An excellent review of Windows 8.1 by Brad Chapos of PC World is available at http://www.pcworld.com/article/2048508/windows-8-1-review-the-great-compromise.html.  He also provides the top-five reasons to upgrade to Windows 8.1 at http://www.pcworld.com/article/2043268/the-top-5-reasons-to-upgrade-to-windows-8-1.html.

Microsoft Windows Server 2012 R2 release date was October 18th

Release 2 (R2) of Microsoft Windows Server 2012 is now available. 

Per Microsoft:  “Windows Server 2012 R2 offers exciting new features and enhancements across virtualization, storage, networking, virtual desktop infrastructure, access and information protection, and more.”

Along with this revision, Microsoft increased pricing on Windows Server Data Center to $6,155 and on Remote Desktop Services (RDS) Client Access Licenses (CALs) to $118.

For details, please visit http://www.microsoft.com/en-us/server-cloud/windows-server/windows-server-2012-r2.aspx.

The end is near for Windows XP, Office 2003, Server 2003, and Exchange 2003

Microsoft is ending support of Windows XP, its most-popular, desktop-computer operating system, on April 8th, 2014.  In addition, Office 2003, Windows Server 2003, and Exchange Server 2003 will reach end-of-life (EOL) on this date.

Basically, Microsoft will discontinue patching and updating these products, which exposes them to security and compliance risks; it will likely also end support for third-party applications that work with these products.

Microsoft’s message:  Upgrade these products now or risk problems later.