Bryley Systems Talks Technology on Career Day at Doherty Memorial High School

Bryley executives, Gavin Livingstone, President, and Kristin Pryor, Director of Services/Delivery, along with Helder Machado, President of Machado Consulting (left), were invited on November 21 to attend Career Day at Doherty Memorial High School in Worcester. The goal of career day was to introduce students to careers by bringing community members into the school to discuss their jobs.

Gavin and Kristin presented to over 75 seniors explaining the different positions available in managed IT services. They discussed what education or training was needed, what a typical work day looked like, as well as the future of jobs in IT services. Bryley Systems has been providing managed IT services since 1987 and was honored to attend this year’s career day.

Bryley Systems’ Services/Delivery Team Expands

Michael Racine of Fitchburg joins Bryley Systems’ Services/Delivery team as a Senior Technician.  With over 5 years of professional IT experience, Michael will support end-user service requests, both onsite at the client and remotely, in all facets of end-user technology. Mr. Racine completed the Computer and Networking Technology Program at Porter and Chester Institute in Westborough and is a CompTIA A+ Certified Specialist.

Don’t You Be Singing those Black Friday Buyer Beware Blues

Alongside links to Amazon, Home Depot, Staples, etc. Google’s sponsored shopping sections also show unfamiliar stores with lower prices than those of the well-known retailers. But are these really good deals?

Here are some ways to see if an inexpensive site is really going to get you what you want. None of these are absolute rules; the more information you have to make your decision about trusting an unknown website with your account or other personal information, the better sense you can get whether it’s worth making the bargain.

  1. It’s harder to get into cybersecurity trouble when staying with well-known brands and websites. That way you’ll know the origin of the merchandise you’re getting, and can feel more confident that these popular businesses are going to have overall better site security.
  2. How old is the site? Enter the domain name in https://websiteseochecker.com and check the “Age” column. The number of years and/or days may tell you something about the site’s basis for reputation.
  3. When in doubt, run a Google search for the site name, too. Red flags may be immediately apparent.
  4. Does the site have an odd-looking domain name? If a website’s address looks weird or unlikely … it’s probably good to avoid.
  5. Here’s a collection of crooked tactics Bryley engineers have witnessed over the years. Best to steer clear of:
    • A site with a wildly unexpected selection of merchandise (e.g. diapers, jet skis and industrial abrasives [Amazon excepted])
    • Contact information that does not correspond to the website
    • A customer service email that looks fake
    • Or a customer service email that looks official, but doesn’t line up with what you know to be true. As career-criminal-turned-FBI-man Frank Abagnale told Tech Republic, “people are basically honest and because they’re honest, they don’t have a deceptive mind. So, when they see an email that looks official, they assume that it is real.”1 Be wary. Best never to click email links, but go on your own to the website to conduct your transactions.
    • Are prices just a bit too low? Some scammers have become savvier in making their prices look low, but still high enough that you can imagine a scenario by which they can sell at that rate, rather than the ridiculously low prices that are clearly too good to be true. Someone may just be baiting you.
    • Online shops that ask for information like date of birth, social security number or anything other than your credit card number and billing and shipping address

Online Shopping at a Coffee Shop?

Wi-Fi has serious security limitations. And shopping sends seriously valuable data out into that Wi-Fi wild. Unsecured connections give hackers access to intercept your data and read what you’ve sent.

Set-up and use a Virtual Private Network (VPN) to create an encrypted data tunnel between you and a VPN provider. There are many consumer-oriented VPN products available, and Bryley offers a VPN solution for businesses.

Make sure the website you’re shopping at has an up-to-date SSL (Secure Sockets Layer) Certificate that verifies encryption on their end of the communication chain. But SSL encryption is no guarantee of legitimacy. SSL is important, but it can give the false impression that you’re not dealing with tricky jerks. Sometimes attackers pay for an SSL certificate or they use a free https://letsencrypt.org certificate.2 Let’s encrypt is a great initiative to get encryption in wide use, but its certificates are limited to 90-day periods — how perfect for setting up a site just for the holidays.

General Browsing Best Practices

Update your browser and operating system. One of the more frequent entry points for malware is through unpatched software. Online shoppers are most at risk due to the sensitive information involved. At a minimum make sure you have an updated browser for shopping. A new browser can protect your cache and cookies and save your bacon.

Use up-to-date antivirus software to keep you safe from known malware. Outfit each of your devices with a product that scans apps for viruses and spyware and blocks shady websites.

Online Shopping and Your Bank

When it comes to shopping, malicious hackers are most often looking for credit card data. Online shops are the best place for them to get that information. If these shops get hacked, their information — your information — falls into the hands of cybercriminals. So it’s a good practice to review your bank statement and watch for any suspect activity. If you do see something wrong, call the bank quickly. In the case of credit cards, pay the bill only once you know all the charges are accurate. You have 30 days to notify the bank of problems.3

Credit cards are safer than debit cards. Credit cards have extra legal defenses. With credit cards, you aren’t liable if you are a victim of a fraudulent transaction, so long as you report the fraud in a timely manner. Credit cards also give you leverage in disputes with a seller. Banks are much more protective of credit card accounts since it’s their money on the line, not yours.

Keep a record of your purchases. Hold on to your receipts, including warranty and return information, and destroy the receipts when you no longer need them.

Buying holiday gifts online can be enjoyable, and should be enjoyable: no mall crowds and whatever you buy’s delivered to your door. On your phone or computer you can compare prices, product features and reviews at any time. Though their nefarious techniques evolve over time, their goal is the same: bad guys are trying to divide you from your money or personal information. Being smart online will let you enjoy some peace of mind, too.

  1. https://www.techrepublic.com/article/famous-con-man-frank-abagnale-crime-is-4000-times-easier-today/
  2. https://www.computerworld.com/article/3427858/what-is-magecart-and-was-it-behind-the-ticketmaster-and-ba-hacks-.html
  3. https://www.pcmag.com

 

 

 

Bryley Honors the Nation’s Veterans

On November 11th, 2019, the Bryley Team, led by John DeCola, Senior Airman, USAF, assembled to raise the flag in honor of the Nation’s veterans.

We are proud to honor Mr. DeCola, as well as retired employee, James Livingston, Captain, USAF, and are grateful for the sacrifices made by all veterans, past and present.

We thank you for your service.

Low-Down on Office 365

Last week, Microsoft rolled out its promised “Unverified Sender” enhancement to Office 365 to help users “identify suspicious messages” (i.e. spam or phishing emails) that reach the Outlook inbox. 1 This comes after a bulletin in which Microsoft urged Office 365 administrators and users to not turn off its built-in spam filters to “minimize the potential of a data breach or a compromised account.” 2

Many users are mistaken that there are different kinds of protections to their data in the cloud. But the risks of data loss or compromised data are no less of a problem in the cloud than in a modern server, desktop or phone.

As an example, think your Office 365 files are recoverable if they are mistakenly deleted? You might be led to think so by the fact that Office 365 has one of the most robust backup programs on the planet, with redundancies across the globe. But those redundancies are concerned not with your documents, but with Office 365’s availability. Microsoft promises 99.9% uptime for its service, not that you’ll have access to previous versions of your documents — before a major edit, before an accidental deletion, before a ransomware attack.

Office 365’s terms and conditions read: “it’s your data. You own it. You control it. And it is yours to take with you if you decide to leave the service.” Microsoft’s message is it may be in the cloud, but it remains your data, your responsibility to ensure it’s appropriately protected. 3

If you’re in need of a solution, Bryley can help you to have peace-of-mind that your business’s data in the cloud is backed-up and accessible every day. Reach Bryley at 978-562-6077 Option 2 or email ITExperts@bryley.com

1 https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/unverified-sender-feature

2 https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-against-bypassing-office-365-spam-filters/

3 https://spanning.com/blog/are-you-at-risk-for-data-loss-in-office-365/

So What Gets Patched Around Here Anyway?

Given the number of vulnerabilities and exposures that are revealed every day [ https://www.bryley.com/2019/07/23/crunching-the-patching-numbers/ ], Mike Carlson, Bryley’s Chief Technology Officer, and Garin Livingstone, Director of Operations, agreed to be interviewed to walk me through the process they go through to keep computer systems updated. Mike has deep experience with local- and wide-area network design and implementation, and is a Microsoft Certified Systems Engineer™. Garin is a Microsoft Certified Technician™ and holds an A+ Certification, and has expertise in operations and technology.

Bryley Systems Picks Macs

Last month, I had an opportunity to volunteer at the Community Harvest Project located in Harvard; an event hosted by the Corridor 9 Chamber of Commerce.
Harnessed in canvas bags and supervised by farm staff, we rhythmically picked the trees clean in about an hour, then carefully sorted and packaged the apples for delivery to the Worcester County Food Bank.

Thirty seven volunteers picked a total of 4,500 pounds of Macintosh apples, 2,000 pounds were Grade A quality and packaged for distribution, and the rest were separated into bins for cider and pies.

It was truly an amazing morning. I picked apples as a chamber member, personally thanked the volunteers as a WCFB board member and 2,500 families received a bag of delicious, freshly picked apples.

Infographic: Tips for detecting a phishing email

Phishing emails are getting more complex all the time.  As the stakes rise, cyber criminals are employing increasingly subtle techniques and messaging.  Gone are the days when you simply had to turn down preposterous offers from royalty who had miraculously decided to become your unlikely benefactor.

The phishing email of today is designed to look as legitimate as possible.  It will try to distract you from clues that give away its true intent by creating a sense of urgency.  Typically they front as legitimate emails from familiar sources, sometimes even appearing to come from within your own organization.

Fortunately, once you know what to look for, these emails will be as easy to spot as those starting “I am a prince from [insert  random country name here], and I wish to bathe you in riches…”

The Compliance Effect

The Managed Security Service Providers journal, MSSP Insider, interviewed Bryley president Gavin Livingstone about General Data Protection Regulation (GDPR) 1 compliance.

“Our manufacturing clients were especially observant and working toward [regulatory] compliance,” said Gavin. The interview was prompted by a survey by Scale Venture Partners, Cybersecurity Perspectives 2019 2 . In the report, 2018 data breaches like at Exactis, exposures like at Cambridge Analytica, and regulations like GDPR triggered businesses to improve cybersecurity and increase investment in their security solutions. As a result fifty-five percent of the surveyed executives increased their investment in new solutions, forty-nine percent increased their measurement and reporting around data privacy, and forty-eight percent increased investment in data privacy personnel.

The Day the Cloud Went Down

7:33 AM, August 31, 2019, a power failure hit Amazon Web Services (AWS) US-East-1 datacenter in North Virginia. As expected, the datacenter’s backup generators kicked in.

Then at about 9 AM the generators started failing

The result was 7.5% of Amazon’s data storage units were unavailable for several hours. Some of the affected websites and services included Reddit, Styleseat, Fortnite, Sendhub … and many smaller sites and services. Power was restored, and around noon most of the drives were functioning. But the outage rendered some data unrecoverable. For those that had not backed up their data, the power failure was a disaster.