Data Center

Skipping the Down Times

If employees cannot access files or applications to do their work, organizations feel the pain of lost revenue and low employee morale. It may also be felt by clients, vendors and prospects who may question the organization’s fitness.

Online calculators can help you estimate the cost of downtime for your organization. Roughly an organization with twenty-five employees and an average revenue/employee of $100/hour means a $2,500 loss per hour of downtime. If your organization has 10TB of data backed up locally, the backup might take 40 hours to be restored. That means the cost of the downtime is $2,500 x 40 = $100,000.

And this is why business continuity as we talk about it in the IT world has been so highly prized … [5 min. read]

Rylie Fuller Promoted to Senior Field Technician

Bryley Systems is proud to announce the promotion of Rylie Fuller to Senior Field Technician
According to Vice President of IT Operations Kristin Pryor, Rylie has made great progress at Bryley Systems, picking up new tasks easily and creating a niche for projects and support in Microsoft 365, Extended Detection and Response (XDR), Network Detection and Response (NDR) and SharePoint … [4 min. read]

Bryley Pyramid

Bottom Six

Heard of the Top Ten? The Final Four?

The Business Continuity Pyramid was built to be generally instructive about what Bryley has found to be foundational to an organization’s cybersecurity defense. The foundation of the pyramid shows these six cybersecurity recommendations:

    • Comprehensive Support Program (CSP) Basic
    • Security Updates
    • Email Protection
    • Anti-Virus/Anti-Malware
    • AI-Enabled XDR (Extended Detection and Response)
    • Assessments

These six were chosen because these items do the essential work that keeps an organization going despite the many threats every business faces.

So that begged the question, what if these six items were ignored? What might be the impact? [6 min. read]

Kristin Pryor

Kristin Pryor Achieves Mimecast Certification

Achievement Brings Elite Email Security Solution to Bryley Clients

Mimecast is considered among the IT industry’s best email protection systems. With Kristin Pryor’s recent certification in Mimecast’s deployment and her knowledge about how it can be effectively integrated with Bryley’s security stack, she can advise Bryley clients when they should include Mimecast as part of their defenses … [4 min. read]

Titanic, Ballard exhibit, Mystic, Conn

Doublecheck Those Figures

The threat posed by overconfidence

–Jeetu Patel, Cisco

Economist Daniel Kahneman’s life’s work (he died last month at 90) was to point out how irrationally we behave, including telling the Guardian that if he had a magic wand, he’d most like to correct our overconfidence.

The Titanic’s sinking may have been due to overconfidence. Investors’ ideas on moves they should make in the stock market wind up costing them 4%. And now we have the Cisco 2024 Cybersecurity Readiness Index Report. This is a double-blind survey of over 8,000 business and cybersecurity leaders. The findings show the greatest cybersecurity weakness is a disconnect between overconfidence that their business will be able to avoid a disrupting attack and their analyzed readiness for avoiding disruption. To be exact: 73% of business leaders anticipate an attack in the next two years, but a surprising 3% were shown to be prepared for such an attack … [6 min. read]

Safe deposit boxes in a bank vault

MFA Still Tops

In SonicWall’s 2024 Threat Report the Number One Attack-Deterrent Is MFA

Complex, Locked Vaults and Double Keys

How would you feel about giving your valuable documents to a bank that only had a single lock on the bank’s outside doors? One lock might put off a less-determined intruder, but I’d expect it would be pretty easy for a burglar to figure a way past just one lock. So how would you expect a bank to responsibly treat your valuables? Not only would those outer doors have locks, there should also be a built-in cement and steel vault secured to the building’s structure to withstand destructive weather, fire and thieves, the vault’s lock should be complex to resist cracking, within the vault should be locked steel boxes that usually require two keys (one that you hold and one that the bank holds and authorizes its use after you prove your identity).

What is the relative value of what people keep so securely at a bank compared with the data an organization is trusted to protect? [6 min. read]

Building a Future-Proof IT Strategy: Clinton Business Guide for Providers Selection

Having a strong IT foundation is essential for companies of all sizes. This is especially true in Clinton, Massachusetts, where businesses are increasingly reliant on technology for efficiency, growth, and innovation. Building a future-proof IT strategy requires finding the right IT provider that can cater to your organization’s unique needs, including assessing the IT requirements, […]

The Colony of Ants and the Swarm of Grasshoppers

Ever See an Ant Back Up?

And Now for Something Completely Different

In the light of summer in a forest, a colony of ants was busy. It was known as The Colony of Methodical Memory. And the colony worked hard. The ants built clever storerooms within the earth. And they meticulously copied their knowledge and wisdom onto many gathered leaves and placed these in the secure storerooms.

There was at the same time in the same wood a swarm of grasshoppers, known as The Swarm of ‘Hi There’. While the ant colony worked, the grasshoppers swayed on leaves in the sun … [5 min. read]

Sedum ground cover

Look Past the Weeds

Don’t Get Lost In The Vulnerabilities

The lockdowns found me in my garden more. One of the things I learned those couple years was that I started out intently focused on the annoyance of weeds – pulling them, pouring boiling water on them when they popped up in the cracks of my driveway, generally trying to kill them. But at some point my focus shifted and I began to see the whole yard – I especially noticed where different plants thrived or failed to. I moved things around. Happy, healthy plants – including working on achieving thicker ground covers (like that sedum pictured) – look beautiful while making the conditions less hospitable to weeds.

Vulnerabilities, which includes unpatched software and misconfigured systems, can be thought of like weeds … [6 min. read]

Volume knob for trust

Question Everything

A set of policies … would have identified, I believe, a pattern of activity here …

–Navy CTO Don Yeske

The US military is in the process of moving to a Zero Trust networking framework. But before they began that process in November, a Cape Cod-stationed National Guardsman leaked 350 classified documents over the course of between six and fourteen months before his detection and arrest. And Zero Trust – that enforces stringent policies or rules over permitted network activities – might have stopped the rogue airman sooner (he was serving as an IT admin without need to access those military secrets).

This type of breach is called an insider attack. Insider breaches make up 20% of all breaches. Zero Trust is useful to handle these and many of the other attacks that begin outside an organization’s network … [5 min. read]

Keys fallen in snow

Are we there yet?

There is no doubt that over time, people are going to rely less and less on passwords

–Bill Gates, 2004

A 2023 study found that 64% of people surveyed are not confident they are managing their passwords well. Most discouraging in the new survey was the report that of those born after 1990 only 20% use unique and strong passwords. These stats bring also a feeling of futility: ‘so many data exposures – what does it matter?’ ‘there is no privacy anymore – whatever.’

I don’t share the opinion that we should throw in the towel, though who can’t sympathize with the sentiment? But Bryley sees time and again that, in fact, compromised passwords matter to an organization’s security. As an example of the severity of the problem, Google Cloud reported in October that 54% of breaches “are resulting from common and well-known threat actor attack techniques, such as obtaining and using stolen credentials …” [4 min. read]

Shock Machine

How an Email Compromise Attack Begins

Faced with the right con, we’re all vulnerable

–Tim Harford

On his Cautionary Tales podcast, Tim Harford told the story of an ex-con who put on an army captain’s uniform and an air of authority and proceeded to demand to inspect a military financial account and confiscate (that is, steal) the $250,000 it contained.

If your employee gets an email from an executive at your organization requesting urgent action, how does the employee respond? … [4 min. read]

driving down the road

A Review of 2023

Here are some notable events and stories from 2023:

A Guiding Principle

Bryley is a client of Bryley, President Garin Livingstone said in a 2023 interview. We have people at Bryley that need technical help. We also need to make sure that our computer systems are being maintained and updated. Among the benefits of adhering to this model?

  • Updates and patching are as minimally disruptive as we can get them.
  • New technologies are fully vetted before the tech is deployed

This principle of being one’s own client has been a standard that Bryley has observed over the course of its thirty-six years … [6 min. read]

Is the End of Windows 10 a Real Worry?

In the past year-and-a-half Microsoft has made Windows 11 more stable and usable. And most critically, Windows 10 support – that is, providing security patches – is ending. So this means in October 2025, it will become unsafe to use devices running Windows 10.

Now is the ideal time to create a plan for migration, including performing an audit of devices: some will be able to be upgraded and some will need to be sunsetted. Also Windows 11’s compatibility with legacy software and hardware must also be assessed and addressed … [4 min. read]

There’s Power in Least Privilege

Evolution of Evil

Ransomware is a somewhat straightforward criminal action – data is illicitly encrypted and you may be able to restore systems from a backup or pay the crooks to hopefully get a decryption key from them.

Things have veered in a different direction now (see Allianz Commercial insurer’s report). Today a lot of ransomware attacks are cyber-extortion attacks. In these attacks the criminals capture your data and encrypt it, but they also exfiltrate your data to their servers. And the threat is often, ‘unless you pay, we will release your data on the web’ … [5 min. read]

it-service-provider

Choosing the Right IT Services Provider: A Comprehensive Guide

When it comes to managing IT services, choosing the right provider can make or break a company’s success. With so many options available, it can be overwhelming to decide which provider is the best fit for your business. However, taking the time to identify your company’s IT needs and carefully evaluating potential service providers can ensure a successful partnership.

Identifying Your IT Needs is the first step in choosing the right IT services provider. It’s important to assess your current IT infrastructure and identify areas that need improvement or support. This includes evaluating hardware, software, security, and support needs. Once you have a clear understanding of your needs, you can begin researching potential service providers that offer the services and support that align with your business goals.

Facebook shopping cart

When the Going Gets Tough

New data from the Federal Trade Commission shows that scams originating on social media have accounted for $2.7 billion in reported losses since 2021, more than any other contact method …

Reports during the first half of [2023] show that the most frequently reported scams on social media are related to online shopping, with 44 percent of reports pointing to fraud related to buying or selling products online. [source: FTC]

Social media shopping has grown huge: 67% of shoppers in 2022 purchased through social media channels and this course we’re on shows no signs of changing. And while it’s easy to see why people do it (among the reasons: more time spent on social media than with traditional media, the simulated, relaxed feeling of a community and the ease-of-purchase), it doesn’t mean that we shouldn’t see if what we’re doing is in our best interests. Or at least ask, ‘can we do it better?’ … [4 min. read]