Low-Down on Office 365

Last week, Microsoft rolled out its promised “Unverified Sender” enhancement to Office 365 to help users “identify suspicious messages” (i.e. spam or phishing emails) that reach the Outlook inbox. 1 This comes after a bulletin in which Microsoft urged Office 365 administrators and users to not turn off its built-in spam filters to “minimize the potential of a data breach or a compromised account.” 2

Many users are mistaken that there are different kinds of protections to their data in the cloud. But the risks of data loss or compromised data are no less of a problem in the cloud than in a modern server, desktop or phone.

As an example, think your Office 365 files are recoverable if they are mistakenly deleted? You might be led to think so by the fact that Office 365 has one of the most robust backup programs on the planet, with redundancies across the globe. But those redundancies are concerned not with your documents, but with Office 365’s availability. Microsoft promises 99.9% uptime for its service, not that you’ll have access to previous versions of your documents — before a major edit, before an accidental deletion, before a ransomware attack.

Office 365’s terms and conditions read: “it’s your data. You own it. You control it. And it is yours to take with you if you decide to leave the service.” Microsoft’s message is it may be in the cloud, but it remains your data, your responsibility to ensure it’s appropriately protected. 3

If you’re in need of a solution, Bryley can help you to have peace-of-mind that your business’s data in the cloud is backed-up and accessible every day. Reach Bryley at 978-562-6077 Option 2 or email ITExperts@bryley.com

1 https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/unverified-sender-feature

2 https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-against-bypassing-office-365-spam-filters/

3 https://spanning.com/blog/are-you-at-risk-for-data-loss-in-office-365/

So What Gets Patched Around Here Anyway?

Given the number of vulnerabilities and exposures that are revealed every day [ https://www.bryley.com/2019/07/23/crunching-the-patching-numbers/ ], Mike Carlson, Bryley’s Chief Technology Officer, and Garin Livingstone, Director of Operations, agreed to be interviewed to walk me through the process they go through to keep computer systems updated. Mike has deep experience with local- and wide-area network design and implementation, and is a Microsoft Certified Systems Engineer™. Garin is a Microsoft Certified Technician™ and holds an A+ Certification, and has expertise in operations and technology.

Bryley Systems Picks Macs

Last month, I had an opportunity to volunteer at the Community Harvest Project located in Harvard; an event hosted by the Corridor 9 Chamber of Commerce.
Harnessed in canvas bags and supervised by farm staff, we rhythmically picked the trees clean in about an hour, then carefully sorted and packaged the apples for delivery to the Worcester County Food Bank.

Thirty seven volunteers picked a total of 4,500 pounds of Macintosh apples, 2,000 pounds were Grade A quality and packaged for distribution, and the rest were separated into bins for cider and pies.

It was truly an amazing morning. I picked apples as a chamber member, personally thanked the volunteers as a WCFB board member and 2,500 families received a bag of delicious, freshly picked apples.

Infographic: Tips for detecting a phishing email

Phishing emails are getting more complex all the time.  As the stakes rise, cyber criminals are employing increasingly subtle techniques and messaging.  Gone are the days when you simply had to turn down preposterous offers from royalty who had miraculously decided to become your unlikely benefactor.

The phishing email of today is designed to look as legitimate as possible.  It will try to distract you from clues that give away its true intent by creating a sense of urgency.  Typically they front as legitimate emails from familiar sources, sometimes even appearing to come from within your own organization.

Fortunately, once you know what to look for, these emails will be as easy to spot as those starting “I am a prince from [insert  random country name here], and I wish to bathe you in riches…”

The Compliance Effect

The Managed Security Service Providers journal, MSSP Insider, interviewed Bryley president Gavin Livingstone about General Data Protection Regulation (GDPR) 1 compliance.

“Our manufacturing clients were especially observant and working toward [regulatory] compliance,” said Gavin. The interview was prompted by a survey by Scale Venture Partners, Cybersecurity Perspectives 2019 2 . In the report, 2018 data breaches like at Exactis, exposures like at Cambridge Analytica, and regulations like GDPR triggered businesses to improve cybersecurity and increase investment in their security solutions. As a result fifty-five percent of the surveyed executives increased their investment in new solutions, forty-nine percent increased their measurement and reporting around data privacy, and forty-eight percent increased investment in data privacy personnel.

The Day the Cloud Went Down

7:33 AM, August 31, 2019, a power failure hit Amazon Web Services (AWS) US-East-1 datacenter in North Virginia. As expected, the datacenter’s backup generators kicked in.

Then at about 9 AM the generators started failing

The result was 7.5% of Amazon’s data storage units were unavailable for several hours. Some of the affected websites and services included Reddit, Styleseat, Fortnite, Sendhub … and many smaller sites and services. Power was restored, and around noon most of the drives were functioning. But the outage rendered some data unrecoverable. For those that had not backed up their data, the power failure was a disaster.

windows-logo

Your Windows 10 Transition

Using Windows 7 and Windows Server 2008/R2 after January 14, 2020 puts your systems at risk of vulnerabilities and cyberattacks. When over 200,000 computers were infected by WannaCry in 2017, it was the result of a Windows vulnerability. If a WannaCry-type attack occurs that affects Windows 7 after January 14, 2020, your Windows 7 installations will only have had access to the patch if you are paying for Extended Security Updates. 1

One in three breaches is due to unpatched vulnerabilities. For an organization, the average cost of a data breach is $3.86 million — the average cost for each lost or stolen record is $148. This makes data breaches worse for most businesses than floods, fire, and transit strikes combined. 2 Data breaches end businesses.

The Mysteries of Microsoft’s Model for Windows

“All they had to do was come up with a way to charge ten bucks a month and now no one steals music,” I overheard a college student say. He was talking about how Apple transformed from selling software (mp3s via iTunes) to renting access to songs, aka Software as a Service (SaaS). Apple Music now has the most paid music subscribers in the US and based on this success, “announced new subscription offerings for magazines, TV shows and video games”. 1

Per Forbes, 84% of new software is being delivered as SaaS. 2 This selling model built Netflix memberships (20 million renters at the height of its DVD service compared to over 150 million SaaS subscribers today 3 ), Dollar Shave Club razors, Stitch Fix and Amazon’s Subscribe and Save. Subscriptions moved Adobe’s market cap more than 87% since 2012 to $108 billion. 4

Bryley Systems Ranks #3 as a Top IT Service Provider – WBJ 2019

Bryley Systems is excited to announce that we have been ranked as one of the top 3 on the Worcester Business Journal’s 2019 list of Top IT Service Providers. We are proud to be recognized for our commitment to our clients, as well as our staff, and wish to thank everyone for making this possible.

technology patches

Crunching the Patching Numbers

There were 16,516 Common Vulnerabilities and Exposures (CVEs)1 published in 2018. The time needed to analyze the relative importance of these to your organization would be something like 16,516 alerts times fifteen minutes to read and assess each one, which works out to about 500 days of work. If you decide that your organization is affected by twenty percent of these, that’s 3,304 vulnerabilities times an average of about an hour to patch each one — that will take about 40 days. And how many devices do you have that need this patch deployment? 2