Entries by Lawrence Strauss

MFA Still Tops

April 2, 2024 in /by

In SonicWall’s 2024 Threat Report the Number One Attack-Deterrent Is MFA

Complex, Locked Vaults and Double Keys

How would you feel about giving your valuable documents to a bank that only had a single lock on the bank’s outside doors? One lock might put off a less-determined intruder, but I’d expect it would be pretty easy for a burglar to figure a way past just one lock. So how would you expect a bank to responsibly treat your valuables? Not only would those outer doors have locks, there should also be a built-in cement and steel vault secured to the building’s structure to withstand destructive weather, fire and thieves, the vault’s lock should be complex to resist cracking, within the vault should be locked steel boxes that usually require two keys (one that you hold and one that the bank holds and authorizes its use after you prove your identity).

What is the relative value of what people keep so securely at a bank compared with the data an organization is trusted to protect? [6 min. read]

Ever See an Ant Back Up?

March 1, 2024 in /by

And Now for Something Completely Different

In the light of summer in a forest, a colony of ants was busy. It was known as The Colony of Methodical Memory. And the colony worked hard. The ants built clever storerooms within the earth. And they meticulously copied their knowledge and wisdom onto many gathered leaves and placed these in the secure storerooms.

There was at the same time in the same wood a swarm of grasshoppers, known as The Swarm of ‘Hi There’. While the ant colony worked, the grasshoppers swayed on leaves in the sun … [5 min. read]

Look Past the Weeds

February 29, 2024 in /by

Don’t Get Lost In The Vulnerabilities

The lockdowns found me in my garden more. One of the things I learned those couple years was that I started out intently focused on the annoyance of weeds – pulling them, pouring boiling water on them when they popped up in the cracks of my driveway, generally trying to kill them. But at some point my focus shifted and I began to see the whole yard – I especially noticed where different plants thrived or failed to. I moved things around. Happy, healthy plants – including working on achieving thicker ground covers (like that sedum pictured) – look beautiful while making the conditions less hospitable to weeds.

Vulnerabilities, which includes unpatched software and misconfigured systems, can be thought of like weeds … [6 min. read]

Question Everything

January 31, 2024 in /by

A set of policies … would have identified, I believe, a pattern of activity here …

–Navy CTO Don Yeske

The US military is in the process of moving to a Zero Trust networking framework. But before they began that process in November, a Cape Cod-stationed National Guardsman leaked 350 classified documents over the course of between six and fourteen months before his detection and arrest. And Zero Trust – that enforces stringent policies or rules over permitted network activities – might have stopped the rogue airman sooner (he was serving as an IT admin without need to access those military secrets).

This type of breach is called an insider attack. Insider breaches make up 20% of all breaches. Zero Trust is useful to handle these and many of the other attacks that begin outside an organization’s network … [5 min. read]

Are we there yet?

January 31, 2024 in /by

There is no doubt that over time, people are going to rely less and less on passwords

–Bill Gates, 2004

A 2023 study found that 64% of people surveyed are not confident they are managing their passwords well. Most discouraging in the new survey was the report that of those born after 1990 only 20% use unique and strong passwords. These stats bring also a feeling of futility: ‘so many data exposures – what does it matter?’ ‘there is no privacy anymore – whatever.’

I don’t share the opinion that we should throw in the towel, though who can’t sympathize with the sentiment? But Bryley sees time and again that, in fact, compromised passwords matter to an organization’s security. As an example of the severity of the problem, Google Cloud reported in October that 54% of breaches “are resulting from common and well-known threat actor attack techniques, such as obtaining and using stolen credentials …” [4 min. read]

How an Email Compromise Attack Begins

January 18, 2024 in /by

Faced with the right con, we’re all vulnerable

–Tim Harford

On his Cautionary Tales podcast, Tim Harford told the story of an ex-con who put on an army captain’s uniform and an air of authority and proceeded to demand to inspect a military financial account and confiscate (that is, steal) the $250,000 it contained.

If your employee gets an email from an executive at your organization requesting urgent action, how does the employee respond? … [4 min. read]

A Review of 2023

January 17, 2024 in /by

Here are some notable events and stories from 2023:

A Guiding Principle

Bryley is a client of Bryley, President Garin Livingstone said in a 2023 interview. We have people at Bryley that need technical help. We also need to make sure that our computer systems are being maintained and updated. Among the benefits of adhering to this model?

  • Updates and patching are as minimally disruptive as we can get them.
  • New technologies are fully vetted before the tech is deployed

This principle of being one’s own client has been a standard that Bryley has observed over the course of its thirty-six years … [6 min. read]

Bryley Systems’ 9th MSP 501 Award

September 8, 2023 in /by

MSP 501 is an IT industry signifier that recognizes the MSP (managed service provider) industry’s highest operational efficiency and business models. The MSP 501 award is based on a sixty-point audit to verify the fitness and stability from which independent IT providers can serve their clients with dependable IT.

With its detailed questionnaire (over sixty areas of scrutiny) and the requirement to have financial results certified to the auditors, the MSP 501 award helps benchmark which MSPs are fit to earn their clients’ trust … [3 min. read]

How Do You Turn an Ocean Liner?

June 7, 2023 in /by

Years ago a consultant told me that to shift a business’ paradigm was like trying to turn an ocean liner. Seems about right.

Bryley was started in 1987. Over that time we’ve had to continually think and rethink what’s working and what’s no longer serving our clients. And from the process of assessing and reassessing we’ve evolved. For example we went from designing and installing networks to being companies’ outsourced IT departments – the skills and tasks involved to successfully fulfill each of these roles is different. So we’ve adjusted staff and shifted our expertise. This kind of change is never easy.

That’s why when you’re considering Bryley as your IT provider, we make it a point to look out for the obstacles you’ll be facing in making the shift from how you’re currently doing things … [6 min. read]

How About That HQ

June 2, 2023 in /by

Are you familiar with TARDIS, Dr Who’s time-travel machine? It looks unassuming, but inside … I was interviewing Client Experience Specialist / Marketing Coordinator Courtney Leonard and she told me about her education in interior design. Even though she admits her knowledge is limited, she retains a lot of enthusiasm for the field, so I had to ask her about the Bryley building. Here’s what Courtney had to say about this … [3 min. read]