Worms belong in your Garden, not your PC!

When we think of worms, most of us think of the creature that helps our gardens thrive, however, in the technology field the word “worm” strikes fear into many a technology user.  This particular form of malware has caused billions of dollars in damages in the last decade alone!1 Using Symantec’s definition, worms are “programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file.”1 Some liken it to a chain letter that no one wants, but is far more insidious and damaging.

“They make your computer more vulnerable to future attack, because every machine with a worm infection is broadcasting to the entire Internet that it can be taken over by anyone who cares to copy the method the worm used. Also some viruses and worms disable standard security measures, or install their own back-door services that allow other people to use your computer over the Net.”2

Well-known Worms

The first known worm was the Morris worm in 1988, named after Robert Morris, a student at M.I.T. While the worm was initially harmless, it “quickly began replicating copies of itself onto Internet servers of the day (predating the World Wide Web), eventually causing them to stop working due to exhaustion of resources.”3

In 2001 a worm by the name “Nimda” (admin spelled backwards), infected nearly 2.2 million servers and PCs within a 24-hour period through a multi-pronged approach including searching for unpatched applications, sending an infected mass email to a victim’s contact list, and downloading from a compromised website.4 This worm caused over $635 million in damages and dramatically decreased internet speeds and wreaked havoc on a user’s email account.

One of the more powerful attributes of a worm is its ability to propagate seemingly by itself, with little to no human interaction.  This makes it ideal for cyber warfare.  A prime example of this is the 2010 attack on Iran; the United States and Israel created what is now known as the Stuxnet worm to attack Iran’s nuclear enrichment program.  By the time the worm was discovered and expelled from their infrastructure, 984 uranium enriching centrifuges were destroyed, setting Iran’s nuclear weapons program back by approximately 2 years!5

How does it spread?

What makes worms so dangerous and insidious is that once it is on your machine, it can wreak havoc without the user’s knowledge.  Once the initial sequence is started (opening an attachment, clicking on a link, etc.), the worm will move on its own through the system, impeding the user’s activity.  Worms also infect other machines by self-replicating and sending mass emails through the infected users’ email contacts.1 Oftentimes, victims think they are simply opening an attachment from a friend or acquaintance so their guard is down.

Symptoms

How do you know when you have a worm?  There are several key symptoms that may indicate you have been infected:

  • Emails sent without consent. If you are contacted by an individual in your contact list about a strange email you sent, but have no recollection of, you may be a victim of a worm.
  • Software suddenly appearing on your desktop. If you notice that applications are suddenly appearing on your desktop, or have been removed, that’s a red flag that your machine may be compromised.
  • Slow computer performance. If infected, your machine may run slower as the worm needs memory to effectively run and propagate.
  • Pop-ups galore. If you are seeing numerous pop-ups and messages, it’s a surefire sign that you have a worm or virus on your machine.
  • New windows open when connecting to the internet. A common symptom of an attack or worm is when you connect to the internet and it opens a new window that you did not request.

How to protect against worms

So, what can you do to prevent such an attack from occurring?

  • Be cautious around attachments. Even if you recognize the sender, be cautious if they send you an unexpected email with an attachment and a vague subject line (“You have to see this!”). Be extremely cautious if you don’t recognize the sender.
  • Perform regular updates. Their intended purpose is to quickly push out fixes to bugs that may be occurring and create a safe computer environment. When you browse the internet, your computer is at the mercy of its current protective measures. Viruses, malware and rootkits are always on the search for security holes to exploit and gain entry to your personal data. While the best antivirus software would prevent this from ever happening, in order to accomplish such a goal, you need to perform recommended updates.

Working with a managed IT service provider (MSP) can remove a lot of the burden and take away the mystery of proactive measures to protect your business.

Protecting your company’s data and infrastructure should be a top priority, but you do not need to do it alone.  Let the Bryley experts help protect your company’s data and infrastructure. Please contact us at 844.449.8770 or by email at ITExperts@Bryley.com.

 

1 “Computer Worm” – veracode.com

2 “Security Hints and Tips” – bbk.ac.uk/its/services/security/secper/hints

3 “How Computer Worms Work” – lifewire.com

4 “Nimda Worm Analysis” – symantec.com/avcenter/reference/nimda.final.pdf

5 “Countdown to Zero Day: Stuxnet” – wired.com

“How to prevent and remove viruses and other malware” – support.microsoft.com

“The Spread of the Code-Red Worm” – caida.org/publications/papers/2002/codered/codered.pdf

Bryley and Warren Insurance Support Local Charities

Hudson-based Bryley Systems and Bryley client, Stow-based Warren Insurance, together raised funds for the Hudson Boys & Girls Club. The donation was generated through Bryley’s refurbished computer program. Bryley donates a refurbished computer in exchange for a donation made to a local charity – generally the Hudson Boys & Girls Club or the Hudson Food Pantry.

As Winter Approaches, be wary of heaters

With the cold weather quickly approaching it’s important to take care of your machines. While we all appreciate and like a warm working environment, it’s important not to place devices too close to heating devices.

A client of ours mistakenly left a space heater on overnight and came into work the next day to find the front bezel (front of the computer) had melted. The ports on the front, including power and USB, no longer function.  This could have been a lot worse, with potential for fire.

This is a good reminder to double-check that everything is off before leaving for the day, and to make sure you leave ample space between your computers and heaters.

IT Budgeting Made Easy

We know that budgeting can be a daunting task. That is why the Bryley Systems’ motto is “Dependable IT at a Predictable Cost”. Our fixed-price IT support programs make IT budgeting a breeze.

We understand that in order to have an accurate, working budget, the finance and IT teams need to come together to get an idea of the full picture.

Why does IT budgeting matter?

Without a budget, IT leaders will have to justify every IT expenditure as it arises, creating unnecessary bottlenecks.  Furthermore, “you may be forced to request and justify every IT expenditure as it arises, which makes for significant unnecessary overhead. Smaller organizations may find themselves willingly migrating into a periodic budgeting process, as IT expenditures that were once simply spent as incurred, or justified with a 30-second hallway conversation, blossom into significant IT spending that can be consolidated and made more transparent through a budgeting process.”1

IT budgeting affects more than just your department

When creating an IT budget, it’s important to think of how it will tie into other departments.  The budget will directly impact employees and initiatives that your organization has.  It’s easy to see the budget as a mere spreadsheet. But remember, there are real consequences for every number that is either increased or decreased.

Think of IT budgeting as financial planning

Consider IT spending as an investment for your organization’s future, much in the same way as you would with your personal financial planning. “Only after gaining an understanding of the organization’s short- and long-term goals can [business leaders] help ensure that the organization is aligning its IT strategy with its business strategy, resulting in the right IT investment decisions.”2 Consider, “What is the organization’s cash flow? How will IT spending impact the organization’s overall capital and operating budgets? Are any major projects on the horizon that might impact the IT infrastructure? Remember to consider both the financial and non-financial implications of IT-related initiatives.”2 Another aspect that should not be overlooked is the human component.  Does the organization plan on making any changes that could impact an employee’s ability to fully utilize new software? And, how will new initiatives impact employees’ work lives?

Creating budgets also helps to establish and understand priorities. “Instead of looking at the budget solely as an administrative process, regard it as a validation and support tool for your IT strategy. If you don’t have a formal or informal IT strategy in place, the budgeting process is as good a place as any to start investigating areas for improvement that will be cornerstones of your first attempts at more strategic IT management.”1

Align IT with organizational strategy

IT budgeting should not be performed in a bubble; but rather performed with the entire organization in mind.  Once the IT budget is prepared, compare it to the overall budget to ensure the goals are aligned.  Key questions to ask are “Do the selected IT initiatives align with and support the organization’s strategic objectives? Should any initiatives that weren’t selected for the budget be reconsidered? Would any of the organization’s strategic initiatives make one of the selected IT initiatives obsolete?”2 It is best to think of your IT budget in three sections:

  • Run – What it takes to keep the organization running. This should be the last place to trim as doing so could create unnecessary operational risk.  Items included in this group are considered mission-critical: server replacements, key software upgrades, personnel costs.
  • Grow – introduce new capabilities and improve existing ones. These are often more flexible and are easily added or trimmed depending on cash flow.  Items in this section include implementing new software for optimization, purchasing a firewall for additional protection, and upgrading the website to attract more customers.
  • Transform – This is more of a long-term project for research and development endeavors. Unless associated with key organizational initiatives, these are the first to be cut when budgets are trimmed.  These initiatives are ones in which the organization believes it will benefit from in the future.  Examples include new product offerings, , redundancy, , and the like.

Tips and best practices

When considering the impact the budget will have on the organization as a whole, it is imperative to put forth significant time and due diligence into its creation.  It’s too simple to see the budgeting exercise as just another painful administrative duty that one must accomplish. But it is really much more than that.  A budget “is the financial manifestation of the strategy and direction your department or organization will take over the coming year.”1

  • Use last year’s budget. This will give you a rough idea of what you want the upcoming budget to look like. It will also provident insight into areas to pad as well as those that can be reduced.
  • Spreadsheets are your friends. Excel spreadsheets will prove invaluable when it comes to updating and creating a budget. It is beneficial to have previous years’ budgets listed as it will indicate long-term trends and the ability to predict future expenses.
  • Factor in slack. Once a budget is set, it is generally difficult to go back for more funds.  Consider, carefully, the amounts requested to ensure they are sufficient to accomplish the objectives.
  • Seek expert advice. You can’t be expected to know everything about the realm of IT and budgeting, so don’t be afraid to seek out the advice of experts.  They will offer guidance and work with you to identify key initiatives and allocations for your future success.

Creating an IT budget can be a daunting task, but you are not alone.  Bryley Systems’ experts will work with you to determine your priorities and build a budget accordingly.  It’s easy with our fixed-price IT support programs.

We are your technology partner. Please contact us at 844.449.8770 or by email at ITExperts@Bryley.com.

We’re here for you with “Dependable IT at a Predictable Cost.”

 

1 “IT budgeting: The Smart Person’s Guide” – techrepublic.com

2 “IT Budgeting” – journalofaccountancy.com/issues/2012/mar/20114439.html

“IT Budgeting and Spending Strategies Guide for CIOs” – searchcio.techtarget.com

“Small Business Budgeting” – investopedia.com/articles/pf/08/small-business-budget.asp

Bryley’s Prestigious Channel Partners 360° Award Celebrates Fall

After being honored as one of 25 recipients worldwide, our prestigious award is traveling the U.S. in celebration – being one of the most sought-after in the industry of technology solutions.  This month it stayed local to celebrate Fall in New England

HAPPY HALLOWEEN!

Bryley is getting into the Fall spirit.  Stop by on Halloween
as we join several other businesses in Hudson to hand out
treats to the youth in our community.

 

Cathy Livingstone hands out candy to local residents.

All Aboard!

The cutest mouse trap we’ve ever seen!

 

 

“Bryley Systems works toward continuous improvement; we strive to manage, optimize, and secure our client’s information technology, which brings substantial business benefit and value to their organizations. Our team-focused, best-practices-oriented approach, coupled with high-value/low-risk service options, enables us to provide our clients with Dependable IT at a Predictable Cost™.  We thank Channel Partners for this prestigious Channel Partners 360° award!”                      

      – Gavin and Cathy Livingstone, Co-Owners, Bryley Systems, Hudson, MA

Bryley attends Table Talk Facility Ribbon-Cutting Ceremony

Gavin Livingstone, President and Co-Owner, along with Cathy Livingstone, Co-Owner, attended Table Talk’s ribbon-cutting ceremony last month as part of the Worcester Regional Chamber of Commerce.

The facility is 50,000sq ft. and has state-of-the-art machinery capable of producing 10,500 pies/hour, nearly doubling current production1.  The land it sits upon was former industrial wasteland, but Table Talk went to great lengths to clean up the site and provide more Worcester residents with employment opportunities.

Touring the facility

Gazing at the production line

Learning about the new facility

 

1 masslive.com/news/worcester/index.ssf/2017/09/a_year_in_review_table_talk_pi.html

Bryley Basics: What happens when a home is smarter than its owner?

Today, if we forget to turn off the coffee pot, or shut the garage door, we can simply hit a button on our phones, or other devices. According to a study by Intel Corporation, 71% of the population is expected to have at least one smart-home device in every home by 2025.1

This is great news for those of us that are forgetful, but one has to be wary of how much access is granted through these devices. Just like you wouldn’t leave your house keys out for anyone to take, you must also be cognizant of the security of your smart devices.   Last year, hackers were able to bring down several sites by using home devices connected to the internet such as baby monitors, cameras, and home routers without the user’s knowledge.1

There are several steps users can put in place in order to take advantage of these smart devices while remaining protected:

Do your research. Not all smart devices were made equal. It is best to do some research prior to purchasing a device to see what security measures the manufacturers have implemented. Will the device automatically perform patch updates? Does it require a passcode? Will it prompt you to change your password? Knowing this ahead of time, will give added peace of mind.

Secure your devices. By default, many of these devices have a simple security plan in place, since historically they haven’t needed to worry about cyber threats. Prior to a few years ago, no one would have thought you could have your refrigerator tell you what items you would need to purchase on your next grocery trip! Make sure your device requires a passcode that you can regularly update.

Regularly update your Passwords. Make sure to change your password every 60-90 days with a complex password using a mixture of capital and lowercase letters, numbers, and symbols. A password does nothing if it remains at the default factory password.

Separate your Network. As an added layer of protection, put some separation between your devices and the rest of your data. Most of the time, these devices only need an internet connection, so putting them on a different network from the rest of your data protects both of them. “Newer WiFi routers have built-in guest network capabilities that can isolate untrusted devices from each other and from the rest of your network – a useful feature for most devices that only need internet access and don’t need to talk to other devices. Extra configuration may be required to properly secure devices that need to talk to each other (like automation controllers and security cameras), but it’s possible to limit that communication without laying bare the rest of your home’s network.”2

Perform Regular Updates. Some devices will automatically update while others you will have to check. Regardless, it is best to check every so often to ensure the updates are performed and you are protected.

Security of these smart devices is such a concern, Senators Mark Warner, Cory Gardner, Ron Wyden and Steve Daines introduced the “Internet of Things Cybersecurity Act” aimed at forcing tech companies “to ramp up security if they want to sell connected devices to the federal government.”3 This bill is the bare minimum and will block any “IoT devices with known security issues from government use and require device makers to patch any new flaws. Security researchers who hack IoT devices used by the federal government in order to find new flaws would be exempt from the Computer Fraud and Abuse Act, which has been used to charge hackers.”3 It is the hope that this bill will encourage companies to adopt these regulations as standard for commercial sectors as well.

At the end of the day, these devices will become more and more commonplace. As this occurs, security will also improve. There are sure to be growing pains, but like most evolutions, it will improve our lives.

 

  1. 1 “Best Smart Home Devices and Hot IoT Is Changing The Way We Live” Forbes Technology Council, 6 Jun 2017
  2. How To Protect your Fancy New ‘Connected Home’ from Savvy Hackers. Best Buy
  3. 3 “Congress to Smart Device Makers: Your Security Sucks” Ng, Alfred. CNet, 2 August 2017.

Robin Powers Joins Bryley Systems!

Robin Powers is the newest member to join Bryley Systems’ Business Development team.  In her role as Sales Support, Robin will assist with proposals, presentations, and general business development functions.  She will work closely within the team to further enhance client support and relationships.

Prior to Bryley Systems, Robin was employed at Stratus Technologies for 25 years as an Administrative Professional in their IT Department.  Bryley Systems welcomes Robin as she brings years of expertise in the technology field.  Ms. Powers has a BS from UMass Amherst.

Case Study: WRTA Turns to Bryley to Help Coordinate Move to New Facility and Deploy New Computer Infrastructure

The Company: Worcester Regional Transit Authority

The Worcester Regional Transit Authority (WRTA) services the City of Worcester and 36 surrounding towns with a bus fleet that includes all-electric buses and many diesel-electric hybrid buses. As the second-largest regional transit authority in Massachusetts, WRTA features a real-time bus arrival information system that includes the latest advancements in communication technologies—with automatic vehicle announcement, locator and monitoring systems as well as dynamic message signs. The organization is operated by Central Mass Transit Management.

The Challenge: Find an IT Partner Who Also Understands the Big Picture

As the buildings that house the buses, the garage, and the computer data center began to age and experience environmental issues, the WRTA planned a major move into a new facility. The servers and the network were also reaching end-of-life status, so the organization decided to upgrade the computer infrastructure at the same time.

Given the scope of the two projects, the WRTA had to coordinate planning across several third parties. When it came to the new server and network infrastructure, the organization thus needed an IT partner with high-level technology design skills who could also work well with the building construction crew as well as the telecommunications provider and the company that provides the technology to operate the buses.

“With all the moving parts and players, we needed an IT partner who would help us make sure the entire project kept moving forward,” says Donna Novelli, Director of Risk Management and Administration for Central Mass Transit Management, the private entity that manages operations for the WRTA. “It was important to work with someone who would focus on the big picture and not just be concerned with their role.”

The Solution: Bryley Systems—A Long-Time Trusted IT Partner

From the start of planning the project, which began several months before the move deadline, Novelli knew who the IT partner would be. She never considered anyone else.

“Bryley Systems has been our outsourced IT partner since 2011,” Novelli explains. “They have done a superb job keeping our computer network running at peak levels on a daily basis while also advising us when the time is right to deploy new technologies. Bryley has the technical and the logistical project management expertise as well as the resources to help organizations like ours successfully complete a major move and a technology upgrade at the same time.”

Knowing in advance that the move to the new facility would occur, Bryley advised WRTA to hold off on upgrading the computer network until the move and then helped the organization ensure the previous network infrastructure would continue to meet its IT needs. For the move to the new facility, Bryley designed a new computer infrastructure that includes 28 virtual server instances running on five physical Hewlett Packard servers, 16 Cisco network switches, and a Cisco Wi-Fi network.

The infrastructure is protected by four firewalls and system backups that replicate data and applications to an offsite data center managed by Bryley. Bryley also disconnected approximately 60 workstations in the old facility and then reconnected them in the new facility.

The Deployment: Changing Timeline Requires Nimble Flexibility

To help keep the project moving forward, Bryley Systems met with Novelli and the other partners on a weekly basis to synchronize their tasks. As Bryley configured and burned in the servers, switches and the Wi-Fi gear in advance of the implementation, the five-person team expected to have a six-week window in which all the devices could be deployed. But as the construction timeline changed, and as other partners needed more time to prepare their installations, the window shrunk to about two weeks.

“Bryley remained flexible the entire time, and they coordinated all their resources to make sure their portion of the project was still completed on schedule—despite the much shorter timeline,” Novelli says.

Bryley’s efforts included implementations during weekends and very early in the morning. With buses running until about midnight and starting up as early as 5:00 a.m. the next day, the downtime window was very small.

“We kept to our committed bus schedules even during the final cut-over weekend when we closed down the old building and made the final move into the new facility,” Novelli points out. “That was a big accomplishment, and Bryley played a major role in our success by adapting to the changing needs of the situation.”

Benefits: Improved Network Performance and Peace-of-Mind

With the new IT infrastructure, WRTA now has a complete virtual local-area-network along with a wireless network that both utilize the latest technologies. This includes advanced solid-state flash storage from Hewlett Packard that speeds up file save and access processes for end users such as vehicle tracking, location prediction and record keeping as well as real-time communication between drivers and dispatchers. The new network also ensures better application performance.

Looking back at the success of the project, Novelli says the major benefit that she and the organization receives from Bryley Systems is peace-of-mind knowing that IT systems will function as required: “Whether it’s handling a major move like this one, or making sure our computer network remains up-and-running, we trust Bryley to get the job done. They proactively make sure all the details are taken care of so that we can avoid surprises that hamper daily operations.”

The partnership with Bryley also continues to allow Novelli to maintain a minimal internal IT staff. “It’s just me and one other person—otherwise we rely on Bryley for everything from help desk support to long-term technology planning,” Novelli says. “We continue to partner with Bryley for their expertise and the value they bring to our organization. They provide a full range of staff that can assist at the consultant level for servers and design along with the technicians that help our end users. They are always responsive to anything new we need—even if we need it right away.”

Side Bar

Major Benefits—IT Infrastructure Deployed in New Data Center by Bryley Systems:

  • Implemented during off-hours to avoid network downtime during operational hours.
  • Coordinated the deployment to sync with construction activities and actions of other vendors.
  • Met timeline requirements even as the window for deployment shrunk from six to two weeks.
  • Provided peace-of-mind that computer network would continue to function after the cut-over.
  • Delivered new technologies that enhance application performance for end users.
  • Enabled internal IT team to maintain minimal-size staff.

Why old technology is scarier than SCI-FI thrillers

As we’ve seen from the latest cyberattacks, old technology can be far more scary (and harmful) than the scariest Sci-Fi movies.  “We have the sci-fi depictions of sentient networks that will turn against us, but the problem is, we’ve already built something way too complex for us to be able to manage as a society,” according to Wendy Nather, principal security strategist at Duo Security. “This is a very shaky foundation that we have to clean out and redo.”1

The majority of cyberattacks occur as the result of exploiting a weak spot in legacy software running on legacy machines. “The problem with these outdated systems is that they are (predominantly) no longer supported by the company that created them. You are on your own. If a new vulnerability is discovered by cyber criminals, there will be no security updates released to patch the issue. It’s also unlikely you will be informed of this vulnerability, meaning you are blindly running a system prone to constant attack.”2

These attacks aren’t just perpetrated against small companies. In 2015 and 2016, Russian hackers brought down Ukraine’s power grid, plunging 103 cities and towns into darkness.3

Hospitals are another high-value target for cybercriminals. Medical facilities focus primarily on patient care. Technology if often a secondary concern. The WannaCry attack, for example, struck UK hospitals, forcing many to turn patients away. Security expert, Janie Larson, recounted an incident in which malware had infected EEG machines that were connected to children – disconnecting them to update the software would have proved detrimental to the patients.1 How would you choose between paying the ransom demanded by the hackers and preventing harm to high-risk patients?

So, what can be done to prevent a cyberattack like this?

  • Regularly check for updates and patches on all software and devices in your environment.
  • Be mindful of end of life. Know when your technology will no longer be supported and have a plan in place for when that happens.

If you’re ready to protect your organization, it pays to work with a Managed IT Services/Managed Cloud Services company, like Bryley Systems, to ensure that you’re taking the right steps. Bryley will recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent potentially catastrophic data loss and system downtime.

Please contact us at 978.562.6077 or by email at ITExperts@Bryley.com.

We’re here for you.

 

1 Larson, Selena. CNN Tech. “Why Old Tech Is Scarier Than Hollywood AI” – money.cnn.com

2 Jones, Ed. CloudTech. “The Hidden Dangers Of Legacy Technology – And How To Resolve Them” – cloudcomputing-news.net

3 Perez, Evan. CNN Politics. “U.S. Official Blames Russia For Power Grid Attack In Ukraine” – cnn.com