Be Aware! Avoid Phishing Scams During Tax Season

/in , , /by

Let’s face it, tax season is stressful enough without having to contend with increasingly common and sophisticated tax scams. It certainly can be a headache to prepare your taxes, but falling for a tax scam could make it a nightmare.

The world is full of people who are ready and willing to take advantage of someone when they’re vulnerable. Tax scams contain new forms of fraudulence being discovered every day, but the most prevalent by far is the email phishing scam.

The Definition of Phishing. It is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

Phishing scams are easy to accomplish and can be done from home. A typical phishing email during tax season will bear similar (or sometimes identical) IRS letterhead or logos and will instruct you to follow a link that will lead you to, you guessed it, a site that requests your personal information. Some individuals are too quick to trust a logo or letterhead and forget to check the validity of an email/site before divulging their personal information.

In recent years, thousands of people have lost millions of dollars and their personal information to tax scams and fake IRS communication. Scammers use the regular mail, telephone, fax or email to set up their victims.

Knowledge is Power! Remember that the IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. In addition, the IRS does not threaten taxpayers with lawsuits, imprisonment or other enforcement action. Recognizing these telltale signs of a phishing or tax scam could save you from becoming a victim.

Last-Minute Email Scams. The IRS, state tax agencies and the tax industry urges taxpayers to be on guard against suspicious activity, especially email scams requesting last-minute deposit changes for refunds or account updates.

  • Learn to recognize phishing emails, calls or texts that pose as banks, credit card companies, tax software providers or even the IRS. They generally urge you to give up sensitive data such as passwords, Social Security numbers and bank or credit card accounts. Never provide your private information!
  • If you receive suspicious emails forward them to phishing@irs.gov. Never open an attachment or link from an unknown or suspicious source!

IRS-Impersonation Telephone Scams. “An aggressive and sophisticated phone scam targeting taxpayers has been making the rounds throughout the country. Callers claim to be employees of the IRS, using fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.

Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. Victims may be threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting. Or, victims may be told they have a refund due to try to trick them into sharing private information. If the phone isn’t answered, the scammers often leave an “urgent” callback request.”1

The IRS will never:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail you a bill if you owe any taxes.
  • Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.
  • Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  • Ask for credit or debit card numbers over the phone.

Remember: Scammers Change Tactics — Aggressive and threatening phone calls by criminals impersonating IRS agents remain a major threat to taxpayers, but variations of the IRS impersonation scam continue year-round and they tend to peak when scammers find prime opportunities to strike.

Surge in Email, Phishing and Malware Schemes. “When identity theft takes place over the web (email), it is called phishing. The IRS saw an approximate 400 percent surge in phishing and malware incidents in the 2016 tax season. The IRS has issued several alerts about the fraudulent use of the IRS name or logo by scammers trying to gain access to consumers’ financial information to steal their identity and assets.

Scam emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. These phishing schemes may seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.

Variations of these scams can be seen via text messages. The IRS is aware of email phishing scams that include links to bogus web sites intended to mirror the official IRS web site. These emails contain the direction “you are to update your IRS e-file immediately.” The emails mention USA.gov and IRSgov (without a dot between “IRS” and “gov”), though not IRS.gov (with a dot). These emails are not from the IRS. The sites may ask for information used to file false tax returns or they may carry malware, which can infect computers and allow criminals to access your files or track your keystrokes to gain information.”

For more details, see:

  • “IRS Warns Seniors To Beware Of Calls By Criminals Impersonating The IRS” – irs.gov
  • “Phishing Schemes Lead The IRS Dirty Dozen List Of Tax Scams For 2017 Remain Tax Time Threat” – irs.gov
  • “IRS Warns Washington DC, Maryland, Virginia Residents Of New Phishing Scam Targeting National Capital Area” – irs.gov where the email scammers are citing tax fraud and trying to trick victims into verifying “the last four digits of their social security number”2

Unsolicited email claiming to be from the IRS, or from a related component such as EFTPS, should be reported to the IRS at phishing@irs.gov.

Tax Refund Scam Artists Posing as Taxpayer Advocacy Panel. “Some taxpayers may receive emails that appear to be from the Taxpayer Advocacy Panel (TAP) about a tax refund. These emails are a phishing scam, where unsolicited emails try to trick victims into providing personal and financial information. Do not respond or click any link. If you receive this scam, please forward it to phishing@irs.gov and note that it seems to be a scam email phishing for your information.

 TAP is a volunteer board that advises the IRS on systemic issues affecting taxpayers. It never requests, and does not have access to, any taxpayer’s personal and financial information.

How to Report Tax-Related Schemes, Scams, Identity Theft and Fraud. To report tax-related illegal activities, you should report instances of IRS-related phishing attempts and fraud to the Treasury Inspector General For Tax Administration, ustreas.gov/tigta at 800-366-4484.3

Additional Scam-Related Information:

  • “Security Summit” at irs.gov – Learn more about how the IRS, representatives of the software industry, tax preparation firms, payroll and tax financial product processors and state tax administrators are working together to combat identity theft and refund fraud.
  • “IRS Security Awareness Tax Tips” at irs.gov
  • “Tax Scams — How To Report Them” at irs.gov
  • “State ID Theft Resources” at taxadmin.org – State information on what to do if you or your employees are victims of identity theft.
  • “IRS Dirty Dozen” at irs.gov – The annually compiled list enumerates a variety of common scams that taxpayers may encounter

If you suspect you are a victim, contact the IRS Identity Theft Protection Specialized Unit at 800-908-4490. When reporting to the IRS, you will need to:

  1. Send a copy of an IRS ID Theft Affidavit Form 14039 – download the form here: irs.gov/pub/irs-pdf/f14039.pdf.
  2. Send a proof of your identity, such as a copy of your Social Security card, driver’s license or passport.

After doing that, make sure to:

  • Update your files with records of any calls you made or letters you sent to the IRS
  • Put a fraud alert on your credit reports and order copies of your credit reports to review any other possible damage
  • Create an Identity Theft Report by filing an identity theft complaint with the FTC and a police report

 

Sources and References:

1 vanderbloemengroup.com/articles/irs-impersonation-telephone-scam

2 irs.gov

3 irs.gov

usa.gov/business-taxes

aarp.org

taxadmin.org

treasury.gov/tigta/

 

 

Bryley Receives Prestigious Channel Partners 360° Award!

/in , , , , , /by

April 11, 2017 — Bryley Systems is pleased to announce that it has been honored by Channel Partners, with the 2017 Channel Partners 360° Business Value Award.  We are one of only 25 technology-oriented companies worldwide to receive this award, which is one of the most sought-after in the industry.

This award honors service providers that are taking a holistic approach to technology solutions and creating business value for their clients and have a well-rounded portfolio.  Channel Partners started “as a simple idea to reward partners of all sizes for creating business value for their customers through telecom, IT, and cloud solutions…” and “rewards channel partners – agents, VARs, dealers, system integrators, MSPs and consultants – of all sizes for innovation, solutions-orientation and customer focus.”

Bryley’s President, Gavin Livingstone and co-owner, Cathy Livingstone, were on hand to accept the award stating “Bryley Systems works toward continuous improvement; we strive to manage, optimize, and secure our client’s information technology, which brings substantial business benefit and value to their organizations. Our team-focused, best-practices-oriented approach, coupled with high-value/low-risk service options, enables us to provide our clients with Dependable IT at a Predictable Cost™.

We thank Channel Partners for this prestigious Channel Partners 360° award!”

Award recipients were honored at a ceremony on April 11 at the Channel Partners Conference & Expo in Las Vegas.

Sharing Files? Be Cautious.

/in /by

Let caution be your watchword.

More and more organizations are moving to the cloud. And that’s great because it allows your employees to share files easily and efficiently. However, no matter how convenient this technology is, business owners and employees alike should be aware of a few basic security risks and counter-measures.

Employees must clearly understand what type of information can be shared and what storage mediums are eligible for each category of information. This approach will enable companies to establish a consistent and manageable process as it relates to the secure use, access, and storage of company information.

Beware the Password! Most cloud services provide users with their own accounts. Generally, employees select their own passwords. What will stand between a hacker and the content of those files is a password. It is very important for employees to select a “strong” password. (View one of our recent blogs – Do’s and Don’ts of Password Security). Passwords should be changed periodically. This can be set automatically through most databases and ensures that employees don’t use duplicate passwords.

Do You Have Remote Users? Any computer or device that accesses company data should be considered a risk access point. Be sure that all devices are protected with security updates and patches. All these access points should have anti-virus / anti-malware protection as well. If you have employees who travel frequently, they may be using public Wi-Fi connections. Be sure that employees understand that if their devices are being used to send and receive files in the cloud, their data may be at risk, if unprotected.

How Secure is Your Cloud Service Provider? It is important to know whether the service provider can see your data.

  • If so, does the provider have controls in place to avoid sending, copying, or e-mailing your valuable data?
  • You also need to ask your cloud service provider what their data-protection policy is, and what the audit procedures are. Then, you should perform your own due diligence on those procedures.
  • What happens in the event of data corruption? Are there proper backups, and how far back do the backups go?

Evaluate Your Security Policies

Evaluate your security measures regularly to be sure they are doing the job. Circumstances change, equipment and software become outdated, and people make mistakes. As a result, effective security is dynamic, and requires monitoring and updating.

To inquire about Bryley’s full array of Managed Cloud Services and Managed IT Services, please contact us at ITExperts@Bryley.com. We’re here for you.

 

This field is for validation purposes and should be left unchanged.

Cathy and Gavin Livingstone judge at MHS SE Fair!

/in , , , /by

Cathy and Gavin Livingstone, joint-owners of Bryley Systems Inc., were again judges at the Marlboro High School Science and Engineering Fair on Tuesday, February 28. (The MHS SE Fair is a well-run, annual event that provides support and encouragement of student research, inquiry, and design.)

Cathy is pictured with Kimberly Konar and Amanda Cameron (aka The Bottle Girls), who presented BioPlastic: An Alternative to Environmentally Destructive Polymers. Kimberly and Amanda were third-place winners.

Winners go to the upcoming Worcester Regional Science and Engineer Fair and, if successful, on to the Massachusetts State Science & Engineering Fair.

IT Security Cheat-Sheet

/in , , /by

All organizations are at risk of a breach in IT security, whether externally (by a party outside the organization’s computer network) or internally (by a person connected to the organization’s computer network); studies show that even small companies are targeted externally, primarily because they are more vulnerable than larger organizations who can dedicate resources to combat external threats.

Organizations take great efforts to secure their data; they have firewalls, spam blockers, anti-malware applications, intrusion detection, etc.  However, the greatest threat comes from within:  End-users often inadvertently introduce malware (via web browsing or email-attachment clicking), which can spread across the network or attack confidential data.

Effective IT security requires a layered approach; it is comprised of multiple solutions at different points-of-entry and areas of concern.  It must be setup properly, but must also be continually monitored and then updated as appropriate.  Security should be periodically reviewed by an IT expert and, if budget permits, tested to ensure what is expected is what is received.

Effective IT security also requires ongoing training for all users and monitoring and enforcement of usage policies.

For an overview on IT security, I recommend viewing Ivan Dimitrijevics’ “10 Ways to Secure Your Small Business and Prevent Data Breach” in The Globe and Mail.

Here is our checklist, organized by security concern:

1.) Computer Network:

  1. Deploy, update, and monitor stand-alone firewall(s) between all external networks (IE: Internet) and the organization’s network.
  2. Deploy, update, and monitor an email/spam-protection capability.
  3. Deploy, update, and monitor an event-log management capability.
  4. Deploy, update, and monitor intrusion-prevention/detection capability.
  5. Lock-down wireless access points.

The first line-of-defense from external threats is a professional-grade, stand-alone firewall configured to refuse unwanted traffic from external sources while permitting only desirable connections.  It should be supplemented with email/spam protection; either as a Cloud-based service or via an internal appliance.  Event-log management and intrusion prevention/detection are also available either as a service or appliance; both are recommended, but budget versus benefits must be considered.

Enable Service Set Identifier (SSID) for internal-use wireless access points

2.) Servers, their operating systems, and their applications:

  1. Test and then install all recommended security patches/firmware updates.
  2. Manage operating system and application security-updates continually.
  3. Deploy, update, and monitor anti-malware application on all servers.
  4. Monitor continuously and review periodically for anomalies.

Servers, whether in-house or cloud-based, contain not only valuable data, but also end-user information (usernames, passwords, profiles, etc.) that can be manipulated and used to infiltrate.  They, their operating systems, and server-based applications, must be aggressively patched, protected through anti-malware, and monitored continuously.

Anomalies in performance and event logs can highlight potential security risks; both should be reviewed periodically.

3.) Data:

  1. Identify at-risk data and its location; keep only what you need.
  2. Outsource payment processing to a reliable, third-party partner.
  3. Verify security of vendors and partners with access to your data
  4. Where performance permits; encrypt data at-rest and in-motion.
  5. Deploy an encrypted backup solution with onsite and offsite storage.

Company data should be classified as to its value and stored accordingly.  It is best always encrypted, although many organizations might not have the processing power to permit such.

Rather than process payments onsite, many third-party vendors provide this service, but they should be verified before engaging.

Data backups should be encrypted and follow the 3-2-1 rule for reliability:

  • Three copies of important data
  • Two different media types
  • One copy offsite

4.) End-user devices, operating systems, and applications:

  1. Manage operating system and application security-updates continually.
  2. Deploy, monitor, and update anti-malware app(s) on all end-user devices.
  3. Test and install security-required firmware updates to end-user devices.

End-user devices are a primary target; they are difficult to secure and change continually.  However, end-user tools also share some blame:  Karen A. Frenkel of CIO Insight writes in “How Malware Bypasses Detection Tools” that 81% of IT professionals believe that web-browser-initiated malware can remain undetected by security tools and that the primary attack vector is an insecure web browser.

End-user devices, their operating systems and their applications must also be aggressively patched, protected through anti-malware, and monitored continuously.

Occasionally, a manufacturer will issue an alert for a security-required update to an end-user device, which should be applied as soon as possible.

5.) Usage:

  1. Lock-down user rights to restrict data access to as-needed basis.
  2. Require complex passwords with forced, periodic changes.
  3. Enforce periodic time-outs when computer is left unattended.
  4. Separate social-media browsing from financial-data handling.
  5. Require two-factor authentication for all online transactions.
  6. Create end-user policy detailing appropriate Internet use.
  7. Create end-user policy on how-to protect sensitive data.
  8. Enable web-monitoring capability to enforce policies.
  9. Protect email via encryption (as needed).

Data should be restricted, preferably by need-to-know.  (Crypto Locker can initially only attack data available to the end-user introducing this virus.)  Complex passwords with periodic changes can restrict untrusted access while forced time-outs keep private information from unwanted eyes.

Setup a separate login account or device for access to financial-data.  All online financial transactions must have two-factor authentication.

Policies should exist to inform end-users; they can be enforced through web-monitoring solutions.

Sensitive emails should be encrypted (via a service or appliance) while sensitive documents can be transferred via a secure FTP site.

6.) Training:

  1. Define an organization’s best practices for IT security.
  2. Demonstrate how to spot an unwanted ad while browsing.
  3. Train users how to verify a website link (before clicking it).
  4. Show how to verify an email attachment (before opening it).
  5. Train users to check the address of an email’s sender/source.

Data breaches occur due to the inadvertent introduction of malware, sometimes through the failure to comply with policies designed to limit inappropriate behavior, but often through a lack of IT-security knowledge and training.

The more training, the better.  Initial training should be acknowledged by the recipient and then tested for knowledge gained.  Security training should be repeated periodically; preferably at least annually.

7.) Maintain a Written Information Security Plan (WISP):

  1. Assign a responsible person.
  2. Define and announce the WISP.
  3. Review WISP periodically (at least annually).
  4. Document changes to WISP when they occur.
  5. Periodically test, assess, and rework policies and procedures.

The Commonwealth of Massachusetts, under statute 201 CMR 17.00, requires a WISP for all organizations that hold personal information on any Massachusetts resident.  The WISP must be assigned to an Information Security Manager, periodically reviewed, and changes must be documented.  All WISP policies and procedures must be periodically tested, assessed, and reworked as needed to ensure maximum, ongoing protection.

If you would like to improve your 2017 cybersecurity plan, or to inquire about Bryley’s full array of our Managed Cloud Services and Managed IT Services, please contact us at ITExperts@Bryley.com. We’re here for you.

Securing your tablet and smartphone

/in , , , /by

Think for a moment about how much of your life is on a tablet or smartphone. Personal information such as texts, emails, apps, photos, passwords, financial information, as well as work related information.

As time and technology move forward, tablets and smartphones become an item we cannot seem to live without. These devices have become a necessity in the workplace, especially for those people who travel frequently – you can even translate signage abroad or do videoconferencing. They’re convenient, easier to carry, have built-in cameras, thousands of handy apps, and even offer GPS technology. There’s no doubting the convenience these devices offer – but, here are a few things to be aware of whether you use these devices for personal use, work, or both.

Now, with all this great technology comes the risk should your device(s) be stolen or lost. Losing your smartphone can be very stressful, and costly. With this in mind, there are some relatively easy steps you should take to secure your devices so that the door is not left wide open for a hacker or thief to steal your valuable information.

  1. Set a passcode/password. A passcode is a basic multi-digit code. Without a passcode, anyone who has your device in hand can access everything. Many of the newer devices also offer an option to use a longer alphanumeric password. Immediately after you have set your passcode or password, you should turn on the auto-lock function and set it to as short a time frame as possible. Usually 2 – 5 minutes is recommended. It will save a little bit of battery life, and by shortening the window, it’s much less likely that someone will stumble upon it while it’s still powered on.
  2. Be App-Savvy. Installing apps from Amazon Appstore, Microsoft’s Windows Store, Apple iTunes, or Google Play is much safer. Bad Apps can be loaded with Malware which can infect your device and steal your information. Be leery of third party app stores as they often host malicious apps, and are usually disguised as more “popular” real apps.
  3. Read the app permissions instead of blindly accepting the terms and conditions. Is there a reason a game wants access to your camera, microphone, and contacts?
  4. Update the Software. Updates to your mobile OS and any apps on your tablet or smartphone often include security fixes and should be downloaded as soon as they are available.
  5. Beware of Public Wi-Fi. Always use caution when browsing the Web on a public Wi-Fi. Since your traffic is public, it can be captured.
  6. Don’t be Gullible. Immediately delete suspicious text messages from people you don’t know, don’t click on any embedded web links or call any unknown phone numbers. Scammers and spammers are increasingly targeting smartphone users, be it through text messages, emails or even phone calls pretending to be someone they’re not. This could lead to them locking your device and extorting money from you to unlock it (“ransomware”).
  7. Enable Remote Location and Wiping Preventing someone else from gathering your sensitive data is the most important task you have. One piece of good news is that the percentage of smartphone theft has decreased over the past few years thanks to the increased number of “kill switches” that make it harder to wipe and resell them. If your device is lost or stolen, tracking apps can tell you the location of your device. These types of apps can also let you wipe your sensitive or business data remotely. A remote wipe is similar to a factory reset; it erases all the data on a smartphone or tablet.
  8. Consider Antivirus For those of you who are Android users, it’s highly recommended to protect your mobile data with security software. Not only do these apps protect your device from viruses and other malware, but it will lock down your privacy settings, scan apps and files for threats, and some solutions can snap a photo of someone attempting to log into your stolen phone via the front-facing camera, and send the image to you.
  9. Data Backups Backing up data on your smartphone or tablet is relatively simple and it is something that should be done in the event the device is stolen, lost, or simply stops working. By using automatic online backups stored in the cloud or backing up data by syncing your device to your PC or office network are good options to help secure your device.

Regardless of which smartphone you use, it’s critical to prevent your personal (and professional) information from falling into the wrong hands. Even if your device isn’t lost or stolen, your data could still be accessible by a remote thief if not properly protected. No system or protective measure is completely foolproof, but the steps outlined above will make your device much safer.

IF you Recognize these Signs, THEN it’s Time to Outsource your IT

/in , , /by

It’s Time to Outsource your IT!

Do you Recognize these Signs?

Small business owners have to keep their budgets tight. It’s a fact of life. In today’s competitive world, decisions become difficult when it comes to hiring specialized positions – especially within IT departments.

IT is such an important topic because of the critical need to keeping your organization running efficiently and safely. There are technical challenges to overcome. For example, have you determined what hardware and software best fits your business needs? How will you manage all of this internally? Are you prepared to handle a data security breach?

When it comes IT support, it may seem advantageous to hire an IT Manager or CTO internally to maintain tight control over these functions. However, keeping these functions in-house may not be the best option for your budget.

According to recent research by CompTIA (the IT Industry Association), the most proactive approach is turning to a managed IT service provider. By doing so, your costs can be reduced by nearly 50%. Since managed IT service providers offer certified engineers with a wide range of capabilities, studies show that they will outperform your in-house team at a lower overall cost. Discovering this after an issue arises could put your organization at greater risk.

Take a look at our tips on when it may be time to begin outsourcing your IT:

  1. Staying Focused on Your Priorities. By outsourcing your IT you will be less likely to be sidetracked putting out fires. You can focus on priorities such as supporting your customers without having to deal with interruptions like trouble-shooting software, hardware, network, or user issues. There are major issues that can occur such as a breach to your firewall which threatens data, or your VPN failing, or disruptions in your VoIP phone service. Ask yourself, are you really prepared to handle these issues? And why would you want to? Offloading your IT support and leaving it in the hands of ‘experts’ will save you time, money, and frustration.
  2. Cost Management. Keeping an office running efficiently and safely with just one full-time computer expert on your staff is nearly impossible. The average help desk or systems admin personnel expenses can quickly add up to big dollars especially when you have to keep certifications current and training up-to-date. The main reason to outsource IT is to lower your costs by only paying for what you need, when you need it.
  3. The Need For Reliable IT Experts. The world of technology is always changing. If you don’t currently have the proper IT resources available, the symptoms of an IT problem may be bandaged but never addressed at the root. This leaves your technology in a break-fix cycle that is never ending. Having an outsourced IT provider will give you peace of mind and expert guidance. Your dedicated Managed IT Services Provider will understand your environment, make appropriate recommendations, and manage your infrastructure to avoid frustration, lost time and wasteful spending.
  4. Offloading Security Worries. There are many areas of IT security that challenge business owners. There is spam filtering, virus scanning, firewall management, data backup, and more. These tasks can be overwhelming and deciding what to do first can be confusing. By putting all of this in the hands of a managed IT service provider, they will have the time, talent, and resources to handle it. They will have the familiarity with the best tools available, and the experience to prioritize the tasks for you. Shifting the burden to meet standards and security requirements for your organization will allow you to sleep at night.

Bryley Systems has 30 years of experience taking the worry off of our clients’ shoulders and effectively managing IT environments at a predictable cost. For more information about about Bryley’s full array of Managed IT Services, please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Bryley Basics: Purchase Windows 10 with new PCs and laptops

/in , , /by

We keep having the same conversation with clients over and over again, especially those who are buying new computers: What Windows version should I deploy?

If you are purchasing new computers for your organization, please consider installing Windows 10. We have clients who still want us to install Windows 7, however, that operating system will be end of life January 14th, 2020.  What that means is that Microsoft, after 1/14/2020, will no longer provide security updates for Windows 7, such that your computer will be more susceptible to getting malware and your organization will not be compliant. In less than 3 years, you will have to upgrade the operating system of that computer, which involves additional labor costs, software licensing, and employee downtime.

Note: We didn’t forget about Windows 8.1, but we find that a lot of distributors no longer stock computers that have Windows 8 (8.1) pre-installed. It also seems to be another operating system (remember Vista?) that Microsoft “abandoned” since it was only around for 3 years, making it one of the most short-lived operating systems.

Prior to installing Windows 10 on new computers, we will need to find out if current applications are compatible with the new operating system. With the name of the application and the version, we should be able to verify compatibility by searching the Internet and then verifying with the manufacturer directly.

For more information, please visit “Migrating to Windows 10 – Now, Later, or never,” from the August 2015 issue of BITs (Bryley Information and Tips).

Making this type of transition isn’t always easy, but we are here to help; please reach out to us at 978.562.6077 or email ITExperts@Bryley.com.

 

How Bryley becomes an extension of you…

/in /by

Bryley has something pretty special that seems to be missing from many other IT Companies.

It’s not about the number of Microsoft Experts we employ or the multiple Product Certifications they hold across company departments (but if you ask, we have those too). What we have that’s different is hard to measure, even though it can be designated in numbers. 5 years, 10 years, even 20 years! These are numbers that you’ll see from not only our long-term clients, but also our employees!

I have worked at Bryley full time for almost 8 years, much more if you count the years when I worked as an intern throughout High School and College. Many of the clients that I interact with are the same ones whose records I used to file away as an intern more than 10 years ago. We’re not interested in adding clients and employees for a year and then parting ways as friends. We’re looking to build relationships with you, both personally and professionally, so that together we can grow and succeed.

As a result of our long-lasting relationships with our clients, we are better able to address the technical issues they experience. We learn customized details about a company or user and create Client-Specific Documentation that allows a quick resolution for both Bryley and the end user. Sure, we could swoop in, fix something easily and be heralded as a hero for the day. But we prefer to go above and beyond the mere fix.

We enjoy being able to teach our willing clients what we’re doing. This reduces the urgency and the sometimes overwhelming stress that comes with a computer issue or technical request. End users can sometimes resolve issues on their own using the documentation we provide, lessons learned from a remote session, or just by receiving a few screenshots from one of our techs. The satisfaction and often faster resolution the client gets from fixing their own problem, well… that moment goes a little further than a Superman cape for an afternoon.

Our team has grown over the years and in that time the Tech team has learned how to best take care of our clients. The process starts with me: “Hi! Michelle here!” Whether you call in, send an email, or enter a ticket on our Bryley Portal, you will most likely get your first response from me. During this initial intake I obtain as many details about the issue as I can from you – the client. The information I gather includes a detailed problem description, screen shots, symptoms, and passwords. Then, I will have you install Kaseya, our remote access tool. If time permits, I may even remote in right away and see for myself what’s going on. In a perfect world, and if the problem is easy enough, I’ll take care of it right then and there for you. If I can’t, all the details of my call with you will be entered into your service ticket, and I will schedule a tech to remote in or go onsite to resolve the issue. My objective is to make life that much easier for you – and for our Techs, too.

We believe that our company’s long-term success – we’re celebrating 30 years in business – lies in our ability to strengthen and support this network of relationships in a way that advances the best interests of everyone. Bryley specializes in more than just IT support. We provide a broad range of Managed IT Services and Managed Cloud Services. We’re committed to understanding you and your business needs before recommending or implementing a solution. Our ultimate goal is to provide the highest quality technical and strategic computer support after taking your unique business needs into consideration. Our approach is simple. We strive to earn your trust and we value our clients – you.

To see how our tech team can help your organization, email us at ITExperts@Bryley.com.

Making Working Remotely Work

/in , , /by

By Lawrence Strauss, Strauss and Strauss

Working remotely is trending. Yet, according to the American Community Survey, while telecommuting dramatically rose 79 percent between 2005 and 2012, telecommuters made up only 2.6 percent of the American work force; a pretty small percentage, and the true number is difficult to really get a handle on, as organizations have been shown to count answering emails after hours as working remotely.

What is generally understood as working remotely is working at least three days of a work-week from a location other than at an organization’s offices. People invested a lot of the last 130 years building our city-filled offices and suburban office parks, but no one foresaw today’s 94 percent broadband access to the internet; the world is now suddenly different.

“The seat of the pants to the seat of the chair,” was how Sinclair Lewis characterized the art of writing 100 years ago, but it may as well describe how to accomplish much of what we do today, whether it’s writing a manual or code, bookkeeping or administration, designing in Photoshop or AutoCAD. Global Workplace Analytics finds that 50 percent of the work-force holds jobs that are at least in-part compatible with remote work. So who cares the location of the chair?1

Workers care

Working from home eliminates the often tense and costly daily commute of almost an hour a day on average. Working at home means when you have a break, you can do things that would not seem to fit or be possible at the office, like weeding your garden or playing piano. Teleworking with flexible hours may make it easier for workers to balance their work and family responsibilities. Workers appreciate the ability to schedule their lives around their work rather than the other way around. (Studies have shown some place a greater value on flexibility than career advancement.)2 Also working alone helps people avoid office gossip and politics, and enables them to focus on their tasks and be more productive.3 In a 2013 study of a Chinese travel company, Ctrip, employees who were allowed to work remotely were more satisfied with their jobs and less likely to leave.4

On the other hand, “the absent one is always wrong”, goes a French proverb. And there is common sense wisdom to this: out of sight, out of mind. How much takes place in the little interactions between co-workers day-to-day? How does telecommuting affect collaboration? How does a remote worker feel engaged and motivated? Do projects get assigned to people who speak up because they are there? And do doubts nag at the telecommuter that what he’s contributed is being really understood and valued?

Organizations care

In 2007 Jack Welch, former CEO of GE, critiqued telecommuting as diminishing face-time, which he argued made it difficult for managers to see “how calm you stay in a PR crisis, how decent you are to new employees … how much you sweat during a tough deal, and how hard you work on a deadline without bitching and moaning.” In 2013, Yahoo! ended the possibility for employees to work remotely. Best Buy quickly joined the group of companies banning telecommuting.5 And there was a flurry of others, too, including Aetna last year. Unlike GE, though, these moves seemed a desperate reigning in of perks from companies in trouble, making it akin to the business adage, “nobody ever made a profit by cutting costs;” the way an organization treats customers, vendors and employees is revealing of the state of its health.

But in an echo of Jack Welch, when Yahoo! ended its work-at-home perk, then-Google CFO, Patrick Prichette, had this to say about the subject, “how many people telecommute at Google? as few as possible … there is something magical about sharing meals … about spending the time together, about noodling on ideas, about asking … ‘what do you think of this?’ these are [the] magical moments that we think at Google are immensely important in the development of your company, of your own personal development and [of] building much stronger communities.”

Conversely nearly 25 percent of employees work remotely at least part-time at UnitedHealth Group. UnitedHealth internally studies flexible work options to determine ROI. Heather Lemke, Vice President of Talent Acquisition, says their data shows “telecommuters have high quality performance, a low turnover rate and increased employee satisfaction.” As of 2015, 80 percent of companies offer some kind of flexible work options; notable leaders of work-at-home options include IBM, Dell and Deloitte.6

So businesses take different tacks on the telework issue. And maybe like the individual workers themselves – some of whom take to working remotely and others of whom want the routine and environment of the office – organizations are also not all the same, and what works for some, does not work for others.

Best Practices for the Organization

So let’s say you’re a business manager considering offering work-at-home options to your employees, how do you make it work?

Technology makes it seem so possible … what was inconceivable a generation ago, today we take altogether for granted. And we get annoyed if our instant connectivity does not work without a hiccup; and of course it’s all private and secure. And anyway, who would be interested in what I send? This thoughtlessness or naive vulnerability, makes for easy pickings for criminals, like walking a city alley alone at night. So the first thing that needs to be addressed is, how do you make sure working remotely will be secure? An IT professional, such as Bryley Systems, can get you set up fully and correctly; following are some commonly found compromises and defense strategies.

To secure your business and employees, the first protection is education. The vulnerabilities most associated with remote work are malicious Wi-Fi connectivity, malware and lost or stolen devices.

In early 2016, a survey of 882 IT professionals reported that 24 percent of mobile devices used in their organizations had connected to a malicious Wi-Fi hotspot in the past, while 39 percent said those devices downloaded malware.7

Open, unsecured (or shared password) Wi-Fi networks, such as are common at hotels, libraries and coffee shops, can pose threats, especially if the employee passes confidential data like log-in or credit card information over that network. In such cases, the employee is opening himself up to man-in-the-middle (MITM) attacks, in which a hacker can place himself between the two connected devices and steal information.

It’s ideal for the employee to avoid such networks and instead use his home Ethernet connection or his own mobile Wi-Fi hotspot for access. But, for open Wi-Fi network circumstances, an organization should have a Virtual Private Network (VPN) in place, to which a mobile device connects directly, and through which the employee connects to the internet or organization’s server.

Cloud services can help an organization keep a high level of security. A Managed Cloud Service Provider (like Bryley Systems) can encrypt the data transmitted from remote locations to the organization’s intranet. Also encrypting company data on the remote device is an encouraged best practice.

Malware (which can steal sensitive data, among wreaking other havoc) is not all that different for remote workers or workers on site. It is mostly delivered via email or web links that look to come from a trusted source, but are anything but harmless. Training is critical to cut down on malware incidences. Best practices also include the separation, by partitioning, of company data from personal data, a feature associated with PCs, but also available now on many phones.

Also mobile devices can get stolen or lost; which means data can easily fall into an outsider’s hands if the devices are not secured properly. Employers must know the technical details about each of their employee’s mobile devices. Organizations need to establish policies about how employees can tell the company or its IT provider if the device is lost or stolen. The organization or its IT partner must know how to disable the device and turn off all applications and/or force password resets – and be able to respond immediately when a breach is detected. The organization must also inquire of the employee about so-called Shadow IT, unauthorized applications that may have seemed helpful, but circumvent the managed network, such as unauthorized Google Drive or Dropbox accounts.8

Relatedly, sensitive data should be wiped from employee devices when the employee leaves the company. Unwiped data can be stolen by unauthorized parties, risking the organization’s and its customers’ data.

The organization must also establish exact protocols for working. How will information be shared between the telecommuter and the organization? Who has authorized access from a remote location? Detail exactly the network protocols to be used. Is the remote worker using a company-supplied device? Or does the company allow/expect the employee to Bring Your Own Device (BYOD)? Is he/she using more than one device to access or communicate with the organization? By what means? Emailing? And with attachments? Chat? Through Project Management software? If so, is it intranet- or internet-based? Texting? FTP? All these must be secured.

Best Practices for the Employee

If you’re an employee being given a work-at-home option, how do you make it work?

To combat “out of sight, out of mind”, and the lack of collaboration opportunities, as a remote worker, you have to establish your presence in other ways. Communication becomes especially critical for you: How will you do it (subject to the protocols allowed by your employer)?

First, it may be a requirement of your company that you work set hours, but part of the appeal of working at home is the flexibility to address family needs. If you are granted this flexibility, it is a good idea, so that you feel part of the team, to get in on the real-time conversations, by working some of the same hours as your co-workers.

Project Management Software may be part of your business’ routine communication. If so, you’ll definitely rely heavily on it not only to communicate your progress, but also to stay in the loop about the burdens team members are dealing with, so you can be supportive, and part of the team.

Email is probably the easiest form of communication between co-workers; emails are also easily misunderstood – people do not read emails carefully. And though emails can do it, they are not a great way to disseminate long items (attach longer documents as PDFs so that they can be printed with formatting that’s comfortable for reading).

Try instant messaging or chat for real-time communication and leaving communal messages. Get face-time with team members by video chatting or conferencing.

Because you’re on your own, it’s easy to feel overworked and underappreciated. So take it on yourself to measure your productivity. Set goals, track your hours, and review yourself critically to know how much you are getting done.

Get to know your co-workers. Read their social media pages, ask personal questions. It’s easy to throw people you don’t know under the bus. Be physically involved, too. Attend any non-work events. Visit the office as frequently as you can.9

Work It

Like the seeming knee-jerk reaction of companies in trouble that suddenly withdraw the work-at-home benefit, one of the problems is sometimes businesses offer work-at-home, while fostering a culture that maltreats those who make use of the program. Is telecommuting a new vacation days benefit in a business culture that counts it as a badge of honor the number of your days you leave on the table? Why else did Americans leave an average of 9.2 vacation days unused in 2012?10

But there is frequent evidence that says not many really believe in allowing people to do their work off-site. And with some reason, in the Ctrip study it was found that the longer people were teleworking, the less grateful they were for the privilege. And so, the employees initially worked extra hard out of that gratitude, but that diminished as the out-of-the-office routine became more routine. Some workers have been shown to be cavalier with protocols made to keep an organization secure. Being on your own is a privilege.

So here is an even older principle than the Industrial Revolution model of clocking in at an office: both partners to the remote work arrangement ask themselves continually if they’re acting as they would want to be treated.

1 “Telecommuting Statistics” – globalworkplaceanalytics.com

2 “Are Telecommuters Remotely Good Citizens? Unpacking Telecommuting’s Effects On Performance Via I-Deals And Job Resources” – researchgate.net

3 “Working From Home: A Work In Progress” – hbr.org

4 “When Working In Your Pajamas Is More Productive” – nytimes.com

5 “Best Buy Cancels Telework Program” – networkworld.com

6 “Remote Work Is Here To Stay And It’s Good For Business” – entrepreneur.com

7 “One-Fifth Of IT Pros Say Their Companies Had Mobile Data Breach” – networkworld.com

8 “Dude, Where’s My Phone? BYOD Means Enterprise Security Exposure” – networkworld.com

9 “Working Remotely? Here’s How To Do It Right” – success.com

10 Harris Interactive, per “Relax, You’ll Be More Productive” – nytimes.com