Up Times • Nov. 2025

Up Times

by Bryley · November 2025

It’s a frog life.

First frogs first – Go back to the foundation of the internet and it’s just engineers and tech nerds communicating and sharing mundane things. As Steve Gibson explains the internet wasn’t made securely because there was nothing there worth securing. The originators didn’t foresee the internet’s use and criminal abuse or they would have made it differently.

Today the majority of organizations say they are adequately prepared for the variety of criminal attacks like Business Email Compromise and ransomware that come our way thanks to the internet. But on examination, organizations’ preparedness turns out to be overstated¹.

Meanwhile … criminals (many protected by governments that are after destabilization) spend their working lives planning and executing attacks (for plain evidence about superficial cybercriminal activity check your inbox and spam folders for phishing attempts). Does this not require a well-matched response?

And how do you do that? Here’s a good place to start: MIT Sloan’s Building a Model of Organizational Cybersecurity Culture shows that meaningful security depends on managers exhibiting the behavior they want; the researchers refer to this as the critical influence. So though multifactor authentication (MFA) feels like an imposition – like another interruption in your busy day, if your employees see you avoiding pro-security decisions, it’s difficult for them to take security seriously. Usually they’re not being defiant; they’re mirroring your actions – actually looking for your approval by acting like you do.

So add MFA wherever you can. It can be less of a burden with a Single Sign-On implementation.

Maybe you’ve heard to “eat the frog” first thing in the morning, that is, do the most unpleasant thing first. Cybersecurity may just be the mother of all frogs. Who put cybersecurity on the agenda? It’s been imposed by people who would want to cause us harm. It’s not fair that you have to invest your resources in protecting what you value while most criminals act without legal consequences. It’s a serious injustice against the people creating something of value.

^{1 cyberinsurancenews.org/cybersecurity-readiness-2025-cisco-report/}

What does it take to circumvent good sense?

Confidence, clothes, hand-tools, a truck, intimidation and seven minutes were enough to steal the French crown jewels. What would it take to steal your organization’s assets?

Lessons from the Louvre

Take-aways to apply to your cybersecurity

On Sunday, October 19, 2025 at 9:30 AM four criminals approached Paris’ Louvre Museum and left seven minutes later with eight pieces of French royal jewelry containing 8,000 stones set in gold.

When these thieves targeted Napoleon-era crown jewels, they were exploiting specific vulnerabilities.

What in your organization is equivalent to France’s crown jewels? Meaning, what is most important? Is it your literal money in the bank? Is it advancements you’ve made in research and development? Is it your client data? What are you aware of that would make these vulnerable to theft? [10 min. read; audio available] Continue Reading >

Download the PDF report immediately, without obligation

Looking at the cost of outsourcing IT

Outsourced IT costs depend on your business size, industry requirements, current infrastructure, and growth plans.

For instance what works for a regulated business might be overkill for a startup, while a low price may mean unwanted gaps in protection.

It makes sense that many business managers focus on price during their search for an IT provider. This guide can help you have a productive conversation about pricing … [6 min. read] Continue Reading >

Sometimes less is more. Privacy isn’t everything, but a good place to start.

What’s privacy got to do with it?
That data breach notification that arrived reflects a criminal act that leads to further criminal exploitation of the data

Consider Cory Doctorow’s proposal that pursuing better privacy is a good first step to, among other things, our data security; he shares a litany of across-the-political-divide issues that can be quieted by better privacy protections.

The less data allowed to be collected, the less chance that the data is lost.

And this isn’t only about demanding better data collection by insurers or health care providers, good data governance is a key strategy in your own organization. Deleting records that are no longer pertinent or required by regulation cuts your liability … [5 min. read] corydoctorow.medium.com

Peace on earth? (Above is an old NASA model.)

Beneath the surface
Why internet privacy is so elusive

A handful of international bodies review and approve the major protocols and rules that allow the internet to function as it does today, Roger Grimes writes. To that list you should add vendors who make the software and devices that run on and connect to the Internet; vendor consortiums, such as the FIDO Alliance; and many other groups that exert influence and control. Expect that these groups will reach any agreement about securing the internet?

But, Grimes explains, the biggest impediment to getting the internet secure is that all governments want to be able to surveil us.

Meaning, lousy as it is, the job of our security is and will remain squarely on each of us … [4 min. read] csoonline.com

Careful what you tell chatbots.

Again with the leaking?
ChatGPT chats show in Google Search Console

Two months ago ChatGPT said they were on it – limiting a “share” function that made private chats visible on Google Search. And now, there are new evidences of ChatGPT data leakage. One leak showed an office manager sharing confidential business information in a draft of a return-to-office memo. There were other personal data leaks.

It’s another reminder to:

Set or review your AI-usage policies — employees may not understand the risks
Treat free AI tools like public forums — assume what’s input could go public
Consider enterprise AI solutions with proper data protection (Bryley can help set you up)

[6 min. read] arstechnica.com

This summer a surge took the entire Iberian peninsula and beyond into a blackout.

Taking the world into their own hands
Volunteers try to make the internet resilient
Surely governments around the world have well-oiled plans in place to deal with catastrophic internet outages? They don’t appear to, says Valerie Aurora of the independent, non-profit Internet Resiliency Club.

This Amsterdam-based group is trying to avert a connectivity disaster. Seeing their approach – including alternatives to cell phones. Bryley can help with your own Incident Response Plan … [9 min. read] newscientist.com [paywall]

“Can corporations [have their chatbots answer in the inclusive, first-person plural, we] to subtly make people identify with, and not in opposition to, them?” Vara asks. ChatGPT replies, “Absolutely.”

Let’s make a deal
What’s the exchange rate for all the content people have put on the internet and in books?

In MIT’s Technology Review Rebecca Ackerman explores three books on human-AI interaction. Technology companies are making big societal promises – while seeming to gift chatbots and image generators – but at what benefit? At what cost?

Humans are not going to stop using technology, writes Ackerman. to help us create anytime soon – and there’s no reason we should. Machines make for wonderful tools, as they always have. But when we turn the tools themselves into artists and storytellers, brains and bodies, magicians and ghosts, we bypass truth for wish fulfillment. Maybe what’s worse, we rob ourselves of the opportunity to contribute our own voices to the lively and loud chorus of human experience. And we keep others from the human pleasure of hearing them too … [7 min. read] technologyreview.com [paywall]

^{Note: The section directly above is Bryley’s curated list of external stories. Bryley does not take credit for the content of these stories, nor does it endorse or imply an affiliation with the authors or publications in which they appear.}

Get Up Times, useful tech news by New Englanders in Your In-Box

Subscribe to Up Times, the monthly New England-centric technology newsletter.
Up Times covers:
- Trends in New England tech
- Security tips you can implement now
- Updates on regional and national laws and compliancies
- IT-related developments
- Networking and cybersecurity challenges New England business managers are facing

In continuous publication since 2000, Up Times arrives monthly in your email box.

"I was overwhelmed by non-billable IT workload that comes with running a business. Enlisting Bryley's services have allowed me to focus on more of growing my business. Their responsiveness is top shelf and their employees are dedicated to customer satisfaction. 10/10 recommend exploring whether Bryley can be of service to your business"

—KM, Mass manufacturer

Think Bryley might be right for your organization? Let's find out!

Call (978) 562-6077 or arrange a no-obligation consultation.

NO-OBLIGATION CONSULT

Central MA Office

200 Union Street Clinton, MA 01510

Call

(978) 562-6077

Email

ITExperts@Bryley.com

Per-device features	Basic	Pro*
Response to network-critical issues	Within four hours. Same Day, as the situation requires	Within four hours. Same Day, as the situation requires
Response to non-critical issues	Within eight hours. Same Day, as the situation requires	Within eight hours. Same Day, as the situation requires
Performance optimization	Included	Included
Security optimization	Included	Included
Monitoring and alerts	Included	Included
File and patch updates	Included	Included
Reporting	Included	Included
Administration	Included	Included
Reliability optimization	Partial	Included
Software issues	Partial	Included
Hardware issues	Partial	Included
Network issues	Partial	Included
PC imaging		Included
On-site response		Included