What you need to know about the OneLogin Breach

OneLogin, a single sign-on service that allows users to access multiple sites and applications using just one password confirmed on June 1st that its systems had been breached and login information had been exposed. According to the firm, this breach affects “all customers served by our US data centre” and the hackers had “the ability to decrypt encrypted data”1. This is the second time within the past year that the firm had its security breached.1

So, how can you protect your data from a breach? One way is to have two-factor authentication, which is a method used to confirm a user’s claimed identity by utilizing a combination of two different components, generally something you know with something you have. For example, when you withdraw money from an ATM, only the correct combination of a PIN (something you know) with the bank card (something you have), will grant the transaction to take place.

One of the safest ways to ensure your data is protected is to encrypt it before placing it in the Cloud or with a single sign-on provider, such as OneLogin. Provided your encryption key has not been generated from a simple password, your data will be protected from any breach to your provider, as the provider does not have the password to gain access to your information.

It is vital that one stays vigilant when it comes to protecting your passwords and data. Even the most difficult password can be deciphered if given enough time. Therefore, it is important to regularly change your passwords and ensure they are strong. We have more information on the Do’s and Don’ts of Password management on our blog.

For more information on password and security, connect with Bryley’s cybersecurity experts by calling us at 844.449.8770 or emailing us at ITExperts@Bryley.com.

 

1 Fiveash, Kelly. Ars Technica. “OneLogin suffers breach – customer data said to be exposed, decrypted.” June 2017.

BBC News. “Password manager OneLogin hit by data breach.” June 2017

 

WRCC Ambassadors on the Move — Tower Hill Botanic Garden

The WRCC Ambassadors visited Tower Hill Botanic Garden in Boylston, MA on May 3rd. Gavin Livingstone, President of Bryley Systems, is the Chairman of the WRCC Ambassadors.  He is pictured in the front row, 3rd from the right.

Joann Vieria, Director of Horticulture, was our host. She provided some information:

  • Tower Hill is located on 132 beautiful acres with two, large (4000sq’) greenhouses, an education center, outdoor gardens with fountains, walking trails, and views of Mount Wachusett and the Wachusett Reservoir.
  • Core values include:
    • Learning
    • Stewardship
    • Sustainability
  • It was founded in 1986 by the Worcester County Horticultural Society, which originated in downtown Worcester in 1842.
  • Tower Hill hosts indoor and outdoor events and programs year-round, from weddings to flower shows to Tai Chi to gardening classes.
  • It has several, pet-friendly times, permitting leashed-pets and their owner access to walking trails during specified, non-peak hours.
  • Tower Hill is volunteer-oriented; volunteers maintain the grounds, man the receptions areas, and present educational programs with only seven, permanent, grounds-based staff.
  • Affordable memberships start at $25/year (Student) and include access to facilities and most events.

Why Backups are Critical in Fighting Ransomware

Ransomware – usually Crypto Locker and its variants – is a form of cyber-malware based on encryption software that seeks payment (ransom) to undo the damage; when infected, the malware typically encrypts all data files, rendering them useless until the ransom is paid.  (Encryption software scrambles a files’ contents and creates an encryption key, essentially a code used to reverse the process.  Unless you have this key and the encryption software, the files remain unreadable.)

Recently, hospitals and police departments have become victims of ransomware.  Hollywood Presbyterian Medical Center was forced to pay a $17,000 ransom in bitcoin to regain control of their computer systems and after repeated attempts to decrypt their data, the Tewksbury Police Department was forced to pay the $500 ransom.

Other than paying the ransom, which is risky and not recommended since it potentially makes you more of a target in the future, the only way to thwart ransomware is by restoring the corrupted files through a backup that was created before the infection.

A properly planned and implemented backup process is vital since data stored on a network server represents many hours of effort over time, making it impractical and usually impossible to recreate.  A properly functioning, multi-point-in-time backup is necessary to provide restoration under these and other scenarios:

  • A server fails
  • A file is deleted
  • A template is written over
  • An application upgrade fails and must be restored
  • A document is inadvertently changed and saved by a user

A backup should be a complete, recoverable copy of not just data, but the entire server/network environment.  It should have these properties:

  • Sequenced over many days
  • Complete image
  • Offsite storage

If you’re ready to get serious about protecting your business data, select a talented Managed IT Services/Managed Cloud Services company, like Bryley Systems, to help you double-check your IT infrastructure, recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent data loss. Please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.

Bryley’s Prestigious Channel Partners 360° Award Travels the U.S.

After being honored as one of 25 recipients worldwide, our prestigious award is traveling the U.S. in celebration – being one of the most sought-after in the industry of technology solutions.

About Zion. Zion is both the oldest and the oldest national park in Utah. It was the state’s first federally designated park (1919), and it shows off the oldest geologic layers this side of the Grand Canyon (~150m years old). It’s also Utah’s most visited national park, drawing 3+ million visitors annually. (including Awards)

“Bryley Systems works toward continuous improvement; we strive to manage, optimize, and secure our client’s information technology, which brings substantial business benefit and value to their organizations. Our team-focused, best-practices-oriented approach, coupled with high-value/low-risk service options, enables us to provide our clients with Dependable IT at a Predictable Cost™. We thank Channel Partners for this prestigious Channel Partners 360° award!”                    

    – Gavin and Cathy Livingstone, Co-Owners, Bryley Systems, Hudson, MA

Why are people so against paying for IT Support?

I’d be rich if I had a $5 dollar bill (inflation) every time I heard:

  • “My son/daughter/niece/nephew (pick one) who is only 2/4/6/8 (pick one) years old was able to solve my computer problem; why do I need you?”
  • Lisa, a senior VP in our marketing department, handles our IT.”
  • “I’m moving to the Cloud, so I won’t need IT support.”
  • “I looked up the answer on Google; it was easy to fix.”

Sure, anyone with technical interest and aptitude can address IT-support issues, particularly those at the lower, end-user level (comprised of printers, computers, and mobile devices).  Many organizations have that one Lisa/Joe/Patty who helps with IT-support issues (in addition to working their full-time job) or is the dedicated IT resource within the organization; they feel it is cost-effective to have an internal IT person or an IT department, often citing the need for a warm body onsite who can respond instantly, particularly when the President can’t sync her iPhone.

However, IT is a complex field with many moving parts; it is difficult to be proficient, let alone expert, in all areas.  For example:

  • Lisa designed the computer network to be reliable, secure, and robust, but is overqualified (and not cost-effective) helping someone print a document.
  • Joe can change toners, but does not know what to do when the Internet is down; especially troublesome when your primary application is Cloud-based.
  • Patty configures Windows desktop computers and iPhones for employees, but cannot verify that the firewall is doing its job.

Basically, IT is a multi-facet discipline; successful IT support personnel have:

  • An understanding of the components (desktop computers, mobile devices, servers, firewalls, routers, Cloud, etc.) and their interdependencies.
  • A step-by-step troubleshooting mentality that works well under pressure.
  • A willingness to stay current with constantly changing and emerging topics.

IT is an expense, but also an enabler; it is usually fundamental to an organization’s success, often representing an opportunity to get ahead of a less-savvy competitor.  Given the breadth of technology options and the potential to develop new business or reduce costs, more organizations trust (and outsource) their critical IT functions to a Managed IT Services Provider (MSP) or a Total IT Services Provider (TSP).

Truly effective MSP/TSP companies are dedicated to remaining IT savvy while focused on the business requirements and concerns of their clients.  These companies share similar characteristics:

  • A broad, experienced service team with varying levels of competence:
    • Technician (Level-1) – End-user oriented and experienced in the devices common to end-users: Mobile devices, PCs, MACs, printers, scanners, and the like.  They should work well with others, be experienced in end-user operating systems (Microsoft Windows, Google Android, MAC iOS), and have excellent troubleshooting skills.
    • Engineer (Level-2) – Network-device oriented and experienced in Cloud, servers, virtualization, Ethernet switches, firewalls, routers, Wireless Access Points, and other network devices. They must be good troubleshooters and understand network-level IT components.
    • Consultant (Level-3) – Implementers of Cloud-based solutions and local and wide-area networks. Social skills are expected; business skills are a must.
    • Chief Technical Officers (God-level) – Architects of Cloud-based/ hybrid-Cloud solutions and wide area networks. They must understand the technical functionality of all of the moving parts, while keeping the business needs and consequences in clear focus.
  • A proven, capable management team that can focus technicians, engineers, and consultants on the tasks at hand while preparing them, skill-wise, for an ever-changing world.
  • A defined set of business-oriented processes designed to manage, optimize, and secure (coincidently, Manage ● Optimize ● Secure is our tagline) their client’s network environments. These processes are not static, but tend to be ever-evolving and striving toward proactive automation and perfection.

In sum:

  • IT is a complex, changing discipline of multiple levels,
  • IT can enable new opportunities or reduce costs,
  • IT can make or break an organization, and
  • MSPs/TSPs can maximize your IT potential!

If you are looking for a business partner to help you navigate the ever-changing technology and cybersecurity landscape, we’re here for you. For more information about Bryley’s full array of Managed IT Services, Managed Cloud Services, and Cybersecurity Services please contact us at 978.562.6077 or by email at ITExperts@Bryley.com.

Lights…Camera…Action!

Main Street in Hudson was quite busy with production and film crews working hard from the early morning hours until late in the evening for a few days in early May. During the filming of an upcoming movie starring David Spade, in “Who Do You Think Would Win”, downtown Hudson was bustling with excitement – and all the action was just a few doors away from Bryley Systems.

What you need to know about the “WannaCry” Attack

On Friday, we learned that hackers had exploited malicious software stolen from the National Security Agency (NSA) and held many organizations’ data ransom. As of this morning, it is estimated that this cyberattack was felt by approximately 200,000 organizations in 150 countries including Britain’s hospital network, Germany’s national railway, “computers that run factories, banks, government agencies and transport systems in scores of countries, including Russia, Ukraine, Brazil, Spain, India and Japan, among others… Russia’s Interior Ministry and companies including Spain’s Telefonica and FedEx Corp. in the U.S.”1

While the exact scope of the damage is not fully known, it does appear to be the largest cyberattack on record. These cybercriminals demanded $300 in the beginning and later increased it to $600 before destroying the files hours after that.1 While the ransom amount won’t necessarily bankrupt a company, it is also no guarantee that a company will have its data returned or unlocked, which can have more dire consequences.

There are several steps you can take to avoid becoming the next victim:

  • Immediately update both desktop and Windows systems with the Microsoft patch MS17-010.
  • Do not open links sent from unknown sources. If you need to open a link, scan it for malware first.
  • Backup your files. It is always a wise decision to regularly backup your files to ensure your business can continue to function.
  • Keep your systems up-to-date. It is vital to check for updates on your machines to catch any vulnerabilities and perform patch updates.
  • Educate your users. They are the first line of defense against an attack so it is imperative that they are able to identify potential phishing scams and fraudulent emails.

These are but a few of the “Best Practices” that can be employed to safeguard your data and business. If you’re ready to protect your organization, it pays to work with a Managed IT Services/Managed Cloud Services company, like Bryley Systems, to ensure that you’re taking the right steps. Bryley will recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent data loss.

Please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.

 

  1. Associated Press. “Monday morning blues as ‘WannaCry’ hits at workweek’s start.” May 2017.
  2. New York Times “Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool.” May 2017.

Team Bryley to participate in the Boston Brain Tumor Ride

On Sunday, May 21st, a few Bryley employees will ride in a family-friendly bike ride to help find a cure for brain tumors. Brain tumors are the leading cause of cancer-related deaths in children 0-141. By participating in the Boston Brain Tumor Ride, Bryley employees are taking a stand in the fight against brain tumors.

Bryley’s own Jessica Giunta, Marketing Specialist, has been an active committee member assisting with numerous events and fundraising efforts for the National Brain Tumor Society since 2014.

1 American Brain Tumor Association

What Can we Learn from the Netflix Leak?

Netflix was in the news recently for a mishap with its production company. A cybercriminal that goes by the name “thedarkoverlord” was able to breach postproduction company Larson Studios, and has claimed to have “stolen unreleased content from ABC, Fox, National Geographic and IFC.”1 After Netflix refused to pay the ransom, the cybercriminals released the first 10 episodes of Season 5 of “Orange Is The New Black” on Friday, April 28th via Twitter. When they did not receive the desired response (payment), the released the remaining nine episodes of the season the following day.1

This is the latest high-profile breach in the past year (LinkedIn, Twitter, IRS just to name a few). According to a report published by Verizon, ransomware attacks have “increased in the past five years and were up 50 percent in 2016 compared with 2015…”1

This breach is a reminder to stay vigilant and maintain your safeguards. Here are some tips on how to avoid finding yourself in this type of predicament:

  1. Create a Firewall. While most operating systems come with their own firewalls, they are typically only designed to protect one machine. To protect yourself from attacks and malware, it is best to invest in a network firewall.
  2. Encrypt Your Data. A firewall is considered the first line of defense, encrypting your data provides that extra layer of security. You do not want them to be able to through the firewall and have easy access to your proprietary information.
  3. Have Policies in Place. You can have all the devices and systems in place, but if your employees are not well-versed in their roles of protecting the data, all your effort will be for not. Instead, make sure employees know how to treat the data and the steps they need to take to avoid any potential issues. One of the core policies that should be implemented is a password policy. Employees should be prompted to change their password a minimum of every 90 days (less depending upon your industry). Passwords should be complex and include numbers, letters, and symbols.
  4. Have a regular review of your infrastructure. You go to the doctor for regular checkups, you should do the same for your company’s infrastructure. It can often be difficult to do on your own as you may not have all the knowledge and expertise or the bandwidth to conduct a proper evaluation. Do not be afraid to ask an MSP, such as Bryley, to conduct a network assessment and evaluate your infrastructure. They have expertise and breadth of knowledge that will prove valuable and can highlight what you are doing well and areas where you can improve.

If you would like to improve your cybersecurity plan, or to inquire about Bryley’s full array of our Managed Cloud Services and Managed IT Services, please contact us at 844.449.8770 or by email at ITExperts@Bryley.com. We’re here for you.

 

1 Perlroth, Nicole and Matthew Haag. Hacker Leaks Episodes From Netflix Show and Threatens Other Networks. 29 April 2017.
http://www.cbsnews.com/news/irs-identity-theft-online-hackers-social-security-number-get-transcript/
http://www.cnbc.com/2017/03/15/turkey-twitter-accounts-hacked-germany-netherlands-nazis-forbes.html
http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/

Beware!! Google Docs Phishing Scam

If you recently received an email asking you to open a Google Docs, and you don’t know the sender, don’t open it! Chances are, this is a phishing email designed to have you click on a link and gain access to your information.

The email looks similar to a true Google invitation, but there are key differences.

The bogus email does not provide the name of the shared document and lacks the Google Docs icon.

The real email includes the name of the document, with the Google Docs icon .

Google is aware of this issue and issued a statement Wednesday saying, “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

We all face the grueling task of trying to manage our email. While email is a very convenient mode of communication and most of it is genuine, knowing the signs of phishing emails will prevent you from unleashing a disaster.

When in doubt, don’t click! Contact your IT administrator. And remember, legitimate organizations will never ask you to disclose personal data via email.

For more information, please see “Recommended Practices – Part 4: Email Use” in the November 2014 edition of Bryley Information and Tips (BITs).

Read this case study about a particularly vicious attack that Bryley remediated.

Bryley Systems specializes in protecting you from malware. Contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Interested in more security news? 

Sign up for our monthly newsletter to receive the latest cybersecurity updates right in your inbox!

Newsletter Signup