Bryley Basics: Surge protection

/in /by

A surge in power can occur at any time, but is often caused by high-powered equipment or storms that disrupt the normal flow of electricity.  Surges can also occur after a power-outage, when the power comes back on.

Surge protectors are electro-mechanical devices that sit between power-sensitive (electronic) equipment and the wall outlet; their purpose is to protect the power-sensitive equipment from the effects of a sudden increase in power voltage.  (Tom Harris has a terrific primer: “How surge protectors work”, at howstuffworks.com.)

Suggestions on purchasing a surge protector:

  • Get one with an indicator light that signals proper operation
  • Verify it is a “transient voltage surge suppressor” and meets UL 1449
  • Expect to spend at least $15-25 to ensure proper quality and better ratings

Plan on replacing periodically; always replace when the indicator light fails (even if it is still providing power to the attached equipment).

We are pleased to announce the addition of two, new employees:

/in /by

Shelbea Moulin, Administrative Assistant

Shelbea resides in Worcester.  She has a BS in CPA Accounting and Finance from Syracuse University and is currently pursuing an MS in Accounting.

Shelbea brings experience in technical support, having worked as a Student Computer Consultant; she also has exposure to finance and auditing practices from two recent internships.  In recent years, Shelbea has held leadership roles at two non-profit organizations.

Eric Rainville, Technician

Eric resides in Worcester.  He holds an AS degree from the New England Institute of Technology.  He was a Certified Easy Technician at Staples, Inc. and has worked as a Computer Technician since 2010.

More ergonomics from Marty Reed

/in /by

Marty Reed of Top Enterprise, an ergonomics specialist, visited Bryley early in September for a demonstration on proper ergonomics.  She then visited our cubicles and made individual recommendations.

Her overall suggestions included:

  • Monitor:
    • Set distance at one arm-length from body to monitor.
    • Set height so eyes focus at about 2” below top of monitor.
  • Keyboard:
    • Use wrist rests to get hands up and over keyboards.
    • Keyboard should lay flat on the desktop; do not tilt up back.
  • Chair:
    • Use chair arms periodically to rest arms.
    • Forearms and thighs should be parallel to the ground.
    • Adjust for lower-back support or add a lumbar-support device.
  • General:
    • Look away into the distance at least every hour to reduce eye strain.
    • Get up from your workstation periodically and walk around.

For details, Marty can be reached at reed167@verizon.net.

Recommended practices – Part 2: Web browsing/Internet usage

/in /by

This is a multi-part series on recommended practices for organizations and their end-users.  Additional parts will be included in upcoming newsletters.

End-users browse the web; it’s usually the fastest way to get an answer, search for an item, or make a purchase.  But, browsing comes with some risks:

  • Potential liability from browsing ill-advised sites at work
  • Inadvertent or unintentional download of malicious software
  • Waste of company resources: Internet bandwidth, employee time, etc.

To reduce browsing risks, we recommend have these recommendations:

  • Set an Internet usage policy
  • Monitor and enforce browsing behavior
  • Train staff members on safe-browsing habits

A fourth recommendation, configure and patch/update end-point components (operating system, anti-malware software, Internet browser, etc.), will be covered in future articles.

Set an Internet usage policy

Unless we know what is acceptable, how can it be enforced?  Some organizations, to limit unproductive time, might restrict access to social-media sites (Facebook, Twitter, etc.), while others (police investigators) may need access to pornographic sites; without a policy, what sites do we monitor and restrict and for whom?

An Internet usage policy should define the dos and don’ts of Internet access; it should be included in the Employee Handbook with a sign-off acknowledgement and should also note that the organization reserves the right to monitor and limit this usage, without restriction.  (See a simple Sample Internet usage policy fromGFI.  Or, review an in-depth Internet usage Policy from the SANs Institute.)

Monitor and enforce browsing behavior

Paul Wood of Symantec™ studied browsing habits of end-users with these findings1:

  • About one-third of users followed the organization’s Internet-use policy,
  • The second one-third generated less than 10% of browsing violations, and
  • The final one-third had over 90% of browsing violations; about 20% of this group actually had more violations than legitimate usage.

Basically, about 66% of end-users follow an organization’s Internet usage policy most or all of the time, but there is a small group that abuses this policy, which suggests that enforcement efforts should focus on the abusers.

To protect an organization, basic monitoring and enforcement of Internet usage is recommended; a typical monitoring/enforcement software application for small to mid-sized organizations should provide, at a minimum, these capabilities:

  • Cluster related sites together (ie: gaming, sports) to set policy by site-groups
  • Combine users by department or functional area to enable group restrictions
  • Whitelist specific sites (or site-groups) to permit unlimited access
  • Blacklist specific sites (or site-groups) to prohibit access

Once deployed, you must continually review the results to inspect what you expect.

Example:  Bryley Systems offers our Secure Network™; an onsite, Unified Threat Management (UTM) tool with monitoring and enforcement of web browsing.  The results are periodically reviewed and reported by Bryley Systems to the client.

Train on safe-browsing habits

It is important that staff know and understand the importance of an organizations’ Internet usage policy; they have a significant role to play in this effort.

Basic rule is to not click on any site that you do not trust.  However, even some trustworthy sites can be hijacked and route an unsuspecting user to an unintended site with unexpected consequences.

Some browsing tips2:

  • Do not click on pop-ups
  • Do not open links within spam email
  • Check a site’s actual address in the address bar; this address should always match the expected site-name (URL)
  • When in doubt, shout it out (call for help)

There are also many online, security-training options; we offer a video-training package on a per-user basis through our business partner, Deadbolt Security.

REFERENCES:

  1. See Paul Wood’s article “Employee browsing habits, the good, the bad, and the ugly” at Symantec Intelligence.
  2. Dylan Herix offers “An idiot’s guide to good browsing habits” at AppStorm Guide.

 Winner of our business-card raffle at the Central Mass Business Expo (CMBE)

/in /by

Congratulations to Maureen Raillo, CEO at W Limousine in West Boylston, MA!

Maureen_Beats Audio Winner_web

Maureen won a Beats Pill™, and a Beats Pill character stand.  (Beats Pill is a lightweight, portable, and wireless speaker that lets you bring music wherever you go; combined with the character stand, the value is over $250.)

Bryley Basics: Get ready for USB Type C

/in /by

USB (Universal Serial Bus) has been part of the computer world since 1998; it typically connects peripherals (printers, scanners, cameras, etc.) to computers.

A new USB cable, USB Type C, should hit the shelves next year.  It will use the USB 3.1 standard, which is backward-compatible with USB 3.0 and USB 2.0 and permits data transfer at up to 10Gbps.

USB Type C will have these features:

  • Smaller connector ports at 8.44mm by 2.6mm
  • Connectors are the same on both sides of the cable (allowing cable reversal)

For details, please visit Dong Ngo’s write-up “USB Type-C: One cable to connect them all” from August 22nd, 2014 on CNet or see Steven Shanklan’s article “Meet the next-gen USB cable that could sweep away all others in the April 1st, 2014 write-up on CNet.

Why do organizations ignore information (cyber) security?

/in /by

I read an interesting article by Don Jones of Redmond Magazine titled: “The Quest for a Culture of Security”.  In it, Mr. Jones notes (via my paraphrasing):

  • Security gets limited attention and even less funding from decision makers
  • Security hacking has become a profession with significant financial rewards
  • Every company is a target and has been, at a minimum, probed by hackers

In 2010, I witnessed the first item above when Bryley Systems hosted a series of seminars on the (then) new Massachusetts statute for the protection of personal information (201 CMR 17.00); people attended the seminars and took the first steps toward compliance, but most ignored the difficult changes and few made security (and compliance) part of their corporate structure.

Mr. Jones’ suggestion:  Ingrain security into your corporate culture; make it as important as uptime and connectivity and make it a fundamental part of everything you do.

Lynn Russo Whylly, in her May 14th 2014 article “How to Prevent Becoming the Next “Target” of a Data Security Breach” from Chief Executive, recommends:

  • Discuss security with your CIO or MSP regularly (to highlight its importance).
  • Walk-through the data center (to pose questions about its vulnerabilities).
  • Setup security goals and then monitor metrics (to inspect what you expect).
  • Hire an outside person/firm to attack your security (and highlight its flaws).

Her position is that security is a part of the CEO’s responsibility; one of continually growing importance.

Recommended practices – Part-1: Storage of unstructured data

/in /by

This is a part one of a multi-part series on recommended practices for organizations and their end-users. Additional parts will be in upcoming newsletters.

Organizations create and consume data constantly, but not all have formal policies or practices that define the value of this data and restrict its amount and location.

Quality is difficult to define and even tougher to enforce; some departments and users save items solely for convenience, even though its value is minimal, while others consider everything they have ever said or done, even 20 years ago, to be worthy of permanent storage. Basically, there is no point to storing unstructured data (MS Office documents, PDFs, etc.) unless it has value to the organization; however, if you must store it, choose a method that allows some type of classification (like SharePoint with its searchable repository of metadata).1

Rather than try to enforce quality standards, many organizations impose limitations on the amount of data stored (since this can be controlled and monitored)2: Even though disk space is relatively inexpensive, backup, data-management, and data-security costs increase as data grows. Quotas also impose discipline; setting a quota allows the organization to get a picture of storage needs by individuals and by departments or functional groups. Quotas can also be adjusted as needed.

There are tools that manage unstructured data via audit/access controls and monitor via usage patterns; these are targeted (and priced) for enterprise-class organizations, but are moving downstream within the reach of more organizations. There are less-expensive tools (and policies included within Active Directory) that limit storage-space usage; limits are usually set by user or by department.

Finally, organizations traditionally assume, and try to enforce, that end-users save and store company data only at designated locations of on-premise equipment (drives mapped to servers, storage arrays, Network Attached Storage, etc.) or at authorized, Cloud-based storage locations; the idea is to save and secure company data where it will receive proper backup, security, and vetting. Saving company data onto personal computers, tablets, and mobile phones, where it might not receive regular backups and is more vulnerable to loss or theft, is discouraged.

The best place to start is to create a clear, unambiguous policy on the storage of company data with these guidelines:

Define what data should be kept and for how long
Define storage-amount limitations and enforcement
Define acceptable storage locations
Define responsibilities for retention
Once defined, processes can be created and tools can be acquired to manage and monitor this policy.

Our recommendations for storage locations:

Remove all data from end-user devices (laptops, mobile devices, etc.).
Map a Home folder for each end-user and restrict its rights to that user.
Move the end-user My documents folder to their respective Home folder.
Deploy a document-collaboration utility (like SharePoint or Google Docs) or create a Shared folder with appropriate subfolders to manage your shared, unstructured data.
Restrict shared access by department or functional group.
Our recommendations for storage management:

Define policies within Active Directory to limit storage space (as needed).
Archive older, infrequently-used data to less-expensive storage.
Monitor usage on a regular basis.
1. Visit “My ongoing rant about unstructured end user data storage”.

2. See Alan Radding’s excellent and relevant article “Keep end-user storage under control” at TechTarget and originally from Storage magazine in November 2006.

Bryley exhibits at the Central Mass Business Expo

/in /by

Bryley Systems exhibited in the Technology Pavilion at the Central Mass Business Expo on September 8th, which was held at the DCU Center in Worcester, MA.

Pictured in our booth is Anna ; Account Executive at Bryley Systems.

adExp

Anna D. achieves VMware Sales Professional certification

/in /by

Congratulations to Anna who completed the significant training and testing to become certified as a VMware Sales Professional.

VMware is the global leader in virtualization and a key partner of Bryley Systems. A certified VMware Sales Professional has general knowledge in VMware products and business practices.

Anna has been with Bryley since 2010. She moved to the Sales team in 2012.

vmWareSalesProf