Bryley is on the move!

Some of you may know, but Bryley has outgrown our current location in Hudson and will be moving to Clinton. Our new building is a historic 1937 post office that was completely renovated and modernized in 2004.  It has more than 10,000 square feet, the majority of which we will occupy, and comes with glass-walled offices, broad sweeping staircases, an elevator, two kitchens, and more.
We expect to move in mid to late Fall.

Team Bryley Successfully Completes Boston Brain Tumor Ride! – May 21, Waltham, MA.

This yearly event raises awareness and much-needed resources to fund critical brain tumor-specific programs to improve the lives of all those affected by brain tumors.  This year’s ride raised over $500K!

Bryley’s Prestigious Channel Partners 360° Award also traveled to the event!

Bryley’s own Jessica Giunta (right), and Audrey Baker
posed for a few pictures
during the day’s event. 

Jessica made the quilt that was on display during the event.

What you need to know about Petya, the latest Cyberattack

Another hack has impacted the business world. Named, Petya, this attack exploited holes the WannaCry attack highlighted. Since WannaCry was defeated so quickly, many firms did not patch the vulnerability.

The Petya attack started in Kiev, the capital of Ukraine, when the ATMs stopped working. Workers at the old Chernobyl nuclear plant were forced to manually monitor radiation levels after their computers failed.1 Shipping giant Maersk had to shut down several systems once it realized it was affected. According to the company, “The breakdown affected all business units at Maersk, including container shipping, port and tug boat operations, oil and gas production, drilling services, and oil tankers.”2 Roughly 76 ports, including Los Angeles, were affected. The Port of New York & New Jersey released a tweet announcing its APM terminals were closed Tuesday afternoon. It is estimated that this attack compromised over 2,000 computers in a dozen countries including the UK, US, France, Germany, and Australia.

What lessons can we learn from this?

  • Never pay the ransom. You are dealing with criminals and cannot trust that they will give you the codes needed to unlock your data. Furthermore, it encourages them to continue hacking computers as they are compensated for it.
  • Backups are important. Instead of relying on a criminal to obtain your locked files, restore them from a backup.
  • Patches are key. The reason many of the machines became compromised is that they were missing important patches. Make sure you are regularly updating your machines to ensure loopholes are shut and your infrastructure is protected.

If you’re ready to protect your organization, it pays to work with a Managed IT Services/Managed Cloud Services company, like Bryley Systems, to ensure that you’re taking the right steps. Bryley will recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent data loss.

Please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.

 

1 Perlroth, Nicole, Mark Scott, & Sheera Frenkel. New York Times. “Cyberattack Hits Ukraine Then Spreads Internationally.” 27 June 2017.

  1. Cyberattack Hits the World’s Biggest Shipping Company, CNBC, 27 June 2017.

McGoogan, Cara. Yahoo Finance.Petya cyber attack: Everything to know about the global ransomware outbreak.” 27 June 2017.

Fireball – A New Malware Threat

A new malware has cropped up on the heels of “WannaCry”.  It is called “Fireball” and has been detected in more than 250 million computers and 20% of corporate networks across the globe.  According to security firm, Check Point, this malware originated in China, and is believed to be “possible the largest infection operation in history.”1

What makes Fireball unique from other malware is that it is used primarily to “manipulate web traffic to generate revenue from online advertisements, transforming browsers into ‘zombies’.”2 generate fake clicks and traffic for the creator, Rafotech, a Beijing advertising firm.  Check Point further warns that Fireball “serves as a ‘prominent distributor’ of more malware,”2 meaning it can cause further viruses to gain access your data and cause more harm.

How can you tell if your computer is infected? “Check by opening your web browser. Is your homepage set to the same website? Are you able to modify it? Is your default search engine the same? Check your browser’s extensions. Do they look familiar? If you answered no to any of these questions, your PC may be compromised.”2

How can you protect yourself and your organization from these threats?

  • Install anti-malware software and ensure it is up-to-date.
  • Conduct regular scans of your environment.
  • Perform updates and patches as they are approved.
  • Enhance your firewall to detect malware before it enters your environment.

These are but a few of the “Best Practices” that can be employed to safeguard your data and business. If you’re ready to protect your organization, it pays to work with a Managed IT Services/Managed Cloud Services company, like Bryley Systems, to ensure that you’re taking the right steps. Bryley will recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent data loss.

Please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.

 

1 Morris, David Z.  Fortune.Chinese ‘Fireball’ Malware infects 250 Million Computers.” June 2017.

2 Channel 5 News. ”Your computer may be infected with ‘zombie’ malware that hijacks browsers.” June 2017.

Bryley’s Prestigious Channel Partners 360° Award Travels the U.S.

After being honored as one of 25 recipients worldwide, our prestigious award is traveling the U.S. in celebration – being one of the most sought-after in the industry of technology solutions.

About Zion. Zion is both the oldest and the oldest national park in Utah. It was the state’s first federally designated park (1919), and it shows off the oldest geologic layers this side of the Grand Canyon (~150m years old). It’s also Utah’s most visited national park, drawing 3+ million visitors annually. (including Awards)

“Bryley Systems works toward continuous improvement; we strive to manage, optimize, and secure our client’s information technology, which brings substantial business benefit and value to their organizations. Our team-focused, best-practices-oriented approach, coupled with high-value/low-risk service options, enables us to provide our clients with Dependable IT at a Predictable Cost™. We thank Channel Partners for this prestigious Channel Partners 360° award!”                    

    – Gavin and Cathy Livingstone, Co-Owners, Bryley Systems, Hudson, MA

Beware!! Google Docs Phishing Scam

If you recently received an email asking you to open a Google Docs, and you don’t know the sender, don’t open it! Chances are, this is a phishing email designed to have you click on a link and gain access to your information.

The email looks similar to a true Google invitation, but there are key differences.

The bogus email does not provide the name of the shared document and lacks the Google Docs icon.

The real email includes the name of the document, with the Google Docs icon .

Google is aware of this issue and issued a statement Wednesday saying, “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

We all face the grueling task of trying to manage our email. While email is a very convenient mode of communication and most of it is genuine, knowing the signs of phishing emails will prevent you from unleashing a disaster.

When in doubt, don’t click! Contact your IT administrator. And remember, legitimate organizations will never ask you to disclose personal data via email.

For more information, please see “Recommended Practices – Part 4: Email Use” in the November 2014 edition of Bryley Information and Tips (BITs).

Read this case study about a particularly vicious attack that Bryley remediated.

Bryley Systems specializes in protecting you from malware. Contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Interested in more security news? 

Sign up for our monthly newsletter to receive the latest cybersecurity updates right in your inbox!

Newsletter Signup

WRCC Ambassadors On The Move

The Worcester Regional Chamber of Commerce (WRCC) Ambassadors visited the Worcester County Food Bank (WCFB) Wednesday, April 5th; many brought donations, but all were there to learn about the WCFB, its purpose, and its partnership with the WRCC.

The WCFB’s mission is “To engage, educate and lead Worcester County in creating a hunger-free community.” As one of four regional centers across Massachusetts, the WCFB last year distributed 6.3 million pounds of food to 128 partner agencies, which provided 5.3 million meals to 89,000 people in need throughout the 60 cities and towns of Worcester County.

 

The WRCC partners with the WCFB through the Worcester Regional Food Hub, a Commercial Kitchen Incubator to enhance and support food-producer networks, workforce-development programs, and local small businesses.

Our tour of the clean, 37,000 square foot warehouse was conducted by Jean McMurray, Executive Director, who described their efforts to keep a stable, continuous supply of food while advocating for the elimination of hunger in Worcester County.

Gavin Livingstone, Chair of the WRCC Ambassador Committee, and Cathy Livingstone, WCFB Board of Directors member – joint-owners of Bryley Systems Inc. – organized and attended this event.

Be Aware! Avoid Phishing Scams During Tax Season

Let’s face it, tax season is stressful enough without having to contend with increasingly common and sophisticated tax scams. It certainly can be a headache to prepare your taxes, but falling for a tax scam could make it a nightmare.

The world is full of people who are ready and willing to take advantage of someone when they’re vulnerable. Tax scams contain new forms of fraudulence being discovered every day, but the most prevalent by far is the email phishing scam.

The Definition of Phishing. It is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

Phishing scams are easy to accomplish and can be done from home. A typical phishing email during tax season will bear similar (or sometimes identical) IRS letterhead or logos and will instruct you to follow a link that will lead you to, you guessed it, a site that requests your personal information. Some individuals are too quick to trust a logo or letterhead and forget to check the validity of an email/site before divulging their personal information.

In recent years, thousands of people have lost millions of dollars and their personal information to tax scams and fake IRS communication. Scammers use the regular mail, telephone, fax or email to set up their victims.

Knowledge is Power! Remember that the IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. In addition, the IRS does not threaten taxpayers with lawsuits, imprisonment or other enforcement action. Recognizing these telltale signs of a phishing or tax scam could save you from becoming a victim.

Last-Minute Email Scams. The IRS, state tax agencies and the tax industry urges taxpayers to be on guard against suspicious activity, especially email scams requesting last-minute deposit changes for refunds or account updates.

  • Learn to recognize phishing emails, calls or texts that pose as banks, credit card companies, tax software providers or even the IRS. They generally urge you to give up sensitive data such as passwords, Social Security numbers and bank or credit card accounts. Never provide your private information!
  • If you receive suspicious emails forward them to phishing@irs.gov. Never open an attachment or link from an unknown or suspicious source!

IRS-Impersonation Telephone Scams. “An aggressive and sophisticated phone scam targeting taxpayers has been making the rounds throughout the country. Callers claim to be employees of the IRS, using fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.

Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. Victims may be threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting. Or, victims may be told they have a refund due to try to trick them into sharing private information. If the phone isn’t answered, the scammers often leave an “urgent” callback request.”1

The IRS will never:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail you a bill if you owe any taxes.
  • Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.
  • Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  • Ask for credit or debit card numbers over the phone.

Remember: Scammers Change Tactics — Aggressive and threatening phone calls by criminals impersonating IRS agents remain a major threat to taxpayers, but variations of the IRS impersonation scam continue year-round and they tend to peak when scammers find prime opportunities to strike.

Interested in more security news? 

Sign up for our monthly newsletter to receive the latest cybersecurity updates right in your inbox!

Newsletter Signup

Surge in Email, Phishing and Malware Schemes. “When identity theft takes place over the web (email), it is called phishing. The IRS saw an approximate 400 percent surge in phishing and malware incidents in the 2016 tax season. The IRS has issued several alerts about the fraudulent use of the IRS name or logo by scammers trying to gain access to consumers’ financial information to steal their identity and assets.

Scam emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. These phishing schemes may seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.

Variations of these scams can be seen via text messages. The IRS is aware of email phishing scams that include links to bogus web sites intended to mirror the official IRS web site. These emails contain the direction “you are to update your IRS e-file immediately.” The emails mention USA.gov and IRSgov (without a dot between “IRS” and “gov”), though not IRS.gov (with a dot). These emails are not from the IRS. The sites may ask for information used to file false tax returns or they may carry malware, which can infect computers and allow criminals to access your files or track your keystrokes to gain information.”

For more details, see:

Unsolicited email claiming to be from the IRS, or from a related component such as EFTPS, should be reported to the IRS at phishing@irs.gov.

Tax Refund Scam Artists Posing as Taxpayer Advocacy Panel. “Some taxpayers may receive emails that appear to be from the Taxpayer Advocacy Panel (TAP) about a tax refund. These emails are a phishing scam, where unsolicited emails try to trick victims into providing personal and financial information. Do not respond or click any link. If you receive this scam, please forward it to phishing@irs.gov and note that it seems to be a scam email phishing for your information.

 TAP is a volunteer board that advises the IRS on systemic issues affecting taxpayers. It never requests, and does not have access to, any taxpayer’s personal and financial information.

How to Report Tax-Related Schemes, Scams, Identity Theft and Fraud. To report tax-related illegal activities, you should report instances of IRS-related phishing attempts and fraud to the Treasury Inspector General for Tax Administration at 800-366-4484.”3

Additional Scam-Related Information:

 If you suspect you are a victim, contact the IRS Identity Theft Protection Specialized Unit at 800-908-4490. When reporting to the IRS, you will need to:

  1. Send a copy of an IRS ID Theft Affidavit Form 14039 – download the form here: www.irs.gov/pub/irs-pdf/f14039.pdf.
  2. Send a proof of your identity, such as a copy of your Social Security card, driver’s license or passport.

After doing that, make sure to:

  • Update your files with records of any calls you made or letters you sent to the IRS
  • Put a fraud alert on your credit reports and order copies of your credit reports to review any other possible damage
  • Create an Identity Theft Report by filing an identity theft complaint with the FTC and a police report

 

Sources and References:

1 http://www.vanderbloemengroup.com/articles/irs-impersonation-telephone-scam

2 http://www.irs.gov

3 http://www.irs.gov

http://usa.gov/business-taxes

http://www.aarp.org

https://www.taxadmin.org/

https://treasury.gov/tigta/

 

 

Cathy and Gavin Livingstone judge at MHS SE Fair!

Cathy and Gavin Livingstone, joint-owners of Bryley Systems Inc., were again judges at the Marlboro High School Science and Engineering Fair on Tuesday, February 28. (The MHS SE Fair is a well-run, annual event that provides support and encouragement of student research, inquiry, and design.)

Cathy is pictured with Kimberly Konar and Amanda Cameron (aka The Bottle Girls), who presented BioPlastic: An Alternative to Environmentally Destructive Polymers. Kimberly and Amanda were third-place winners.

Winners go to the upcoming Worcester Regional Science and Engineer Fair and, if successful, on to the Massachusetts State Science & Engineering Fair.

How the Web is Won – Real-Life Tips for Getting Highly Ranked by Google

Lawrence Strauss

Google has by far the most comprehensive data on the web.  Its business is virtually completely dependent on people using its search engine.  This means it has an enormous interest in keeping searchers satisfied, that neither an upstart nor Microsoft overtakes it (as it did to AltaVista).  And, given its wealth, it purchases the best talent to constantly improve its search function, continually fulfilling the promise of artificial intelligence while acting less like a malleable machine1.

And if you want sales on the Internet, given the market share we surfers have granted it, there’s no avoiding Google.

So how can you get your site highly ranked by Google? The answer:  SEO (Search Engine Optimization) developed in the wake of the explosive growth of the web.

Twenty years ago there was no “Optimization”; you were trying to appeal to the fledgling Yahoo’s employees, who could manage to look at and review every site. But when machines supplanted people because of web-page volume, the software could be fooled with myriad techniques, including the popular and persistent keywords:meta tags. (Please see Search Engine madness by Lawrence Strauss in the April 2016 edition of Bryley Information and Tips.)

Because its business is built almost exclusively on search results, Google got much better at understanding site owners and seeing through their desire to be ranked first, and their techniques to get there.  So what’s come about is a return to the only really timeless technique, memorably expressed by Phil Frost; the Golden Rule of SEO is create the web page you would want to find if you were searching.

But first a diversion into much less poetic territory; like life itself, Google isn’t fair.

Big business breaks the rules all the time and Google rewards it with the best rankings.  Take for example the Microsoft-founded travel site Expedia:  Expedia was penalized (i.e. knocked down on some search results) by Google for violating its rules about manufacturing in-bound links.  (In-bound links, or links on other sites pointing to Expedia, are meant to be understood by Google’s PageRank as independent votes that boost Expedia’s credibility.)

Why does Google, if it’s interested in serving searchers with good information, reward a page like that?  It has been suggested it is because if Expedia were missing from search results where people would expect to find it, people would doubt whether Google search was working correctly.

So, small businesses are being made to adhere to standards that big businesses can ignore.

If, according to Google, nobody much would notice if your business is missing from the results, and you violate Google’s Quality Guidelines, Google can algorithmically exact a penalty on your site.  These penalties (with over 200 criteria) are not so easy to clear up.  On the bright side in this vein, one of the best things you can do for your business in Google search, and your business in the world, is to build it, or to use the buzz-word, build its “brand” – so that it cannot be ignored. Then it will slough off Google Guidelines like it was launched by Bill Gates.

What exactly is a “Brand”?

I just saw a memorable branding of the bad guys by a red-hot metal bat-symbol in the Batman vs Superman movie. The word comes to business from livestock hide-marking.  And it’s because of this connection that business-people understandably focus on the logo; David Ogilvy taught advertising agencies in the 1980s, an already decades-old chant:  “If your client groans and sighs, make his logo twice the size.”  Ogilvy was grumpy about it, because a symbol is really an almost inconsequential part of doing business.  And, as concerns our topic, symbols are unreadable, and so, useless, to Google search, demonstrating that there is much more to the idea of “brand” to get a good Google rank.

It’s hard to argue against market-dominance being a factor in having a business that is acknowledged with a top position by Google.  But there are great brands that exist in every industry, that win the rankings and sales appropriate to their business size and model.  Bear this in mind when thinking about building your brand: establish its role in the market (or sometimes alternatively called, “mission,” or sometimes “vision”) and values (what are the means by which the business will fulfill its role).

The more consistently these ideas are both articulated verbally and non-verbally, and most important, repeatedly put into practice, the meaning of the brand will be revealed.  And how will it be revealed?  Ever heard the expression, a business has the customers it deserves?  Well the meaning of your brand will end up being reflected back to the business in the form of recognition. And recognition can take many forms:

  • Conversations on social media,
  • Reviews on Facebook pages and other websites,
  • Awards from trade associations, links from industry peers,
  • Citations in industry publications, and so on.

(It’s also not a bad idea to get the ball rolling by asking industry colleagues and customers on occasion to discuss via social media a page you’ve added to your site.)  The main benefit of all this is that your organization gains in reputation and therefore credibility (and along this path, a good Google rank), and therefore sales or for a nonprofit, another form of fulfillment of its role.

They Call Me the Seeker

Most of the web has been built ignoring data about how people search. And that’s as it should be.  For instance, if you have a specific story to tell, if you are building a page or site for a specific community that is being directed to the site in other ways (this newsletter, for example, is created to help the Bryley community), or if you have research to publish.

But if you want your site to be found by strangers among the billions of web pages, consider how people are using the web, which leads back to the idea of getting a good ranking by thinking like a searcher.  Start by asking yourself:

  • In my field what are the questions that Internet searchers are asking?
  • What is the motivation behind the searchers’ questions:
    • Are they looking for free advice only?
    • Are they looking to see who is an expert that they can hire?
    • Are they looking to connect with people with similar interests?
  • How are the searchers asking those questions:
    • What are the popular resources for those kinds of queries?
    • Why do you think those sites are popular?
    • What words are people using to search?

If you’re not, get familiar with Google AdWords’ Keyword Planner; for the last couple of years you’ve needed to sign up for an AdWords account to access it and it is designed for Google’s paid search-results program, but the data is derived from Google searches, and so helpful in understanding what’s being searched for.

One of the best ways to use the Keyword Planner is to enter a top-Google-ranking competitors’ site in the field revealed after you select Search for new keywords using a phrase, website or category.  Google usually does a great job in parsing the site, giving few irrelevant returns, but it gives a lot of returns.  But these can be filtered in the menu to the left, entering, for example 1000 searches/month and a minimum bid of $1.50, as recommended by Dan Shure in the AdvancedWebRanking blog.  This will minimize the keywords that no one searches for and reveal those few that businesses value.

Once you have a keyword or keyword phrase about which you’re planning to build your page, now what?  How do you avoid having a page like Expedia’s keyword-stuffing example that violates Google’s Quality Guidelines, yet still able to attract the interest of Google?

Short answer: put the keyword or keyword phrase in the title tag of your page.  Also include it in the “keyword:description” meta-tag.  This meta-tag is what Google will likely use as the search-return description under the link to your page. This meta-tag is not there to be seen by Google, but by a prospective visitor, so the description should contain the keyword or a supporting idea, be plain-English and be compelling to invite a click – after all it is these people that we’re really interested in, not Google.

Long answer: as Bill Gates said years ago, “Content is king.” And thanks to

Google’s synonym-support, the content of the page should not be redundant, but reflect the variety of terminology used to explain a given subject.  And understand that authoritative content, as Google prefers, means at least 500 words on your subject per page. Matt Cutts, head of Google’s Webspam team advised, “For example, if you’re talking about a USB drive, some people might call it a flash drive or a thumb drive”.

Bear in mind the terms that people will type and think about synonyms that can fit naturally into your content.  Don’t stuff an article with keywords or make it awkward; rather, incorporate different ways of talking about a subject in a natural way.

In May 2015, Google announced that the share of search on mobile outstripped search on PCs for the first time.  With the announcement came suggestions for organizations to make their sites able to deliver information in the moment it is wanted, meaning make sure your site’s load time is speedy.  To test and improve this factor in Google rankings, Google created the PageSpeed Tools.  (To test your page-download speed, enter a web address in the field and click “Analyze”.)  The PageSpeed Score ranges from 0 to 100 points:  A higher score is better and a score of 85 or above indicates that the page is performing well.

While not a wholly comprehensive accounting of what it takes to be in the first rank of a Google search, the suggestions covered here are consistently the biggest effecters:  being the kind of organization that makes people link to its content, creating content that answers what searchers are seeking, and making sure your pages load fast.

Funnily enough, these answers are not too different than thinking about getting your page ranked twenty years ago when Dave and Jerry at Yahoo! were linking to pages manually.  But unlike then, no one sees the same results.

Search history is recorded and weighted in the results (unless a searcher opts out), and social connections are recorded and weighted in the results (unless a searcher opts out). Couple these with a physical location to get the results shown by Google and Bing.

For the web developer, strategically not much has changed, except the weight is maybe more strongly on reputation. But if you’re developing a site, how do you see the results without being affected by these filters and get a truer sense how your site is faring? You’ll have to choose these settings in your browser: Chrome, Incognito Window, Firefox, Safari and Internet Explorer, Private Browsing.

1 Google notes to support these statements:

$500B market capitalization.