Don’t You Be Singing those Black Friday Buyer Beware Blues

Alongside links to Amazon, Home Depot, Staples, etc. Google’s sponsored shopping sections also show unfamiliar stores with lower prices than those of the well-known retailers. But are these really good deals?

Here are some ways to see if an inexpensive site is really going to get you what you want. None of these are absolute rules; the more information you have to make your decision about trusting an unknown website with your account or other personal information, the better sense you can get whether it’s worth making the bargain.

So What Gets Patched Around Here Anyway?

Given the number of vulnerabilities and exposures that are revealed every day [ https://www.bryley.com/2019/07/23/crunching-the-patching-numbers/ ], Mike Carlson, Bryley’s Chief Technology Officer, and Garin Livingstone, Director of Operations, agreed to be interviewed to walk me through the process they go through to keep computer systems updated. Mike has deep experience with local- and wide-area network design and implementation, and is a Microsoft Certified Systems Engineer™. Garin is a Microsoft Certified Technician™ and holds an A+ Certification, and has expertise in operations and technology.

Infographic: Tips for detecting a phishing email

Phishing emails are getting more complex all the time.  As the stakes rise, cyber criminals are employing increasingly subtle techniques and messaging.  Gone are the days when you simply had to turn down preposterous offers from royalty who had miraculously decided to become your unlikely benefactor.

The phishing email of today is designed to look as legitimate as possible.  It will try to distract you from clues that give away its true intent by creating a sense of urgency.  Typically they front as legitimate emails from familiar sources, sometimes even appearing to come from within your own organization.

Fortunately, once you know what to look for, these emails will be as easy to spot as those starting “I am a prince from [insert  random country name here], and I wish to bathe you in riches…”

The Compliance Effect

The Managed Security Service Providers journal, MSSP Insider, interviewed Bryley president Gavin Livingstone about General Data Protection Regulation (GDPR) 1 compliance.

“Our manufacturing clients were especially observant and working toward [regulatory] compliance,” said Gavin. The interview was prompted by a survey by Scale Venture Partners, Cybersecurity Perspectives 2019 2 . In the report, 2018 data breaches like at Exactis, exposures like at Cambridge Analytica, and regulations like GDPR triggered businesses to improve cybersecurity and increase investment in their security solutions. As a result fifty-five percent of the surveyed executives increased their investment in new solutions, forty-nine percent increased their measurement and reporting around data privacy, and forty-eight percent increased investment in data privacy personnel.

The Mysteries of Microsoft’s Model for Windows

“All they had to do was come up with a way to charge ten bucks a month and now no one steals music,” I overheard a college student say. He was talking about how Apple transformed from selling software (mp3s via iTunes) to renting access to songs, aka Software as a Service (SaaS). Apple Music now has the most paid music subscribers in the US and based on this success, “announced new subscription offerings for magazines, TV shows and video games”. 1

Per Forbes, 84% of new software is being delivered as SaaS. 2 This selling model built Netflix memberships (20 million renters at the height of its DVD service compared to over 150 million SaaS subscribers today 3 ), Dollar Shave Club razors, Stitch Fix and Amazon’s Subscribe and Save. Subscriptions moved Adobe’s market cap more than 87% since 2012 to $108 billion. 4

technology patches

Crunching the Patching Numbers

There were 16,516 Common Vulnerabilities and Exposures (CVEs)1 published in 2018. The time needed to analyze the relative importance of these to your organization would be something like 16,516 alerts times fifteen minutes to read and assess each one, which works out to about 500 days of work. If you decide that your organization is affected by twenty percent of these, that’s 3,304 vulnerabilities times an average of about an hour to patch each one — that will take about 40 days. And how many devices do you have that need this patch deployment? 2

Did You Feel a Drop? BUDR Pt. 2

Remember the panicked manufacturer with a progression of computer problems that recalled the proverbial “perfect storm”? Today I’m going to sort those problems out, and recommend ways to help keep those things from happening to you. To refresh, here’s what went on with that manufacturer:

The installed version of their ERP (Enterprise Resource Planning software) was too old to receive application maintenance and support. They hadn’t wanted to interrupt their workflow, and so hadn’t upgraded the ERP in more than five years.

It is time to consider upgrading from Windows 7

There are plenty of reasons to upgrade from Windows 7 before it reaches its end of life date on January 14, 2020.  Chief among them, Microsoft has indicated that, on this date, they will stop releasing security updates for Windows 7.  This will have major implications for anyone still running Windows 7, as it will leave them exposed to any known vulnerability indefinitely.

The nature of these vulnerabilities are such that they can have a cascading effect if exploited.  For instance, a recently identified vulnerability, designated ‘CVE-2019-0708,’ makes it possible for a malicious party to execute code remotely via Remote Desktop Services. This particular security flaw exists pre-authentication, meaning that it could easily spread from system to system in a similar fashion to how WannaCry malware spread in 2017.

Microsoft has indicated an attacker could “install programs; view, change or delete data; or create new accounts with full user rights.”

Fortunately, Microsoft has released a series of fixes for this particular vulnerability.  Starting January 14th, however, there is no guarantee that this will be the case and, except for in the most extreme circumstances, Windows 7 security holes will not be patched by Microsoft.

It is worth noting that Windows 10 is unaffected by this recent vulnerability, making this an excellent example of how upgrading to Microsoft’s latest operating system is the best way to ensure that your computer systems remain secure.

In short, by continuing to run Windows 7 past its end of life date, you could be undermining your entire security investment by effectively leaving the door to your network wide open.

Don’t wait until the last minute.  Talk to an IT expert about upgrading to Windows 10 today.  Give us a call at 978.562.6077 and selection Option 2.  We would be more than happy to help you get the process started.

The Snoopiness of Things

The 2015 Arkansas murder case that depended on smart-home devices, made the news again as the judge in the civil case upheld his ruling that James Bates is financially liable for the death of Victor Collins. The case against the accused was built on, among other forensics, records from Amazon whose Echo device was installed by the scene of Collins’ death, as well as evidence from a so-called smart meter. The smart meter reported inordinate usage of water around the time of death, which led the police to argue that a bloody patio was hosed down.

GDPR and You

Surprised that in the last month, between two small marketing list brokers, more than a billion personal records were found to have been leaked on the internet?1

That data then gets leaked and sold to potentially hold users’ computers or reputation for ransom. Or as in a 2018 hack, of DNA tester, MyHeritage, there is the ability to sell the data to the insurance and mortgage industries, revealing DNA disease susceptibilities, thereby making the user ineligible for coverage or a loan.2

GDPR to the Rescue!