Bryley Basics: WordPress maintenance

Gavin Livingstone, Bryley Systems Inc.

Reference article by Al Morel, Web1776

WordPress is the most-popular Content Management Systems (CMS); it powers over 25% of all Internet-based websites since it is a free, easy-to-use, open-source CMS with a large and vibrant community.

Because it is an open-source utility, and even though it includes automatic security updates (since version 3.7), it has ongoing maintenance requirements. Business partner, Web1776, offers these helpful suggestions:

  • Backup – Backup your site every before and after a change is made and keep copies of your backup onsite and offsite. (You might consider BackupBuddy, a plugin that assists the WordPress backup process.)
  • Update – Update WordPress first, then its plugins, and finally, themes.

For the complete maintenance information and instructions, please see the Web1776 recent blog article WordPress Maintenance Recommendations.

Donald Trump’s potential impact on technology

Lawrence Strauss, Strauss and Strauss

Gavin Livingstone, Bryley Systems Inc.

People expect that President-elect Donald Trump’s election victory, combined with a Republican Congress, will mean big changes. Because organizations depend on technology, what can be foreseen concerning the tech fields, based on Donald Trump’s campaign statements and on the team he is gathering around him?

In the election’s immediate aftermath, some of the biggest tech-sector stocks’ lost value (which has since changed with the more-recent rise in US stock markets), possibly due to campaign rhetoric where Donald Trump threatened to look into Amazon for monopolistic behavior and tweeted that Americans should boycott Apple for its refusal to help the FBI unlock the iPhone used in the California terrorist attack. He also reminded us of the possibility of a Google election-bias in its search returns. (Google employees have become President Obama’s top tech officials and Google employees visit the Obama White House about once a week, 10x as often as employees from comparable businesses.)1

President-elect Trump appointed Jeff Eisenach and Mark Jamison to reshape the policies of the FCC, which just last year, in a 3 to 2 vote, passed the so-called Open Internet rules. (These rules are somewhat based on the concept of “net neutrality” where the Internet is considered a utility and all Internet traffic is treated equally.) Eisenbach, Jamison, and many others believe these rules were poorly constructed and oppose them on the grounds that they could lead to government overreach with greater consumer costs and reduced investment by business.

The Wall Street Journal, in an Op Ed page2, discussed President-elect Trump’s position in more than 500 companies, of which about 125 do business around the world. Most of these successful businesses are related to real-estate development, hotels and golf courses.3 So, how do such interests intersect with the tech sector?

One way may be gleaned from Peter Thiel, the founder of PayPal and the President-elect’s most vocal booster in the tech world, who told Forbes4 “it’s hard to overstate … Jared [Kushner]’s role in the campaign.” Donald Trump’s son-in-law, Jared Kushner, with a family background in commercial real estate, brought to the campaign (per Forbes) advanced computer-based selling techniques like machine learning and micro-targeting. Forbes reports that Kushner learned about these methods through his interactions with Silicon Valley.

Jared founded a start-up, technology-oriented business, Cadre, with his brother, Joshua. Cadre makes buying and selling interests in commercial property akin to a blend of shopping on Amazon mixed with online stock trading. This NYC business has the kind of unique product with a vast upside that it is attracting top tech talent away from Google, Apple, Twitter and others.5

Cadre is a reinvention of that marketplace through technology. And what policies would a tech startup desire? Among the things it, and businesses in general, need are low interest rates to finance investment. And, Donald Trump has a unique opportunity to keep interest rates low with two vacancies on the Fed’s seven-member Board of Governors and the two chairs’ terms expiring in 2018. During the September debate, Donald Trump called out the Fed, saying “When they raise interest rates, you’re going to see some very bad things happen, because they’re not doing their job.”6 So, the president-elect’s vision is a Fed that keeps interest rates low, which could continue to spur business and technology investment.

Similarly, Donald Trump promised in May to dismantle the 2010 Federal financial regulations known as Dodd-Frank, which according to Donald Trump, “makes it very hard for bankers to loan money for people to create jobs, for people with businesses to create jobs.”7

Donald Trump wants to shrink the corporate tax rate from 35 percent to 15 percent. And he has floated the idea of tax incentives to repatriate monies businesses currently have invested overseas.8

One of the issues that Donald Trump took up during his campaign, was the idea of US workers being replaced by foreign workers. And directly impacting the tech sector are H1B visas, as many Silicon Valley companies train non-US citizens that enter the US on H1B visas. Donald Trump suggested attaching fees to the H1B that would make it less appealing for businesses to seek non-US employees.

The H1B visa issue does not have any effect on outsourcing overseas, a major issue for businesses and their workers; Donald Trump has not yet directly addressed outsourcing.9 However he did spend a lot of time addressing the loss of US manufacturing and the imbalance of trade with China in particular. The solutions he’s proposed include changing the Trans-Pacific Partnership and a 45% tariff on Chinese goods.

These are complex issues, and China’s 1990 inclusion in the WTO has given us everything from cheap, dollar-store junk to computers and cell phones. Because small goods are no more expensive to consumers than they were in the eighties, economists Robert Lawrence and Lawrence Edwards estimate that trade with China returns $250 a year to every American.10 However, Mr. Lawrence also calculates that between 2000 and 2007, Chinese imports caused about a third of the 484,000 annual manufacturing job losses, with productivity increases due to technology making up the bulk of the remaining losses.11

Donald Trump’s road-blocks to free trade are opposed by many who depend on the cheap, foreign manufacturing and, to a lesser extent, foreign markets. Creating barriers to imports suggests our partners may respond in kind, so the methods proposed for doing this may not have the desired effect.

Conversely, it is interesting that his top Secretary of State pick (as of this writing), Mitt Romney, is seen as welcoming trade agreements during his 2012 campaign.12

One thing is evident; investors have responded to Trump’s campaign promises pushing the Dow past 19,000 for the first time and Small Cap stocks (generally understood to be the riskiest) are seeing their largest gains by percentage.11

Generally, the upcoming Trump Administration will likely favor business investment and development, which should enhance technology research and business overall. However, the effects may impact technology companies unevenly, with likely short-term winners and losers.

REFERENCES

1http://www.politico.com/magazine/story/2015/08/how-google-could-rig-the-2016-election-121548

2http://www.wsj.com/articles/the-trump-family-political-business-1479426984

3https://www.washingtonpost.com/news/wonk/wp/2016/02/29/the-myth-and-the-reality-of-donald-trumps-business-empire/

4http://www.forbes.com/sites/stevenbertoni/2016/11/22/exclusive-interview-how-jared-kushner-won-trump-the-white-house/#4d6e2de62f50

5http://www.businessinsider.com/what-is-cadre-and-how-to-invest-in-its-real-estate-deals-2016-6

6http://www.bloomberg.com/politics/articles/2016-11-22/trump-looks-to-put-stamp-on-fed-in-first-months-of-presidency

7http://fortune.com/2016/05/18/trump-dodd-frank-wall-street/

8http://www.cnbc.com/2016/11/15/how-trumps-likely-tax-reforms-will-impact-tech-sector.html

9http://www.computerworld.com/article/3140166/it-outsourcing/trump-tapped-the-viral-anger-over-h-1b-use.html

10http://www.economist.com/news/united-states/21695855-americas-economy-benefits-hugely-trade-its-costs-have-been-amplified-policy

11http://www.foxbusiness.com/markets/2016/11/22/americas-smallest-stocks-are-biggest-winners-post-trump.html

12http://foreignpolicy.com/2011/11/17/mitt-romneys-foreign-policy/

Wi-Fi® is not Wireless Fidelity

Garin Livingstone and Gavin Livingstone, Bryley Systems Inc.

Wi-Fi is not an abbreviation for wireless fidelity1; it is a trademarked phrase that refers to wireless communication between electronic devices and a Wireless Local Area Network (WLAN) based on the IEEE 802.11x standards.

Wi-Fi is brought to us by the Wi-Fi Alliance®, a worldwide network of companies with the mission to drive the adoption and evolution of Wi-Fi globally.  The Wi-Fi Alliance tests and certifies that WLAN equipment meets its stated standards.

Current standards include:

  • 11g
  • 11n
  • 11ag

Speeds have grown substantially, now rocketing up to a potential 1,300Mbps using the latest WiGig™, 802.11ac, standard (although actual performance is typically significantly less than its potential).

wifi-standard

At their core; wireless networks are less secure than wired networks (since a potential intruders does not need a physical connection), although encryption technologies (Wi-Fi Protected Access or WPA and WPA2) exist to secure WLANs.

Large-scale Wi-Fi implementations include:

  • City-wide Wi-Fi – Free Wi-Fi provided in St. Cloud, FL, Sunnyvale, CA, etc.
  • Campus-wide Wi-Fi – Wi-Fi throughout a campus environment

1See ‘Wireless Fidelity’ Debunked by Naomi Graychase of WiFi Planet.

2See WikipediA IEEE 802.11.

Game Changers – Worcester Chamber Business Conference & Expo on October 14th

Hear from the experts – the innovators, investors, and developers – who are transforming Worcester’s skyline on Friday, October 14th, from 7:30am to 1:30pm at Mechanics Hall, 321 Main Street, Worcester, MA.

To register, please visit 2016 Game Changers – Business Conference and Expo.

What’s new in Massachusetts manufacturing and technology

Gavin Livingstone, Bryley Systems Inc.

Manufacturing (which represents about one-third of our client base) is a growing and vital industry within the Commonwealth.  Some relevant statistics1:

  • There are over 6,500 manufacturers in Massachusetts
  • They provided more than 248,000 jobs in 2014; about 7% of the workforce
  • The average manufacturing-employee compensation was $93,682 in 2013
  • Over $45b in manufactured goods were sold nationally and worldwide in 2013, which accounts for over 10% of the state’s economy
  • 40% of Mass. manufacturers report difficulty finding skilled craftsmen

According to the Advanced Manufacturing Collaborative, a sub-group of MassTech (Massachusetts Technology Collaborative) launched in 2011, manufacturing is a “…cross-cutting sector that touches essentially every region and every industry of the state’s innovation economy and which provided good paying jobs to citizens of every skill and ability…”.1  Because engineering and technology tend to associate closely with manufacturing, it is attracting attention within both state and local governments as well as educational facilities at the high school and college levels; the priority is to invest in training future employees, while removing the outdated stigma that manufacturing jobs are dirty and underpaid.

MassTech based the Advanced Manufacturing Collaborative on a 2008 study2 that focused on manufacturing health in Massachusetts, followed by a second study3 from the same team in 2012.  The focus areas brought forth from these studies:

  • Promoting the image of manufacturing
  • Education and workforce development
  • Technical assistance and innovation
  • Access to capital

Related programs include:

  • Technology & Market Acceleration:
    • Technology Acceleration Program – Grow and succeed with invention, innovation, and commercialization endeavors
    • Technology Driven Market Intelligence (TDMI) – Focus on the market benefits a technology enables in a product
    • Technology Scouting – Search outside of normal channels for an unmet technology need
  • Workforce training grants:
    • The Express Program – Up to $3,000/employee, but restricted to companies with under 100 employees
    • The General Program – Grants up to $250,000
  • On-the-Job Training (OJT) and Apprenticeships:
    • Train Employees – Reliable OJT and apprenticeships
    • Aging Workforce – Prevent brain drain due to retirement
    • Recruiting the Right People – Core skills training
  • Working Capital Loan Guarantees – Guaranty product by MassDevelopment to guarantee up to 25% of working-capital loans for manufacturers
  • Massachusetts Manufacturing Month 20164 (October) event categories:
    • Education – Prepare/motivate people to pursue manufacturing careers
    • Innovation – Solve difficult problems and pave the way for the future
    • Products – Highlight amazing products manufactured in Massachusetts
    • Sustainability – Promote incorporation of green/sustainable processes
    • Workforce and Jobs – Spotlight training and career paths

Additional state-wide organizations and their missions:

  • AMPItUp! (Advanced Manufacturing Program) – Amping up students for an amazing future in manufacturing.
  • Associated Industries of Massachusetts (AIM) – Largest employer association (4,500 members) within Massachusetts that addresses manufacturer’s (1/3 of membership) and employer’s concerns; they advocate for their members.
  • MakerSpaces – Evolving hotbeds of innovation where woodworkers, robotics engineers, machinists, etc. can participate or rent incubator space.
  • MassMEP (Massachusetts Manufacturing Extension Partnership) – The expert resource committed to manufacturing growth in Massachusetts.
  • Massachusetts Technology Collaborative – An innovative public agency working to support a vibrant, growing economy across Massachusetts.

qcc-mac1

qcc-mac2

Finally, a look in a classroom at the new Manufacturing Advancement Center at Quinsigamond Community College in Worcester, MA; the center, funded by a $2M grant in 2014, opened to students this week.

1Massachusetts Manufacturing Facts from the National Association of Manufacturers.

2Please see Staying Power – The Future of Manufacturing in Massachusetts by the Center for Urban and Regional Policy, School of Social Science, Urban Affairs, and Public Policy, Northeastern University.

3Please see Staying Power II – A Report Card on Manufacturing in Massachusetts 2012 by the Kitty and Michael Dukakis Center for Urban and Regional Policy at Northeastern University.

4Please see Massachusetts Manufacturing Month 2016 from AMPitup!.

Bryley Basics: Why do my outbound emails show up as spam?

Anna Darlagiannis and Gavin Livingstone, Bryley Systems Inc.

I just got a call from a prospect; he notes that his emails are showing up as spam and his email recipients now think he is a spammer.  This is a topic that many email-oriented organizations experience.

Unfortunately, with ransomware growing more common, spam-filtering efforts are getting more aggressive, which makes it even easier to be labeled a spammer and then blacklisted.  Is it a losing battle?

Spam is unsolicited/unwanted bulk email; it is often easily identified, but can also be a bit ambiguous, making it difficult to separate desired email from undesired.

Spam filters, both free-standing (Reflexion, MimeCast, Proofpoint, etc.) and built-ins (spam-deterrents built into Google Gmail and Microsoft Office365) use various algorithms and keyword searches to review incoming email, apply a spam “score”, and then block those that exceed a specific threshold.  In addition, they blacklist repeat offenders considered spammers, effectively preventing the source emailer from reaching their intended audience.

Subject-line triggers are a significant issue; using words like “Free” or “Viagra” in your email subject line (and within the body of your email) can easily get your message labeled as spam.  Send this email to hundreds of recipients will get you blacklisted as a spammer.

In addition, these are other common email-spam identifiers:

  • Generic greetings
  • Grammatical and spelling errors
  • Unusual use of capitals or punctuation (BUY!!!)

Here’s how to stay off the spam-filter radar:

  • Avoid attachments
  • Check spelling and grammar
  • Provide an unsubscribe option
  • Avoid certain keywords1 and subject-line triggers

1Please see The Ultimate List of Email SPAM Trigger Words by Karen Rubin of Hubspot on January 11, 2012.

Do I need Cyber Liability Insurance?

Gavin Livingstone, President, and Mike Carlson, CTO at Bryley Systems Inc. with Bill Percuoco, Sales Executive at DF Murphy Insurance Agency, Inc.

In general, Bryley retains business insurance to address all areas of significant risk; we ensure that we have sufficient coverage for all big-event issues, while usually requesting the greatest deductible possible.  Cyber Liability Insurance is high on our list of must-have coverage; both for ourselves, and for our clients.

Cyber Liability Insurance is designed to protect consumers of technology services or products.1  It provides coverage for data breaches, known or even undiscovered, and is a risk-transfer option designed to address some of the costs of mandatory notification (required within the Commonwealth of Massachusetts and 45 other states) and to deal with the remedial aspects of a data breach.2

Coverage typically includes:

  • Data breach/crisis management costs – Reporting and managing an incident, including remediation
  • Network security liability – Third-party damages due to denial of access
  • Multimedia liability costs – Restitution for defacement of website(s)
  • Extortion liability costs – Losses due to extortion attempts

Organizations that process credit cards are at risk; more so if they store credit-card information on their network.  In addition to credit-card information, a data breach that discloses other types of personal information can introduce extensive liability:

  • Employee information is a risk for any employer.
  • Information collected and retained from medical applications may include confidential medical and/or personal data.

While non-Fortune-5000 organizations are unlikely to be specifically targeted for their data, many of these attacks are broadly distributed, often via forged emails sent to thousands of people.  The attackers gather data from successful attacks and then determine if it is of any use to them.

Another targeted area could be your public presence – web site, Facebook/Twitter, etc.  This is more of an embarrassment than a financial liability, but restoring the web site and regaining access to hacked social-media accounts and the like does have a cost.

Bill Percuoco of the DF Murphy Insurance Agency, Inc. (our insurer), notes that they have recently seen several claims stemming from social engineering where a criminal has tricked an individual into transferring money.  (Social engineering is the psychological manipulation of someone to reveal confidential information or perform a desired action.3)

Due to supporting the technology of our clients, Bryley Systems remains extremely diligent; in addition to our security measures and internal controls, processes, and policies, we have had Cyber Liability Insurance for many years.  Our premiums are based on annual sales, factored by industry, services, policies, security, and risk-exposure; we are likely at the high end since we protect other organizations.

We believe that it is far less expensive to purchase Cyber Liability Insurance coverage than it is to face these situations without sufficient resources.  To that end, we recommend Cyber Liability Insurance to our clients and to all organizations using online technology, particularly those that accept credit cards and/or use online financial, medical, or employee-oriented applications.

1Please see Data breach and cyber liability:  Real risks in a virtual world in the blog at DF Murphy Insurance Agency, Inc. from May 11, 2015.

2Please see Understanding Cyber Liability Insurance from Trusted Choice® Independent Insurance Agents.

3Please see Social Engineering in Wikipedia, the free encyclopedia.

My final words on Ransomware (at least until next month)

Gavin Livingstone, Bryley Systems Inc.

Ransomware continues to grow at a rapid pace:

  • The FBI received over 2,400 Ransomware complaints in 2015
  • There was a 30% increase in Ransomware cases in Q1-20161
  • Ransomware infections in April 2016 more than doubled2

The most-popular variants and their distribution methods:

  • CryptoWall – Distributed through ZIP attachments on email files
  • Locky – Spreads through MS Office macros or JavaScript files
  • Samas – Propagates on vulnerable web servers

Why it is so attractive to cyber-criminals:

  • There is a direct path to immediate payment from the recipient (versus other, riskier, cyber-crime methods that require selling something, i.e.: credit-card information, to unknown parties that might be law enforcement)
  • It is easily spread through phishing (and now, vulnerable web servers)
  • The technology is constantly improving
  • Anyone and everyone is a target

The impact3:

  • Temporary or permanent loss of sensitive files and information
  • Significant disruption to daily operations during recovery
  • Financial impact to restore (or re-enter) encrypted files
  • Possible harm to the organization’s reputation

A few of the best defenses:

  • Backup your files at least daily and store these backups at a remote location3
  • Keep anti-virus/anti-malware software and operating systems up-to-date
  • Do not click on Web-links on an email or a website
  • Whitelist desired applications; blacklist all others
  • Restrict end-user access and permissions

1Please see “Q1 2016 saw a Record High for Ransomware” by Larry Loeb of Security Intelligence on May 24, 2016.

2Please visit “April 2016 was the Worst Month for Ransomware on Record in the US” by GoldSparrow in Computer Security articles at Enigma Software.

3Go to “Ransomware and Recent Variants” published by the US Computer Emergency Readiness Team (US-CERT) on March 31, 2016.

4Visit “More Ransomware – Jeez I’m getting sick of this topic!” in the May 2016 edition of Bryley Information and Tips (BITs).

Bryley Basics: Setup your Android or Apple phone as a burner

Anna Darlagiannis and Gavin Livingstone, Bryley Systems Inc.

Wouldn’t it be great to have a disposable phone-number; one you could use to make calls to an unavoidable person that you’d rather not have call you back?  Well, you can now get Burner from Ad Hoc Labs, Inc.

Burner creates phone-numbers on your existing phone.  You can create multiple burner numbers, temporary or long term, which are accessed through the app.

Burner is perfect for keeping your phone-number private.  Potential uses include:

  • First dates,
  • Selling items on craigslist, and
  • Responding to nuisance situations.

Basically, any time you wish to remain anonymous and keep your real phone-number private, you can call or text through Burner and avoid the hassle of a potential call-back or text-back.

Burner starts at $1.99 and can be purchased through App Store (Apple) or via Google Play.  Pricing is based on functionality:

  • Number of texts sent,
  • Number of minutes used, and
  • Number of days the phone number stays active.

Burner is, however, free to download and Ad Hoc Labs provides a free trial – you can test a free burner phone-number for up to seven days.

More Ransomware – Jeez, I’m getting sick of this topic!

Gavin Livingstone, Bryley Systems Inc.

Guess what:  Cyber crooks are killing it!  According to Kaspersky Labs, over 700,000 people late 2015/early 2016 gained the privilege of stress-testing their backup strategies or forking over money (and a comment on their vulnerability) to some overseas creeps who view every server and workstation as a potential cash cow; this was 5x the amount of people reporting similar issues in late 2014/early 2015.  And, the attacks are getting more sophisticated, and much more effective.

Sure, it is constantly in the news and we are all concerned, but many of us are like the proverbial Ostrich, sticking our proverbial (yes, I meant to repeat proverbial; I like the way it sounds; proverbial, proverbial, proverbial) heads in the sand.  And, it is costing us significant money!

To recover from Ransomware, we recommend backups that follow the 3:2:1 rule:

  • Three copies of your data
  • Two media types
  • One offsite

This simple rule, when followed diligently using a professional-grade backup application with at least daily, monitored, encrypted backups, can save your data from Ransomware, disasters, and other ills.  (Windows Server Backup, although improved, is not a professional-grade backup application since it lacks logging, which can lead to unintended consequences, particularly when swapping backup media on a daily basis and trying to verify previous, good backups.)

Case in point:  We saved an organization that relied on Windows Server Backup with a single, attached USB drive (no media swapping). It was attacked by Cerber Ransomware, which was inadvertently downloaded to the Windows PC of a user with administrative rights.  (Cerber Ransomware is licensed to cyber-criminals, who pay royalties for its use; these royalties are sent back to its originators in Russia.  It emerged in March 2016 and has recently targeted Microsoft Office365 users.)

The virus on the server went to high-value accounts, concentrating on encrypting data and Windows Server Backup files while making it appear that all files within most folders were already encrypted (although only about one in 10 had been encrypted initially).  Some interesting points:

  • The virus was injected into User Accounts in their AppData/Remote folder, which executed when the user logged onto the network.
  • Over 25,000 data files in about 1500 folders were encrypted.
  • All Windows Server backup files on attached drives were encrypted and renamed to @@@@@@@@.server with the current date or no date.
  • The requested ransom was $2,000; 2.725 bitcoins.

In broken English, the attackers noted:

  • “You have turned to be a part of a big community #CerberRansomware.”
  • “…we are the only ones who have the secret key to open them (your files).”
  • “Cerber … is not malicious and is not intended to harm a person…”
  • “…created for the sole purpose of instruction regarding information security.”

The upshot:

  • We rebuilt the server and reintroduced it to the network.
  • The Network Administrator’s workstation was wiped clean and rebuilt.
  • With significant effort, we recovered 90% of the company’s original data.
  • We now professionally backup this site using our remote Bryley BU/DR.

Related:

  • Anyone and everyone is a target; these criminals are happy to get a few hundred dollars each from millions of potential “customers”.
  • A solid backup plan is only one step in your line of defense; security requires a multi-layered approach.
  • Don’t pay cybercriminals; one Kansas hospital paid the ransom, and was told to pay again! Plus, you become an unwitting target for future attacks!

Please see these issues of Bryley Tips and Information (BITs):

Please also see Cyber-Security Firm:  Crypto-Ransomware Infections have reached Epidemic Level by Jonathan Keane of DigitalTrends on 6/24/2016.