Up Times
Tech seems on a specific trajectory, but the more we make computer operation sleek and convenient in presentation, speech and form, the more people’s security behavior gets lax. We lose the feel of the processes and thinking that goes into working with hardware and software. Smooth, effortless interfaces mask complex processes. We can get lulled into a sense of safety, sacrificing the real thing.
Making sense – The abundance of choices creates a challenge for businesses. Hundreds of options for every need, from CRMs and ERPs to the sudden 200+ AI chatbots, make navigating it all always more difficult.
Abundance can lead to reactive software accumulation without a clear strategy – the average business has over 100 SAAS (Software-as-a-Service subscriptions)1 – the code maintenance itself can invite problems. Deploying M365 Copilot, for instance, can surface vulnerabilities if organizations don’t implement it strategically (details follow, below). These days organizations don’t lack tools, but with the quantity of tools, organizations can lose focus.
This is especially where Bryley can provide value. Bryley offers expertise and support, helping organizations make informed technology decisions. Bryley’s engineers and techs partner with clients so those clients achieve their important successes – aided by technology, not hindered by it.
1 Andreessen Horowitz, a16z.com/usage-based-pricing-rule-of-thumb/
Bryley has made the Boston Business Journal 2025 Fast 50 List for rapid growth over the past three years.
Bryley Among Boston Business Journal’s Top Growth Companies
Growth is a sign of strong client partnerships
Bryley has made the Boston Business Journal Fast 50 List thanks to the support of its loyal clients. A noteworthy accomplishment to be one of the fastest growing private [Massachusetts] companies based on three years of growth, said Peter Sande of the Boston Business Journal.
For an IT Managed Service Provider (MSP) consistent growth signifies more than financial success. The recognition is a reflection of the partnerships Bryley builds with its clients and Bryley’s commitment to providing exceptional IT service … [5 min. read] Continue Reading >
Its intentions are good, but Microsoft 365 Copilot can help and also hurt an organization. Its deployment should be carefully thought about.
M365 Copilot Amplifies a Security Problem
How well do you know your Copilot?
Its answers may surprise you
Sandra, a bakery owner, welcomed Microsoft 365 Copilot helping with admin tasks. It summarized customer feedback, helped draft emails and tracked sales trends.
At year’s end she scanned her 1099 tax form and uploaded it to her OneDrive “Finances” folder to share it with her accountant. She wasn’t thinking that the “Finances” folder had been used for budgeting and forecasting with staff members and had a spreadsheet with employee salary information.
When tax season neared, Sandra instructed Copilot, “find my 1099.” It surprised Sandra when Copilot found her 1099, but also provided all employee salaries from the shared folder. Sandra’s query uncovered a hole in her company’s data security: as it stood, sensitive employee information might have been shown to anyone internally with Copilot access. This could lead to misuse, resentment and workplace conflict … [6 min. read] Continue Reading >
Roman Lysecky of Boston’s BG Networks talked about the fulcrum that has ease-of-use at one end and security at the other.
‘It was right there in the App Store’
Boston medical IoT (Internet of Things) device security company BG Networks talked about the Signal messaging app mishap when US military attack plans were shared with the Atlantic Magazine’s editor by mistake. The BG guys ask what can we learn from this event.
Colin Duggan called the Signal app the gold standard … really wonderful end-to-end encryption … symmetric encryption, asymmetric encryption, key exchange, all with the right levels of security, [from] a charitable organization .. so there’s no agenda. So really kind of a great app to use.
However Duggan says that Signal was not made for the kind of confidential intelligence that it ended up being used for. First thing is the security of the endpoints – these were regular smartphones … the endpoints don’t have the right level of security for that sort of information. The second is the way people get authorized … somebody was just added to a chat … Signal didn’t consider [the app would be used for highly confidential information] and it’s not meant to have [a] very strict way of understanding [if] a person should be [given] privileges … a device that is very secure would absolutely consider [whether participants had authorization] … and the other thing is that there is a warning that’s been going around for some time [that Signal] is vulnerable to phishing attacks.
Roman Lysecky further explained what the Signal app was designed to do and how this usage was not what it was designed for: [select] the right tool for that given application and context … [22 min. watch {First ten minutes is about the Signal incident}] linkedin.com
Bad bot wants to take over the world wide web
More than half of web use is now from bots
Boston tech writer John Mello, writing for Tech News World, presents a recent report: automated bots now account for over half of all website traffic, and malicious bad bots outnumber benign bots (like search-engine crawlers). This surge is attributed to AI – often these bots are hard to detect. With increased bad bots it may mean increased risks of data breaches, denial-of-service attacks, weird Google analytics and financial losses.
It’s another reason to consider better authentication like multifactor authentication (MFA) to protect user accounts. Explore blocking suspicious user agents, too. Also CAPTCHAs on your website are an added layer of defense.
Bryley can help you develop a bad-bot mitigation strategy that’s appropriate for your vulnerabilities … [6 min. read] technewsworld.com
Just like Mailchimp
It’s how you move ahead
Probably from all the years working with humans, one of Bryley CEO Garin Livingstone’s hallmarks is the attitude that when something goes wrong, he’s not interested in who’s to blame, but what are the steps forward.
Recently Troy Hunt the owner of haveibeenpwned.com – meaning he is someone who is well aware of these criminal tactics – clicked a phishing link compromising his 16,000-member email list. A couple take-aways:
The email looked like a legit Mailchimp-account email – it had none of the usual signs of phishing emails, no bad spelling or grammar, no sense of urgency in the language. This is generally thought to be because AI chatbots do such a good job mimicking language and style.
Hunt overrode his password manager’s lack of recognition of the spoofed website, because in real life businesses own multiple domains, and to get things done, we do that for normal reasons sometimes. So let his over-riding and compromise give us pause next time: ‘does over-riding the password manager really make sense?’
So Hunt advocates websites not using passwords. Strong multifactor authentication (MFA) with a yubikey-like device or discrete phone application would have stopped the compromise.
Last, he alerted his email list 34 minutes from discovering what had happened. Hunt considers his admission of falling for a criminal phish something that for the most part has been lauded by those whose email address were compromised. So a quick admission feels like the right tactic to a legally-inevitable admission anyway … [1 hr. video] troyhunt.com
Protecting your family from data breaches
Freezing kids’ credit
Finance writer Holly Johnson’s kids’ information had been compromised due to a data breach at their school. She went through the process of freezing her kids’ credit and found it is not as straightforward as putting a freeze on one’s own credit.
A free credit freeze can prevent criminals from opening new accounts in your name, even if they have your personal information. Credit locks offer faster processing and cost money, free freezes give much the same protection. It’s a simple, powerful step to guard your finances.
Freezing your kids’ credit reports … requires significantly more work than freezing your own as an adult, Johnson writes and details the steps to take. Freezes and locks are effective tactics for improving your and your family’s personal security … [6 min. read] cnet.com
All the personally identifiable information walking away
What becomes of the stolen data?
Bryley partner Barracuda gives a quick glimpse of operations on the dark web. “Fullz” is a slang term used by cybercriminals trading in stolen data, Barracuda’s Tony Burgess writes. It refers to data packages that contain full sets of data needed to steal someone’s identity. A typical fullz package includes name, address, Social Security number, date of birth, and even credit card details …
And, what does Burgess advise about this? At the minimum turning on MFA where you can – verify your employees, your clients and vendors. And a zero-trust architecture, which verifies and reverifies a user, the user’s device and the network before it allows access to an asset … [3 min. read] barracuda.com
Note: The section directly above is Bryley’s curated list of external stories. Bryley does not take credit for the content of these stories, nor does it endorse or imply an affiliation with the authors or publications in which they appear.
Get Up Times, useful tech news by New Englanders in Your In-Box
- Subscribe to Up Times, the monthly New England-centric technology newsletter.
- Up Times covers:
-
- Trends in New England tech
- Security tips you can implement now
- Updates on regional and national laws and compliancies
- IT-related developments
- Networking and cybersecurity challenges New England business managers are facing
- In continuous publication since 2000, Up Times arrives monthly in your email box.
Sign up for Up Times to have tech news and tips delivered monthly via email
Central MA Office
200 Union Street Clinton, MA 01510
Existing Customers
Sales Inquiries
© Copyright 2025 Bryley Systems Inc. All Rights Reserved. Website in partnership with Tech Pro Marketing. | Privacy Policy | Accessibility Statement