Prepared: July 2022

Implementation of Multi Factor Authentication

Effective: Immediately

What Is Two-Factor Authentication?

Two-factor authentication is a way to prove that the person who has entered the correct password to access your computer or account is, in fact, you (as opposed to a someone or something that managed to get hold of your password through illicit means, such as a phishing scam).

To confirm it was you who entered the password, your two-factor authentication service will provide a one-time verification code through various methods: an app, text message or call. You type in that code and to unlock your account.

What Is Multi-Factor Authentication?

Multi factor authentication or Multi-layer security is what the term implies — the addition of extra security measures.

If a cyberthief was able to steal your phone, that person would be the one receiving any verification code from of 2 step authentication. If your phone is locked but text messages show the contents, the code could be viewed. If the thief has access to your email account, they could initiate a password reset. You can reduce the risk by using a two-factor authentication service that sends you the verification code only after you’ve successfully answered a challenge question. This would therefore be 3 factor authentication (password, challenge, and code)

While 2-factor authentication would be the minimum standard and an important step toward protecting your data, it may not be enough. You can implement “multi-layer security” so that if you slip up and accidentally open the door to a data breach, the thieves are less likely to succeed.

What Can You Do to Add Multiple Security Layers to Your Computer?

Phishing security. For starters, get an integrated anti-phishing platform. These typically involve filtering all your incoming email through an AI-powered service that looks for signs of fakery afoot. If an email you receive triggers machine suspicions, you’ll get a warning to run, not walk, to the nearest exit. These platforms can also analyze your email opening-and-answering habits to let you know whether scam artists are likely to consider you an easy mark.

A password manager. On top of that added layer, start using a password manager. It’ll spare you the need to create unique passwords for the dozens of online accounts, thereby eliminating the dangerous temptation to recycle the same password over and over. The password manager automatically generates random passwords for each online account — no two passwords are ever the same or even similar. Password managers also encrypt those passwords for greater security.

Automatic, frequent backups. Backing up your files also counts as an additional layer of security. You could do it manually, but I have found through 17 years of helping lawyers with their IT that this approach invariably fails. It is better to use a service that automatically and frequently backs up your data, ideally to a cloud-based, third-party service provider. (Don’t forget to vet the provider.)

Common sense. Then there are all the commonsense kinds of things you can do, like teach your staff to be more aware of cyberthreats, never share passwords, and never walk away from their desk even briefly without first locking their computer. The best way to educate your team is with cybersecurity software that takes over this role. If it’s up to someone on your team to run that, again, it often fails.

Source:

Prepared: June 2022

Effective: Already in Effect

Drop Dead Date for Adoption of Replacement Technology: December 31, 2022

Sonicwall TZ100, TZ105, or TZ200 series routers are no longer being support by Breton Technologies as active firewall appliances. Although the devices will continue to operate as functioning routers, security subscriptions are no longer being offered.

Sonicwall appliances are our preferred products for our business clients requiring best in class security. The Sonicwall TotalSecure annual subscription is highly recommended to accompany the hardware device , offering Intrusion Prevention, Email Scanning, Anti-Virus protection, and Content Filtering.

Prepared: June 2022

Effective: December 1, 2022

Based on information released by various technology manufacturers, Intel processors that are released as 4th generation processors or lower will no longer meet today's standards of performance in our business environments. At the time of preparing this advisory, Intel has released its 12th generation processor. Clients are encouraged to refresh their inventory by retiring all PCs containing these processors (or AMD equivalents) for newer generation processors.

Prepared: June 2022

Effective: December 1, 2022

Based on information and bulletins released by Microsoft Corporation, Breton Technologies and its partners will no longer be providing support for Microsoft Office 2003 (all versions), Microsoft Office 2007 (all versions), and Microsoft Office 2010 (all versions).

Although these products may continue to run on the latest Windows operating systems, we have experienced a number of occasions where installations, re-installations and general functionality fail. Microsoft no longer provides security related updates or service fixes. In the event of a failure, no action will be taken in an attempt to resolve the issue.

Prepared: June 2022

Effective: December 1, 2022

Based on information and bulletins released by Microsoft Corporation, Breton Technologies and its partners will no longer be providing support for Microsoft Windows Server 2008 and all previous releases.

Although Windows Server may continue to run on the latest PC hardware , we have experienced a number of occasions where installations, re-installations and general functionality fail. Microsoft no longer provides security related updates or service fixes. In the event of a failure, no action will be taken in an attempt to resolve the issue. To avoid interruption to normal business operations and/or significant downtime, clients are encouraged to upgrade all servers prior to experiencing failure or significant downtime.

Users of this product would be considered non-compliant with respect to today's security standards.

Prepared: June 2022

Effective: Already In Effect

Drop Dead Date for Adoption of New Technology: December 31, 2022

Microsoft has announced that it will no longer be selling or supporting Microsoft Small Business Server (SBS). The last release of SBS contained Windows Server 2011 bundled with Microsoft Exchange 2010. Clients will be required to move to a cloud based service such as Microsoft 365 or configure its on premise network to run a Windows Server as well as a separate Exchange Server product (running Microsoft Exchange 2019). Each product can run on its own server  or be configured as a VM. When Microsoft discontinues a product, it means that it will no longer provide updates, fixes, service packs and critical security updates.

Users of this product would be considered non-compliant with respect to today's security standards.

Prepared: February 2020

Effective: June 1, 2020

Breton Technologies does NOT provide technical support via text messaging. There are several reasons for this policy. Despite the notion of being a convenient method of communication, texting is difficult for our technicians to provide technical advice and even more difficult to provide step by step support technical instructions. More importantly, our technicians are often in the field or conducting remote support and are therefore unable to quickly respond. Texting can lead to a delay in service response times or delivering service in the absence of accurate information. Our service ticketing system, implemented in January, 2020 triages all incoming requests and assigns tickets to the proper technician based on the ticket submission details.

Once a ticket is assigned our technicians may then use text messaging or email as a supplemental support tool in the service process. In the event of an Internet outage, clients can indeed send an emergency text or call our office.