We are information security and technology managers, and our blog serves as the way to share useful industry information with you.  Here you will find updates about our company as well as stories about key issues in small business IT.

We’re mostly closed for last two weeks of December.

By |2022-10-30T17:16:47-05:00October 30th, 2022|Categories: Blogs|

We're almost at the finish line with just about forty business days left.  Here are some key dates to be aware of that affect our team: November 11th is the project cut-off for any work-order in 2022. December 16th is the last day for deliverables on work-orders.   December 16th is also the last day for any [...]

Microsoft 365 Basic to Modern, Legacy Authentication Clients, and October 1st, 2022.

By |2022-07-06T09:34:08-05:00July 6th, 2022|Categories: Blogs|

Businesses that use Microsoft 365 (or Office 365) need to mark October 1st, 2022 on their calendars.  This is the official deadline for Microsoft's "Deprecation of Basic authentication in Exchange Online".   While every business should have been taking incremental steps to readiness for this moment, many will be caught off-guard by the change.   We have been [...]

Apache Log4j project CVE-2021-44228 Disclosure

By |2021-12-13T10:37:20-05:00December 13th, 2021|Categories: Blogs|

Apache Log4j project disclosed CVE-2021-44228, which is a Critical (CVSS 10.0) remote code execution vulnerability affecting Apache Log4j2 version<= 2.14.1. A subsequent security patch was released on Dec 10, 2021. We have observed widespread scanning and exploitation of this vulnerability over the internet using a publicly available PoC (Proof of Concept) exploit. TechBento has completed investigating [...]

The day a Microsoft Outlook Outbox item caused a security incident.

By |2021-10-08T12:35:36-05:00October 8th, 2021|Categories: Blogs|

This is a security incident with a happy ending, or at least one that is benign.  It all started with an alert from a server indicating an anomaly with "Network Out" traffic from a system under our control.  The detection simply showed a system uploading significant amounts of data. As part of security monitoring we analyze [...]

Your Confluence instance was hacked if you were running an affected version on August 25th or thereafter.

By |2021-09-04T08:37:07-05:00September 4th, 2021|Categories: Blogs|

There were ample signs something big was brewing as all US agencies were issuing warning for Labor Day Weekend.  They were too slow to provide useful information, but they were right.  On August 25th Atlassian disclosed a vulnerability in Confluence (CVE-2021-26084) and if your organization was running an affected version of Confluence there is no point [...]

Employee is being fired: an explanation for why wiping a device is likely not an option.

By |2021-03-07T18:45:27-05:00March 7th, 2021|Categories: Blogs|

Very often an organization falsely believes they can wipe a device in the event of an employee termination using a remote wipe command.  While remote wipe technology may be available for some/all mobile devices, it is unlikely you can use this feature during an employee departure.  As you will learn from this guide, remote wipe is [...]

The most underrated and essential feature in Outlook Web Access to cybersecurity.

By |2020-08-03T20:48:10-05:00August 2nd, 2020|Categories: Blogs|

Go ahead and visit the "Add-in for Outlook" page in Outlook Web Access, then come back to this post.  First, if you did click on that link, and signed in it means that you trusted our post.  Don't worry, it was a legitimate link, but you should consider how little effort it took to obtain your [...]

Doing Software-as-a-Service Properly.

By |2020-06-25T12:55:03-05:00June 25th, 2020|Categories: Blogs|

The current generation of web applications are products collectively referred to as SaaS: software as a service.  SaaS products are in a different league from hosted applications often masquerading as "cloud" software.  To many, there is little difference because characteristics like multi-tenancy, automated provisioning, scalability and elasticity are not easily conveyed to the end-user.  Perhaps the [...]

How can a small company secure their remote workforce?

By |2020-05-22T12:41:10-05:00May 22nd, 2020|Categories: Blogs|

When the COVID-19 pandemic was in week #1 we sent a general announcement about the technologies and services TechBento was able to offer clients that were most useful. While communication and collaboration were hot topics, so were the means to secure the remote workforce.  We also had an experienced perspective on the circumstances: our team is [...]

Bursting Service Level Agreements

By |2020-05-14T20:51:37-05:00May 14th, 2020|Categories: Blogs|

TechBento's service level agreements are the cornerstone of our managed services.  They set expectations, priorities, and are integral to operational excellence. We are fanatical about tracking our response times and honoring our committments to shared responsibility.  We also build personal relationships and make an extraordinary effort to know our customers. The result of all this is [...]

Maximum stored procedure, function, trigger, or view nesting level exceeded

By |2020-05-08T20:06:38-05:00May 8th, 2020|Categories: Blogs|

Our team provides on-premise and virtual private cloud upgrade management for a number of products including TrialWorks case management software. This week we rolled out TrialWorks version 11.4a and all of our upgraded organizations were affected by a problem on the Depositions tab: new records being added threw a nested trigger exception. While we are all [...]

COVID-19 prompts the activation of disaster response plans

By |2020-03-02T08:29:45-05:00February 24th, 2020|Categories: Blogs|

TechBento considers the COVID-19 threat as a high-risk event with severe disruptions to systems, business operations, and financials.  We anticipate heavy influx of ill-prepared organizations seeking last-minute guidance on continuity planning, remote access, requests for additional capabilities, hardware purchases, communication tools.  As a result we have activated our Disaster Recovery & Response plan for large-scale cybersecurity [...]

ActivTrak on macOS using Addigy and your own MDM Solution

By |2020-01-14T14:58:26-05:00January 14th, 2020|Categories: Blogs|

Monitoring employee activity on macOS is hard.  One of the most popular players in this space is Veriato with a close second of Ekran. Verioto is the owner of Cerebral and Vision, some of which was once known as SpectorSoft 360.  There are several other on-premise and cloud hosted solutions out there, and most do not [...]

CISA Cyber Essentials for Small Business

By |2019-11-12T09:40:15-05:00November 11th, 2019|Categories: Blogs, Client Stories|

The Cybersecurity and Infrastructure Security Agency (CISA) has launched Cyber Essentials, an effort to assist small organizations in understanding and addressing cybersecurity risks. Developed in partnership with small businesses and small state, local, tribal, and territorial (SLTT) governments, Cyber Essentials aims to equip these organizations with basic steps and resources to improve their cybersecurity resilience. CISA’s Fall [...]

TrialWorks Hosting Ransomware Incident

By |2019-11-11T14:33:25-05:00October 16th, 2019|Categories: Blogs, Client Stories|

This has been a tough week for TrialWorks users; as we write this blog the fourth day of a ransomware disaster hosting outage.  According information shared by customers, the hosting system has been down since Sunday morning due to a ransomware attack.  Update:  reports of customers returning to operation have started to come Thursday. Ransomware can [...]

Mitigating Credential Compromise

By |2019-10-07T17:34:21-05:00October 7th, 2019|Categories: Blogs|

Majority of us continue to make bad choices with credential hygiene.  The formula for protecting credentials is fairly simple: unique passwords stored securely and multi-factor authentication.  Implementing that formula requires little more than the willingness to be inconvenienced slightly and a company policy that demands nothing less than "use unique passwords on every system and always [...]

Deploying anti-virus to multiple macOS devices at once

By |2019-10-07T08:55:12-05:00August 23rd, 2019|Categories: Blogs|

The Apple macOS security and privacy features make remote management tough.  Apple's macOS Sierra introduced new security features that simplify apps from the App Store, but complicate everything else.  This spells trouble for applications that need a lot of access, such as antivirus.  The reason they are complicated is quite simple: these applications expect lots of [...]

Cybersecurity for maritime commercial vessels and their operators.

By |2019-10-07T08:52:21-05:00July 12th, 2019|Categories: Blogs|

Once in a blue moon we have a business owner dismiss security risk based on claiming they are simply not interesting enough, or not valuable enough, to be targeted by malicious actors.  They see themselves as isolated, perhaps somewhat like ships at sea.  Well, even ships at sea are targeted and the recommendations from the United [...]

Apple Business just validated the Shared Responsibility Model

By |2019-10-07T08:50:23-05:00September 15th, 2018|Categories: Blogs|Tags: , |

The shared responsibility model has been the center of our end-user solutions, despite the idea being a tough sell.  Even today, it is relatively common for organizational staff to expect "help-desk" or "tech support" for issues big and small. While we modeled our business practices on shared responsibility within organizations, only Amazon Web Services was doing [...]

No-cost, secure, and high-performance DNS

By |2019-10-07T08:49:27-05:00April 2nd, 2018|Categories: Blogs|

Domain Name Servers (DNS) are the Internet’s equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses. This is necessary because although domain names are easy for people to remember, computers or machines access websites based on IP addresses. TechBento DNS brings together cyber threat intelligence [...]

Self-Service Software

By |2019-10-07T08:47:50-05:00December 1st, 2017|Categories: Blogs|

Our macOS management agent offers two key features that were hugely important in November. The first, the ability to push updates and commands on the fly. We patched your systems for the macOS Root Vulnerability behind the scenes as soon as the information became public. The second feature is our expansion of the Self-Service application [...]

TechBento Pulse Expansion

By |2019-10-07T08:44:42-05:00November 1st, 2017|Categories: Blogs|

Our systems infrastructure team leverages TechBento Pulse, our remote management and monitoring platform, for auditing and administering your servers and critical systems. Along with the on-premise and helpdesk service expansions, we are also launching the next generation of TechBento Pulse. TechBento Pulse now extends the same level of audit and control we have over infrastructure down [...]

24/7 Level 1 HelpDesk

By |2019-10-07T08:44:22-05:00November 1st, 2017|Categories: Blogs|

We are committed to a manageable customer base and remaining a bespoke IT management and security services company.  While we encourage our customers to remain self-sufficient and use IT for issues beyond break/fix support, we recognize the need to support an ever-more complex world of devices and users. You can now add 24/7 help-desk and support [...]

On-Premise Services

By |2019-10-07T08:43:36-05:00November 1st, 2017|Categories: Blogs|

Introducing TechBento OPS! We're excited to now be able to offer our customers on-premise support for major hardware implementations, upgrades, and special projects in most major metro areas.  Expanding our architecture and infrastructure design services, we are now able to send system administrators and engineers to your offices for installation of network hardware, power systems, and [...]

Certifications Matter

By |2019-10-07T08:42:52-05:00September 1st, 2017|Categories: Blogs|

TechBento joined the Amazon Partner Network the year it became introduced. Back then Amazon had a few dedicated individuals and virtually no infrastructure for members, but that changed quickly. Within a year AWS posed strict certification and examination requirements and the term "Amazon Certified" became a buzzword. Companies literally started hiring people that had these certifications [...]

Amazon Cloud Outage

By |2019-10-07T08:41:10-05:00February 28th, 2017|Categories: Blogs|

According to reports, over 121,000 companies were affected today as Amazon Web Services encountered a massive problem within their infrastructure.  Major websites like AirBNB, FreshBooks, Twillo, ZenDesk, Pinterest, Lonely Planet,  MailChimp, Citrix, and even Apple's iCloud were experiencing issues among many more.  Certain Amazon Cloud hosted servers were completely offline while others had no visible impact. Among [...]

NIST Launches Beta Site for the Computer Security Resource Center (CSRC)

By |2019-10-07T08:40:02-05:00February 23rd, 2017|Categories: Blogs|

The NIST CSRC Redesign Team have been developing a new version of CSRC, and today you can access the beta release at https://beta.csrc.nist.gov. It will be available alongside http://csrc.nist.gov for several months as NIST continues to fix issues, implement enhanced functionality, and migrate existing content. A completely overhauled Publications interface includes significantly more publication details, historical documents, [...]


Cybersecurity means protecting electronic devices and electronically stored information. Cybersecurity is a component of information security and addresses protection and restoration of information technology within an organization. All organizations are different and thus require different levels or protections. Likelihood is the chance that a threat will affect a business and serves as a guide in determining what protections should be put into place.


Strategic thinking is at the heart of information security and each organization needs to meet demands of adequate security. Any company, big or small, should be capable of doing an inventory of all information technology assets and analyzing risks. For small organizations this can be as simple as understanding each asset’s confidentiality, integrity, and availability needs; rating it’s importance to the business and acceptable recovery points and time windows; and allocating resources for methodical solutions to the most important parts.
Go to Top