Hate Cannot Prevail: The Modern Day Fire Alarm

Author Archive

Hate Cannot Prevail: The Modern Day Fire Alarm

Written by Scott Hall on . Posted in Security, Technology

On December 1, 1958, a fire broke out in the basement of Our Lady of the Angels School in Chicago. Due to a grandfather clause in building construction, the school did not have to comply with upgrades to the Illinois Fire Code. The school was well-maintained, clean and relatively modern. However, the school’s failure to have important updates in fire prevention led to this tragedy. The building had only one fire escape, no direct alarm wire to the Chicago Fire Department, no heat detectors, no automatic fire sensor, no fire doors and no sprinkler system. There were two unmarked fire alarm switches and only four fire extinguishers, mounted out of the reach of all the children and most of the adult staff, seven feet off the floor.

In the aftermath, 92 children and three nuns perished. A year after this tragedy, 16,500 older school buildings in the US were brought up to modern fire code.

We all remember fire drills from our school years. At surprise intervals, the fire alarm system was tested for its performance and ability to notify all students and teachers of a fire. Student preparedness was also critical to these drills, as knowing how to react without panic or emotional duress is just as important as a warning klaxon or strobe light.

This system is impressive in that, even as adults, we instinctively know what to do when we hear a fire alarm. And it’s so effective that not a single child has died in a school fire since 1958.

Not a single fatality.

In 60 years.

In that same time frame, 458 students have been murdered in by active shooters in schools and colleges. Why are these fire drills and alarms systems so effective? What makes them work?

The answer is layering.

Layer: a fire alarm klaxon, that makes a loud noise that every can hear clearly and easily recognize.

Layer: sprinklers. When they get hot, they activate and suppress the fire with water, slowing its spread.

Layer: backlit exit sign. With an attached battery backup, the sign will light up indefinitely, showing anyone who views it how to escape the building.

Layer: human drilling and practice. This reinforces the process, creates familiarity with all the other layers and allows a calm process to be followed without taxing critical thinking skills that can lead to panic.

The merger of reliable technology and consistent reinforcement of best actions through assessment and drilling have reduced the number of fatalities in school fires to zero. School fires still occur, to be certain. There are even a few injuries every year. But ZERO fatalities.

There is now a ‘fire alarm’ for the active shooter nightmare. With the Guardian Indoor Gunshot Detection System, first responders, and occupants receive real-time location and confirmation of a gunshot inside a building, and act with confidence instead of fear and panic. Law enforcement gains tactical intelligence to stop the threat, and everyone inside can follow their processes for crisis management safely and confidently but most importantly, faster.

In response to the vicious and hateful attacks at the Tree of Life Synagogue in Pittsburgh, SOS has committed to bringing this life saving technology to particularly at-risk faith centers and places of worship, along with schools both public and private, and sites around the country. We will not watch as these attacks of senseless hate and violence continue to hurt our communities and our hearts, and take the lives of loved ones & friends.

A Practical Guide to Data Encryption

Written by Scott Hall on . Posted in Computer Security

There are few organizations that do not hold some kind of sensitive data, be it something as simple as customer addresses for delivery, or something as serious as patient medical records. Breaches of this data are happening every day, and not knowing the consequences of a successful breach is not a valid defense in modern times.

If a breach occurs in an industry with any government oversight at all, any organization found to be careless or deviating from industry best practices on security can face substantial penalties, not only reputational damages but monetary fines as well.

On the other side, maintaining proper security protocols can open up a number of business opportunities. For example, a start-up engages in a partnership with an established company that needs to ensure its new vendors are taking security seriously as to not jeopardize their own operations. This is but one case where failure to adhere to security standards can impact your organization.

For whatever reason a company would need to encrypt their data, it may seem like a daunting and intensive task, however critical it may be. It doesn’t have to be difficult at all. Ideally, encryption functions best when it is absolutely unobtrusive and invisible to daily users.

While large company data breaches make the headlines and cable news, it’s often small and medium businesses that are harmed by these intrusions. Potential fines, loss of reputation and lack of consumer confidence can be an often fatal blow to SMBs, whereas larger enterprises can absorb that kind of damage. When taking the potential loss into account, encryption and data security is critical in the small to medium business space.

There are many technical methods of data security, and while these are essential, they work best in tandem with employee awareness and training. Employees can minimize the organization’s risk profile and even limit the data’s exposure to the world at large, just by being aware of best practices and the consequences of mishandling.

Developing non-obtrusive methods of data encryption & security are imperative, as humans naturally seek out ways to be most productive, even if it means cutting corners for access to critical data in the name of efficiency. These process shortcuts can sometimes become the very method of attack used by criminals to steal data, or insert malicious programs behind firewalls.  Common issues that occur are passwords written and left in proximity to the PC or device they belong to, or removing hardware from a secured facility to an unsecure one, and not preventing access by unauthorized persons, such as ex-employees or vendors. Recognizing your vulnerabilities through an objective assessment can go a long way in minimizing your risk profile and ensuring that even in the event of a breach, your organization has taken great care in adopting standard practices to ensure data security is taken seriously.

Contact the professionals at SOS if you believe your organization can benefit from an in-depth review of data security practices.

Active Shooter Threats in the Workplace

Written by Scott Hall on . Posted in Security

shot detection

The mass shooting that took place in Aberdeen, MD on Sept 20th 2018 was the third such incident in 24 hours in the United States. The day before, a suspect was killed by police after wounding four people at a software company in Middletown, Wisconsin and another suspect was engaged by law enforcement and killed after wounding four in a public courthouse in Masontown, Pennsylvania.

These deplorable and senseless incidents were once singular aberrations in the fabric of America. Now, they are so common that almost no location is safe from this threat. In this current climate, it becomes incumbent on businesses to ensure they are doing all they can to keep their people safe, and limit their risk in the event the unthinkable becomes reality.

 

In some incidents, the aftermath has addressed civil liability for premise owners & operations brought by survivors and on the behalf of victims. These have been based on a perceived lack of care and failure to employ safety and security measures that are now commonplace in the 21st century. Camera surveillance, access control systems and even gunshot detection platforms are such a reality for American workers that we hardly notice them. Instead, their absence is what creates cause for alarm. Without these systems in place to prevent access and monitor for visual evidence, these civil actions have been successful in obtaining payments under a business’s liability insurance policies.

 

This has not always been successful, as juries have not always held businesses liable. In the Aurora, Colorado shooting, a jury found cinema chain Cinemark not liable for that crime. Even so, insurers have now started to scrutinize their offerings and coverage to determine what kind of exposure policy holders have to this kind of risk. It’s feasible that worker injuries would be covered by worker’s compensation insurance, while commercial general liability policies would provide remedy for resulting bodily injury claims from customers, vendors and bystanders along with any property damage claims. Currently, many commercial general liability policies do not inherently exclude nor cover active shooter attacks, and may not response to claims with any specificity, where an individual was expressly targeted by a suspect.

 

When taking a more broad approach, commercial liability policies can include terrorism riders that, under very specific conditions, address acts of terrorism. The federal government does provide re-insurance for insurers under certified acts of terrorism, which was signed into law after the September 11th attacks in 2001. As of 2007, this law also includes domestic terrorism, which had been excluded. However, domestic terrorism has a tough standard to certify, as the federal government has not yet certified any terroristic acts, domestic or foreign, since 2001.

 

Under this current, heartbreaking trend, active assailant insurance is being offered by many major carriers. These policies often include a number of tools to help save lives, including training for personnel and vulnerability assessments. SOS Technology Group has seen this trend only increase, sadly, and are here to assist with any questions on this topic.

Cybercrime and Real World Terrorism: Strange Bedfellows?

Written by Scott Hall on . Posted in Computer Security

We know the impact of cyber-crime as it relates to every day users. Credit card theft, sensitive personal data stolen, and much more have been attributed to so-called ‘cyber terrorists’. Is it then possible that more ‘conventional’ terrorists would be interested to use similar tactics? This may sound extreme, especially due to the limited and reversibility nature of the impact of certain cybercrime tactics and the precautions that forewarned businesses and organizations can take. However, it is difficult to brush off the threat in an external inspection of both the dynamics and methodology of these types of attacks, and the tools used to perpetrate them.
Conventional terrorists–regardless of ideology have engaged in the digital space for any number of reasons, most having been born of necessity. For things like covert communication, recruitment, propaganda, transferring illicit funds undetected, and, most importantly, sharing amongst a geographically dispersed command structure. Information disseminated in the cyber space also includes target assessments for real-world terrorist acts, and tactical assignments.

However, this could change with increasing technical competency and capability for network-based attacks and growing number of bad actors in the online community. Opportunity for online interaction and training has compensated terrorists the loss of physical space for such activities on the ground. Current social networking tools such as Facebook, Twitter, and Instagram, among others, provide platforms not only to share information and expertise but also practice it in virtual space. It’s simply a foregone conclusion that funding terrorist acts, either directly or via support and logistical infrastructure, through cybercrime and ransomware is ongoing.
Ransomware tools like WannaCry and others have the potential to reduce the opportunity cost for conventional terrorist attacks as well. Al Qaeda and the Islamic State of Iraq and Syria (ISIS) have demonstrated much interest along with some capability to develop and use chemical, biological, radiological, or nuclear weapons (CBRN), and while there has been no successful mass casualty terrorist attacks involving them, there is the concern that these groups might lose control over the consequences of such an attack, in such that they could affect the members of the communities they are purportedly fighting for. However, use of weapons of “mass disruption” like ransomware as against weapons of “mass destruction” will enable terrorists to cause large-scale damage (loss of data and equipment), chaos (in hospitals and other public utilities) and fear, while simultaneously filling their coffers. Imagine the impact if terrorist groups like Al Qaeda or ISIS were involved in WannaCry attack. For terrorists, it’s a win-win tactic as they can achieve almost similar attention and without firing a shot or exploding a bomb, all without garnering the attention of conventional law enforcement and military tactics used in stopping them.

If you are concerned about your organization’s susceptibility to cyberattack, contact us today.

Staff Augmentation: A New Take on Outsourcing

Written by Scott Hall on . Posted in IT News

When thinking of a managed IT service provider, the small to medium business comes right to mind. MSPs offer an amazing value to SMBs, providing robust IT support for a significantly reduced cost compared to having their own IT staff. As your business grows, operations typically demand permanent in-house IT staff for support and maintenance. Even with new in-house IT staff, is it time to divest from an MSP?

 

Absolutely not.

 

Growing an enterprise is the epitome of success, but with transition comes change, and change can always be uncertain. New IT directors and management find themselves spending hours documenting, learning about infrastructure and equipment, and more on-boarding task, leaving the day to day IT support to newer, less experienced personnel going through the same on-boarding process. This is where staff augmentation can help your business thrive.

 

For example, Company A has decided to create its own IT department after years with an MSP because of tremendous growth in their market. But their budget doesn’t allow for the 10 person staff actually needed to manage and support their infrastructure this year, they can only hire 5, including management. The additional new hires will have to wait until the next fiscal year. But in the meantime, they still need the support, so what can they do?

 

The MSP can work alongside in-house IT staff, typically taking tiered responsibilities away from the client, for a fraction of the cost of full-time employees. The MSP will handle front line help desk on basic issues, the most time consuming and routine, so that Company A’s IT team can focus on working efficiently with the burden of being of understaffed removed. Working this way, managed services providers become a force multiplier for the client’s dedicated IT team, allowing them to work as they need knowing that the organization’s employees are still having their IT needs supported, while staying within budget and resource constraints. The MSP becomes a strategic partner for the customer, supporting them through whatever situations may arise.

 

Are your IT needs outgrowing your current team’s bandwidth? Don’t let IT employees burn themselves out with overwork. Consider staff augmentation with SOS Technology Group, and partner with us at every stage of your business.

Tech Headaches? We can help! Contact us now »