A Practical Guide to Data Encryption

A Practical Guide to Data Encryption

Written by Scott Hall on . Posted in Computer Security

There are few organizations that do not hold some kind of sensitive data, be it something as simple as customer addresses for delivery, or something as serious as patient medical records. Breaches of this data are happening every day, and not knowing the consequences of a successful breach is not a valid defense in modern times.

If a breach occurs in an industry with any government oversight at all, any organization found to be careless or deviating from industry best practices on security can face substantial penalties, not only reputational damages but monetary fines as well.

On the other side, maintaining proper security protocols can open up a number of business opportunities. For example, a start-up engages in a partnership with an established company that needs to ensure its new vendors are taking security seriously as to not jeopardize their own operations. This is but one case where failure to adhere to security standards can impact your organization.

For whatever reason a company would need to encrypt their data, it may seem like a daunting and intensive task, however critical it may be. It doesn’t have to be difficult at all. Ideally, encryption functions best when it is absolutely unobtrusive and invisible to daily users.

While large company data breaches make the headlines and cable news, it’s often small and medium businesses that are harmed by these intrusions. Potential fines, loss of reputation and lack of consumer confidence can be an often fatal blow to SMBs, whereas larger enterprises can absorb that kind of damage. When taking the potential loss into account, encryption and data security is critical in the small to medium business space.

There are many technical methods of data security, and while these are essential, they work best in tandem with employee awareness and training. Employees can minimize the organization’s risk profile and even limit the data’s exposure to the world at large, just by being aware of best practices and the consequences of mishandling.

Developing non-obtrusive methods of data encryption & security are imperative, as humans naturally seek out ways to be most productive, even if it means cutting corners for access to critical data in the name of efficiency. These process shortcuts can sometimes become the very method of attack used by criminals to steal data, or insert malicious programs behind firewalls.  Common issues that occur are passwords written and left in proximity to the PC or device they belong to, or removing hardware from a secured facility to an unsecure one, and not preventing access by unauthorized persons, such as ex-employees or vendors. Recognizing your vulnerabilities through an objective assessment can go a long way in minimizing your risk profile and ensuring that even in the event of a breach, your organization has taken great care in adopting standard practices to ensure data security is taken seriously.

Contact the professionals at SOS if you believe your organization can benefit from an in-depth review of data security practices.

Active Shooter Threats in the Workplace

Written by Scott Hall on . Posted in Security

shot detection

The mass shooting that took place in Aberdeen, MD on Sept 20th 2018 was the third such incident in 24 hours in the United States. The day before, a suspect was killed by police after wounding four people at a software company in Middletown, Wisconsin and another suspect was engaged by law enforcement and killed after wounding four in a public courthouse in Masontown, Pennsylvania.

These deplorable and senseless incidents were once singular aberrations in the fabric of America. Now, they are so common that almost no location is safe from this threat. In this current climate, it becomes incumbent on businesses to ensure they are doing all they can to keep their people safe, and limit their risk in the event the unthinkable becomes reality.


In some incidents, the aftermath has addressed civil liability for premise owners & operations brought by survivors and on the behalf of victims. These have been based on a perceived lack of care and failure to employ safety and security measures that are now commonplace in the 21st century. Camera surveillance, access control systems and even gunshot detection platforms are such a reality for American workers that we hardly notice them. Instead, their absence is what creates cause for alarm. Without these systems in place to prevent access and monitor for visual evidence, these civil actions have been successful in obtaining payments under a business’s liability insurance policies.


This has not always been successful, as juries have not always held businesses liable. In the Aurora, Colorado shooting, a jury found cinema chain Cinemark not liable for that crime. Even so, insurers have now started to scrutinize their offerings and coverage to determine what kind of exposure policy holders have to this kind of risk. It’s feasible that worker injuries would be covered by worker’s compensation insurance, while commercial general liability policies would provide remedy for resulting bodily injury claims from customers, vendors and bystanders along with any property damage claims. Currently, many commercial general liability policies do not inherently exclude nor cover active shooter attacks, and may not response to claims with any specificity, where an individual was expressly targeted by a suspect.


When taking a more broad approach, commercial liability policies can include terrorism riders that, under very specific conditions, address acts of terrorism. The federal government does provide re-insurance for insurers under certified acts of terrorism, which was signed into law after the September 11th attacks in 2001. As of 2007, this law also includes domestic terrorism, which had been excluded. However, domestic terrorism has a tough standard to certify, as the federal government has not yet certified any terroristic acts, domestic or foreign, since 2001.


Under this current, heartbreaking trend, active assailant insurance is being offered by many major carriers. These policies often include a number of tools to help save lives, including training for personnel and vulnerability assessments. SOS Technology Group has seen this trend only increase, sadly, and are here to assist with any questions on this topic.

Cybercrime and Real World Terrorism: Strange Bedfellows?

Written by Scott Hall on . Posted in Computer Security

We know the impact of cyber-crime as it relates to every day users. Credit card theft, sensitive personal data stolen, and much more have been attributed to so-called ‘cyber terrorists’. Is it then possible that more ‘conventional’ terrorists would be interested to use similar tactics? This may sound extreme, especially due to the limited and reversibility nature of the impact of certain cybercrime tactics and the precautions that forewarned businesses and organizations can take. However, it is difficult to brush off the threat in an external inspection of both the dynamics and methodology of these types of attacks, and the tools used to perpetrate them.
Conventional terrorists–regardless of ideology have engaged in the digital space for any number of reasons, most having been born of necessity. For things like covert communication, recruitment, propaganda, transferring illicit funds undetected, and, most importantly, sharing amongst a geographically dispersed command structure. Information disseminated in the cyber space also includes target assessments for real-world terrorist acts, and tactical assignments.

However, this could change with increasing technical competency and capability for network-based attacks and growing number of bad actors in the online community. Opportunity for online interaction and training has compensated terrorists the loss of physical space for such activities on the ground. Current social networking tools such as Facebook, Twitter, and Instagram, among others, provide platforms not only to share information and expertise but also practice it in virtual space. It’s simply a foregone conclusion that funding terrorist acts, either directly or via support and logistical infrastructure, through cybercrime and ransomware is ongoing.
Ransomware tools like WannaCry and others have the potential to reduce the opportunity cost for conventional terrorist attacks as well. Al Qaeda and the Islamic State of Iraq and Syria (ISIS) have demonstrated much interest along with some capability to develop and use chemical, biological, radiological, or nuclear weapons (CBRN), and while there has been no successful mass casualty terrorist attacks involving them, there is the concern that these groups might lose control over the consequences of such an attack, in such that they could affect the members of the communities they are purportedly fighting for. However, use of weapons of “mass disruption” like ransomware as against weapons of “mass destruction” will enable terrorists to cause large-scale damage (loss of data and equipment), chaos (in hospitals and other public utilities) and fear, while simultaneously filling their coffers. Imagine the impact if terrorist groups like Al Qaeda or ISIS were involved in WannaCry attack. For terrorists, it’s a win-win tactic as they can achieve almost similar attention and without firing a shot or exploding a bomb, all without garnering the attention of conventional law enforcement and military tactics used in stopping them.

If you are concerned about your organization’s susceptibility to cyberattack, contact us today.

Staff Augmentation: A New Take on Outsourcing

Written by Scott Hall on . Posted in IT News

When thinking of a managed IT service provider, the small to medium business comes right to mind. MSPs offer an amazing value to SMBs, providing robust IT support for a significantly reduced cost compared to having their own IT staff. As your business grows, operations typically demand permanent in-house IT staff for support and maintenance. Even with new in-house IT staff, is it time to divest from an MSP?


Absolutely not.


Growing an enterprise is the epitome of success, but with transition comes change, and change can always be uncertain. New IT directors and management find themselves spending hours documenting, learning about infrastructure and equipment, and more on-boarding task, leaving the day to day IT support to newer, less experienced personnel going through the same on-boarding process. This is where staff augmentation can help your business thrive.


For example, Company A has decided to create its own IT department after years with an MSP because of tremendous growth in their market. But their budget doesn’t allow for the 10 person staff actually needed to manage and support their infrastructure this year, they can only hire 5, including management. The additional new hires will have to wait until the next fiscal year. But in the meantime, they still need the support, so what can they do?


The MSP can work alongside in-house IT staff, typically taking tiered responsibilities away from the client, for a fraction of the cost of full-time employees. The MSP will handle front line help desk on basic issues, the most time consuming and routine, so that Company A’s IT team can focus on working efficiently with the burden of being of understaffed removed. Working this way, managed services providers become a force multiplier for the client’s dedicated IT team, allowing them to work as they need knowing that the organization’s employees are still having their IT needs supported, while staying within budget and resource constraints. The MSP becomes a strategic partner for the customer, supporting them through whatever situations may arise.


Are your IT needs outgrowing your current team’s bandwidth? Don’t let IT employees burn themselves out with overwork. Consider staff augmentation with SOS Technology Group, and partner with us at every stage of your business.

Is Cloud Migration right for you?

Written by Scott Hall on . Posted in Cloud Hosting

Beginner’s Guide To Cloud Storage

Since reliable cloud services for small and medium businesses has been viable, SOS has worked with many clients to get the most from cloud based offerings with minimal impact and improved infrastructure. When businesses make the decision to move from physical on-premise hardware to the cloud, we’ve found the best practices to ensure success start very early in the planning stages. To that effect, if you’re considering taking advantage of the benefits of cloud services, here’s some tips to ensure a successful migration.


A Clear Vision for the Present.. and the Future


Forecasting growth isn’t a perfect science, but the overlap of IT and your business practices is incredibly important. Communicating that vision to employees and managers is crucial to keep your organization on track during migration and in the future as your business grows and scales.


Cloud Governance


Governance includes security and access. Which employees will have access to which services and virtual machines? You will still need to have a security mindset when it comes to secured network access and encryption of sensitive data, especially when working with PCI and HIPAA compliance.


Know Your Assets and Plan Ahead


Identifying your entire infrastructure is very important to successful cloud migrations, especially when adopting a hybrid model where some physical hardware remains. During this phase, best practices dictate that backups of your entire system are critical during this analysis. This will minimize the risks of any potential downtime and make the entire migration process much smoother, while also ensuring that no data is lost. Once this is complete, determine the order of migration, which departments of your organization will be affected and when at each step, and inform end-users of any changes to policy or operations that would require additional training.


Start Small and Simple

Beginning with non-critical systems is the best way to put some points in the win column and let your organization experience the benefits of cloud computing and gain experience with it. By encouraging transparency and consistency, everyone can familiarize themselves with the experience quickly and easily.



Once your plan is in place, it’s time to execute. Start with backups of existing data and hardware. Next, prepare and test the new cloud environment for connectivity with end users, and with other components in the cloud. After that, the moving of operational data can begin during your business’s downtime. Be prepared for adjustments to infrastructure, and get ready to test again under working conditions.


Monitor All the Things

Develop a comprehensive and complete monitoring process in place with your managed services provider and internal staff, to include as many details as possible, no matter how mundane they may appear. This will give you hard data points as to how your IT environment is actually working for your business, and you can approach performance and cost tradeoffs much more easily as you complete your cloud migration.


This outline can be challenge for anyone, and it’s important to have a winning team on your side when making the transition to the cloud. Get in touch with SOS today for an expert consultation and find out if cloud services is a good fit for your business.

Tech Headaches? We can help! Contact us now »