Best Practices for Risk Management

The United States Is a Big Target for Cyber Attacks on the Energy Grid and the reports that came out of the recent 2018 Cybersecurity Summit held at the Washington Post Live Center on Oct. 2, 2018, are terrifying. Every small business owner needs to seriously consider what would happen to their business if the energy grid goes down.

The War Has Already Started

Arthur H. House, who is Connecticut’s chief officer for cybersecurity risk said that the state of Connecticut is already under attack. Connecticut utility companies experience more than a million daily probes of their operating systems from unauthorized users that include hostile, foreign attackers. These probes are the ones that were detected and deterred. It is not known what amount of probes go undetected. What is known is the number of daily attacks is exponentially increasing.

Expert Opinions are all Doom and Gloomchief officer

U.S. Homeland Security Secretary, Kirstjen Nielsen, referred to the Russian hacking efforts as preparing the battlefield for a major attack. Karen Evans, who is in charge of energy security and emergency response at the U.S. Energy Department, said that our electrical grid and energy infrastructure are the primary targets for hostile cyber attacks. General Petraeus former CENTCOM commander and director of the CIA said that if an extremist group obtains the ability to attack and shut down a major portion of the American energy grid and keep it down; this is the equivalent of being hit with a weapon of mass destruction.

Cyber Attacks are Worse than Natural Disasters

With a natural disaster such as a major hurricane, there is a limit to how long the event lasts. With a cyber attack on the energy infrastructure, the attacks may continue and return multiple times. They may begin in one part of the country and spread across the rest of it.

American small business owners need to plan for the worst-case scenarios that do not solely rely on your local power grid. Sentree Systems helps clients with data protection by storing critical system-backups off-site and in multiple redundant locations, which increases your chances of a faster and complete restoration. Alternative energy systems, such as solar panels that work with enough batteries for power storage can also help lower these risks. Consult with Sentree Systems to make a plan for what you are going to do if the grid goes down.


commander and director

Even though many companies may be working with smaller overall IT budgets, the portions of these IT budgets that are allocated towards security is increasing. This is happening because the perceived risks and the actual risks are growing dynamically. It is a matter of self-defense.

Avoiding Security System Sprawl and Gaps

It is important not to be wasteful in planning for IT security and make sure the application of budgeted funds is producing the best results. Security system redundancy and system sprawl across multiple networks are common problems. This not only costs a company more; it can actually increase the security risks that the security systems are trying to reduce.

Such wastefulness and any security gaps are uncovered by a comprehensive IT security review by Sentree Systems serving customers in Indianapolis and all across Indiana in cities and towns like Plainfield, Noblesville, Avon, Carmel, and Fishers.

Having Adequate IT Security Monitoring

This is achieved by a combination of outside consulting assistance from Sentree Systems working with in-house IT security staff. This is a 24/7 job that should never be neglected

Best Practices for Managing IT Security Budgets

Using too many security solutions combined with a lack of properly-trained IT-security staff causes big problems. Instead, here are the best practices to follow:

  • Work with a single IT security vendor like Sentree Systems that provides a comprehensive solution.
  • Reduce redundancy in security systems to have a more cost-effective solution.
  • Conduct regular security audits to uncover problems proactively before a disaster occurs.
  • Make the security audit recommendations and fund them with the proper amount of budgeted support.

By working with a single-solution provider like Sentree Systems, a cost-effective security program can be put in place that reduces wastefulness and gets the job done. Email or call 317-939-3282 to schedule an IT security review.

International cyber wars have been in the news a quite a bit lately. Countries are attacking other countries. Computer servers are being hacked by sophisticated government operations. Identity theft is now so rampant that the theft of an American person’s identity happens once every few seconds. A study conducted by Javelin Strategy & Research found that during 2017 about 16.7 million Americans were subject to identity theft. This caused over $17 billion in losses from the data breaches. Businesses are not immune to these attacks either.

North Korean cyber attackers are thought to have hacked cryptocoin currency exchanges in South Korea and Japan. They got away with stealing the equivalent of tens of millions of dollars. Then, the perceived technical vulnerabilities of the cryptocurrency exchanges caused the value of all of the cryptocurrencies to decrease rapidly. About half of the value of all the cryptocurrencies disappeared in less than a few weeks, which represented more than $42 billion in lost value that evaporated during June 2018. The most popular one, Bitcoin, suffered the greatest loss of value.

Other cyber-criminal hackers distribute a vicious form of malware called “ransomware” that infects computers, encrypts the files, and then the hackers demand payment in anonymous cryptocurrency for the key needed to unlock the files. They promise to send the unlock keycode for payment; however, they may not send it, even if the ransom is paid.

Businesses that make use of bank wire transfers are seeing attacks that divert funds from their business account. Hackers get the information they need by doing “spearfishing” with keyloggers to capture personal information. They get the passcodes to bank accounts or simply use an email that seems to come from the boss to instruct a worker in the company to make a payment to the criminals.

This is an important warning for the big businesses, as well as for the small-to-medium-sized businesses, which are located in the service area for Sentree Systems in Indiana. This includes the cities of Avon, Carmel, Fishers, Indianapolis, Noblesville, Plainfield, and the surrounding areas. You need Sentree Systems on your side to fight this menace.

World War III has already started and it is a cyber war. The attacks do not even need to directly focus on your company to cause great harm. They can be against critical infrastructure, electrical power grids, banking networks etc. All of these attacks can be disruptive and damaging to every business that uses these systems.

Having high-defense IT security and a comprehensive plan for disaster response for your business is no longer something that can be left to do some time in the future. In fact, this needs to have already been done and regularly updated for the ongoing and upcoming threats. Contact Sentree Systems at 317-939-3282 or email to set up an appointment for a comprehensive IT security review to help mitigate the serious risks that all American businesses are now facing.

New privacy and data security rules are now in effect for any company that has some of its operations in Europe or has some customers from there. The European Union (EU) passed a law called the General Data Protection Regulation (GDPR) that requires businesses to give EU customers more control over how their personal data is collected, what permissions are required for a company to use it, and what can be done with the information. This law went into effect on May 25, 2018.

Any American company that has customers from the EU needs to be in compliance with the GDPR regulations. It is likely that over the next few years similar regulations will be imposed by the U.S. government on companies in the USA as well.

GDPR is in Response to Data Breaches

The GDPR law is in response to the continuing problem of data breaches being experienced by many companies including large online retailers and companies that are tech giants. Facebook got into serious trouble over the Cambridge Analytica data hack of its system.

Under the GDPR rules, any company that has any data on any person from the EU must notify regulators within 72 hours of the discovery of a major data breach. This means that even U.S.-based companies need to be in compliance if they have an office in the EU, share data with a company there, or have online customers from the EU.

Another new GDPR rule requires companies to make it very easy to opt-in and opt-out of data collection. Companies who fail to do this correctly face a fine of up to 4% of their annual level of global sales or about $23.5 million, whichever is a greater amount.


The new GDPR rules are considered the best practices. Many American companies are taking the proactive stance to be in compliance with GDPR regulations even if they are not required to follow the GDPR rules by law. Work with the experts at Sentree Systems Corp. to find out how to change information collection, storage, and usage procedures to be in compliance with the new GDPR rules.

Not all things need to be online. In fact, there are some systems and information that should never be online and instead be secured by a private offline network. This strategy is known as using an “air gap” between systems and the public Internet.

Improved Security Using Offline Systems

Using an offline network for critical path functions and data security reduces the risk of a data breach. This is an excellent strategy, however, it is not 100% secure. In any security review, the IT security experts look at outward-facing systems that connect directly with the Internet, opportunities to manage system networks offline to improve security, and the risk of “human engineering” hacking attempts. Human engineering security breaches come from the tricking people into doing something that allows a security breach. Using an air-gap strategy needs to be enhanced with increased personnel security, such as extensive background checks, limiting personnel access to systems, and physical security barriers to access sensitive data.

Offline Protection of Personal Data

Any organization that handles personal data, such as credit card information or medical records, has a severe obligation to make sure the data is protected. Access to this information should be managed on a need-to-know basis. For example, credit card data only needs to be used for secured transactions. If it is stored by a company that information should be stored offline and secured by encryption.

For medical records, there are severe penalties for data breaches under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In some cases, these penalties have been in the many millions of dollars. This means anyone handling such data needs to protect it like they are guarding the gold at Fort Knox. This is the kind of information that benefits from offline storage using a private network, with point-to-point information tunnels that pass data from one place to another only when it is encrypted in order to only permit authorized access to the data.


The risk of experiencing a data breach when there is unnecessary exposure of data to the public Internet can be better managed by taking the sensitive data offline.

Consult with Sentree Systems about how to manage an online presence combined with a private offline network for better security. Every business of any size can benefit from this approach.

The U.S. Department of Health and Human Services maintains a database that tracks every data breach of medical records where more than 500 records have been compromised. SafeticaUSA reports that, during 2016, the data breaches were caused by improper disposal of memory storage (2.3%), loss (5.4%), theft (19%), hacking (31.8%), and unauthorized access/disclosure of information (41.5%) by employees, which happens sometimes by accident.

Misuse of this information obtained by a data breach is rampant. Criminals can use this personal data in many nefarious ways including blackmail and identity theft. Businesses that do not protect personal and private data are liable for its misuse. They can face fines and civil lawsuits in the multiple millions of dollars.

The SafeticaUSA study noted that the average cost for a single data breach is $7 million and that 100% of businesses share business data in ways that are not safe. When employees leave a company, 87% of them take company data with them increasing risk exposure.


Indiana’s Data Security Record

In the SafeticaUSA study of medical record data breaches, which reviewed the occurrences in 2016, California was the state with the largest number of incidents, followed by Florida, Texas, and New York. Indiana came in fifth place by having 12 major data breach incidences during 2016. In terms of the number of compromised private records, the state of Indiana, with 257,174 records breached, was in tenth place on the list of states with the highest number of data breaches.


Data breaches are a serious problem that puts every business at risk. Personal medical records are very vulnerable and the dangers are increasing. Proactive strategies to reduce this risk include conducting a data security Risk Assessment, implementing a data loss prevention solution, and advocating that the best practices are used for data security by affiliates, contractors, and business partners.

Contact Sentree Systems for a Risk Assessment to improve security and reduce the chance of a serious data breach.

When it is used properly, encryption is a valuable tool to help reduce data security breaches. Most business owners and C-level executives know something about the general topic of encryption; however, comprehensive data security reviews consistently show security problems that can be reduced by following the best-practice strategies regarding how to use encryption.

Using Encryption Effectively

Every organization benefits from encryption. Encryption is more effective when it is used comprehensively and always in place. During any part of the data processing, if the data is unencrypted, this creates a point of risk exposure. For example, if a user with authorized access uses an encryption key to decode some encrypted data and then leaves a copy of the unencrypted data on a laptop that they take home, suddenly the entire system is at risk. Encryption is made totally ineffective if an unencrypted copy of the database is on a laptop that can be hacked or stolen.

Avoiding a False Sense of Security

Just because data is encrypted, does not necessarily mean it is protected. There have been many examples of encrypted databases being subject to data breaches because even though the database was protected with encryption, those that had the encryption keys that are needed to read the data failed to protect their encryption key.

An example of this problem occurred in the loss of millions of dollars of cryptocurrency. This happened because the encryption keys, which are the proof of ownership of those assets, were hacked and stolen. They were kept in a database that was not secured. Since the ownership of cryptocurrency is semi-anonymous, protecting the encryption keys is the only way to control the assets. If the keys are lost or stolen the cryptocurrency is simply gone and nothing can be done about it.


To properly implement a comprehensive plan for using encryption effectively, one good strategy is to conduct an IT security review by Sentree Systems that focuses on implementing encryption on a network and protecting the encryption keys.

Data security is a viable part of protecting the operations of any business. Think of this analogy. Even if you own a one-bedroom/one-bath home, which is the first home you ever purchased, this does not mean you be lackadaisical about home security. Having an alarm system with solid locks for windows and doors is just as important for your home as these things are in a luxury mansion.

Some might even say since your first home probably represents the biggest investment you have made so far in your life, it needs more protection than the luxury mansion owned by a wealthy family that already owns many other homes. The same logic applies to your business.

IT Security for All

It used to be that IT security was so expensive that only the larger businesses could afford it. Granted, even now, large businesses spend enormous amounts of money on data security efforts because protecting the data from security breaches is so important. However, just because a small business has a modest budget for IT services, this is no excuse for not having a service contract with a high-caliber security firm that specializes in IT data protection.

There are economies of scale that help keep the cost of IT protection modest when using a skilled firm. The security specialists concentrate on data protection. That is what they do best. They think about this 24/7 non-stop on behalf of their clients. Things that they notice affecting other small business clients are applicable for almost every customer they help.


Just because a business is small does not mean that IT security should be inadequate. Being a small business is not an excuse for having poor IT security policies. The cost for failed security measures can be the loss of the entire business. It is very unwise to risk this.

The key to success is NOT to rely only on in-house staff that does not have the time, energy, experience, and expertise to provide state-of-the-art IT security. Instead, outsource these tasks to a company like Sentree Systems and think of the investment as being similar to having a business insurance policy.

The beginning of a new year is a great time to have a comprehensive data security analysis and to create a new strategic data security plan. There is plenty to be worried about when it comes to data security. Data security is something that needs to be constantly monitored in order to be effective. New threats are coming up every day.

Luckily, a small-to-medium-sized business does not have to go at this alone. In fact, having a service contract with a specialist in data security is probably one of the smartest things a business can do.

Here are a few significant things to consider when making a strategic data security plan for 2018:

Internal Security Breaches

It does little to stop a security breach if the entire focus is on external attacks and the security breach comes from within. Authorized users have been known to simply make copies of sensitive data files and walk out the door with them. Disgruntled employees can wreak havoc on data security when leaving a job.

Best practices include using high-quality background checks, restricting access to data on a need-to-know basis, and being able to immediately terminate access for any user.


Ransomware is a type of malware that when a user downloads it, it installs itself, and then encrypts the data on a system to lock the users out. An extortion demand is made for a payment in anonymous cryptocurrency like Bitcoins in order to get the encryption key to unlock the data. These extortion demands range from a few hundred dollars to millions. There is not even a guarantee that paying the ransom will get the data back.

Best practices to avoid this risk are to maintain real-time data backups that are made and then kept in protected storage offline. If a ransomware attack occurs, these backups can quickly bring the organization back to current working-status.

Two-Factor Authentication

All external-facing systems need to have a two-step authentication process using one-time use authentication code for the second step. The benefits of this strategy are significant in blocking unauthorized access. The way it works is an authorized user logs in with a complex password and then the second step sends a text message to a secured mobile device that is used by that person to complete the login process. If the mobile device is lost or stolen the second-step is canceled.

Sentree Systems Corp. is a highly-qualified data security consulting company that works with small businesses in Indiana, serving Indianapolis and the surrounding areas including Avon, Carmel, Fishers, Plainfield, and Noblesville Every business should assume they have either been attacked, are being attacked, or will be attacked. Fast detection and swift response are the small business owner’s only defense. Contact us today to learn more about these strategies at


[contentblock id=72 img=gcb.png]

Data Security is improved by taking a data-driven approach that addresses security issues that are uncovered by a review of security risk data. For example, allowing employees to continue to use software that has known vulnerabilities, which has not had the most recent security patch applied, is a risk that is unnecessary.

Here are a few tips to improve Data Security by using a data-driven approach:

Conduct a Security Assessment and Implement Its Recommendations

It is surprising when an organization goes to the trouble to conduct a security Assessment, which should be done on a regular basis and then does not implement the recommendations. Executives may think that since the security Assessment was done, the security is improved. A security Assessment demonstrates an Impact vs. Likelihood that your organization will have a compromise in the near future, but does not actually stop a breach from happening. It is important to take the next steps of implementing security upgrades as well.

Monitor Data Security News Alerts

By setting up Google alerts and keeping an eye on the latest Data Security News, helps increase awareness about security issues. An example of a Google alert is using the name of the software or IT service combined with the phrase “security flaw.” Moreover, there are industry security news systems that can be regularly checked for alerts such as the Security News notifications in the Security Education Companion.

Organizations that do not have sufficient internal staff for these Data Security issues do well by contracting with an outsourced IT data security company to monitor them on behalf of the organization.

Be Proactive About Advanced Persistent Threats

Advanced Persistent Threats (APT) are socially-engineered attacks that are occurring on a continual basis. Examples of APT attacks included phishing where websites are faked to get people to enter private information, email campaigns that cause people to download attachments that are malware, or websites that load malware when a person visits them.

Sentree Systems Corp. is a highly-qualified data security consulting company that works with small businesses in Indiana, serving Indianapolis and the surrounding areas including Avon, Carmel, Fishers, Plainfield, and Noblesville. Every business should assume they have either been attacked, are being attacked, or will be attacked. Fast detection and swift response are the small business owner’s only defense. Contact us today to learn more about these strategies at


[contentblock id=72 img=gcb.png]

Is Your COMPANY's Data on the Dark Web, Find out TODAY!!!


Copyright © 2015 - 2018 Sentree Systems, Corp.. All rights reserved.

Sentree Systems, Corp. | 6137 Crawfordsville Rd Ste F #177 Indianapolis, IN 46224 | 317-939-3282