1. Will SCWOA make us look bad when we have a potentially embarrassing security breach?
  2. Will you tell people about security breaches in our organization?
  3. Do you cooperate with law enforcement agencies?
  4. Will you crash our servers?
  5. We’ve been hacked! What should we do?
  6. What tools does SCWOA use to provide information security services?

Will SCWOA make us look bad when we have a potentially embarrassing security breach?

No. We always perform our services with the utmost discretion, and take all reasonable precautions to protect the reputation of our clients. Frankly it would work against our interests to do so otherwise.

Discretion is an important part of our service promise – therefore we hold all our consultants and technicians to strict standards of confidentiality.

Will you tell people about security breaches in our organization?

Not in general practice. We do not share details of your case with the media or other external parties. The only exception is when we are required to comply with certain legal proceedings, or to cooperate with law enforcement authorities.

We may use your case for to produce certain types of reports, analyses, and other types of materials e.g. white papers, case studies, training materials etc. However cases are always described anonymously, so your company would never be revealed by name or through certain revealing details.

Discretion is an important part of our service promise – therefore we hold all our consultants and technicians to strict standards of confidentiality.

Do you cooperate with law enforcement agencies?

Yes. This is an important part of maintaining security standards in a free economy, and making sure that organizations are able to function without fear of being shut-down through malicious activities.

We have cooperated with law enforcement agencies such as the FBI and various police departments before, and we will also comply with court orders as necessary.

Will you crash our servers?

No – we are here to fix your servers, and a big reason we are called in is because the system is already crashing or freezing for some reason. It may be necessary to shut down a server or network in order to repair them, and therefore it is possible to experience a service disruption in this manner.

A crash (or system crash) is caused by an error / breach somewhere in the system, and it is our job to find this error / breach. While it is possible that a freeze or crash may occur during the repair process, this is never done intentionally by a SCWOA technician – unless for the express purpose of diagnosing the cause of the freeze or crash.

We’ve been hacked! What should we do?

If your security has been compromised, one of the most common reasons for this is because someone has guessed or hacked your password. The first thing you should do is change all passwords in the affected systems.

If the security breach appears to be some form of virus or malware – you should immediately update all your security software (such as firewalls, anti-spyware / malware, antivirus etc.) and run a scan on affected systems.

If the above two steps do not solve the problem, or if you are worried about the extent of damage caused by the security breach – then you should contact an information security expert immediately.

SCWOA technicians are standing by to help you solve your information security issues. You can find our direct contact details at the bottom of this page, and you can fill out our contact form.

 

What kind of tools does SCWOA use to provide information security services?

We can and do use hundreds of different tools to audit, diagnose, and repair a client’s IT infrastructure. This is because different tools can be more or less effective than others based on a wide variety of situational factors.

These are the six tools we most commonly use to provide IT and information security services:

  • NMAP – an open source utility for network discovery, sever monitoring, and security auditing.
  • Wireshark – an excellent network protocol analyzer tool, for example to capture and analyze network activity.
  • SAINTScanner – a network vulnerability analyzer that can also be used to demonstrate regulatory compliance (such as PCI, HIPAA, COPPA etc.)
  • Nessus Scanner – another excellent network vulnerability scanner with a top-notch vulnerability knowledge base.
  • Cain and Able – a password recovery tool that helps mitigate dictionary, brute force, and cryptanalysis attacks among other things.
  • L0pht Crack – a hardcore password analysis, scoring, monitoring, and auditing tool.