2 Factor Authentication: Can You Afford NOT to Have It?

Fluidity has become a hot button issue for business owners. More and more, you need fluid streams of capital, fluid business models, and a fluid workforce, able to work from anywhere they need to, on any device they need to. This past year we as a populace have witnessed drastic changes occur to our day-to-day work lives, and more importantly, many of us have seen how much more productive this form of working can be for everyone involved. However, with new advances you end up with new issues, which is why we are

going to talk about a system that comes in a couple of forms, 2FA or two factor authentications, or it’s cousin MFA or multi-factor authentication. With the rise in cybercrime in the United States, a trend that is showing no signs of slowing down, it’s not an issue of whether you can afford to implement 2FA, it’s becoming evident that you can’t afford not to if you have a mobile or semi-mobile work force.


Let me tell you a story. Sylvia has a company that runs logistics for major trucking companies in the state. These companies rely on her business, at all hours of the day to make sure they are staying on the proper course, and the right materials are going to the right places. Sylvia knows she can’t afford to keep her office space open 24/7, but she needs her

agents to be working at the schedules of the truckers, so she has a large part of her workforce working from home. Unfortunately, her system got breached one day. While she was able to minimize her downtime due to her partnership with an amazing MSP, which let’s just call Delval Technology Solutions, some of her employee login information is still out there. Thankfully, she also opted into endpoint security for her business, including 2FA. Someone tried to login to one of her employee’s accounts, and they were notified when they got a notification from their 2FA system to authenticate the login. They called Sylvia to report the suspicious activity to her and were able to thwart the malicious actor in

their tracks. Her small investment into a 2FA system for her business just saved her thousands of dollars and the trust of her clients. It basically just paid for itself.


When users are remotely logging into your network, 2FA gives your business an extra layer of protection to ensure that the authorized person is the one entering the network. There are different tools to use when it comes to 2FA. Some send SMS texts, others use emails, and some use apps that require a push. Either way, the system works as such. An authorized user enters their credentials to log into the network. From there, a message is sent to them via one of the above-mentioned methods, that the user must complete the process, usually entering a code that has been sent, to get into the network. This ensures that no one can get into the network that isn’t supposed to. Best case scenario,

the person trying to access the system is the one who gets in. Worst case scenario, an intrusion can be thwarted by the authorized party receiving a 2FA message

saying someone is trying to get into their network using their credentials.


The most common type of 2FA uses the authorized users SMS in order to authenticate them. Once a user inputs their login credentials, username and password, a code will be text to their device that they have to enter. The user then has a certain period (usually five to ten minutes) before the code expires in order to get into their network.

Email authentication is another form of 2FA. Similar to the SMS version, an email will be sent to your address. From there, you may have to click an authentication link, be given a code to input, or even use a QR code on a secondary device. While this is a more versatile form than the SMS based 2FA, it isn’t as widely used because of things like device lag time, and people’s ability to turn email notifications off, which many do if they are usually inundated with spam.

App based 2FA is becoming increasingly more prevalent, and also may be the best for overall security. First the user needs to download an app such as DUO Mobile, or Google Authenticator. From there, when they attempt to login to the network from a new device, or to get in certain parts of the network, they will receive a push notification to an app. From there they will have to enter a matching code to let the administrator and the app know that they are in fact the user. Apps have more features they can use to aid your

security. One aspect that is great for aiding in security is their ability to track the location of the user on both ends. This could be used to stop phishing attacks as the perpetrator is not usually anywhere near the IP of the person assigned to the login. While this may take some additional monitoring, it can be a great way to further protect your network.

Having the ability to be fluid with your work force can be a game changer for many business owners. However, you never want to compromise security for the sake of functionality. Utilizing a 2FA plan for your system is something that is a cost effective way to ensure that you know the person trying to get in is the person you want to get in.  While there is a cost to 2FA, it is far less than the cost of the consequences to your business. Contact Delval Technology Solutions and ask about 2FA today, because you never know what tomorrow will

bring to your network.

VPN's and Your Business

Ralph is a small business owner with a team of 10, most of which are in the field. They work off their phones, tablets and personal laptops from wherever they may be. Ralph has seen that more and more hacking attacking on small businesses are taking place, and knows that by his team using public wifi, they are more exposed to these malicious actors. Due to the nature of their work, everything from where they browse, to their write ups, and the files they send to each other are proprietary information that he wants

to keep safe for the sake of his business and his customers. Ralph talked to his MSP partner and they recommended he get a VPN.


VPN stands for virtual private network. This is a network that while accessible from anywhere with an internet connection, is a more secure connection for a user to access the internet. A VPN is encrypted, meaning that a key is needed in order to be able to actually see the information. It serves as a cloaked portal between the user and the internet. Many people use VPN’s at home to do things such as change their location to watch foreign streaming services, or access Tor browsers to reach the dark web. While these benefits

can help your enterprise if you have remote workers abroad who can’t otherwise access your network, there are a few key benefits to a VPN for your business.


Public wifi servers are just that, public. This means that anyone can sign onto them regardless of the credentials. Once in, hackers can use this to access and mirror other users computers, allowing them to view your data as well as steal data and other credentials. A VPN stops these actors from being able to do so. A VPN is a cloaked portal, which means that it is encrypted. This encryption makes it impossible to view the data without a proper key to unlock the encryption. This means anyone trying to spy on yourself or your employees’ devices will only see illegible chunks. A VPN is akin to an invisiblity cloak, making it a more secure way for your teammates to enter your network from anywhere, any time with any devices. This is also the case for Peer-to-Peer file sharing amongst teammates. While services such as Dropbox, Google Drive etc do offer some security measures, often times those alone are not enough and files can be intercepted. However, with a VPN service, your employees and your customers are cloaked and protected, with these files being protected by the same encryption as the traffic.


When the pandemic hit, many had to migrate their workforce from the traditional in house model to a remote, work from home model. While many companies had already migrated data to the cloud, they didn’t always have an easy way for their employees to access this data. This is where a VPN comes in. It doesn’t matter if the employee is down the street, two states away or in a country that doesn’t even allow free internet access, with a VPN, anyone with the proper credentials can get into their network and get their projects

accomplished. What’s more, VPN’s allow companies to segment data, so only specific users can access specific data if necessary. Everything from usernames to passwords to even IP addresses can be used as identifiers of who should be in, and who should be in, your network.


This is a tricky one but depending on your business can be one of those great “hacks” that could be helpful to your bottom line. Businesses offer different pricing in different countries. This goes for everything from consumer goods to flights and hotels, to equipment for your business. VPN’s allow you to disguise your country. By doing this it enables

you to access these discounts for your business. This could mean cheaper hotels and flights for traveling representatives, cheaper equipment for your company

and other great savings that you would never be able to access otherwise.


VPN’s are not all created equal. Just like many other subscription tech services, VPN companies offer a variety of add-ons and other tools for your business. The need for these obviously vary based on the nature of your enterprise. With that said, there are four main things that you should look for when choosing your VPN provider. Speed is crucial to how your business runs. You want to ensure that you at least get the same connection speed as you do from using an uncloaked network. VPN providers offer an array of different

pricing, so be sure to choose the right one for your business. Just like anything else, you never want to pay for features you do not need. Reliability is key. A reliable VPN will ensure that you don’t deal with costly and frustrating downtime issues. The final thing is ease of use. Not everyone who works for you is a tech expert. Regardless of the level of expertise, you want them to be able to access your network and be productive team members. Look at things such as the interface and how to access the VPN and ask yourself “Can my IT team and my janitorial staff both understand how to use this?"

Ralph listened and did his research. He knew that he could work with a trusted MSP, such as Delval Technology Solutions, to find the right VPN with the right features for his business. Now he knows that be it the field or the office, his team can access his network safely and securely, ensuring that the work keeps flowing and unwanted downtime is avoided.

Top Tech Trends for 2021


What a difference a year makes. When it comes to the technology we use for business, innovations come quickly and trends change rapidly. Knowing what’s on the horizon and what to look for can be the difference between being ahead of the curve or being left in the dust to play catch up. In 2020 we dealt with a world changing event. As we come out of it in

the second half of 2021, what should you be looking for when it comes to tech? What are some trends that can help your business?


Now, this may sound a little RISE OF THE MACHINES to you, but automation is a powerful tool that can help you both run your business and manage your data. In the field of analytics and finance, many are turning to automation that is capable of what is known as machine learning to do the more arduous tasks that can bog down employees. Take Google for example, who has implemented a machine learning system into their award-winning Google Analytics software, which gives businesses not only insight, but helpful tips on how to maximize their adspend, and their websites in the future. Many factories and shipping facilities have also begun to use automation for more dangerous tasks, as well as tracking

both inbound and outbound shipments. Major institutions such as hospitals as well as other medical companies can use AI to predict the needs of the populace, from beds to medication. What can this mean for you and your employees? Well, while it may seem that the machines would take the place of the employees, it’s been found that that isn’t really the case. In fact, what many see is this allows the employees who would have to focus on the mundane, tedious tasks, more time and creative energy to strategize and implement new ways to grow the business, market, sell, ship and take better care of their customers!


In what many are calling the evolution of the cloud, edge computing takes some of the processes used by the cloud and puts them back in the user’s space. This enables the cloud to process faster, as it reduces the amounts of long-distance transmissions needed to execute. The edge is where the device, be it the user’s computer, router, phone etc, communicates with the internet. By doing this, it cuts down on what is referred to as latency, or the delay as the user’s device communicates with the server that the cloud is hosted on, which in some cases is across the world. Latency issues can affect everything from your SEO to customers choosing your product or service. After all, we live in an era where 2-3 seconds of lag time is considered slow. Edge computing could be a game changer for everything from medical devices to self-driving cars, and even the office, with it aiding in video conferencing as well! What’s more, it’s also more cost effective, as it cuts down on bandwidth charges. 5G Leaps in technology are not merely limited to things such as robots and home computers. 5g, or the 5th generation of mobile wifi, presents a game changer for many businesses. In the past, while your phone or tablet may have been more powerful than your home PC, today, things are much different with the advent of 5G. It is the fastest mobile data has ever been able to be sent or received, which means that businesses can rely on a mobile customer base more and more. Your websites can be more robust to mobile users and tablet users. Your data will transmit faster. If you have employees who use

their mobile devices for work, or tablets for orders in the warehouse, these systems become as reliable, if not more that traditional wireless services. 5G has exponentially more connectivity than 4g and can relay much more bandwidth. In fact, research has shown the 5g can connect and support 1 million devices in a .38 mile radius, as opposed to only 2000 with 4G. Latency also has been shown to greatly decrease with the advent of 5g, making it easier for customers to reach your business, and your business to reach their customers. As we move from offices that merely work on pc’s to offices that are interconnected through a myriad of devices, 5G technology helps ensure that no matter what

device you are on, you are connected and supported at the highest speeds.


As we touched on earlier, cyber-crimes are getting costlier as each day passes and cyber criminals are getting craftier in their approach, and braver in the endevours. Of course, this means that those who wish to thwart these criminals also are constantly updating their approaches to minimize the risk to both everyday citizens and business owners. While many businesses are using VPN’s as a way to secure their networks for remote workers, a new approach known as ZTNA or Zero Trust Network Access, is beginning to emerge as an even more secure solution for networks. While a VPN merely cloaks the mobile users path into the network, a ZTNA checks everything from the user, to the content, to their network for malicious and suspicious activity, making it much more secure.

Leaps in Multi-Factor Authentication are also being made. Traditonally, an MFA system would employ a SMS text message or an email in order to authenticate the user. However, both SMS and email are accessible to hackers and other malicious actors. 3rd party applications such as Google Authenticator, Microsoft Authenticator and Duo, which is used at Delval Technology Solutions, offer a secure, encrypted 2FA platform, giving endusers and network operators a more trusted method of protection.

Data is both an invaluable commodity to a business, and a high profile target to a hacker. For this reason, data privacy is becoming less of a component of a greater cyber-security plan, and more of a separate entity to be protected. Attacks on personal data aren’t just problematic for identity theft, but are costly to business owners who can lose both customer trust, and thousands if not millions of dollars in regulatory fines.

Cyber security professionals, such as the folks here at Delval, are becoming less of a “luxury” item and more of a necessity for business owners. Attacks are becoming more frequent by the day, and targets are becoming even more broad. It is imperative to consult and work with cyber security professionals if you are not one yourself in order to protect yourself, your business and your customers. Oftentimes people have stated “it’s better to have one and not need it, then need it and not have one”,  when speaking about firearms. Think of a cyber security professional the same way. You have someone to watch your back and your network, and ensure that your enterprise is compliant and protected, and to be vigilant in protecting your company.

While these aren’t the only tech trends, they are the ones that you will be hearing more and more about.

Ransomware, The DC Police & The Colonial Pipeline

Cyber attacks have been on the rise across the board between 2020 and 2021. In fact this year, there has been a 102% rise in ransomware attacks carried out by hacker. This past week we have seen, and many of us have felt, two major ransomware attacks and their fallout. What was once something that was regulated only to businesses and smaller institutions have become big business to hackers, with companies paying out millions of dollars to get there networks back in order and mitigate damages.


Ransomware is software that is designed to shut down a company or institutions network, till a monetary demand is paid. Think of it like digital kidnapping. Hackers use different methods to implant malicious software and access a system. From there they will encrypt the data it contains and lock out authorized users, until the demanded ransom is paid. Oftentimes these are sold as a service from one hacker to another, and usually target businesses or data reliant institutions such as schools and hospitals. 

While at times, in the case of WannaCry, an early ransomware program, these issues can be handled without paying the ransoms, there can be consequences. In one case, a hospital dealing with a ransomware attack had to reroute an ambulance with a critical patient over 20 miles away, causing the patient to die in transit. At times, these hackers will threaten to

delete the data. Other times, they will threaten to leak the data to both the clear and dark webs, putting personal and proprietary information in jeopardy.

These attacks are proving to be more costly as time passes, as the ransoms paid have increased 171% averaging over $300,000 per payment. The two most recent cases of ransomware are also two of the most concerning examples, as they targeted both infrastructure and security. These attacks have caused massive panic in some cases, and in others, have put lives in jeopardy of those sworn to serve and protect the populace.


Early this week it was revealed that the Washington DC Metro Police department was hit with a ransomware attack that originated in Russia. The attack occurred late last month, and the threat was simple. The hackers demanded 4 million dollars in ransom to unencrypt the files they had. They were clear, if they were not paid, they would begin to release sensitive data on officers, including background checks, full names and information of officers in the field including undercovers, psych evaluations and improprieties that

had been brushed under the rug.

The attack was carried out by a group calling themselves Babuk. While they are relative newcomers to the ransomware world, this isn’t their first rodeo. Babuk made headlines last year by launching a ransomware attack on the Houston Rockets. Ironically, the Houston Rockets, a professional basketball team, had security protocols that were able to minimize their damages. The Washington DC Police, were far less equipped. Last week the department offered their counter offer, $100,000 dollars in exchange for getting their data back. Babuk was not having any of that however. In response, they leaked troves of information into the world. They released documents pertaining to hiring, including candidate

interviews and reviews, information that the police had on street gangs and other criminal organizations, and daily intelligence briefings that were meant for the police commissioners eyes only. On top of that, dozens of officers medical records, addresses, and financial records have been released as well.

While the ransom has not yet been paid, Babuk has gone a different, far more frightening route. They have decided to release their ransomware code to the dark web, so any hacker can use it. Analysts have conflicting opinions on this. Some are stating the reasoning for this is that the code is faulty, it deletes files whether the party demanding the ransom wanted them deleted or not. Others have stated that this “retirement” is due to the the fact they hit a high-profile target and become headline news, leaving themselves open to retaliation from law enforcement.


If you are reading this, I imagine you are familiar with the Colonial Pipeline attack. The internet has been flooded with memes and images of people filling up bags with gasoline. Long lines, shortages and panic buying have been seen up and down the East Coast. The White House, and President Biden have had to publicly address this multiple times last week. What happened though? Last week, hackers encrypted over 100 GB of internal data in order to hold the operators of the Colonial Pipeline hostage. The pipeline, which carries gas to much of the southeastern US, had to shut it’s systems down in order to stop the ransomware from spreading.

The ransomware was designed by a group called Darkside and sold to a secondary operator. This operator had a two fold plan of attack, hold the information hostage, and threaten to release the data, similar to how the DC police attack occurred. The fallout from this was nearly instantaneous. It caused the biggest gas shortage of the twenty first century, causing panic amongst customers, and legitimate shortages across the southeastern US. The panic however, spread across the east coast. In fact, this writer personally witnessed

three gas stations in PA that were without gas, not because of the pipeline, but because of panic buying.

Darkside, the group who created the malicious software, specialize in what is known as Ransomware as a Service. They are not the ones who carry out the attacks. They create the software, and also run a help desk to aid in negotiations and victims getting their information back. Even they were not expecting the fallout from this. In fact they released a statement that in effect served as an apology claiming they never intended for their product to be used to shut down infrastructure and would, in the future, better vette potential customers and add parameters to what the software could be used for.

While initially the administrators of Colonial denied paying the ransom, it was later revealed that they paid over $5 million dollars in Bitcoin to the hackers in order to shut down the attack and save their data. As of this writing, operations have restarted at the Colonial Pipeline, adverting a long term shortage. Ransomware is a problem that is not going away. However, these attacks have illustrated how we need to be prepared, both as citizens and as a nation to protect ourselves from the damaging attacks, and hackers who wish us harm for their own personal gain. In the wake of these attacks, the White House has announced the Industrial Control Systems Cyber Security Initiative.

It is now understood that these vulnerabilities must be recognized and protected to ensure that this pipeline attack is not the tip of the iceberg. These attacks are widespread and could potentially ruin their victims. It doesn’t matter if you are a local municipality, government agency, small business or major corporation, security should be your top concern. If you are interested in protecting yourself from these attacks, make sure to stay on top of your patches, and be sure to reach out to a security minded MSP, like Delval Technology Solutions

AWS vs Local Cloud Providers: Who's Best for Your Business

It has been said that we live in an era of infinite choice. From the foods you eat, the shows you watch, to  the goods you purchase, the possibilities are endless, and at times so is the confusion. Oftentimes our choice comes down to who is providing the service and where we are getting it from. Do we pick giant platforms backed up by industry titans like Hulu, Spotify and Whole Foods? Is supporting small businesses, such as buying from Etsy stores, watching independent films, and shopping at farmers markets, important to your decision making? It can be a lot to process, at times to the point of anxiety and frustration.

The cloud has gone from a novel idea to upload your personal photos to, to a must have when it comes to backing up your business data. It has been said that over 6 million hard drives crash each year, so not having a cloud backup is basically no longer an option. Choosing a cloud service provider for your business is no different than any of these choices. Do you go with the multi-billion dollar corporations such as Amazon, Microsoft and Google? Do you choose the personalized and localized approach of a company such as Delval

Technology Solutions? Well, it depends on you and what you are looking for. Today we are going to focus on the head to head between your local service provider, and the monolith of business and consumerism that is Amazon.


AWS stands for Amazon Web Services. Like everything that Amazon does, when they start to see they are spending to much money on an outside service, they move it in house, and then lease it out to others. After encountering problems with the United States Postal Service, they created their own shipping fleets. After realizing they were spending huge sums of money on server fees, Amazon sprung into action and purchased server farms around the globe. From there, to expand on their revenue base, they launched the subsidiary known

as AWS. Using these massive server farms they acquired, Amazon began offering cloud services for businesses of all size across the globe.


AWS is known for it’s ease of use. Similar to Amazon’s other services, they pride themselves on not being to tech heavy and their ability to be understood by businesses ranging from tech novices to experts. Following the playbook utilized by their parent company, AWS strives to be a one stop shop for companies, offering a variety of software, network and analytic tools, and other products to bolster their cloud services. They also offer unlimited bandwidth, which makes scalability much easier, and security services to ensure that

working with them, your data is protected.


However, Amazon Web Services also has it’s drawbacks. One of the biggest, is their billing system. As a business owner, when you get an invoice, you want to know what you are paying for in an easily digestible manner. It can be frustrating to open up your invoice and see things that you weren’t using being charged to you, obtuse explanation of charges, or being charged for things that you didn’t know were add-ons. These are all complaints that AWS customers have made in regard to their bills.

In the past few years, data mining has gone from a relatively unknown industry term to a part of the cultural lexicon in regards to tech. Privacy concerns of the average citizen when it comes to big tech are mostly, in fact, based on the practice of data mining. As you know, your data is the lifeblood of your business, and is something that you must protect at all costs for the sake of your company and your customers. Unfortunately, one thing AWS doesn’t protect you against is data mining. In fact, they are usually the ones mining your data! Amazon is set up to mine customer data to gauge usage, buying and reviewing habits, geography and income. AWS mines your data in the same way, using their own analytics tools that they are reselling to you. Also, Amazon and AWS have found loopholes that allow them to sell your data to foreign corporations and governments, the same way that personal

consumer data is shown.

Another important thing to remember when it comes to AWS is the scope of the company. AWS has millions of subscribers around the globe. While this can be a good thing on certain issues, it also means that the chances of dealing with someone who knows you, your business, and where your data actually is are slim to none.


Think of your local cloud provider, such as Delval Technology Solutions, as your favorite family-owned store. While they may not have the same stock of a Wal-Mart or Amazon, they provide other things that these giant conglomerates can’t.  Your favorite deli remembers that you want hot peppers, but you hate pickles. The local hardware store owner helped you

handcraft your new deck. Your favorite bartender, well you don’t even have to order, your drink is waiting for you as soon as you make eye contact. A local MSP is no different than any of these local businesses. When you build a relationship with them, they get to know you and you get to know them, personally. More importantly, they get to know your

business. You aren’t just a code on screen being forwarded to some far away call center. You can walk into their office, shake their hand, and speak with them about tech issues that are important to your business. When it comes to advising you on your next steps, your local MSP is doing so with intricate knowledge of your business and your needs, something you can’t get from a giant company.

A company like AWS has server farms all over the globe. While this has it’s benefits in terms of operational scope it has it’s drawbacks as well. One of which is for bringing new clients to the cloud. It can take a new customer more time and headaches to migrate to a gigantic cloud than to a localized cloud. It’s also an issue of comfort. After all, this is your

network, the lifeblood of your business. Not knowing where it’s located can be a cause of anxiety for many. However with a local MSP such as Delval Technology Solutions, knowing where your data is stored and who is watching it is a transparent issue.

Chances are, you aren’t a technological expert. You are however an expert in your field, trusted by your client to handle their needs be it legal, financial or otherwise. It’s fair to say that you want your cloud service provider to be an expert as well. While a company such as AWS may have thousands of employees, they do not have thousands of experts. This can pose an issue while looking for solutions to complex problems regarding your network. A local cloud provider is different. They are experts at their systems, and due

to having a hands on approach, are teeming with solutions to any issue you may face, many times before you even have them.

Finally, and to many most importantly, is cost. Your local cloud service provider understands your budget and works to keep you inside of it while providing you the most “bang for your buck”. They can make sure you are only being charged for what you need, not things you may possibly need in the future.

When it comes to a cloud provider, there are many factors to take into account. What matters to you and your business can be many things. For some it's cost, for others it's comfort. Do your research, weigh the pro's and cons. This will help your business live a long life and not die "death by infinite choice."

Threats To Look Out For in 2021

2020 and the Covid pandemic not only changed the way a lot of companies do business, but it also changed the way hackers attack those businesses. Last year, cyber attacks were up over 200 percent, and this trend shows no signs of letting up. More people are working from home, utilizing mostly unsecure home wifi networks to access their company clouds. While many of these attacks being used by attackers have been used in the past, their methods are getting more sophisticated. What follows are the biggest threats to look out for in 2021. Protect yourself from these with proper software and protocol, and a security minded MSP such as Delval Technology Solutions.


Social engineering attacks are those that use your employee’s and even yourself to exploit your network. The most notorious of these is Phishing. Phishing attacks use misleading texts, emails and even phone calls to convince the recipient to execute an action that can range from inputting your email and password into a mirrored site that takes your data, to downloading a file that is full of malware, to even sending money to the culprit. These are done using emails and texts that look like they are for legitimate reasons from legitimate

sources. In 2020, phishing attacks rose by an astounding 600%.

An offshoot of this is called spear phishing, which is a more targeted form appearing to come from trusted sources such as CEO’s and HR departments. Pretexting has also been

on the rise. Pretexting relies on both trust and empathy. These criminals acted as a person known to the victim, maybe their boss calling and saying he is stuck and needs some help in the form of gift cards. While phishing is a more basic form, such as “You have just won a million dollars”, pretexting is more complex, with a believable story and a repour. However, regardless of how they are doing it, a social engineer’s goal is to get into your system, and get valuable resources, such as money or data.


Over the course of 2020 into 2021, ransomware attacks have soared. Many are familiar with the WannaCry attack that nearly shut down the UK’s National Health Services.  Ransomware occurs when hackers access a system and hold data for ransom, locking authorized users out of the system until the ransom is paid. Most recently, the Washington DC

Police Department was hit with a staggering ransomware attack. Over 250 gigabytes of data, including personnel files were held for ransom by a dark web hacking group out of India. While many other attacks have been prevalent, ransomware is perhaps the most concerning. There is no guarantee that if you pay the ransom you will get your data back. This is why proper encryption of your files and proper backup protocols are critical, as to not be left vulnerable and have your system open to attacks.


DDoS stands for Distributed Denial of Service. While the acronym may seem a bit confusing, the attacks are straight forward. A DDoS attack sends hundreds of thousands if not millions of requests, emails and data packets aimed to overwhelm a corporate server, in the hopes of shutting down it’s function. These don’t just shut down e-commerce sites or email servers, but they attack your entire network. One of the things they slowdown is referred to as SNMP, or simple network management protocols. These are the protocols

attached to your entire network and can shut users out of your system, and even throw your hardware out of wack. Last year, Amazon Web Services was hit with a massive DDoS attack that caused major headaches, even for a billion-dollar organization with high end security protocols. School districts in Massachusetts and a university in Canada were among those hit last year. However, all three chalked it up to a network failure, only to discover later that it was hackers who took down the network.


Traditional malware requires the attacker put implant a code into a system. This doesn’t make it any less dangerous, however it does make it easier to detect. However, we have seen an uptick in a new form of malware that requires no code. It uses operating tools within the network to work against your system and steal your data. The approach is also known as “living off the land”. The social engineering, we spoke about before is a method that is used to get into the system by these malicious actors. Once in the system, the

fileless malware usually is implanted into the registry or memory, making sure it runs every time that the system is opened. There is no file to detect, only self-writing

code that is hidden deep in the memory, stealing whatever the hacker sees fit, tricking your network into working for the criminals, against your business.

These often are used for cryptomining attacks, in which a hacker can transform an entire network into a cryptomining outfit, slowing down the network, jacking up energy bills, and potentially destroying hardware due to system overloads. Last year alone saw a nearly 900% rise in these attacks.


In March, Microsoft announced that the Exchange server system was hit with a massive worldwide Zero Day Exploit. A zero-day exploit is named as such as it occurs immediately when a vulnerability is discovered. Hackers work long and hard to find these weaknesses in major software, and when they do it’s off to the races. These exploits can take months for the attacked developer to realize, in Microsoft’s case it took almost 3 months from the original exploit until it was discovered and patched. Usually, the developer isn’t even

the party that realizes the exploit occurred. For the most part, a security watchdog firm or a hacked end user is the first to realize that the exploit is occurring, and in most cases after the damage is done.

These are just a few of the threats that we will be hearing a lot about in 2021. How they effect you is all about how you handle your security. The best thing you can do, partner with a security minded MSP such as Delval Technology Solutions. This gives you access to a team of experts, world class security technology, and most importantly, someone who has your back. On top of that, regular system maintenance, routine vulnerability checks, and staying up to date on your firewalls and anti-virus software will keep the headaches and the hackers at bay, allowing you the piece of mind to run your business in peace.

The In's and Out's of PCI Compliance

Paul runs a distribution company. They package, send, and deliver orders all over the area, and most of the transactions they deal with are electronic. Their servers are teeming with data from these transactions, including bank account and credit card numbers. Two weeks ago, Paul had to fire someone in the warehouse. The employee felt the need to get even, so he copied scores of credit card numbers that were in an unsecured folder on an office desktop. This compromised Paul’s entire operation and he knew he was going to face

consequences. He had been to lax on protocol for his network, and knew that when asked if he validated his PCI compliance the answer would be no. What happens, and what can you do to avoid being a Paul? Read on to find out.


PCI, or PCI DSS, stands for Payment Card Industry Data Security Standard. It was enacted in 2006 by the PCI Security Standards Council, which includes major credit card companies including Amex, Discover, Visa and Mastercard. Due to the rise in E-commerce and the subsequent rise in account breaches, it was put into place as a set of guidelines to ensure that customers account information is safe and to protect these companies against heavy losses. PCI has six goals, each with separate requirements for merchants

and businesses to follow.


Noncompliance can be a very costly thing. These fines on the regulatory side can be between $5,000 to $100,000 dollars per month depending on the violation. The fines are collected every month until compliance is reached. On top of that, your business will most likely face steep penalties from the card providers to cover their damages as well. While these charges may be manageable for big businesses, for small to mid-size businesses, these can be death sentences.


As stated before, the PCI SSC put together a list of 6 goals for your business with 12 steps to follow. They wanted to make these as easy as possible to implement as the goal is not levying fines but protecting businesses, customers, and themselves from cyber criminals.


The first goal is to “build and maintain a secure network.” This involves setting up security measures such as firewalls to protect data from being leaked. It also requires businesses to use custom passwords and change them regularly to further keep your network safe from intrusion. This is a very easy to manage step that can be implemented either in house or with a compliance forward MSP such as Delval Technology Solutions.


This goal is about protection of the data when sending through a network. We all know how credit card processes work at this point. It starts with the vendor and the information is transmitted to the financial institution for processing and approval. Different vendors have different networks, so encryption is the focus of this goal. Card information should only

be stored for necessary regulatory, business or legal purposes. When you do keep the data, you must block out key information such as cardholder name and the first 12 digits of the card. By properly encrypting your data, you can protect yourself and your customers from data-thieves and keep yourself within PCI compliance.


No network is impenetrable. In fact, the best offense against being hacked is awareness and defense. A proper vulnerability management plan is key to this. Always make sure your anti-malware and anti-virus software is up to date and running. Regular tests and assessments should also be run in order to spot any new vulnerabilities and ensure your network is

properly protected.


A big part of securing your network and maintaining compliance is making sure that only approved parties within your enterprise can access credit card data. This has to operate on a need-to-know basis, making sure that your employees only have the least amount of relevant card data to do their jobs. If it does not have to be seen, it should not. In addition, you need to employ robust passwords, which are defined as at least seven digits and have numbers, letters, and characters. Multifactor Authentication needs to be in place, making sure that anyone trying to access the system is verified via a second step. Finally, just as you have to separate your trash from your recycling and put it out to the curb on a certain day, you have to follow specific rules for holding and disposing credit card data. Unless otherwise stated by law, you must dispose of this information after 90 days, and must be destroyed after that point.


This may seem like goal 3, but this refers to your transaction network. Any endpoint or transactional system you are using needs to be monitored and tested on a regular basis. Transaction logs must be put on a central server and kept for one year. These logs should be reviewed daily to ensure that any potential breaches can be identified. On top of this, penetration tests should be run regularly to find vulnerabilities within your system.


We make plans for everything we do. We have maps and routes for trips, plans to meet friends, blueprints for buildings and just about every other facet of our lives. Your network needs a plan that is both thorough and easy to follow. You must have protocols for how to handle every part of the process of completing a transaction, for how to store, process and dispose of data, and to protect your network. Having this policy not only helps you and your team follow proper steps, but also helps any regulators looking track your work, making everyone involved life easier.

In the end, Paul had to shut down his business over this issue. Had he partnered with a focused MSP such as Delval Technology Solutions, or followed these guidelines, he would still be fulfilling orders. Don’t be Paul. Follow these simple guidelines, align yourself with a great MSP who can handle your compliance issues, and remove a major headache for doing business. You can thank us later!

Is it Time To Break Up With Your In-House IT?

The world of business changes at a pace that is unmatched. In the past year we have seen companies move from an office-based workflow to a work from home model. Software that used to have to be purchased yearly every time it updated has been replaced by subscription services. Onsite hardware to back up data has been replaced by the cloud. One thing that has not changed, however is the need for IT support. While many companies still employ the traditional IT guy or gal, others have found that going the MSP route works

much better. What is best for your business? Having a dedicated IT person certainly has it’s merits. They are employed by you, making your business their primary focus. Your IT person knows the ins and outs of what you do and have a relationship with both you and your employees. They are a specialist, which can be a good or bad thing, which we will touch on in just a bit. Let’s unwrap some of the gaps that can be caused by an in-house IT person, and why an MSP may be better for you.


Having a good to great in-house IT guy will normally run you in the six-figure range. This is not to say they are not deserving of such a salary, but it certainly can be a big dent in the yearly budget for a small to midsize business. With an MSP, your costs are shared by multiple businesses also using that MSP, meaning you get IT expertise at a fraction of the cost. What is more, many MSP’s also offer packages that include much of the subscription software you use, giving you access to the best technology at a much lower price. This is one of the key benefits to an MSP such as Delval Technology Solutions, you get all the talent of an in-house IT person, at the fraction of the price.


When you have a single person handling your IT, you are beholden to them, even if you are the one employing them. They are the single source for expertise of your network and are just one person. If they get sick or go on vacation, well you can end up having your whole network stuck at a standstill. What if they leave? If that is the case, you have to find a

replacement, train them, get them acclimated with your network, and this process can take weeks if not months, leaving your companies needs vulnerable. With an MSP such as Delval Technology Solutions, you have a team working behind you, not just one person. If one person leaves, or goes on vacation or gets sick, nothing changes, you still get the same great service without all that pesky downtime.


We have all heard the phrase “jack of all trades, master of none”. This refers to someone who is versed in many different avenues but doesn’t have a clear area of expertise. Most people in the corporate world fall into either that category or that of a specialist, highly versed in one area, but lacking in many others. This is no different for IT. Your in-house IT guy

may be a whiz at programming, but how are they at security? Your network is a multi-faceted system, that when working in harmony, can help propel your business to the next level and save you time, money, and anxiety. When it’s out of whack, it can have devastating consequences. Think of your IT staff as a doctor. You walk in with a broken foot to your general practitioner, who while familiar with feet, is not an expert. So what does he do? He refers you to a podiatrist. This is because the podiatrist specializes in feet. Now, if you were to walk into a major hospital, they have teams of specialists on hand, at your service depending on your ailment. That is the difference between employing an IT person, who is

akin to the general practitioner, vs hiring a managed service provider. A proper MSP, such as Delval, is like the hospital staff, teaming with specialists and experts for all of the moving parts of your IT needs, from helpdesk to security and systems management, for a fraction of the cost of a dedicated IT person.


As the old saying goes, time is money. When you experience a problem with your network, you need it handled as quickly as possible. Your IT person can handle this, if only one thing goes wrong. However, bugs, viruses, and attacks do not factor in your IT person’s capabilities when they happen, they just happen. Picture this, you have a system error that your IT person is rushing to fix. While they are handling that, you have two employees locked out of an account, potentially delaying them from reaching a deadline for a client.

On top of that, someone just opened an email they shouldn’t have and may have just compromised your server. These things happening one at a time can be bad

enough for an IT person to deal with, but if they happen all at once, that’s a recipe for disaster. With an MSP, you have a team at your disposal who can multi-task

and troubleshoot multiple problems at once. This saves you valuable time, which in turns, saves you money.

We get it, your IT person has been with you for a while. You probably have a bit of an emotional attachment to them. They know you, you know them, you are friendly. However, this is business, and at times we have to take a hard look at the facts and the numbers. Ditching your IT guy in favor of an MSP can do wonders for your enterprise. You will save money, as you are paying for a service that doesn’t need things like vacation days and insurance. You gain a variety of expertise as opposed to having one specialized employee handling a

network that has many different facets to it. You get a seamless experience without having to worry about a transition that usually comes with a ton of downtime, and you get the efficiency of a team working behind you. Is it time to drop your IT person and move to an MSP? Probably.

Data Loss and How to Protect Yourself In House and In The Cloud

Picture this. You spend hundreds of hours and thousands of dollars implementing a cloud solution to your network. Your team meticulously catalogs and backs up your data to the cloud. It’s working well, but you are still experiencing data loss. It is frustrating, as everyone has told you the cloud is the be all end all for backing up your data. There is some truth to

that. When you move your data to the cloud, it’s not backed up to a single server, but multiple servers around the globe, which does greatly reduce the risk for data loss. However, there are a few ways that your business can lose data in the cloud, as well as a few practices you can follow to ensure these losses are a minimal occurrence, and not a daily headache for your IT department and your business.


The cloud isn’t perfect technology. That is because there is no such thing as perfect when it comes to technology. These are ever-evolving platform and they are of course run by people. This brings us to the first problem, human error. We have all been there, you open a file, make edits, and forget to save your work. You open an email, click a link or an attachment, and before you know it, your data is corrupted, or you accidently save changes to a document that should not have been altered. We are human, and we all make

mistakes, and sometimes, those mistakes can lead to data loss.


Another issue that can lead to cloud data loss is third party apps. When some of these subscription apps update, they change format, which can affect your data. Data can also potentially be overwritten, such as if an update is occurring and a new file that is named the same thing as an old file, the old file will automatically be overwritten. This could also occur with entire folders.


The final way a data loss can occur is malicious activity. As you know, cyber-crime is on the rise, and cyber-villains are looking for anyway they can find to steal data, install ransomware, and engage in other malicious activity. Obviously, these actors can install software or use other methods to wipe out your data, regardless of your server if you happen to be a target. Remember, there is no such thing as an immunity to hackers, but there are always ways to protect yourself, some we have outlined in previous blogs,

and others we are going to show you now.


Due to it’s vast nature and multiple servers, the cloud is perhaps the most secure way to store your data, back-up your files, and run your network. However, you do have to make sure you take care of your network the same way you would your body. Just like you may have a daily routine for hygiene, exercise, diet, and relaxation, you should also have a routine for keeping your data safe no matter where it is and no matter what happens.

THE 3-2-1 Strategy

3-2-1 isn’t just for starting a race or blasting off anymore. In this case the 3-2-1 strategy is a great way to ensure that even if one method of storage fails, you are backed up. All data should have 3 copies, one original and two copies, on two different devices, with one off-site storage system. Therefore, it’s called the 3-2-1 rule.


While it seems obvious, backing up your data frequently is the best way to ensure that you have minimal headaches and minimal data loss. Make sure you have your auto-save feature enabled for any projects you or your team are currently working on. Utilize the 3-2-1 rule and make sure you have copies, and copies of your copies, stored safely and where authorized users can easily access them. Figure out which data is updated the most, and make sure they are the ones being backed up with a higher frequency. Use multiple methods

of back-up, both cloud and onsite hardware, as different backups work best for different type of data. There is no such thing as backing up your data to much, as it is better to be safe than sorry. That brings us to our next point…


Earlier, we mentioned that your files should be easy to distinguish. That was meant for those with internal access to your files. What about external access, which could be anyone, authorized or unauthorized. You want to make sure that you encrypt all files you back up. This will require authorized users to provide an encryption key to see said files. You want your account to be able to easily legible to say, your accountant, by having the file clearly labeled “Q3 2020 Financials”, but not to external operators who may be trying

to illegally obtain your data. Just like a burglar is going to look for houses with open windows and without security systems, hackers are looking the path of least resistance. If you have your data properly encrypted, the chances of having an outside force corrupt your data drastically decreases.


Who you choose as your internet service provider and your managed service provider can make all the difference. You want to know what they offer, down to the details of every feature, and if they put limitations on backups or maintain a backup schedule that differs from your own. A proper MSP such as Delval Technology Solutions will advise you on the schedule, on your hardware and software you are using for backups, handle your cyber-security needs and work with you to create a disaster recovery plan in case of an emergency.

Your data is perhaps your businesses most asset. System outages happen, breaches happen, accidents happen, but how you back up your data can mean the difference between a minor hiccup and a catastrophe causing productivity and financial losses. Cloud storage is a fantastic way to back up your data, but it shouldn’t be the only way you back up your data. Do not rely on automation alone, be sure to have multiple systems in place to back up your data, and protocol in place such as a back up schedule and a disaster recovery

plan. These things, along with the tips will surely save you time, money and headaches.

How Do You Know When It's Time to Change MSP's

Mike has been running his accounting firm for the past 25 years. As the time went by, his technology needs grew. What started as an office of two with two computers grew into a firm of 20, each with their own computer. When the pandemic hit, Mike decided to move his team to a remote model. When he did, he also hired an MSP, or managed service provider, as he knew he needed help. The first two months were smooth sailing, then something happened. As his MSP gained bigger clients, Mike’s company and his needs seemed to get placed on the back burner. Phone calls were not getting returned on time, help desk tickets went from hours to days, and the decision Mike made to help his

business, well, it began to hurt it. Mike was faced with a rough choice. He either had to hire an in-house, dedicated, IT staff, which he knew he could not afford to do, or to

dump his existing MSP. From there, he knew he needed to start shopping around immediately for a new partner, as tax season was coming up, and he could not afford any

more downtime.  The first time around when choosing an MSP, Mike went in blind, only knowing his immediate needs. Now, after dealing with his former provider, he knew what he wanted and more importantly, what he was not going to deal with. What are some other reasons people would want to change providers?



Response time is of the utmost importance when dealing with your company’s technology needs. Depending on the issue, minutes can cost you hundreds if not thousands in damages and downtime. No matter what the issue is, you want your MSP’s help desk to give you an expedient response. Not only could it save you downtime and money, but it will also make you feel your business is valued and not lost in the shuffle. Another big factor in this is the level of customer service. No one wants to feel dumb or like a second-class citizen, and it’s no different when dealing with your IT team. Ask yourself this “Does my MSP make me feel valued as both a business and a human being?” If not, it may

be time to move on.


Trusting a company with your systems and your data is hard enough as it is. After all, these are the things that power your business and allow you to track your performance. Your MSP exists to advise, implement, and optimize the technology side of your business. It is important that you can see the results of the work being done, and the changes being implemented. This allows you to know what is working and what isn’t, so you and your MSP can make changes accordingly. You could be getting the best advice in the business, but

without seeing the data to back it up, how will you know what is effective or what needs amending. The answer is, you can’t. Being kept in the loop by your MSP is invaluable, as is being able to trust that the decisions they are making are working as they told you they would.


Does your MSP get to the bottom of an issue the first time it happens? No company is immune to tech issues, be it firewall issues, system errors, or worse yet, breaches. How these are dealt with can be a make-or-break moment when choosing to continue with an MSP or changing course and finding a new partner. Do they take the band-aid approach, and just cover up the problem and keep it moving? Do they get to the root of the problem and fix it, ensuring that it goes from an avoidable issue to an issue that is being avoided? Those

are the questions to ask when analyzing your choice of partner.


This is perhaps the biggest concern when it comes to trusting an MSP and continuing to do business with them. In the past two years, we have seen a rise in MSP’s getting hacked. From the hackers point of view, it’s simple. Why take the time to hack one business for their data and access to their network, when you can hack an MSP and get that information for multiple businesses? You want an MSP that takes their security as seriously as your security, not one that fails to practice what they preach. Ask for an explanation of what they do on their end to protect the data of you, their other clients and themselves. You also need to make sure they take compliance seriously. An MSP that isn’t on top of their compliance isn’t on top of your compliance, and this has serious consequences. As covered in previous blogs, being found non-compliant can cost your company thousands, if not millions of dollars in fines depending on the sector you are in.


Do you look at your MSP bill every month and see things that you are being charged for that you never use? Does your MSP take a “one size fits all” approach?  Just like with your

cable company and other services you use in your personal life on a day-to-day basis, you want to make sure that you are only being charged for what you are using, not what you are not. A great MSP, such as Delval Technology Solutions will offer a la carte or tiered pricing plans to make sure that you are getting a solution that fits your business.

After doing his research, Mike realized that it was time to dump his existing managed service provider and move on. He knew what to look for, an MSP that was based on security, customer service, and proactivity. At first, he was cautious to trust based on his past experiences, but eventually he found the MSP that was right for him. They were willing to show him each step of the process, and he felt like their only client, although he wasn’t. Mike learned what many before him already have, a great MSP partner is invaluable.