Why Smaller Businesses Can Be More Susceptible to Hacks



The last few years have seen major breaches at sprawling corporations such as Facebook, Yahoo, and Marriott Hotels. The list continues indefinitely, and the total losses amount to many billions.

Between overreaching government surveillance, ISPs monitoring us, and the world of cyber-crime, online privacy continues to shrink. Today’s children will never have known the Internet of the past before the total control of tech monopolies and so-called “bulk” data collection efforts of both domestic and foreign governments. Because many of these tech giants do not adequately protect against hacking efforts, even with their massive budgets, the small to medium business owner might feel that these outcomes are unavoidable, and therefore take no proactive measures against them.

Corporation tend to ignore the signs leading up to a hack even though attacks have been steadily rising through the years. They instead prefer to mop up afterwards, and so have set a trend for poor information security. Still, these megacorporations do possess the resources to strengthen their cybersecurity, and so the online criminal element often decides to target the smaller players.

In fact, many dozens of smaller businesses are targeted each month with the attacks being launched from all over the world, many times from overseas. This is despite some smaller business owner’s argument that their small size alone is enough deterrent. They tend to imagine a hack that pulls off something more extreme, such as a ransom on their networks, but most attacks aim to steal and sell people’s data and identity.

Today’s attacks are carried out with robust yet freely available and highly automated tools such as Metasploit and the Kali Linux operating system. It is often not necessary to have knowledge of programming or the ability to write your own scripts in order to lead an effective attack against a network, and as much as 80 percent of all data breaches are a result of weak password security.

Many people and companies will reuse the same weak passwords across several sites, platforms, and networks. Once one of these is compromised, the rest tend to follow. Passwords can be compromised in any number of ways, with the weakest susceptible to simple brute force attacks or rainbow table attacks against stolen hashes (an encryption technique) of the passwords.

It is not uncommon for CEOs and owners to be unaware of exactly the password policies their management have set. Experts in information security have long emphasized that although these policies must necessarily stem from upper-management, everyone must be on-board and playing their part. Frequently changing passwords and making sure to eliminate permissions for any ex-employees right away is critical, as there are many online grey-markets where sensitive network information can be sold.

A common assumption is that an effective cybersecurity infrastructure is by its nature expensive.  A company does not need thousands in budget to make themselves at least less attractive to criminals however. Keeping online credentials private and not sharing login information between employees goes a long way.

Effective security often operates on a “need-to-know” basis. VPN services are cheap, easy to use, and grant so many benefits that not using one is a mistake. From avoiding ISP throttling and surveillance, thwarting region restrictions, and creating an encryption tunnel between you and the Internet, these services can be invaluable. Certainly you should not connect to a public WiFi without going through your VPN. Finally, many enterprises use password management apps and software, which by default provide security.

Brivo and Eagle Eye Network Integration

Brivo and Eagle Eye are now working together for total system integration of access control systems and cameras. With the ability to review live events and to record video to a Brivo Onair interface, this cloud-based solution is pushing the envelope in networked, cloud-based access control.
With Brivo Onair being fully integrated with Eagle Eye Networks, a fully comprehensive access control and video surveillance solution can be designed from the ground up. The platform exists in the cloud, taking care of the processing needed for access control and video monitoring, and it can be accessed and administered from anywhere, with any computer with a web browser.
An intuitive interface enables integration with Eagle Eye networks and makes administrating a system simple. On the Brivo home page are two new shortcut buttons. One of these accesses Brivo Mobile Pass, and the other takes you to the Eagle Eye video integration panel.
By logging into your Brivo Onair account and entering your Eagle Eye credentials, you have now created a link between the accounts. The next step will be to associate existing Eagle Eye cameras with the Brivo Onair account. Once this is done, you can access the Eagle Eye Directory in the sub-menu of your Brivo Onair account. This directory page will show you all Eagle Eye cameras that are presently associated with the Brivo account. In order to add new cameras, simply click the New Eagle Eye Camera button. On this page you can name each camera and associate both sites and devices to it.
This seamless integration between these two top-level access control and video monitoring companies gives you incredible ease of access, simplicity of administration, and cutting edge security for your building or site. STST is experienced with both Eagle Eye and Brivo systems and is the answer to your access control needs in South Texas.


Security Technology of South Texas is an authorized integrator for many surveillance and access control manufacturers and has designed systems with this kind of functionality.


Please contact us at  admin@gostst.com on our website

or by phone at  210-446-4863   24/7

Brivo: A Fully Integrated Security Platform

Brivo systems for building security and access control are able to automate security and management of access control systems for buildings. These systems are fully scalable and are cloud-based.

The features of a Brivo access control system are robust and extensive. With general access control, building access control can be automated and include reports to your phone. Brivo offers a mobile management platform which allows administrators to enable users to access doors with their phones remotely. Visitor management is also a focus, and a comfortable and welcoming environment is maintained while still automating tracking of visitors.

Video surveillance cameras will offer real-time visual access to critical areas and simple access to visual records. Identity management updates the user identity across multiple IT systems. Elevator control is also available. This allows a view of who has access to what floors as well as the ability to manage elevator traffic in taller tower buildings.

Brivo uses a unique security platform called Brivo Onair API. This cloud-based solution allows building access control to be custom designed with centralized management. Of course, without solid cybersecurity, electronic systems such as these are vulnerable to attack and exploitation. Brivo builds their products to use 256 bit AES encryption, with no open inbound ports to allow for attacks. Real-time alerts allow administrators to see DDos and Bot attacks and begin to take action against the attack.

AES 256 bit encryption is the same protocol used in banks, and Brivo also employs a SHA256 certificate with a 4096-bit key. Control panels communicate on just a single outbound port (443), which greatly reduces the “attack surface” that open ports create in a network. The Onair Cloud service also has components to detect bots and DDos attacks, with every production component having a redundant counterpart. This includes firewalls, load balancers, web servers, application servers and database servers. Furthermore, an independent auditor conducts annual SOC 2 audits to verify full security and compliance of Brivo Onair systems.

This is a small summation of the technology behind Brivo’s industry leading access control and video surveillance technology. By putting total control in your hands, this cloud-based system allows simple, time-efficient management of systems of any scale remotely.

The user can feel safe in the knowledge that Brivo is aware of potential risks and attack vectors, and has taken measures to protect against them. While these details of cybersecurity are not often looked at in depth in articles about access control, they are critical in ensuring the safety and viability of the system, and without them, an access control system may merely be creating new vulnerabilities to a buildings security and safety.



Security Technology of South Texas is an authorized integrator for many surveillance and access control manufacturers and has designed systems with this kind of functionality.

Please contact us at admin@gostst.com on our website

or via phone at 210-446-4863 24/7

SALTO XS4 GEO Cylinder and The JustIN  Mobile Interface

SALTO’s range of compact electronic cylinder locks are designed for doors where fitting a full-sized conventional handle and lock is not possible or needed. These cylinder locks, like the other SALTO products, are totally free of wires and are networked through the SALTO Virtual Network and SALTO Wireless network.


Several models are available including half cylinder, cylinder with thumb turn, double cylinder, padlock, and with a wide variety of profiles, e.g., Euro profile, UK oval, Swiss Round, Australian oval, Scandinavian profiles, ANSI profiles.


These locks can be integrated into existing Brivo infrastructure, among other manufacturers. It is also common for SALTO secured facilities to include interior facing panic bars to equip emergency exit doors with the ability to trigger a panic alarm as soon as they are pushed open.


In order to bring smartphones into the access control environment, SALTO uses their JustIN technology to integrate smartphones with their locks. JustIN Mobile BLE permits doors to be opened via smartphone, turning the phone into an update terminal for credentials.


This is accomplished through Bluetooth Low Energy (BLE), a standard for communicating between a smartphone and electronic locks. The mobile key is provided Over the Air (OTA) from proprietary management software to an installed JustIN Mobile app on a registered and verified smartphone. After this, the user will receive a message that a new key has been provided and information on which doors he now has the access rights to.


After this, the user only needs to present the smartphone to the lock in order to gain access. All data including the mobile key are encrypted and secured against cloning.


Because users can get these mobile keys at any time and any place, access control solutions are given greater flexibility when issuing and receiving rights without losing out on security.


This system can be used in conjunction with or as a replacement of RFID credentials.


Another SALTO protocol for phone based access control integration is JustIN mSVN.


JustIN mSVN (mobile SALTO Virtual Network), is technology for updating access rights for any credentials using mobile communications. It makes use of the mSVN app and the NFC interface of smartphones. Through this technology, the SVN can be expanded to spots with no online wall reader. Access rights are updated via direct communication between the phone and the credential instead.


Any new access rights or blacklist information are communicated to the user from a server to the mSVN app. The smartphone will then serve as the update point for any new credentials moving forward, taking the place of what an XS4 online reader would usually do. All data is encrypted and secured using Mifare DESFire EV1 technology.


Security Technology of South Texas is an authorized integrator for many surveillance and access control manufacturers and has designed systems with this kind of functionality.


Please contact us at  admin@gostst.com on our website


or via phone at  210-446-4863   24/7