The “it won’t happen to us” attitude is still a common occurrence when it comes to businesses and their cybersecurity. However, no one is immune.
Cyberattacks have always been one of the major threats to any company, causing major financial losses. And with the pandemic forcing everyone to work from home, the use of personal devices and networks made organizations more vulnerable, resulting in more successful attacks.
For this reason, cybersecurity shouldn’t be taken lightly. And while it can be difficult to figure out the best measures to take, various solutions, such as managed IT services, exist to consult any business.
Today, we invited Adam Pecio, the President and Owner of Synchroworks – a company that offers managed IT services and solutions, to discuss the cybersecurity environment, threats, and prevention methods.
Both your team and client base have grown exponentially since your start in 2004. What was the vision behind Synchroworks?
Originally, I started the business as an independent consultant. As my client base grew, I realized I had an incredible opportunity to expand the business. My clients trusted me, and I pride myself on delivering unmatched service and support. I have ensured that I was always available for my clients regardless of the time of day. To grow the company, I knew I needed to hire people that have the same dedication and attitude towards our clients. I am careful about who I hire and ensure that they will exemplify what I stand for and what Synchroworks means to our clients. My vision continues to deliver unmatched customer service and be a leader in the managed service provider industry in the Greater Toronto Area, as well as expanding across Canada.
Can you tell us more about what you do? What are the main challenges you help navigate?
As a managed service provider, we want our clients to see us as an extension of their team. We either supplement our larger clients’ IT teams with our staff and resources or are their outsourced IT team. We take the time to intimately understand our clients’ IT infrastructure and what is most important for them to run an efficient business. We tackle everything from day-to-day operations and user support up to providing strategic IT direction for our larger clients. In many cases, our clients trust us and recognize our value, and they ask for our input in overall strategic business decisions.
Specifically, we provide desktop support (hardware and software), network implementation and optimization, cybersecurity consulting and implementation, hosted VoIP and Internet services, hardware and software procurement, and in special cases, we also provide web application solutions.
You describe Synchroworks as technology-centric. Would you like to share more about your approach?
Every department in an organization relies upon technology. When we have our first discussions with a new client, we want to understand their business goals and objectives. We then devise a strategy to provide recommendations on how different technology solutions can assist them in achieving their goals: whether it’s a new application or software, IT optimization, or looking for ways to reduce costs or increase value in their investments in technology.
What was it like providing your services during the pandemic? Were there any new issues you had to adapt to?
Technology never stops, and in fact, the pandemic only emphasized how much an organization relies on technology. Our clients quickly realized that they needed to implement a remote access strategy to allow their employees to work from home. This involved providing remote access with secure connections, access to files and data quickly and securely, and new ways for many to communicate remotely. We saw unprecedented adoption of cloud strategies, whether it was clients migrating their on-premise applications to the cloud, or migrating Exchange servers to Microsoft Office 365. Of course, we saw a huge implementation of Microsoft Teams and the use of Zoom.
This pandemic quickly exposed just how unsecured many organizations are: they had huge gaps in being able to provide remote access, how exposed their network was, and how outdated their cybersecurity practices and implementations were. We have seen an unprecedented amount of successful attacks and breaches. It has required us to be champions of security and constantly remind our clients how important it is that they continue to be diligent in preventing, monitoring, and educating their employees to stay one step ahead of hackers.
With more people working from home these days, what cybersecurity solutions do you see becoming an inseparable part of remote work?
Obviously, providing a highly secured connection is paramount for remote workers. However, with the continued migration to cloud applications and managed services, the emphasis is not necessarily secure connections to the internal network. For example, none of our data resides locally in our office. We are 100% cloud-based: all of our files are in the cloud, and all of our applications are third-party providers. What this means for us and the security of our clients is that they are relentless in ensuring that all access uses multi-factor authentication.
Furthermore, it’s crucial that IT administrators are aware of what is occurring on user devices, what they are accessing, and how they are connecting to the services and providers. I think that many businesses want to be very flexible for their employees, and all too many times we have seen users mix their business use with their personal use on corporate devices. This is where mistakes happen, and the users create vulnerabilities to organizations’ networks and data. Companies need to be relentless in securing their data and intellectual property. Administrators need to be strict in how the employees use corporate devices and what they access on the Internet.
We have seen organizations become so strict on security that they are now providing dedicated Internet connections to employees’ homes and requiring that the employee keeps a separate network for work from their personal and family use. If you have a large workforce at home, we are now recommending an MPLS implementation to the users’ homes. It has become incredibly cost-effective to do this, and most organizations don’t realize it. The most important question a company must ask itself: how much can you afford to lose? How invaluable are your data and intellectual property? This should govern how much you spend and implement for corporate security.
Even though there are plenty of companies offering cybersecurity solutions nowadays, certain organizations and individual users still hesitate to upgrade their security. Why do you think that is the case?
Simply put – money and ignorance. At its essence, implementing cybersecurity is looked upon as just another form of insurance. It’s nothing more than an operating cost with no return on investment. As stated earlier, it comes down to what are you protecting and why? Where we have seen a huge uptick in attacks is not the stealing of credit card information, user data, or company “secrets”; it’s transferring money out of the organization. We have seen hackers infiltrate companies and set up fake accounts, or change suppliers’ accounts to their own personal accounts so that when bills are paid, they are going straight to the hackers rather than their vendors. Once the money leaves, it’s impossible to retrieve it. Here’s an example: we saw one client lose $10 million in a venture capital investment. This organization was infiltrated through access to email accounts. The organization was about to receive a $10 million investment. After tracking emails between the organization and the investors, the hackers knew the date and time the money was to be transferred. They intercepted the money and rerouted it to their accounts.
Most breaches occur because of weak security practices and a lack of education. We have recommended security investments to clients that they have not implemented any measures because of cost, time, and time again. We have seen them suffer losses 10 to 20 times bigger than the investment. And cybersecurity insurance is becoming more and more expensive, and more importantly, even harder to collect. We continue to see clients finally spend the money they need to or implement security policies after they are breached. There is still too much of an “it won’t happen to me” attitude, especially with smaller businesses.
In your opinion, what IT and cybersecurity solutions should entrepreneurs be focusing on when starting a new business?
Organizations need to invest in a sound infrastructure solution that’s easy for their users, reliable and secure. Office 365 is by far the easiest to implement, extremely reliable, easily accessed, and secure. Organizations need to move away from on-site storage and on PC file saving and put their data in the cloud. It’s the easiest way to share data with others within the organization and access it from any device. The PC should be nothing more than providing access to applications and data in the cloud. A user should be able to go from one PC to another with minimal disruption and zero data loss.
There are cloud applications of all sizes and investments to run a business. CRM, finance, support, project management, etc. There is an application for every aspect of a business. It’s a matter of finding the right applications that will fill your budget and requirements and integrate with each other. We assist our clients in finding the right mix of applications to help them run their business.
For cybersecurity, it’s a mix of investing in the right technologies and ensuring that you are continually educating your staff. Each company has to have the basics: firewalls, VPN, multi-factor authentication, antivirus, etc. But they need to continually educate their users, as well as test them with various phishing attempts to see how vulnerable your organization is. Companies need to review security practices on a regular basis and run penetration testing to ensure that they are protected as best as possible.
As for casual Internet users, what personal security tools do you think will be trending in 2022?
Passwords continue to be the biggest vulnerability. Users need to ensure that they implement multi-factor authentication to protect themselves. We see an increase in discussion in moving from passwords to passphrases as they are even harder to crack. The use of biometrics will continue to increase and improve.
What does the future hold for Synchroworks?
Continued growth! We envision that the small business community will continue to outsource more and more to managed service providers. Organizations realize that it’s much more cost-effective to invest in a company like ours, where they get a team of IT professionals with extensive experience for the same or lower cost than hiring a full-time IT resource. You can no longer ask one person to be an expert in all aspects of technology. There are just too many different technologies for one person to provide effective support, and have the knowledge to service and protect an organization. For larger organizations, we will continue to supplement their IT teams, and be a trusted resource for providing best practices to their technology requirements and investments.
We will continue to be fierce security advocates for our clients. We will do everything we can to protect their assets and secure their businesses. This will continue to be one of the largest threats to businesses of all sizes, and we want to manage their cybersecurity solutions so that our clients can focus on growing their businesses and revenue.