Chris Connor, Glo: “the lack of cybersecurity and awareness in staff is what is hugely overlooked in businesses”

In a world where threat actors are exploiting companies during uneasy times, cybersecurity should play a major role in business development.

Attacks in cyberspace are becoming more common, causing business disruption, reputational damage, and major financial losses.

While regular users rely on antivirus software for cyber protection, organizations require advanced security measures, starting from cybersecurity awareness training and managed IT support.

To learn more about the best cybersecurity practices, we invited a person passionate about the topic – Chris Connor, the Managing Director of Glo – a company that specializes in IT support and technology services.

How did Glo originate? What has the journey been like throughout the years?

Years ago, I began as an IT manager with a fascination for all things tech-related. I found the job easy and knew I could run the show myself. I soon started chatting with a colleague, and together, we started an IT business. Whilst we found success, after several years, I was advised that it would be better to go solo. So I handed my notice in and started my own business: Glo was born. During this time, my wife and I had a daughter, Mia, who was born with severe disabilities and needed around the clock care. This played a huge part in the business’ journey. However, Glo has gone from strength to strength – we have sustained steady growth, and it has enabled not just me but the team to indulge in a career that feeds their passion and hobby. That is one of the most rewarding aspects of the Glo journey. We rode through the pandemic and the big crash quite smoothly as we ran a lean ship: for example, everyone worked from home. One thing that I could see impact us in the future is businesses shoving everything in the Cloud, not needing infrastructure, and everything looking after itself in that respect. Only time will tell, and we can still be on hand to help them through the process.

Can you tell us a little bit about what you do? What are the main challenges you help navigate?

We are an IT support company that manages IT needs for businesses by supplying everything they need, managing their problems, and making sure their systems work effectively. One of the most common challenges we help navigate is helping people out of problems they have created or problems that their systems have allowed them to create.

My day-to-day job as MD of Glo is keeping the team focused on our vision and goals, delivering WOWs, making sure communication is golden, and bringing the most powerful relationship for our customers, as well as keeping the energy and fun going for the team.

The main challenge in the last few years has been people. People who are not fully aware of their limited understanding of IT as a little bit of knowledge can be more dangerous than no knowledge. You could argue our interview process is at fault, but we employ people based on their personality, energy, and drive. It can be tricky to find really great staff that truly care and have the expertise the business needs. Something I read on a Reddit thread really hit the nail on the head for me: “I may not be the best out there, but I can learn and grow, I know how to talk with people, and most importantly, I care. You can’t pay people to care – you either care and are passionate about learning and helping, or you aren’t, and it shows.” The people are the DNA of any business.

In your opinion, what IT and cybersecurity details are often overlooked by new businesses?

The lack of cybersecurity and awareness in staff is what is hugely overlooked in businesses. It is scary how easily individuals can be deceived through the art of phishing, even well-hardened figures and MDs of companies are being caught out and creating a huge vulnerability in their systems. Above all, I believe better, regular training on cybersecurity is required for every role in a business.

How did the recent global events affect your field of work?

Recent global events, from the pandemic to Brexit, the Ukraine war to the rising costs of living and energy, haven’t in any way, shape, or form impacted us as a business yet. Following topical events, one customer reached out to check that their Disaster Recovery was in place and what we would do ‘if’ there was no power in the whole of the UK. This opened up a valuable conversation as it reiterated to them that a DR is not 100% fail-proof and has limitations while also reassuring them in other ways of how their DR plan is as sturdy as it can be.

Although there are more security solutions and providers available than ever before, certain companies and individuals still hesitate to upgrade their security. Why do you think that is the case?

There are a lot of very expensive solutions that don’t actually solve some of the simplest of problems that people fall victim to. You can have an antivirus, a firewall, and tools that discover ransomware threats, but all it takes is for someone to receive a phishing email and they transfer money from the business to a random source, and you are never going to get it back. In the industry, we often refer to these solution providers as snake oil sellers, with solutions being sold that achieve something but aren’t really going to make a difference where it counts, especially when there are so many ways for hackers to slip through the cracks. However, it is still worth investing in your security to make yourself a lesser target. I’m not sure whether businesses are hesitating when it comes to security solutions or we are hesitating to give them solutions. At the moment, the industry is providing small solutions to a very large problem. You can make small progressive steps as long as you are aware that you cannot be 100% protected and that something new will pop up next week.

When it comes to customized cybersecurity systems, is this something businesses of all sizes should invest in, or is it only relevant for large enterprises?

Every business should absolutely pay attention to their cybersecurity and be aware of their exposure and what it is going to cost them if their system is targeted. Everybody should do something to protect their business, but it depends on their individual exposure level, threat level, and cash flow amongst other factors to determine how much they invest in their cybersecurity.

What are some of the worst cybersecurity practices that can make companies extremely vulnerable to cyberattacks?

This again boils down to users. It is the lack of education for the people on the ground, especially the people in the Accounts department that deal with payments. As well as this, businesses may not have robust processes to monitor accounts and payments to prevent successful phishing. Another vulnerability is people getting into ransom networks through shoddy practices, including not changing passwords regularly, having too many users with administrative access, and not patching their servers properly, to name a few.

With work from home becoming the new normal, what cybersecurity solutions do you see becoming an inseparable part of remote work?

A critical element to successful remote working is having a decent connection that is robust with good wireless, cable, and bandwidth control that is not at the mercy of the kids in the house killing your internet connections. This is almost above cybersecurity when it comes to working from home, as you want your team to be working efficiently and be able to connect in without regular issues. Other than your typical cybersecurity best practices, it would be to stop trusting VPNs everywhere. If you are remote working using a VPN and a hacker attacks your PC, they will be able to easily connect to the rest of the business network, and it is their lucky day. Often the issue is that businesses view many cybersecurity best practices as an inconvenience, such as VPNs and 2FA, where there is an extra step they have to follow when they sign in. Unfortunately, the benefit of an extra layer of protection for their system doesn’t outweigh the inconvenience of them going through a less than 30-second process each day.

What does the future hold for Glo?

Providing ethical infosec. We want to cut through the noise of others in the industry that are charging an absolute fortune and delivering bog standard security. For us, it's not about making loads of money but delivering security properly to customers that need it and not ripping people off. People are sitting up and listening to cybersecurity as it becomes an increasingly prevalent presence in the tech industry, and rightly so, but we want to be the good guys delivering a service that actually makes a difference and directly helps target vulnerabilities where they happen most often. We are passionate about all things tech, so for us, this is just an extension of who we are and what fascinates us.