When it comes to cybersecurity, many companies struggle to keep a strong security posture. In fact, many of them live under the premise that their employees are constantly aware of potential security risks. The reality is that everyone is prone to human error every once in a while.
If your company doesn’t have dedicated IT staff or doesn't have any security measures, you will end up being attacked. Cybercriminals are not selective and can attack anyone and everyone.
For this reason, we asked the Senior VP of Technical Operations at Executech, James Fair, to break the common misconceptions about cybersecurity and give advice for the best security practices.
How did Executech originate? What has the journey been like since your launch in 1999?
Executech originated with one man working out of his garage and driving around in a Ford Ranger with a broken heater. Eric Montague realized there was a need for organizations to have an onsite consultant that they could call when needed. Businesses wanted a single person that got to know them and their environment rather than calling and getting a random person each call.
The journey was slow but steady until 2009 when Eric hired his first salesperson. From that point the growth became exponential.
Can you tell us a little bit about what you do? What are the main challenges you help navigate?
At Executech we like to call ourselves the IT Outsourced Department. We don’t just handle one aspect of technology. We handle all facets of IT for an organization. We remove the burden of having to deal with IT by providing an assigned consultant and a team of experts behind that person to back them up. IT is a diverse and ever-changing landscape that is impossible for a single person to navigate and understand all parts. We leverage a team of over 150 technicians across the West and we all collaborate to support each other to provide the best possible services and technology solutions for our clients.
Helping organizations figure out how to implement cybersecurity solutions in a roadmap fashion so they’re not attempting to take it all on at once. Providing layers of security to help prevent attacks or recover from them if one occurs. We help organizations migrate to the cloud which offers dynamic and quickly scalable resources as well as work well for a work-from-home staffing situation.
What was it like providing IT services during the pandemic? Were there any new challenges you had to adapt to?
Mostly we experienced a huge shift to the work-from-home environments. We had a massive influx of requests for laptops and VPN licenses. We also had to pivot to figure out ways to secure those employees that were no longer protected by the office network infrastructure.
In your opinion, what are the most common misconceptions surrounding cybersecurity?
The first one is it won’t happen to me because we’re a small target mentality. A lot of ransomware attacks are done in a so-called spray and pray attack manner – attackers aren’t being selective about their targets. They are going after anyone and everyone. The less security you have in play, the more likely you are to be targeted. The size of the organization is no longer relevant.
Another misconception is that cybersecurity technologies are ridiculously expensive to implement. While there aren’t solutions that are good and free, we aim to provide cost-effective and tiered solutions so we can scale over time.
I've also noticed a common mindset that only focuses on keeping the attackers out. There’s certainly nothing wrong with taking that approach but far too few organizations take the time to put plans together in the event of a breach.
Finally, many companies believe that their employees won’t click on things they shouldn’t but everyone can get busy and make mistakes. Having spam filtering, DLP (Data Loss Prevention) and end-user training can go a long way toward preventing accidental breaches.
Although there are plenty of security solutions and providers available on the market, certain companies and individuals still hesitate to upgrade their cybersecurity. Why do you think that is the case?
I believe that a lot of companies don’t have a dedicated staff for cybersecurity initiatives. You end up with a C-level or overwhelmed IT manager attempting to tackle what can seem like an overwhelming number of attack vectors and solutions. Knowing what to implement is just as important as what product or vendor to choose.
Additionally, cybersecurity comes with a cost. And some products are priced to be out of reach for many in the SMB space. We strive hard to provide products that are accessible to all organizations and allow them to scale to more complex solutions.
When it comes to remote work, what are some of the worst cybersecurity habits that can make companies extremely vulnerable to cyberattacks?
From our experience, these are the worst cybersecurity habits:
- Insufficient backups. We refer to backups as the holy grail of computing. You can recover from fire, flood, theft, ransomware, and other disasters if you have proper cloud backups. Far too often we find organizations that have been breached but do not have backups. That is not a fun conversation.
- Not providing work devices. If the computer at home for work is the same one used by teenagers who aren’t vested in security, you’re taking a risk.
- Not having an enterprise-grade firewall. The only thing between your business network and the rest of the world on the Internet is your firewall. Invest and choose wisely when it comes to that purchase, especially for those back at the office.
- Not segregating administrative access. Rather than taking the approach of keeping the attackers out, consider what would happen in the event of a breach. If all users have access to all areas and all products, so might an attacker if one user gets breached.
Do you think businesses of all sizes should invest in IT solutions tailored specifically for them or is this practice only relevant for large enterprises?
Absolutely! Some measures in place will always be vastly better than no or little cybersecurity. These days I would suggest we consider it like insurance – a necessary part of doing business, just like driving a car. To go without it is to invite far too much risk.
What security measures do you think are essential not only for organizations but also for casual Internet users?
I would consider the following as the most essential ones:
- Using Multi-Factor Authentication (MFA). One of the easiest steps you can take and a huge improvement over username and password alone.
- Installing a good antivirus program. Good ones include a lot of features to prevent ransomware infections. I cannot recommend free or the products that come with an operating system. Antivirus programs are the last line of defense, so make sure it’s a good one.
What does the future hold for Executech?
Executech continues to strive to be one of the largest MSPs in the West while maintaining our people-first culture. We are committed to staying up to speed on the latest products and services that are the most effective for our customers. We are also committed to staying at the forefront of the move to the cloud environment while maintaining security.