Understanding Business and Technology Risk in 2020 and beyond

Here is a transcript of the video content for those who prefer to read.

Hello, Thanks for clicking play.

My name is Jesse Hill, and I’m the president of Tier 3 I.T. Solutions. We are a mid-sized I.T. Solutions Provider who focuses on helping our clients and their businesses more effectively leverage technology in their operations and their pursuit of their own organizational goals.

Over the last couple of years we’ve had the good fortune of receiving some awards and recognition for our business operation, growth, leadership and community involvement. We’re proud of these as a testament to our contributions not just to our own business but to our community and to the clients we serve. We hope to get to know you a little bit more.

One of the things that makes Tier 3 IT Solutions unique in the I.T. space is that we approach every single one of our client engagements from this belief that technology is here to support you in achieving your business goals. We also acknowledge that technology is a powerful tool for helping to overcome business challenges and obstacles. And finally, no two strategies are the same.

We work with a number of different businesses in similar industries, and it amazes me how we see over time that businesses who appear to be the same from the outside are actually quite different. When you get inside and understand their goals and the business challenges that they’re trying to overcome.

We believe strongly that relationships and understanding the personal interaction between your people and the use of their technology is important. And that, computers are tools to help your people do their jobs, and to grow your business. And part of our role is to make sure that your technology is stable, supported, and reliable.

What we’re really here for is to help build stronger businesses. I’ve always considered our team to be business advisors who specialize in technology, and we bring that specialization to our clients to help them implement that into their business.

So today we’re going to talk a little bit about technology risk and how it impacts small and medium businesses. We often hear about the iceberg analogy where 10% of what goes into a solution or a product is seen and experienced. And so most small and medium business owners, what they expect is that their it systems are stable, secure, and supported. The bit that’s underneath the water and unseen is what an IT Solutions Provider like us is doing for you. We’re constantly working on making sure that your systems are stable and secure by managing risk around technology, things like virus protection, ransomware protection, making sure that you’re patched and updated. So you don’t have those known vulnerabilities and risks we’re always working on proactive phishing campaigns and email strategies, to make sure that your people are protected, that they’re aware of what a good or a bad email looks like, and hopefully not falling victim to it.

But we start talking a little bit more about the people aspect, things like social engineering, you know, it’s amazing how much information people will get from a phone call and how these people that are looking to gain access into your business are targeting and working actively to infiltrate your network through social engineering activities. Ultimately in the big picture of internet security this will come through as brute force attacks. And we’re all starting to hear about these hacker collectives targeting specific organizations, industry sectors, those types of things. These are all threats that are outside your business. And there’s pretty good information and strategies out there about how to address these items.

What we want to talk a little bit more today is about the internal threats, the threats that come from rogue and disgruntled employees, or uneducated employees who are accidentally compromising your business. We now have all these laws now around mandatory reporting of breaches, specifically when it relates to personally identifiable information, financial information, and those types of things. And the interesting thing about this is that, an employee inadvertently sending an email with personal information to a third party is considered a breach. So is a hack from a brute force attack or a social engineering attack. So these are what we would consider internal threats and they’re things that need to be dealt with as well.

In 2020 we’ve had this massive shift into the remote workforce. And so this is what I want to focus on today because I think a lot of businesses haven’t fully appreciated and adapted to what has happened.

We have that age old question… Have you seen the remote? You know, it’s lost in the coach cushion somewhere, but what we’re going to talk about today are the remote workers. We’ve seen statistics where they’re saying that by the end of 2021, we could expect up to 30% of the workforce to be working from home or from a remote location multiple days per week. This is in contrast to pre COVID where the estimate was that maybe 5% of the working force did this. So we’re talking about a five to six times jump in the number of remote workers over the next year and a half. Which is significant and really represents a massive shift in how we do business, how we manage data, how we manage employees.

So if your organization hasn’t started thinking about this yet, this might be a really good time to get on board. One of the big conversations we have with these businesses is about device and data ownership. And, in the COVID pandemic, hundreds of thousands of people have shifted to working from home. And the reality is, is that many businesses weren’t prepared for this. So they set up this quasi remote desktop system where people were leaving their work device in the office, and then they were going home and using a personal laptop or desktop. And hopefully they’re connecting in through a secure VPN connection. But the reality is, is that as soon as we create that VPN, or we allow people to connect from home on a personal device, we as an organization, as a business owner have potentially lost a level of control that you had when it was on the company device. What’s stopping them from copying information to their local device to save store work on it. Those kinds of activities may start from a place of good intention, but if something were to change in that person’s employment, how do you know that that personal device is properly wiped or clear?

When will they work? You know, this is one of those big shifts where traditionally the way that most businesses measured the contribution or the productivity of their people was to have them sit in a certain chair for eight hours a day. And now we’re seeing that that eight hour Workday is being stretched into a 12 or a 14 hour workday. And it’s not that they’re working that whole time, but maybe they have to take two hours out of the day to deal with, childcare or running errands or supporting somebody else who’s also juggling with a work from home routine. And so this means that access to your technology, to your resources is going to change where you used to understand when people were working and where they were working and what kind of information they had access to you potentially now are opening it up where people are working in less supervised environments. And so you may have to rethink some of your alerts and monitors and controls around the time of day that people have access to the network.

Of course, many businesses believe that the cloud is the answer to all of their problems, that if they just migrate from an on premise server into a cloud environment, that they don’t need as much IT help. And I would agree that there are certain aspects that your IT person isn’t going to be working as much on keeping your applications up and running, but it presents an entirely new set of risks and challenges around managing access to data, managing employees, who has access when they’re terminated, those types of things. And it goes back to the who owns that device question. If we have a distributed workforce and they’re using things like OneDrive for business to share files, if we don’t have the ability to remotely lock and wipe, and we don’t have drive encryption on those, on those remote devices, we present a whole new level of risk to the organization.

So moving to the cloud actually adds a lot of complexity that needs to be thought out, and you need to consider how you can manage all of these different cloud environments, as opposed to how do you manage a single on premise server.

Who else is looking or listening? is one of those interesting questions that I think a lot of businesses haven’t quite solved yet. I had a video call recently with, one of my referral partners. And it was interesting because we were sitting having a great conversation. We were talking about clients, we were talking about ways that we could work together and midway through the conversation. Somebody else got up from a couch nearby that I wasn’t able to see and walked across the room into another area. And it really got me thinking that if our conversation been confidential in nature. How would I have known that that person was there? And this is particularly important as a business owner, if your staff, your employees are working from home, if you deal with personally identifiable information, financial information, any kinds of designs or engineering drawings, or, intellectual property, when your people are working in some place other than a controlled environment like your office, you might need to update your policies to include things that say, your staff need to be working in a private, secure room. Nobody else is going to be in the vicinity to listen to conversations. Nobody else will be allowed to see the screen or access the device that you’re using because we no longer have control over that. And so you need to have it in policy so that you can enforce it. And really what this all comes down to is not just technology risk, but organizational risk.

We have seen time and time again, that those businesses who choose to ignore shifts in technology, in business, over time see a decline in their business operations. Whereas those who thoughtfully adopt new technologies and new methods and new ways of approaching business can see growth.

Now, I’m not suggesting that technology is the solution for all of these problems, but we need to be considering what are the possibilities. If you were to have people working from home, does that mean in that you can recruit from a wider population instead of limiting yourself to the 30 minute drive of your office? What about taking on new clients? Can you engage with them in other areas as well? So there’s a lot of opportunity here. And if we think about it and plan for it, hopefully we can latch onto it.

I’m going to just talk really quickly about how we help businesses approach this problem. And it’s something that we call our I.T. Master Plan Process. And what this is meant to do is to really be ingrained into your business planning process. And the thing that I described to clients all the time is I say that technology is a core pillar of business, just like HR, and finance, and marketing and sales, and operations. So if we think about it that way, when you’re sitting at the boardroom table and you’re going to lay out a plan for the next one, three, five years, you would have representatives from all of those departments on hand. Well, what about technology? How do we get them into the room?

And we recognize that inviting your IT provider in to sit in those meetings may not always work if you’re going to be discussing sensitive HR or financial issues. So what we’ve done is we’ve developed a process that we can use to walk our clients through this on an ongoing basis.

It all starts with what we call a strategy workshop. And this is something that we’ve designed that takes an hour to two hours. And what it’s focused on is understanding your specific business goals and business challenges. And we’re not just talking about technology challenges or technology goals, but truly business goals. What are your goals in sales? What are your goals in operations? What are the things that are stopping you from getting there? And the last bit is how you want to apply technology to solving those problems.

Our next step is to, to do an ongoing and in depth technology review to understand where are you today? Where are the strengths? Where are the weaknesses? Where are the opportunities, where are the threats within your technology environment?

And the part that makes this really unique for us and our clients is that we don’t just run back with recommendations from here. What we do is we look at those areas that can be improved and we very thoughtfully consider whether they support a business goal or help solve a business challenge. And if they’re aligned with the technology capacity or desire within the business. And so what this does is it makes sure that everybody that’s on our team, working on our client’s behalf, understand that technology is not here just for technology sake. It’s here for the business. It’s here for those things that we’ve talked about already.

The next thing that we do is what’s called a collaborative review. So we don’t sell products to our clients. We make recommendations that are designed to support those things we’ve already talked about within the business and our clients then have the opportunity to prioritize which ones they want to implement, which ones they want to scrap off the list, and which ones need to be done right away.

And this is a, I mentioned different approach because it’s all about prioritization with our clients in alignment with them. Inevitably, there will be things that are approved. We’ll go through, we’ll deploy them. We’ll document them. We’ll make sure that they’re all set up with industry best practices and standards, and that they can be readily supported. And then this becomes the blueprint for how we engage on an ongoing basis.

So if we think back to the previous slide where we started talking about this shift to remote work well, because we have an ongoing cadence of going through this process and realigning our business goals. I can tell you that through COVID our clients have changed their objectives, our recommendations have changed, and we are all working to align ourselves with what that new end of 2021 reality might look like.

So again, my name is Jesse Hill. I’m the president of Tier 3 I.T. Solutions. We believe technology should support your business goals. It should help solve your business challenges. And no two strategies are the same.

I hope you enjoyed the content today. If you have any questions, please reach out to me. We’d love to chat and get to know you a little bit better. Thanks a lot. Have a great day.