Accountability Through Automation: An Interview with IT Director Luke Bragg (Part 2)

Are driverless cars a pending threat?
Ryenn Gaebler Client Success

By Client Success Manager Ryenn Gaebler

How do businesses rise to the top in an ever-evolving global economy? A growth mindset combined with the right tools is the first step to developing a business that will stand out in the marketplace.

But what part does technology play in business growth and scalability? I talked with Anderson Technologies’ IT Director Luke Bragg about what scalable technology and automation can do for growing companies—as well as the vulnerabilities to be aware of when implementing new technologies.

Earlier we talked about clients who are resistant to implementing new technologies like AI and automation. Is this still a trend?

There are two major factors. One: A lot more breaches are making the news now, either because of the amount of people and data affected or the amount of money that’s been lost. Because of that visibility, there’s starting to be more pushback on vendors and developers to have standards of security when they roll products to market. We’re also seeing massive shifts in how the threats are deployed, like supply line vendors being targeted. Those types of attacks are pushing companies to vet their stuff better and have better security in place.

Two: We have this phenomenal ecosystem of the internet where everything is cloud-based, and COVID really accelerated that. Business owners who had been hesitant about the cloud suddenly had people working from home, and the cloud became the more convenient option to manage all the moving parts.

It’s not just about maintaining the status quo.” – IT Director Luke Bragg

It’s not just about maintaining the status quo. It can help elevate a company to the next level, to get attention, and open up new revenue streams that they couldn’t access before.

What other innovations are pushing business cybersecurity forward?

I think there’s a lot of cool technology that went to market where the security was little more than an afterthought. IoT [Internet of Things] devices come to mind. How many companies are pumping out “smart” thermostats, cameras, and doorbells with a Wi-Fi connection? They might have subcontracted the actual hardware to developers, but who’s vetting the security? I’m hopeful that insurance companies, now out billions of dollars in claims, are going to start holding some of them accountable.

Consider products like Tesla’s self-driving cars. Are we going to have antivirus software for our cars? We have to start thinking about that. It’s understandable that somebody gets a revolutionary idea, and it becomes a time game of getting the idea to market before the next guy figures out how to do it and beats you to it. But you don’t hear most companies talking much about security. 

From the cybersecurity mindset, I’m thinking, ‘Okay, this object is internet connected, or I can start my car from my phone, but how secure really is this?'” – IT Director Luke Bragg

How do automated cybersecurity tools fit into this new, connected business ecosystem?

Automation is a massive key to scalability. For a 5- or 10-person business, it’s not a problem to walk around manually and check computers to make sure they’ve got appropriate protections. It’s very different for a client with 50-100 users. Some of our clients have close to 700 users, and it’s even more a headache for clients that have multiple locations that aren’t in one geographical spot.

That’s the key with cybersecurity automation like email security: you have to be able to scale it. There’s a point where you—the in-person team—are not going to be able to control it manually, and that point comes quickly.

With HIPAA, you’ve got to have a specific password policy with set parameters like character complexity and how often users have to change it. And then because of sensitive data that can be on your screen, your screen needs to lock after a certain amount of time if you walk away.

Are you going to have someone manually check each machine on a routine schedule? Or are you going to utilize automation tools that allow you to remotely enforce those policies?

We can enforce security policies across all devices, no matter whether users are sitting at home or in the office. Literally click a few buttons and we can push that update for them, provide the documentation to prove what’s enforced, and even have automated policies that if you detect a device on the business network that doesn’t have this protection, it’s applied automatically.

What should business owners consider when implementing smart technologies like IoT devices in their businesses?

Ask questions. What independent tests and studies did the manufacturer do to vet their software to make sure it was secure? It should be tested by other industry standards. If there’s a breach, [a business owner] needs to be able to say, “Here’s our process; here’s the proof of why we’ve made that decision.”

For our clients, Anderson Technologies partners with an MSSP (managed security service provider) that has 24/7 eyes on our systems. Anything we onboard clients with, their 24/7 operation is monitoring. It’s our eyes, plus them 24/7, plus another layer from the vendor itself. If there’s a breach, every second counts.

That’s a lot of work for business owners, and a lot of effort just to stay safe. Are breaches really that common for small businesses?

Yes, we had an attempt earlier today! Just this morning, there was one full-blown phishing email that went to our accounting team. Anderson Technologies uses normal email filtering for things like spam, but we also have an additional AI-driven email filter. It’s pretty incredible because it’s not just looking at the content of the email; it’s looking at where linked URLs go, or if the sender’s email is slightly different from what it should be. The AI filter identified the phishing email and searched our internal inboxes to see if anybody else got it and removed it if so. AI is doing some of the footwork that, normally, you’d have to rely on the end user to be keen enough to not click on or respond to something that might be suspicious.

Miss part one of this interview with IT Director Luke Bragg? Luke talks Compliance, Automation, and More

Are you ready to work with a trusted IT partner who will bring protection and monitoring to your network? We want to help your business grow and scale—and bring the right tools to do the job. Give us a call or an email now. There’s no better time.