IT protection paramount
Tech world focuses on prevention, disaster recovery plans as cyberattacks mount.
Gary Lutz has his mind in the clouds and his feet on the ground these days.
As president of Coopersville-based strategy and consulting firm IT Resource Inc., Lutz has watched as companies shift to cloud-based solutions for data storage versus on-site physical servers — and it is his firm’s job to layer on protections to outsmart cyberattackers.
“For organizations that already have an IT team or IT individual, we add value to what that team or organization cannot do,” he said. “It may be in projects, higher-level engineering services such as migration, cloud strategy and particularly in disaster recovery. We have provided that for many organizations, including banks and financial organizations.”
Users of social media sites, such as Instagram and Facebook, and users of content creation and storage platforms, like Google Docs or Dropbox, may already be familiar with how the cloud works — as a network of services that store information so it is accessible anywhere.
But most companies needing to protect sensitive information and intellectual property use private cloud services geared toward businesses.
Lutz said IT Resource recommends private cloud hosting, or products such as Microsoft Office 365 and OneDrive, through which clients can have cloud-based email, word processing and a suite of tools for a variety of work functions with enhanced security features.
“We have selected the cloud hosting solutions that allows us to layer protections on top, because (clients’) most important asset is their data and information. We have to protect their intellectual property,” he said.
Lutz’s company, which has customers “in every vertical and every industry” in West Michigan and eight other states, does not stop at email, mobile and physical security; it helps organizations have a big-picture plan for dealing with cybersecurity risks.
“Cyberattacks are probably one of the biggest threats right now to organizations, and having a well-constructed disaster recovery plan allows your organization to keep on running if a threat occurs,” he said.
Disaster recovery refers to a protection plan — what to do to prevent attacks and how to respond if they happen anyway.
“Disaster recovery is a solution that protects your business information and your customer information from any sort of security risk or interruption at any time,” Lutz said.
“It’s not a product; it’s not a piece of software. It is a full plan that is put in place for the protection of your organization. It may include software, it may include hardware and it may include a strategy plan for what to do when something happens.”
Part of that plan includes training employees in safe computing to prevent attacks.
“Security protection is not only the responsibility of IT; everyone in the organization is responsible, and every employee has to know what to do,” he said. “Knowing how to recognize the risks and avoid them is equally or more important than the traditional things people think of, such as firewalls, antivirus software and those types of solutions.”
He cited phishing scams, wire fraud and ransomware as three of the most common threats employees need to learn about.
Lutz said he currently is writing a paper on ransomware threats for the Michigan Small Business Development Center (MI-SBDC), which has a program called Small Business, Big Threat to help organizations understand cybersecurity risks.
“Ransomware is a threat where, if it gets into your system, it encrypts all of your data, all of your files, all of your information, and it holds it for ransom,” Lutz said. “If you get hit with ransomware, the hope of the bad guys is that you would pay them to get your data back.
“Prevention starts with the education of the staff, because ransomware (is triggered by) the action of a staff member. They click something or hit something, and it gets into the system.”
Zara Smith, strategic programs manager at the MI-SBDC, said the Small Business, Big Threat initiative uses white papers like the one Lutz’s firm will share, along with assessments, to help businesses understand how at-risk they are.
“(Small Business, Big Threat) focuses on the fact small businesses are very vulnerable to cyberthreat, yet some of them are not aware of how vulnerable they are and how acute the threat is,” she said.
“Sixty percent of small companies tend to go out of business or suffer very much within six months of a hack.”
Keith Brophy, state director for the MI-SBDC, compares the training to fire drills.
“An analogy is small businesses and the risk of fire,” he said. “You have fire insurance … but you also take safety steps to avoid practices that could lead to cyberattacks.”
Lutz said his company focuses on prevention so much because they are aware of the costly nature of recovery after an attack.
“The risks are great, the risks are real, and to get hit by ransomware or wire transfer fraud takes a considerable amount of time, effort and money to resolve.”
He said in addition to helping companies educate their workforce, IT Resource has partnered with clients to educate their customers.
“We have been providing security awareness and technology training, co-developed with our banking partners, on ways to educate their customers on safe computing,” Lutz said. “If they’re aware, they’re less likely to get caught up in a scam or wire transfer fraud. We have been providing those services at no cost in conjunction with our financial clients.
“It includes general practices of password protection, how to shield yourself from a security threat using very simple techniques of protecting your systems, complex passwords and understanding when a ransomware or phishing attempt is happening.
“It’s a great way to get security awareness out there in a safe way.”