“Don’t overwork yourself!”, With Jason Remilard and Mike Potter of Rewind

The first one is widely accepted but rarely utilized; ensure any and everyone who is touching a piece of software is using a unique complex password. People end up skipping this step because they don’t want to end up managing dozens of passwords. And I understand, I don’t either. It’s what makes having a password […]

Thrive invites voices from many spheres to share their perspectives on our Community platform. Community stories are not commissioned by our editorial team, and opinions expressed by Community contributors do not reflect the opinions of Thrive or its employees. More information on our Community guidelines is available here.

The first one is widely accepted but rarely utilized; ensure any and everyone who is touching a piece of software is using a unique complex password. People end up skipping this step because they don’t want to end up managing dozens of passwords. And I understand, I don’t either. It’s what makes having a password manager so vital. We use 1Password in our organization but there are others. These tools do all the heavy lifting, so you can have intricate logins, without committing them to memory or having a bunch scribbled down — which isn’t secure either.

It has been said that the currency of the modern world is not gold, but information. If that is true, then nearly every business is storing financial information, emails, and other private information that can be invaluable to cybercriminals or other nefarious actors. What is every business required to do to protect its customers’ and clients’ private information?

As a part of our series about “Five Things Every Business Needs To Know About Storing and Protecting Their Customers’ Information”, I had the pleasure of interviewing Mike Potter, co-founder and CEO of Rewind, a cloud data backup provider. Rewind is trusted by over 80,000 businesses to protect their data on platforms such as BigCommerce, Shopify and QuickBooks. A veteran entrepreneur, Mike has over 25 years of experience building solutions for the software, cloud and data analytics space, including tenures at Adobe and Mozilla. He earned his MBA from the University of Ottawa and his B.Eng in Mechanical Engineering from McMaster University. Mike currently resides in Ottawa, Canada.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I grew up in the suburbs of Ottawa, Canada. My dad was always involved in all the sports that we did, either as a coach or assistant. I have two very active parents, and so physical activity and team sports was always a big part of my life. Typical kids sports including baseball, soccer, hockey and going into high school I got more into curling, eventually playing competitively.

I remember talking to my mom on the verge of finishing high school saying, “I don’t know what to do. I just know I don’t want a job where I’m just sitting around all day at a desk. That just doesn’t appeal to me.” And she said, “You should be an engineer because they are out in the plant, or out in the field, or wherever they are. They’re not really sitting at desks a lot.” So I pursued that which turned out to be a great idea. An education in engineering is very useful. You learn science and math, which were subjects I was good at and that I liked. But the most important thing it taught me was how to approach problem-solving.

I had a professor who I still think about. He really taught me how to think. We were working on heat exchangers one day and he presented a problem, with me quickly giving back an answer. He paused for a bit and said, “Just think about that for a second. The answer you’re giving doesn’t make any sense. You have to think about the answer before you give it to me”.

At the end of the day, that’s what engineering teaches you, how to think and problem solve.

Ironically though, I’m now sitting at a desk all day!

Is there a particular story that inspired you to pursue your particular career path? We’d love to hear it.

I think becoming an entrepreneur was always reinforced by my dad. As in, If you want to control your own destiny, the only way you can do that is by starting your own business. And he encouraged me a lot when I was growing up. I remember him when I was in high school saying things like, “Why don’t you get a cart together or a cooler, and try to sell cold drinks to people on their office break?”. He was always coming up with ideas of businesses that I could start.

And then, when I was in second-year university, I had no job. I sent out dozens of mailed applications because that’s what you used to do back then. And I got so many rejection letters, I covered an entire wall in my bedroom with them. So instead of getting a job, I started a business called Internet at Home, which is basically teaching people how to use the internet in their house. It was the start of my journey into entrepreneurship.

Can you share the most interesting story that happened to you since you began your career?

In 1997, I had a job at a mechanical engineering plant called Stackpole, the company’s still around, and they made transmission parts out of powdered metal. You would take the powdered metal, and place it inside really, really hot furnaces. The powder then turns into steel. And the steel would go on to become transmissions for GM, and Ford, and the big three.

And so, I’d spend my days working with this old, dirty technology. The machinery dated backed to the 1930s. And then at night, I would go home and I’d work on my website which was a curling website called InTheHack.com. This was at the turn of the millennium when the internet was giving birth to the newest technology that you could possibly imagine. I remember when Microsoft Internet Explorer first could play sound, and the pure excitement I felt thinking “Oh my God, this is amazing.”

And so my days were filled with this real juxtaposition of old and cutting edge. And it was funny because I was going through school for mechanical engineering and I kept thinking, “None of me wants to do this.” And I knew right then that the mechanical engineering degree I’d gotten was going to become useless. The nexus of entrepreneurship and technology was where my energy and attention was being pulled.

None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?

There are so many people that help you to build a business. That notion of “it takes a village” is just so incredibly true. And support just comes in so many different ways, whether it’s advice, or somebody just emailing you on a crappy day to provide some encouragement. And those gestures really fuel the fire to keep going.

But I think Alex Rink, who’s been an advisor for over 2 years and an early investor, is the one who helped this company just turn the page. I don’t know what the right word is but he helped bring Rewind to a different level. This company would not be where it’s at without his advice and his insight.

Are you working on any exciting new projects now? How do you think that will help people?

I truly believe that Rewind is on the precipice of doing something special. Not just for businesses but for society at large. 2020 turned the world upside down but it also accelerated a trend which had already been happening — the large scale adoption of moving data online. The business community has been relying on the web for over two decades now but the sea change I see is with all the traditional institutions society relies on. Industries like Construction, Healthcare, Education, Transportation & Logistics and Governments are now all-embracing cloud computing and SaaS at a rampant pace. This means SaaS tools could soon be the operational foundation of our economy and society at large.

However, none of these institutions likely realize the inherent risks of using cloud computing when it comes to protecting the trillion and trillions of data points they will rely on every day. All these risks are manageable, but still, need to be addressed. All this to say, our mission at Rewind is to “Protect the Cloud” and many of the projects we are working on in 2021 are the first steps towards fulfilling this mission.

What advice would you give to your colleagues to help them to thrive and not “burn out”?

Don’t overwork yourself! Boundaries are critical. Working 40 hours is plenty if you are focused and committed to doing your best work. Working 60-hour work weeks is not sustainable for the long haul, and it often isn’t your best work. Step away from the grind enough to let your brain rest so you can be at your best when it is time to dive back in. Allow yourself the time you need to keep your relationships with family and friends strong — they will be the ones who get you through the most difficult career obstacles and are the foundation of your continued success.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. Privacy regulation and rights have been changing across the world in recent years. Nearly every business collects some financial information, emails, etc, about their clients and customers. For the benefit of our readers, can you help articulate what the legal requirements are for a business to protect its customers’ and clients’ private information?

The legal requirements for a business to protect private information changes depending on what country your customers live in. Every continent, country and sometimes an individual state, is trying to understand the importance of the information that’s being requested or that’s being tracked. Europe has the GDPR, Canada has the PIPA Act, and California has a new privacy act because the US hasn’t done anything at a federal level.

And it’s a continually evolving landscape, as the sheer volume of data that is being collected continues to grow. More countries will enact laws and regulations that will require businesses to protect private information. I don’t see that changing or going away.

Beyond the legal requirements, is there a prudent ‘best practice’? Should customer information be destroyed at a certain point?

I would say any information that you have that isn’t useful to your business, should be destroyed. And not just customer information. I don’t think there’s a difference between customer information and anything else. If you have no use for that information, then there’s no point in keeping it around.

It’s so easy to create data these days that everybody’s collecting and logging it. But if you’re not going to do anything with that information, get rid of it. Businesses simply do it because it’s now so cheap and easy to capture information.

I would say a prudent best practice is to follow that policy of least privilege and apply that to data. Which would be only to maintain and only keep the data that you need in order to abide by all your legal requirements, and to run your business.

In the face of this changing landscape, how has your data retention policy evolved over the years?

We retain the data that’s needed to run our service and ensure that we provide the information that customers need about their backups. We’ve learned from customers what pieces of information that we needed and started storing these pieces of information for longer periods of time.

Are you able to tell our readers a bit about your specific policies about data retention? How do you store data? What type of data is stored or is not? Is there a length to how long data is stored?

With software across multiple platforms and continents, we have various policies for data retention depending on the type of data being stored. We store encrypted data in our AWS cloud for varying degrees of time depending on the data. All policies are structured with privacy and security as the primary concern.

Has any particular legislation related to data privacy, data retention or the like, affected you in recent years? Is there any new or pending legislation that has you worrying about the future?

We anticipate that countries will enact similar legislation to Europe’s GDPR and Canada’s PIPA, and the California Consumer Privacy Act. And we’ve set up our business to reflect that. For example, we can spin up a new region to store data in Australia. If Australia comes around and says, “Oh, all Australian customers have to have their data protected and stored in Australia,” that’s easy for us. It’s literally one variable in a piece of code. We’ve set up our business to anticipate that more countries will have restrictions around where data can be stored and processed, and we’re ready to quickly react to that.

In your opinion have tools matured to help manage data retention practices? Are there any that you’d recommend?

I expect data retention practices will continue to evolve and mature, as will the tools supporting those practices. That said, there are no specific data retention tools I’d recommend offhand. However, how data in the cloud fits in is a key element that many didn’t think about years ago but is now becoming a business priority. Data is no longer just locked in a laptop or on a server. Businesses are finally beginning to understand that they need to proactively protect the data they store in the cloud apps they increasingly rely on to support their business.

There have been some recent well publicized cloud outages and major breaches. Have any of these tempered or affected the way you go about your operations or store information?

Well, I think it just shows that people need to have multiple copies of their data. I think in this case, I would answer this with that 3–2–1 rule of data protection. This rule needs to be applied to the cloud and SaaS data. Every business needs to make sure that any system that you’re using has a backup available to it, and that backup has to be external.

So in other words, you shouldn’t rely on “Software tool X” to backup all the data you’ve put into “Software tool X”, because to follow best practices, it has to be a completely separate system.

Ok, thank you for all of that. Now let’s talk about how to put all of these ideas into practice. Can you please share “Five Things Every Business Needs To Know In Order Properly Store and Protect Their Customers’ Information?” (Please share a story or example for each.)

The best practices for storing and protecting customer data are part of the cultural fabric for Rewind. It’s mandated from day one with new hires. We have a front-row seat to the number of companies who are getting compromised, and the number of parties trying to access private information. And it’s no longer happening to just large international brands. Companies of all sizes are embracing online tools at a rampant pace, but lack the rigor around putting proper protection systems in place.

In our company, we have five pillars that we follow for best practices. Some elements are more involved than others but they provide the most complete framework for protecting customer data. And any businesses who utilize online software for day-to-day operations should seriously consider adopting them.

The first one is widely accepted but rarely utilized; ensure any and everyone who is touching a piece of software is using a unique complex password. People end up skipping this step because they don’t want to end up managing dozens of passwords. And I understand, I don’t either. It’s what makes having a password manager so vital. We use 1Password in our organization but there are others. These tools do all the heavy lifting, so you can have intricate logins, without committing them to memory or having a bunch scribbled down — which isn’t secure either.

The second is implementing two-factor authentication for your SaaS and cloud programs. Sometimes this security method is referred to as 2FA. It involves having a unique code or sequence sent to a mobile device. And the code is delivered by either text message or by an app on your smartphone. Some even send a push notification to your phone if it’s set up properly. Someone would need your personal or work phone to access a piece of software. No phone, no access.

The first two pillars are the most straightforward and common, but they don’t necessarily offer robust protection. And the reason is that most online software tools don’t have complete backups of data. Without getting too technical all the data you put in the cloud is lumped together with all the other thousands, sometimes millions of users. So even if tools like Shopify, QuickBooksOnline, Zendesk, or Trello wanted to locate your data, from their end, they could NOT discern or isolate your data even if they wanted to. It’s the analogy of “a needle in a haystack” coming to life. Except your data is in a field of haystacks.

Our own 2020 Data Protection Survey found that human error and third-party applications are two of the biggest causes of data loss. So you need strategies to protect your business and customers against these risks. This brings us to the third pillar, which is to restrict access privileges for every user. This means only let employees or contractors access the areas which are essential to their work. It’s often called “The Principle of Least Privilege” and we follow it religiously. For example, our customer success manager can’t access our website code. You can even give temporary access to certain areas, and revoke them later.

The next pillar is to audit all the integrations and third-party applications you are using. This is not a small job, but it will definitely be an eye-opening experience. We often advise clients to read the terms and conditions for many of the apps they rely on. They are often surprised by the level of access and control certain applications have. Some can change or even delete data as they see fit.

Audit everything once a year and ensure these apps are providing more value than the risk of using them. Use the same due diligence for new installations. Read all the reviews, as they will tell you a lot. Here is a guide we wrote for best practices on evaluating apps.

Finally, the fifth pillar is to have a backup strategy in place. This does not mean saving data to a hard drive, but a system for replacing data that is lost or compromised. It’s not as easy as one might think. Businesses are often creating more data than they realize and we have seen companies take days, sometimes weeks to restore everything manually.

We recommend having a backup software in place, which is not the same as having all the files in separate cloud storage. Backup software allows you to automatically restore your data, bringing everything back to the last saved iteration. You can have one built for each piece of software but this can be an expensive proposition; both to create and maintain. The other option is to buy a Backup-as-a-Service solution. Due diligence is required though — as you want to ensure your data and your customer’s data is truly being protected by a reputable company.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂 (Think, simple, fast, effective and something everyone can do!)

Businesses and their leaders need to realize that the notion of working all the time is not healthy. A simple thing we can all do is respect working 40 hours a week. I enjoy work, but I do recognize that in so many cases if you keep working on a problem, you just get burnt out. Your brain stops working. You can’t think outside the box. And you need that creativity. In order to solve problems, you need to refresh yourself and take time off to get away from work.

How can our readers further follow your work online?

I am most active on Twitter @mikepotter

This was very inspiring and informative. Thank you so much for the time you spent with this interview!

    You might also like...

    how to position yourself

    How to Position Yourself to Win in Business

    by Noah St. John
    Getty Images
    Work Smarter//

    How to Deal With Problematic Interactions In the Workplace

    by Robert C. Ciampi, LCSW

    Scott Nelson On How We Need To Adjust To The Future Of Work

    by Karen Mangia
    We use cookies on our site to give you the best experience possible. By continuing to browse the site, you agree to this use. For more information on how we use cookies, see our Privacy Policy.