Know that EVERYONE is a target. Large, enterprises are an obvious target due to the payout possibilities, however small and medium-sized businesses (SMBs) are uniquely susceptible to cybersecurity threats. This is because they often lack the resources of larger enterprises to invest in more sophisticated and comprehensive solutions. COVID-19 has only made it worse, leading to a spike in global cyberattacks since the start of the pandemic.
As a part of our series about “5 Things You Need To Know To Tighten Up Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Newt Higman, National Director, Managed IT Services for Sharp Electronics Corporation. He has over 20 years of experience in Managed IT Infrastructure Services developing new business and expanding operations to record levels.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
I grew up in a typical middle-class home in Alabama. My father was a pharmacist and my mom served as the cashier for our family-owned pharmacy. In fact, the entire family served in some capacity in the family business. Most days consisted of school, some type of sport in the afternoon and then helping at the family pharmacy until 7 PM every day. After graduating from high school, I transitioned to college at Auburn University and started my career in 1990. Without question, a lot of my attributes were formed during the early years of learning how to balance daily obligations and the importance of serving the people in my community. Of course, the community I serve today stretches from coast-to-coast and is much larger; however, the core principles and approach are the same as the lessons I learned from my parents in our family business.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
I don’t believe there is one story that inspired me to pursue this career. I would say it was multiple stories that occurred in the early days of starting my own IT Services business in 2010. Like many MSPs, my business focused on small and midsize clients. Our offering concentrated primarily on the typical set of services for supporting the daily IT needs of our clients. We quickly discovered many of our new customers were failing in the area of basic IT security best practices, so I quickly shifted our focus to this area of opportunity and revamped our value proposition to concentrate on cybersecurity. Our team was able to convert the technical details into a simple business conversation with our clients. This has been the approach I continue to practice today, even as technology continues to evolve and new solutions come to market. The inspiration comes from hearing how we have helped protect a customer by making complex challenges more understandable and making scalable solutions available.
None of us can achieve success without help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
I’ve been very fortunate to work with a lot of very talented people along the way, it’s very hard to select one person. I’m grateful for every person and feel all them have played a role in shaping my career along the way, mainly because I’ve always tried to surround myself with teammates that are more talented than me. I believe this is an area I’ve always excelled, aligning myself with a diverse group of talented teammates.
As for my career in general, clearly my wife has been the one person that has helped me the most over the past 26 years. I would not have been able to achieve any of the career accomplishments without her help in managing our family of four kids and eight relocations across the country. It’s been an amazing journey that we’ve shared together.
Are you working on any exciting new projects now? How do you think that will help people?
Our most exciting project is the effort to support our customers in a work from anywhere environment. The pandemic has posed a new challenge for businesses to maintain productivity and collaboration in a more distributed, remote workforce environment. Our team at Sharp has been actively involved in delivering new collaboration tools for supporting hybrid work strategies and delivering business-grade technology solutions to the home office. Our cloud-based cybersecurity services will keep workflow moving wherever the customer may be working and will help all our clients navigate this unique and challenging period securely.
What advice would you give to your colleagues to help them to thrive and not “burn out”?
My advice is simple, keep a healthy balance between work and family. Make sure your work calendar includes the time commitments to your loved ones — e.g. school meetings, athletic events for your children, dates with your spouse and time with parents. The career becomes far more rewarding when the balance exists between work and home.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?
I’m most excited about a number of things, including the evolution of endpoint protection over the last 12-months and an increased emphasis on properly training end-users of today’s risk factors, such as sophisticated phishing and social engineering threats. We’ve come a long way and improved public awareness in general as it pertains to cybersecurity.
Also, the collaboration between the FBI and other federal agencies to combat the threat from foreign and domestic bad actors has been fantastic.
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?
Clearly, the most recent critical threat involves foreign states exploiting vulnerabilities exposed by the COVID-19 pandemic. Bad actors have increased their efforts in targeting research institutions, universities and healthcare facilities over the past year.
What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?
Sure. We use a combination of remote monitoring, virus and malware protection, backup and disaster recovery and security awareness training.
Remote Monitoring — Patching and system updates are detected before they become major problems
Virus & Malware Protection — Advanced detection for malware, ransomware, phishing, and more
Backup and Disaster Recovery — ensures business continuity by backing up and protecting emails, documents, and systems
Security Awareness Training — Simulate phishing attacks and enroll employees in comprehensive training
How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter” software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?
Many businesses with limited resources and increasing complexity are leveraging managed service providers or MSPs to help. Sharp recently conducted a survey that found 90% of small and medium sized businesses use or plan to use an MSP today, as most believe that they could be a better job at juggling cybersecurity protection.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?
Once a bad actor has access to your network, you may never even notice that anything is amiss. They often sit dormant, watch your behaviors and then use what they have learned to craft the best way to attack. This is why proactive strategies are the most effective.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
Align with a partner that follows the NIST cybersecurity framework to prevent, detect, and respond to attacks. The framework provides a high-level model of cybersecurity outcomes and the methodology to assess and manage each outcome.
What are the most common data security and cybersecurity mistakes you have seen companies make?
Our research found that the top three most commonly reported factors contributing to security incidents were human error by end-users, the inability of IT resources to keep up with their workloads, and a lack of organizational understanding of cybersecurity risk.
Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?
Absolutely. As more employees work from home due to the pandemic, cybercriminals are taking advantage of lax security practices. Companies must increase security measures to protect the individual and the enterprise. They must make sure that employees are patching and updating machines, using secured networks or a VPN and make sure that if they have to access private company data, it is done so on a company device.
Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)
- Ensure you have multi-layered protection to secure all aspects of your business. A network risk assessment can help you uncover gaps in your cybersecurity.
- Train, train, train your employees. Hackers rely on using tactics such as phishing to trick your employees into giving them access to your network — and they are only getting better at it.
- Have an incident response plan. Just like you would have an evacuation plan in the event of an emergency, you need an incident response plan that details every step your business must take in the event of a breach.
- Know that EVERYONE is a target. Large, enterprises are an obvious target due to the payout possibilities, however small and medium-sized businesses (SMBs) are uniquely susceptible to cybersecurity threats. This is because they often lack the resources of larger enterprises to invest in more sophisticated and comprehensive solutions. COVID-19 has only made it worse, leading to a spike in global cyberattacks since the start of the pandemic.
- Know that you are not on your own. If your IT department is strapped for resources, enlist a Managed Service Provider (MSP). Actually, Sharp recently conducted a survey that found 90% of small and medium sized businesses use or plan to use an MSP today. Partnering with MSP is more affordable than you may think, especially when compared to cost of cyberattack.
This was very inspiring and informative. Thank you so much for the time you spent with this interview!