More than a third of employees are anticipated to work remotely or in a hybrid model by 2022. Cyber threats are becoming increasingly prevalent for businesses of all sizes, and as more employees work off-premises, the security threat is even greater. The tremendous cost of dealing with a cyberattack after it has occurred is a growing concern among small businesses.
Watch experts from Lenovo discuss:
- The changing working environment and its impact on security
- How small businesses can protect their most sensitive information in a hybrid work model
- Emerging features and solutions that are seeing strong adoption
Mary-Anne Meera...: Good morning everyone. And thank you for joining us today. My name is Mary-Anne Meerasabeer, and I am a Program Specialist at the World Trade Center, Toronto. Welcome to the latest installment of our RAP webcast series, a series that wouldn't be possible without the support of our Scale-Up Institute Toronto Sponsor Innovate Cities, our op sponsors Cisco Design, Rogers For Business, Scotiabank, Lenovo, and Xero, and funding from the government of Canada and government of Ontario, as well as partnerships with the board's principal sponsors, The Globe and Mail, Scotiabank, and the University of Toronto.
Now some notes right off the top. If your video is lagging or freezes, there is another stream that can be accessed by clicking the switch stream button on the right side of your screen. For any other technical issues, click Request Help in the bottom right corner of your screen and someone will be in touch. Now, to submit any questions at any point, please click the Questions tab. And finally, a recording of this webcast will be available on supportbusiness.bot.com.
Now, before we dive into today's important discussion, I'd like to tell you about the Toronto Region Board of Trades Recovery Activation Program, otherwise known as RAP and why you should participate. RAP is an immersive program for Ontario businesses who are not only looking to weather the pandemic, but to emerge from it even stronger than before.
Through online workshops and personalized mentorship sessions with industry experts, RAP has helped over 1700 Ontario businesses in over 30 industries adapt digitally, stay in business, and build a reliable path towards future growth. And if you are wondering how to get started, it's easy. All you have to do is visit rap.bot.com and take your digital needs assessment. It takes about 20 minutes to complete and asses the digital maturity of your business and how it ranks relative to your industry.
The best part is thanks to the support of our business and government partners, there is no cost to participate in any RAP programming for businesses across Ontario. So I strongly encourage you to join over 1700 business that have benefited from RAP by visiting rap.bot.com.
Additionally, in collaboration with Lenovo, RAP has recently launched the Lenovo Digital Transformation Grant. Yes, an initiative that will award $10,000 to 10 women, or BIPOC small business owners and leaders that will help them unlock the potential of their business by investing in digital transformation.
We encourage you to apply for grant funding by January 10th. If you are an eligible RAP applicant, a woman, or a BIPOC small business owner or a leader who has completed a RAP stream, so a digital blueprint program or a digital certificate program.
In order to complete the application, you'll just need to provide answers to three open-ended questions, as well as some eligibility information. A link to the grant will be shared by email after this event, so check it out.
Now onto today's program. I'm excited to introduce our brilliant moderator, Bernie Uche, Consulting Director at People.ai and co-founder of BlackMINT.io will be leading us and our panel of experts through today's discussion. An experienced customer-focused technology advisor, Bernie Uche has worked with companies such as CDW, Google, IBM, and now with People.ai. He's also a teacher of digital transformation at George Brown College's Continuing Studies Program, as well as the co-founder of Black Mentorship in Technology, a nonprofit that aims to improve technology awareness and increase black participation in the technology sector. It's so great to have you here with us today, Bernie.
Bernie Uche: Mary-Anne, thanks so much for the introduction. Really, really appreciate it. I'm really excited to be here and excited to begin today's program by introducing our panel of experts. So with us today from Lenovo is Thorsten Stremlau, Chief Technologist for Lenovo Commercial Portfolio.
Thorsten is passionate about technology and helps Lenovo blend current and future technologies into its product development processes while also leading innovation for the security capabilities of the company's commercial products. Thorsten has dedicated his career to identifying and implementing IT solutions for Lenovo's customers. He has worked for both IBM and Lenovo for nearly 25 years, helping thousands of customers digitally transform their environments. Thorsten holds a bachelor's degree in industrial manufacturing, finance, and electrical engineering.
Next up we have Jitan Patel, National Director of Sales for small and medium size businesses, SMB at Lenovo. Jitan oversees the Canadian small and medium sized businesses team across the country for all Lenovo commercial products. In his role, he works closely with marketing, program, and product departments to ensure Lenovo partners and customers are taking advantage of the company's various offerings and assisting them with their day to day business challenges.
With over 18 years of experience, Jitan's held operations, product management, and management positions at IBM and Lenovo. He holds a bachelor of commerce degree from the University of Guelph with a major in marketing management and a minor in computer science.
Thank you all so much for joining us. Welcome Jitan. Welcome Thorsten.
Thorsten Streml...: Thanks a lot, Bernie. Great to be here.
Jitan Patel: Thanks Bernie. Also great to be here too.
Bernie Uche: Awesome. Awesome. So let's dive right in. We all know that come companies around the globe today have shifted to remote and hybrid working models for reasons that we don't need to dive into. We're all aware of what's been going on in the world. But the pandemic itself has shifted strategies for businesses, caused many companies to transition from what used to be an offer-centric work culture to let's say more flexible ways of working. And more than a third of employees are anticipated to work remotely or in a hybrid model in 2022. In fact, many employees are demanding that type of flexibility from their companies.
So with more and more people working from home, the incidence of cyber attack has actually risen significantly amongst businesses of all sizes. Today more than ever businesses rely on their networks, data, and internet connectivity to conduct business. So the tremendous cost of dealing with a cyber attack after it has occurred is now a growing concern among small businesses.
As a business owner, you might yourself be unsure of how you can prevent or deal with potential cyber threats and protect your most sensitive business information in a remote working environment. That's really what we're here to talk about today. So our discussion is going to be focused on the changing work environment, its impact on security, and innovative ways to prevent and mitigate potential cyber threats with emerging solutions.
Thorsten, let's start with you. We're going to focus on the changing working environments. So as remote working business becomes more prevalent, are there new security vulnerabilities that you think small businesses need to be aware of? And how has the state of security changed over the past two years for small business?
Thorsten Streml...: Thanks Bernie for that question. That's actually a really, really important one. I guess the state of vulnerabilities really hasn't changed. Hackers still see this very much as a very lucrative business. In fact, just like people can invest in the stock market, there are now actually investment opportunities, if you'd like, I'm not saying that you should, but where you can support hacking groups and they'll give you a guaranteed return of investment. You invest 500,000 and after a while they'll pay you back, I don't know, 10% on that investment. So it's actually an investment. So the vulnerabilities haven't changed, but the situation as you alluded to Bernie has very much so.
I kind of classify, well, what happened since just before COVID, then COVID, and now is when COVID first hit and we were all forced to deal with the situation. Working from home, working remotely was something that had to be taken care of relatively quickly. And that was then faced by the situation where, whoa, I don't have the equipment necessary to send all of my employees home, because some of them may have been working desktops. Maybe I didn't have a network connection back from the home location to give them access to all of the resources. So there was this really, really beginning phase, which I call the scrambling phase, which was where businesses were trying to scramble to maintain continuity, to maintain business continuity and be able to do their work while trying to find solutions for their employees.
And by the way, hackers did make use of that very effectively as we moved through, because now all of these devices that are now showing up in home offices basically became the security perimeters, your new security perimeters. Remember in the beginning, everybody was nicely self-contained, behind a firewall in the office and nicely protected. But now all of a sudden, these PCs are maybe sharing a network with your son, daughter, partner, neighbors network or all sorts of other stuff that you may not have full control over. And so the situation definitely changed, and hackers are, as I said, making use of that by all sorts of different things, which we'll probably get into a little bit later on in terms of trying to bypass that security.
And so while, as I said, the security landscape hasn't changed, the tricks that hackers are now employing have certainly changed because, well, they're making use of the fact that as I said, those devices are no longer as protected. Secondly, they're also making use of the fact that Bernie, you're not sitting right next to me. You're very far away from me right now. And so I can't just call over my petition and say, "Bernie, listen, did you get that weird email in? Did Jitan really send that email to you saying it's okay for me to transfer $2,000 to this account?" We don't have that. And again, these are all psychological and situations that hackers are definitely making use of right now.
I hope that answered your question, Bernie.
Bernie Uche: No, absolutely it does. And it makes sense. You don't always think of maybe your son in the next room as a security threat, right? I think that's definitely a point where the landscape has definitely changed. Yeah. So thanks Thorsten for that.
And to that point, while the internet has fostered a tremendous degree of economic growth, I think we can all agree with that, it has introduced profound security risks, some of them that we understand, some of them that we're learning about. Thorsten kind of alluded to. But reports of massive data breaches have become commonplace. And the average cost of such breaches reached record levels last year.
Cyber criminals are focusing on small-medium size businesses as a gateway into larger organizations, which is what Thorsten was talking about. And since these SMB cyber defenses are typically less robust than those of say the larger organizations, it's really something that's pertinent to discuss. And Jitan, I want to turn to you. What are the main pain points that you are hearing from your Canadian SMB customers in this regard?
Jitan Patel: Well, some of the things that I'm hearing from the customer segments that we're, or customer groups that we're talking to is the speed of change has been a struggle for a lot of SMB organizations. We were thrown into this two years ago in the new way of working, and businesses had to adjust extremely fast in the new way of working. People were working from home. Let's face that. There's new network vulnerabilities that Thorsten just talked about earlier.
Hacking has gone up. I think it's something like 11%. There's a hack being done every minute. And I don't think hackers actually care if you're an SME organization or if you're an enterprise organization. They want what's inside your four walls. And it's super important to realize that hackers don't discriminate. And I think it's important that SMBs understand that one rule, is that they're just as vulnerable as the Fortune 500 companies that exist in the world today, too. Hackers aggregate the winnings of all SMB organizations to create a large number that they take away from honest people like us that are trying to create businesses in a successful manner.
So it's super important to pay attention to security within your four walls of your organization. And there's lots of ways, and I'm sure we're going to get into it a little bit earlier into the conversation, or sorry, a little bit later in the conversation. But paying attention to security and making it an important aspect of your organization is extremely important because of the threats that potentially could turn your organization upside down tomorrow.
Bernie Uche: I think that's very well said. You can't escape security. You've got to think about it no matter what size of organization that you are. And especially in the landscape that we're in, it might look different than what you might have known and understood back in the day, which is just two years ago. But it is different. And we have to adjust to that.
And I like the point that you made that hackers don't care. They may not even know at times where you work. They just know you work somewhere and they want that data. And sort of to that point, Thorsten, I'm hoping for your thoughts on. What are other common cybersecurity myths that you think small business owners need to be aware of to protect themselves and their customers?
Thorsten Streml...: Well, I guess as Jitan just mentioned, I don't have anything ... The number one myth is I don't have anything that's worth hacking. That's probably the number one kind of myth that I hear quite a lot. But you have to remember, for a lot of small to medium businesses, even if a hacker gets access to your customer database. Let's say you're keeping, even if you're just keeping it in an email account. It doesn't have to be anything mega advanced in terms of technology. Maybe you're keeping your customer list in an Excel spreadsheet or something else like that as you're going through.
Well, as a hacker, those are the things that I go after. Those are the things that I can use, because, well, I can now use the bait that I've caught, which is that list of customers to then aggregate even more.
So maybe I didn't. Maybe I only stole $500, $1,000 from you. But you know what? Now I have your customer list. And now I can ask them to send me information, to click on the link in order to get at them and to send them ransomware.
And by the way, it will typically be tied to your company name. Bernie, that's one of the things that I do is if I have your customer list. You've worked for a very, very long time to establish a trust, to establish a relationship with those customers. As a hacker, I'm going to try to make use of that as much as possible. And now by the way, I may send a Christmas greetings to that customer in your name and asking them to click on a reward that they get. Well, guess what? That reward is going to land them in some pretty hot water in that particular bit. And guess what? Well, the company that suffers, the company that gets hit with a negative reputation, in addition to maybe losing money is the company that just lost that innocuous kind of Excel spreadsheet that contained 50 or 100 customer names.
But it gets even worse. Because now, if you're dealing with other companies as your suppliers, these hackers can ruin your credit limits by getting things shipped to them in your name. So not a single thread, not a single bit of information that is in your network should be considered as safe from hackers, because everything can be and will be used against you.
Bernie Uche: I think that's another very strong point. But what I heard from that was that Christmas isn't safe. I'm just kidding. I'm kidding. Jitan, let's talk a little bit about strategy. A robust cyber security strategy does require financial commitment. And I think a lot of organizations, they might go for the bare minimum because they are just scared that security is so expensive and maybe they can't afford what they actually need.
What do you say to small businesses who believe that investing security is oftentimes too expensive?
Jitan Patel: It's a tough one to answer because there's a lot of bills to be paid in an SMB organization. There's a lot of financial commitments that a lot of leaders need to focus on growing the business. And security can be one of those topics that is more preventative than it is a growth strategy.
The reality is that I'd say, go look at the low hanging fruit from a security perspective first and foremost. Are your operating systems all upgraded? Is your antivirus software, and are you using one even first? And then secondary, are they upgraded? Do the things that are going to be low-cost solutions to getting your security levels up. I think that's the first thing. And focus on those first and foremost.
Not doing anything isn't an excuse anymore in this type of environment. And ensuring that your basics of what you're using within your four walls in your company is upgraded to the highest level is very important to keeping hackers at bay. And say, then start to build a plan around what are the areas that you find that have vulnerabilities within your organization, and start to execute against that plan on where investment priorities need to be.
At the end of it, yes, security is going to cost money. There's going to be a capital expenditure around that. However, the risk of not doing it is much greater than doing at least the table stakes and keeping software fully upgraded within your four walls.
Bernie Uche: I think that's a good point. And it's same like securing a house, right? Some people, you might think just go bare minimum, but it's really important to analyze and understand what you have, where you are, and what you need and pay accordingly for that because God forbid anything does happen. Hopefully you'll be in the best hands to take care of that issue. So I think that's a great way to think about it.
Hackers are constantly changing their tactics. They're smart and they're flexible. They're learning new techniques and they take not just small businesses, they take enterprises off guard. And if you do want to stay one step ahead, you need to keep your cyber defense strategies current.
In that vein Thorsten, what are Lenovo's offerings to help its customers keep up with the changing security landscape and what kind of security measures should small business owners prioritize?
Thorsten Streml...: There's a lot of different things. And Jitan just mentioned it. I think the safest approach and that is independent of Lenovo is really to put a plan in place. You will be hacked. That is basically the premise that you need to work on. You will be hacked, and therefore, what is your plan when you will be hacked?
However, there are many things by the way that you can do to make it harder so that by the way, your competitors are hacked before you are. That's always the thing is, if I make it $1 harder for a hacker to hack me than does my competitor, then that is also already me achieving my goal because they're going to go after the softer target. So there's a couple things, as I said.
As Jitan mentioned, please do look at, and I know this sounds like a marketing gimmick, but please do look at being on the latest operating system. That is one of the things that's just really important. And making sure that you use the built-in tools that for example, Lenovo provides to patch and upgrade your systems at all times. That's one of the things that's really important. And it's just a simple click away, or you just let Windows just do it, just keep it up to date and make sure that you check that your employees are keeping your systems up to date.
Number two, make sure that you use the built-in antivirus or the software that you have in your enterprise. Do leverage threat detection and threat remediation. And by the way, again, Lenovo provides a whole bunch of different things in that space to really make it hard for somebody, even if they click on the wrong link, that Christmas link, Bernie, I'm going to get back to the dangerous Christmas again, that you make it hard for the hackers to be able to leverage that kind of attack. And by the way, again, as Lenovo, we provide built-in protection for those things all over the place.
Another thing as well, do look at your password policies. And again, Lenovo provides, for example the built-in cameras, a built-in finger print readers in order for you to be able to put in complex passwords when you're authenticating to something or multifactor authentication, where you have to use two different factors to log into something. That's always better. Passwords can be guessed unless they're really, really good and strong, but when you combine those with a fingerprint, it becomes really, really hard again for somebody to do that.
And then lastly, we also work together very strongly around backup solutions. And that I think is a big one. Use the built-in OneDrive features, for example, to keep a very secure backup of your data in the cloud so that when a hacker or if a hacker gets access to your network and brings your company down, and by the way, asks for a $10,000 payment in return for the decryption key that you can say in calmness, "You know what? I'm going to save myself that $10,000 ransomware payment and I'm just going to back up from my backup that I actually have out in the cloud and actually be up and running fairly quickly." I'll probably still have to deal with some customer fallout, but those are the things that we have built into our devices from the very beginning that make it very easy for SMB customers, small to medium business customers to look at security.
Use it. Please, use it. That's why we put it in there.
Bernie Uche: Thanks Thorsten. I think it's important to remember that these threats are heightened because we're working remote. But you should do the exact same things if you are say, got everyone back in the office. I know is a tough thing to do, but this is great advice for being back in the office as well. Let's not take it for granted and go the other way as well. Thanks Thorsten. It's really, really good advice there.
I was reading a survey recently that say that nearly half of Canada small businesses expect to become victims of cyber crime in the next 12 months. And what Thorsten said is you should all expect to be. But the question is to what degree, and especially during Christmas. But a significantly higher number, not significantly higher number than the general population which is 34%. With that said, Jitan, can you tell us how Canadian SMBs security preparedness compares to other markets, and what do you attribute this to?
Jitan Patel: Well, one of the things, and one of the closest markets to compare to is the US organization, probably looks, feels a lot like Canada does from a business landscape perspective.
One thing that we've noticed from a Canadian perspective to that of our US counterparts is that the US is on a cycle that tends to be about 18 months ahead of Canada. An example of this is learning from home and device per student. The US has been on this push for over two years compared to that of Canada. Now, during the pandemic, we were required to obviously get our children ready for being able to study from home. That was a huge boon and that continues to be a huge boon here in Canada.
Security is on that same level. They tend to be a little bit ahead, perhaps not 18 months, probably about a year, but we see a lot of the threats that are occurring in the US that we need to be ready and prepared for here in Canada.
From a customer perspective and the readiness from customers in Canada, I think we are behind on this front from a geographic perspective. There is clearly hacks being done across North America. The readiness of the dialogues that we're having with our customers in Canada frankly, a lot of them aren't thinking about it as much compared to that of our US customer segments.
So my recommendation on this front is let's not be a year to 18 months behind. Let's start to put plans in place to be hacked, like Thorsten mentioned earlier. You're going to be hacked. It's just a matter of what degree of that hack is going to impact your future growth of your business. Being prepared for that is going to allow us to not have that threat impact our day to day business organization. So really the net of it is have the plan and make sure that we're upgrading what we need to from a security perspective to be ready.
Bernie Uche: And sort of another question that comes out of that. Since our Canadian businesses are typically 18 months behind our American counterparts, is there anything that you think that our businesses can do to sort of keep up or do we need to keep up? Should we lag behind? What do you think on that?
Jitan Patel: I think we can learn. I think it's the opportunity for us to learn and watch across the border and see what's going on there and prepare ourselves against those attacks. I don't think it's a sense of, we shouldn't wait. We should act earlier to be more prepared because right now we can see everything that's happening across the border. And it's just a matter of time that hackers catch on that say, "Look, Canada is ripe for these types of opportunities to be hacked against."
Bernie Uche: Awesome. Thank you for that. That makes a lot of sense. So stay on guard, watch what's going on. So we can learn and we can implement the learnings that we see from there. Really good points.
Thorsten Streml...: Bernie, if you don't mind to add a little bit to that, I guess. I guess I'll just say this. Everybody's behind on security. It's a continuous race. Hackers get ahead, security gets ahead, et cetera, et cetera. The one thing that is important is hackers know no boundaries. There are no borders. There is really no difference between a ransomware attack that I mount in Europe versus United States versus Canada versus South America. And hackers don't discriminate.
So yeah, to reemphasize what Jitan just said is that investment, looking at it is something that is very important, is very important to look at is if your devices are on the network and they have to be for you to be digital, to be competitive today, you have to be connected. I'm not advocating for you to remove all your devices from the network and never go back to fax machines and little paper notes on that. But do be aware of the fact that hackers know no boundaries. They know no borders. And that's something very important to consider.
Bernie Uche: Awesome. Awesome. Thank you. Thank you for that. We've got a Q&A coming up, but before we get there, just wanted to ask you, gentlemen, if you have one or two top tips that you haven't already shared that you want to share with our viewers today.
Thorsten Streml...: Well, if you don't mind Bernie, I'd love to start. As I said, and actually Jitan said it as well, number one, plan. That's it. Put together a list. If I am hacked, this is what I am going to do. And by the way, this is what I'm going to do to prepare in order to get hacked. No matter how large or how small your organization is, put one person in charge of security and IT security in your organization. Just nominate that person. And maybe get a little bit of additional security training in terms of some small courses. By the way, I'm not talking about weeks long courses and mega complicated certifications, et cetera, et cetera. Just there are some very basic, simple things that you can do in the organization.
So plan, nominate somebody that's in the organization that's going to be able to do something. Keep a backup of everything that you have in place. And then lastly, I guess is also put in processes in place that say for a transaction to happen to a bank account, emails aren't enough. So it's not the fact that Bernie and Jitan sent me an email saying, yes, please send $5,000 to this account. That's not enough. Put the processes in place that very, very clearly tell your employees what they need to do, so that the chances of hackers actually tricking you and your employees to doing something that is bad is much, much less likely.
Those would be, I guess, my top recommendations in that area. Jitan, sorry. Did I miss anything?
Jitan Patel: No, I don't think you missed anything, and I wouldn't override anything that you would've said there Thorsten. I think the only thing that I would add to that to business owners and probably people that aren't necessarily fluent in the security dialogue is to start talking about security, to start ... It's another ball. I know owner operators and SMBs or executives in SMBs, it's another ball to hold in the air. That can be challenging.
But recognizing that that is a ball that needs to be held in the air, starting to talk about it, implementing some of the things that Thorsten mentioned is the starting point. It's recognizing that growth in your business isn't the ultimate factor that you're trying to drive towards. Protecting that growth is super important too. And having that dialogue early and upfront to recognize potentially what you're going to do, if that threat does occur within your four walls, how are you going to handle that? And it all starts with at least just bringing the conversation up first.
Bernie Uche: Those are awesome tips, those are awesome tips. Thank you for the tips and for your contributions to the conversation thus far. I've learned a lot. I hope our viewers have learned a lot. We're going to start the questions now. I've got a couple of that I'm going to read, read through for you guys. This one is for Thorsten. We'll start. User asks, "How can I identify system logs to investigate a cyber threat to my server?"
Thorsten Streml...: Oh, wow. Oh, man. That's a really, really hard question. But at the same time, it's also a relatively simple, simple question. I guess it does depend on what kind of server you're using. But log files are very important to look at.
Now as a hacker, I guess, my main goal is to get into your company. My second goal, right after that is to hide the fact that I've been in your company. And so unfortunately there are ways of hackers to go in and get access to those log files in order to just simply hide the fact that they were there.
By the way, this is one of those things that made the SolarWinds hack that some of you may have heard of so incredibly damaging is the fact that hackers managed to enter and become admins on the servers. And then by the way, look at it.
There's a couple of different things that you can do, is look at it holistically. Don't just look at your server. Look at network traffic. That's one of the things is, so look at your company's firewall and network traffic if you have a firewall in place. Look at to see how much consumption has gone up or down. That's a typical indicator. It might, by the way, also be an indicator that your employees are doing things that they shouldn't be doing on the network. But look at it that way.
And then, depending on if you're using a Linux server or if you're using a Windows server, or if you're just using a cloud-based server infrastructure there are the simple Windows logs, for example, that you can look at. But threat detection and threat remediation in terms of software is going to be the best way of doing that from a central location, from a central console.
So that's exactly why we introduce it. It makes it so much easier to just have to look in one place rather than know the 20 or 30 different places that you would typically have to look at.
Bernie Uche: Awesome. Great question and great answers. Simplify it is basically the main thing I got from that.
And please everyone, keep the questions coming. I want to encourage you all to submit your questions by clicking on the Questions tab. And if we have time, we will get to all of them. We'll get to as many as we can.
Jitan, the next one I have is for you. The question is what are the top types of attacks SMBs could face based on your observations of US incidents?
Jitan Patel: Ransomware is the biggest one that I have seen across. And I'll make that more of a Canadian statement. When we're dealing with customers here in Canada, that's the biggest one that I've seen here in Canada. When I talk to my peers in the US, that's also the ones that they're seeing the most of too.
Bernie Uche: Awesome. Awesome. Ransomware isn't awesome, but great advice for what people need to look out for. Thanks Jitan.
Thorsten, I'm going to throw this back to you. The question is, "We've had hack attempts and as a result we had to restrict remote access to our files. This has greatly hindered our ability to support offsite work getting completed. What system, server, or software is there that I can use that will secure and keep my files confidential, doesn't allow my staff to save or share files to their own computers, et cetera?"
Thorsten Streml...: There's a couple of different things that we've seen in this space right now. So it depends on, it really depends on your individual situation. What customers have done is actually in this particular case, a large part of it is implement something that the industry calling desktop-as-a-service.
So there are solutions, for example, from Amazon it's called Workspaces. There's also another solution from Microsoft called Windows 365. So that's not to be confused with Office 365. It's called Windows 365, which are actually fairly simple solutions where you can configure a digital twin of your work PC out in the cloud.
And then basically what happens is no matter where I am, I can, whether I'm on my phone, whether I'm on my son's PC, which by the way is probably infected by viruses or anything else like that, all I do is I'm able to access the files through a browser or through a simple interface, but the files, the applications and everything else like that purely remain out in the cloud.
This is a very, very simplified version of VDI, of a virtual desktop infrastructure, by the way, that could get really, really complicated. We've seen a tremendous amount of adoption in that space.
Now, there are other solutions that we can talk about. Again, I did mention OneDrive or SharePoint, for example. There are ways that you can configure the files to be read only in that particular case. And there's also a way of you preventing those files to be copied down onto the machine. And those are all things that are actually fairly simple to implement.
Bernie, I'm sorry, I don't have the one-size-fits-all solution, but there are actually plenty of solutions out there because that is a challenge all in by itself. If I now have HIPAA sensitive data about my customers or about my company, I really don't want that to be able to be leaked. But there are many, many solutions out there. As I said, desktop-as-a-service or a kind of a OneDrive with some sharing limitations would be the immediate two that I would recommend.
Bernie Uche: Oh, the fact that there are plenty of solutions is actually a good thing. A lot of people research, but it's a good thing because not everything is one-size-fits-all. So I think that's important. I'll get to ... I think we've got time for two more of these.
Jitan, for you when should a small business consider having their own onsite server?
Jitan Patel: That one's a tough one. And I think that has to do with a lot of how your organization of course works. I'm not sure I can answer that one right into the gate. Thorsten, I might lean on you to give me a hand with this one. But I think it first has to start with what's the organization doing with that server? What's going to be kept on that server? How are you going to be using that server? And then, is that server going to be accessed only internally in the network or is it going to be outside?
So I think there's a lot of things with what's that server going to be doing first. And understanding the importance of that. Is it critical that how that server's going to be accessed outside of the core network going to be a concern? Well, then I think you have to change your strategy on whether you're putting that server in-house or you're keeping it on the cloud. I'm certain that person is going to be equipped to be able to answer this question probably better than I will. So I'm going to lean on him on this one too.
Thorsten Streml...: Great. Thank you. That's hunting the hard question off to me. No, no, but yeah. Jitan, no, it is ... You're right. It is very much about how you're using. But having a local server does mean that you do need to look at security in your environment a little bit more, and I'll give you an example.
I actually have a friend of mine who runs a fairly large car dealership. Now their approach was I'm going to put a server in place. I'm going to put a server in place in my network. And I'm only going to give my local employees access to the server, and I'm not going to give them access to the internet on the same systems that also have access to the server. So basically they put an air gap in place between that server and the outside.
So if I wanted to research something on the internet, then I'd have to go to this one PC. But if I wanted to connect up to my customer database, I'd have to connect them. And by the way, everything was fine. They had a PC in the garage itself where all the repairs were being done that obviously now had to link up to that server in order to pull all the customer data off of it to put it into the nice little reports that you got and to add I changed the oil and I changed the tires and therefore, this is the bill that you're going to get. Seems simple.
Well, guess what? The guys in the garage figured out a way of hooking up that PC to the internet, without anybody knowing. By the way, people will always figure out stuff to do. And now all of a sudden that PC in the garage connected up to the internet, it got hacked, it infected the server. The server then got ransomware hit. By the way, that was a $25,000 ransomware request. Now I do have to say. I'm going to polish my nails here. Him being a friend of mine, he had actually spoken to me. So we actually implemented those four tips that I mentioned earlier on. He had a plan, he had a backup, and he had somebody that knew how to react. And so he was able to get out of that particular thing fairly quickly.
But to answer the question is it really depends on the organization. But bear in mind, if you put a server in place, it will also require security, just like everything else that you have in the organization.
Bernie Uche: And to follow up, there's this other question that asks is there a firewall? What sort of networking protection should I have at home? Is a firewall from an anti-virus provider enough? It sounds like maybe, maybe not, depends on your circumstance, depends on your business, right?
Thorsten Streml...: It really depends on the circumstance. A firewall is already going. Let me be very, very clear. Every little measure, putting good passwords in place is already something that's really, really good.
I do have to say is putting a base understanding of your employees is by the way that is beyond anything technical. And by the way, I work for Lenovo. Let me be very clear. We're a technology company, but my number one recommendation would be to invest in your employees knowledge in terms of what can happen.
By the way, I'm not saying watch some sort of a Hollywood movie about because those are typically very unrealistic. But there are simple things like, "Please, don't click on that link that somebody's just sent you," nitty gritty because that ... even if whatever, it's a holiday greetings from your best provider. Don't do that. Always verify that the telephone number and the email that sent you an email is actually the person that was there.
So if I receive holiday greetings from Jitan and it's now by the way, they've slightly misspelled his name, then maybe there's something wrong with it. There may be something in there that's there. And if I have any questions, if I get anything, don't dial the telephone number that's in the email closing that you just got. Go to your customer database, check to make sure that the telephone number that's at the bottom of the email matches the one that's in your database, and just give them a ring, pick up the phone. In these COVID-19 times, communication is one of those things that's there.
And then by the way, once you've done those simple things, that's when you move into technology, firewalls are great. Use BitLocker encryption on your drives for example. Use the embedded security solution that's in the Windows operating system already. That by the way already will take you really, really far and all the protection mechanisms that are there. And then by the way, also leverage the stuff that we provide. There's a reason why we put those in there, and it's definitely not so that we can get a buck or two more out of our customers. It's because we know that we need to keep our customers secure.
Bernie Uche: That's awesome. That's awesome. And the moral of the story if you get one thing from that is, if and when your organization sends you one of those security videos, watch them, don't turn off the volume and just let it play, watch and listen, because you've got to understand and get the knowledge. And then the technology can come f. From the admin and also yourself, so you can put it into practice.
But that's all the time that we have. I want to thank Thorsten, Jitan. Thank you so much for your insightful conversation, and thank you for taking questions from our audience. And thank you to the audience for such good questions as well.
Before we sign off, I'd just like to remind everyone about the Digital Needs Assessment or DNA that Mary-Anne mentioned at the start of the program. This is an online tool that only takes 20 minutes to complete and assesses the core competencies and gaps in the digital capacity of your business and how it ranks relative to your industry. To take the Digital Needs Assessment today, simply click on the graphic to the right of your screen in the Info tab or visit rap.bot.com.
To register for all upcoming webcasts, please visit supportbusiness.bot.com and select webinars and videos. That's all the time that we have. Thank you once again everyone for joining us and please have a great day and happy holidays.