Kraft’s Don Baham Talks Cybersecurity On Jim Beach’s Podcast “School For Startups”

Kraft Technology Group President Don Baham was recently interviewed on School For Startups to discuss common myths surrounding cybersecurity in today’s business world.

Kraft Technology Group’s very own Don Baham recently joined Jim Beach on the School For Startups podcast to talk about the IT services and consulting, and particularly, the role that cybersecurity services play in the modern business environment.

There are plenty of myths as to how necessary cybersecurity support is based on the type or size of business in question. Jim and Don talked through these misconceptions to set the record straight.

Click PLAY below to watch the complete interview.

Can You Be Too Small Of A Target For Cybercriminals?

While talking about the services that Kraft Technology Group offers, Don explained that a majority of our clients have anywhere from 25-250 employees, generally operating north of the $1M revenue mark. However, there are certainly exceptions to that rule.

As Jim and Don agreed, cybersecurity services are necessary for organizations as small as a one-person shop. Despite what many believe, you can never be so small of a business that you’re not a viable target for cybercriminals.

“It’s a common misconception, and regardless of your size, you’re a target,” said Don. “We actually have some brokered dealers that are one-person or two-person shops, very small, that deal with sensitive client information, and so they have a need for advanced security solutions but obviously their budget is small, so we have to figure out a solution that works for them.”

Don explained that smaller organizations are hit by ransomware and other cybercrime attacks all the time. No matter how big they are, the consequences of the attack are dire.

“Recently, we helped out a local middle Tennessee business that I believe had around 15 employees, so, you know, very small in consideration, and didn’t necessarily deal with sensitive information, not financial services or healthcare,” said Don. “And yet, they were a target. It took their business offline for almost ten days because they didn’t have the security services in place proactively.”

Is The Cloud A Security Safety Net?

Jim then pivoted the conversation to talk about the cloud, noting that it’s a service offered by Kraft Technology Group. Given that the cloud stores data offsite, can it be considered a viable backup in the event that something goes wrong on-site?

“In theory, there are some inherent security advantages to the cloud,” said Don. “You don’t have the data stored locally, so even if your device breaks, you can just download the data and get going. Obviously, cybercriminals have caught up with that mentality and they have figured out ways to infiltrate cloud accounts, encrypt data wherever it resides, and hold your data hostage.”

The truth is that security is not as simple as just storing your data in the cloud. In order to protect yourself from constantly evolving cybercrime tactics, you need to take extra steps to protect cloud data and applications.

“Simply having data in the cloud, or your applications in the cloud does not mean that you’re immune to many of the attacks out there,” said Don. “Be smart, make sure you’re using the right cloud, make sure you are implementing the right security services on top of those services to keep them secure. And make sure you’re using either internal resources or outsourced resources that know how to secure those cloud services – like Kraft Technology Group.”

Are Your Vendors Putting You At Risk?

Jim then mentioned the 2013 Target hack, noting that if it can happen to a business of that size with its scope of resources, it can happen to anyone – right? Don agreed and explained that the Target hack highlights another key vulnerability that many businesses overlook – their vendors.

In late 2013 Target was hit with a major credit card fraud malware attack when hackers gained access to their network through the corporation’s HVAC vendor Fazio, who had been given external access for business purposes.

“In the case of Target, that was actually a third party that was the initial entry point,” explained Don. “That brings up another point, whether it’s cloud or another service provider what are you doing for vendor management? Are you making sure that the products and services you’re using are being managed appropriately, and are you managing your vendors appropriately to manage their risk?”

What Sets An IT Company Apart From The Others?

Shifting the conversation back to Kraft Technology Group, Jim wanted to know what makes them any different from the many other IT companies operating in the same market and offering seemingly the same services.

Don explained that the key differentiators include:

  • Expert Personnel: “We’ve brought people up from Atlanta and Washington DC, we’re attracting resources from outside the local geography,” said Don. “It’s about culture – we make sure we have an environment that fosters teamwork, rewards individual effort, and then obviously, we need to keep up with the market and the pay scale as well.”
  • Unparalleled Transparency: “We are independently audited every year to make sure that we’re doing what we say we’re doing, and to make sure that we’re operating the business in a way that makes our clients feel comfortable that we’re providing the services we should be,” said Don.
  • Security Is The Priority: “That may differentiate us from other managed service providers, that our certifications for our individuals and the way that we bundle our services put security first,” said Don.

Like this article? Check out the following blogs to learn more:

The Need for Cybersecurity Expertise at the Board Level for Banking

The new Health Industry Cybersecurity Practices (HICP)

NIST’s Small Business Cybersecurity Corner