We recently met with Nathan Collins, Director of Sales and Marketing at PAVilion, and found out that his company provides essential support services to organizations.
Private Internet Access: What has your journey to your current position been and what do you love about working in cybersecurity?
Nathan Collins: In the late ‘90s I was an economics graduate from UCW Aberystwyth and determined not to go anywhere near IT. IT had been the profession that my father had chosen, and I wanted to go a different way. Alas, I failed spectacularly in this endeavor with a 20+ year career involving technical direction, consulting services, support services, and everything else associated with technology. However, in the last 5 years I have broken free a little becoming a sales director.
Love is too strong a word for how I feel about cybersecurity. It’s almost like preaching, and no matter how you preach to clients about being prepared, sometimes they decide it’s not a tangible asset because it is a cloud service or a subscription and they don’t understand the value of the protection being advised. My organization provides IT goods as well as services and if cyber issues arise then we are duty bound to resolve them as soon as we possibly can. Stressful times and certainly made worse if the client has not prepared appropriately.
PIA: Tell me what your company does.
NC: About 60% of our revenues come through the support services and hosted services supplied to our customers, and some organizations use us as their outsourced IT department. If they have any internal systems issues, they call us, and we help to resolve those issues. For some customers, we host their infrastructure applications for them on a monthly subscription basis. They can have fully managed or partially managed systems. Some of our customers have strategic IT resell projects with us, which is a diminishing part of our business but is still significant.
PIA: Why do you think individuals and companies need a good VPN?
NC: We have numerous clients who use a VPN. Any task that requires an employee to access a computer, storage or application that exist only at the office and where cloud migration is not possible due to compliance or latency reasons will require the creation of a VPN network for access. There are lots of financial or legal applications that fit into this space, and a VPN becomes essential. You can interface with the core network through a VPN and get access to these systems and work on them as though you were local. However, there are risks associated because a VPN is, in fact, extending the core network through to a home lounge or kitchen and then unforeseen issues often manifest themselves.
Number one, is that home broadband router being delivered by IT as a service to that end-user’s environment? Often, it’s the home broadband solution.
Number two, who set the password? Was it changed? Is it the default with the router? Is it the standard password that came out? What does it broadcast itself out to the world? Is it hidden? Or is it as the default Sky or BT? Is it masked? If you look at ransomware, phishing, and whaling, there’s a lot of information on individuals. The higher up in an organization you go, the more valuable that individual is from a cybersecurity perspective as more access to data and systems is afforded. Hackers can easily find out where that person lives and potentially be able to sniff the home network from nearby, find out if this is a traditional piece of home broadband kit with no password set, projecting itself to the street. So then being able to get onto that home network with a great chance of then getting onto the corporate network through the VPN.
PIA: What do you think the worst cyberthreats are out there today?
NC: It’s user identity and password management. Multifactor authentication otherwise known as MFA attempts to address this and does so very successfully and addresses a very large hole in the cybersecurity profile of an individual and actively challenges identity when access to systems or applications is attempted through a different authentication device. MFA in IT terms is relatively new and requires new end user behavior when accessing systems and as a result, many end-users do not like MFA and often resist change. Unfortunately, we also see the resistance increasing the higher up within an organization that you go.
But we are comforted by seeing companies starting to push their users to use two-factor authentication. The organizations start to benefit, and it becomes very little risk. Password management is where the issues start, and MFA neutralizes this issue.
PIA: How would you say the pandemic is changing the way your company deals with cybersecurity?
NC: Customers are working from home two or three days a week. We’re taking support calls from individuals who cannot get application access remotely and are struggling to access the corporate network. Or they have received something that’s got through their email gateways and looks legitimate. Items that were from the director of finance by way of example and they clicked on it. Whatever processes then get initiated on the user’s computer then does some damage. They’re contacting us because of this very stressful and often sensitive situation.
We have had to become even more savvy at understanding how their needs have changed and how their risks have increased and being a little bit more compassionate with them. They are nervous, stressed and often alone without colleagues for extended periods of time. When you go to our website you can see lots of very good feedback from many of our customers referring to our excellent support operatives and much of the feedback isn’t technically focused on problem resolution but more on how they took hold of the problem and alleviated the stress.
The original article with Private Internet Access can be found HERE.
