Issue link: https://iconnect007.uberflip.com/i/1253723
40 SMT007 MAGAZINE I JUNE 2020 is how much data you can push through a con- nection at once. When you start doing inter- active videos, you increase your bandwidth significantly. What you described with your question is the chokepoint, or the smallest part—the VPN—and that could be because the VPN isn't big enough, meaning the bandwidth or processing power is too small. If you go to my house right now, I have a red cable on my floor because my home wireless cannot handle my entire family video confer- encing at once. I've talked to dozens of people now who have shifted from wireless to wired in their homes for this reason. The pros are it's very stable and strong. The cons are you have this tripping hazard eyesore on your floor. Johnson: For the company that goes through this process only to find out that they have some work to do, what resources can they use? Landeck: A lot of companies are doing this right now. When I started in cybersecurity 20 years ago, it wasn't a thing. There were no col- lege classes that taught it. It was largely peo- ple that were self-taught, and there was not a lot of work for it. Most of us started off as soft- ware developers or administrators and did this on the side. Now, there are two things that are happening that are driving this. One is risk. An organization gets hacked, finds out not having security is more expensive than having it and pushes to start having it. The other issue that drives it is regulations. Almost any industry you're in now says there's a minimum level of security you must have. When you go to your doctor's office, the security there is because they have to or they want to do both. But what happens is HIPAA says, "At a minimum, you have to do this." If you're a small software company here in Sacramento, you're going to need something. Talking to a security consultant about what to do makes sense, and one thing I always empha- size is a cost/benefit analysis. If you're a small software company, you shouldn't be spend- ing millions of dollars on security unless your business analysis tells you that you should. It goes back to how we started the conversation. As a company, figure out what's important and what you do and don't need to spend a lot of money on. What are your crown jewels? Do you have intellectual property? Do you have a database on customers you don't want to lose, and if you did, would you lose their trust? Before you spend a lot of money, figure out what it is you're trying to protect, and then get a consultant to help you understand what you're protecting it from and how. Do your homework. What is it going to cost you to respond to the security event? Then, there's a replacement loss, and this is probably another example of ransomware. If they "brick your system," where they encrypt your system to the point it can no longer be useful, and you don't pay the ransom, you have to replace that or those devices. When we talk about intellectual property, we're talking about competitive advan- tage. If I'm a local company with a database of users that gets breached, if my com- petitors have my list of cus- tomers, I'm losing a compet- itive advantage. When a company decides to start implementing more cybersecurity, they need to figure out what kind of losses they're afraid of. Once they figure out what could hurt their business, as a third-party consultant, I