Issue link: https://iconnect007.uberflip.com/i/1269815
JUNE 2020 I PCB007 MAGAZINE 19 now. That has impacted our business, so we don't see the same numbers that I hear about in other areas of the country. Matties: If you were doing ventilators, you would be full up. Ryder: And there's not a lot of medical manu- facturing in the Northwest here. It's a lot of avi- ation, aerospace, and software, which doesn't have anything to do with us. Matties: I'm glad you were able to come back out of this stronger and better. Do you have any final thoughts or advice you'd like to share with the industry? Cormier: Again, make sure disaster recovery plans are in place, and you're doing business risk assessments to verify where your pain points are. This is key, from an IT perspective. Ryder: I would recommend that you have an outside party come in and review your level of security, as well as your insurance, for any problems. There's nothing to say that you will be hit with it, but if you are and don't have coverage, you're going to wish you did. Matties: You were in a great spot because my understanding is the financials of your organi- zation are quite strong, and you have low or no debt, but most companies aren't in such a great position. Ryder: If we had debt, it would have wiped us out. As I said, we were hit with a one-two punch because the virus problem showed up before we were out of the woods on the ran- somware issue. Effectively, in the Seattle mar- ket, King County, we're not even in phase one of being back and open for business. It's still a ghost town around here. Cormier: I'd also note that if you don't have any- thing at all in place and you're looking, there are some fairly inexpensive online solutions. Some options are within the $200-a-month range to help you put together plans for secu- rity awareness training, etc. One that I utilized in the past is securityprogram.io. It's pretty in- expensive to get yourself started on awareness, training, and implementation for the right kind of security that your business needs. Matties: You have been talking about a stress test on your systems. If you wanted to bring somebody in, is this a company that you would look to? Are there other resources that you would have come into your organization and work with you? Cormier: Other resources I've utilized include IT firms that do penetration testing and inter- nal security penetration testing. They give you an overview of deficits and where you need to be. Ryder: Probably the easiest thing that busi- nesses can do is make sure that they've trained and informed their employees who have access to email, the internet, etc., to be suspicious if you don't know who an email is from or if it looks weird. Make sure your IT team checks it out before you click on any attachments or links. Once you've clicked, you're going down a one-way street from which there's no return. Matties: As you said, isolating your mail ser- vice from your internal infrastructure is a backup to that vulnerability of an employee clicking on a link, whether they intended to. Sometimes, these things get clicked. I'm glad you're back on your feet. Eric, I know it's a monumental task you went through, so I'm sure there were a lot of IT lessons learned on your part, too. Cormier: Exactly. It gave me a lot to take with me to school because I'm going back for my master's. Matties: Thank you both for sharing your story and advice for others. It's greatly appreciated. Ryder: You're welcome. PCB007