Why Using Your Home Router in the Office Is a Really Bad Idea

WGMD Business Spotlight Featuring ThinkSecureNet - Episode 08/19/21

Interviewer: Let’s welcome back to the studios of WGMD Mr. Jack Berberian from ThinkSecureNet.com. He is the CEO and co-founder, and Mr. Mark Kosloski is Vice President of Sales. 

Gents, welcome back. Always a pleasure to have you here. Doing great.

Jack: Thanks for the flag. It looks great. 

Interviewer: Thank you. Mark, how are you? And Jack, how are you doing? 

Mark: Good. How are you doing?

Interviewer: Okay. Now then, almost anyone could go into a big box store years ago. One would have gone into a place like RadioShack maybe and bought some kind of an electronic component, thinking that perhaps they would keep their home networks secure that way. But there is actually a key difference — many of them, I’m sure — between enterprise-grade equipment and consumer-grade equipment. Isn’t that right? 

Jack: That is correct. 

Interviewer: Tell us about that, Jack.

Jack: It’s just like any other device that you would buy in your house, for your car, if you’re cooking. Something that you buy residential as opposed to commercial. 

When we’re talking about enterprise-grade network equipment, there are a few essential characteristics and not just features but a comprehensive device or solution that is strategic to supporting complex requirements that organizations have today. So just some examples, productivity, stability, scalability, security, and compliance. 

Interviewer: If we break those down just quickly?

Jack: Productivity is the amount of time it takes to transmit data, throughput, speed, simplicity of access, content filtering. All of these things allow your workforce to be more and more productive.

Stability, a solution will be reliable. We had a physician at one time. He continued to have us come and reset his wireless router at least three times a week. So a couple hundred bucks every time we went to the doctor’s office, this was a doctor’s office. And I kept telling him, “Let’s just change the wireless device and something we can control.” He had one that one would perhaps normally find in a home. 

Interviewer: Is that kind of what the deal was? One in the home with a standard password. Okay. No, you mean, “I’m glad I don’t go to his office anymore.” No, I’m only kidding.

Jack: The firmware was never updated.

Also, scalability. So the firmware is the actual software that is powering the device itself. The firm comes with it. It comes with standard firmware, and then, as issues arise and patches are put in place, you need to go in and update that firmware, restart the device, make sure all the settings are correct. And most people just don’t do that. 

Interviewer: Now, is that firmware updated by the internet of things? Is that how the firmware is updated?

Jack: It depends on the device. Some devices you can automate. When the firmware is there, it will download it, install it, reset itself, and move on. With a lot of the firmware, you have to actually download, install the hardware itself, and then bring it back up and make sure all the settings are correct. So it happens in a number of different ways, but most people just don’t do it because they don’t know how to set it up. 

Interviewer: Okay. Now, Mark VP of Sales, expand, if you would — and I know you can — on the security aspect. 

Mark: Jack was just giving you a couple of examples of where an organization will have the need for maintaining a secure environment, and storage keys are a big piece of that. 

Last week, we talked about PCI, right payment card authorization, and having to maintain it locally encrypted. The difference between an enterprise solution is that it’s one in which you’ll actually have the keys in a central safe location. That’s managed by your IT department, your ownership, or somebody who’s an authoritative individual as we’re consumer grade. 

You know, you run the basic encryption off your laptop or your wireless system. Essentially those keys could become lost with the laptop itself, and trying to recover that essentially just locks you out of the solution. It’s a really big deal. Even the encryption we talked about when transmitting data, a point of sale machine, you swipe the credit card, it’s actually querying out into the internet, looking for authorization for that transaction to occur.

You want to make sure that that is encrypted from point to point and end to end. And many of the enterprise-grade solutions that we offer actually provide a tool in which you can test that incorruption link and then validate it. And when you run that test, it does so much as to even print out a report, showing that you’re compliant, and then should an auditor come in and ask to see that, we talk about enterprise-grade. There’s a very similar term in the industry — medical grade — for healthcare entities. 

So when you’re doing a security risk assessment, that standard encryption has a certificate; it’s been tested validated by a third-party source. And it’s something that an auditor would look for. So it’s a fantastic option from that perspective. 

And then, Jack, you mentioned the firmware upgrades and stuff like that. It’s not just about receiving the upgrades. Having an organization that stands behind their products and makes those changes when necessary when they’re looking for vulnerabilities, they advertise them appropriately, thereby giving you the tools necessary to actually lock that system down. And anybody will tell you in the industry that hackers look for known vulnerabilities as the first step of access; they’re traditionally lazy. Like anybody else, nobody wants to do more work than they have to. So known vulnerabilities on key devices are probably your number one threat within an organization.

Interviewer: Now, Jack, there must be a quality aspect as well at different levels.

Jack: Absolutely. Everybody can define what they do themselves, and it’s really the end product that is the judge of what you’re actually getting. We take over accounts all the time where they’re using an individual person. Again, one person, that’s impossible to have all of the credentialing and experience necessary to manage an entire network so that you know what they put into the software, the updates, the firmware, the patches, the credentialing of their team, the security risk assessment like Mark mentioned, and the encryption. For medical professionals, that’s required. 

Having all of those things in place and being able to prove that you actually are doing what you say you’re doing is the big difference. So if you have a managed service provider, you have an IT person that’s working for you right now. You should ask them to see what it is that they’re doing. What, how are they patching? When was the firmware last updated? You need to start asking questions.

At my age, I see a lot of doctors. I often ask, “Can I email?” The answer in almost every case is no. And now I’m beginning to presume that because they simply either don’t have or don’t trust whatever kind of firewall they may have at their enterprise level. They just don’t want people even trying it. 

Interviewer: Would that probably be your assessment? 

Jack: Yeah. Most likely, we don’t have encrypted email. It’s not secure. 

Interviewer: Wow. So they’d rather not deal with it. 

Jack: Yeah.

Interviewer: Alrighty. About nine and a half minutes, if you have a question for Jack Berberian or ThinkSecureNet, about your enterprise, IT, your enterprise telecommunication, you can give us a call right now and ask away at (302) 945-92-92. That will be a free call for you — courtesy of Verizon wireless. 

Now, then, there’s nothing that you can do today that does not have a dollar value attached to it, sadly. However, you have figured out how to do things without draining people’s money away. Talk a little bit about the impact that this will have on a business’s budget to make sure that people can’t just come figuratively waltzing into their system.

Jack: We run into this all the time. And, you know, when practices and businesses are using someone who’s working out of their garage or their home, there’s nothing wrong with that, but at some level, that’s not going to be enough for your organization, and you need to make the investment in order for you to have a scalable organization where the folks that you’re employing are saving time. And that means saving you money, and they’re more productive. So that’s how we pay for ourselves. 

The systems that we put in place allow the workforce to be more fluid, allows them to be scalable. During the pandemic, all of our customers were able to go home and work remotely pretty much seamlessly. Today, they’re at the office. Tomorrow, they’re at home. The hardware and the software and the investment you make upfront allows you to reap the benefits when things like that happen. 

I had met with a gentleman up north, probably about two years ago. And he said, “It’s just too expensive, Jack.” And I said, “I don’t think you understand what expensive means,” and about a year and a half later, a huge breach home. 

Interviewer: No. I was about to guess as soon as you said, “About a year later,” I thought, “Oh, good grief.”

Jack: Because I know what’s the cost of what we presented him. He’s paid probably 20 times over and just getting caught up with everything he needs to do, and attorney’s fees and investigation by the government. So, I don’t think the word expensive is correct.

Mark: That’s the irony that we hear over and over again. You mentioned the tagline that we spent more on sushi last night than we do for our wireless security. Often when we’re coming in to save the day, it’s because people spent a hundred, a couple hundred dollars on some basic consumer device they failed to secure, and it doesn’t have the capability to be secure. 

And so we’re having to come in behind them and actually implement a more strategic, valuable solution that’s at an affordable price. But to Jack’s point, if it’s too late from a perspective of compliance or disclosure or the breach, whatever the case may be, you’re going to be paying ten to a hundred, maybe even a thousand times what we were talking about in the initial conversation. And, you should have just spent the money upfront and done it right the first time.

I think there’s a connection in there. I think it was Terry Bradshaw who pointed to sushi and said, “Where I come from, we call that stuff bait.” Ransomware people and other hackers view barely secured systems as their bait. 

Interviewer: There’s a joke in there. I don’t know what it is. I’m not going to try to go there. Tell us how people can get in touch with ThinkSecureNet.com if they’re serious about making sure that their enterprise is not going to be left wide open and vulnerable.

Jack: Honestly, the best thing everyone can do is just go to ThinkSecureNet.com and read for yourself. We have all kinds of planning, aids, white papers, checklists, different things that you can use to go through your office and see if you’re actually doing what you should be doing. And if you’re not, give us a call if you need some advice. But everything starts with ThinkSecureNet.com. Just fill out the form there, and we’ll get back to you on the same day.

Interviewer: Okay. Outstanding Jack Berberian and Mark Kosloski from ThinkSecureNet.com. We look forward to speaking with you next Thursday.

Experience the impact the right technology partner will have on your business.

Contact Us

Subscribe To Our Blog

We are Complexity Management Specialists

Experience the impact the right technology partner will have on your business.

I'm In!