Cybersecurity As A Contemporary Fear
Small and medium businesses now see data breaches as more damaging than other disasters
Many small businesses that would not be without a staff accountant or an attorney on retainer choose to try to get along without a human resources director or consultant. This, despite a general awareness that people issues can be messy and costly.
They may effectively reason that HR is not a problem until it occurs.
In like fashion, said Dave Wagner, the CEO of Zix, a Dallas-based email security firm, new and small businesses often fail to consider their assets, identify the cybersecurity risks associated with them and then mitigate those risks by establishing a relationship with a managed security provider.
Zix doubled its size in February 2019 with its acquisition of AppRiver in Pensacola. Wagner said AppRiver’s marketing director, Jim McClellan, along with Eman El-Sheikh, director of the Center for Cybersecurity at the University of West Florida, regularly survey businesses across the country and consistently arrive at the same finding: Businesses are concerned about risks to cybersecurity that they know are real, but they do not recognize that they are so complex as to require outsourcing of risk management.
“We are up against cybercriminals of all kinds,” Wagner said. “The state-sponsored actors that you read about in the news are highly sophisticated about exposing vulnerabilities. We encourage everyone to move their services to the cloud and take advantage of Microsoft Office 365 security solutions.”
AppRiver, founded in 2002, was one of Microsoft’s original syndication partners for Office 365.
“We provide our partners with the Microsoft mail service,” Wagner said, “and then layer on top of it advanced threat protection, phishing scheme protection and solutions that meet archival requirements and requirements for the safeguarding of personal information.”
Financial institutions account for about half of the archival needs addressed by AppRiver, but, Wagner said, the transparency mandated of government agencies increasingly will lead to more work in that area.
In addition to email, AppRiver archives activity on some 50 different communication channels, including video and messages delivered via platforms ranging from the familiar, such as Facebook and Pinterest, to the likes of Bupa and Flock.
“Social media are an important part of keeping in touch with customers,” Wagner said.
“Businesses want to sell, customers want to buy and customers are moving to social platforms. We have to be there and, as we go there, we have to understand the risks that come with increasing your attack footprint with your social media presence.”
Wagner advises businesses to provide employees with specific guidelines about posting and to educate themselves about phishing attacks and compromise attacks.
For Wagner, Zix’s move to enlarge its footprint by purchasing AppRiver made abundant sense.
“I couldn’t be more pleased about joining the Pensacola community, which truly has made a commitment to cybersecurity,” Wagner said.
“The underlying investment in defense in this area brings a lot of talent and resources to town. Dovetail that with UWF, Pensacola State College and the work that Eman El-Sheikh is doing at the Center for Cybersecurity, and then add AppRiver, and you have a strong cybersecurity presence. I am even more excited about the future of what we can do in this area.”
AppRiver, Wagner predicted, will eventually double the number of its employees from 250 to 500.
At present, he said, it is growing revenue by 50 percent per year. In total, Zix employs more than 560 people.
“Pensacola is a place where we have enjoyed great success in hiring talented employees with a real commitment to the company’s mission, to providing security and customer service,” Wagner enthused.
In doing its due diligence about AppRiver, Zix was impressed by its net promoter score, a measure of overall satisfaction with the company, arrived at by subtracting the percentage of the company’s detractors from the percentage of people who would recommend it to others.
AppRiver’s score was 78.
“That was Apple’s score when they were doing their best,” Wagner said.
“It’s a world-class score, and it is delivered by the people here and how they interact with customers all over the country and the world. Their commitment to mission and purpose and to each other will differentiate us in years to come and allow us to continue to grow.”
In the second half of 2019, AppRiver added a team of outside salespeople who jet about the country, meeting with “partners,” as the company prefers to call its customers.
It hires graduates of UWF and Pensacola State College and otherwise from leading universities in the South and beyond.
Wagner is recognized as an IT industry leader. After the 2013 data breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers, he testified before the Energy and Commerce Committee in the U.S. Senate.
There, he described the “asymmetric” relationship between big technology companies and consumers in which the Apples and Facebooks of the world have “all the power.”
“I am not a huge fan of government regulation, but in this case, because the asymmetry is so dramatic, we need some protection for individuals to bring about some balance,” Wagner said.
“There are rules in Europe, and we are moving forward in the United States with California being the first to adopt the kind of regulation that puts some control back in the hands of individuals.”
Europe’s General Data Protection Regulation was designed to give consumers a greater say about their data and to provide them with legal avenues for holding companies accountable. GDPR requires that companies ask users to opt in before their data can be processed by third parties.
But “the rules are relatively loose when it comes to metadata,” writes Canadian journalist Brian Barth. “Even if the contents of a phone call are protected, the time of the call or the parties involved may not be.”
Bottom line: Regulations are not about to obviate concerns about privacy or the activity of cybercriminals — or the need for firms like AppRiver.