31. Aaron Collins: “Covid has drastically changed our approach to IT security"

Aaron: Well, thanks a lot for having me.

Aaron: We are a nonprofit in southwest Missouri. We serve infants, children, adults with developmental disabilities or physical disabilities, or developmental delays. 

We do this by providing therapies, education, and habilitative programs. We try to promote personal growth by teaching skills to integrate into the community and fully lead productive lives.

Aaron: Currently, the biggest challenge and mission is how the technology landscape is evolving. It's evolving at a fast pace. You're constantly reading through news and articles and looking at the latest, greatest stuff that's available. 

You've always got your staff asking you questions. “Can we use those? Can we use that?” Putting all of that together and trying to make something that is friendly and simple for the user. Can they get their job done efficiently? I think that's been the most significant thing right now. 

Aaron: Well, I've been here for seven years. When I started, we were doing a lot of our work on paper. There was such a burden of paperwork, and moving that over into a digital environment built a considerable change. 

Now that we've got things moved over into a digital environment, we see many of these efficiencies starting to happen and having people get their job done in a much more effective way without having to do all the paperwork. That's been a significant change.

Aaron: Right. I see a lot of information come across, whether in Becker's Hospital Review or through podcasts. That's helpful for following those leads every single day.

Aaron: Oh, well, it's drastically changed it. 

If you look at the trends as far as breaches or the types of hacks that have been happening over this last year, it's really boiling down to training your staff. 

Lots of staff training and on password security, clicking links, and so many of these attacks are mainly caused by email phishing. 

Especially when you're reading about the people that have gone through a HIPAA crisis, it’s almost always caused by some type of email phishing attack.

So coming up with the right solutions to help block some of that and train staff on what to look for when it comes to their inbox. That's been a big, big thing for this year.

Aaron: It’s huge. Sometimes you need to ask yourself, “Why is the CEO contacting me in the first place? They are the CEO. This doesn't relate to my job function at all.” Some common sense things can help you out there.

Aaron: Pre-COVID, we have many things in place, that we're there if we ever had an emergency scenario, like if a tornado hit, or there was an earthquake. How would we be able to have people working remotely and being able to get their job done? So, it wasn't changing the IP stack. It was more of expanding what we already had available to us. 

Of course, it has come with its own set of issues regarding training and getting people up to par on using this type of technology. Now that we have done that, we went through a point where we were looking to make a pivot.

We realized that some of our off-site locations are no longer necessary in the middle of doing that. That's another expanding the way we use our current IT stack.

Aaron: I don't know. Any other way to say it other than themselves? Your human nature.

Aaron: Yeah, human error. We talked a second about email phishing attacks; I could throw that into human error. I can't blame it all on people. 

But when it comes down to making your password, something simple as that, many people will refer to a date or some type of information that they have already publicly put out on social media. 

I would suggest people use a phrase. For instance, not necessarily your favorite actor’s name or something. I would throw a phrase out there because they're very long and challenging to crack. It's not something I could search on Facebook and find out about you and uses your password.

Aaron: That comes by creating something simple. If your users have to go through a 28 step process to do their job, that's not simple, right? There's a lot of room for user error there. Creating something straightforward and easy to use is always going to be the best solution.

Aaron: As far as trends go, some would go back into email security. 

Also, I would be looking at the supply chain exploitations rising. We recently had one of those in the news last week. That's something that people need to be aware of. Start taking note, looking at their system, in your IT stack; you may have many software components. Those software components are needed to be updated regularly. 

Well, if you have a lot of software components, you have a lot of updates coming in. So there's a bigger area for your supply chain attack to occur. If you can eliminate some of that stuff, reduce your size, have a smaller footprint, it's a lot easier to manage that way.

Aaron: I'm thinking it's going to be stricter. When we look at the types of things that have happened over the last three to five years, I see room for improvement when it comes to writing the rules and regulations. Unfortunately, that means they're going to get stricter. I don't see anything like depreciating and disappearing. I see more stuff being added.

Aaron: One of the things I like to do is listen to this podcast.

Aaron: I get a lot of good information from this podcast. Every time I get online, I see news related to what I'm searching for. I like to click on that news and read it. Of course, if it's from a trusted source. I am I will not go to the National Enquirer for my information on this. I do like the HIPAA Journal and Becker's Hospital Review. 

Aaron: I'm really big into analog photography. On the weekends, we'll load up large format cameras and will go out and do nature photography. Landscape photography usually involves a grueling hike. 

Aaron: We do. We've got a lot of amazing hiking trails. All of the Ozarks regions have a lot of excellent developed hiking trails.

Aaron: Excellent.