There is a distinction between data protection and data privacy, and building service contractors (BSCs) need to know it in these trying times. Data protection is about securing data against threats such as theft or destruction. By contrast, data privacy focuses on guarding against unauthorized third-party access and use.
Data privacy is especially important because, in order for individuals to be willing to engage with your business in any online manner, they have to trust that their personal data will be handled with care. Organizations use data protection practices to demonstrate to their clients that they can be trusted with their personal data. BSCs should be no different, according to 4M Building Solutions’ IT pro Keith Schroeder.
How important has it become for BSCs to keep their data safe? “It is more important than ever!” Schroeder states. “As our company and industry grows, the amount of data created by our team members and SAAS vendors increases exponentially. Between that level of data being generated and its transportation to and from the cloud, it leaves everything more exposed than ever.”
To this end, Schroeder urges the deployment of multi-factor authentication (or MFA) “for all profiles on your environment and monthly penetration testing.” More immediately, he urges BSCs need to “implement the best endpoints you can afford, make sure all profiles are MFA enabled, [and be] in contact with your vendors ensuring that your connections to them are encrypted and hardened. Most, if not all, our data is being held in the cloud [Microsoft] or with our accounting SAAS.”
Schroeder speaks with the voice of experience. He has worked for 4M Building Solutions for the past 15 years. The first nine of those years, he spent as the company’s network administrator. The remaining five-plus years, he has been its IT director. For three of those latter five-plus years, he ran the IT Department by himself.
So, was there some advice regarding data privacy that was given to him at some point in his career that has really stuck? Schroeder was quick to reply, stating, “Implement yearly penetration/intrusion testing by an independent third party vendor.” Training and equipping employees to recognize cybersecurity risks and threats has also been a must. To this end, he recommends bi-yearly cybersecurity training.
In terms of cyber threats specific to our industry that BSCs should be aware of, Schroeder singled out phishing e-mails that specifically target the interests and/or concerns of someone working in building maintenance. “For example, ones that mention sales of PPE, chemicals used in our field, cleaning equipment, etc.,” he said.
Finally, we have the benefit of interviewing Schroeder here in the first quarter of a new year. So, the question was put to him: “Is he generally optimistic, pessimistic, or mixed about the rest of 2022 year with regards to data privacy matters and why?” His answer: “I would say I am mixed. I have done tons of things here at 4M in the last several years to protect our environment. Those things include hardened, state of the art, Cisco Meraki firewalls/switches, implementing MFA to all our 4M employee profiles, bi-yearly cybersecurity training, yearly phish testing and monthly pen tests.”
Such actions have proven necessary considering 4M Building Solutions ranks as one of the largest janitorial-related service suppliers in the Midwest and Southeast regions of the United States. The privately owned company has been serving clients since 1978. Today, its operations span more than a dozen states with offices in such markets as Indianapolis, Miami, Nashville, and San Antonio, with a corporate headquarters in St. Louis.
As a result, vigilance is perhaps Schroeder’s most pressing duty and responsibility. He concluded, “Unfortunately, as we all know, the hackers are usually ahead of the curve when it comes to circumventing everything you put in place. It is an ever-evolving battle to stay current on the latest attacks that are being perpetrated on that environment. In some cases, even after every bit of the training you give everyone, it only takes one person with a decent level of access to click on a malicious link to turn it into a bad day.”