What industry is your business in and what are the unique security challenges you face in that industry? Are there industry-specific auditing requirements that you have to meet?
I’m not sure what we’d be considered but I always choose “Manufacturing” when asked in forms or online. Smyth does labeling for just about every company under the sun. You’re probably looking at one of our clients’ products right now and don’t even realize it.
Coke, Pepsi, Johnson and Johnson, Proctor and Gamble, Jack Links, Listerine, the list goes on and on and on. Whenever I walk through our warehouses I always find new popular ones that I had no idea we did.
We don’t do the packaging, btw… just the labeling for the packaging. So we get sent over their graphics, our graphics department makes some tweaks, we print off the labels and ship them either back to the client or directly to the packaging company.
Obviously when it comes to their art we have some special requirements. Outside of that, we’re pretty simple. Most of the crazy stuff like POS we offsite to another company so we don’t have to deal with it.
We currently have 9 locations but we’re growing. Only 4 of our locations are actually staffed with anybody IT-flavored. My director works in Green Bay and I work out of our corporate HQ in St Paul, MN.
The majority of my IT career was spent in the financial sector. Had to adhere to a number of government-mandated requirements for data storage and transmission. Audits all the time, FINRA regulations, strict data storage needs, fear of the cloud, etc.
The biggest challenge that was gaining traction when I left was the need to have devices in other countries controlled, and have access to internal data, but not require them to be on VPN full-time or use a controlled desktop like a VDI.
I’m in the same boat as @dimforest, I’m not sure what industry we are considered to be part of. I’m a software developer working on healthcare software, but we also make medical devices. On forms, I put either Healthcare, IT Services, or Software Development, although there is probably something more suitable.
If you’ve been to a hospital or clinic, chances are your doctor/technologist used one of our devices or had your visit documented through one of our software. HIPAA, GDPR, and a plethora of local laws, depending on where software or medical devices are installed, needs to be followed. Some customer also have their own security requirement.
I’m currently working remotely for the Montréal office, but I fled the cold Canadian winters to settle down in Chile with my wife (a native Chilean). I am extremely glad my bosses allowed me to work that remotely
Public library, so could be a government, non-profit or cultural industry.
Currently in Finance. We always have the FDIC sniffin’ up our asses so we follow allllllll of their requirements.
For the last 13 years have been in the Real Estate industry. There was a huge learning curve in IT support. In past companies everyone and every equipment was company owned and controlled. Real estate agents are contracted and supply their own devices for their business. Thank the stars for VLAN and network segregation in keeping these unmanaged devices away from the companies network, systems and devices.
That sounds like a nightmare scenario, with a hodgepodge of devices that you are responsible for securing! Where do you limit what you will fix versus what they have to pay for? Or are they billed directly for their IT costs?
We’re private security; We monitor commercial and residential alarm systems (intrusion or fire) We have some medical too.
I randomly select telecommunications / service provider / or other on forms.
It is a pain. But like most pain, you get used to it. As long as I can keep them off the domain network all is good.
Agents are charged a monthly “office fee” and that fee includes IT support. But there are limits to this support. I will make sure they can access company services, like email, printing and web apps. But I will not perform any type of break-fixes or OS installs.
Now that I have Automox I would like to offer it to them, but prefer to keep it separate from our current one. More like a MSP
We don’t have a multi-site console option yet, but I know that’s in the plan as it’s a big need for MSPs. In the meantime you could probably segregate them to a separate console and just switch between them. Have you talked to our support about setting something like that up?
Do you guys have your own staff that respond to incidents, or do you work with the 911 dispatchers if an alarm goes off and you can’t reach the homeowner? I used to volunteer as a firefighter in a well-to-do neighborhood, and whenever we’d get a “home fire alarm” call we were pretty sure that it was just a false alarm 99% of the time.
We’re third party or wholesale depending on which bit of paperwork you’re looking at. We don’t send our own employees for response, we do dispatch PD/FD/EMS as needed. We do our best to mitigate false alarm activations from resulting in a dispatch, but no system is perfect.
Yeah it’s tough to get the system completely right. Most of the alarms were food left heating on the stove, so it could have become a real fire if the alarm hadn’t caught it.
It happens all the time. False intrusion alarms are the big name in the game, and we prevent dispatch on probably 90% of all the alarms we get over the course of the year. Fire is about 40% are not dispatched on, but that’s because we are required to dispatch first and then try to reach subscribers.
We have several business units but most based around our core competency of high-speed, high-volume manufacturing.
We do have some products that are medical devices and also others that are automotive and need to meet those audit standards.
We’re generally ISO, though.
We’re in Circuit Board Manufacturing. I actually spent my first year here out on the production floor, mainly in Surface Mount, and Test for a little bit.
That’s awesome that you got to do the job first. Gives you great insight into how to best help them from an IT process and tool point of view.
Yeah, that was the idea. Get to know the environment and how the flow of everything worked. It’s been beneficial to have that knowledge on a few occasions. It’s also always helpful to know the people you’re working with, and we have low turnover here so I met close to half our employees that way.
Still a few departments that I don’t really know the people there, but I guess that’s just what happens when you don’t really interact with them.
Consultant to any industry.