Paul Tracey was a pressman in the printing industry when the unthinkable happened: a devastating shoulder injury disabled him from ever working in manual labor again.
After an unsuccessful surgery left him struggling to rehabilitate on workers compensation for five years, he was told the best-case scenario was permanent partial disability.
Forced to find an alternative source of income, Paul pursued his tech obsession he’d developed growing up and went back to college. “I always was fascinated with how computers work and how the code could be manipulated,” he said. “In high school I’d program simple video games into graphing calculators. With the arrival of the internet, my curiosity exploded, so it seemed logical to do what I loved.” After graduating from college in 2009 with his network administration degree, he managed an outsourced IT help desk call center with 300 to 400 employees.
But his education for how technology was REALLY being handled started when he went into IT support for a major hospital. Quickly promoted to an Operation Specialist, he was stunned the first time he saw the ugly side of how big corporations were handling IT security and compliance.
“For the sake of expediency, they would disregard security, regardless of policy,” Paul said. “Fines were paid, and nobody blinked. The huge amount of money being wasted was viewed as a cost of doing business.”
Paul started asking himself: if it’s like this at the enterprise level, what’s happening at the small-business level? “Small businesses can’t afford to disregard security,” Paul said. “If they tried to wing it, they would go out of business. $500,000 for ransomware is a number that can sink a lot of businesses–not to mention the loss of data and production.”
The Disaster That Brought The Message Home
It was inevitable. One day the entire hospital organization was infected with malware brought in by accident on a C-level employee’s personal laptop.
This was the trigger moment for Paul. His mind was screaming, “This should not be happening!” He couldn’t help but think, “What would happen in a smaller organization that doesn’t have the internal resources of this large organization?”
The prospect was terrifying, so he decided to do something about it.
In 2012, Paul founded Innovative Technologies to provide these resources for small and medium-sized businesses in the health field.
“It didn’t seem fair,” Paul said. “Why should a smaller business not have access to the same services that a larger company has available to it? There weren’t a lot of IT people addressing this, so I decided that I would.”
Paul established his business on proactive security response plans. “Companies were approaching security failures completely backward,” Paul said. “They would say, ‘This has happened. Now, what do we do about it?’ But anyone asking that is already behind the eight ball. It shouldn’t be an unplanned response– that’s never the right perspective.”
Today, Paul helps clients develop a security-focused company culture with a planned response that’s ready to go when needed. The plan includes security training with proactive policy and procedures–all done in advance. This considerably lessens mitigation should any ever be required. “Yes, it’s a major undertaking,” Paul said. “It touches every part of your business, but it greatly outweighs going the unplanned route.”
The demand for his services has made Paul the leading Managed Security Services Provider (MSSP) for small to medium-sized healthcare-related businesses in the greater Albany, New York area. Clients range from residential treatment centers to non-profit private schools that fall under the medical umbrella. Offering a full stack of cybersecurity and compliance solutions, he proudly displays the HIPAA Seal of Compliance Verification (the healthcare industry’s third-party HIPAA verification.) His approach of providing fully managed service focused on security and compliance has resulted in tremendous growth with revenue quadrupling over the last three years.
“An Ounce Of Prevention Is Worth A Pound of Cure”
Paul was an “early adopter” in security. At the time he started his business, small and medium-sized businesses were not aware of the security risks they were taking.
Continuing to expose flaws before others recognize them helps divert and prevent cyber events for his clients. This philosophy is also one reason why Innovative Technologies is aptly named–its culture of understanding what’s new to the market and evaluating when those solutions are both proven to work and appropriate to bring to clients.
“I have clients say, ‘To be honest, we thought you were a little bit crazy when you told us your plan, but six months later we’re in an association meeting and all the things you discussed with us are now on the table for all these other organizations,” Paul said.
But being forward-thinking in security does not mean jumping on every bandwagon that passes by. Paul avoids making rash decisions by continuously testing internally to bring the best protection to clients.
“We’re always scanning the market to see what’s out, what’s new, who’s testing what, but we do so with caution,” Paul said. “We’re agile, but we believe in testing and adapting in the right way.”
The right way means plenty of internal evaluation of tools along with knowing ahead of time what the response is going to be for things such as zero-day attacks, (cyberattacks initiated on the very day a software vulnerability is discovered) before a fix is in place. “It’s impossible to stop them,” Paul said, “because it’s not possible to prevent the unknown. But it is possible to have in place everything needed to make this a nonevent for the business, so it’s not crippled for a week or a month.”
Controlling The Two-Headed Cybersecurity Monster
Recognized as a leading expert in cybersecurity, Paul wrote the newly released book Delete the Hackers Playbook. And in a world where more than half (56%) of ransomware victims pay to restore their data (without a guarantee that it will be restored), in the nearly a decade that Innovative Technologies has been in business, no client has ever paid ransomware.
“Throughout COVID we’ve watched medical facilities and schools–literally a half-mile away from ones we support–get hit with ransomware and Zoombombing attacks,” he said. “We took immediate measures, and so far, our clients have been without any negative outcome.”
The pandemic helped businesses become aware of the cyber threats that Paul has been defending against all along which is why more businesses are discovering they need the security planning Paul offers. “It’s a two-headed monster,” Paul said. “First, as more employees began working from home, vulnerabilities showed up that had previously not been recognized and attacks on systems increased. Second, the scope and complexity of cybercrime attacks has increased very steadily over a great number of years. Really, it’s been advancing at the same rate of speed or quicker than the defenses for it.”
Paul also brings security measures to the community and non-profits. For example, Innovative Technologies is a sponsor of the Greenjackets Football Team, the second-oldest semi-pro team in the United States. Based in Glens Falls, New York, Paul was a member of the Greenjackets board and served as Chief Technology Officer (CTO) of the team until 2020.
Profound Honesty – A Two-Way Street Essential To Successful Security
But for companies to defend themselves successfully, it requires one key value, which Paul built his business on…
“Profound honesty at all costs is what it comes down to,” he said. “And it has to go in both directions. The company that’s outsourcing its security must be completely honest about its situation. And the MSSP must be completely honest about the data, what the issues are, and what is required to solve the issues.”
Paul’s company is focused on solutions and people above making the sale. “We don’t avoid the hard conversations surrounding compliance,” Paul said. “The question we hear is: ‘Do we really have to do this?’ A lot of times salespeople for other organizations will make the sale instead of having that difficult conversation.”
In a recent meeting, a prospective client announced he would not follow certain security norms Paul has in place. “For us, that’s a deal-breaker,” Paul said. “I’m not willing to risk their security and all the damage that can do.”
Same with employees. When Paul is interviewing prospective employees, one of the strongest assets he’s looking for, right up there with technical ability, is humility. Can they admit when they don’t know something and be willing to find solutions and different answers?
“We know how extremely hard people work to get their businesses up and running, and it can be stolen from them in a day,” Paul said. “So, we make sure we are covering all of those security layers and that clients know why it’s being done.” As a result, his clients operate with a secure and compliant infrastructure that allows them to be more efficient and more successful. “It’s an overall company culture,” Paul said. “And it’s not a quick fix. It’s a journey, but a journey they recognize the benefits of taking.”
Designed To Lift The Worry Off Client’s Shoulders
Paul’s disability-class injury changed the trajectory of his life and taught him never to live without a plan. Even more important, it made him deeply passionate about protecting small and medium businesses that are vulnerable due to a lack of tech planning. “I never want to be in a horrible position like that again nor do I want anyone else to experience the devastation that can happen when you don’t have a plan.
Cybersecurity and compliance are requirements for every business now. And yet these are not internal processes for small and medium-sized businesses. We want to alleviate this stressor, which is why I intentionally created a company that removes that worry and gives a solution that exceeds these requirements so business owners can focus on their operations and growth.