An Interview With Calvin Engen, CTO and Investor of F12.net
In late January, we spoke with Chief Technology Officer (CTO) and Investor of F12.net (F12) Calvin Engen, about the importance of cyber security for small and medium-sized enterprises (SMEs). Calvin started with F12 in 2006 operating in several technical positions before becoming CTO in 2019. Starting as one man’s hobby in 1992, F12 has since grown into a leader in the Canadian information technology (IT) industry. Formally known as System Systems Inc. the company rebranded itself to F12 Networks in 2011 and has continued to grow through strategic partnerships and acquisitions. Today, F12 supports 18,000 end-users and employs 250 individuals from 9 locations in British Columbia, Alberta, and Ontario.
In this article, Calvin discusses F12, the evolution of cyber security threats, the role of the government and employees, the biggest threats facing businesses today, and how to ensure your organization is secure.
Background
We began our interview with Calvin by discussing his career and experience at F12. Engen, with noticeable positivity and excitement, started to share his story. “I am the Chief Technology Officer at F12 and I have been with the company for just over 15 years now. I started my career with F12 when I was 21 years old as an entry-level technician. From there I moved through the organization in various technical positions and have operated as the CTO since November 2019.
“Funnily enough I was first introduced to F12 in school when I completed my work experience with them in 1996 and 1998. In fact, in 1998 I used funds from my college scholarship to buy the computer from our organization.”
Engen springing forward a decade said, “I later invested in F12 and became a partner in 2011 which leads me to where I am today.”
Who is F12?
Next, we asked Engen to discuss the work of F12 in the information technology (IT) industry as well as cyber security. “From a 10,000-foot view, F12 has been dedicated to serving small and medium-sized enterprises in the Canadian market. As a highly underserved market with no governing body, the IT industry is ruled by best practices. For this reason, I’ve made it my personal mission to create a standardized approach to protecting and securing our clients.”
Engen expanding on F12’s unique approach, started to discuss how they protect their clients. “From 30 computing users up to 400, we become their trusted IT provider or partner. Our business provides a cohesive subscription model that allows us to operate as the IT department for our SME clients. Our job includes providing IT help desk support, project and consulting services, private and public cloud, and everything in between.”
Two Main Offerings
After finishing his overview of the company, Engen discussed the services F12 offers. “We really go to market with two different offerings. One, where we can drive everything our clients need through F12 Infinite on a subscription-based model. An example I often use is phone service providers. As the customer you only need to choose the phone and who your service provider will be. The provider you choose has all the cellular infrastructure and network in place so you can simply use your device. F12 Infinite is very similar. We have all the servers, backend infrastructure, firewalls, and security in place that allows you to focus on what you do best and that’s running your business.”
Moving to the second offering, Engen explained, “this is one of the things I’m very passionate about. We strive to give enhanced awareness to our clients around what it takes to be secure in a global marketplace. As soon as your website is live you’re global, even if you still sell widgets locally. The challenge then becomes how do you keep yourself secure? Often we find that business owners think it won’t happen to them. The reality is that nobody is targeting them specifically. Instead, they are casting a wide net to see what they can pull in. Small to medium-sized businesses ultimately become a big target because they haven’t invested sufficiently in security. This is where F12 Secure comes into play. We offer a robust product offering to protect SMEs through technology, security awareness training, multi-factor authentication, backups, and advanced protection.
“Through these two programs we really seek to empower the business and IT leaders that we serve.”
The Evolution of Cyber Security Attacks
Engen, reflecting on nearly 16 years of experience, described how cyber security attacks have changed. “It’s amazing when I think back to a decade ago this wasn’t as pervasive or prevalent like it is today. I can barely go a day now without hearing another story of a compromise out in the world. Often the ones you hear are high profile which is scary because you wonder about the ones not being discussed. In comparison, there was hardly anything a decade ago. Rarely were there targeted attacks and certainly no ransomware. Now it’s incredibly disruptive. It holds financial and reputational repercussions for businesses. What’s interesting is there are really two sides to this. First, are the hackers casting wide nets trying to capture as much data as possible. Second, are the state-backed actors with a tremendous amount of resources that target-specific infrastructure. Those are the ones that really concern me.”
The Role of Government In Cyber Security
Next, we asked Engen what role he felt governments play in cyber security. Speaking directly to state-backed threats Engen explained, “we really need more governance, more protection, and it needs to be mandated. We can’t continue to stand by and only use best practices. This is something that requires the support of our own nation. In fact, just recently the Canadian government has pushed out a Cyber Secure Canada initiative. This program is designed to help SMEs begin to implement adequate controls to cover security basics. At F12, we are proud to be one of the first service providers to obtain this certification. We are really looking forward to seeing the federal government start to market this in a more meaningful way and ultimately bring greater awareness to SMEs.”
Biggest Cyber Security Threat to SMEs
So what are the biggest threat SMEs need to be aware of in 2022? Engen with confidence said, “the first thing they need to be aware of is phishing as it is one of the most prevalent attacks today. As a result, training your employees on how to recognize when an email seems too good to be true or looks off is very important. The other component that is an absolute must is having multi-factor authentication. Even if they were to scrub your password there needs to be something else that is in place to protect you and stop them in their tracks. The last item is to ensure your data is backed up and protected against ransomware. Having a disconnected cloud-based backup really is a must for businesses to protect themselves.”
After probing further on the topic Engen explained, “it’s not the way Hollywood likes to portray it. Typically we think of someone in their basement with a hoodie on madly hacking on their computer. It’s not like that at all. A much more common tactic is to visit LinkedIn for example to identify someone who started a new job and target them through what we call ‘spearfishing’. That person will then receive an email from their ‘CEO’ or ‘CFO’ saying ‘hey, can you buy 10 gift cards? I’m in a meeting right now and I need it done urgently.’ In an attempt to do good by the company they will often go through with it costing themselves or their company thousands of dollars if not more.”
The Role of Employees in Cyber Security
Considering the role employees play in protecting their company, Engen said, “we need to make sure our ‘people firewalls’ are trained to identify threats. No matter how much technology you layer, if someone is a ‘clicker’ they pose a great risk to the business. As an organization, it is important to identify those people so they can be trained properly. It’s equally important to establish clear business controls and a number of checks and balances to protect your company as well.”
How To Protect Your Business?
So how can you protect your small to medium-sized business from cyber security threats? After thoughtful consideration, Engen said, “number one is having a trusted provider who is regularly measuring your risk. At F12 we provide our clients with a security assessment. This informs them of what their risk is, what it means for their business, and how they should move forward. Part of this is asking the question of ‘do you know the people in your organization that are the most risky?’ But, more importantly ‘what have you done about it?’ As with any security awareness program, it is not enough to just train your people. You also need to regularly test them. By doing this you identify individuals who are prone to clicking and can then begin the process of retraining.
“The second aspect is ensuring the right controls are in place to protect your business. As an IT provider, we conduct annual third-party security audits to validate our controls through SOC 2 Type 2 certification & the Cyber Secure Canada initiative. We also conduct a red team exercise where we hire a team to try and attack us externally and internally. By doing this we are able to test our team and our technology to ensure both are able to identify and properly manage active threats.
“In summary, it comes down to the people, the process and the technology.”
What About Startups On A Small Budget?
For startups looking for cost-effective solutions Engen said, “multi-factor authentication, security awareness training, and backups are fairly low-cost actions you can take. In addition to this, it’s vital in your first year of operations to protect the “crown jewels” of the organization. It could be your customer lists, intellectual property (IP), personally identifiable information, and so on. It’s important to dedicate time to understanding what it would take to secure that a little over and above everything else. Once you’ve identified the most important aspect of your business you can start asking yourself how you can protect it.”
What To Do If You Suspect A Security Breach
Despite implementing the best protections, what should you do if you think your company has been hacked? Engen said, “in these types of situations, the time between reporting and action is very limited. As a result, shortening the response time is vital. If you start to see strange messages on your system and they’re encrypting you need to turn off your machine immediately and report it to IT. That being said before you get a breach make sure you have an incident response plan. It should outline the steps you need to take, who you should contact, which internal and external stakeholders need to be notified, and for companies in the public light how to notify the media.”
How To Connect With F12.net?
As we concluded our time with Engen, we asked where people could find more information and connect with F12. Engen said, “you can visit our website at F12.net for more information on who we are as well as the services we offer. You can also follow us on LinkedIn and Twitter, like us on Facebook, and subscribe to our YouTube channel. In a final statement Engen said, “if you are looking for a partner who can help you navigate this journey and be a trusted advisor as you build your business, I think that can be us.”
Want to Stay Connected?
Vertical Motion Inc. is a Calgary & Kelowna-based business supporting the needs of entrepreneurs and business owners since 2006. Our team of expert business specialists, project managers, front and back-end developers, marketers, graphic designers, and professional advisors support the needs of both B2B and B2C businesses in all industries including Blockchain, Cryptocurrency, Clean Technology, Augmented and Virtual Reality (AR/VR), Sports and Recreation, Real Estate, and Health Care. We specialize in creating custom Web, iPhone, Android, and Windows solutions for businesses of all sizes including startups, small businesses, not-for-profit organizations, and large corporations. Ready to take your idea to new heights? Drop us a line
Not quite ready yet? Sign up for our monthly newsletter for relevant business articles, Vertical Motion blogs, and our business Q & A. Have no fear we are spam clear! 🚀
Written By Tyler Mikitka, communications officer on the bridge at Vertical Motion.