Robert Phelps: Cybersecurity, People, Responsibility, Test | Work 20XX Ep52

Robert Phelps: Cybersecurity, People, Responsibility, Test | Work 20XX podcast with Jeff Frick Ep52 from Running Remote 2025 Austin  
English Transcript 
© Copyright 2025 Menlo Creek Media, llc. 

Cold Open 
OK
And we will go
In three two one

‍Jeff Frick:
‍Hey welcome back everybody. Jeff Frick here. Coming to you from Austin, Texas. That's right, Work 20XX is on the road at Running Remote. And we're excited to be down here and talk to really a lot of the leaders in not only remote working but these are business lessons that can be applied whether you're fully remote, distributed, hybrid, back in the office or anything in between. So we're excited to have our next guest. He is Robert Phelps, the President of Creative IT. Robert, great to see you.

Robert Phelps:
Thanks for having me. I appreciate it.

Jeff Frick:
Absolutely. So for folks that aren't familiar with Creative IT give us kind of the quick overview.

Robert Phelps:
Yeah. Well, I guess the elephant in the room is my pants. I figured for a remote first conference 

Jeff Frick:
Wow, you jumped right to the pants. I was gonna let it sit for a minute. 

Robert Phelps:
I don't know if anyone would miss them. 

Jeff Frick:
They will not miss them

Robert Phelps:
We figured for a running remote conference we would dress like we do when we're on Zoom calls.

Jeff Frick:
Okay.

Robert Phelps:
We're just not used to being in person.

Jeff Frick:
Okay. I got it.

Robert Phelps:
Yeah. Okay.

Jeff Frick:
All right. Good. But a little bit about Creative IT

Robert Phelps:
We provide full IT departments to companies that either are too small to have their own internal 

Jeff Frick:
Okay.

Robert Phelps:
or they have internal but they need additional help. That's everything from tech support for your end users, full cybersecurity monitoring, that team, that company's security posture, onboarding, offboarding, shipping machines, getting machines back from those companies.

Jeff Frick:
And did I see that you have a new book that came out recently?

Robert Phelps:
I do, we wrote a book on cybersecurity with a couple of our colleagues and that became the Amazon bestseller day one.

Jeff Frick:
Yeah. Very cool.  ‘Cybersecurity: The Silent Battlefield.’

Robert Phelps:
You got it. 100%. We talk a lot about in that book cybersecurity, how to secure small businesses, remote businesses as well as compliance. A lot of our clients that are fully remote are software-based businesses trying to get their SOC 2 compliance and navigating that as a remote company is incredibly difficult. We help our clients through that as well.

Jeff Frick:
Compliance and governance are often talked about as gates, as brakes, as inhibitors to moving forward. But in fact, they can actually be great enablers and they can be super important to successful business. So how should growing businesses that maybe didn't have to think about it before—it’s kind of a new thing—think about compliance and governance and making sure that they're ticking all the right boxes?

Robert Phelps:
100%. It's daunting. When you look at what's required. If you have a partner that can walk you step by step through what's needed, that's the key to success. But really, I can tell you we've had a handful of clients that once we've helped them, they decided that's the way they're going. Once we've helped them become compliant, some of their competitors actually handed them their business and said we’re not doing this any more.

Jeff Frick:
Is that right? Because they don’t want to invest in the compliance?

Robert Phelps:
It’s too hard. You got it. Yep.

Jeff Frick:
Interesting, ok. Cybersecurity. Giant, scary topic. Deepfakes, AI. There's so many things coming at them. I don't even know. Where do you begin with cybersecurity? What are some of the big holes? What are some of the obvious things that people should take care of in a smaller business or a small organization? Because it's one thing, you know, if you're renting out space on AWS, I've got all AWS’s security team kind of helping me out. But as a small business I don't necessarily have that. So how should people approach it? How do you kind of rank order and prioritize all the many things you got to do in security?

Robert Phelps:
Well, two things. It's kind of funny, what you said about, you know, we're in Google, we're in Microsoft, we're in AWS, so we're secure. That's a big fallacy that a lot of clients have when they come to us. There's something called a shared services model. When you sign that agreement, you probably don't read all the pages. But in there is what's called a shared services model. And that basically will lay out that you are still responsible for a portion of security and that is how you access that data. While they may be responsible for securing the data center, you're responsible for the data, the data security, and your employee security. One of the biggest things we've seen, the trend, especially with remote, most remote companies don't think, I don't need security. Maybe we're all using personal devices.

We see 15,000 incidents on cloud-based applications that our clients use, like Google Workspace, Microsoft 365, for every one security incident on a physical device or server or network.

Jeff Frick:
Wait, how many to one? 15 to one?

Robert Phelps:
15,000. 15,000 to 1. So we are literally investigating 15,000 incidents per on cloud-based software for every one we're now doing inside. 

Jeff Frick:
That goes back to the "Why do they rob banks?" right?

Robert Phelps:
Because that’s where they keep the money.

Jeff Frick:
Exactly  You got it. Okay.  So that's good. But now I'm getting started. Where are some of my holes? 

Robert Phelps:
The biggest risk is actually people. People are the biggest risk to any organization. When we see cyber incidents, majority of them are because someone did something, they clicked on something. They thought they got a legitimate email and it was not legitimate. That's the biggest risk is those types of incidents, those types of security events. So training people, getting them on the right path, but then having someone monitor all of their activity.

Jeff Frick:
Right, right.

Robert Phelps:
And if something malicious happens—we onboarded a client recently, the owner's account had been accessed, being accessed from someone in the country of Georgia for three months. They had no idea. They had no idea.

Jeff Frick:
You know, RSA is happening this week as well up at Moscone. And I remember at a keynote a couple of years ago, it was a lady from Cisco [Wendy Nather, RSAC 2020] talked about the whole internet is about clicking. Everything on the internet is clicking. And of course, that's what you're not supposed to do for cybersecurity, right? Don't click anything. But everything is clicking. So how does that all, you know, how does that work?

And then as the deepfakes get better, as the sophistication and the spelling and the grammar and the contextual relevance on these hacking emails and other things gets better, what do you see? What's going to happen?

Robert Phelps:
Yeah. Educating users is one thing, but we have a proprietary tool that—what that does is monitors a user's account for everything they do. And then if they do something that isn’t right, alerts our team and we can lock that account down and investigate it. So you can do something where you don't allow your employees to click anything—that's foolproof—or you can do what we do for our clients. We have someone in the middle, and some intelligence in the middle, that when they do something that’s incorrect, you stop it immediately. You catch it.

Jeff Frick:
Catch it before it goes out?

Robert Phelps:
Catch it immediately. Yup.

Jeff Frick:
It’s so, you know, I tell everyone, but we're all susceptible, right? Just don't click anything.

Robert Phelps:
Anything. Don’t do your job.

Jeff Frick:
If it comes from your bank

Robert Phelps:
Nope. Close your computer.

Jeff Frick:
Unless you sent it.

Robert Phelps:
Don't click anything.

Jeff Frick:
So you're giving a session tomorrow I believe?

Robert Phelps:
Yep.

Jeff Frick:
‘The Hidden Bottlenecks with Remote Teams and Why They Struggle to Scale and How to Fix It.’ So what is the hidden struggle?

Robert Phelps:
There's a handful of them. There are five that we will go over.

Jeff Frick:
Okay.

Robert Phelps:
We'll go over some easy ways to solve those problems and how we solve them for our clients. The biggest bottleneck we see for most of our clients revolves around onboarding. And I can tell you, if you don't get that right, a new employee, when they join your organization, if they don't have access to what they need, if they don't have their computer on day one, they're not thinking, “Man, IT screwed up.” They're thinking, “Did I join the right company?”  Did I make the right decision? And that is not, that erodes trust. And remote work is about trust.

Jeff Frick:
Right. So are most of your clients remote?

Robert Phelps:
Most of our clients are remote or hybrid.

Jeff Frick:
Okay.

Robert Phelps:
And that's been one of the biggest struggles for them—has been how do we make that experience as great as if we had, you know, an office for that employee to come to work?

Jeff Frick:
Right. And then how many of them are hiring international folks versus domestic? Because then there's a whole nother layer of compliance and regulation and everything else that you got to deal with if you're hiring people outside. Even the rules across state lines are different, correct?

Robert Phelps:
Oh yeah, 100%. Yep. So one of the big things for us is a majority of our clients are U.S.-based.

Jeff Frick:
Okay.

Robert Phelps:
But a lot of them hire all over the world. So we have some clients who have people in the UK, in the Philippines, in Pakistan, places of our nature, that we're helping that user get up and running.

Jeff Frick:
Right, right. And do those people usually use some type of service provider to manage the local, I don’t know, you know, Social Security, whatever the equivalency is for those types of things? Is that what you find usually?

Robert Phelps:
An employer of record is what they're usually using.

Jeff Frick:
Okay.

Robert Phelps:
Or that type of service.

Jeff Frick:
Okay. Like a TriNet kind of a thing that we have.

Robert Phelps:
You got it.

Jeff Frick:
Okay. Excellent. Cybersecurity—three things that everyone should do today.

Robert Phelps:
So number one, train employees. Educate them on the risks. Quite frankly, educate them on their responsibility. Most employees think that's an IT problem. That’s a security department problem. The truth is, it's everyone's responsibility.

The second thing is—test that training. Make sure that not only are they taking it, but that they're understanding it.

And then the third thing is—it has to be top down. It's a culture change. Most of our organizations that struggle with security, it’s because the people at the top don't care, and that finds its way all the way down. So it’s got to be a top-down culture shift.

Jeff Frick:
Right. I could say something really bad about platforms, but I’m probably shouldn’t, based on our earlier keynote today. Okay. Well, Robert, thanks for taking a few minutes.

Robert Phelps:
Thank you. I appreciate it.

Jeff Frick:
Where should people go to get the pants? Where did you get them?

Robert Phelps:
Oh, well these pants I found on Amazon.

Jeff Frick:
Okay.

Robert Phelps:
I laughed, I said, it’s probably the person's first sale. They probably, like, had a huge celebration when they finally sold a pair of men's unicorn pink pants.

Jeff Frick:
Hopefully they sent you a picture.

Robert Phelps:
I guess I should send them a picture.

Jeff Frick:
Yes, yes, yes. All right. Well thanks again. Really appreciate it. And best with keeping us safe, because it's a scary, dangerous world out there.

Robert Phelps:
It is. Thank you so much.

Jeff Frick:
All right. He's Robert. I'm Jeff. You're watching Work 20XX. We're coming to you live from Austin at Running Remote. Thanks for watching. Thanks for listening on the podcast. Catch you next time. Take care.

Cold Close
Thank you.
Cool. I think we’re out.
Thank you. That was awesome.

Jeff Frick:
Hey, Jeff Frick here. Big shout out to the podcast audience. Thanks for listening in. You can get show notes and transcripts at Work20XX.com. And that also has links to the videos as well. Appreciate you listening in on the podcast. Do reach out, say hello, like, subscribe, and smash that notification bell. Thanks for listening. Take care. Bye bye.

Robert Phelps: Cybersecurity, People, Responsibility, Test | Work 20XX podcast with Jeff Frick Ep52 from Running Remote 2025 Austin  
English Transcript 
© Copyright 2025 Menlo Creek Media, llc.