Interview Conducted by Roberta Hess of Princeton Marketing
IT at TRA: Working Better, Working Smarter, Working Securely
In an exclusive interview, Mark Ruhland, Director of IT and Security at The Retirement Advantage, Inc. (TRA), discusses how his team works to constantly improve TRA’s client service capabilities while protecting against cyber threats. He also shares his top tips for anyone concerned about cybersecurity at home and at work.
When did you decide to join TRA, and why?
I joined TRA in January 2012. It was a great opportunity to join a growing company in a leadership role, which I’m very grateful for. Positions like this, with such a successful company and great people, are hard to come by in IT.
Before joining TRA, I’d been with Faith Technologies, an electrical engineering firm. I started there as a help desk technician in 1999 — just in time for Y2K! — and was promoted to system administrator and later shifted to a Network Systems Engineer role in their external consulting division, and eventually to a managerial role. This experience of “growing up” professionally gave me an invaluable perspective on what it takes to run a team of IT and Security professionals at TRA.
Can you give us an overview of how IT is organized at TRA?
Although we’re organized into functional subteams — such as our operational team that handles “anything with a button” and our development team for custom code and automation projects — our overriding philosophy is “one team, one goal.” No matter what, we’ve got to work together to ensure success and our team excels at this.
How was the team able to pull together and accomplish the shift to remote work during the pandemic?
Fortunately, at TRA we’d been working on perfecting IT for our existing remote workforce for many years and we had an established business continuity plan, so we were well prepared. When the pandemic hit in March 2020 and 100% of staff became remote, we had a strong foundation that we could build on. Our Director of HR, Annie DeHaven, did a great job staying on top of the various regulations and mandates, as well as employee communications, while keeping our safety top of mind.
Those years of perfecting remote work really paid off during the pandemic. The remote transition was seamless for our clients: when they called us, when they emailed us, we were there and answering. Also important was our ability to do this securely, which not everyone out there considers when they’re thrown into situations like this. We leverage two-factor authentication across the board, and everything’s encrypted at TRA.
For some time, TRA has been emphasizing the importance of cybersecurity. What cybersecurity best practices have you instituted at TRA?
It’s all about multiple layers to identify and prevent threats from becoming breaches. There is no perfect solution, one layer could miss a zero-day threat, but there’s a good chance one of the next layers will catch it. It certainly helps that we have an incredible team that stays on top of the threat landscape and keeps our systems patched and configured appropriately.
Two-factor authentication, our mail security system, cybersecurity training and testing, encryption, and VPNs are some specific best practices we follow. But it’s more than just following best practices: it’s a shift to always keep security top of mind that I’m proud to say has taken hold across our organization.
Looking ahead, how do you see IT and Security evolving at TRA over the next three — five years?
We’re all about continuous improvement: We made it work, now let’s make it better! That means that we’ve got to free up as much of our time as possible to work on whatever the next big project is and structure our efforts so that maintenance can take care of itself. We want to give our clients an “easy to do business with” experience without compromising security.
We’re going to get more automated, for sure. It’s key to helping us serve our clients even better than we are today while keeping our pricing competitive. Our IT Development team is going to continue to grow and lead this charge.
Of course, when it comes to the future, cybersecurity is a wild card. We never know (and never will know) what new vulnerabilities we’ll have to protect against. Our team already does a fantastic job, and we all know that we must remain hyper-vigilant.
What best cybersecurity practices do you recommend for all of us, whether at work or at home?
There are three simple things we all can do to protect ourselves, our families, and our organizations.
First, don’t re-use passwords across multiple websites — and use a password manager and let it generate long, complex, random passwords for you.
Second, use two-factor authentication whenever it’s offered. It gives you an extra layer of security for online accounts beyond just a username and password, which too often are compromised and sold among cybercriminal groups. If you don’t like the hassle of using two-factor, then you really won’t like the hassle of having your identity stolen.
Finally, don’t be so trusting! It’s tempting to just click on links in emails or websites. But before you click on any link, hover your mouse over it to reveal the domain name (the part that ends in .com, .net, .gov, etc.) and ask yourself: does this look genuine?
For example, it may look like your favorite store is emailing you a great offer, but when you hover over the link provided, you may find that the DNS name isn’t quite the same as that of the store, with a clever misspelling or added words, etc. For example, amazon.com and amazom.com may look very similar but they are not the same — and cybercriminals will often use tactics like this to make their links look more legitimate.
It’s also a great idea to share these best practices with your families. You’re never too young or old to start good habits.
Unfortunately, cyber thieves spend a lot of time and energy coming up with more creative ways to lure people in. It’s up to all of us to do what we can to make sure they don’t succeed.