Steve Levinson – Online Business Systems

He might be one of the more quotable tech bosses.

“Cybersecurity is like alcohol,” Steve Levinson says. “You need it in good times and bad.”

Vice president and chief information security officer for Winnipeg-headquartered Online Business Systems, he strives to ensure the company’s vast corporate clientele won’t be driven to drink over data breaches or from the cost of hiring their own CISO.

While that position becomes more and more essential in the wake of much-publicized hacks, a CISO’s salary and ancillary expenses will likely set a company back over $200,000 annually. Yet, as Levinson emphasizes, a company can’t afford not to ascertain the security of sensitive information. So how about outsourcing that responsibility?

“If you frame it the right way, security can be a huge asset and huge competitive advantage because customers are far more likely to give their business to a company that values the importance of security,” Levinson tells Toggle in April. He’s been working remotely from his San Diego home since joining the company in 2012. “If you build into what you’re doing, it gives you leverage.”

Assisting on two fronts

Online Business Systems is a consultancy for both digital transformation and cybersecurity. On the latter end, it’ll determine a client’s needs and by performing risk assessments, amid an ongoing arms race of sorts between the so-called white and black hats of the cyberworld.

“A lot of what we do is point clients in the right direction,” says Levinson, most definitely a white hat. He remotely oversees a team of 70 in the United States and Canada, with the company soon expanding to Europe. “Everyone on our team has worked with hundreds of clients over the years, and we’re effective in sharing and customizing our service.”

The practice has been recently focusing on the healthcare sector—Levinson explaining that healthcare facilities and other providers have been latecomers to cybersecurity, but that’s changing.

A healthcare provider’s databank can be a virtual goldmine to a hacker, he goes on to say, and nearly 600 breaches were reported last year—a 55 percent increase from 2019. COVID-19 has also had more providers using telehealth which, unless duly secured, opens another portal for hackers.

“Maybe the pandemic has caused companies to recognize what’s at risk, but a lot of gaps still need addressing,” Levinson says. “It’s a question of ‘when,’ not ‘if,’ a company will be targeted.”

PCI also at risk

Among the more prevalent targets has been the burgeoning payment cards industry. The major card brands—American Express, Discover Financial Services, Japan Credit Bureau, MasterCard and Visa—all share interest in fighting fraud, forming the Payment Card Industry Security Standards Council in 2006.

Online Business Systems isn’t alone in protecting this industry. One of the tools they rely on is provided by one of their partners, Total Compliance Tracking, which sums up the sentiments of clientele in three concise words: Managing compliance sucks!

Levinson phrases it differently, lauding TCT for its risk-assessment expertise and keeping pace with the evolving compliance rules and regulations of so many jurisdictions. “They’re helping provide efficiency from one year to the next,” he says. “They know how to move the pieces and parts and how to facilitate workflows as we QA our own work.”

The TCT partnership has also aided Levinson’s efforts since the pandemic upset his routine of frequent travel to Online Business System’s seven locations throughout North America. He had been a regular visitor to the headquarters in Manitoba’s capital city, even taking an interest in its National Hockey League team, the Jets. But for over a year, he’s mainly interacted with his far-flung team via monthly Microsoft Teams meetings, lots of phone calls and Slack discussions, hammering out a colorful team status report each Sunday.

“At least Southern California’s a good place to be stranded,” the self-proclaimed 59-year-old surfer dude says with a good-natured laugh. “Much warmer than The Peg and with an ocean.”

There’s also tandem biking and live music to enjoy (now that the industry is reopening!) with his long-time wife.

Wired from the start

Originally a New Yorker, Levinson has been in Southern California much of his professional life. Graduating from the Georgia Institute of Technology with a degree in industrial engineering in 1984, he earned an MBA from Emory University seven years later. He’s worked for multiple tech-oriented companies, his prior position being a PCI subject matter expert at AT&T Consulting from 2009 to 2012—a role that prepped him well for Online Business Systems.

As a bonus to his current employer, Levinson says many of his consulting clients, as well as many of his peers, followed him to Online Business Systems, which now serves about 350 companies. Recent stories, such as Colonial Pipeline paying around a $5 million ransom, will only help steer more clients his way.

“We good guys have to be right 100 percent of the time,” he muses. “But the hackers, if they score just once in a million attempts, they’re successful. Cybersecurity has got to be seen as a combination of investment, differentiating factor, and insurance policy.”