In recent years, data security has been a topic on most everyone’s minds. Major companies such as Yahoo, eBay, Equifax, and Uber have reported that data breaches within the last 5 years. With cyber crimes on the rise among people and businesses, how can we protect ourselves from harm.
Today, Bart McDonough will help answer that question. Founder of Agio, a hybrid managed IT and cybersecurity services provider specializing in the financial services, health care and payments industries. Bart has deep institutional investment knowledge, with more than 20 years of experience working in cybersecurity, business development and IT management within the hedge fund industry. Bart currently sits on the board of two cybersecurity firms, TwoSense.AI and Magnus Cloud, and has just launched his debut book, Cyber Smart: Five Habits to Protect Your Family, Money, and Identity from Cyber Criminals.
1) Welcome to StartUp Mindset, Bart. We’re excited to have you here. For the readers who are not familiar with you, could you tell us a little about yourself and your background?
Sure thing, I’m a 20-plus-year veteran of the cybersecurity space, as well as Chief Executive Officer of Agio, a managed IT and cybersecurity service provider I founded in 2010. We help financial services, healthcare and payments industry organizations manage their cybersecurity and data management strategies.
In that time, I’ve had the good fortune of working with professionals at major financial institutions including Citigroup; Goldman Sachs; JP Morgan; and Bank of America, as well as speaking at the FBI’s International Conference on Cybersecurity and my alma mater, the University of Oklahoma. I also currently sit on the boards of two other cybersecurity firms, TwoSense.AI and Magnus Cloud.
As of January 7, and probably the main reason I’m speaking with you now, I am also the author of Cyber Smart: Five Habits to Protect Your Family, Money and Identity from Cyber Criminals.
2) You have recently published an interesting book entitled Cyber Smart. Could you tell us a little more about the book and why you decided to write it?
Cyber Smart is a non-fiction guide that describes the cybersecurity threat landscape in-depth, explaining to readers how the general public can better secure their devices and digital lives.
After founding Agio and seeing how many professionals would approach me with questions about cybersecurity in their personal lives, I realized there was extensive white space to help inform general consumers unaware of the digital dangers they face on a daily basis. While most cybersecurity books use fear-based conditioning and focus on corporate protection, very few out there teach individuals how to protect their homes and personal online experiences. Cyber Smart is that book for consumers of all ages.
The book came to fruition against a backdrop of whirlwind technological advances that brought forth more risks. It became my intention to write a book that both educates and encourages people to embrace technology for its benefits while keeping private information secure. Much like we care for ourselves, it’s essential that we all practice proper “cyber hygiene” when using websites, software, and devices.
3) In your book, you presented some statistics from Verizon’s 2017 Data Breach Investigations Report that said 43 percent of all data breaches used social media attacks. That seems like a high percentage to me. Why do you think attackers have been so successful using social media?
Social media is prime hunting grounds for bad actors because of its ever-growing user base, heavy consumption, and the significant incentive presented to users in exchange for disclosing their personal information. With more than three billion users actively on social media, these platforms have become prime attack vectors for stealing a victim’s identity.
In tandem with high consumer usage, the progression of data science now allows bad actors to collect, interpret and exploits massive amounts of data faster than ever before. As a result, hackers can now weaponize data science to send out personalized attacks at great scale. In fact, social media data is typically used for what we call “social engineering” attacks, where bad actors utilize information gleaned from social profiles to gain access to convince people to share access to their sensitive data.
4) What is the number one tip you would give to one of our readers who wants to take their cybersecurity seriously?
First and foremost, stay calm and don’t be afraid to educate yourself on the possible risks that technology can pose. Remember, hackers exploit emotional states to trick their victims. The secret to practicing cybersecurity with a clear mind lies in what I call “Brilliance in the Basics”— five crucial cybersecurity habits I highly recommend all consumers and credit card users perform regularly.
At a time when 45% of individuals still don’t change their password after discovering a hacked account, these five simple cyber-hygiene principles will significantly reduce the likelihood of cyberattacks:
1. Update Your Devices
2. Enable Two-Factor Authentication
3. Use a Password Manager
4. Install and Update Antivirus Software
5. Back Up Your Data
The ultimate tip is don’t be afraid to educate yourself on the possible risks that technology can pose. Cybersecurity is one of the most important, and most disregarded, aspects of our daily responsibilities. Armed with proper knowledge, we can work collectively to prevent bad actors exploiting consumers’ digital domains.
(Click to view the book on Amazon)
5) Many people feel like they are safe from cyber-attacks because they have antivirus installed on their devices. Could you tell us more about why that isn’t enough?
Personal cybersecurity is a multilayered approach. You wouldn’t keep your car doors unlocked in the city just because you see a security camera. So, it also makes sense that you wouldn’t just rely on antivirus to carry out core cyber-hygiene practices needed to remain safe against cyber-attacks either.
Antivirus and firewalls can only do so much. They’re part of the security equation, largely a reactive approach detecting threats only when the antivirus company’s virus signature database is current, however they don’t provide protections against “legit” emails from compromised counterparties, such as lawyers, vendors, brokers and bankers. It takes individual awareness and implementation of proper cyber-hygiene practices to defend oneself holistically.
Another risk factor is unintentionally using outdated antivirus software to protect your personal information, website access, money, and computer files 24/7. Not having up-to-date antivirus solutions is like coming home to criminals looting your personal items and finding the guard dog asleep. One must ensure automatic updates are applied so they can receive the latest virus definitions to detect new and evolving viruses.
6) Many business owners are passive about cybersecurity and assume that attackers will target individuals and not businesses. Could you tell us your thoughts on this?
Cyberattack targets come in all shapes and sizes, from individuals, businesses, to national infrastructure and government agencies. While individuals may present an easier cyber-attack target for bad actors than companies with employees dedicated to monitoring and defending their cybersecurity, these businesses present a compelling case for a hacking, largely due to their higher potential payloads.
Look no further than the WannaCry ransomware outbreak in May 2017, which used the leakage of powerful U.S. NSA cyber weapons to spread devastating ransomware incapacitating hospital systems, businesses, and individuals’ computers worldwide. WannaCry isn’t an isolated incident either, forty-one percent of companies have more than 1,000 sensitive files including credit card numbers and health records left unprotected, according to Varonis, while 31 percent of organizations have experienced cyber-attacks on operational technology infrastructure, per Cisco.
Like it or not, businesses are ripe targets for stealing payment card information, carrying out phishing attacks, coordinating distributed denial-of-service (DDoS) attacks and launching email account compromise ploys to intercept wire transfers. For U.S. businesses, the price of disaster recovery, turnover of customers, and diminished reputation resulting from cyber-attacks averages $4.13 million per company. (Ponemon Institute’s 2017 Cost of Data Breach Study)
7) Another assumption that some business owners have is that the responsibility for protecting their businesses online should be on the company who is hosting their website, not with them as the owner. Why do you think that is an incorrect assumption?
Businesses should always take a proactive approach to protecting their businesses online, not just for monitoring and controlling their online reputation, but for growing one’s business. Even the best customer service in the world cannot rectify a brand’s reputation once damaged. Look no further than the first week after the Equifax breach when the company lost four billion dollars in stock market value.
A company’s employees are often the root cause of business cyber issues, regardless of its technological prowess as an organization. Cybersecurity isn’t just an issue for IT and every single employee can affect a company’s level of security depending on what they do — or don’t do — as they carry out their day-to-day responsibilities. As such, it’s critical that companies train their workforces to identify threats such as phishing emails, spam, and potential ransomware.
A proactive approach to online protection is also important to lowering one’s liability risk. Even if one finds themselves on the wrong end of a breach, covering up the leak or concealing the extent of the damage will only make you look worse in any potential investigation where website users feel they have a right to protect and defend themselves. Companies should place protections on their own website that protect visitors, including getting HTTPS enabled, keep plugins up to date and removing any that are expired.
Finally, it’s vital that one takes time to review your company’s broader online presence and make adjustments to secure its reputation online. Social media monitoring and searching for mentions of one’s business on major search engines will help see what information is being presented- positively or negatively – to customers, prospects and stakeholders. Verifying your business’s social media profile shows other people your account is original, while mitigating any damage that may arise out of fake profiles created in the company’s name. In addition, if any fake account on a social media platform should try to damage a company’s reputation by making false claims, the company must be ready to let stakeholders and customers know about such spurious profile-impersonation, answer any questions and handle “damage control” in a positive way.