March 25, 2022 • 5 mins
Gary Bockelman, Chief Operating Officer of Wood + Lamping LLP, joins us to discuss the most impactful tool he's implemented internally to improve cybersecurity awareness across his workforce.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Hello and welcome to this week's episode of cyber snacks where we serve up cybersecurity tips that are short,
simple,
actionable and reasonable.
I'm pleased to have as my guest this week.
Gary,
Bachman Garry serves as the chief operating officer of wooden lamping,
a law firm out of Cincinnati Ohio,
(00:21):
I've known Gary for years so.
Gary.
Thanks for joining me.
Great to be with you,
David.
The question I typically ask is what's the number one thing that people should be doing to improve their cybersecurity?
I'm gonna ask you a slightly different question.
Wouldn't lamping is like many small and mid sized businesses in that you've got significant cybersecurity risks but you don't have an unlimited budget to put in every control under the sun.
(00:53):
From what you've seen in your experience of all the things that you could have done or that you have chosen to do,
what is the most important improvement that you've made to increase wooden lamb pings,
data privacy and cybersecurity.
(01:16):
Well,
I would say David obviously it's uh really critical to have the best tools that you possibly can on the system as as you mentioned within the available budget.
So we have upgraded everything from our virus protection to our intrusion protection and detection,
a lot of those sort of things.
(01:37):
But I honestly believe that the biggest potential security risk is your users.
I think it's really critical that you make sure your users understand the risks that are associated with not having a good security posture.
It starts at the top.
I focused really hard on the partners in the beginning who we have a great mix of partners who are some are young and tech savvy and others are not quite as tech savvy.
(02:06):
You might say they would get complaints from attorneys who might be in the same kind of vein that you know,
why do we have to do this stuff.
But so I think it's really critical and I was able to convince the partners,
the owners that the risks that are there of,
of not having and more importantly,
not following good policies and procedures about,
you know,
not not clicking on things without thinking about it and not downloading anything that comes across your,
(02:31):
your email.
Then the next step was to make sure that the users understand those risks and frankly,
I took an approach of,
I hate to call it scare them.
But to be honest,
I really focused on a lot of the,
you know,
the horrible situations that have occurred to people who,
who didn't pay attention and uh,
(02:51):
and you know,
I don't think before they click,
I related it to both,
not only here at work and the impact at work,
but if they do these things at home,
they put themselves at risk financially and otherwise.
So,
so at that point I was able to really convince them why the policies exist that it's to protect,
not just the firms,
(03:11):
but to protect them as well.
So from all the various means available to assist in training your employees and to make them more aware of the risks,
Have you found any that are particularly effective?
Yes,
we use no before I found it to be very effective.
It's kind of funny because as time has gone on,
(03:33):
my users have gotten to the point where they'll,
they'll still call and say,
hey,
I don't think this is right,
but a lot of them have indicated that they can now sort of tell the ones that are,
you know,
served up from us as a test and we do test regularly from the ones that aren't and I detect a real difference in tone when they think they've received something that isn't,
(03:56):
you know,
a kind of a,
a candle offering,
which makes me kind of proud to,
to really realize that they are paying attention and some of my worst violators in the beginning,
it turned out to be some of the,
the most zealous among the,
the group,
the know before platform.
It has a number of different toolsets in it.
(04:18):
Are you sticking strictly to the fishing testing or have you explored any of the other items thus far?
Just the fishing,
we,
we installed the fish alert option on there and that's been utilized pretty heavily.
Additionally,
we,
we have the second chance alert that comes up anytime somebody is going to go to a website,
(04:38):
give them the chance to think about it again that they feel it's comfortable and secure.
Got a lot of complaints about that in the beginning and so it's just one more click.
But then when they find that they think about it and,
and,
and don't click on something,
it,
it lands,
it registers well with them,
which is,
which is really good.
We have had some training on this missing and,
(04:59):
and some of the other,
you know,
techniques,
but frankly fishing is the one that impacts us.
I think more than anything,
you and pretty much every other business that's out there these days.
So you would definitely say fishing testing very positive impact with very little cost.
Right?
Absolutely.
(05:19):
It's,
it's a really,
really reasonable investment.
Gary.
Thanks again for joining.
I really value your opinion and I hope you have a great week.
I appreciate it.
David,
thanks for the opportunity and look forward to talking with you again soon.
Thanks Kerry.
Bye.
Everyone.
Hello and welcome to this week's episode of cyber snacks where we serve up cybersecurity tips that are short,
simple,
actionable and reasonable.
I'm pleased to have as my guest this week.
Gary,
Bachman Garry serves as the chief operating officer of wooden lamping,
a law firm out of Cincinnati Ohio,
(00:21):
I've known Gary for years so.
Gary.
Thanks for joining me.
Great to be with you,
David.
The question I typically ask is what's the number one thing that people should be doing to improve their cybersecurity?
I'm gonna ask you a slightly different question.
Wouldn't lamping is like many small and mid sized businesses in that you've got significant cybersecurity risks but you don't have an unlimited budget to put in every control under the sun.
(00:53):
From what you've seen in your experience of all the things that you could have done or that you have chosen to do,
what is the most important improvement that you've made to increase wooden lamb pings,
data privacy and cybersecurity.
(01:16):
Well,
I would say David obviously it's uh really critical to have the best tools that you possibly can on the system as as you mentioned within the available budget.
So we have upgraded everything from our virus protection to our intrusion protection and detection,
a lot of those sort of things.
(01:37):
But I honestly believe that the biggest potential security risk is your users.
I think it's really critical that you make sure your users understand the risks that are associated with not having a good security posture.
It starts at the top.
I focused really hard on the partners in the beginning who we have a great mix of partners who are some are young and tech savvy and others are not quite as tech savvy.
(02:06):
You might say they would get complaints from attorneys who might be in the same kind of vein that you know,
why do we have to do this stuff.
But so I think it's really critical and I was able to convince the partners,
the owners that the risks that are there of,
of not having and more importantly,
not following good policies and procedures about,
you know,
not not clicking on things without thinking about it and not downloading anything that comes across your,
(02:31):
your email.
Then the next step was to make sure that the users understand those risks and frankly,
I took an approach of,
I hate to call it scare them.
But to be honest,
I really focused on a lot of the,
you know,
the horrible situations that have occurred to people who,
who didn't pay attention and uh,
(02:51):
and you know,
I don't think before they click,
I related it to both,
not only here at work and the impact at work,
but if they do these things at home,
they put themselves at risk financially and otherwise.
So,
so at that point I was able to really convince them why the policies exist that it's to protect,
not just the firms,
(03:11):
but to protect them as well.
So from all the various means available to assist in training your employees and to make them more aware of the risks,
Have you found any that are particularly effective?
Yes,
we use no before I found it to be very effective.
It's kind of funny because as time has gone on,
(03:33):
my users have gotten to the point where they'll,
they'll still call and say,
hey,
I don't think this is right,
but a lot of them have indicated that they can now sort of tell the ones that are,
you know,
served up from us as a test and we do test regularly from the ones that aren't and I detect a real difference in tone when they think they've received something that isn't,
(03:56):
you know,
a kind of a,
a candle offering,
which makes me kind of proud to,
to really realize that they are paying attention and some of my worst violators in the beginning,
it turned out to be some of the,
the most zealous among the,
the group,
the know before platform.
It has a number of different toolsets in it.
(04:18):
Are you sticking strictly to the fishing testing or have you explored any of the other items thus far?
Just the fishing,
we,
we installed the fish alert option on there and that's been utilized pretty heavily.
Additionally,
we,
we have the second chance alert that comes up anytime somebody is going to go to a website,
(04:38):
give them the chance to think about it again that they feel it's comfortable and secure.
Got a lot of complaints about that in the beginning and so it's just one more click.
But then when they find that they think about it and,
and,
and don't click on something,
it,
it lands,
it registers well with them,
which is,
which is really good.
We have had some training on this missing and,
(04:59):
and some of the other,
you know,
techniques,
but frankly fishing is the one that impacts us.
I think more than anything,
you and pretty much every other business that's out there these days.
So you would definitely say fishing testing very positive impact with very little cost.
Right?
Absolutely.
(05:19):
It's,
it's a really,
really reasonable investment.
Gary.
Thanks again for joining.
I really value your opinion and I hope you have a great week.
I appreciate it.
David,
thanks for the opportunity and look forward to talking with you again soon.
Thanks Kerry.
Bye.
Everyone.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Special Summer Offer: Exclusively on Apple Podcasts, try our Dateline Premium subscription completely free for one month! With Dateline Premium, you get every episode ad-free plus exclusive bonus content.