November 14, 2024 • 43 mins
Unlock the secrets to a fortress-like cybersecurity strategy as we sit down with Peter Gailey, the powerhouse behind Gailey Solutions, who comes armed with four decades of tech expertise. As your host, I promise that you'll walk away with a clear blueprint for assessing your company's vulnerabilities and implementing a programmatic defense that's easier said than done. We'll dissect the delicate balance between employee access and internal risk, with Peter illuminating the need for a united cybersecurity front across all business departments. Whether you're a startup with lean IT muscle or a conglomerate, this episode is your guide to transforming cybersecurity from a buzzword into a business bastion.
Feel the weight of responsibility lift off your shoulders as we navigate the maze of data backup strategies, understanding the tiers of protection needed to weather any digital storm. I share the sobering reality of data loss consequences and how a structured backup policy can be the difference between a setback and a catastrophe. Through our discourse, Peter and I illustrate that robust backup practices are not just for the IT savvy, but a critical lifeline for every business, regardless of size or industry. This episode isn't just a conversation; it's a masterclass in safeguarding your operations against the unpredictable.
As we peer into the crystal ball at the dawn of artificial intelligence's role in cybersecurity, the potential for both groundbreaking advancements and sobering challenges unfurls. We tackle the tantalizing promise of AI in revolutionizing fields such as cancer research and the daunting task of safeguarding our digital rights against the dark arts of cyber threats. With Peter's deep insights, we lay out a roadmap for preparing incident response plans and policies that keep you one step ahead of the cyber curve. This episode isn't just another tech talk; it's a vital strategy session for anyone serious about shielding their digital fortress in an era where cyber threats are not a matter of if, but when.
A loan brokerage firm that acquires funding for business owners and real estate investors.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
If you need assistance in obtaining funding, email us at podcast@tdjequityfundinginsiders.net. Tell what the scope of funding is needed and the amount. A broker will contact you to discuss your funding needs. And remember, at TDJ Equity Funding, we do not force your funding needs into a lender's box but find a lender's box that fits you!
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Intro (00:13):
Ready to get the inside scoop on equity funding?
Tune in to TDJ Equity FundingInsiders Podcast for an in-depth
look at what it takes to accessfinancial capital and maximize
your investments.
Hear from experiencedprofessionals, including bankers
, underwriters, loan officersand industry experts, as they
(00:36):
share their unfiltered storiesand valuable lessons on securing
funds Curing.
Jacquelyn Jackson (00:45):
Funds.
Welcome to another insightfulepisode of our funding podcast.
Today we're diving deep into acritical intersection of
cybersecurity and business.
With cyber threats on the rise,it's imperative for business
owners to fortify their defensesand be prepared before disaster
strikes.
Joining us for thisenlightening discussion is a
(01:05):
seasoned cybersecurity expertwho will unravel the steps every
business must take to safeguardtheir assets and operations.
So get ready to arm yourselfwith invaluable knowledge that
could save your business frompotential cyber threats.
We want to welcome Peter Gailey.
Gailey is with Gailey Solutionsthat is here in Texas, and we
(01:28):
want to welcome to our show.
So, if you would, we want tothank you.
Can you give us a little bit ofbackground on you to start off?
Peter Gailey (01:35):
with.
First of all, thank you forhaving me.
I appreciate it.
Gailey Solutions.
I'm Peter Gailey.
I've been in the high-techworld for 47 years although I
know I don't look like it 40, 47years and I've I've done many,
many different things uh in theindustry.
I've been in, uh, cybersecurity for about 10 years.
(01:58):
So what I've done is created acompany and what we do is we
help people understandcybersecurity.
We help them build a program,programmatic approach, a program
approach.
So cybersecurity, as we'vetalked, is not that hard to
(02:19):
figure out.
It really isn't.
It's very, very hard toimplement.
It really isn't.
It's very, very hard toimplement.
So, as we are on a journeytogether, it's not a one size
fits all kind of a scenario withcybersecurity.
There's a lot of nuances to itand the company I run, gailey
Solutions, is an advisory firm,a consulting firm, and we help
(02:43):
people understand what therequirements are.
We provide a baselineassessment to help them
understand where they arecurrently, and then we help with
a program approach to help themreduce their risk and, in many
cases, meet compliance mandates.
Certain industries you havecompliance, so that's what we do
.
Okay, that is great, certainindustries.
Jacquelyn Jackson (03:03):
you have compliance so that's what we do.
Peter Gailey (03:04):
Okay, that is great.
Gaily Solutions.
Jacquelyn Jackson (03:05):
Gaily Solutions, so we will give you
information on him, where youguys can reach out and contact
him as well, directly.
But in the meantime, what wewant to do is let's start off
this way, asking a question Canyou give us like, maybe, a
challenging event you may havehad in the field dealing with
cybersecurity?
Peter Gailey (03:24):
Breaches yeah, we've talked to a bunch of
breaches In your introduction.
You talked about before, duringand after.
A lot of people just kind ofignore cyber security and just
deal with the after which wouldbe a ransomware event or a
breach, or you're losing data oryou know, an account that I
(03:45):
have was a healthcare companythat was providing fabulous
services for, let's say,learning challenged kids, and
she had a disgruntled employeethat walked out the door with
her database of all of herclients and then started
emailing the clients right, verydifferent stories and just
(04:09):
nasty, just vindictive, nastythings Right, which hurt her
business.
Number one it hurt her business,so it's reputational damage.
Number two it was HIPAAbreaches, right.
She had personal information.
She walked out with personal,identifiable information of this
company's clients and then wascommunicating with them, so that
(04:31):
breaks every rule in the book.
She called the police, she gotthe police involved.
They'd cease and desist I meanall that stuff.
So it was a mess.
Jacquelyn Jackson (04:42):
So let me ask you this, just based on what
you're saying, just one account,one instance, that's what what
you're saying?
Just one account, one instance,that's what I'm saying With
that one account, one instance.
But if she would have hadcybersecurity in place, that
would be something.
What would have been in placeand what would have happened?
Peter Gailey (04:54):
She could have done some things to lessen her
risk.
A disgruntled employee is oneof the biggest risks that people
have, that companies have, soyou can put things in place.
There's a principle called theprinciple of limited access.
Okay, right.
(05:15):
So what you want to do is toget into some detail.
There are some things you can doto create a profile of an
employee and you don't wanteverybody, as a small or medium
size or large business, youdon't want to have everybody
have access to the checkbook,right, right?
So it's a principle of leastprivileges, is what it's called.
(05:37):
So you set up a profile.
Hey, the person in finance, theexecutive in charge of the
company and finance, they're theonly people that have
privileges to get to thefinancials.
I'll get you.
You don't want to have a dockworker, shipping, receiving, get
access to everybody's HRrecords, right?
(06:14):
So one of the things that shecould have done was set up a
principle of least access, ifyou will, and just it would have
only limited this disgruntledemployee to have the information
of the account of the peoplethat she touched, not everybody.
Not everybody, so a subset ofthe universe, if you will, right
?
So she had privileges for, youknow, five or six different
students and their parents andtheir Social Security numbers
and all that stuff.
So she'd probably be able toget out with that, but not the
(06:38):
hundreds of other students,right?
Jacquelyn Jackson (06:41):
So you're basically saying which is a good
idea with cybersecurity and letme say it because you and I
have just talked before, that'swhat I was going to say.
Let me.
Let me go back, because you andI have talked about so much
stuff that we believe ITtechnology would have taken care
of that, but listening to you,no, no, it wouldn't.
So we need to.
Not only you say you need tomake sense, you want to give
(07:03):
information and give peopleaccess to what they only need to
see.
Privilege, privilege, okay, butwe still need to have.
It's not your IT guy, it's yoursecurity.
What is that?
Peter Gailey (07:13):
No, it's a team.
It's a team.
In that scenario, it would be ateam.
Okay, it would be HR orwhoever's, you know whoever's
going to onboard the person, youshould have an onboarding
process.
Hey, this is what they do, thisis what their job is, this is
what they should be able to seeand this is what they shouldn't
be able to see.
And the IT guy may have toolsor services that he says, okay,
(07:35):
here's how we're going toimplement that, and then here's
how we're going to prove that weimplement that but we need to
have a cyber security officer?
Maybe not Just some awarenessthat you want privilege?
The only people that you wantprivileges to have access to
that data are just those people.
You don't want everybody tohave access.
Jacquelyn Jackson (07:55):
So my thing is, though I'm asking you how do
I need?
Peter Gailey (07:59):
It could be done with no IT.
It could be the leastprivileges.
I'm a small company.
I got 25 people in the company.
I have myself and my treasurer,my controller.
Whatever, we are the only twopeople that have access to that
signature.
You know that in the checkbookwith the ledger boom and it's
locked up in a vault or insomebody's desk.
Jacquelyn Jackson (08:21):
Well, let me ask you this Can you help
somebody like that that needs toset it up they're not, like I
said, 25 people's DMs, a coupleother people Can you help them
develop that right team for thatbusiness?
Yeah, oh, yeah, yeah, andthat's what I'm thinking, that's
important with us.
We think that and I have seenit, I've been in meetings-
before.
Peter Gailey (08:40):
That's common sense.
Who do you want to have accessto the checkbook, right?
The president, ceo, vp offinance, maybe accounts payable,
that's it.
Jacquelyn Jackson (08:47):
So if we just , man, you're saying you can set
that up yourself, just to evenstart with that, and it's got
nothing to do with cybersecurity, gotcha.
Peter Gailey (08:54):
Just that, at least.
Right, it just happens to be inbigger companies.
We use software to implementthis stuff.
Okay, that's right.
So you've got to, as you wouldhave your privileges, the three
people the president, vp offinance and the accounts payable
person.
You would do it digitally,where they could do money
(09:17):
transfers and all that and allthat.
So it's called controls.
Right, you have to control yourenvironment and there are
specific controls for that.
Jacquelyn Jackson (09:25):
And I'm thinking we're going to go a
little deeper, but I did want tomention this when you were
speaking on it.
It made me think about.
I have a client that I know.
Their front desk person kind ofdid everything Because, like
her assistant, she said but youshouldn't have her do everything
.
Peter Gailey (09:41):
Well, it depends.
It depends on the company andthe environment and the
competence of the person.
You know, the smaller thecompany, the more tasks that
everybody has.
Jacquelyn Jackson (09:51):
But we still need to have a plan, though, no
matter how small.
Yeah, I mean.
Well, yeah, you need to havecontrol, control.
Yes, that's not plan, you callit control.
Outro (09:59):
That's right, they need to have control in place.
Jacquelyn Jackson (10:01):
Okay Well, that makes sense, so let me ask
you.
Peter Gailey (10:03):
So, if you're a receptionist, they could be
doing phones, they could bedoing scheduling, they could be
doing buying, they could bedoing payables.
Okay, invoicing right, and itdepends on-.
Jacquelyn Jackson (10:13):
But we still need to have controls with all
of that is what you're sayingyeah, okay.
And the bigger you get.
Like you said, the biggercompanies are starting dealing
with the software type controls.
Right, they're coming in forthe bigger companies.
Is that what you're?
Saying compared to us.
Yeah, yeah, so basically justthe controls we need to have in
place.
Peter Gailey (10:32):
It's all about controls.
Cyber security is all aboutcontrols.
Let me take it a different way.
Jacquelyn Jackson (10:36):
Okay.
Peter Gailey (10:37):
Cyber security.
Oops, sorry, that's fine.
She said don't tap on the tableCybersecurity and security.
You know, physical security isall about people, process,
technology and data.
It's ultimately all about yourdata, your information.
(10:58):
Okay, so you want to havepolicies, procedures, whether
they're written or not you know,hey, these are the only three
people that have access to thegeneral ledger system and the
checkbook.
That's a policy, okay, whetheryou write it down or not, you
should Right Right, because if Iget hit by, if the CEO gets hit
(11:19):
by a truck, that's right.
Jacquelyn Jackson (11:22):
Well then, we all get it right.
Peter Gailey (11:24):
You know, let's keep going right, let's keep the
business going right.
Um so, people in processtechnology, because you're using
software tools and stuff likethat, you're using, you know,
quickbooks and spreadsheets andcrm, crm systems and billing
(11:44):
system.
You know all of those who hasaccess to those.
What level of privileges dothey have?
It's all again.
It's not that hard.
It's common sense, not thathard to figure out, but it's
pretty hard to implement.
And it's all about your data.
It's all about protecting data.
Jacquelyn Jackson (12:01):
Okay, so then let me ask you this so you're
basically what would be youradvice that you would say for
the small business that'slooking to enhance their cyber
security with limited budget.
I think something that you kindof mentioned.
What would you?
Peter Gailey (12:14):
recommend.
There are some things from acyber perspective.
Now, cyber generally meansdigital.
Jacquelyn Jackson (12:22):
Okay, right.
Peter Gailey (12:22):
The stuff you're using hardware, software,
digital programs.
Jacquelyn Jackson (12:26):
Okay, you know data.
Peter Gailey (12:27):
Within those kinds of systems, highest priority is
protect your data.
Okay, so there are ways to dothat.
There are several ways to dothat.
The first thing that I suggestis you take and you execute
what's called and this has beenaround since the 50s, since the
(12:48):
1950s, ibm mainframes did this.
At the beginning it's calledHSM hierarchical storage
management.
You should have a minimum ofthree copies of your data, and
here's why.
So I'm banging I'm not going tohit my fingernails on the table
, but I'm banging away on mysystem and I'm doing emails and
(13:10):
I'm doing spreadsheets and allthat stuff, whether it's on a
notebook, whether I'm in theoffice, whether I'm at home,
whatever.
Okay, I have local data andit's dynamic.
It's changing because I'msending emails and stuff like
that Periodically.
The more, the more frequently,the better.
You want to back that up,because if I leave my notebook
(13:32):
in my car, if I leave it on anairplane, if my kid's using it
and crashes it.
If something happens, oh myRight, right, then I've lost a
whole bunch of stuff and I maynot even know what I lost, right
, right.
So all your files are soperiodically.
Depending on the size of yourbusiness, it's very inexpensive.
(13:52):
It's a very expensive insurancepolicy.
Back up your data.
Jacquelyn Jackson (13:57):
Now, when you say back up, should we back up
like in the cloud storages?
Peter Gailey (14:01):
I'll get to that, okay.
So you should have a minimum ofthree copies, okay, and here
should have a minimum of threecopies, okay.
And here's one.
The one is level one.
Think of a hierarchy.
Okay, level one in a hierarchyof storage management is your
active data that you're bangingon and changing.
Level two is a local copy of abackup.
Think of going to Amazon,buying that five gigabyte add-on
(14:27):
drive for a hundred bucks Okay.
Or five terabyte drive for ahundred bucks right.
Buy two of those, okay.
So you take one and you back upyour systems, so you back up
your notebook, you back up yourservers, whatever.
Okay, that's level two.
And then you take another diskand you back it up again.
(14:50):
So you have two copies of thesame.
You have three copies of thesame disk.
You have the one that you'rebanging on, that you're changing
.
You got a local copy and takethat third copy and do what's
called an air gap.
So you take that third copy andyou take it home.
You put it in a safety depositbox, you put it in a drawer at
grandma's house, you put itsomeplace away, okay.
(15:13):
We have tornadoes, we havefloods, we have buildings that
burn down.
So I'm sitting here in mybusiness and I'm chugging along
and the creek rises, okay, andI'm flooded.
So I've lost my primary data,okay, okay, yes, building burns
(15:36):
down, tornado comes from town.
I've lost, you know, whateverright, I've lost my first level
data.
I can back it up with my secondlevel data because it's local,
because I have it in a closet ora drawer or a locked drawer,
okay.
But if the creek rises and theplace floods out and that second
version gets ruined, which isthere, right, okay, on-prem,
(15:57):
on-premises, you want to havethat third copy, remote but low
probability, my kid's going tobarf on that, on that third copy
.
Or the creek rises or thebuilding, okay, so three levels.
And then you take.
The process is then you takethat.
You know, periodically you backeverything, once a quarter,
(16:19):
once a month, once a week.
Okay, some people, you know, inbig, big enterprises they back
up every day, they back up everyhalf hour because they don't
want to lose the transactions.
You know the billings and stufflike that.
So HSM, so that third layer isreally secure, it's offsite,
it's called air gapped, so it'snot plugged into any network or
(16:39):
anything, right, and you had setup before.
You know a different copy ofthat might be online, it might
be at a storage service, or itmight be at Google, or you're
going to have it at Microsoft in.
Jacquelyn Jackson (16:51):
Azure or Dropbox or something like that.
Peter Gailey (16:53):
Those are all different versions of probably
level two or level three.
Does that make sense?
Yeah, it makes a lot of sense.
Best, easiest, cheapest,fastest thing I can tell you to
protect your business is executedata backup and do it
religiously.
Have a policy that says I'mgoing to do this every so often.
(17:14):
I'm going to do this once amonth.
Have a procedure that sayshere's how I'm going to do it
and then follow it.
Jacquelyn Jackson (17:22):
And then follow it.
Peter Gailey (17:24):
That's the best piece of advice I can give you
to save your business.
And oh, by the way, thank melater.
Jacquelyn Jackson (17:31):
Oh, yeah, definitely.
Peter Gailey (17:33):
You ever had your spouse have a system crash?
They didn't have everythingbacked up.
Outro (17:37):
You want to talk about mayhem.
Peter Gailey (17:39):
Okay, think about that in your business.
Jacquelyn Jackson (17:42):
At TDJ Equity Funding, we understand the
challenges you face, whetheryou're expanding your business,
investing in real estate orlaunching a startup.
We've got your back.
Our expert team of loan brokersis dedicated to helping you
secure the funding you need,hassle-free.
Imagine a future where yourbusiness thrives, where
opportunities are endless andworking capital has made a great
(18:03):
difference in your business.
Tdj equity funding can make ithappen.
Book an appointment with us aseasy as pot.
Just visit our website atwwwtdjequityllcnet and take the
first step towards yourfinancial success.
Don't let your dreams gatherdust on the shelf.
Seize the opportunity today.
(18:24):
Visit wwwTDJEquityLLCnet andschedule your appointment with
TDJ Equity Funding.
Let's turn your dreams intodollars.
Outro (18:37):
Welcome to Frameworks Consortium, your partner for
sustainable business success.
Frameworks Consortium is yourstrategic guide, providing you
with clear, actionable roadmapsto achieve your business goals.
Our team of seasonedstrategists provides expert
guidance, ensuring you makeinformed decisions with clarity
and confidence.
We develop customized solutionsthat align with your unique
(18:58):
business objectives, fosteringgrowth and resilience in an
ever-changing businessenvironment.
Connect with us today andharness the power of strategic
planning for your business.
Jacquelyn Jackson (19:08):
You said cybersecurity is digital.
Think of digital.
It's more of a think of it asdigital, I mean that's-.
Peter Gailey (19:14):
Well, there's physical security stuff, too,
that you have to do Lock thedoors and windows, right, right,
but this is a way that you'relocking the doors and windows in
the digital world, right?
Jacquelyn Jackson (19:23):
Right, and that's what it is.
And so many times we start abusiness and don't even think
like that that we need to lockit, you know from that point.
That's why I think it's soimportant for you to be on the
show and also I want toemphasize to our listeners that
you know Peter is available.
You know his company isavailable.
His company is available, soyou all can reach out to him.
Like I said on our website,definitely you can go and
connect with him and let him goover what he has, that he can
(19:46):
help you, because the big thingis not knowing what all you do.
Now.
With that said, I do want toask about the bigger companies.
How do they deal with theirsecurity?
But I also want to ask we hadsome questions that were
submitted what is some of thebest practice for securing
remote work environments andprotecting sensitive data?
Peter Gailey (20:08):
Okay, same thing.
Number one you know, back upyour data, Okay, Okay.
So when you say bigger company,that is a subjective term.
Jacquelyn Jackson (20:17):
Okay.
Peter Gailey (20:17):
Okay, so you, Jackie, have got how many
employees whatever, and some ofthem you're working out of their
houses.
Some of those, are remoteworkers.
Okay.
So how critical is that data?
The HSM strategy is the samewhether you're a one-person shop
or a 350,000-person shop.
It's the exact same.
(20:40):
Again, ibm kicked that right outin the right out of the chute
in the fifties in the mainframebusiness and it's been executed
religiously ever since.
Okay, that's, that's the bigone.
The other thing is there's a umuh, software tool that's called
and we all have it right, it'scalled multi-factor
authentication.
(21:01):
Okay, so let's say, on youriPhone or on your Android you
have set up multi-factorauthentication and it'll ask you
do you want to secure yourphone?
And it says okay.
The way to do that is wheneveryou go to log into an
application or some data thatapplication will send you know,
(21:25):
let's sign in again, or let mesend you a five digit code, okay
.
So I know you're going to askme that, but it's, it's what you
know.
It's it's it's it's what's inthis, what's in the system.
So if you pull something up andit comes right up, it's it's,
it's what's in this, what's inthe system.
So if you pull something up andit comes right up, it's like
(21:45):
what you know, you know what youcan get to.
The second layer is they askyou something that's not that
obvious, that you need to know.
Okay, and that might be yourpassword, okay.
And then the third thing isthat third party sending you
back.
Here's a five-digit code, okay.
(22:07):
So, what do you know Right?
What's the system know?
What do you need to know?
So I need to know what myfive-digit password is, and then
the last is that it's going tobe a digital token to do that,
as well To do that right.
Okay, so that's multi-factorauthentication.
(22:28):
So you're at home, you'reworking on your notebook and
stuff like that.
You're tapping into yoursystems and you want to make
sure that it's Jackie that'stapping in instead of your kid
tapping in right Right.
If there's somebody that'shijacked your session on your
notebook, right, they're goingto ask multi.
You know you want to have itset up that there's multi-factor
(22:49):
authentication so that theycan't get in If you can't answer
your password.
You're not getting in.
If they send that five-digitcode to your phone, where you
told them to send it, but that'snot you, so they're sending it
to you on your phone, but notthe person that's fiddling with
your system.
Exactly, Multi-factorauthentication.
Jacquelyn Jackson (23:10):
So we need to do that.
I'm going to say this I knowand I do have questions, but I
have a home health and I have ahospice that actually I told
them we were doing this show andthey were really inquiring
about it because they have didtheirs with a IT.
But they said, you know,knowing it's something else,
they definitely watch.
But so I want to ask thisquestion because they had made a
(23:31):
big thing about it.
So they said that, beyond thetraditional cybersecurity
measures like firewalls,antivirus softwares, this
emerging technology orapproaches, what do you believe
will play a key role inenhancing the cybersecurity
defense in the future?
Peter Gailey (23:49):
Training, training , training is big, one of the
biggest.
You've all heard of ransomattacks and phishing and all
that kind of stuff.
What a ransom attack is issomebody breaking into your
system doing mischief, whateverit is.
They could extort you, ransomyou and say, hey, give me money
(24:11):
to get.
Outro (24:12):
I'm going to encrypt everything.
Peter Gailey (24:13):
You're not going to be able to read it, you're
not going to be able to get toit until and unless you pay me.
I've seen it.
That's the ransoming you Okay.
So if you have an HSM strategy,you don't care, because you
wipe your systems, you reloadyour data, you're off to the
races.
Thank you very much.
If you don't, then you arevulnerable, and when you're
(24:36):
vulnerable you might have to paythat ransom.
Jacquelyn Jackson (24:39):
Right or not Right.
Peter Gailey (24:41):
So ransomware is still very, very big.
Jacquelyn Jackson (24:44):
That's happening around here and it's
about it's grown.
Peter Gailey (24:46):
I just read something yesterday that it grew
75.
It's really bad, but it grew 75.
The number of incidents grew75% last year.
Intro (24:57):
Wow Big time.
Peter Gailey (24:58):
Okay, it's not going away.
It's not going away.
Jacquelyn Jackson (25:00):
The bad guys are winning Big time.
Peter Gailey (25:01):
Okay, it's not going away.
Jacquelyn Jackson (25:02):
It's not going away.
The bad guys are winning, Iknow, and that's understandable.
Peter Gailey (25:04):
Whenever somebody pays that ransom, that's funding
the bad guys.
Jacquelyn Jackson (25:08):
People paying the ransom yeah.
Peter Gailey (25:12):
Well, some people that don't have a cybersecurity
strategy have no choice.
Jacquelyn Jackson (25:15):
Yeah, because they got it.
Peter Gailey (25:16):
Oh man, so you do the simple HSM that's a building
block.
Wow, boom, man.
So you do the simple HSM that'sa building block.
Wow, boom.
Okay, so we talked about this.
You ever see the story aboutthe professor that goes in and
he's got a big beaker and heputs a bunch of big rocks.
Is that full?
Jacquelyn Jackson (25:34):
And the students say yes, no, no, no.
Peter Gailey (25:36):
He puts a bunch of you know, smaller rocks in,
gives it a shake.
Is that full?
Yeah?
Brings in pebbles shakes, it Isthat full, and then they're
like, okay, and then sand Okay,and then water Okay.
So you're building.
(25:56):
So if you don't have the bigrocks down in cybersecurity,
you're done.
So there's like 10 things to dothat you have to do in order to
just do baseline and that HSMprotecting your data is.
Jacquelyn Jackson (26:11):
And that's what is protecting your data.
Peter Gailey (26:14):
Put controls in place, data backup, backup
everything that identity accessmanagement that we talked about.
Training have people understand.
When somebody's trying to, youknow, spoof them Right Right.
And there's different trainingprograms very inexpensive, some
free.
Jacquelyn Jackson (26:32):
Okay, and that's what I want to talk to
you about.
The training, because that'swhat they ask too.
So what topics of methods doyou recommend that's effective
for employee training programs?
Peter Gailey (26:41):
There's all kinds of training out there.
There's all kinds of paid for,you know, free and training
programs.
So for small businesses, Iwould go on.
I'd go online and do a Googlesearch right in your Google
search bar.
Free cybersecurity training.
Jacquelyn Jackson (26:56):
Wow, that's not even free, we just need it.
Peter Gailey (26:59):
You just need to do it.
Jacquelyn Jackson (27:01):
Oh, my goodness.
Peter Gailey (27:03):
And so you put a.
We haven't really talked aboutthis yet, but I'm all about
programmatic approaches.
Jacquelyn Jackson (27:10):
Okay.
Peter Gailey (27:11):
Let's set up a program.
So the list of questions thatwe have here are all one-off
one-off.
You said firewall.
Right you know, training, hsm,you know those are all projects.
Okay, so when you're talkingcybersecurity, I call it
whack-a-mole.
(27:31):
Don't do whack-a-mole and justdo project, project, project,
helter-skelter, just whateverright.
Have a programmed program, puta program together and say here
are the 500 things that I got todo, and here's the big rocks.
And then here's the littlerocks.
Each one of those is a project.
(27:52):
Each one of those is a project.
So let's put together what weneed to do, what's cheap, what's
fast, how quickly should we getto it and how much return am I
going to get on that effort?
Okay, you got to do the bigrocks first period If you're
going to be serious aboutcybersecurity.
(28:13):
And then after that, then youstart doing the little rocks,
and each one of those is aproject.
Multi-factor authenticationidentity access management.
Right, these are all the other.
You know, those are kind of thesecondary second big.
You know big rocks, but youknow more the, not the huge
rocks, but those are things thatyou should definitely be
(28:35):
concerned with.
So one of the things I do,frankly, is I'll go into a
company and we'll do a baselineassessment and I can tell you, I
can literally tell you how andthis is for everybody, this is a
giveaway, okay.
Okay, I can tell you how matureyour cybersecurity program is
(28:59):
by asking you one question, Onequestion, jackie show me an
inventory of all of your assets,all your hardware, all your
systems, all your software thatyou're using and your network
access.
(29:19):
Show me, hand me an inventory ofyour assets, okay.
And if you say, right, I can'tdo that, then we go back to you
have physical security, lockingthe doors and windows and the
cybersecurity stuff.
If you don't even know you havea window Right, then you are
not secure at all.
Jacquelyn Jackson (29:39):
I love how you start that.
Let's start with the doors andthe windows.
I can just do that.
We can work it off.
Peter Gailey (29:43):
Lock the doors and windows.
Those are the big rocks.
You're right, okay, and then,if you can't even tell me that
you, oh yeah, I did give anotebook to that contract guy.
I never got it back, right,right, and I did give somebody
access to my, I just movedsomebody my email list.
No, I just moved somebody from.
(30:04):
They were in accounts payableand I just moved them to
marketing, but they still haveaccess to all the accounts
payable stuff.
No, no, no, no, no, no, no.
Different profile Right Getinto HR and say change them from
A to B.
Give them only privileges thatthey need in that B.
Jacquelyn Jackson (30:25):
Right, that is great Doors and windows,
doors and windows.
Exactly, and that's like now.
Before we end, I want to ask sothat's the one.
Peter Gailey (30:33):
I'm going to quiz you at the end of the show and
ask you what's the one Doors andwindows.
Doors and windows.
What's the one question so?
I can tell you how mature youare Right.
Jacquelyn Jackson (30:42):
Right, okay, this is what I want to do Now.
I know we talk a lot, so we'vetalked about this, but this is
something I didn't tell youwe're going to ask, but since we
did talk about it, I think it'ssafe to ask.
Let's talk about the future,yeah, of cybersecurity, and this
may be a big question, but Ithink you can kind of work it
down a little yeah, maybe, okay,yeah, ai, yeah, how do you feel
(31:05):
how AI and cybersecurity,what's your opinion of that.
Peter Gailey (31:09):
Okay, everybody has heard the term AI, or if you
haven't, you're living under arock.
Ai is what's called artificialintelligence.
Ai is what's called artificialintelligence.
So what is happening in theworld of programming is there's
been a new development that'scalled a large language model.
(31:31):
Okay, so I've got a story, andyou might have to circle me back
because I'll go down a red holein this, but I was working on a
deal at.
I don't want to say who theywere.
Jacquelyn Jackson (31:48):
But you was working on a deal.
Peter Gailey (31:48):
Very, very, very, very, very, very, very large
medical research entity.
Jacquelyn Jackson (31:57):
Okay.
Peter Gailey (31:57):
In Houston that was working on cancer research.
That should narrow it downpretty well, yeah, okay.
In Houston that was working oncancer research, that should
narrow it down pretty well, yeah, okay.
And they were trying to figureout, okay, how do we secure the
intellectual property of when wecure a form of cancer, when we
come up with a protocol and curemelanoma or something that's
(32:23):
going to be a gazillion dollarbusiness.
It's going to be very, veryprofitable for somebody.
So how do we secure the digitalrights and make sure that the
people that found this cure getcredit for it, okay, okay, and
receive the rewards financialand accreditations and that kind
of stuff the rewards, financialand accreditations and that
kind of stuff.
So it was a mess.
(32:45):
So one of the things that theydid was the IBM.
This is a lot.
This is like 10 years ago.
Ibm came out with a mega, big,big, big computer called Watson
Okay, kind of a mainframe size,big, big machine.
Watson.
It wasn't a mainframe, it wasits own architecture.
And they said, okay, so myoncologist at this place in
(33:08):
Houston, they can only absorb somuch data.
So I can only read.
As an oncologist, I have mypractice and I can only read
like 100 white papers a year.
Maybe you know to keep educatedin what's happening and stuff.
But what IBM did was they builtthis Watson enterprise where
(33:30):
they had a bunch of them pluggedtogether and they took every
white paper that has ever beenpublished and they put it into a
database and it's allsearchable and all that stuff.
So it is a central repositoryof knowledge for cancer research
.
So what worked, what didn't,hypotheses that did work, that
didn't, can we learn from thisand relative and all that kind
(33:52):
of stuff?
So artificial intelligence now,with that large language model,
has the ability to query thathuge pool of knowledge light
years faster than that oneoncologist that can only read a
(34:12):
hundred papers.
Jacquelyn Jackson (34:13):
Right, okay, so that's the upside.
Peter Gailey (34:17):
That's one of the upsides, and there was a guy
named Alvin Toffler that wrote abook in the seventies called
the third, or called the thirdwave.
Outro (34:27):
The first wave was.
Peter Gailey (34:28):
It's a book that I highly recommend everybody read
.
It's a book.
The first wave was theagricultural revolution.
That took about 3,000 years.
Jacquelyn Jackson (34:35):
Okay.
Peter Gailey (34:36):
Planting, you know agriculture.
The second wave was theindustrial revolution.
Okay, looms, and you knowknitting and you know spooling
and making threads and all thatstuff.
And you know, started to buildyou, to build machines for mass
production and stuff like that.
Jacquelyn Jackson (34:56):
The.
Peter Gailey (34:57):
Industrial Revolution.
The third revolution was theComputing Revolution or the Data
Revolution.
I'm sorry.
The Industrial Revolution isabout 300 years.
The Data and the ComputingRevolution?
We're still in the middle of it.
It's about 75 years old.
Maybe, arguably 100 years old.
(35:20):
The next wave, that's AlvinToffler the third wave.
The next wave is artificialintelligence and we are right on
the cusp of and we are right onthe cusp of a huge evolution
and revolution in thought and inpractice.
And my prediction, absolutely,the fourth wave is the
(35:43):
artificial intelligence world.
And it's going to affect everyperson on the planet.
It's going to affect everyindustry on the planet every job
on the planet.
We are right on the cusp of amajor, major set of developments
.
It's going to change everything, literally.
In the cybersecurity world.
It's going to be used for good,and it's also going to be used
(36:09):
for bad.
So let me give you an examplethat I talked about a little
earlier today.
I don't want to go dark, I don'twant to go negative, but these
they're called tools andservices.
They are so powerful that theycan be used for misbehavior, and
there are instances that someof these major, major breaches
(36:34):
that we've seen that haveaffected institutions and
governments, and we talked alittle bit about deep fakes.
You know where they'reimpersonating people, kind of
thing.
Outro (36:46):
That's all here.
Peter Gailey (36:47):
And it's all now, and it's all driven by
artificial intelligence.
Most of it's driven byartificial intelligence.
So it's a very scary frontier,so you can have four or five
people that knit together someof these tools and let it loose
in the wild.
Yikes, I don't want to go darkor negative on this, but
everybody should be aware.
(37:08):
So what do you do to protectyourself?
That's what I was going to say,nate, from a cybersecurity
perspective Come on, call you.
Protect your data.
Jacquelyn Jackson (37:20):
Protect your data.
That's right.
I'm sorry.
Lock the doors.
Close the windows, doors andwindows, that's correct Policies
procedures.
Peter Gailey (37:29):
Disaster incident response.
What the heck do I do?
Get in front of it.
Get in front of it.
Jacquelyn Jackson (37:35):
Right.
Get in front of it.
That is so true.
And somebody said.
Peter Gailey (37:38):
You know it's not if it's when, and that's an
overused term, but it's true.
So you have one of the bigrocks in the scenario is called
an incident response plan.
Get in front of it, Just spenda half a day and just say what
the heck, If this happened, whatthe hell would we do?
(38:00):
Exactly?
Okay, and you take all yourexecutives you want to have your
marketing person there becausethey're going to be
communicating with the press.
Jacquelyn Jackson (38:09):
So our management needs to be involved.
That's your team.
It's a team.
You're right, it's a team.
You're right, it's a team.
Peter Gailey (38:13):
People process technology.
The technology is that air gapCopy.
The process is that technologyperson taking that air gap,
killing all the you know,flushing all the systems out,
rebooting them, reloading them.
Here we're going to do it withthat old data, but it's better
(38:35):
than nothing.
That's people and process andtechnology.
So it's all about peopleprocess technology.
That's a long-winded answer butagain, that's what's coming and
it's all automated.
It's scary what's coming andit's all automated.
It's scary what's happening.
Jacquelyn Jackson (38:55):
And, like you're saying, we're just going
to have to get in front of it.
Peter Gailey (38:59):
Just get in front of it, yeah.
Jacquelyn Jackson (39:00):
That's basically what that is and I
like the suggestion that yougave us.
Like I said, YouTube.
They go on and try to find thatto start off, and then, if you
see you didn't pick up a littleknowledge, I'm going to
recommend I know he made it, butI am that you reach out to
Peter, because I'd rather you besafe than sorry and I think
it's a lot of things happeningso much with us being business
(39:20):
owners.
Our heads are down and we'reworking in our business and
we're working on our business,but for some reason,
cybersecurity is pushed to theside.
Peter Gailey (39:29):
You know what I call it.
You're going to love this andagain, I don't mean to be a jerk
, I call it adult supervision.
This is you need.
This stuff is so.
It's not hard to understand,but it's hard to implement.
Okay, so I can tell you abouteach one of these whack-a-mole
(39:50):
projects and items and stuffthat you need to do and there
are hundreds.
Okay, so just bring in somebodylike me or a virtual chief
information security officer andyou know we do contracts on an
hourly basis, so you don't needto hire us.
Just bring us in as aconsultant it's called a virtual
(40:10):
CISO.
Okay, a couple thousand bucks amonth or something, and
whatever level of effort youneed.
So if I go in there and youcan't give me an inventory, you
need help, that's right.
Okay, and I'm going to say hereare the big rocks, here's what
you need to do and I can helpyou do it, or you can do it
yourself, I don't care, you justneed to do it, do it right, I
(40:32):
think that's awesome, I reallyam.
Jacquelyn Jackson (40:35):
I think it's not as well.
Let's say it is, it ain'texpensive.
If you think because let metell you something you think
paying something to get it done.
Peter Gailey (40:42):
Try not to pay nothing to get done, and your
business should?
The numbers change every year?
The last number I heard was 60%of small business small
medium-sized businesses are putout of business after a hack in
the first year.
First year you're out ofbusiness, and that, to me, is
just chilling and it'spreventable, exactly, and we
(41:06):
just hadn't.
Jacquelyn Jackson (41:06):
So that's why we're trying to bring it to the
attention, because I think it'snot us purposely trying not to,
it's just having been broughtto the forefront as business
owners.
Hey, add this along with yourCPA and your attorney.
Your lawyer and that's what.
Peter Gailey (41:18):
I'm saying your bank officer and your
cybersecurity when is thatAbsolutely right.
That's just another advisorthat you should bring in and if
you're, you know, depending onthe size of the companies in
this audience, you know,depending on the size of the
companies in this audience, ifyou're big enough that you can
afford that resource inside, itshould be a priority.
Jacquelyn Jackson (41:39):
To do it and you guys can help them with
getting somebody inside trainingand all that as well.
That's what I think would be abig thing for you do a roadmap.
Peter Gailey (41:49):
Remember, you do a baseline and you do your plan
of action and milestones.
Right, and you just go andexecute a programmatic approach
and you know a year down theroad, depending on the size of
your company, what your budgetsare and stuff like that.
Why are we paying this externalguy when we should probably
hire some guy and have him onthe payroll Right, and that's
fine right.
So it's reduce your risk and ifyou have compliance requirements
(42:16):
depending on the industry thatyou're in, then you know what a
VSO will do, or something likeI'll do is come in and put a
program together for you to helpyou.
They help you do that Reducerisk, meet compliance.
Jacquelyn Jackson (42:28):
And that's what we need.
Well, I do appreciate that,because that's definitely what
we need, and I do thank you forcoming first of all, so for
enjoying you, for being here,and we definitely want to have
you to come back on the showsometime later.
Peter Gailey (42:40):
I've enjoyed it.
I hope I didn't just go crazy.
Jacquelyn Jackson (42:43):
You did, you did, so let's talk about our
takeaways.
I want to make sure you guysthat the for my show today was
preparedness is the key.
Business owners must beproactive, preparing for cyber
threats rather than reactiveresponding after an accident
occurred, understanding thethreat landscape and
implementing the robust securitymeasures that's in place.
(43:03):
I hope you guys have gainedsome information.
Again, we thank our guests forbeing with us today and if you
all have any questions, you cango and log on to our website at
tdjequityllcnet.
You all again thank you andtake care.
Intro (43:20):
We hope you enjoyed this episode of TDJ Equity Funding
Insiders Podcast.
If you'd like to be a guest orget in touch with us, please
visit our website attdjequityllcnet.
Forward slash podcast or emailus at podcast at
tdjequityfundinginsidersnet.
Until next time, take care.
Ready to get the inside scoop on equity funding?
Tune in to TDJ Equity FundingInsiders Podcast for an in-depth
look at what it takes to accessfinancial capital and maximize
your investments.
Hear from experiencedprofessionals, including bankers
, underwriters, loan officersand industry experts, as they
(00:36):
share their unfiltered storiesand valuable lessons on securing
funds Curing.
Jacquelyn Jackson (00:45):
Funds.
Welcome to another insightfulepisode of our funding podcast.
Today we're diving deep into acritical intersection of
cybersecurity and business.
With cyber threats on the rise,it's imperative for business
owners to fortify their defensesand be prepared before disaster
strikes.
Joining us for thisenlightening discussion is a
(01:05):
seasoned cybersecurity expertwho will unravel the steps every
business must take to safeguardtheir assets and operations.
So get ready to arm yourselfwith invaluable knowledge that
could save your business frompotential cyber threats.
We want to welcome Peter Gailey.
Gailey is with Gailey Solutionsthat is here in Texas, and we
(01:28):
want to welcome to our show.
So, if you would, we want tothank you.
Can you give us a little bit ofbackground on you to start off?
Peter Gailey (01:35):
with.
First of all, thank you forhaving me.
I appreciate it.
Gailey Solutions.
I'm Peter Gailey.
I've been in the high-techworld for 47 years although I
know I don't look like it 40, 47years and I've I've done many,
many different things uh in theindustry.
I've been in, uh, cybersecurity for about 10 years.
(01:58):
So what I've done is created acompany and what we do is we
help people understandcybersecurity.
We help them build a program,programmatic approach, a program
approach.
So cybersecurity, as we'vetalked, is not that hard to
(02:19):
figure out.
It really isn't.
It's very, very hard toimplement.
It really isn't.
It's very, very hard toimplement.
So, as we are on a journeytogether, it's not a one size
fits all kind of a scenario withcybersecurity.
There's a lot of nuances to itand the company I run, gailey
Solutions, is an advisory firm,a consulting firm, and we help
(02:43):
people understand what therequirements are.
We provide a baselineassessment to help them
understand where they arecurrently, and then we help with
a program approach to help themreduce their risk and, in many
cases, meet compliance mandates.
Certain industries you havecompliance, so that's what we do
.
Okay, that is great, certainindustries.
Jacquelyn Jackson (03:03):
you have compliance so that's what we do.
Peter Gailey (03:04):
Okay, that is great.
Gaily Solutions.
Jacquelyn Jackson (03:05):
Gaily Solutions, so we will give you
information on him, where youguys can reach out and contact
him as well, directly.
But in the meantime, what wewant to do is let's start off
this way, asking a question Canyou give us like, maybe, a
challenging event you may havehad in the field dealing with
cybersecurity?
Peter Gailey (03:24):
Breaches yeah, we've talked to a bunch of
breaches In your introduction.
You talked about before, duringand after.
A lot of people just kind ofignore cyber security and just
deal with the after which wouldbe a ransomware event or a
breach, or you're losing data oryou know, an account that I
(03:45):
have was a healthcare companythat was providing fabulous
services for, let's say,learning challenged kids, and
she had a disgruntled employeethat walked out the door with
her database of all of herclients and then started
emailing the clients right, verydifferent stories and just
(04:09):
nasty, just vindictive, nastythings Right, which hurt her
business.
Number one it hurt her business,so it's reputational damage.
Number two it was HIPAAbreaches, right.
She had personal information.
She walked out with personal,identifiable information of this
company's clients and then wascommunicating with them, so that
(04:31):
breaks every rule in the book.
She called the police, she gotthe police involved.
They'd cease and desist I meanall that stuff.
So it was a mess.
Jacquelyn Jackson (04:42):
So let me ask you this, just based on what
you're saying, just one account,one instance, that's what what
you're saying?
Just one account, one instance,that's what I'm saying With
that one account, one instance.
But if she would have hadcybersecurity in place, that
would be something.
What would have been in placeand what would have happened?
Peter Gailey (04:54):
She could have done some things to lessen her
risk.
A disgruntled employee is oneof the biggest risks that people
have, that companies have, soyou can put things in place.
There's a principle called theprinciple of limited access.
Okay, right.
(05:15):
So what you want to do is toget into some detail.
There are some things you can doto create a profile of an
employee and you don't wanteverybody, as a small or medium
size or large business, youdon't want to have everybody
have access to the checkbook,right, right?
So it's a principle of leastprivileges, is what it's called.
(05:37):
So you set up a profile.
Hey, the person in finance, theexecutive in charge of the
company and finance, they're theonly people that have
privileges to get to thefinancials.
I'll get you.
You don't want to have a dockworker, shipping, receiving, get
access to everybody's HRrecords, right?
(06:14):
So one of the things that shecould have done was set up a
principle of least access, ifyou will, and just it would have
only limited this disgruntledemployee to have the information
of the account of the peoplethat she touched, not everybody.
Not everybody, so a subset ofthe universe, if you will, right
?
So she had privileges for, youknow, five or six different
students and their parents andtheir Social Security numbers
and all that stuff.
So she'd probably be able toget out with that, but not the
(06:38):
hundreds of other students,right?
Jacquelyn Jackson (06:41):
So you're basically saying which is a good
idea with cybersecurity and letme say it because you and I
have just talked before, that'swhat I was going to say.
Let me.
Let me go back, because you andI have talked about so much
stuff that we believe ITtechnology would have taken care
of that, but listening to you,no, no, it wouldn't.
So we need to.
Not only you say you need tomake sense, you want to give
(07:03):
information and give peopleaccess to what they only need to
see.
Privilege, privilege, okay, butwe still need to have.
It's not your IT guy, it's yoursecurity.
What is that?
Peter Gailey (07:13):
No, it's a team.
It's a team.
In that scenario, it would be ateam.
Okay, it would be HR orwhoever's, you know whoever's
going to onboard the person, youshould have an onboarding
process.
Hey, this is what they do, thisis what their job is, this is
what they should be able to seeand this is what they shouldn't
be able to see.
And the IT guy may have toolsor services that he says, okay,
(07:35):
here's how we're going toimplement that, and then here's
how we're going to prove that weimplement that but we need to
have a cyber security officer?
Maybe not Just some awarenessthat you want privilege?
The only people that you wantprivileges to have access to
that data are just those people.
You don't want everybody tohave access.
Jacquelyn Jackson (07:55):
So my thing is, though I'm asking you how do
I need?
Peter Gailey (07:59):
It could be done with no IT.
It could be the leastprivileges.
I'm a small company.
I got 25 people in the company.
I have myself and my treasurer,my controller.
Whatever, we are the only twopeople that have access to that
signature.
You know that in the checkbookwith the ledger boom and it's
locked up in a vault or insomebody's desk.
Jacquelyn Jackson (08:21):
Well, let me ask you this Can you help
somebody like that that needs toset it up they're not, like I
said, 25 people's DMs, a coupleother people Can you help them
develop that right team for thatbusiness?
Yeah, oh, yeah, yeah, andthat's what I'm thinking, that's
important with us.
We think that and I have seenit, I've been in meetings-
before.
Peter Gailey (08:40):
That's common sense.
Who do you want to have accessto the checkbook, right?
The president, ceo, vp offinance, maybe accounts payable,
that's it.
Jacquelyn Jackson (08:47):
So if we just , man, you're saying you can set
that up yourself, just to evenstart with that, and it's got
nothing to do with cybersecurity, gotcha.
Peter Gailey (08:54):
Just that, at least.
Right, it just happens to be inbigger companies.
We use software to implementthis stuff.
Okay, that's right.
So you've got to, as you wouldhave your privileges, the three
people the president, vp offinance and the accounts payable
person.
You would do it digitally,where they could do money
(09:17):
transfers and all that and allthat.
So it's called controls.
Right, you have to control yourenvironment and there are
specific controls for that.
Jacquelyn Jackson (09:25):
And I'm thinking we're going to go a
little deeper, but I did want tomention this when you were
speaking on it.
It made me think about.
I have a client that I know.
Their front desk person kind ofdid everything Because, like
her assistant, she said but youshouldn't have her do everything
.
Peter Gailey (09:41):
Well, it depends.
It depends on the company andthe environment and the
competence of the person.
You know, the smaller thecompany, the more tasks that
everybody has.
Jacquelyn Jackson (09:51):
But we still need to have a plan, though, no
matter how small.
Yeah, I mean.
Well, yeah, you need to havecontrol, control.
Yes, that's not plan, you callit control.
Outro (09:59):
That's right, they need to have control in place.
Jacquelyn Jackson (10:01):
Okay Well, that makes sense, so let me ask
you.
Peter Gailey (10:03):
So, if you're a receptionist, they could be
doing phones, they could bedoing scheduling, they could be
doing buying, they could bedoing payables.
Okay, invoicing right, and itdepends on-.
Jacquelyn Jackson (10:13):
But we still need to have controls with all
of that is what you're sayingyeah, okay.
And the bigger you get.
Like you said, the biggercompanies are starting dealing
with the software type controls.
Right, they're coming in forthe bigger companies.
Is that what you're?
Saying compared to us.
Yeah, yeah, so basically justthe controls we need to have in
place.
Peter Gailey (10:32):
It's all about controls.
Cyber security is all aboutcontrols.
Let me take it a different way.
Jacquelyn Jackson (10:36):
Okay.
Peter Gailey (10:37):
Cyber security.
Oops, sorry, that's fine.
She said don't tap on the tableCybersecurity and security.
You know, physical security isall about people, process,
technology and data.
It's ultimately all about yourdata, your information.
(10:58):
Okay, so you want to havepolicies, procedures, whether
they're written or not you know,hey, these are the only three
people that have access to thegeneral ledger system and the
checkbook.
That's a policy, okay, whetheryou write it down or not, you
should Right Right, because if Iget hit by, if the CEO gets hit
(11:19):
by a truck, that's right.
Jacquelyn Jackson (11:22):
Well then, we all get it right.
Peter Gailey (11:24):
You know, let's keep going right, let's keep the
business going right.
Um so, people in processtechnology, because you're using
software tools and stuff likethat, you're using, you know,
quickbooks and spreadsheets andcrm, crm systems and billing
(11:44):
system.
You know all of those who hasaccess to those.
What level of privileges dothey have?
It's all again.
It's not that hard.
It's common sense, not thathard to figure out, but it's
pretty hard to implement.
And it's all about your data.
It's all about protecting data.
Jacquelyn Jackson (12:01):
Okay, so then let me ask you this so you're
basically what would be youradvice that you would say for
the small business that'slooking to enhance their cyber
security with limited budget.
I think something that you kindof mentioned.
What would you?
Peter Gailey (12:14):
recommend.
There are some things from acyber perspective.
Now, cyber generally meansdigital.
Jacquelyn Jackson (12:22):
Okay, right.
Peter Gailey (12:22):
The stuff you're using hardware, software,
digital programs.
Jacquelyn Jackson (12:26):
Okay, you know data.
Peter Gailey (12:27):
Within those kinds of systems, highest priority is
protect your data.
Okay, so there are ways to dothat.
There are several ways to dothat.
The first thing that I suggestis you take and you execute
what's called and this has beenaround since the 50s, since the
(12:48):
1950s, ibm mainframes did this.
At the beginning it's calledHSM hierarchical storage
management.
You should have a minimum ofthree copies of your data, and
here's why.
So I'm banging I'm not going tohit my fingernails on the table
, but I'm banging away on mysystem and I'm doing emails and
(13:10):
I'm doing spreadsheets and allthat stuff, whether it's on a
notebook, whether I'm in theoffice, whether I'm at home,
whatever.
Okay, I have local data andit's dynamic.
It's changing because I'msending emails and stuff like
that Periodically.
The more, the more frequently,the better.
You want to back that up,because if I leave my notebook
(13:32):
in my car, if I leave it on anairplane, if my kid's using it
and crashes it.
If something happens, oh myRight, right, then I've lost a
whole bunch of stuff and I maynot even know what I lost, right
, right.
So all your files are soperiodically.
Depending on the size of yourbusiness, it's very inexpensive.
(13:52):
It's a very expensive insurancepolicy.
Back up your data.
Jacquelyn Jackson (13:57):
Now, when you say back up, should we back up
like in the cloud storages?
Peter Gailey (14:01):
I'll get to that, okay.
So you should have a minimum ofthree copies, okay, and here
should have a minimum of threecopies, okay.
And here's one.
The one is level one.
Think of a hierarchy.
Okay, level one in a hierarchyof storage management is your
active data that you're bangingon and changing.
Level two is a local copy of abackup.
Think of going to Amazon,buying that five gigabyte add-on
(14:27):
drive for a hundred bucks Okay.
Or five terabyte drive for ahundred bucks right.
Buy two of those, okay.
So you take one and you back upyour systems, so you back up
your notebook, you back up yourservers, whatever.
Okay, that's level two.
And then you take another diskand you back it up again.
(14:50):
So you have two copies of thesame.
You have three copies of thesame disk.
You have the one that you'rebanging on, that you're changing
.
You got a local copy and takethat third copy and do what's
called an air gap.
So you take that third copy andyou take it home.
You put it in a safety depositbox, you put it in a drawer at
grandma's house, you put itsomeplace away, okay.
(15:13):
We have tornadoes, we havefloods, we have buildings that
burn down.
So I'm sitting here in mybusiness and I'm chugging along
and the creek rises, okay, andI'm flooded.
So I've lost my primary data,okay, okay, yes, building burns
(15:36):
down, tornado comes from town.
I've lost, you know, whateverright, I've lost my first level
data.
I can back it up with my secondlevel data because it's local,
because I have it in a closet ora drawer or a locked drawer,
okay.
But if the creek rises and theplace floods out and that second
version gets ruined, which isthere, right, okay, on-prem,
(15:57):
on-premises, you want to havethat third copy, remote but low
probability, my kid's going tobarf on that, on that third copy
.
Or the creek rises or thebuilding, okay, so three levels.
And then you take.
The process is then you takethat.
You know, periodically you backeverything, once a quarter,
(16:19):
once a month, once a week.
Okay, some people, you know, inbig, big enterprises they back
up every day, they back up everyhalf hour because they don't
want to lose the transactions.
You know the billings and stufflike that.
So HSM, so that third layer isreally secure, it's offsite,
it's called air gapped, so it'snot plugged into any network or
(16:39):
anything, right, and you had setup before.
You know a different copy ofthat might be online, it might
be at a storage service, or itmight be at Google, or you're
going to have it at Microsoft in.
Jacquelyn Jackson (16:51):
Azure or Dropbox or something like that.
Peter Gailey (16:53):
Those are all different versions of probably
level two or level three.
Does that make sense?
Yeah, it makes a lot of sense.
Best, easiest, cheapest,fastest thing I can tell you to
protect your business is executedata backup and do it
religiously.
Have a policy that says I'mgoing to do this every so often.
(17:14):
I'm going to do this once amonth.
Have a procedure that sayshere's how I'm going to do it
and then follow it.
Jacquelyn Jackson (17:22):
And then follow it.
Peter Gailey (17:24):
That's the best piece of advice I can give you
to save your business.
And oh, by the way, thank melater.
Jacquelyn Jackson (17:31):
Oh, yeah, definitely.
Peter Gailey (17:33):
You ever had your spouse have a system crash?
They didn't have everythingbacked up.
Outro (17:37):
You want to talk about mayhem.
Peter Gailey (17:39):
Okay, think about that in your business.
Jacquelyn Jackson (17:42):
At TDJ Equity Funding, we understand the
challenges you face, whetheryou're expanding your business,
investing in real estate orlaunching a startup.
We've got your back.
Our expert team of loan brokersis dedicated to helping you
secure the funding you need,hassle-free.
Imagine a future where yourbusiness thrives, where
opportunities are endless andworking capital has made a great
(18:03):
difference in your business.
Tdj equity funding can make ithappen.
Book an appointment with us aseasy as pot.
Just visit our website atwwwtdjequityllcnet and take the
first step towards yourfinancial success.
Don't let your dreams gatherdust on the shelf.
Seize the opportunity today.
(18:24):
Visit wwwTDJEquityLLCnet andschedule your appointment with
TDJ Equity Funding.
Let's turn your dreams intodollars.
Outro (18:37):
Welcome to Frameworks Consortium, your partner for
sustainable business success.
Frameworks Consortium is yourstrategic guide, providing you
with clear, actionable roadmapsto achieve your business goals.
Our team of seasonedstrategists provides expert
guidance, ensuring you makeinformed decisions with clarity
and confidence.
We develop customized solutionsthat align with your unique
(18:58):
business objectives, fosteringgrowth and resilience in an
ever-changing businessenvironment.
Connect with us today andharness the power of strategic
planning for your business.
Jacquelyn Jackson (19:08):
You said cybersecurity is digital.
Think of digital.
It's more of a think of it asdigital, I mean that's-.
Peter Gailey (19:14):
Well, there's physical security stuff, too,
that you have to do Lock thedoors and windows, right, right,
but this is a way that you'relocking the doors and windows in
the digital world, right?
Jacquelyn Jackson (19:23):
Right, and that's what it is.
And so many times we start abusiness and don't even think
like that that we need to lockit, you know from that point.
That's why I think it's soimportant for you to be on the
show and also I want toemphasize to our listeners that
you know Peter is available.
You know his company isavailable.
His company is available, soyou all can reach out to him.
Like I said on our website,definitely you can go and
connect with him and let him goover what he has, that he can
(19:46):
help you, because the big thingis not knowing what all you do.
Now.
With that said, I do want toask about the bigger companies.
How do they deal with theirsecurity?
But I also want to ask we hadsome questions that were
submitted what is some of thebest practice for securing
remote work environments andprotecting sensitive data?
Peter Gailey (20:08):
Okay, same thing.
Number one you know, back upyour data, Okay, Okay.
So when you say bigger company,that is a subjective term.
Jacquelyn Jackson (20:17):
Okay.
Peter Gailey (20:17):
Okay, so you, Jackie, have got how many
employees whatever, and some ofthem you're working out of their
houses.
Some of those, are remoteworkers.
Okay.
So how critical is that data?
The HSM strategy is the samewhether you're a one-person shop
or a 350,000-person shop.
It's the exact same.
(20:40):
Again, ibm kicked that right outin the right out of the chute
in the fifties in the mainframebusiness and it's been executed
religiously ever since.
Okay, that's, that's the bigone.
The other thing is there's a umuh, software tool that's called
and we all have it right, it'scalled multi-factor
authentication.
(21:01):
Okay, so let's say, on youriPhone or on your Android you
have set up multi-factorauthentication and it'll ask you
do you want to secure yourphone?
And it says okay.
The way to do that is wheneveryou go to log into an
application or some data thatapplication will send you know,
(21:25):
let's sign in again, or let mesend you a five digit code, okay
.
So I know you're going to askme that, but it's, it's what you
know.
It's it's it's it's what's inthis, what's in the system.
So if you pull something up andit comes right up, it's it's,
it's what's in this, what's inthe system.
So if you pull something up andit comes right up, it's like
(21:45):
what you know, you know what youcan get to.
The second layer is they askyou something that's not that
obvious, that you need to know.
Okay, and that might be yourpassword, okay.
And then the third thing isthat third party sending you
back.
Here's a five-digit code, okay.
(22:07):
So, what do you know Right?
What's the system know?
What do you need to know?
So I need to know what myfive-digit password is, and then
the last is that it's going tobe a digital token to do that,
as well To do that right.
Okay, so that's multi-factorauthentication.
(22:28):
So you're at home, you'reworking on your notebook and
stuff like that.
You're tapping into yoursystems and you want to make
sure that it's Jackie that'stapping in instead of your kid
tapping in right Right.
If there's somebody that'shijacked your session on your
notebook, right, they're goingto ask multi.
You know you want to have itset up that there's multi-factor
(22:49):
authentication so that theycan't get in If you can't answer
your password.
You're not getting in.
If they send that five-digitcode to your phone, where you
told them to send it, but that'snot you, so they're sending it
to you on your phone, but notthe person that's fiddling with
your system.
Exactly, Multi-factorauthentication.
Jacquelyn Jackson (23:10):
So we need to do that.
I'm going to say this I knowand I do have questions, but I
have a home health and I have ahospice that actually I told
them we were doing this show andthey were really inquiring
about it because they have didtheirs with a IT.
But they said, you know,knowing it's something else,
they definitely watch.
But so I want to ask thisquestion because they had made a
(23:31):
big thing about it.
So they said that, beyond thetraditional cybersecurity
measures like firewalls,antivirus softwares, this
emerging technology orapproaches, what do you believe
will play a key role inenhancing the cybersecurity
defense in the future?
Peter Gailey (23:49):
Training, training , training is big, one of the
biggest.
You've all heard of ransomattacks and phishing and all
that kind of stuff.
What a ransom attack is issomebody breaking into your
system doing mischief, whateverit is.
They could extort you, ransomyou and say, hey, give me money
(24:11):
to get.
Outro (24:12):
I'm going to encrypt everything.
Peter Gailey (24:13):
You're not going to be able to read it, you're
not going to be able to get toit until and unless you pay me.
I've seen it.
That's the ransoming you Okay.
So if you have an HSM strategy,you don't care, because you
wipe your systems, you reloadyour data, you're off to the
races.
Thank you very much.
If you don't, then you arevulnerable, and when you're
(24:36):
vulnerable you might have to paythat ransom.
Jacquelyn Jackson (24:39):
Right or not Right.
Peter Gailey (24:41):
So ransomware is still very, very big.
Jacquelyn Jackson (24:44):
That's happening around here and it's
about it's grown.
Peter Gailey (24:46):
I just read something yesterday that it grew
75.
It's really bad, but it grew 75.
The number of incidents grew75% last year.
Intro (24:57):
Wow Big time.
Peter Gailey (24:58):
Okay, it's not going away.
It's not going away.
Jacquelyn Jackson (25:00):
The bad guys are winning Big time.
Peter Gailey (25:01):
Okay, it's not going away.
Jacquelyn Jackson (25:02):
It's not going away.
The bad guys are winning, Iknow, and that's understandable.
Peter Gailey (25:04):
Whenever somebody pays that ransom, that's funding
the bad guys.
Jacquelyn Jackson (25:08):
People paying the ransom yeah.
Peter Gailey (25:12):
Well, some people that don't have a cybersecurity
strategy have no choice.
Jacquelyn Jackson (25:15):
Yeah, because they got it.
Peter Gailey (25:16):
Oh man, so you do the simple HSM that's a building
block.
Wow, boom, man.
So you do the simple HSM that'sa building block.
Wow, boom.
Okay, so we talked about this.
You ever see the story aboutthe professor that goes in and
he's got a big beaker and heputs a bunch of big rocks.
Is that full?
Jacquelyn Jackson (25:34):
And the students say yes, no, no, no.
Peter Gailey (25:36):
He puts a bunch of you know, smaller rocks in,
gives it a shake.
Is that full?
Yeah?
Brings in pebbles shakes, it Isthat full, and then they're
like, okay, and then sand Okay,and then water Okay.
So you're building.
(25:56):
So if you don't have the bigrocks down in cybersecurity,
you're done.
So there's like 10 things to dothat you have to do in order to
just do baseline and that HSMprotecting your data is.
Jacquelyn Jackson (26:11):
And that's what is protecting your data.
Peter Gailey (26:14):
Put controls in place, data backup, backup
everything that identity accessmanagement that we talked about.
Training have people understand.
When somebody's trying to, youknow, spoof them Right Right.
And there's different trainingprograms very inexpensive, some
free.
Jacquelyn Jackson (26:32):
Okay, and that's what I want to talk to
you about.
The training, because that'swhat they ask too.
So what topics of methods doyou recommend that's effective
for employee training programs?
Peter Gailey (26:41):
There's all kinds of training out there.
There's all kinds of paid for,you know, free and training
programs.
So for small businesses, Iwould go on.
I'd go online and do a Googlesearch right in your Google
search bar.
Free cybersecurity training.
Jacquelyn Jackson (26:56):
Wow, that's not even free, we just need it.
Peter Gailey (26:59):
You just need to do it.
Jacquelyn Jackson (27:01):
Oh, my goodness.
Peter Gailey (27:03):
And so you put a.
We haven't really talked aboutthis yet, but I'm all about
programmatic approaches.
Jacquelyn Jackson (27:10):
Okay.
Peter Gailey (27:11):
Let's set up a program.
So the list of questions thatwe have here are all one-off
one-off.
You said firewall.
Right you know, training, hsm,you know those are all projects.
Okay, so when you're talkingcybersecurity, I call it
whack-a-mole.
(27:31):
Don't do whack-a-mole and justdo project, project, project,
helter-skelter, just whateverright.
Have a programmed program, puta program together and say here
are the 500 things that I got todo, and here's the big rocks.
And then here's the littlerocks.
Each one of those is a project.
(27:52):
Each one of those is a project.
So let's put together what weneed to do, what's cheap, what's
fast, how quickly should we getto it and how much return am I
going to get on that effort?
Okay, you got to do the bigrocks first period If you're
going to be serious aboutcybersecurity.
(28:13):
And then after that, then youstart doing the little rocks,
and each one of those is aproject.
Multi-factor authenticationidentity access management.
Right, these are all the other.
You know, those are kind of thesecondary second big.
You know big rocks, but youknow more the, not the huge
rocks, but those are things thatyou should definitely be
(28:35):
concerned with.
So one of the things I do,frankly, is I'll go into a
company and we'll do a baselineassessment and I can tell you, I
can literally tell you how andthis is for everybody, this is a
giveaway, okay.
Okay, I can tell you how matureyour cybersecurity program is
(28:59):
by asking you one question, Onequestion, jackie show me an
inventory of all of your assets,all your hardware, all your
systems, all your software thatyou're using and your network
access.
(29:19):
Show me, hand me an inventory ofyour assets, okay.
And if you say, right, I can'tdo that, then we go back to you
have physical security, lockingthe doors and windows and the
cybersecurity stuff.
If you don't even know you havea window Right, then you are
not secure at all.
Jacquelyn Jackson (29:39):
I love how you start that.
Let's start with the doors andthe windows.
I can just do that.
We can work it off.
Peter Gailey (29:43):
Lock the doors and windows.
Those are the big rocks.
You're right, okay, and then,if you can't even tell me that
you, oh yeah, I did give anotebook to that contract guy.
I never got it back, right,right, and I did give somebody
access to my, I just movedsomebody my email list.
No, I just moved somebody from.
(30:04):
They were in accounts payableand I just moved them to
marketing, but they still haveaccess to all the accounts
payable stuff.
No, no, no, no, no, no, no.
Different profile Right Getinto HR and say change them from
A to B.
Give them only privileges thatthey need in that B.
Jacquelyn Jackson (30:25):
Right, that is great Doors and windows,
doors and windows.
Exactly, and that's like now.
Before we end, I want to ask sothat's the one.
Peter Gailey (30:33):
I'm going to quiz you at the end of the show and
ask you what's the one Doors andwindows.
Doors and windows.
What's the one question so?
I can tell you how mature youare Right.
Jacquelyn Jackson (30:42):
Right, okay, this is what I want to do Now.
I know we talk a lot, so we'vetalked about this, but this is
something I didn't tell youwe're going to ask, but since we
did talk about it, I think it'ssafe to ask.
Let's talk about the future,yeah, of cybersecurity, and this
may be a big question, but Ithink you can kind of work it
down a little yeah, maybe, okay,yeah, ai, yeah, how do you feel
(31:05):
how AI and cybersecurity,what's your opinion of that.
Peter Gailey (31:09):
Okay, everybody has heard the term AI, or if you
haven't, you're living under arock.
Ai is what's called artificialintelligence.
Ai is what's called artificialintelligence.
So what is happening in theworld of programming is there's
been a new development that'scalled a large language model.
(31:31):
Okay, so I've got a story, andyou might have to circle me back
because I'll go down a red holein this, but I was working on a
deal at.
I don't want to say who theywere.
Jacquelyn Jackson (31:48):
But you was working on a deal.
Peter Gailey (31:48):
Very, very, very, very, very, very, very large
medical research entity.
Jacquelyn Jackson (31:57):
Okay.
Peter Gailey (31:57):
In Houston that was working on cancer research.
That should narrow it downpretty well, yeah, okay.
In Houston that was working oncancer research, that should
narrow it down pretty well, yeah, okay.
And they were trying to figureout, okay, how do we secure the
intellectual property of when wecure a form of cancer, when we
come up with a protocol and curemelanoma or something that's
(32:23):
going to be a gazillion dollarbusiness.
It's going to be very, veryprofitable for somebody.
So how do we secure the digitalrights and make sure that the
people that found this cure getcredit for it, okay, okay, and
receive the rewards financialand accreditations and that kind
of stuff the rewards, financialand accreditations and that
kind of stuff.
So it was a mess.
(32:45):
So one of the things that theydid was the IBM.
This is a lot.
This is like 10 years ago.
Ibm came out with a mega, big,big, big computer called Watson
Okay, kind of a mainframe size,big, big machine.
Watson.
It wasn't a mainframe, it wasits own architecture.
And they said, okay, so myoncologist at this place in
(33:08):
Houston, they can only absorb somuch data.
So I can only read.
As an oncologist, I have mypractice and I can only read
like 100 white papers a year.
Maybe you know to keep educatedin what's happening and stuff.
But what IBM did was they builtthis Watson enterprise where
(33:30):
they had a bunch of them pluggedtogether and they took every
white paper that has ever beenpublished and they put it into a
database and it's allsearchable and all that stuff.
So it is a central repositoryof knowledge for cancer research
.
So what worked, what didn't,hypotheses that did work, that
didn't, can we learn from thisand relative and all that kind
(33:52):
of stuff?
So artificial intelligence now,with that large language model,
has the ability to query thathuge pool of knowledge light
years faster than that oneoncologist that can only read a
(34:12):
hundred papers.
Jacquelyn Jackson (34:13):
Right, okay, so that's the upside.
Peter Gailey (34:17):
That's one of the upsides, and there was a guy
named Alvin Toffler that wrote abook in the seventies called
the third, or called the thirdwave.
Outro (34:27):
The first wave was.
Peter Gailey (34:28):
It's a book that I highly recommend everybody read
.
It's a book.
The first wave was theagricultural revolution.
That took about 3,000 years.
Jacquelyn Jackson (34:35):
Okay.
Peter Gailey (34:36):
Planting, you know agriculture.
The second wave was theindustrial revolution.
Okay, looms, and you knowknitting and you know spooling
and making threads and all thatstuff.
And you know, started to buildyou, to build machines for mass
production and stuff like that.
Jacquelyn Jackson (34:56):
The.
Peter Gailey (34:57):
Industrial Revolution.
The third revolution was theComputing Revolution or the Data
Revolution.
I'm sorry.
The Industrial Revolution isabout 300 years.
The Data and the ComputingRevolution?
We're still in the middle of it.
It's about 75 years old.
Maybe, arguably 100 years old.
(35:20):
The next wave, that's AlvinToffler the third wave.
The next wave is artificialintelligence and we are right on
the cusp of and we are right onthe cusp of a huge evolution
and revolution in thought and inpractice.
And my prediction, absolutely,the fourth wave is the
(35:43):
artificial intelligence world.
And it's going to affect everyperson on the planet.
It's going to affect everyindustry on the planet every job
on the planet.
We are right on the cusp of amajor, major set of developments
.
It's going to change everything, literally.
In the cybersecurity world.
It's going to be used for good,and it's also going to be used
(36:09):
for bad.
So let me give you an examplethat I talked about a little
earlier today.
I don't want to go dark, I don'twant to go negative, but these
they're called tools andservices.
They are so powerful that theycan be used for misbehavior, and
there are instances that someof these major, major breaches
(36:34):
that we've seen that haveaffected institutions and
governments, and we talked alittle bit about deep fakes.
You know where they'reimpersonating people, kind of
thing.
Outro (36:46):
That's all here.
Peter Gailey (36:47):
And it's all now, and it's all driven by
artificial intelligence.
Most of it's driven byartificial intelligence.
So it's a very scary frontier,so you can have four or five
people that knit together someof these tools and let it loose
in the wild.
Yikes, I don't want to go darkor negative on this, but
everybody should be aware.
(37:08):
So what do you do to protectyourself?
That's what I was going to say,nate, from a cybersecurity
perspective Come on, call you.
Protect your data.
Jacquelyn Jackson (37:20):
Protect your data.
That's right.
I'm sorry.
Lock the doors.
Close the windows, doors andwindows, that's correct Policies
procedures.
Peter Gailey (37:29):
Disaster incident response.
What the heck do I do?
Get in front of it.
Get in front of it.
Jacquelyn Jackson (37:35):
Right.
Get in front of it.
That is so true.
And somebody said.
Peter Gailey (37:38):
You know it's not if it's when, and that's an
overused term, but it's true.
So you have one of the bigrocks in the scenario is called
an incident response plan.
Get in front of it, Just spenda half a day and just say what
the heck, If this happened, whatthe hell would we do?
(38:00):
Exactly?
Okay, and you take all yourexecutives you want to have your
marketing person there becausethey're going to be
communicating with the press.
Jacquelyn Jackson (38:09):
So our management needs to be involved.
That's your team.
It's a team.
You're right, it's a team.
You're right, it's a team.
Peter Gailey (38:13):
People process technology.
The technology is that air gapCopy.
The process is that technologyperson taking that air gap,
killing all the you know,flushing all the systems out,
rebooting them, reloading them.
Here we're going to do it withthat old data, but it's better
(38:35):
than nothing.
That's people and process andtechnology.
So it's all about peopleprocess technology.
That's a long-winded answer butagain, that's what's coming and
it's all automated.
It's scary what's coming andit's all automated.
It's scary what's happening.
Jacquelyn Jackson (38:55):
And, like you're saying, we're just going
to have to get in front of it.
Peter Gailey (38:59):
Just get in front of it, yeah.
Jacquelyn Jackson (39:00):
That's basically what that is and I
like the suggestion that yougave us.
Like I said, YouTube.
They go on and try to find thatto start off, and then, if you
see you didn't pick up a littleknowledge, I'm going to
recommend I know he made it, butI am that you reach out to
Peter, because I'd rather you besafe than sorry and I think
it's a lot of things happeningso much with us being business
(39:20):
owners.
Our heads are down and we'reworking in our business and
we're working on our business,but for some reason,
cybersecurity is pushed to theside.
Peter Gailey (39:29):
You know what I call it.
You're going to love this andagain, I don't mean to be a jerk
, I call it adult supervision.
This is you need.
This stuff is so.
It's not hard to understand,but it's hard to implement.
Okay, so I can tell you abouteach one of these whack-a-mole
(39:50):
projects and items and stuffthat you need to do and there
are hundreds.
Okay, so just bring in somebodylike me or a virtual chief
information security officer andyou know we do contracts on an
hourly basis, so you don't needto hire us.
Just bring us in as aconsultant it's called a virtual
(40:10):
CISO.
Okay, a couple thousand bucks amonth or something, and
whatever level of effort youneed.
So if I go in there and youcan't give me an inventory, you
need help, that's right.
Okay, and I'm going to say hereare the big rocks, here's what
you need to do and I can helpyou do it, or you can do it
yourself, I don't care, you justneed to do it, do it right, I
(40:32):
think that's awesome, I reallyam.
Jacquelyn Jackson (40:35):
I think it's not as well.
Let's say it is, it ain'texpensive.
If you think because let metell you something you think
paying something to get it done.
Peter Gailey (40:42):
Try not to pay nothing to get done, and your
business should?
The numbers change every year?
The last number I heard was 60%of small business small
medium-sized businesses are putout of business after a hack in
the first year.
First year you're out ofbusiness, and that, to me, is
just chilling and it'spreventable, exactly, and we
(41:06):
just hadn't.
Jacquelyn Jackson (41:06):
So that's why we're trying to bring it to the
attention, because I think it'snot us purposely trying not to,
it's just having been broughtto the forefront as business
owners.
Hey, add this along with yourCPA and your attorney.
Your lawyer and that's what.
Peter Gailey (41:18):
I'm saying your bank officer and your
cybersecurity when is thatAbsolutely right.
That's just another advisorthat you should bring in and if
you're, you know, depending onthe size of the companies in
this audience, you know,depending on the size of the
companies in this audience, ifyou're big enough that you can
afford that resource inside, itshould be a priority.
Jacquelyn Jackson (41:39):
To do it and you guys can help them with
getting somebody inside trainingand all that as well.
That's what I think would be abig thing for you do a roadmap.
Peter Gailey (41:49):
Remember, you do a baseline and you do your plan
of action and milestones.
Right, and you just go andexecute a programmatic approach
and you know a year down theroad, depending on the size of
your company, what your budgetsare and stuff like that.
Why are we paying this externalguy when we should probably
hire some guy and have him onthe payroll Right, and that's
fine right.
So it's reduce your risk and ifyou have compliance requirements
(42:16):
depending on the industry thatyou're in, then you know what a
VSO will do, or something likeI'll do is come in and put a
program together for you to helpyou.
They help you do that Reducerisk, meet compliance.
Jacquelyn Jackson (42:28):
And that's what we need.
Well, I do appreciate that,because that's definitely what
we need, and I do thank you forcoming first of all, so for
enjoying you, for being here,and we definitely want to have
you to come back on the showsometime later.
Peter Gailey (42:40):
I've enjoyed it.
I hope I didn't just go crazy.
Jacquelyn Jackson (42:43):
You did, you did, so let's talk about our
takeaways.
I want to make sure you guysthat the for my show today was
preparedness is the key.
Business owners must beproactive, preparing for cyber
threats rather than reactiveresponding after an accident
occurred, understanding thethreat landscape and
implementing the robust securitymeasures that's in place.
(43:03):
I hope you guys have gainedsome information.
Again, we thank our guests forbeing with us today and if you
all have any questions, you cango and log on to our website at
tdjequityllcnet.
You all again thank you andtake care.
Intro (43:20):
We hope you enjoyed this episode of TDJ Equity Funding
Insiders Podcast.
If you'd like to be a guest orget in touch with us, please
visit our website attdjequityllcnet.
Forward slash podcast or emailus at podcast at
tdjequityfundinginsidersnet.
Until next time, take care.
Popular Podcasts
United States of Kennedy
United States of Kennedy is a podcast about our cultural fascination with the Kennedy dynasty. Every week, hosts Lyra Smith and George Civeris go into one aspect of the Kennedy story.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com