September 4, 2025 • 37 mins
In this episode of the Business Roundtable Podcast, host David W. Carr is joined by cybersecurity strategist and Zero Trust advocate Dr. Victor Monga for a high-impact conversation on the intersection of leadership, AI, and cyber maturity. With over two decades of experience in both technical and advisory roles, Victor unpacks how cybersecurity can serve as a foundation for scalable, trustworthy business growth—especially for founders and leadership teams in the small to mid-sized market. Together, they explore how AI, automation, and team trust can create systems that remove friction, protect brand reputation, and reclaim leadership focus. Topics include:
LinkedIn: https://www.linkedin.com/in/victorvirtual
Zero Trust Journey Podcast: https://zerotrustjourney.com/ Learn more about David W. Carr and Steward Your Business:
https://stewardyourbusiness.com
https://www.linkedin.com/in/davidwcarr Subscribe for more conversations with leaders who build with clarity and lead with purpose.
Become a supporter of this podcast: https://www.spreaker.com/podcast/business-roundtable--6049255/support.
Watch more episodes on YouTube and subscribe here:
https://www.youtube.com/@steward_your_business
Connect with Steward Your Business:
Website: https://stewardyourbusiness.com
LinkedIn: https://www.linkedin.com/in/davidwcarr
- Why Zero Trust is more than a technical framework
- How AI can enhance productivity without replacing people
- Common mistakes leaders make when delegating or scaling
- Practical steps to strengthen cybersecurity culture in any business
- Why clarity, curiosity, and culture are the real keys to sustainable growth
LinkedIn: https://www.linkedin.com/in/victorvirtual
Zero Trust Journey Podcast: https://zerotrustjourney.com/ Learn more about David W. Carr and Steward Your Business:
https://stewardyourbusiness.com
https://www.linkedin.com/in/davidwcarr Subscribe for more conversations with leaders who build with clarity and lead with purpose.
Become a supporter of this podcast: https://www.spreaker.com/podcast/business-roundtable--6049255/support.
Watch more episodes on YouTube and subscribe here:
https://www.youtube.com/@steward_your_business
Connect with Steward Your Business:
Website: https://stewardyourbusiness.com
LinkedIn: https://www.linkedin.com/in/davidwcarr
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:31):
Hello, and welcome back to the Business Roundtable podcast. I
am your host, David Carr or stud your business where
I bring people together to accomplish great things, and that
includes Victor Manga, one of our new guests here to
the podcast.
Speaker 2 (00:44):
Victor's got a wealth of experience.
Speaker 1 (00:45):
We're going to get into cybersecurity technology, all sorts of things,
but before we do that, just want to welcome you,
Victor to the podcast.
Speaker 3 (00:53):
Thanks very thanks for having me.
Speaker 1 (00:54):
Absolutely absolutely we cover so many different topics here on
the Business Roundtable because we're trying to help business owners,
team leaders lead better, be more aware and also know
where to turn to get some resources to get some
help along their journey. And Victor, I'm glad to have
you here because you bring a different perspective and understanding
in the world that we live of cybersecurity, AI technology.
(01:18):
It's going very fast and we can easily get tripped up,
and so you're going to dive us into this. But
before we get into that, I want to I want
folks to know a little about your journey, Victor.
Speaker 2 (01:31):
What got you to this place and why do you
do what you do?
Speaker 1 (01:34):
What is it that you know makes you get up
in the morning and say, man, this is important to
be right into the.
Speaker 2 (01:39):
World, so just tell us a little about your journey.
Speaker 1 (01:42):
Uh and uh, we'll let everybody listen in to Victor
here today.
Speaker 3 (01:46):
Yeah, thank you. So absolutely my show up at is
I got it.
Speaker 4 (01:51):
I got into it cybersecurity by chance, not by choice.
And what I mean by that is so I was
born and raised in India and two older sisters. They
both highly talented, and they wanted to study. Unlike me,
I want I always find shortcuts. So they went into
medical They studied medicine. And in a middle class family
(02:15):
in India, especially in North India, usually you have two choices.
You go into medicine or you become an engineer. Engineer
is easier in a way, and that medicine for me,
so I went. I went into engineering, and in that
they had different majors. You can have civil engineer, mechanical, electrical, computers.
(02:38):
I always liked playing computer games growing up, so like,
why not let's try computer science for majors. And when
I got into my college the first year, by the way,
I'm going to age myself.
Speaker 3 (02:53):
At that time, Wi Fi was new, yeah yeah, and streaming.
Speaker 4 (02:57):
Services was new, so I want to learn more how
to hack into college Wi Fi so I can stream
movies and play view games later at night with my friends.
That really took me, again by a chance, not by choice,
into cybersecurity.
Speaker 3 (03:14):
I ended up founding a.
Speaker 4 (03:16):
Firm with two of my professors for ethical hacking, and
again by a chance, because I wanted to always find
a way to do the smart way, not the long
way or the hard way. And that's just got into cybersecurity,
did a lot of ethical hacking, and ultimately started helping
Fortune five hundred companies here in the US to build
(03:36):
their cybersecurity program so that at least they can minimize
and contain the problem of cyber attacks. You can make
a fool proof. It's not a thing. There's no one
hundred percentile. So yeah, that's all I got it.
Speaker 2 (03:49):
Yeah, No, that's interesting.
Speaker 1 (03:52):
Well I'm glad that you turned it around your your
hacking in college for hey you want to get streaming
this that Yeah, I remember that, But then I actually
taking it in and making it ethical, like saying, how
do we help you know, identify these holes these areas.
I think that's I mean, that's so important victory because
you want somebody in a good way like right, testing
your system where there's something before the bad guys come.
Speaker 4 (04:16):
Yeah, and again this is not natural or easy. I
lot people, especially baby boomers like my dad or my granddad,
they don't think it that way because they grew up
in an era where it or interconnected systems were not
a thing. Right now, from my computer that's connected to
my cell phone, cell phone connected to my Amazon Echo
(04:39):
that's connected to my doorball, I think about these things.
They're connected, and all it takes is just have an
adversary driving by your street. See there's an opener week
Wi Fi network, get into that, get into a doorbell
or an IoT or fridge or something new that you
just pought which has Wi Fi, and you connected with
your password that has connection to your laptop or phone.
(05:03):
That's all it's taking, honestly, and ever say that are
becoming smarter. They are thinking that if I go fortion
five hundred and I'll go after fortune five hundred. They
have the world class cybersecurity technology, the best people, why
not just multiply in the neighborhood where there's a wealth
in their bank accounts and just hack into their WiFi,
(05:25):
hack into their IoTs.
Speaker 3 (05:27):
That's becoming the new name of the game.
Speaker 2 (05:29):
Hm. Wow.
Speaker 1 (05:32):
And that's why I want you to have on here, Victor,
because if you guys aren't hearing this or thinking about this,
I know sometimes it isn't quote sexy cybersecurity that I see,
but it's it's absolutely necessarily wanting to get into how
it can be a growth engine if you're if you're
playing it well.
Speaker 2 (05:45):
But Victor, to your point, you know you're moving from just.
Speaker 1 (05:49):
Tactical Hey, here's that and that, but I feel like strategically,
like you said, maybe we're thinking about these things before,
how interconnected. I really got to think more strategically in
how we're addressing this. And I want to give you
on the podcast. I mean, how did you how have
you seen or how have you even yourself moved in
that way?
Speaker 3 (06:07):
Yeah, what I've seen.
Speaker 4 (06:08):
I'll share a little research I did in twenty twenty four,
So I wanted to know more about the small business
space because again, enterprises, they have the best in the
pre best best people, best resources, best technology when it
comes to cybersecurity or I the innovation, all of that,
but when it comes to small or medium sized businesses,
(06:30):
I wanted to learn more about how did they protect
their businesses. How do they think about when they go
connect their new device to their current network, what goes
in and out of their network? So I want to
do a little research on my own, so I picked
about fifty two I'm calling them companies, but merely their
mom and pop shop like your liquor store at the
(06:51):
corner or peed kitchen.
Speaker 3 (06:54):
We have it here.
Speaker 4 (06:56):
Again, it's it's something that you just see and use
regular early. But they don't have the best it if
you will. Yeah, almost ninety five percent of that research
was they have a standard internet nothing wrong with it,
but a standard internet line Wi Fi provided by that
internet provider, and they connect everything from their POS sales
(07:20):
system where they are actually taking your credit card from,
to their anything bank accounts where they transfer funds to
their vendors or pay invoices.
Speaker 3 (07:29):
Of course they have to pay that as well to
their Wi Fi for the guests.
Speaker 4 (07:35):
So if I walk into that establishment, they'll say, hey, yeah,
we provide free Wi Fi. That's the same Wi Fi
they're using for their POS and invoicing and their bank
accounts and their laptops all of that. So then I
started asking the questions from the owners or the founders
that who's also working there by the way most of
(07:57):
the time. What do you do for it? And they're like, well,
I have the Internet and I have the computer. That's
the four by four they're thinking, when it comes to it,
that's the box they're in that I have the Internet
working and I have the computer working.
Speaker 3 (08:12):
That's about it.
Speaker 4 (08:14):
And then again, being the researcher, I asked them follow
up questions, are you not worried that you'll have a
cyber attack or if someone can actually attack your network?
And the usual answer, I'm not kidding. And this cracked
me up. They're like, why would they Why would they
attack me? There are billions and trillions of dollars in
the world. Why would they attack me? Now, that's that's
(08:37):
where the problem is. Why would they attack me? Is
the mentality which really is going to bring us down.
Why would they attack me? Well, you have a penny
to save us? Well, you have a bank account, you
have something to lose. They will come after you. They
just haven't yet. You just don't know about it. They
will come after you. True story. Liquor store I won't
(09:01):
name the name, and they picked up a new vending
machine where you can just use Wi Fi to connect
and people can pay with their phone or with their
credit card so that the person doesn't have to come
out of the cashier's desk. And actually so convenience right
perfect connected to the same WiFi and which they use
(09:24):
for their computer, their bank account, they log in and
they pay the invoices, all of that right, what I
just talked about, that vending machine had a vulnerability that
the owner didn't know about it. Why would they That's
not their job nor they should be aware of it. Again,
at the end of the day, they are running the business.
Small business again, that vending machine. Someone actually I don't
(09:48):
know how or where someone from the Internet were able
to discover that. They didn't even come there physically. That's
a surprising part. Wow, someone scanning the Internet. That happens
a lot, by the way, just like people used to
go dumpster diving, I don't know, in the eighties and
nineties looking for stuff. They're just looking for a way in.
Speaker 2 (10:06):
Huh.
Speaker 3 (10:07):
Yeah.
Speaker 4 (10:07):
So someone from the Internet found out that vending machine
had the Internet address directly connected with the Wi Fi
that the person is using. They did not attack or
they didn't do anything for about eight months. That adversary
who found out about this vulnerability, this foothold didn't do
anything for about six to eight months.
Speaker 3 (10:29):
After eight months, they got.
Speaker 4 (10:31):
The passwords, they knew hord to log in, what time
the log in, what happens when is the right time
of the traffic, and they were able to wipe out
the bank account of the owner. FBI complaint was lodged.
But again, think about the headache that the owner had
to go through, now, the stress they had to face.
Speaker 3 (10:51):
You don't want to be one of that.
Speaker 4 (10:53):
Right Again, back to the mentality of why would they
hack you? Why would they come after you? You have
a money, you have a family, you have a business,
they've come after you.
Speaker 1 (11:03):
Yeah, Well, to your point, Victor, I've seen this even,
you know, because I do work a lot in the
professional services world.
Speaker 2 (11:08):
Right, So same thing.
Speaker 1 (11:09):
Right, people are getting computers, getting access and I've worked
on uh big big companies or utilities or you know,
they're there. There's some protected information they need to be
sure that's protected. And I can't tell you victory even
just I mean, this is simple stuff. But you know
they haven't updated, Like to your point, they haven't updated
(11:30):
the computer. So now it's out of date and they're
logging in somebody's priver server or whatever. And in end,
like you said, that's the sinister part, like you said,
is I mean, obviously they took advantage of it, but
they're there, they were varis. They could have dived done
something right away, but they waited for months gathering all
(11:50):
this information. So you may not know until it's too late.
Obviously in this case it was too late. And I
do think a lot of people, like you said, Victors,
say well, you know, why why.
Speaker 2 (12:02):
Would they pick be?
Speaker 3 (12:03):
You know?
Speaker 2 (12:04):
Yeah, and so we kind of defer.
Speaker 1 (12:06):
And I see this a lot in other areas of
business where instead of being more proactive, And that's why
I wanted to have you on the podcast, Victor, this
does those wee folks can listen to say, well maybe
I don't I don't know what to do, but I
want to do something. I want to be proactive, right,
you have something in there and look at like what's
going on?
Speaker 4 (12:25):
Why do they weight? I get this question a lot.
Why did they weight for six to eight months? So
they already know about you, They already know the passwords,
or they figured out where to log in, how to
log in what they're really after after you where they
go your friends, your contact list. You know, we all
have seen those emails sometimes that.
Speaker 3 (12:46):
That we are like, why did I get it?
Speaker 4 (12:48):
Well, one of your friends was actually hacked who had
your email address or phone number. The adversary or the
cyber attacker is actually using that contact list to say
you the phishing or scam email, so that maybe you
might fall for that, because again, friends make friends who
are kind of the same age range, if you will,
(13:10):
or who like the same things, or like to go
to the same bars, or maybe like to go to
the same racing racing competitions or whatever that is, the
habits are almost the same, so the attackers don't have
to create a new scam. They can just follow the
same scam around your friends as well. And if you
were not fast enough to inform your friends, maybe they'll
(13:31):
be able to fall for that as well. So it's
it's it's a it's a funny way, not not so funny,
I guess, but it's it's an ironic way of actually
thinking where not only you were going to lose everything,
you are also leaving a door open for your friends
and family because they are also collected with you.
Speaker 1 (13:54):
So yes, think about that as well. Absolutely, No, you're
absolutely right. How many times have we seen something go through?
That's that's so important? So what I what I hear
you say? So in this example you give this unfortunately
clickuor store, it's not only doesn't protect it, but now
it's actually like they they've now been exposed and now
(14:14):
it's actually like their business has basically stopped. I mean,
I mean if their their bank accounts are taken, they
have no money, they've locked up their business. So on
the flip side, Victor, I think we were talking before,
but we can say that cybersecurity doesn't protect us, actually
can fuel the business, can actually protect you and actually
have the business grow if done right.
Speaker 4 (14:36):
Yes, And the analogy I want to give to you
all is think about a venue, or think about your
home or business something you want to protect. You buy doors,
you have locks. Some of us buy CCTV cameras. Some
of us actually get those sensors which will alert if
(14:56):
the window was left open, or the door was open,
or the garage door is left open. And the extreme
case of that is you also get some sort of
service that if the alarm goes off and nobody disarmed,
that within ten minutes, then they'll call the local police station.
Speaker 3 (15:13):
It's the same.
Speaker 4 (15:15):
Exact same ways to protect your digital welts. Now, m
we have the doors, we have the windows, we have
the locks, we have the CCTV cameras, we have all
of that. We just name them differently in cybersecurity, but
that's what it is. You have physical security for your
home or office or something else, you have cybersecurity for
(15:37):
your digital footprint. That's the same mindset that you're going
to have to start bringing it, especially again with the
rise of AI, the autonomous things are gonna start saying
now you're going to have to think about it where
maybe I actually bought something.
Speaker 3 (15:58):
Three months ago that.
Speaker 4 (16:02):
Vendor or e commerce website was attacked, where they have
my information, That information is going to get cataloged into AI.
So if I go into a and asked for about myself,
there's information something that I was like, well, I didn't
know that.
Speaker 3 (16:15):
It's out died in the Internet.
Speaker 4 (16:18):
And as last month AI indexed the whole Internet, it
knows it.
Speaker 3 (16:26):
Wow.
Speaker 1 (16:26):
Well to your point, Victor, I mean I've had I mean,
thankfully I'm paying attention to these things, but I've had either.
Speaker 2 (16:33):
Text is one of them.
Speaker 1 (16:34):
I've noticed one technique where they'll text me and ask
me to do something acting like another person that I know, right,
because you're, like you said, your friends and if you're
not being careful and now with AI can sound very
authentic like the other person, and so you could easily.
Speaker 2 (16:50):
Be tripped up. So how have you I would love
to ask, because.
Speaker 1 (16:53):
Before we start recording this human connected point of it,
So how have you helped? Like you said, this mindset
led teams are helped others in this you know, to
start to think differently picture not just the business owners, right,
I mean certain the business owner, but you've got to
be the rest of the people in the organisms do
thinking differently about our approaching.
Speaker 4 (17:12):
Yeah again back to the same analogy. You start thinking
that if a stranger walks into your home, can they
get to the safe that you have in your bedroom
behind the walking closet and that you have your clothes
in front of it?
Speaker 2 (17:28):
Mm hmm.
Speaker 3 (17:29):
Think into those those.
Speaker 4 (17:31):
Circles, if you will, they got into the outer circle,
can they get into the inner circle?
Speaker 3 (17:36):
And that's the same thing in digital fort print.
Speaker 4 (17:39):
If I were to get to your bank account, or
if I were to get to your wherever you keep
your money.
Speaker 3 (17:46):
What are the steps? You know?
Speaker 4 (17:48):
It's it's a again. I did a research on this
one as well a long time ago. It's one of
the bad habits annoyance versus convenience. Annoyance is that to
get to my bank account, I use a physical UBI key.
That's the only way with my password. With the UBI key,
which is a physical little USB or you can have
(18:10):
a pass key these days that's digital that you don't
have to carry around with you. But ultimately something more secure,
something more which doesn't rely upon the one time passwords
come into your phone because that can be hacked as
well or intercepted. But anyways, the annoyance is that I
can't just go into any computer a log into my bank.
Speaker 3 (18:30):
That's not a thing for me.
Speaker 4 (18:32):
But that's also annoying in a way because it is
not convenient. I was traveling with my family and I
needed to log into my bank acount and I forgot
to bring my ubikey.
Speaker 3 (18:43):
You know how annoying that was.
Speaker 2 (18:44):
Oh yeah, I couldn't.
Speaker 4 (18:46):
Now that's where the convenience comes in. I wish I
hadn't done all this, then I would have been able
to log in. So that's the the balance. You're going
to start thinking about how much risk can you take.
Speaker 1 (18:57):
It's a family, yeah you go to be yeah, yeah,
but what's the risk of and so you have I think,
you know, you have to evaluate that of like you said,
the convenience versus being you know, inconvenient. You know, like
you said, it's at some point. I was talking to
my wife the other day where I log into website.
She's like, why does it have this multi factor thing?
(19:18):
And then I gotta go this and then it checks
me email. I'm like, well, it's just because of the
things that you're saying. It is an inconvenience to a degree,
but it's protecting you for Like you said, if a
minute like wide open, that's not good either.
Speaker 4 (19:31):
Right, It's the same thing. If you are annoyed, it's
always going to be the hacker that who's trying to
get to you. If you make convenient for yourself, you're
making convenient for them as well. It's literally that simple.
Think about this. Your bank account or your saving account
or your for one K account, wherever you keep your money,
and if that's substantial money that you have and then
(19:54):
you care for it, then yeah, protected, and money is
not the only thing. Actually, I should really high at
one part your important documents.
Speaker 3 (20:02):
Where you have your let's say, your.
Speaker 4 (20:04):
Home deed or your insurance document, your driving license, your passports.
Everybody liked to scan these days because we have to
upload two different platforms to prove your identity. Don't keep
into one folder. First of all, don't have that folder unprotected.
Make sure that's protected, because that is also money. You
don't realize. We actually worked, you know, on a case
where someone identity from California, Los Angeles was stolen and
(20:29):
they actually had two mortgages going on.
Speaker 3 (20:32):
They bought a house.
Speaker 4 (20:33):
They didn't realize they were living on a rental here
any scores. They figured that out eventually. Then they froze
their credits and all that. But again convenience annoyance. They
had all of their folders in a G drive. They
didn't realize that ged drivers open public. Anyone on the
internet can scan that. Anyone literally, you think that randomly
(20:57):
generated you are that nobody will be able to remember
they don't need to. There are scanners on the internet
who are looking for those g drive links.
Speaker 1 (21:06):
Just those open links are basically unprotected. You have nobody
shared it, but it's made available if you knew how
to find find it right.
Speaker 4 (21:13):
Wow, that's annoyance. Remember conveniences, it's open. I can share
with my friends and family. I don't need to reshare
every time. Convenience is good for them as well, the
attackers because now they were able to find that they
were able to open a mortgage house because online you
can buy houses these days.
Speaker 3 (21:29):
Apparently you don't have to go anywhere.
Speaker 1 (21:32):
So, oh my god, I got a question for you, Victory,
because a number of our clients have not all, but
many of them are professional services. I've spent twenty five
years in the environmental consultings and there's a question of
oftentimes I deal with business owners of should we issue
hardware to our employees or contractors? Did they use their own?
(21:54):
You know, because you can obviously control the different ways.
What's been your experience, Victor, as far as an annoyance
versus convenience in ways with the way you work with clients.
Speaker 4 (22:04):
Annoy people who have the most power. So I'll give
you an example. People with the most access. I know
this is going to sound very rude, but the CEOs
or the CFOs or the CIOs who have the most access,
they can log into the places that no other person
can annoy them. Why because if their identity is stolen
(22:24):
the attacker, the hacker can get into everything.
Speaker 3 (22:28):
Convenience.
Speaker 4 (22:29):
Make it convenient for the people who are working which
has the least access. Maybe they only have access to
upload documents or work on an ACCEL or open a
software with multi factor authentication already and they can't damage
that much. To you, every organization is different, every tier
is different, every workforce, how they plan for their organization
(22:51):
is different. So don't annoy everybody, but don't make it
convenient for everybody, especially the top executives who have the
most acts for the IT super admins who have the
most access.
Speaker 2 (23:05):
Mm hmm. That's a great point.
Speaker 1 (23:07):
Yeah, make it make it more inconvenient for them, because
there's more risk. Just again we're saying evaluate that. What
makes sense. And I think Victor, I would imagine as
you're doing this and working with folks you have, it's
not probably a one. And then like TIG ongoing training
and awareness, Victor, as you you know right, speak a
(23:28):
little bit to that.
Speaker 3 (23:30):
Yeah, I'll give you a good example.
Speaker 4 (23:31):
Actually, recently I was setting up a direct way from
my vendor in Wells Fargo, and kudos to Wells Fargo
by the way, and they had a simple option there
low threshold which was I think one thousand dollars or
five thousand dollars. Can remember you can go through a
multi factor with your pass key my threshold. You must
take the hardware or set token and in it you
(23:55):
click on that little question mark. They had a proper
videos why they're asking. It's a kind of enablement training
that I would like to see in organizations. Again, it's
not easy for the small or medium sized businesses to
do it because it requires planning, it requires resources, requires money.
They would rather fill up inventory then spend money on
(24:16):
the cybersecurity or digital security, your training and all that.
So again, nothing wrong, that's what's working out in the past,
but now it's not going to The cases are increasing
where the small and medium sized businesses are being attacked
and targeted. So back to training. Make your vendors train
(24:38):
your employees so that you don't have to What I
mean by that, you must have some sort of solution,
You must have some sort of a platform that you're
using in your SMB. Ask them simple question you can
ask your Internet service provider, Hey, do you give internet
security or cybersecurity trainings? Or do you have any videos
I can share with my employees free? Doesn't cost you anything.
(25:02):
Leverage those trainings. Now, if you are above the threshold
of SMB, obviously you're gonna create tailored content for your organization.
If you are a healthcare institution, you might create content
for that. If you are a financial institution, you might
create content for that, or you might leverage companies to
create content for you. Again, it really depends on the
(25:23):
risk factor. What are you're trying to tell people? Your
employees the point or I'll give you, don't overtrain them.
Nobody likes to actually listen to the information that's not
relevant to you or cannot apply. Give them scenarios that's
their day job. Don't give them scenarios that is so
hypothetical that they're like, well.
Speaker 3 (25:45):
That's only going to happen in Matrix the movie.
Speaker 1 (25:47):
Want Yeah, right, Well, and I know you know, cybersecurity
insurance is becoming Obviously it's benefit, but it seems to
be more.
Speaker 2 (25:56):
Because of like you said, these attacks.
Speaker 1 (25:58):
Now, AI right, and if correct me if I'm wrong, Victor,
But if we're if we're engaging somebody obviously like you
are getting the training, does that help at least show
the insurance ass that're working them, like, hey, look we're
doing taking proactive measures to like you're always like looking
to say costs, right, so if hey, like we were
paying for this, it could produce some costs and maybe
(26:19):
you know, the insurance that we're going to be paying
or whatnot. I don't know if that something in the
industry that you're seeing victor.
Speaker 4 (26:24):
One percent and that's that's not something that I have
seen the SMBs even like entertaining cyber insurance. But for
those who are considering old enterprises or corporations or organizations,
cyber insurance used to be and vivially, I remember about
twenty twelve one checkbox do you have network security? They
(26:46):
used to even not call cybersecurity network security, which means
you have a firewall and that's about it, or antibidrus
and then yes, you get these waivers which means if
your premium was nineteen thousand, since you have network security,
maybe sixteen thousand. Now there's about one hundred and ten
page document, Oh my gosh, that you have to prove
(27:08):
that you have a skilled person on staff or retainer,
what security solutions are using, How can they protect if
the ransomware comes in? Because what happened between twenty twelve
and twenty twenty five, ransomware attacks happened, companies turned to
cyber insurance that well, pay up. That's what I bobb.
(27:29):
The issuance for underwriters became smart. They said, well, if
we're gonna keep paying, let's make sure that they're doing
everything in their power. It's exactly the same thing. If
you buy a home insurance, they ask you, do you
a paadlock? Do you have a CCTV camera? Do you
have locks? It's exact same again. I keep comparing to
the physical security because that's what it's been there from
(27:52):
since the dawn, right ciber insurance NUMBERK, security insurance or
whatever you want to call it. Today, at the end
of the day, you have to prove that you are
doing everything in your power to protect yourself. Then I'm
going to ensure you. And then something happens. Let's talk
about it. It's not as simple as a checkbox that
now security, yes, lower premium off you go.
Speaker 1 (28:15):
Yeah, absolutely, Well, so to the point, victor, walk me
through a little bit. So if I'm a small or
medium sized business and I know you've been helping and
targeting this area, looking like, hey, they don't have a
lot of security expertise.
Speaker 2 (28:27):
You highlighted what can they is there?
Speaker 1 (28:30):
Like, I mean walk me through there like a checklist
or way that they can start to be aware. Obviously
they can engage somebody like you. I want them to
like talk to How do they know who's a good
person to talk right that knows their stuff is ask
you know, asking the right questions so that.
Speaker 3 (28:47):
They're it's funny you asked here.
Speaker 4 (28:51):
I actually so I asked the during my research, I
asked would you pay for clybri insurance? And about again
ninety percent people said why would I I have an
insurance that covers my organization or my establishment?
Speaker 3 (29:08):
And they don't. First, they don't.
Speaker 4 (29:09):
See the difference what cebrations versus there whatever the business insurance. Second,
it's going to be chicken an egg. Cebration is going
to require you to have some sort of dow care
for your organization when it comes to cyber like maybe
a firewall, antivirus, slash dr slash XTR, maybe a separated
network for your guest versus your critical applications. If you
(29:33):
don't have the basics, cybrations will not make sense because
the premium is going to be so high that you
won't be able to digest. So the five things I
had suggested as a walk away and that that was
my deal, that hey, let me, you will research on you,
and I'll give you five things that you can do.
Common five things most of the organizations that who are
(29:53):
either starting in IT security or have not even considered
first was steparate your network using a firewall, your guest
network and your critical network. It is easy to do it.
You can have a firewall expert come in. It's one
time set up, not a whole lot that you have
to care and love, but if you want to, sure,
(30:15):
but at the end of the day, it's a bare minimum.
Steparate networks first thing. Second, if you bring your personal
computer at work as well. Yes I'm using the terms
that only enterprises use, but if you're using the same
computer at home for your kids assignment and same computer
at work to pay your vendors, start considering a password manager.
(30:40):
There are plenty out there. I'm happy to give recommendations
if anybody wants to reach out to me on LinkedIn.
I advocate some of them, but at the end of
the day, get a pastor manager. Why the new passwor managers.
You don't have to have the two factors separate on
your phone or email. All of that is integrated as
a past key, which means convenience, but you get more security.
Speaker 3 (31:02):
Now.
Speaker 4 (31:04):
Third, what I recommended was again, now you have your organization,
start considering if you have IoTs separate network again going
back to the first point, separate network for that. So
if you're a vending machine, if you have a door bell,
if you're a camera, if you have automatic locks or.
Speaker 3 (31:22):
Anything separting that.
Speaker 4 (31:25):
The last and the most important is start informing your
employees when they punch in or pus system what is
cyber hygiene. And rely upon your vendors like Internet service
provider or reach out to your local IT security guys
if they can give you a free trading if you will,
(31:45):
and if you like it, maybe put them on retainer.
But try to get something so you start getting mindset
where your people punch in punch out. Maybe you're on
a laptop, iPad or traditional way of a machine. I
have the latest cyber threat news which has been very
impactful by the way, because it's top of your mind
(32:06):
when you're punching in or clocking out, and you're like,
oh my god, if this happened to organizations, or this
happened to our local news, by the way, if this
happened to you in my neighborhood, I should be worried
about it. Yeah, simple things. Again, tiny habits can change it.
But the biggest the takeaway is start somewhere, which is
(32:28):
network segmentation. You can't use the same network. And that's
been the most important and the fundamental thing that people
when they change it, they drastically change their tack surface.
Because now if I'm coming to your organization, if I'm
coming to your shop from the guest Wi Fi, I
can get your laptop from the doorbell or vending machine.
(32:50):
I can get your laptop from Internet. I can directly
go to your laptop. Yes, it will require a person
or someone expert in that domain to do it, but
that's what the doorbells, and that's where the CCTV cameras,
and that's where the doors and windows you are investing in.
Speaker 3 (33:06):
This is another form of it. This is another line item.
Speaker 4 (33:08):
This is not I don't need to get fancy this
is bare minimum doors for your ID assets.
Speaker 3 (33:15):
Yeah.
Speaker 1 (33:15):
I think if you're anybody's hearing that, you're like, okay,
that's definitely one thing. Will follow up question you mentioned
about like a past which I happen to use a
password because you mentioned them.
Speaker 2 (33:26):
I know this is the fact for.
Speaker 1 (33:27):
A lot of professional services I you work with in
the environmental world anyway, because they are using a personal laptop.
Let's say, Victor, would you also add to say, I've
really send this. I would love your thoughts on this.
To create maybe a two different log in accounts. So
one that's a business specific log in account, personal account.
Speaker 3 (33:45):
Yeah, that's what I'm in.
Speaker 4 (33:46):
So when i'm pastor manager like your company passor manager
if you want so, I have completely two separate so
every person they are free to choose whatever they want,
however they want to keep their passwords on a sticky note,
or they remember the same password for all the accounts.
Terrible idea, by the way, Yes, but for your company,
for your organization, it's four or five bucks per month
(34:07):
these days, it's not that expensive investment. Honestly, it will
save you that hassle that the liquor store had to
go through where the passwords were literally in a plain
text file on their desktop.
Speaker 3 (34:19):
The file name was passwords.
Speaker 2 (34:21):
Oh my goodness, and that's when.
Speaker 3 (34:23):
You're attracting everybody that come come find.
Speaker 1 (34:26):
Me please, Oh my gosh. I know we're getting to
the end of the podcast episode Victory here. You've hit
so many good points on these last few ones have
been fantastic. And and to make sure that everybody can
again connect with you on LinkedIn.
Speaker 2 (34:37):
Victor and I are on LinkedIn.
Speaker 1 (34:38):
We're going to put the ways you connect with him
on there. He's got so many great initiatives there, you
guys are we're just scratching the surface. He's got his
own podcast as well. You can go check that out.
And so I hope everybody's listening and they're thinking a
little differently about technology, cybersecurity, about how they can approach
it differently mentioned mindset, how we can do this and
(34:59):
recogniz seeing that unfortunately in today's world, we all you know,
it's just you know, it's just a matter of time
where all can be attacked at some point because most
of us have something maybe you know, maybe you don't
think it's super valuable, but somebody else doesn't have it.
And they want but you don't, but they don't have, so,
you know, being proactive, being more strategic. That's the one
thing I definitely heard from you, Victory. Okay, don't just
(35:22):
be just tactical. There's some more things we do here.
And then, of course, I'm sure Victor, depending on the business.
As you get in there, you can you're gonna unveil
or you find some other things you're like, hey, I
didn't even know about that.
Speaker 2 (35:32):
I didn't think about that.
Speaker 1 (35:33):
And that's why binding somebody like yourself, Victor, come in
look at it, do an audit, get a better sense
of what's the exposure really is. Victor, again, I want
to thank you for being here. Last, I just want
to give you an opportunity last maybe thoughts or if
if anybody's listening and we've covered a lot of ground
here that you'd want to share with them, just say
if there's something they should do today or consider.
Speaker 4 (35:56):
The one thing I would recommend, especially everybody who's listening,
either for personal or for your small business, small medium business,
one hour. Just think of one hour per day, per week,
per month, per year, whatever that is. One hour start today,
then one hour thinking about your it cybersecurity. Just one hour.
(36:17):
Put a timeer on your phone as another one hour.
Get up, start going back to your business, start doing
your day thing for one hour. Just commit that one
hour and then grow from there. Because that one hour
is the eye opener, light bulb moment that you're going
to need. You just haven't been able to dedicate that.
So if you listen to this podcast today, just one
hour per day, per week, per month, per year, I'll
(36:39):
let it let I'll let you choose that second. Whatever
your net and will gross income is one percent of that,
start putting into piggyback whatever that that one percent looks like,
that is your for you to spend on it cybersecurity
(36:59):
and grow there.
Speaker 3 (37:01):
One hour, one percent. That's all I'm asking for.
Speaker 1 (37:04):
There you go. Thank you so much, Victor. Of course,
we appreciate all of you guys following along forget them where,
whether you're finding us on YouTube or your favorite podcast platform,
we appreciate you coming along the journey with us. I
hope you'll come back a week after week. We great
(37:25):
guests like Victor on here. If you're interested, you want
to join us, You're more than welcome. Reach out to
me Podcasts judyourbusiness dot com. I appreciate you all being here. Victor,
thanks again for being with us on the podcast.
Speaker 3 (37:35):
And thank you, thanks David, and thank you everybody listening
to us today.
Speaker 2 (37:39):
Thanks everybody. Until next time, be well,
Hello, and welcome back to the Business Roundtable podcast. I
am your host, David Carr or stud your business where
I bring people together to accomplish great things, and that
includes Victor Manga, one of our new guests here to
the podcast.
Speaker 2 (00:44):
Victor's got a wealth of experience.
Speaker 1 (00:45):
We're going to get into cybersecurity technology, all sorts of things,
but before we do that, just want to welcome you,
Victor to the podcast.
Speaker 3 (00:53):
Thanks very thanks for having me.
Speaker 1 (00:54):
Absolutely absolutely we cover so many different topics here on
the Business Roundtable because we're trying to help business owners,
team leaders lead better, be more aware and also know
where to turn to get some resources to get some
help along their journey. And Victor, I'm glad to have
you here because you bring a different perspective and understanding
in the world that we live of cybersecurity, AI technology.
(01:18):
It's going very fast and we can easily get tripped up,
and so you're going to dive us into this. But
before we get into that, I want to I want
folks to know a little about your journey, Victor.
Speaker 2 (01:31):
What got you to this place and why do you
do what you do?
Speaker 1 (01:34):
What is it that you know makes you get up
in the morning and say, man, this is important to
be right into the.
Speaker 2 (01:39):
World, so just tell us a little about your journey.
Speaker 1 (01:42):
Uh and uh, we'll let everybody listen in to Victor
here today.
Speaker 3 (01:46):
Yeah, thank you. So absolutely my show up at is
I got it.
Speaker 4 (01:51):
I got into it cybersecurity by chance, not by choice.
And what I mean by that is so I was
born and raised in India and two older sisters. They
both highly talented, and they wanted to study. Unlike me,
I want I always find shortcuts. So they went into
medical They studied medicine. And in a middle class family
(02:15):
in India, especially in North India, usually you have two choices.
You go into medicine or you become an engineer. Engineer
is easier in a way, and that medicine for me,
so I went. I went into engineering, and in that
they had different majors. You can have civil engineer, mechanical, electrical, computers.
(02:38):
I always liked playing computer games growing up, so like,
why not let's try computer science for majors. And when
I got into my college the first year, by the way,
I'm going to age myself.
Speaker 3 (02:53):
At that time, Wi Fi was new, yeah yeah, and streaming.
Speaker 4 (02:57):
Services was new, so I want to learn more how
to hack into college Wi Fi so I can stream
movies and play view games later at night with my friends.
That really took me, again by a chance, not by choice,
into cybersecurity.
Speaker 3 (03:14):
I ended up founding a.
Speaker 4 (03:16):
Firm with two of my professors for ethical hacking, and
again by a chance, because I wanted to always find
a way to do the smart way, not the long
way or the hard way. And that's just got into cybersecurity,
did a lot of ethical hacking, and ultimately started helping
Fortune five hundred companies here in the US to build
(03:36):
their cybersecurity program so that at least they can minimize
and contain the problem of cyber attacks. You can make
a fool proof. It's not a thing. There's no one
hundred percentile. So yeah, that's all I got it.
Speaker 2 (03:49):
Yeah, No, that's interesting.
Speaker 1 (03:52):
Well I'm glad that you turned it around your your
hacking in college for hey you want to get streaming
this that Yeah, I remember that, But then I actually
taking it in and making it ethical, like saying, how
do we help you know, identify these holes these areas.
I think that's I mean, that's so important victory because
you want somebody in a good way like right, testing
your system where there's something before the bad guys come.
Speaker 4 (04:16):
Yeah, and again this is not natural or easy. I
lot people, especially baby boomers like my dad or my granddad,
they don't think it that way because they grew up
in an era where it or interconnected systems were not
a thing. Right now, from my computer that's connected to
my cell phone, cell phone connected to my Amazon Echo
(04:39):
that's connected to my doorball, I think about these things.
They're connected, and all it takes is just have an
adversary driving by your street. See there's an opener week
Wi Fi network, get into that, get into a doorbell
or an IoT or fridge or something new that you
just pought which has Wi Fi, and you connected with
your password that has connection to your laptop or phone.
(05:03):
That's all it's taking, honestly, and ever say that are
becoming smarter. They are thinking that if I go fortion
five hundred and I'll go after fortune five hundred. They
have the world class cybersecurity technology, the best people, why
not just multiply in the neighborhood where there's a wealth
in their bank accounts and just hack into their WiFi,
(05:25):
hack into their IoTs.
Speaker 3 (05:27):
That's becoming the new name of the game.
Speaker 2 (05:29):
Hm. Wow.
Speaker 1 (05:32):
And that's why I want you to have on here, Victor,
because if you guys aren't hearing this or thinking about this,
I know sometimes it isn't quote sexy cybersecurity that I see,
but it's it's absolutely necessarily wanting to get into how
it can be a growth engine if you're if you're
playing it well.
Speaker 2 (05:45):
But Victor, to your point, you know you're moving from just.
Speaker 1 (05:49):
Tactical Hey, here's that and that, but I feel like strategically,
like you said, maybe we're thinking about these things before,
how interconnected. I really got to think more strategically in
how we're addressing this. And I want to give you
on the podcast. I mean, how did you how have
you seen or how have you even yourself moved in
that way?
Speaker 3 (06:07):
Yeah, what I've seen.
Speaker 4 (06:08):
I'll share a little research I did in twenty twenty four,
So I wanted to know more about the small business
space because again, enterprises, they have the best in the
pre best best people, best resources, best technology when it
comes to cybersecurity or I the innovation, all of that,
but when it comes to small or medium sized businesses,
(06:30):
I wanted to learn more about how did they protect
their businesses. How do they think about when they go
connect their new device to their current network, what goes
in and out of their network? So I want to
do a little research on my own, so I picked
about fifty two I'm calling them companies, but merely their
mom and pop shop like your liquor store at the
(06:51):
corner or peed kitchen.
Speaker 3 (06:54):
We have it here.
Speaker 4 (06:56):
Again, it's it's something that you just see and use
regular early. But they don't have the best it if
you will. Yeah, almost ninety five percent of that research
was they have a standard internet nothing wrong with it,
but a standard internet line Wi Fi provided by that
internet provider, and they connect everything from their POS sales
(07:20):
system where they are actually taking your credit card from,
to their anything bank accounts where they transfer funds to
their vendors or pay invoices.
Speaker 3 (07:29):
Of course they have to pay that as well to
their Wi Fi for the guests.
Speaker 4 (07:35):
So if I walk into that establishment, they'll say, hey, yeah,
we provide free Wi Fi. That's the same Wi Fi
they're using for their POS and invoicing and their bank
accounts and their laptops all of that. So then I
started asking the questions from the owners or the founders
that who's also working there by the way most of
(07:57):
the time. What do you do for it? And they're like, well,
I have the Internet and I have the computer. That's
the four by four they're thinking, when it comes to it,
that's the box they're in that I have the Internet
working and I have the computer working.
Speaker 3 (08:12):
That's about it.
Speaker 4 (08:14):
And then again, being the researcher, I asked them follow
up questions, are you not worried that you'll have a
cyber attack or if someone can actually attack your network?
And the usual answer, I'm not kidding. And this cracked
me up. They're like, why would they Why would they
attack me? There are billions and trillions of dollars in
the world. Why would they attack me? Now, that's that's
(08:37):
where the problem is. Why would they attack me? Is
the mentality which really is going to bring us down.
Why would they attack me? Well, you have a penny
to save us? Well, you have a bank account, you
have something to lose. They will come after you. They
just haven't yet. You just don't know about it. They
will come after you. True story. Liquor store I won't
(09:01):
name the name, and they picked up a new vending
machine where you can just use Wi Fi to connect
and people can pay with their phone or with their
credit card so that the person doesn't have to come
out of the cashier's desk. And actually so convenience right
perfect connected to the same WiFi and which they use
(09:24):
for their computer, their bank account, they log in and
they pay the invoices, all of that right, what I
just talked about, that vending machine had a vulnerability that
the owner didn't know about it. Why would they That's
not their job nor they should be aware of it. Again,
at the end of the day, they are running the business.
Small business again, that vending machine. Someone actually I don't
(09:48):
know how or where someone from the Internet were able
to discover that. They didn't even come there physically. That's
a surprising part. Wow, someone scanning the Internet. That happens
a lot, by the way, just like people used to
go dumpster diving, I don't know, in the eighties and
nineties looking for stuff. They're just looking for a way in.
Speaker 2 (10:06):
Huh.
Speaker 3 (10:07):
Yeah.
Speaker 4 (10:07):
So someone from the Internet found out that vending machine
had the Internet address directly connected with the Wi Fi
that the person is using. They did not attack or
they didn't do anything for about eight months. That adversary
who found out about this vulnerability, this foothold didn't do
anything for about six to eight months.
Speaker 3 (10:29):
After eight months, they got.
Speaker 4 (10:31):
The passwords, they knew hord to log in, what time
the log in, what happens when is the right time
of the traffic, and they were able to wipe out
the bank account of the owner. FBI complaint was lodged.
But again, think about the headache that the owner had
to go through, now, the stress they had to face.
Speaker 3 (10:51):
You don't want to be one of that.
Speaker 4 (10:53):
Right Again, back to the mentality of why would they
hack you? Why would they come after you? You have
a money, you have a family, you have a business,
they've come after you.
Speaker 1 (11:03):
Yeah, Well, to your point, Victor, I've seen this even,
you know, because I do work a lot in the
professional services world.
Speaker 2 (11:08):
Right, So same thing.
Speaker 1 (11:09):
Right, people are getting computers, getting access and I've worked
on uh big big companies or utilities or you know,
they're there. There's some protected information they need to be
sure that's protected. And I can't tell you victory even
just I mean, this is simple stuff. But you know
they haven't updated, Like to your point, they haven't updated
(11:30):
the computer. So now it's out of date and they're
logging in somebody's priver server or whatever. And in end,
like you said, that's the sinister part, like you said,
is I mean, obviously they took advantage of it, but
they're there, they were varis. They could have dived done
something right away, but they waited for months gathering all
(11:50):
this information. So you may not know until it's too late.
Obviously in this case it was too late. And I
do think a lot of people, like you said, Victors,
say well, you know, why why.
Speaker 2 (12:02):
Would they pick be?
Speaker 3 (12:03):
You know?
Speaker 2 (12:04):
Yeah, and so we kind of defer.
Speaker 1 (12:06):
And I see this a lot in other areas of
business where instead of being more proactive, And that's why
I wanted to have you on the podcast, Victor, this
does those wee folks can listen to say, well maybe
I don't I don't know what to do, but I
want to do something. I want to be proactive, right,
you have something in there and look at like what's
going on?
Speaker 4 (12:25):
Why do they weight? I get this question a lot.
Why did they weight for six to eight months? So
they already know about you, They already know the passwords,
or they figured out where to log in, how to
log in what they're really after after you where they
go your friends, your contact list. You know, we all
have seen those emails sometimes that.
Speaker 3 (12:46):
That we are like, why did I get it?
Speaker 4 (12:48):
Well, one of your friends was actually hacked who had
your email address or phone number. The adversary or the
cyber attacker is actually using that contact list to say
you the phishing or scam email, so that maybe you
might fall for that, because again, friends make friends who
are kind of the same age range, if you will,
(13:10):
or who like the same things, or like to go
to the same bars, or maybe like to go to
the same racing racing competitions or whatever that is, the
habits are almost the same, so the attackers don't have
to create a new scam. They can just follow the
same scam around your friends as well. And if you
were not fast enough to inform your friends, maybe they'll
(13:31):
be able to fall for that as well. So it's
it's it's a it's a funny way, not not so funny,
I guess, but it's it's an ironic way of actually
thinking where not only you were going to lose everything,
you are also leaving a door open for your friends
and family because they are also collected with you.
Speaker 1 (13:54):
So yes, think about that as well. Absolutely, No, you're
absolutely right. How many times have we seen something go through?
That's that's so important? So what I what I hear
you say? So in this example you give this unfortunately
clickuor store, it's not only doesn't protect it, but now
it's actually like they they've now been exposed and now
(14:14):
it's actually like their business has basically stopped. I mean,
I mean if their their bank accounts are taken, they
have no money, they've locked up their business. So on
the flip side, Victor, I think we were talking before,
but we can say that cybersecurity doesn't protect us, actually
can fuel the business, can actually protect you and actually
have the business grow if done right.
Speaker 4 (14:36):
Yes, And the analogy I want to give to you
all is think about a venue, or think about your
home or business something you want to protect. You buy doors,
you have locks. Some of us buy CCTV cameras. Some
of us actually get those sensors which will alert if
(14:56):
the window was left open, or the door was open,
or the garage door is left open. And the extreme
case of that is you also get some sort of
service that if the alarm goes off and nobody disarmed,
that within ten minutes, then they'll call the local police station.
Speaker 3 (15:13):
It's the same.
Speaker 4 (15:15):
Exact same ways to protect your digital welts. Now, m
we have the doors, we have the windows, we have
the locks, we have the CCTV cameras, we have all
of that. We just name them differently in cybersecurity, but
that's what it is. You have physical security for your
home or office or something else, you have cybersecurity for
(15:37):
your digital footprint. That's the same mindset that you're going
to have to start bringing it, especially again with the
rise of AI, the autonomous things are gonna start saying
now you're going to have to think about it where
maybe I actually bought something.
Speaker 3 (15:58):
Three months ago that.
Speaker 4 (16:02):
Vendor or e commerce website was attacked, where they have
my information, That information is going to get cataloged into AI.
So if I go into a and asked for about myself,
there's information something that I was like, well, I didn't
know that.
Speaker 3 (16:15):
It's out died in the Internet.
Speaker 4 (16:18):
And as last month AI indexed the whole Internet, it
knows it.
Speaker 3 (16:26):
Wow.
Speaker 1 (16:26):
Well to your point, Victor, I mean I've had I mean,
thankfully I'm paying attention to these things, but I've had either.
Speaker 2 (16:33):
Text is one of them.
Speaker 1 (16:34):
I've noticed one technique where they'll text me and ask
me to do something acting like another person that I know, right,
because you're, like you said, your friends and if you're
not being careful and now with AI can sound very
authentic like the other person, and so you could easily.
Speaker 2 (16:50):
Be tripped up. So how have you I would love
to ask, because.
Speaker 1 (16:53):
Before we start recording this human connected point of it,
So how have you helped? Like you said, this mindset
led teams are helped others in this you know, to
start to think differently picture not just the business owners, right,
I mean certain the business owner, but you've got to
be the rest of the people in the organisms do
thinking differently about our approaching.
Speaker 4 (17:12):
Yeah again back to the same analogy. You start thinking
that if a stranger walks into your home, can they
get to the safe that you have in your bedroom
behind the walking closet and that you have your clothes
in front of it?
Speaker 2 (17:28):
Mm hmm.
Speaker 3 (17:29):
Think into those those.
Speaker 4 (17:31):
Circles, if you will, they got into the outer circle,
can they get into the inner circle?
Speaker 3 (17:36):
And that's the same thing in digital fort print.
Speaker 4 (17:39):
If I were to get to your bank account, or
if I were to get to your wherever you keep
your money.
Speaker 3 (17:46):
What are the steps? You know?
Speaker 4 (17:48):
It's it's a again. I did a research on this
one as well a long time ago. It's one of
the bad habits annoyance versus convenience. Annoyance is that to
get to my bank account, I use a physical UBI key.
That's the only way with my password. With the UBI key,
which is a physical little USB or you can have
(18:10):
a pass key these days that's digital that you don't
have to carry around with you. But ultimately something more secure,
something more which doesn't rely upon the one time passwords
come into your phone because that can be hacked as
well or intercepted. But anyways, the annoyance is that I
can't just go into any computer a log into my bank.
Speaker 3 (18:30):
That's not a thing for me.
Speaker 4 (18:32):
But that's also annoying in a way because it is
not convenient. I was traveling with my family and I
needed to log into my bank acount and I forgot
to bring my ubikey.
Speaker 3 (18:43):
You know how annoying that was.
Speaker 2 (18:44):
Oh yeah, I couldn't.
Speaker 4 (18:46):
Now that's where the convenience comes in. I wish I
hadn't done all this, then I would have been able
to log in. So that's the the balance. You're going
to start thinking about how much risk can you take.
Speaker 1 (18:57):
It's a family, yeah you go to be yeah, yeah,
but what's the risk of and so you have I think,
you know, you have to evaluate that of like you said,
the convenience versus being you know, inconvenient. You know, like
you said, it's at some point. I was talking to
my wife the other day where I log into website.
She's like, why does it have this multi factor thing?
(19:18):
And then I gotta go this and then it checks
me email. I'm like, well, it's just because of the
things that you're saying. It is an inconvenience to a degree,
but it's protecting you for Like you said, if a
minute like wide open, that's not good either.
Speaker 4 (19:31):
Right, It's the same thing. If you are annoyed, it's
always going to be the hacker that who's trying to
get to you. If you make convenient for yourself, you're
making convenient for them as well. It's literally that simple.
Think about this. Your bank account or your saving account
or your for one K account, wherever you keep your money,
and if that's substantial money that you have and then
(19:54):
you care for it, then yeah, protected, and money is
not the only thing. Actually, I should really high at
one part your important documents.
Speaker 3 (20:02):
Where you have your let's say, your.
Speaker 4 (20:04):
Home deed or your insurance document, your driving license, your passports.
Everybody liked to scan these days because we have to
upload two different platforms to prove your identity. Don't keep
into one folder. First of all, don't have that folder unprotected.
Make sure that's protected, because that is also money. You
don't realize. We actually worked, you know, on a case
where someone identity from California, Los Angeles was stolen and
(20:29):
they actually had two mortgages going on.
Speaker 3 (20:32):
They bought a house.
Speaker 4 (20:33):
They didn't realize they were living on a rental here
any scores. They figured that out eventually. Then they froze
their credits and all that. But again convenience annoyance. They
had all of their folders in a G drive. They
didn't realize that ged drivers open public. Anyone on the
internet can scan that. Anyone literally, you think that randomly
(20:57):
generated you are that nobody will be able to remember
they don't need to. There are scanners on the internet
who are looking for those g drive links.
Speaker 1 (21:06):
Just those open links are basically unprotected. You have nobody
shared it, but it's made available if you knew how
to find find it right.
Speaker 4 (21:13):
Wow, that's annoyance. Remember conveniences, it's open. I can share
with my friends and family. I don't need to reshare
every time. Convenience is good for them as well, the
attackers because now they were able to find that they
were able to open a mortgage house because online you
can buy houses these days.
Speaker 3 (21:29):
Apparently you don't have to go anywhere.
Speaker 1 (21:32):
So, oh my god, I got a question for you, Victory,
because a number of our clients have not all, but
many of them are professional services. I've spent twenty five
years in the environmental consultings and there's a question of
oftentimes I deal with business owners of should we issue
hardware to our employees or contractors? Did they use their own?
(21:54):
You know, because you can obviously control the different ways.
What's been your experience, Victor, as far as an annoyance
versus convenience in ways with the way you work with clients.
Speaker 4 (22:04):
Annoy people who have the most power. So I'll give
you an example. People with the most access. I know
this is going to sound very rude, but the CEOs
or the CFOs or the CIOs who have the most access,
they can log into the places that no other person
can annoy them. Why because if their identity is stolen
(22:24):
the attacker, the hacker can get into everything.
Speaker 3 (22:28):
Convenience.
Speaker 4 (22:29):
Make it convenient for the people who are working which
has the least access. Maybe they only have access to
upload documents or work on an ACCEL or open a
software with multi factor authentication already and they can't damage
that much. To you, every organization is different, every tier
is different, every workforce, how they plan for their organization
(22:51):
is different. So don't annoy everybody, but don't make it
convenient for everybody, especially the top executives who have the
most acts for the IT super admins who have the
most access.
Speaker 2 (23:05):
Mm hmm. That's a great point.
Speaker 1 (23:07):
Yeah, make it make it more inconvenient for them, because
there's more risk. Just again we're saying evaluate that. What
makes sense. And I think Victor, I would imagine as
you're doing this and working with folks you have, it's
not probably a one. And then like TIG ongoing training
and awareness, Victor, as you you know right, speak a
(23:28):
little bit to that.
Speaker 3 (23:30):
Yeah, I'll give you a good example.
Speaker 4 (23:31):
Actually, recently I was setting up a direct way from
my vendor in Wells Fargo, and kudos to Wells Fargo
by the way, and they had a simple option there
low threshold which was I think one thousand dollars or
five thousand dollars. Can remember you can go through a
multi factor with your pass key my threshold. You must
take the hardware or set token and in it you
(23:55):
click on that little question mark. They had a proper
videos why they're asking. It's a kind of enablement training
that I would like to see in organizations. Again, it's
not easy for the small or medium sized businesses to
do it because it requires planning, it requires resources, requires money.
They would rather fill up inventory then spend money on
(24:16):
the cybersecurity or digital security, your training and all that.
So again, nothing wrong, that's what's working out in the past,
but now it's not going to The cases are increasing
where the small and medium sized businesses are being attacked
and targeted. So back to training. Make your vendors train
(24:38):
your employees so that you don't have to What I
mean by that, you must have some sort of solution,
You must have some sort of a platform that you're
using in your SMB. Ask them simple question you can
ask your Internet service provider, Hey, do you give internet
security or cybersecurity trainings? Or do you have any videos
I can share with my employees free? Doesn't cost you anything.
(25:02):
Leverage those trainings. Now, if you are above the threshold
of SMB, obviously you're gonna create tailored content for your organization.
If you are a healthcare institution, you might create content
for that. If you are a financial institution, you might
create content for that, or you might leverage companies to
create content for you. Again, it really depends on the
(25:23):
risk factor. What are you're trying to tell people? Your
employees the point or I'll give you, don't overtrain them.
Nobody likes to actually listen to the information that's not
relevant to you or cannot apply. Give them scenarios that's
their day job. Don't give them scenarios that is so
hypothetical that they're like, well.
Speaker 3 (25:45):
That's only going to happen in Matrix the movie.
Speaker 1 (25:47):
Want Yeah, right, Well, and I know you know, cybersecurity
insurance is becoming Obviously it's benefit, but it seems to
be more.
Speaker 2 (25:56):
Because of like you said, these attacks.
Speaker 1 (25:58):
Now, AI right, and if correct me if I'm wrong, Victor,
But if we're if we're engaging somebody obviously like you
are getting the training, does that help at least show
the insurance ass that're working them, like, hey, look we're
doing taking proactive measures to like you're always like looking
to say costs, right, so if hey, like we were
paying for this, it could produce some costs and maybe
(26:19):
you know, the insurance that we're going to be paying
or whatnot. I don't know if that something in the
industry that you're seeing victor.
Speaker 4 (26:24):
One percent and that's that's not something that I have
seen the SMBs even like entertaining cyber insurance. But for
those who are considering old enterprises or corporations or organizations,
cyber insurance used to be and vivially, I remember about
twenty twelve one checkbox do you have network security? They
(26:46):
used to even not call cybersecurity network security, which means
you have a firewall and that's about it, or antibidrus
and then yes, you get these waivers which means if
your premium was nineteen thousand, since you have network security,
maybe sixteen thousand. Now there's about one hundred and ten
page document, Oh my gosh, that you have to prove
(27:08):
that you have a skilled person on staff or retainer,
what security solutions are using, How can they protect if
the ransomware comes in? Because what happened between twenty twelve
and twenty twenty five, ransomware attacks happened, companies turned to
cyber insurance that well, pay up. That's what I bobb.
(27:29):
The issuance for underwriters became smart. They said, well, if
we're gonna keep paying, let's make sure that they're doing
everything in their power. It's exactly the same thing. If
you buy a home insurance, they ask you, do you
a paadlock? Do you have a CCTV camera? Do you
have locks? It's exact same again. I keep comparing to
the physical security because that's what it's been there from
(27:52):
since the dawn, right ciber insurance NUMBERK, security insurance or
whatever you want to call it. Today, at the end
of the day, you have to prove that you are
doing everything in your power to protect yourself. Then I'm
going to ensure you. And then something happens. Let's talk
about it. It's not as simple as a checkbox that
now security, yes, lower premium off you go.
Speaker 1 (28:15):
Yeah, absolutely, Well, so to the point, victor, walk me
through a little bit. So if I'm a small or
medium sized business and I know you've been helping and
targeting this area, looking like, hey, they don't have a
lot of security expertise.
Speaker 2 (28:27):
You highlighted what can they is there?
Speaker 1 (28:30):
Like, I mean walk me through there like a checklist
or way that they can start to be aware. Obviously
they can engage somebody like you. I want them to
like talk to How do they know who's a good
person to talk right that knows their stuff is ask
you know, asking the right questions so that.
Speaker 3 (28:47):
They're it's funny you asked here.
Speaker 4 (28:51):
I actually so I asked the during my research, I
asked would you pay for clybri insurance? And about again
ninety percent people said why would I I have an
insurance that covers my organization or my establishment?
Speaker 3 (29:08):
And they don't. First, they don't.
Speaker 4 (29:09):
See the difference what cebrations versus there whatever the business insurance. Second,
it's going to be chicken an egg. Cebration is going
to require you to have some sort of dow care
for your organization when it comes to cyber like maybe
a firewall, antivirus, slash dr slash XTR, maybe a separated
network for your guest versus your critical applications. If you
(29:33):
don't have the basics, cybrations will not make sense because
the premium is going to be so high that you
won't be able to digest. So the five things I
had suggested as a walk away and that that was
my deal, that hey, let me, you will research on you,
and I'll give you five things that you can do.
Common five things most of the organizations that who are
(29:53):
either starting in IT security or have not even considered
first was steparate your network using a firewall, your guest
network and your critical network. It is easy to do it.
You can have a firewall expert come in. It's one
time set up, not a whole lot that you have
to care and love, but if you want to, sure,
(30:15):
but at the end of the day, it's a bare minimum.
Steparate networks first thing. Second, if you bring your personal
computer at work as well. Yes I'm using the terms
that only enterprises use, but if you're using the same
computer at home for your kids assignment and same computer
at work to pay your vendors, start considering a password manager.
(30:40):
There are plenty out there. I'm happy to give recommendations
if anybody wants to reach out to me on LinkedIn.
I advocate some of them, but at the end of
the day, get a pastor manager. Why the new passwor managers.
You don't have to have the two factors separate on
your phone or email. All of that is integrated as
a past key, which means convenience, but you get more security.
Speaker 3 (31:02):
Now.
Speaker 4 (31:04):
Third, what I recommended was again, now you have your organization,
start considering if you have IoTs separate network again going
back to the first point, separate network for that. So
if you're a vending machine, if you have a door bell,
if you're a camera, if you have automatic locks or.
Speaker 3 (31:22):
Anything separting that.
Speaker 4 (31:25):
The last and the most important is start informing your
employees when they punch in or pus system what is
cyber hygiene. And rely upon your vendors like Internet service
provider or reach out to your local IT security guys
if they can give you a free trading if you will,
(31:45):
and if you like it, maybe put them on retainer.
But try to get something so you start getting mindset
where your people punch in punch out. Maybe you're on
a laptop, iPad or traditional way of a machine. I
have the latest cyber threat news which has been very
impactful by the way, because it's top of your mind
(32:06):
when you're punching in or clocking out, and you're like,
oh my god, if this happened to organizations, or this
happened to our local news, by the way, if this
happened to you in my neighborhood, I should be worried
about it. Yeah, simple things. Again, tiny habits can change it.
But the biggest the takeaway is start somewhere, which is
(32:28):
network segmentation. You can't use the same network. And that's
been the most important and the fundamental thing that people
when they change it, they drastically change their tack surface.
Because now if I'm coming to your organization, if I'm
coming to your shop from the guest Wi Fi, I
can get your laptop from the doorbell or vending machine.
(32:50):
I can get your laptop from Internet. I can directly
go to your laptop. Yes, it will require a person
or someone expert in that domain to do it, but
that's what the doorbells, and that's where the CCTV cameras,
and that's where the doors and windows you are investing in.
Speaker 3 (33:06):
This is another form of it. This is another line item.
Speaker 4 (33:08):
This is not I don't need to get fancy this
is bare minimum doors for your ID assets.
Speaker 3 (33:15):
Yeah.
Speaker 1 (33:15):
I think if you're anybody's hearing that, you're like, okay,
that's definitely one thing. Will follow up question you mentioned
about like a past which I happen to use a
password because you mentioned them.
Speaker 2 (33:26):
I know this is the fact for.
Speaker 1 (33:27):
A lot of professional services I you work with in
the environmental world anyway, because they are using a personal laptop.
Let's say, Victor, would you also add to say, I've
really send this. I would love your thoughts on this.
To create maybe a two different log in accounts. So
one that's a business specific log in account, personal account.
Speaker 3 (33:45):
Yeah, that's what I'm in.
Speaker 4 (33:46):
So when i'm pastor manager like your company passor manager
if you want so, I have completely two separate so
every person they are free to choose whatever they want,
however they want to keep their passwords on a sticky note,
or they remember the same password for all the accounts.
Terrible idea, by the way, Yes, but for your company,
for your organization, it's four or five bucks per month
(34:07):
these days, it's not that expensive investment. Honestly, it will
save you that hassle that the liquor store had to
go through where the passwords were literally in a plain
text file on their desktop.
Speaker 3 (34:19):
The file name was passwords.
Speaker 2 (34:21):
Oh my goodness, and that's when.
Speaker 3 (34:23):
You're attracting everybody that come come find.
Speaker 1 (34:26):
Me please, Oh my gosh. I know we're getting to
the end of the podcast episode Victory here. You've hit
so many good points on these last few ones have
been fantastic. And and to make sure that everybody can
again connect with you on LinkedIn.
Speaker 2 (34:37):
Victor and I are on LinkedIn.
Speaker 1 (34:38):
We're going to put the ways you connect with him
on there. He's got so many great initiatives there, you
guys are we're just scratching the surface. He's got his
own podcast as well. You can go check that out.
And so I hope everybody's listening and they're thinking a
little differently about technology, cybersecurity, about how they can approach
it differently mentioned mindset, how we can do this and
(34:59):
recogniz seeing that unfortunately in today's world, we all you know,
it's just you know, it's just a matter of time
where all can be attacked at some point because most
of us have something maybe you know, maybe you don't
think it's super valuable, but somebody else doesn't have it.
And they want but you don't, but they don't have, so,
you know, being proactive, being more strategic. That's the one
thing I definitely heard from you, Victory. Okay, don't just
(35:22):
be just tactical. There's some more things we do here.
And then, of course, I'm sure Victor, depending on the business.
As you get in there, you can you're gonna unveil
or you find some other things you're like, hey, I
didn't even know about that.
Speaker 2 (35:32):
I didn't think about that.
Speaker 1 (35:33):
And that's why binding somebody like yourself, Victor, come in
look at it, do an audit, get a better sense
of what's the exposure really is. Victor, again, I want
to thank you for being here. Last, I just want
to give you an opportunity last maybe thoughts or if
if anybody's listening and we've covered a lot of ground
here that you'd want to share with them, just say
if there's something they should do today or consider.
Speaker 4 (35:56):
The one thing I would recommend, especially everybody who's listening,
either for personal or for your small business, small medium business,
one hour. Just think of one hour per day, per week,
per month, per year, whatever that is. One hour start today,
then one hour thinking about your it cybersecurity. Just one hour.
(36:17):
Put a timeer on your phone as another one hour.
Get up, start going back to your business, start doing
your day thing for one hour. Just commit that one
hour and then grow from there. Because that one hour
is the eye opener, light bulb moment that you're going
to need. You just haven't been able to dedicate that.
So if you listen to this podcast today, just one
hour per day, per week, per month, per year, I'll
(36:39):
let it let I'll let you choose that second. Whatever
your net and will gross income is one percent of that,
start putting into piggyback whatever that that one percent looks like,
that is your for you to spend on it cybersecurity
(36:59):
and grow there.
Speaker 3 (37:01):
One hour, one percent. That's all I'm asking for.
Speaker 1 (37:04):
There you go. Thank you so much, Victor. Of course,
we appreciate all of you guys following along forget them where,
whether you're finding us on YouTube or your favorite podcast platform,
we appreciate you coming along the journey with us. I
hope you'll come back a week after week. We great
(37:25):
guests like Victor on here. If you're interested, you want
to join us, You're more than welcome. Reach out to
me Podcasts judyourbusiness dot com. I appreciate you all being here. Victor,
thanks again for being with us on the podcast.
Speaker 3 (37:35):
And thank you, thanks David, and thank you everybody listening
to us today.
Speaker 2 (37:39):
Thanks everybody. Until next time, be well,
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!