IT Security: Protecting Your Identity and Finances With Dominic Vogel

Linked here

Lee Michael Murphy
Welcome to the free retiree show. My name is Lee Michael Murphy. I’ve been in wealth manager for last 10 years right in the heart of Silicon Valley. People always ask me, How do I achieve financial independence? The wall of financial world wants you to believe it’s as simple as investing your money. I’m here to tell you, it’s a small piece of the puzzle. I’ve seen four consistent factors in the people that have achieved financial independence. One, they excel in the career, too, they manage your money properly. Three, they’re able to avoid devastating financial mistakes, they can see through the BS. And lastly, they understand they need to learn from the best the people that have achieved success in their career and their finances. Join us on our journey as we learn how to become free retirees.

Welcome into the free retiree show you sit down with wealth manager Lee Michael Murphy, and I am alongside my main man, Sergio Patterson.

Sergio Patterson
What is up everyone?

Lee Michael Murphy
Thank you for tuning into our show today. For today’s episode, we’re going to be talking about cyber security. That’s right, I said it cyber security. So Serg, what do you think important for money? Not not important? What’s your feelings on that?

Sergio Patterson
No, not important at all? No. I mean, as we as we move to this digital, we’re in this digital world, right in the space. We all have our money online. And I say we were joking about it earlier, but I don’t think it gets talked about enough. So I’m excited to have Dominic on just to kind of open up this. Give this for you know, give him a forum and platform to start talking about it and enlighten us a little bit.

Lee Michael Murphy
Yeah, definitely. So as most of you know, we have two main pillars of our show, which are helping people with their finances, and avoiding the devastating financial mistakes. I think this episode is going to hit both of those getting hacked, identity theft falling for fall into a cyber breach. All these things could be extremely costly, and they can impact you personally and impact a business and it can be devastating. So guess what surge since we’ve been at home during COVID, cybersecurity cybercrime, up or down, what are you guessing? I’m assuming it’s all time highs right now? Well, this is really interesting stuff. So according to Palo Alto Networks, the average ransomware attack in 2020 rocketed up 171%.

So in 2019, the ransom attacks were around $115,123 2020 $312,493. That’s a lot of guacamole. So search, have you ever been, you know, impacted by a cyber breach or know anyone that has been impacted by a cyber breach? Yeah, you know, I get those random emails from like, you know, have like, I have like a capital one card and they’ll send an email here, I think your data has been compromised. And I never take it seriously. But I feel like I should. But I feel like we’ve all at some point been impacted. And there’s phishing out there where, you know, email attacks, there’s, you know, I work in big tech companies. I worked at Facebook for several years. And we all know, Facebook, just shut the bed multiple times.

But I think we’ve all been impacted one way or another. Yeah, right. Now, a recent article that came out from CNBC, by Scott Steinberg 43% of cyber attacks are aimed at small businesses, but only 14% are prepared to defend themselves. And now these incidents are costing on average $200,000. And the companies that experienced this 63% go out of business within six months of being victimized. So it may be thinking, Well, I’m not a business does this really apply to me, the average recovery time as an individual recover from a ransomware cyber attack is 50 days. So it takes a lot of your time and a lot of your money, even on the personal level. So none of us want to go through this. So that’s why we are ecstatic that we have one of the best cybersecurity viewers out there seems dominant global, he’s a fantastic resource for all of us. And just to give you guys a little bit about him, he’s the founder and chief strategist of cyber se. And he’s been on BBC News. And he’s even helped financial institutions help manage their cybersecurity. So for me, being in the financial industry, it’s a high bar of who we go to the experts that we use to protect client data, protect the firm, and he’s done that. So he’s got a wealth of knowledge. And this is going to be a great interview. But this is all about how do you protect yourself from a cyber attack? And what do you do if you become victim to the cyber attack? All things we need to talk about, we’re going to go to a quick break. But if you have questions for us, a business related financial aid crew leg or even a question for dominant send them to ask epically retiree.com. We’ll take a quick break. But when we’re back, we’re going to be sitting down with Dominic Bogle.

Welcome back into the Free Retiree Show. We are excited that we are sitting down with Dominic Vogel, Dominic, how you doing this morning?

Dominic Vogel
I’m fantastic. Gentleman Are you are you both doing today?

Lee Michael Murphy
We’re doing great man. This cyber world ransomware attacks, viruses. This is this is one of those things that I think kind of goes under the radar, people aren’t too concerned with it.

Unknown Speaker
And then it’s probably one of the things that makes you feel until it happens, victimized, abused, victimized, abused,

Unknown Speaker
hopeless, those are all great. Those are all great ways to describe it. But

Unknown Speaker
tell the people what you do, and how you help individuals and companies with your with your work. Absolutely. And I’ve been doing cybersecurity close to 15 years now.

Dominic Vogel
My entire professional career mentioned financial services, that’s actually where I cut my corporate teeth. So I know the financial services industry very, very well. And particularly the Canadian system here in Vancouver where I live. So I know the nuances there in terms of cyber security. Now I focus on working with small and midsize organizations. So companies anywhere between probably 20 to 500 employees, companies right across North America, working with business owners, CEOs, CFOs people who really are not sure what cyber risk means and how they can best manage that risk in their organization. Because to them, it’s like operational risk, financial risk, personnel risk, they want to make sure that they’re treating it as a risk and not just as an IT issue. That’s a good call. I think, in a lot of the organization I’ve been in it’s it’s more than that. I think people think of it as an IT thing, right? It’s not like there’s a huge, there’s like a risk that the whole company is at stake. Right? Absolutely. Like, like you mentioned in the in the preamble at the beginning. You know, it’s we’re in the digital age now, right? Every single company deals with data, every single company, especially because of the pandemic, as well, as companies that were just staying as physical, they had no choice but to become virtualized, or truly in a digital economy. And I always jokingly say that unless you’re selling tacos in the back of your mother’s Volvo, and all cash deals, you are a digital company, right? If you’re a digital company, you have to deal with digital and or cyber risk. So it is as well painted as part of the risk portfolio. Right? It’s not an IT issue is very much threat. If you don’t if you ignore it very much threads, the very existence of your organization. And that’s the definition of a risk. Yeah. You mentioned a kind of what I earlier we were talking about, like what I was worried about, I feel dominant would love your insight. Do you feel like hackers and people who are trying to take advantage or they’re just getting more sophisticated? Correct? That’s I think that’s what I’m, that’s what scares me is that the more technology you know, the more we get advanced from a technology standpoint, I feel like from a sophisticated, they’re just getting smarter and smarter, right. The way I view it, unfortunately, is that people are getting dumber and Dumber and

Unknown Speaker
give hackers and cyber criminals and far too much credit. If you look at the vast majority of cyber attacks, especially on small midsize organizations, they’re not sophisticated, they really aren’t. Right? They can all be tied back to some basic level of security that small and midsize business has an implemented in should have implemented. Right? You know, a lot, a lot of them are easily preventable. You know, just just like there are some diseases which are easily preventable, right? I’ll use the heart disease an example unless it’s a congestive item. You know, if you’re someone who tries to stay away from eating chips all day and eating Burger King three times a day, not exercising, you can probably avoid a heart attack. Same thing with many small businesses. They’re not doing baseball I refer to as basic cyber hygiene. And if they were doing that many of these attacks would disappear. Or to your point earlier. Yeah, we would likely see increased sophistication, cyber criminals, basically, to them. This is a matter of business. If they don’t have to work harder. Why would they? Right? There’s there’s enough idiots for them to pillage unfortunately. They’re like taking advantage of what could be arrogance. They’re just like laziness, let’s say. ignorance. ignorance. That’s the word I was thinking. Yeah, yeah. Interesting. Yes, sir.

Lee Michael Murphy
That’s a good point about like, I do feel like the strategies that the cyber criminals are doing is a little bit more sophisticated. Because back in the day, you know, the common one I saw was a I’m a Nigerian prince. I wanna help you and then you know, I just call you it’d be Sergio. Did you do email me it was that you? And then you’re like, no, that’s not me. And then I knew it was bad news. But now there’s all kinds of different ways that people are getting taken advantage of. So Dom like, what are some of the ones that are common that people are, you know, falling for? But what are the common ones?

Dominic Vogel
Yeah, yeah. So that’s a good question. And you’re really right there to Lee about and he mentioned, like, the Nigerian prince scam as an example, one of the things which we often run to and this is actually the sergios point about arrogance, I think, no, I think about I think you’re actually right about a level of arrogance there, Sergio, that will run into business owners will say, oh, we’re not worried about cybersecurity, because we know what to look for, for Nigerian prince scams. And we have antivirus. And I always, you know, mock them. And I said, well, bravo. You know, if this was 1995, there’d be nothing further for me to do. But guess what, you know, it’s 2021. Right? You’re good against 1995 level threats. Bravo, here’s a gold medal. In terms of 2021 threats, you’re failing miserably. You know. So, if things certainly have evolved, right, I think a lot of people are still stuck in that mid 90s. mindset, unfortunately, you know, focusing more so on maybe scams that a lot of people still fall for mail as an example, or can be tied to like major brands. So like Apple scams example, if it says your iTunes account needs to be topped up, or your iTunes account has been compromised, please click here, people will fall for that we still see stuff like FedEx shipments, you know, your FedEx shipment is delayed, please click here. A lot of things that we see in everyday life, people just assume that that’s like, Oh, I guess there was a Package on the way this, this must be real. So anything that’s tied to something popular almost part of day to day, life, still has very, very high what I refer to as click through rate, in terms of how you deal with that, you know, I think what’s really important at the end of the day, is not to sound too easy not to click on links, but rather go through a website. So as an example, if you know that you have a Package on the way from FedEx, go to fedex.com, do your log in there. I don’t click a link, I still do. Even if I get a legitimate email from my bank as an example, or login to the mobile app or log on to the website. I’m not going to use the link even from a legitimate email.

Sergio Patterson
That’s great advice, man. Yeah, I was thinking dominate. So I know you focus mainly on small businesses, but I was thinking there’s probably an opportunity or gap for like, personal education, like, I was never really taught, you know, before, you know, coming up. This, you know, we look out for this, we look out for that. And I think I’ve got two young kids and they’re they’re literally coming up with internet at their fingertips. Yeah. So it seems like they would be more prone to getting taken advantage of at some point in their life. So like, Is there a gap there for like education? Or like, something you do as well? Or speech and stuff?

Dominic Vogel
Yeah, absolutely. It isn’t the other there’s, there’s so many fantastic people as well. I’m friends with who’s who specialize more so in law referred to as digital safety. No, but you’re absolutely right, Sergio, about a gap in educating people, you know, if you even if you think about like, financial literacy, I mean, at least in in Canada, here in the curriculum, it’s only been recently recently that it’s been updated to include a financial literacy. So kids, when they graduate have an understanding of you know, what, what is a mortgage? How, what does an interest rate mean? You know, I went through school, I learned all that stuff. After I graduated, no one taught me that wasn’t for my, for my dad to lay me, teaching me that stuff, I would have had no no clue. So that’s an example where digital literacy very much, especially for the with the new generation, called generation, Generation Z, or whatever that who knows, whatever the hell’s gonna come after them. I mean, my son is three, and he already knows how to use the iPad almost as well as I do. With that use of technology, to your point there, if they haven’t been taught that digital safety component, you’re missing a critical understanding. So more and more, I think it’s important that parents recognize that if this not being taught in schools, they need to, unfortunately supplement that on online through through whether it be online online training, or engaging with online speakers who specialize in personal digital safety.

Lee Michael Murphy
So let’s talk about like mobile devices. So one thing that I was excited to ask you about is I’ve heard I don’t know if it’s Fact or Fiction, that being on a mobile device is being on a PC in and I’ve also heard that you can’t be you can’t get a virus or be hacked if you have an iPhone. Now are these factor fiction, there are nuggets of truth, but by and far that is more fiction than fact. So you are less likely to get a virus or malware on a mobile device. And that’s true if that’s a Android device or a iPhone or god forbid if using a Windows mobile device.

Dominic Vogel
But the reason why it’s less true, or sorry, that happens less often Is that still the majority of attacks are still happening are still very successful on laptops on desktops. So cyber criminals haven’t had to focus on mobile devices. At some point in the future, we will likely see that increase as well. An analogy or an extension of what we’re talking about here was for the longest time you even saw Apple advertise that Oh, Apple laptops, Apple computers, right? They don’t get viruses windows do, right. Yeah. And that those commercials always pissed me off because they were blatantly false is a very quick economic lesson for you, gents here. So that came out in the late 90s or early 2000s. What was true was that if you had a Windows machine, yeah, you were more likely to get a virus or to get malware. But the reason was that cyber criminals were focusing on the with the overdue for the biggest bang for the buck. Globally, the vast majority of machines. So computers were Windows based, something like 95%. At the time, were all Windows based. So if you’re cybercriminal, and you’re trying to write some code to hack into a computer, are you gonna focus on 5%? Or even focus on the 95%? Right, they’re gonna focus on the Windows machines. So it was basically a false sense of security. Or the The only reason why you generally weren’t effective from a math perspective was because you were in the in a very small minority. It wasn’t because your system was inherently more secure. Now over the past 20 years, and as we’ve seen, more and more people have Mac laptops, especially in a business setting, especially with the tech companies, for example, most of them run run Mac’s now is that market shares slowly changed. cybercriminals like, Okay, well, now, we can now see an opportunity. Now, it makes sense for us to invest time and money in making exploit code and trying to crack into these Mac devices, because now there’s an actual return on investment, right, because now the market share has gone down to maybe 7030, globally, or whatever, wherever the number is right now. But now it’s at least made financial sense for them to go after Macs, it’s the more prevalent in Windows. But I would argue now that Windows machines are more secure than Mac machines. The reason being is that they’ve had to go through the gauntlet, right, they’ve had to become more secure, they had no choice, Mac’s have just coasted for the past 20 years. So I do think that they still haven’t even had the law referred to as the day of reckoning. I think that that’s coming, especially with younger generations more and more than we’re using Mac devices. And as that, like said that market share changes, more and more viruses globally are gonna be focused there. Yeah, the other thing is Apple, I think has done a really good job at branding. Like a lot of the commercials You see, as you see a lot of the privacy, a lot of their commercials right now are like the iPhone is secure. your Mac is secure. Yeah. And I think as Apple users we get comfortable, we recover very comfortable. So that day of reckoning could become a bit all talk to us also, as well, I refer to as a security mindset. Right? Regardless, if you’re using a Windows machine, or a Mac machine, if you’re selling, you’re just gonna be clicking on links, and basically engaging in walmer, for it was unsafe online behavior, it doesn’t matter what device you’re using, right? You’re gonna end up like getting a virus having your credentials compromised. Mac, or Windows, it doesn’t, it doesn’t matter, right? As an example, if you end up coughing up your credentials, while using your Mac Book, your Mac books not going to save you like usually, you just now fill the form with your password. Right? That didn’t matter that you were using a Mac. But often people who have a Mac have a greater false sense of security. So they tend to be more riskier online, and so on. As a Windows machine, we tend, on average tends to be a bit more cautious when they’re online. So it’s more about the user and less about the machine. You’re using it to me it’s a it’s a blank, right. No machine is inherently safer, inherently secure. Right. So antivirus, talking about maybe false on security. A lot of people think well, I have an antivirus. You know, my, my machine comes with it. I’m bulletproof. Is that also not correct? Yeah. It’s also Yeah, it’s also creating the thing, which is incorrect is thinking that one security technology is a silver bullet. Right. And that you’re you’re infallible, that, that that’s where the biggest issue is, you know, I always tell people that there’s no such thing as 100% security, right. And there’s a joke least in the security community, is that the most secure machine is one that’s encased in concrete and dropped at the bottom of the ocean. That is, that is the most secure computer on Earth, right? But it’s also not the most usable. The premise though, is that it is a risk referred to as a risk reduction control. Right? If you if you’re looking at security from a relative perspective, I’m a firm believer that security is about relativity is not an absolute. So if you compare a computer with antivirus, a computer without antivirus from a relative risk perspective, the computer with antivirus is more secure than one without, right? Just like, you know, if you compare two people, and you say, Okay, well, this person drinks a lot of water, they eat the right foods, all that will generally that person is likely going to be more resilient in the face of a cold or flu than someone who doesn’t engage in that, again, their health is is relative, right? Again, there’s no such thing as being 100%. Healthy, right? But you know, depending on things that you do, right, there can be things that can make you more healthy relative to someone else. Right. So that that to me, again, is is a comparison I use with security. So antivirus very important, but not a silver bullet.

Lee Michael Murphy
Great. That’s, that’s very helpful. So on our show, we’re really about trying to help people protect their finances and make sure they have a secure financial picture. In the past, you know, there’s always been the risk of being hacked in it hurting you financially. But now is the future progresses, it seems like it’s even a bigger risk, because now society is moved to digital assets and having a lot more information online. So how do people you know, in this new digital age where we have so much of our banking information online? Now we have digital assets in the picture. We’re How do people protect themselves mentioned you know, the avoid the phishing attacks, but what else can they do to be hyper vigilant and prevent these disasters? Great question. I’ll start off with systems like online banking. Many of us that are in the digital age, we engage with our bank, or financial institution in an online fashion. by them, it may be a mobile app that may be through online banking. One of the things which I find is extremely cost effective is just to have a separate dedicated device that you just use for your most important transactions are things that you do so your online banking, filing your taxes, whatever, anything that is great financial points to you,

Dominic Vogel
I just do a one device devices are relatively cheap nowadays. I mean, you can get an Android tablet for $99. It’s not like it was 10 years ago, 15 years ago, where even the laptop to take it back. 1000 $1,000. I mean, now you can get like a state of the art lap gaming laptop for $1,000 or 1500. So devices are relatively inexpensive, have one which is separate. That’s the only time uses when you’re using your online banking. The reason why I say that is every time you use your computer, or God forbid you have a teenage son, they use your computer, right, you’re more likely to be introducing, introducing risk on it for it to dominate. It I say like, jokingly, I guess it’s each time they’re using it, you’re playing with fire. So if devices are so cheap, just Or even better, you they you give them their own device. And if that goes to help find it doesn’t it doesn’t matter because it’s it can’t compromise the device that you’re using. So that I find to be a very, fairly actionable, fairly cost effective technique, and fairly effective from a risk reduction perspective. The other thing that I tell people as well is that don’t reuse your online banking password elsewhere. So as an example, if you’re finding some online shopping website, which has maybe poor security as an example, if you have the exact same username password combo there that you do on your financial institution login details, you’re at a higher risk of having your banking credentials compromised, just because you were using those same password set on a less secure website. Right. So whatever you use for online banking, make sure it’s just dedicated for that you don’t use it anywhere else. Is it something called credential stuffing, which is basically taking advantage of the fact that most people reuse their same username password combo, again, again, on multiple websites, various levels of security. And the cyber criminals have gotten really smart about it because they realize like, well, rather than trying to break into the online, on to the online banking systems, which are very secure, right, they’ve invested tons and tons of money in that from a security perspective, why not break some crappy website, which has poor security. And then we’ll just we’ll just and this comes when was referred to credential stuffing, they basically just start stuffing these credentials all over the place just to see what sticks, right? So if they have a bank of a million credentials that they got from a bunch of various different crappy websites, they’ll start sending those out to different online financial institutions. And if they just get one or 2% of those to work. That’s a hell of a payday.

Sergio Patterson
That’s a little scary. I use. I guess I shouldn’t say this on a show. But yeah, I reuse passwords like mainly for convenience. Yeah, because I don’t want to forget. So I’m like I’ve got a kind of a cycle of passwords. That

Dominic Vogel
But it’s probably not the best way to do things. passwords are a broken security mechanism they’ve been around since the 60s. And the fact that we still rely on that from, from most online systems is, it’s honestly ridiculous. That’s like, that’s honestly still blows my mind, for lack of better, better term. And from a human perspective, it doesn’t. It’s just not possible. I mean, I can barely remember my wife’s birthday and our anniversary, you throw it all he throws all those other passwords out here. Remember, honey, if you’re watching this, I do remember it, I’m just joking.

It’s just not realistic, or the size of showing that people can remember, I think, I think it’s anywhere between three to five passwords, right, and even that is pushing it. So that what we what we’ve now seen is because again, passwords aren’t going away anytime soon, unfortunately, is the rise of a tool called a password manager. So these are great online applications for apps, you can download to your mobile phone or to your laptop, or your tablet. And then rather than having to remember dozens and dozens different passwords, or using the same password, all you have to remember that what is one password, and within this password manager password vault, these tools have the capabilities of auto generating very secure passwords, and then they’ll auto log you into all your different online websites. So one of my personal favorite styles recommend is called dash lane, freely available from from a individual consumer perspective, you can install on all your devices, super simple to use, and it synchronizes wherever you have it installed. Just make sure you don’t forget that one password. But it is a great way of helping people. It’s a waiver for you as a password aide, just because again, passwords aren’t going away, unfortunately anytime soon. But using them can make a world of difference. Yeah, I did quick.

Sergio Patterson
That’s a good tactical piece of advice. The other thing I’ve noticed a lot of consumers do is save their logins and credit cards across like let’s say Google Chrome, like I think it can really convenient thing I have on Google Chrome is it saves all my credit card information. With what are your thoughts there, wherever you’re getting your credentials and credit cards and everything saved so that it pops up? Yeah, need it, whether it’s Amazon or Google Chrome or whatever.

Dominic Vogel
Yeah, you know, it’s again, it depends who you ask modern security browsers have improved greatly in terms of security in terms of making sure that credentials other data that you’re, you’re putting in there are secure, right. So I would say that is generally safe, something to again, just be aware of those that if your device gets stolen, and you don’t have a password to log into your device, or if your computer isn’t encrypted, someone could then have access to all that information. So that is something to to bear in mind, then it’s more so for a laptop, most people on their mobile phones, if you like apple, as an example, they force you to have a pin. Right? So it’s more secure. They’re just something to keep in mind for your laptop or your desktop that that could be if you know if you’re in an area where or if you have a laptop and it gets stolen. Just you have to bear that in mind from a risk perspective, but from a browser perspective, is very security to that.

Lee Michael Murphy
Another question I got on this topic is going on to networks in the coffee shop, the airport is there, what sort of risk is there

Dominic Vogel
with that the back to my theme of security, relativity, it’s all relative. So if you are just looking at sport scores, or if you’re just trying to stream euro, and we were just talking about that earlier, like there, there’s really no risk to that, right, that you’re not risking anything by doing that or checking online news site. But if for example, you need to check your online banking. Now there could be someone that could intercept your credentials, so I see what you’re doing, it could then steal those credentials and log in at a later time. So it does depend. One of the things which I tell people is that if you if you’re on like your cell phone networks, or your 4g or 5g, depending on where you are, or 3g, wherever you are, that is often don’t always refer to it as safer than leveraging public Wi Fi. Right, just because that is harder to intercept than some public Wi Fi so but if you’re someone who’s a I’ll refer to as a road warrior, especially as we come out of COVID. If you’re someone who’s on the road a lot using public Wi Fi, you should download what’s referred to as a VPN or virtual private network, that that’s something which basically creates, I’ll just refer to it as a secure tunnel. So think of it as a, you know, a tunnel between point A and point B. And this tunnel makes it impossible for someone to read or intercept your user credentials or whatever sensitive data you’re sending between those two points. So there’s a really, really great tool that I like to use called Nord VPN really, really great tool, again, very inexpensive for from a consumer or small business perspective. So if you’re someone who goes on a road a lot and would need to use public Wi Fi a lot, do that. But you know, if you’re someone who uses public Wi Fi here and there, I wouldn’t stress about it. And for whatever reason, let’s say you’re at a public Wi Fi spot, you need to check in on your email, you need to check in with your online banking, just just check it. And if you need to change your password later. And it’s, it’s just it’s more of an issue. If you’re doing so repeatedly, right? With each interaction, you’re increasing the likelihood.

Lee Michael Murphy
So we talked about the ways to avoid it. But now let’s go to the Oh, crap it happened, that we, you know, your computer starts going haywire. Maybe you even get someone’s like, Hey, you owe me some money if you want to get your stuff back. But absolute nightmare happens. How do people handle that?

Dominic Vogel
I’ll start off all stuff on from a small business perspective. You know, again, it really depends on how prepared they are, you know, organizations, if they’re prepared are more resilient and resilient. I mean, they have offline data backup ready, right, that they have tested their data backups that they’re like, okay, you know, what we know what we need to do, right? We’ve gone through the drills we’ve tested for this, let’s let’s run through this, right? It’s like having a going through a fire drill right now. Companies have to run through fire drills, when there’s natural fire, you know, where the hell to go when you’re exiting the building? We need to do this more in a digital sense, right? And most companies aren’t. But so there are those that are prepared. But unfortunately, the vast majority of SMBs are not prepared. So what do they then do when they realize that they don’t have a backup or they thought they had a backup and then when they tried to recover? It turned out that it was from February and you know, they went out in September? They’re like, Okay, well, this is useless. Those organizations then have to reach out to organizations like us, where we can provide digital is referred to as digital forensics, digital friendship. forensics is like the CSI people right there on the crime scene, digital crime scene, trying to figure out, Okay, what happened? What can we recover? Do we need to negotiate with with from a ransomware perspective? You know, if there’s a data breach of what records were compromised, who do we need to contact? You know, does the CEO need to make an announcement internally that they need, so we need to talk to the shareholders or clients or customers to just it’s really about understanding that action plan, and having someone guiding you through that. And like I said, the vast majority of SMBs, just, they don’t know what to do. All they know is that digital health is breaking around them, and they’re not sure what to do. When you’re in your experience. A lot of these companies, do they not have an internal cybersecurity team, so they need to kind of find a team like yours. Yeah, it’s a really good question, Sergio. And again, generally, what we see as why we focus on small midsize organizations is that the vast majority of small mid sized organizations tend not to have a dedicated security person, either whether it be at an operational level, or at a strategic level, or at an executive level, generally speaking, large organizations. You mentioned Facebook, as an example, as an example. Facebook has a huge security team, right? They have a chief information, security officers and so on is communicating to the board and to the executives.

Unknown Speaker
And to Zuckerberg, if he’s listening, and then you know, you have operational security team below that. smaller organizations tend to tend to not have that so that that’s where organizations like us come in, deal with it at the strategic level, and then we’ll figure out what traditionally used to be done at the operational level. Got it? Yeah, but it sounds like the best way is to prepare before it happens. Yeah. It’s something which, you know, and that’s why I referred to I guess, the fire drill moment. Right. You know, we still have fire drills in office buildings. Right? That’s done all the time, right. There’s earthquake drills, you know, done here, and where we live in the Pacific Northwest. And

Unknown Speaker
if we’re, you’re, you’re preparing for something, which you know, will come more and more organizations need to prepare for this. And again, we’re seeing that level of preparation happening at the enterprise level. But that’s still lacking at the SMB level, right? It’s just the many of them just I think it’s that disconnect. They don’t, they don’t think that they’re a target. And again, it’s often when they realize that they are, it’s too late. The heart attack has happened. Exactly. Small business owners Listen up, that we put in the beginning. 63% go out of business after the attack. You spent your whole life to build something great. Be proactive, reach out to a guy like Dominic that can get you protect everything. You’ve worked for it. Yeah. Lee, I almost want to ask you like for some of your customer, your clients like a lot of them are business owners I’d be well I’d be curious if it’s, if this is top of mind for them. It sounds like it statistically it’s probably not. I think from

Unknown Speaker
The most part, you know, as in most business owners are their tunnel vision on, you know, making a profit. And, you know, they’re, they’re more focused about how do I get my next customer? How do I get my next business deal? But they’re not looking at at this? I mean, for the most part, I mean, I mean, if there’s a small handful, but man, there’s a lot of them that need to reevaluate and put this top of mind. Right, you know, just kind of like the financial perspective? Well, I part of making more money that people don’t really look at is how do I protect the money I have and avoid losing it? All? Right. It’s like, you know, it’s very common, you know, there’s a lot of commonalities there. The other thing I wanted to mention as well, Lee, is that organizations, you know, if you think when you watch the six o’clock news, doubt,

Unknown Speaker
cybersecure stories are at least now mainstream, mainstream media does cover those stories, but tends to be big level stuff like colonial pipeline, or that big, whatever was JBS packaging, like these large, large global organizations, they tend to get the stories and may small businesses are lulled into that false sense of security where they say, well, we’re not a target, right? And I often tell people, who has the most to lose it when it comes to cyber risk. Is it a small company? Or is it a large company that has the most to lose? And many people say to me, what’s a large company, they have the most money at stake? And I say, well, let’s, if you look at all the data breaches over the past 30 years, every single large company has survived, right? They may have, there may have been a short term stock hit, but every single one of them had a massive war chest to survive, they are all doing just fine. They’re flourishing. And I say, you know, what your goal you don’t hear about is very large database for large organization is about 10 smaller organizations that had suffered something similar and went out of business, right, the media is not going to cover mom and pop shop goes out of business on the six o’clock news. It’s just it’s, it doesn’t happen and even further, so even if a smaller organization suffers, I see a $300,000 hit for many small organizations, especially during the pandemic, mayhem can can stomach that that’s enough to bring them to their knees, you know, so it’s for small organizations, it’s very much an existential risk. And it’s why referred to as a security paradox if any organization should care about cyber security right now. It’s the smaller organizations, not the large ones. Um, you job some amazing gems today. I mean, seriously, this? Whoever listens to this whole podcast man, they’re in a much better place. How can they reach out to you you know, like, small business owner or someone that wants to consult with you and how they can protect themselves? How can they reach out to you? Absolutely, we’ll say a they can visit our company website, cyber dot s ch, like Santa Claus, or South Carolina. You can also reach out to me on LinkedIn, I spend a ton of time on on that platform, probably more than I should. But I’m a bit of a LinkedIn attic. Just look up Dominic Vogel, not Dominic Dominic, d o m i n IC and Vogel vo GTL. I’m the only one on there. Reach out Connect. Let me know that you heard these gems on the podcast. I’m always happy to help. I always tell people, I love it. When I hear when I hear from people, and they reach out to me. Again, if they have a simple question. I’m always happy to provide advice not like the lawyer not gonna send you a bill for 10k but for a quick nugget of wisdom. So for any of your listeners and watchers, they can please do feel free to reach out any time. Thank you. Thank you, buddy. You’ve been listening to the pre retiree show, so long for now.

Unknown Speaker
Securities offered through Securities America incorporated member of FINRA ww dot FINRA, SIPC, ww s IPC that was a separate entity. Michael Murphy is licensed for the California Department of Insurance license zero h 18660. Michael Murphy is a investment advisor representative with Securities America advisors, a registered investment advisor to pre retiree Securities America advisors, advisors and Securities America incorporated are separate entities. career advisor Sergio Patterson, Attorney Matt McCoy are not affiliated with securities, American advisors or Securities America incorporated Securities America advisors securities American corporate and his representatives do not provide tax or legal advice. Therefore, it’s important to coordinate with your tax or legal advisor regarding your specific situation. The constant heard in this podcast is not intended to be tax investment or legal advice and is intended as general guidance only. You should contact your own tax advisor, financial advisor or attorney to answer questions about your specific situation or needs before acting upon this information. Third, party sourced information or comments are not verified, may not be accurate and are not necessarily representative of all client or audience experience. A portion of this event was paid by a third party. The opinions of career advisor Sergio Patterson do not reflect the opinions of LinkedIn incorporated or Microsoft Corporation. The opinions of attorney Matt McElroy do not reflect the opinions of Castaneda and Company