013-craig-smith

SECURING YOUR DIGITAL ASSETS AND IT SECURITY

A discussion with Craig Smith

John:Greetings everyone and welcome to another serving of Business Soup Talk Radio. If it’s in business, it’s Business Soup. I’m your host John Debevoise. Everyone has a problem with their computers and I’m no different and Craig Smith from Borderlan is here to join us on this serving of Business Soup to talk about how to cover your assets here on Business Soup. Craig, welcome to the program.

Craig:It’s very good to be here. Thanks for having me.

John:Craig, tell me about Borderlan. First, how did you come up with that name and what is it?

Craig:Borderland was created to help small businesses, and the name is actually a funny name. It was to wrap a security around somebody, to secure the perimeter, if you will. Everybody has a land, so we thought Borderlan. And so, we came up with the name while driving down the freeway and thought it was perfect.

John:LAN as in local area network?

Craig:That’s absolutely right. But it’s surely evolved to other things now besides just local area network. We have wifi, we have smartphones, we have all these connections that have been put in since.

John:Going back to when I first created this program, I was still dealing with the 14/400, I think they called it a bod dial in network which took forever. I was fascinated by that. Well, since that era of the introduction of the internet, a few things have changed. And now, not in addition to having all of these resources for information, there are people that are trying to take that information away from us. What are some of the threats that we as business owners are facing in light of this new and faster internet?

Craig:What’s really interesting is that business owners are under constant attack whether they know it or not. And in most cases, business owners are currently infected. And I’ll bring that out by just saying that about we think 40 to 50% of businesses have an active infection crawling in their network while we’re having this conversation.

John:About half of us are infected with some type of virus. Where are these viruses coming from?

Craig:Well, the viruses come from all over, but most of it is that about half of the network traffic in the world is actually malicious. These are robot malicious computers that are trying every day, every waking moment to breach into a computer and they’re going to try every single possible method. They are coming from these computers and they’re trying to breach in through your email or some other method. And they’re doing it every single moment of every single day. So all they need is one way in.

John:You mentioned email, and I see this all the time, and I have fallen victim to it. I get a notice from my bank that says somebody tried to access your bank account and it looks very official. And I go, well, who did that? Well, it certainly wasn’t me. And it wasn’t from my bank. It was from somebody doing, what do they call it, phishing, there’s different forms of phishing. What am I looking for and how do I protect myself in the first subject here of this email threat that I would get?

Craig:Email is, as you mentioned, it is common now that the threats are coming through email. Phishing attacks are on the rise and they’re becoming enormously sophisticated. So much so that they’re appearing to be by someone you know, not just a company, but they can have your actual bank account information or a picture of a person you know that they scraped from Facebook or some information about you or your address that they pulled from the internet. These computer bots will render these emails to look almost perfect. So to the question about what to look for, most of the time, you’re looking for some call to action to a link, to a click. That click is what starts the infection. And to somebody who’s busy all day long, a small business owner, we don’t have time to really look through these things. And that’s when the problem comes, is when that click happens.

John:And I’ve noticed that that click is right there and it’s a call to action like, Oh my gosh, I’m being threatened. And so, the first thing you want to do is find out where the threat is coming from. But what about, say, my kids or my employees or from a smartphone? How can I protect myself from everyone around me who may accidentally click on these right there in the office?

Craig:Well, this is one of the big problems that we have. And as a perfect question, we might, as business owners, be trained to mouse over something and see where it is or say to myself, hey, I don’t want to click a link. This is possibly a bad thing. But the real problem is business owners are responsible for all the people around them and when an employee is just doing their job and they click on something that looks real, that liability for that click is going to push right up to the business owner. And that is the problem, that these employees, and even our families, are untrained. They don’t really know what they’re doing. And that’s okay because they’re busy doing what they’re doing, but there has to be some method to train them and to protect them.

John:I know a friend of mine who is in the financial services. They are responsible for their client list. And he has told me about friends of his who have been infected or have had their database stolen, and it’s an absolute panic when all of this financial information from his client base is stolen. Where do we go from there? If someone does get that information, is there any way to stop them from being able to use it?

Craig:Well, unfortunately not. Once it’s out in the open, it’s out of the open. And the dark web is this, for those of us that use the regular web, it’s absolutely a wonderful place. There’s all these resources, but where our information goes is to the dark web. And once it’s out there, it’s for sale. It’s for sale for the highest bidder, and they’re looking for social security numbers and everything else. But our data is absolutely valuable to these people because they’re going to use it to either sell it or to stage further attacks against us. And most often, this data is being circulated in many cases without us knowing about it. So a lot of times, we think the window breaks and our computer’s gone. The data must be out of the open. In the case of most businesses, the data is either already out in the open where it’s in the process of being transmitted.

John:What are some of the other ways than just the computer or our laptop, what are some of the other ways that they could infect us? What about from our cell phones? Our smart phones?

Craig:That’s a perfect point. We have for the sake of convenience, moved to smart phones for the vast majority of the business that we do, even as business owners. And that causes a real problem because the traditional land defense doesn’t do it. So you’re absolutely right, cell phones are a big problem. The way to mitigate that, there are technologies to send your traffic from your phone to a secure computer and then out to the internet. And by doing that, these emails can be protected before they get yourself on it before they get clicked on.

John:Is this a feature that is already in my cell phone or my smart phone, or is this a secondary proprietary type technology that I have to go out and find independent to step in between my phone and my computer?

Craig:Well, the vast majority of operating systems are really in the business to sell their operating system. And they really have no basis of security. Apple’s probably done the best of all of them, but they’re really not out there to sell security. They are out there to provide a easy to use interface. Anyone who has any inkling to do security is going to need to put a secondary service with the environment that we have right now.

John:I’m getting the feeling that my next question deals with what does Borderlan do? Are you part of that integration or interference between, say, the cell phone and the computer to make sure that my information just doesn’t go off into the outer limits and down into the dark web?

Craig:We are the cyber warriors for people. We are the hired guns, we’re the mercenaries that come in and look at your network and try to make sure your small business is secured, to ensure that you can do what you do better and let us do what we do, which is the cybersecurity world. And our world is a deep, deep rabbit hole. It’s very, very deep. And it’s very complicated so we have engineers and people that use technologies of super computers and services and the best of the best enterprise class. And that’s what we do, is we provide those types of services for small businesses.

John:When you say for small businesses, it could be anything. It could be my horse and cattle ranch or it could be, if I’m a franchisee with multiple or just singular locations, I can use a service such as Borderlan to protect myself from myself and my employees and my family?

Craig:Yeah, well, everyone has a guy or somebody that they know that’s the computer person that they go to. And so, a lot of times these computer people are people that are very savvy. Maybe they graduated with a degree in sorts or they’ve been around computers. And so, we tend to go to these, a lot of times, family members, who will set up our computers. And we think, oh, we have a computer guy that does that. What in fact that’s doing is it’s allowing us to be operational but not secure. So it’s critical that somebody that really knows what they’re doing jumps in and does that. I’ll give you one for instance. Something that we do is we scan the dark web and that sounds like a crazy thing to do, but we have a subscription as a hacker would. And so, every single week or every single month, we can go in on your behalf and we look for people trying to sell your information. And that helps us know if you’re at risk so that we can take additional steps to protect your computer or your database.

John:Well, what happens if you find John on the dark web? What kind of message am I getting and what can we do about getting John out of the dark?

Craig:Well, one of the things that we do is we look for, and that’s just on dark web scanning, there’s other scans we do, but if we find something, we think, okay, what databases is being sold on? And the very next thing we do is we say, hey, your website might be compromised or your computer might be compromised or your passwords. We’ll make sure that your passwords are changed and we’ll make sure to train your employees on what not to click on and we’ll make sure that your computers are adequately scanned and maybe even that you have a firewall and wifi and all the things that a business would need.

John:What about at home? Most of us that have our own home based businesses or are business owners, like my audience, we go home, the computer is there, is networked into the other computers, and we have kids, the little monsters that push the buttons that say, oh, that looks like fun. How do we protect ourselves from the family intrusions that are… They don’t do it maliciously, but it happens. How do we protect ourselves from our kids?

Craig:Well, this is near and dear to my heart, having four girls downloading constantly free games, which unfortunately introduces to the family computer a load of malware. And this is just the common thing. This malware comes in and it sits there and it collects passwords and things like this. So what can we do to home computers? We can first recognize that home computers are the most vulnerable of all computers. They are not being watched by a professional, which can be done. We can do that. And they are also being shared by multiple people. So the chances of an infection or a breach through that system is extremely high.

Craig:For the sake of home convenience even, we go with something that we buy at Best Buy or Fry’s Electronics, and we think if our computer’s slow, we just buy another one. Well, it’s going to happen again and again and again because this is what happens, is that these computers are not being properly watched. So I’d say if it’s a real business computer, make sure to isolate that off of the family in some way, shape or form. And if you’re going to share it, make sure that it’s safe and it has somebody watching it who knows what they’re doing.

John:What about in the App Store or wherever you go to get apps? Can we actually trust the app? These places like the app store, as I use the example, can we trust them to be giving us an app that is not going to infect us?

Craig:The vast majority of Apple apps in the App Store are properly vetted. They look for these backend problems back in communication, spyware malware, so the App Store through Apple is fairly safe, not perfectly safe. There are apps that still provide malware and can collect, but it’s very rare. Android, on the other hand, is generally not safe, nor are there any windows devices. It would be very wise to be cautious of the kind of apps, the kind of information you put on phones that could be on a compromised type of system. I’d say Apple would be your best bet if you’re looking for actual cybersecurity.

John:We’re talking with Craig Smith, he is the president of Borderlan Cybersecurity, and somebody is out there trying to get your information. And if you’d like more information on how to cover your assets, well, visit us at bizsoup.com, the one source for businesses at Bizsoup. Craig, we’re talking about, obviously, the cybersecurity and how to protect ourselves. I’m starting to sweat here thinking of all the things that I’ve been seeing on my devices. In this particular serving of Business Soup, how would you wrap up the best thing, the top three things that I could do, I walk out the door, what should I be looking for and how do I fix it right now? What are my biggest threats?

Craig:Well, the biggest threat, first and foremost, is email. We have to be careful of email. Once it’s in, it’s in. Once someone clicks on something, they click on something and it begins a process of real problems. So careful with email, number one. Number two is know where your stuff is, know what you have. Take a little inventory and think about what kind of information you have on your system, customer databases that could be valuable, and make sure that you at least identify it so that when you’re talking with a business professional or you’re looking at a best practice, you know that that information is the information you need to protect.

Craig:And I believe the third thing would be get some help. This is not a time when a do-it-yourselfer is going to be able to take care of it. This is a moment in time where cybersecurity is becoming the thing. And you see it in the news, you see the breaches. We have to start to get professional help. And luckily, there is help out there. A lot of people that’ll help.

John:Getting professional help. My business is Business Soup and I need help. Craig, thanks for joining us on this serving of Business Soup. Be sure to tune in for our other servings on cybersecurity with Craig Smith again from Borderlan Cybersecurity. Thanks Craig for joining us here on Business Soup.

Craig:It was my pleasure. Thank you.