How to Keep Your Business Safe
Episode 891: How to Keep Your Business Safe, with John Iannarelli
View this episode on:
How to keep your business safe online? Listen to John Iannarelli’s advice on online security and how to keep your business safe.
John Iannarelli can teach you how to keep your business safe since he is a retired from the FBI after more than 20 years of service, during which time he was a member of the FBI SWAT Team and participated in the investigations of the Oklahoma City Bombing, the 9/11 attack, the shooting of Congresswoman Gabrielle Giffords and the Sony hack. Among his many FBI assignments, John previously served in Washington, D.C. as the FBI National Spokesperson and later with the Executive Staff of the FBI’s Cyber Division. He was a Cyber Squad Supervisor before becoming the Assistant Special Agent in Charge of the FBI’s Phoenix Division, the number two position overseeing all Criminal, Cyber and CounterIntelligence investigations throughout Arizona. During his FBI tenure, John was also the recipient of the FBI Directors Distinguished Service Award, for which he was selected from the ranks of the Bureaus 35,000 employees.
An energetic and entertaining speaker, John is the author of four books, including Why Teens Fail and What to Fix, a parent’s guide to protecting their children from Internet predators and other dangers, Information Governance Security about how businesses can protect their important information from loss or compromise and How to Spot A Terrorist Before It’s Too Late, a guide to help people recognize and prevent terrorism before it can occur. His soon to be released fifth book, Disorderly Conduct, examines the lighter side of law enforcement and the humorous moments during John’s FBI career.
What you’ll learn in this episode about how to keep your business safe:
- John’s career as a law enforcement officer and special agent with the FBI
- Why businesses are more likely to be robbed behind the keyboard than with a gun
- How to keep your business safe and prevent it from being hacked by criminals
- The biggest scams that hackers are currently using to hack your email and take your money
- The policies you need to have in place for money transactions
- Why you need to look into a password manager
- The importance for you and your team to have basic cybersecurity education
- What is malware and how to keep your business safe from it
- How bringing someone in to train your team could be helpful
- An example of how a Law Firm was hacked and had $1 million taken from them
- How dangerous thumb drives and free wifi from public restaurants can be for your work’s network
- What you need to know about Cyber Insurance and an overview of what it can cover
- The responsibilities you have as a business owner when it comes to cybersecurity
Resources:
- Website: FBIJohn.com
- Twitter: @FBIJohn
- Check out this blog on how to keep your business safe by employing cyber security
Additional Resources:
- Sell With Authority by Drew McLellan and Stephen Woessner: https://amzn.to/39y7x13
- Predictive ROI Free Resource Library: https://predictiveroi.com/resources/
- Stephen Woessner’s LinkedIn: www.linkedin.com/in/stephenwoessner/
- Learn from Adam Anderson on how to keep your business safe online by following this cyber security checklist
How to Keep Your Business Safe: Full Episode Transcript
Get ready to find your recipe for success from America’s top business owners here at Onward Nation with your host, Stephen Woessner.
Good morning. I’m Stephen Woessner, CEO of Predictive ROI and your host for Onward Nation, where I interview today’s top business owners and experts so we can learn their recipe for success, how they built, and how they scaled their business. In fact, my team at Predictive ROI, while I’ve been talking about this for a while now because we’re recently rebuilt and then we continue to rebuild our free resources section on PredictiveROi.com.
We’re adding new assets, new helpful guides consistently so you can download free practical and tactical guides. Everything from search engine optimization to how to use LinkedIn to generate leads and other success strategies that we’ve compiled from, quite frankly, the very brilliant insights shared by our very generous guests. Just go to PredictiveROI.com/Resources, and whatever your request, we’ll send it right to your inbox.
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: John Iannarelli’s Introduction
So before we welcome today’s very special guest, I want to set some context here. I think this is going to be one of those mind shifting, paradigm shifting conversations. Now that’s not hyperbole Onward Nation. We just have never been able to have an opportunity to have a conversation like this at the depth that we’re going to have this conversation with John.
Generally, John is an international consultant who retired from the FBI after more than 20 years of service Onward Nation, during which time he was the FBI’s national spokesperson. And this is why I think this is going to be aside from a very impressive service record. I think this is why this is going to be so impactful and so helpful as a conversation for you, because during that tenure, he was also part of the FBI’s Cyber division.
Executive staff, look, business owners. And this is what John was sharing with me in the green room. Business owners are being attacked nonstop around the clock. In fact, the FBI receives over 30,000 complaints per month. And those are the instances that they know about. And it isn’t that the FBI is dark on this or anything like that. It’s just oftentimes business owners don’t even report it, don’t even know to report it.
And so, John, throughout decades of experience has worked diligently, he and his team on helping business owners stay safe, helping them recover from an incident like this, and really tried to keep them from going under, because this is a big, big problem. And what I learned from John is not the big companies. I mean, sure, big companies make the headlines, but it’s not big companies that are falling victim to cyber criminals.
They’re typically not the big companies that the cyber criminals are targeting. That’s you and me. Onward nation, small companies, 200 employees or fewer. They’re the ones. It’s us. Who are the ones, who are the most vulnerable? So when John said yes to be my guest for this conversation, I was overjoyed. It seems kind of silly to be overjoyed about having a conversation around cyber threats and cyber criminals.
But is it that important? And so, John, without further ado, welcome to Onward Nation.
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: John’s Path and Journey
Stephen and the rest of Onward Nation. Thanks for having me tonight. Well, sir, first of all, thank you very much for your decades of service and impeccable service career. And it is just an honor to host you here. And so what an incredible opportunity to not only be able to have a conversation with you, but then also to have this conversation around a very, very important topic.
So your bio is certainly impressive. The accolades and accommodations that you have received are impressive. So before we dive into the topic of today, actually take us behind the curtain and tell us more about you and your path and journey, and then we’ll dive in. Okay. So years and years ago, I started off as a police officer in San Diego.
And during that time, I ended up going to law school to get my law degree because my goal was to join the FBI. And the FBI at the time required either you be an accountant or in a jury. After graduating law school and practicing law for a little bit, I was fortunate enough to be selected and spent my entire professional career as a law enforcement officer, special agent with the FBI.
I’ve gone from one hated profession to another, but it’s been a heck of a ride, and I’ve enjoyed every moment of it. So when you look back on your decades of experience, give us a couple of highlights. What are some of the things that really stand out to you and maybe these aren’t great moments in history, but these are things that you can look back on and say, you know what?
I wish that never would have happened, but it was my honor to be a part of that service. You know that they took the words right out of my mouth. A lot of these things that would have been better off, had never occurred, but I was glad to be there to work on these things. And of course, as an agent, I was there for some of the larger events.
Worked for Oklahoma City bombing, part of the 911 investigation. I was on scene at the Gabrielle Giffords shooting in Tucson. But as smaller events as well, one of my first cases was a very old kidnapping case. A four year old girl had been taken, and I inherited this case nine years later from an agent who had retired.
And during the course of my working case, I was able to find the child still alive and oh my God, the person that kidnapped her. Wow. So it’s moments like this that, you usually don’t get to see unless you happen to be an FBI agent. And in their cyber world, work the Sony games and actually arrested the person on the first Sony act.
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: Why Are Business Owners Being Targeted?
So I’ve had some really exciting times. I’ve been very fortunate and blessed to work with a great group of agents, because it’s all about teamwork. And the FBI, no one single individual. Hey, man. So, give us some more context around what is really. I don’t know if it’s not necessarily a statistic, but one of the things that you said to me in our pre-interview is we’re getting ready to have the conversation where you said to me, Stephen, business owners are being attacked nonstop around the clock.
So in some additional context, because on the surface, when I hear that, I’m like, that sounds frightening to me as a business owner. So as some additional context here about like one, why you say that and maybe hang some meat off of that. So the days of robbing businesses at gunpoint is going away, while we still have the bank robberies that happen, and they become fewer and fewer because criminals have realized it’s a lot easier to rob somebody from behind the keyboard than it is to get out there with a gun.
You can do this from the convenience of your home and whatever country you’re in. There’s a lot of people sitting in internet cafes over in the European nations and Africa that are trying to take business money and your personal money every minute of the day. And the biggest problem is most people don’t take the most basic precautions to keep themselves safe by just doing a few simple things, they can avoid being a victim, and these criminals will move on to an easier target.
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: Complaints About Money Getting Stolen from Their Bank Accounts
Okay, so let’s talk about, let’s also put this in context about the number of complaints you know, per month. You mentioned 30,000 complaints to me, but if I don’t want to say, I have to guess that that number is much higher. And so 30,000 sounds like kind of the bare minimum. But if so, what do you think the actual number might be?
Is it even possible to guess that, you know, God only knows. They will tell you that if 30,000 people were bothered enough by what occurred, you pick up the phone or get on the computer and send a message to the FBI. It’s probably at least triple that. And we’re talking per month now. These stamps can be anywhere from a few dollars to much greater numbers in the private sector.
As a consultant, I get calls regularly from small to medium sized businesses that have lost $1 million because of somebody who had access to their bank accounts through the computer network. That kind of money can be really impactful to these sized businesses. Many of them don’t survive. Right. So what happens? Like and forgive my ignorance here, I just literally just don’t know if I’m a business owner and I’ve got $1 million squirreled away.
And it took me a long time to get that squirreled away and saved and be profitable for a long period of time. Run a good, successful business and that million dollars is sitting where there is. Is that like in one account, is that across multiple accounts? And then whoever hacked into that stole that money across multiple accounts, like is there any way to recover that?
Well, in some ways you can. But generally the rule of thumb is once the money’s taken, it’s gone. Very few occasions. Can we get the money back? Now, I will tell you, I have been successful in recovering large sums of money because the company discovered it, acted quickly, contacted me. We were able to trace where the money went from what bank to what bank?
We have agents in 65 countries all over the world who are able to help and intervene by working with local law enforcement, but the best way to prevent yourself from becoming a victim is by not becoming a victim, taking the precautions necessary, and doing some simple things to keep yourself safe. You know, I’d like to talk a little bit about the crimes that are happening out there and what we can do to try to prevent them.
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: How Business Owners Get Victimized by Scammers
Awesome. Let’s go there. Because I think I agree with you. I think it’s going to be really, really valuable for Onward Nation business owners. So you mentioned maybe their basics, maybe they’re simple but I suspect they’re not common for business owners to implement. So give us your advice there. And that’s exactly the issue.
Well it’s common to those of us who have been in the FBI and worked it every day. The average person doesn’t know these things the same way that your business owners out there on Onward Nation, I don’t know how their operations run and how they conduct their business. We each are specialists in our own areas. And so I want to try to educate today to help your audience understand what the dangers are.
So a lot of times when we’re talking about stolen funds, it’s not necessarily a company that has $1 million in the bank. Perhaps it’s a real estate agent or a company that’s handling a transfer of funds from one party to another. One of the biggest scams out there is hackers will break in and monitor your email and look for who is the person that handles fund transfers in the company.
And then don’t pretend to be either the person with the money, the business owner, etc. by duplicating the email and then providing you instructions. Wire this money now to this bank account. Persons following the instructions of who they believe they should be taking directions. Next thing you know, the money’s gone over to some foreign land and is in a criminal’s bank account to be disbursed, you know?
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: Having A Policy in Place for Monetary Transactions
Okay, so when you just shared that example, like the first time I ever heard of that was probably maybe 3 or 4 months ago, I was like at a workshop or something like that, like a financial workshop. And so fraud is always a topic. And there was an agency owner and other business owner in the room who said, who talked about getting a quote unquote email from the owner of that agency, excuse me, like a business partner, that’s what it was.
It was an owner receiving an email from another business partner. And the recipient of the email also happened to be the CFO. And so then his business partner said, hey, I need you to. And it sounded like that guy’s voice. I need you to wire $100,000 to this account, whatever. They need it by this time today. Could you please get that done?
Sounded exactly like the sender’s voice. Person wired it, and then later that day said, hey, I got that wire transfer done. The money was gone. It skipped like 3 or 4 different countries, and they never recovered it. Exactly how it’s done. When they do it through email, they’re able to look at the traffic, use similar language, even cut and paste from prior communication.
So protection number one for business owners, you have to have a policy in place when it comes to money transactions. I just recently had a home purchase, and the title company asked me to wire money and send me wiring instructions via email. I picked up the phone and called the title company to confirm the information. You have to have a policy like that, that there has to be verbal confirmation.
You can’t even use the passcode or secret word on your email because remember, they’re reading your email traffic. Nothing substitutes for verbal confirmation. I got it okay. All right. I’m thinking about the number of different scenarios and how easy it would be to overlook that you get an email from what you think is a trusted source.
It sounds exactly like that person. But yet the in fact, another person in that workshop said that they had also in this tape in this case, was the controller who was sharing the story, had received an email like what I just described in the first scenario from the agency owner, from the business owner, the person received it, the CFO received it, sounded all fine and legit, went to transfer the money, but then decided, for whatever reason, Spidey sense.
She thought, you know, I’m going to call Jack. And because this is a fine, we’ve got the money. But it’s just, he’s never done this before called Jack and Jack’s like, no, please don’t send that. That wasn’t me. All right, well, that’s fantastic. And I hope that person got a bonus because people don’t listen to that inner voice.
And I’ll tell you, your intuition can keep you safe. Not just out in the public and out in the world, but online as well. The other thing I would mention is getting access to your email. That’s where a lot of these problems begin. So when we use email, are you using a secure password? Are you using something that would be impossible to crack?
People are not sitting behind a keyboard and just trying to brute force figure out what your password is. There’s computer programs that hackers use that will run through every word in the dictionary with numbers and simple combinations, but try to come up with your password, doing it at lightning speed. If you develop a password that is difficult to crack, you’re going to be able to keep your information safe.
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: How To Setup a Strong Password
Now, I recognize a lot of people say, well, how am I going to remember these passwords? There’s a lot of ways of making a very complex password. Yet having it easy to remember. For example, I use a sentence, something that is easy for you to remember, such as my anniversary is on November 5th and I will type that in as my password.
Or maybe use the first letter from each of the words as my password. That way I’ve got a very complex string that nobody is going to be able to hack because it’s too complex, yet very easy for the consumer to use. So what is your take on things like, password managers and whether or not those are safe, whether I mean, they’re certainly convenient, does that protect somebody?
Does that open themselves up? I mean what are your thoughts there? I actually highly recommend password managers first of all, password managers when they produce the password for you are extremely complex symbols, characters numbers, upper and lower case would make it virtually impossible to ever hack one of those passwords. Likewise, all the information in a password manager is encrypted, so unless the person has the encryption key, which is the lone password that you have to remember, then there’s no way they’d be able to crack that encryption.
So the key there is you come up with a complex password like I described for the password manager, and then you’re set. I use a password manager and I probably have 40 or 50 different websites or accounts that I access on a daily basis. Yet each one of those has a unique individual username. And password. Keeping my information safe.
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: A Recap of The Safety Precautions
Got it. Okay, so some of the basics. Let’s just recap again here about how to be cautious. Simple precautions, I should say. So the first one being to verify the information is, as you just mentioned, with the title example, it’s like someone sent you transfer transfer instructions. You were diligent, picked up the phone and actually verified that over the phone.
So that makes perfect sense. Second would be, you know, getting access to your email and protecting that really locking that down, whether using a password manager, something else or whatever, making sure that you have access to your email, shutting down what might be some of the other precautions that you would recommend a business owner put into place.
The biggest overall thing I would suggest is business owners have to make sure that they and their employees have some basic cyber education. And the problem in the cyber world is that it changes so quickly. So if I educated you today, you’re going to need to be educated again next year because the threats are going to be different. If they know what the threats are and what to look for, they won’t become victims of it because they’ll be on alert for it.
For example, we talked about how this wire transfer is known as the business email compromise. You yourself seemed sad that you hadn’t heard about it until about four months ago. It’s been on the plane here in the US for about two years now, and it’s become bigger and bigger. We are up to $5 billion in losses from this scam alone that has been reported to the FBI.
The numbers are getting bigger and bigger. And once we find a solution, which is the verbal verification of information, they’re going to come up with another scam. You know, think back to the most recent Sony hack that happened a couple of years ago. Remember, we had the whole issue with North Korea hacking into Sony. And, you know, the end result is we all had to watch a movie that we would have never paid money to go see in the first place by watching the interview.
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: The Sony Hack
Well, that Sony hacked 40,000 employees at Sony, one person at Sony clicked on a link that downloaded malware. That’s the vulnerability. It’s your personnel not doing anything nefarious, just not being aware. And that person that clicked on the link they would not have launched. They believe it was approximately $3 billion in assets and future revenue because of that one attack from North Korea.
Holy buckets. I didn’t realize that the loss was that significant. And the reality of that as well is now, you may recall for a while there, North Korea shortly thereafter launched internet access for a few days, which I surmise I don’t know. But having worked in the government, that query was a shot across the bow by the US government letting North Korea know, hey, stay away from our business because we can do things to you.
But Sony loses all this money. Their reputation employees were fired. North Korea doesn’t have internet access for a few days. What does that mean? Maybe seven people couldn’t get on Facebook in North Korea. The damage is not the equivalent. We need to be able to protect our resources by taking appropriate action. So educate your employees, make sure they understand things like never click on a link from somebody that you don’t know and be aware of the scams.
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: Be Wary of Clicking Links
Be aware of somebody pretending to be it, and instructing you to click on a link to update your network. You may get emails from purportedly your service provider saying click on a link, take the time. Go to the website of the service provider. See if they actually have something posted on the front page saying there is an update.
Here’s the link. When you get these emails, be suspicious of anything someone sent you. Okay, so you’re probably going to roll my eyes when I ask this question because it just really exposes my ignorance in this area. So because I honestly didn’t realize that by just clicking on a simple link that I can absolutely, like open you up to, like essentially open up your computer to say, take whatever you want.
I literally had no idea. So when I click on a link that someone says they’re in, if it’s malware, essentially what it does is it can install a keystroke logger, which means it’ll record every keystroke you’ve ever typed on your computer. And I will get a copy of it. So that will include your username and password to get into the system.
All the other things. If you’re doing banking. Likewise, it gives me access to every other computer in your office. People you’re communicating with, it will spread to as well as you send emails and communication for others. So the damage could be significant, not just your company, but the others as well. And who’s going to be responsible for that once the attorneys get involved?
Perhaps the company that opened it up and didn’t take care to prevent damage from being done to other parties. So the liability here is real, which is why very, very short hours investing a little time in training and education on a regular basis can do wonders for keeping yourself safe. Okay, so then help us understand then, you know, business owners or for business owners.
Like what? What do we do? Where are the resources? Where do we get the education? You mentioned not just saying one and done as far as education with our team, our employees, how do we do that consistently? What’s the right rhythm and where do we go to find that type of training, that type of expertise. Great question.
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: Implement a Face-To-Face Training Instead of a Virtual One
So there’s a lot of different resources out there. The first thing I would say is define what your needs are. Look at your company. So I recently went and visited a company in Florida. They have about 23,000 employees around the country, but each office is a relatively small operation. So what I was able to do is go in and look at one.
What are they doing to protect themselves? Are they aware of the threats? A simple assessment that didn’t take very long at all to be able to show them, okay, these are the biggest threats you need to be concerned with. This is what you need to educate your team on. I was able to train the headquarters employees, and then they were able to put information out to all the regional offices so that those employees were aware.
There’s a lot of training videos available online that you can subscribe to. But I will tell you, people tend to become bored doing those things. So I like the fact that you bring somebody in, come on live every so often who can come in and talk to the masses. Maybe you’re having a training day or you’re having an all employee conference.
Perfect time, 30 minutes, 45 minutes. Just to go through that with some stories from the FBI or law enforcement to be able to hone the experience so that they can see what’s happening. That is money well spent and very short dollars, as opposed to losing what could be significant. I will tell you, recently I had a law firm of all things, a law firm that should know better.
They contacted me because they called for one of the online scams. They thought they were talking to a client. They were at $1 million of one of their clients’ money. That, unfortunately, was enough that this well-established law firm it put them under. They had no insurance covering this particular threat. If lawyers can be fooled by these kinds of tactics, anybody who is not in the cyber field can be taken advantage of.
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: A Recap of The Fraud That Took Place
So let me make sure I get that scenario correct. And then I also want to ask about the insurance here in just a second or two. So in this scenario, the law firm received an email. And they thought the email was being sent by a client. And in that particular client, they were holding $1 million on behalf of that client.
Right? Correct. They were negotiating a business transaction where $1 million was going to be sent for the purchase of business. Okay. And so they receive an email from the client saying, hey, law firm, I need that million dollars. Please wire it here. Law firm thinks, okay, we’re holding on to the money in order to do that transaction whatever.
Now they’re requesting it. So here we’re going to go ahead and release it. And that was the fraud. They were there. They had been hacked, through email and so then they went ahead and wired the funds and they’re gone. And client’s like, whoa, wait a minute, that you sent our money to not us. Right, exactly.
And there’s always a lot of finger pointing. Well, I wasn’t hacked. You were hacked. We go in, we get a forensic exam, we’re able to show definitively where the hack occurred and who was responsible for it. Sadly, in this case, it was the client, the law firm, and they were in trouble because they didn’t have cyber insurance to protect them and make them whole again.
After something like this happened, all could have been prevented if they had some policies in place.
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: Be Cautious in Connecting to Public Networks
Okay, so then, in the policies, in the precautions I think are some of the things that you’ve shared with us already cracked or did we miss something there? No. Let’s talk about the policies a little bit, because I want to tell you that when a company is taking on these responsibilities, when you’re doing business, when you want to keep your company safe, you want to have some policies in writing that you can show your employees during their annual review nothing more than a single page, but have your employees trained in as well.
So think about it. Clicking on wins. What about the simple thing of plugging in a thumb drive? For example, does your company let employees bring some drugs to work and plug in a thumb drive in a computer? You don’t know where that thumb drive has been plugged into other computers that could be downloading malware onto the computer system.
What about when you travel and check in at a hotel? Do you go down and use the hotel’s computer? Well, who’s been on that hotel computer before? If they’re logging into your company’s network, there’s probably going to be malware logging in as well. Just having some basic security policies explained and written out so that everybody’s on board on how to keep the company safe.
Wow, I feel silly here. Well, I shouldn’t say silly things. I feel educated. Because there’s so much here that I didn’t know, like, for example, what you just mentioned, because I use business centers all the time, I travel a ton and so, like, I never thought of what you just mentioned there. If I log in to the Predictive ROI network and I do that through a business center, and if I’m not careful about that situation, I’ve actually put the business at risk, I think is what I’m learning from you.
Is that right? Absolutely. Or think about when you’re sitting in that Starbucks with their free Wi-Fi or the hotel lobby. Well, if it’s free and open, that means anybody, including criminals, could be using it and they’ll bring with them a device called a sniffer, which picks up all email and computer traffic of everybody else on that Wi-Fi.
So I could be reading exactly what’s on your computer as you’re working on your computer, sitting there across from me in the lobby. Meanwhile, I can get all your access information to your bank accounts, etc., your company’s access if you’re doing business work, traveling for work. So these are the things employees don’t think of when I travel. I brought my laptop, of course, but I have a modified device.
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: Use Your Mobile Hotspot Instead
I use my own internet access. I don’t take advantage of the free internet because the free internet, nothing’s free. There’s always a danger that comes with it. Wow. Okay, so then here again, let’s say that I’m in a hotel room and then, you know, there’s free internet access or Wi-Fi access if the hotel room does the same thing.
It might not be a Starbucks but it’s free Wi-Fi. So am I exposed in that scenario? You’re not only exposed because it’s free, but you don’t know who’s managing that Wi-Fi either. Have they taken the precautions to make sure it’s secure and that nobody’s hacked into this system and is monitoring everything that’s on the network as well?
You can’t control it. The only thing you control is what you have. So ownership. So for example, if you need to have internet access, pull out your cell phone, you know, your iPhone, for example, and you can put on your personal Wi-Fi and log in to that. So you’re actually working off of your cell phone for internet access, but it’s secure.
Nobody else is using it. Nobody else has the passcode except for you. It’s a great way to keep yourself safe. Got it? Okay, so next time, no hotel Wi-Fi. Instead, turn my iPhone into a hotspot. And then connect that to my laptop, because that’s a more secure way of doing it. Absolutely. Oh, so think about using encryption when you’re sending emails.
There’s encryption services you can subscribe to. So then you create a portal. What if I’m going to send an email or receive an email? It goes through an encrypted service. It’s not something you don’t have to go through all these extra steps. It’s basically a program you put on your computer, but it will keep your messages safe and secure.
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: Consider Getting Some Cyber Insurance
Now, I’m sure a lot of your listeners think, well, you know, no one’s going to be going after me because this is so convoluted and all this crime out there. The reality is they’re going after whoever they can find. And if you’re an easy target, it’ll be you. If you make it just a little difficult, they’ll skip you and go on to the next guy because there are plenty of easy targets out there.
You just it’s just like I’m running the bear in the woods, and if I’m with you, I don’t have to help run that bear. I just run you. You’ll want to do the same thing in cyber security. You want to be a little faster than the other guy. So tell us about cyber insurance.
Again, you’re probably thinking, geez, I can’t believe that Stephen has not heard of these things. But, I literally didn’t know that there was cyber insurance either, or whatever the correct term is. So it sounds like if I’m a business owner, I can actually have an insurance policy that protects me for like if $1 million gets sucked out of the business, then I’m protected.
Is that the gist of it? Well, first of all, it’s not like you don’t know where your citizens and Onward Nation are. No, no, the reality is, unless you’re a cyber expert, nobody knows. Don’t ask me to go and make you a quilt or anything. I don’t know the first thing about that. This is my expertise. This is what I know.
And my goal is to try to share this information to keep people safe. Cyber insurance is out there. If you have a company and you want to take out a policy in cyber insurance to try to keep your assets safe. That’s a good thing to look into. But remember, insurance companies are not in the business of giving money away.
They’re making money. So you have to look at what the exclusions are. For example, one of the exclusions is did you cause the breach by your own negligence. Well that’s to avoid the policy. So if you happen to click on that link you’re the one responsible for the hack. You’re the one responsible for the launch of $1 million to someone.
You’re probably not going to be covered. So having that cyber insurance, it’s good. If you’re truly a victim. It would have been great for the other guy to have that policy because you would have been covered and then the insurance company would go after the offer. But you have to make sure you’re doing steps number one and two, which is doing an assessment of what your needs are and then train.
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: Making You’re Properly Trained to Handle the Situation
Okay. So let me give that back to you. Make sure I’m 100% tracking with you. So if the company who is working with the law firm, the company that had given the law firm the million dollars to to hold on to because of that transaction, if that company and if the client it had was holding a cyber insurance policy or whatever it’s called a cyber insurance policy, and the law firm had made this mistake, then the client could have said to insurance company, hey, law firm had this breach, whatever, blah, blah, blah, insurance company would have restored the client.
Law firms still would have been exposed to the risk, but then the client would have been made whole. Am I tracking you? You are exactly right. But again, you’ve got to make sure that you’re not the cause of the problem. And the only way you’re going to do that is by knowing what the problems are and making sure you’ve trained properly for it.
And finally, Steve, I gotta tell you, despite everything I’ve said today, there’s two types of people in the cyber world. Those who have been hacked and those who are going to be hacked. It’s very hard to get away from this problem out there, because there’s so many of these criminals all over the world, often carjacking Austin or anywhere else where they just want to attack you and take what you have.
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: Know How to Report to the FBI
So you’ve got to know what you’re going to do when it happens. The right time for you to know who to call and how to recover from an event like this is not when it’s occurred. You want to plan in advance how many of your listeners out there know what number to call for, the FBI or what FBI office to even call?
Take the time to get that information. Develop a relationship with the person on the Cyber Squad that would work these events so that you can reach out. And most importantly, if you’re doing business out there, federal laws require that you offer protection to your consumers who have been victimized. Who are you going to call for that? Make sure you have something set up in advance, not necessarily a contract.
You don’t need that. Just know what’s the company I’m going to call that’s going to help me make it right. You know, when there’s a cyber breach and you’ve had consumers who have been victimized, regardless of where they live, you have to comply with each individual state law as it pertains to cyber reach, 3050 different state laws, plus Puerto Rico on these matters.
Do you know all 50 states’ laws? Of course not. You need a company that’s what they do for a living. So that way they can do the compliance. Then you can notify all your victims and they can handle the recovery as it’s needed. Your job is to do what you do for a living and make money. Hire somebody else to do the job that you don’t do.
Know who to call when that time comes. This is really, really smart. So I know that we’re quickly running out of time here, and I am so very grateful that you said yes, to come on to the show and to share the depth of your expertise. And when I say death, I know we just scratched the surface, but thank you for giving us the simple precautions, some insight into policy, some insight into insurance and how to start to protect ourselves.
And also doing such a great job of making us aware. Like, again, I had no idea that this was as pervasive as it is. And, you know, I I’m sure I had heard a few stories, but it’s a magnitude like $5 billion on that one particular sort of type of fraud and no idea. So this was extremely helpful.
Before we go, before we close out and say goodbye, any final advice that you want to share on anything you think we might have missed? And then what’s the best way for Onward Nation business owners to connect with you?
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: Final Advice from John
Well, my advice to you is if you haven’t thought about this topic before, think about it now. If you’ve got a C-suite, this should be a conversation.
If you’re a one man, one woman operation, make sure you take the time to put some thought into it. If you don’t know the answers, find somebody who does. So that way you can be educated to keep yourself safe. This is my passion. This is what I like to do. I spent my entire professional career helping other people and having retired from the FBI, that’s all I want to continue to do.
I love going out and training. I’m hoping some of your listeners will call upon me. If you’ve got a simple problem, I’ll talk you through it for free on my phone. I’m always happy to do that, but even better, bring me out and have me talk to your company. I may talk to you about what your needs are and assessment, and I’ll get you set right as well.
And if I can’t do it, I know the person who can. And I’ll put you in touch, by the way, for the recovery. I don’t do any of the recovery stuff, but I know a bunch of people will. I’d be happy to provide you with each hour’s goal that information so that your listeners can be safe and prepared.
John, that is awesome. Thank you for being so generous with your expertise as well as the other resources you just mentioned. So how does Onward Nation reach you?
Learn about cyber security to know how to keep your business safe
How to Keep Your Business Safe: How to Connect with John
Well, aside from my website, you can find me on Twitter, which will lead you to everything else, @FBIJohn follow me. Everyday, I put out a tip on how to keep yourself safe in today’s world.
Okay, Onward Nation, we will put John’s contact points in today’s show notes so you can find those there. And no matter how many notes you took or how often you go back and listen to John’s words of wisdom, he gave you the precautions. He set the stage. He, like you, put a big, bright light on this problem.
And then was kind enough, generous enough to give us some of the simple precautions that any business owner can put into place. Take those, apply those into your business right away and protect yourself as a result of that. In John, we all have the same 86,400 seconds in a day. And I am grateful again, my friend, that you said yes to come on to the show, to be our guide to help us run safer businesses and protect ourselves into the future.
Thank you so much, John. Steve, it’s been a pleasure. Thank you. And thank Onward Nation for giving me the time today. Be safe.
This episode is complete, so head over to OnwardNation.com for show notes and more food to fuel your ambition. Continue to find your recipe for success here at Onward Nation.
Learn about cyber security to know how to keep your business safe
Fill Your Sales Pipeline Q&A
LIVE Wednesdays at 1:00 pm Eastern / 12 Noon Central
The Sell with Authority Podcast is for agency owners, business coaches, and strategic consultants who are looking to grow a thriving, profitable business that can weather the constant change that seems to be our world’s reality.