Cappuccino Chat - Episode 29 - Breaches

welcome back to another episode of cappuccino chat this time we're talking about breeches breeches and more breeches that's right unfortunately we're talking about breeches yet again it seems like every time we turn on the news either you know via the web or tv we're hearing about some other company having their data breached why is this happening the biggest reason is just like with google and microsoft and all the others data is king everybody wants the data they're not coming after you personally or your company specifically unless you're a big company and you probably are being targeted but for the most part we're all being thrown into the same net if you will and being gone after because our data is valuable it's not nothing personal against us it's just they want our data so some of the companies lately that have been breached mcdonald's office depot linkedin again for the i don't know i lost track of how many times linkedin's been breached and you may be saying that's no big deal but how often have you gone to mcdonald's and maybe you've swiped your atm card or your credit card or you've signed up for some club of the month or something to get a free coupon or signed into their app so you can order ahead of time that data is what was breached so using that data could they somehow steal your identity maybe they might be able to learn something more about you in order to get you to do something and give them more access maybe you reuse your password that will let them into other things again their goal is to get your data once they get you they want to use you to find out who your friends are and who those friends and friends are so on and so forth because again they want the data the more data they can get the more people they can infect the better off they are and the more money they can make it is a business to them unfortunately in today's world it's just a business to them it's nothing personal that's how they want to make their money right so these breaches are very serious and we can get caught up into them that's why we're constantly talking to you our clients and if you're a prospect when we have our meetings and you maybe book a discovery call to talk with me about i'm gonna bring up security to you because it is so important in today's business none of us want to lose everything that we've worked so hard for all of our fam might be a family business all that stuff on something silly that could have been prevented either free or very cost effectively and would have stopped the breach from happening to your business some of those things are just you know training talking to your employees about these different breaches and making them aware of it and i don't like using fear as you know a way to get people to do things but unfortunately there's a little sense of urgency to this and that's why we get the fear you got to understand that is dangerous something bad could happen to you but i'd kind of like to change this up a little bit now i'm half polish and my wife tells me all the time that i do everything backwards so we're going to look at this a little bit differently so if we take into account and every time one of these breaches come up if we assume we have been breached in the same manner so if we assume our data was breached what damage would that cause right so let's just take that hey they've got your password so if i told you right now i have your bank account and password what would you do you'd change your password right you'd log on change your password to something different and go on well if we assumed the breach ahead of time so let's just say we assume that at some point your password was going to get compromised so because we knew that it was a possibility we enabled two factor authentication on your bank account or a second signature to request a withdrawal or a bank transfer right these are different things we could do for our bank well then assuming the breach when we hear about it in the news we don't have to stress out about it if that's how you do or oh that never happens to me you can just say oh i've got that handled because with two-factor authentication turned on roughly 90 of some of the breaches that have happened in the past could have been prevented from users having two-factor authentication or multi-factor authentication enabled on their accounts i just read this from a government study from someone working within the white house in years past they said that a lot of these breaches are just simple to solve by enabling two-factor authentication so i've been talking to my clients for well over a year to get two-factor authentication enabled wherever they can anything that's cloud definitely needs to have it bank account any cloud applications you use uh your email vpn all those things need to be secured by two factor again using the assume you've been breach thing when those you hear about those breaches hey my phone didn't go off and request two factor or they would have had to have a pin you're going to be good to go okay so another thing they want your data or maybe you're going to get a ransomware so they're going to encrypt all your data let's assume that happens so if we role played it right now and right now all of your computers your server everything got encrypted how would you recover what would it cost your company how long would that take etc etc well if you had a proper backup solution and a business continuity disaster recovery solution not just a backup like a usb hard drive because i got news for you that usb hard drive that's plugged into your computer that just got ransomware now has ransomware so in other words that backup is completely useless it's encrypted can't be used so if we use a different type of backup back up the ones and zeros back it up to an appliance that also backs up to the cloud that also scans for ransomware while it's backing up if we assume the breach when it happens we know we can recover now we're still going to be down there's still going to be downtime but what is the ultimate damage to your company hey we didn't lose any data for your company you've rebuilt if you didn't have that kind of solution and you didn't role play and assume the breach you might be caught off guard and your business would lose everything so when you hear about these breaches let's start thinking hey if this happened to me what would i be protected what would i need to do to get to recover from this breach if you'd like any help with that planning that out please reach out to me 760-770-5200 we'd be glad to help you