Three Cybersecurity Tips Every Executive Should Know

Rahul Mahna:

Thanks, Ronan.

Ronan Leahy:

First question is for companies that have a host of computers, what would be the best advice that you can give their executives?

Rahul Mahna:

That's a great question. If we take a step back and think about it, people used to come to the office. And when they came to the office, it was really easy to secure them, to give them a good environment to work in. Now, they're working from home and they're working from a variety of places. So you think about it, we have to secure them in multiple different locations. So when people are at home, they're on the same network as their ring doorbell, as their wise cameras, as their Samsung televisions, as well as their refrigerators now. And all those devices are all connecting to the same router and firewall as their computing devices are.
So the big advice I tell people is update, update, update, update. I'm not sure if I was clear. I'll say it one more time. Update that's really the key to all of cybersecurity needs right now. Update those cameras, update your cell phone, update the refrigerator. It's really important because those updates all have a reason behind it. If you think about this, it's been happening in the car industry forever. A car will have a recall. You'll have to go back to the dealership, and they do that, so you don't get into an accident.

It's the same concept with the hardware found in your home. Those manufacturers are doing recalls really when those patches and updates or whatever they might be called by each individual operator, they're really recalls by the manufacturer saying, "Hey, we found a problem. How do we fix this?" The answer update. So the number one issue is always updating all the devices found around.

The second thing I tell individuals is make sure you have some training. And a recent cybersecurity study that we conducted in our firm, over 100 executives responded to this survey, and they said they're only training their individuals 40% of the time. So there's a huge gap in the amount of training that's happening with individuals right now. So we really encourage our executives who want to have a focus on cybersecurity to train their individuals. So update and training are the two big key takeaways I would say.

Ronan Leahy:

You brought up some interesting points with that answer there in terms of working from home, and the big shift lately since COVID has happened is everyone's working from home. People have a lot more leniency when it comes to their workday. They could work from their living room, go to the office, the hybrid life is here. What would you say are the biggest cybersecurity tips for companies that do implement this work from home lifestyle, and how could they make sure that their technology is safe?

Rahul Mahna:

I was recently on a train. When I looked on the train, everybody's on their laptops, so they're all working from trains. And where do they go from the trains? They usually go to a hotel because they're going to a conference, and they start using the hotel Wi-Fi. And then where do they go from the hotel? They go to the conference center and the conference center they get on a Wi-Fi. And then what happens after the conference? They go out for drinks, they go out to dinner, and they use the Wi-Fi provided, again.

All of these Wi-Fi's are free. There's a huge amount of security that's happening with people working from home in hybrid environments. How do we get them secure? How do we get them safe? How do we get them connected to organizational resources that they can be safe in that environment? So what I say it's an easy solution is VPNs, Virtual Private Networks.

If you can be on a Virtual Private Network, you're much more safe and you will not have as much potential for damage happening to your connection. Now, sometimes VPNs don't work. I've been a frequent traveler. I've seen when you go to different locations, the VPN sometimes gets stuck or there's some issue in connecting. So you don't want to use the VPN. So how do you protect yourself? There's a very simple tool called the DNSFilter, domain name filtering services, small piece of software you can install on your computer or any device, and it will stop the bad domain names from impacting your device. So that's another secondary tool we really recommend. We like to use it and it can protect individuals. When you're on a VPN or when you're off of VPN.

Ronan Leahy:

Definitely I think both of those points are great. I think that VPNs and DNSFilters are definitely things that executives should look into if they're trying to protect their work from home on top of working from home on a day-to-day basis. Employees are logging into different websites. As an executive, how can you make sure that these connections are stable and secure?

Rahul Mahna:

It's a really difficult situation with employees logging into so many websites on a daily basis. If you think about it, most of us start a day with email, then we might log into our CRM system, then we might log into a banking system, and so forth, and so on. So how do you secure all of these different locations that you go to on the internet and using different passwords? The one thing that I always recommend is using a password manager. There's multiple ones out there. When I look at my password manager, I have over 400 passwords now in that manager. There's ways to make them secure. The reason for all of this is if one of those websites get breached, you don't have the same password that's found on every other of those 400 websites. So we feel really secure if you use a good password manager.

Now, I know in recent times there's been some password managers that have actually gotten breached. And I know there's been a little bit of pause and hesitation around those password managers. Of course, being a technology industry, we're evolving. So now there's something called a hardware authentication device, and you take this piece of hardware, you can bring it near your cell phone, or you bring it near your laptop. And it will authenticate not only your user, but because you have that piece of hardware with you, it authenticates that it's really you.

So this really mitigates if the password was stolen, if your password manager was stolen, if somebody's trying to pretend that they're you, somewhere in a different part of the world, nobody can have that piece of hardware. A great example is something called a YubiKey, and there's many others coming out there where you can use this device and really prove who you are, authenticate to those sites uniquely, safely, and have a good safe experience.

Ronan Leahy:

That's a great point. A lot of people don't really make the connection between software and hardware. And thinking about that as a way to provide security, but I think something that any executive should keep in mind as well as all of the other tips that you've provided here today. Raul, I want to thank you for the three cybersecurity tips you've given us today for any executive working in the tech industry. I do want to know if you have any special bonus tips that you would like to give out today. While we have the listeners here.

Rahul Mahna:

I'm often asked about extra cybersecurity ideas. I have two of them that I can offer for this next year. Previously, we used to authenticate to websites with a password authenticate once, and we trust moving forward. Recent findings have found that hackers are getting into that pipe and they're sitting in there, and they're continuing in that trust. We want to break that. There's a new concept that's come out that's called Zero Trust. So you authenticate once as previously, but you have to continually keep trusting and you have to continually keep authenticating.

This doesn't allow a hacker to get in the middle of that pipe because it's broken consistently, and you have to keep authenticating. So a Zero Trust model is something new, and it's something that we're really looking at for our organizations who have a real high need for security. The second thing we're doing is Identity Access Management. So many hackings have happened this year where authentications were left open. So for example, an employee leaves, but their username and password is still active. That could be active on the VPN. It could be active in their active directory. It could be active in their workday, in their HR systems. So what we're really trying to push organizations to now is don't leave those usernames and passwords active. It's costing you money. It's also costing you resources to manage it. Deploy some systems that manage those identities, and you can reduce your footprint on your cybersecurity.

Ronan Leahy:

All such great tips. I want to thank you so much for your time today, Raul, and I hope that everyone here today listening gains some new piece of knowledge.