Wondering how to shield yourself from the rising tide of cyber threats? Do you have a small or medium-sized business with limited resources for a dedicated IT security staff? Fret not, as we bring you insights straight from cybersecurity experts, Rick Snyder, the 48th Governor of Michigan, and Dave Bint, the co-founder and Chief Client Success Officer of SenSai. Join us as we journey through their professional sagas, discuss the inception of SenSai, and explore why cybersecurity is a concern that no one can afford to overlook.
Your business could be the next target on a cybercriminal's list. With Dave Bint at the helm, we delve into the vulnerabilities that small and medium-sized organizations face. Listen in as we dissect the tactics used by cybercriminals to breach security systems and how SenSai offers the much-needed shield. Beyond theoretical discussions, we also examine practical tips such as the use of automatic software updates, password managers, and virtual private networks that can bolster your online security.
Last but not least, we discuss the importance of incident response plans and cyber insurance. With an evolving threat landscape, having a proactive and comprehensive plan to handle potential cyber attacks is critical. As Rick and Dave explain the challenges that businesses face in securing cyber insurance and how SenSai can step in to assist, you'll gain remarkable insights on fortifying your digital world. So, tune in for a conversation that promises to change your perspective on cybersecurity.
Engage the conversation on Substack at The Common Bridge!
Wondering how to shield yourself from the rising tide of cyber threats? Do you have a small or medium-sized business with limited resources for a dedicated IT security staff? Fret not, as we bring you insights straight from cybersecurity experts, Rick Snyder, the 48th Governor of Michigan, and Dave Bint, the co-founder and Chief Client Success Officer of SenSai. Join us as we journey through their professional sagas, discuss the inception of SenSai, and explore why cybersecurity is a concern that no one can afford to overlook.
Your business could be the next target on a cybercriminal's list. With Dave Bint at the helm, we delve into the vulnerabilities that small and medium-sized organizations face. Listen in as we dissect the tactics used by cybercriminals to breach security systems and how SenSai offers the much-needed shield. Beyond theoretical discussions, we also examine practical tips such as the use of automatic software updates, password managers, and virtual private networks that can bolster your online security.
Last but not least, we discuss the importance of incident response plans and cyber insurance. With an evolving threat landscape, having a proactive and comprehensive plan to handle potential cyber attacks is critical. As Rick and Dave explain the challenges that businesses face in securing cyber insurance and how SenSai can step in to assist, you'll gain remarkable insights on fortifying your digital world. So, tune in for a conversation that promises to change your perspective on cybersecurity.
Engage the conversation on Substack at The Common Bridge!
Welcome to this episode of season 5 of the Common Bridge, where policy and current events are discussed in a fiercely nonpartisan manner. The host, richard Helpe, is a philanthropist, entrepreneur and political analyst who has reached over four million listeners, viewers and readers around the world. With our surging growth in audience and subscriptions, the Common Bridge continues to expand its reach. The show is available on the Substack website and the Substack app Simply search for the Common Bridge. You can also find us on YouTube and wherever you get your podcasts. The Common Bridge draws guests and audiences from across the political spectrum, and we invite you to become a free or paid subscriber on your favorite medium.
Speaker 2:Hello, welcome to the Common Bridge. If you're listening to this as a podcast, you're connected to a network someplace. That network is connected to the internet. If you're looking at the video at Substack or on YouTube, guess what? Our digital device is also connected to a network connected to the internet. And let's say you're reading on Substack guess what Same thing. So we're here today with two experts in cybersecurity because they're going to explain what cybersecurity is, how you can be more secure, and I hope you'll get a lot of value out of this. And we welcome today the co-founders of SenSai 48th governor of the state of Michigan, rick Snyder, and co-founder chief client success officer, dave Bint. Thank you, gentlemen, thank you, it's good to see you both. Thanks, rick. Of course, you're well known for doing a great job as a governor of the state of Michigan. We appreciate the relentless positive action that you brought, but you had a pretty good career before serving as the governor, and can you maybe tell our audience a little bit about that and then a little bit about what you did post-governorship Sure?
Speaker 3:Rich, it's great to be with you. Good to see you. Thanks for the opportunity to catch up with you again. This is actually my fifth career. I can't hold down on Jeff. So if you look at it basically, if you go back in the 80s, I was with Cooper's Library, Now Price Waterhouse Coopers. I was a tax professional. I became a tax partner and then a mergers and acquisition partner, helping people buy companies. That led to going to Gateway Computers in the 90s. There I was the number two guy working for Ted Way, the founder.
Speaker 1:And that was an incredible experience.
Speaker 3:We went from 600 people, 600 million revenue to 6 billion and 13,000 people in six years and I was the chief operating officer and president. Then I came back to Michigan. Ted was moving the company to California. We wanted to come home. I did $200 million venture funds so I was doing the craziest work, doing dead cold startups, finding professors in technology.
Speaker 3:And then Michigan was absolutely a disaster in 2008, 2009, and going into 10. So I ran for governor and I won. So I had the wonderful opportunity and the honor to serve for eight years as governor of Michigan. There are term limits, so I got thrown out on the street after eight years. And then what do you do with an old governor? Well, I was very fortunate. I met David, who had actually worked with me at the state, and a couple other colleagues, and we formed Sensei Because, if you look at, we were the best in the nation with state government at the state of Michigan. Cybersecurity is a huge, pervasive issue and I knew it was a way to continue to help people, to give back, just in a different context, because small organizations are desperately in need of help, even when they don't know they need help yet.
Speaker 2:They need help.
Speaker 3:So we're here to help with Sensei.
Speaker 2:And David. You met the governor working for the state. You were the chief information officer. You were a Detroiter. Maybe share with our audience a little bit what your career arc been like.
Speaker 4:Yeah, so I probably graduated from Eastern Michigan University. I like to joke, it's the good school in Washtenaw County.
Speaker 2:That it is there you go, all right.
Speaker 4:But no, I started out as a small time city manager out in the west side of the state for a couple of years, right out of grad school. Then I came and I worked at Washtenaw County. I was there for nine years and was the deputy county administrator and CIO there, Then went into the private sector for a little while. Then I met this guy right here sitting next to me and he ran for governor and won and so I went in and I worked with him. I had known him for years before that.
Speaker 1:So then I was the.
Speaker 4:CIO for the state of Michigan promised for six and a half years. About four of those years I was also the director of the Department of Technology Management Budget and then I kind of put my public service days on hold and put them away for a little while, Went to become the CIO for Lazy Boy great company in Monroe, Michigan, and then got back together with him when he started Sensei, because, again, as he talked about, you know it's small, medium sized organizations are getting hammered and there's just some really common sense things we can do to help them. And so it is like he said, it's like giving back, but actually it's. You can make a little money doing it too.
Speaker 2:Well. Profit, lets you sustain the runway, lets you help more clients and people that haven't been in business don't understand. It's all about satisfying a customer and making sure you have a satisfied, motivated workforce, and those make a better country and a better state, better communities, and I can see the connection. You know, lazy Boy. You're thinking about your kickback and your recliner. You're looking at your iPad and all of a sudden, a ransomware grabs in or a phishing comes in. So what is cyber security and what's the threat out there? What should people be thinking about when they think about the term cyber security?
Speaker 3:Yeah, the way to look at many respects is we live in a digital world today and we're surrounded by it. If you ask anyone whether it's iPhones, ipads, you know, android phones, any kind of electronic device that's connected to the internet you have to be concerned about cyber security. You're in a connected world and I wish you'd say we didn't have to worry about, but there are bad people out there that are going to take advantage of the fact that network, that connection, is not perfect. There are holes, there are things that we don't do. There are ways that people can exploit vulnerabilities in the cyber world.
Speaker 2:What are they after? What are the cyber thieves after cyber?
Speaker 3:Yeah, there's a category of six or seven different categories, but the one that's really prevalent today. The biggest one is cyber criminals just want to make money and that's where ransomware comes from, big enabler of that. That didn't happen 10, 20 years ago. Very much it was other issues that were the cyber hacktivist or hacktivist. Now it's mainly cyber criminals because they see the opportunity to make money because of Bitcoin. Oh, okay, because if you think about it, there's an anonymous way to get paid, essentially. So there's their currency. And once that currency was created, they learned okay, now I can go shake down people, get money from them and not get caught.
Speaker 2:I was in a venture and one of my investing partners there. One of their companies got hit with ransomware and for my audience doesn't know what ransomware is. Your network is seized and you've got to call this number and we'll give you a key to unlock it and there's a payment. And they had to pay in Bitcoin. And let me tell you how organized they were. The cyber criminals had a help desk to help transfer the ransom in. They were that sophisticated and obviously it was fairly lucrative. They're mostly offshore Russia, brazil, I believe, china, yeah, oh yeah. So ransomware tell us more about that.
Speaker 4:So the bad actors are trying to get your information and trying to get your data as an individual. But as they look at companies and those kinds of things, they'll attack you with a phishing email and when you click on it it'll drop ransomware on your system. And ransomware actually has kind of evolved, right. Not only do they have help desks and they're like a little organization, but ransomware has evolved to its dual extortion. So what happened to your friend was that they locked his network and they said if you don't pay me a certain amount of time, I'm going to delete all your files.
Speaker 4:Well, a lot of organizations in the world now have evolved a little bit to where they're a little bit better at their backups. They're backing up their data in the cloud or in some kind of off network location. The bad actors actually very good, great job. You know you did really good traditional ID, but we've stolen your data now and we're going to drop that on the dark web and you're going to be liable for that, and so that's that dual extortion. That's really becoming really bad these days and you're seeing that happen all the time, and it doesn't matter if you're a big company or a medium-sized company or a small company. They're coming after you.
Speaker 2:Because there's a market for that information. Somebody wants to buy it on the dark web. I think there'd be some obvious things like bank records and that type of thing. What else are they after, so think?
Speaker 4:about it. They're looking for your social security number, your credit cards, your identity, your health records, anything that they can use that they can sell on the dark web to other bad actors so they can exploit you. They can go into those holes in your kind of digital persona and start attacking you that way. That's what they're going after. They're very successful at it and they're very good at it. I think you were bringing up like China. You're seeing that the ransomware groups are mostly in Eastern Europe or South America, but those in nation states China, russia, iran and North Korea they're really active as well, and these are large organizations.
Speaker 3:You both mentioned it to some degree, but literally they now have HR departments in addition to help us. They publish openings, position openings, opening recruiting. No, they have a whole blown. They're just like a multinational corporation, some of the bigger organizations there and it's gotten worse. One of the things that we've seen that really concern us and our whole team is now it's even more horrific.
Speaker 3:The worst case that I can think of was there was a school district that was held for ransomware and not only did they suffer through that, they didn't respond particularly well, they didn't get notices out to parents and students. They had been hit and the tradition was even the bad guys had certain standards of how they behave, where typically they put on the dark web. Well. Well, since they didn't pay and stuff, they went out. The bad guys went out and posted the worst files possible on the open web. So they put out the disciplinary files, the mental health records they had on students. So can you imagine that the school district hadn't let the parents and the kids know? And you go home from school and you see that now your kids' prescriptions are up there what they may be on? Did they attempt to suicide that now is publicly available, that all their friends and family can see?
Speaker 2:That's horrific, malicious at a different level. I know protection's hard so we used a very good company out of San Antonio for many years called Rackspace to do managed exchange server. Just about a year ago they got hit with an unresolvable ransomware attack and I know they have all the sophisticated backups. They had every layer of protection you could get. They never could bring that service back online. Millions of users.
Speaker 3:So one of the big issues you hear about, these big organizations get hit, and we could list a whole bunch that have all been hit. The University of Michigan got shut down for three days at the start of this semester. So these big organizations are getting hit. But what we did was sense eye. Our focus are the people that don't have a place to get help.
Speaker 3:In terms of the traditional cyber industry, there's a big cyber industry a lot of venture capital, a lot of great companies, a lot of really smart people. They're building technology tools that are well suited to sell or to be used by places. They have sophisticated people that know how to take multiple tools and put them together to protect themselves. What happens to the small organization that doesn't have a full-time security person or even a full-time IT staff? So we built sense eye to say let's help the unprotected, let's try to find a way to go out and help them, because there are half a million of these medium and large organizations. There are six million organizations that are for profit not for profit governmental that we think we can really make a difference for.
Speaker 3:And so that's why we're excited to do this. This is a calling, in addition to holding a good business.
Speaker 2:So as small as like the local bakery or, as you mentioned, school systems, which clearly need a level of sophistication. Bring some of this to life. Are there some examples of places that had cyber vulnerability that they didn't think they had an answer for?
Speaker 4:Yeah, so, and I'm glad you brought up education, because education is now the fifth most attacked industry in the world and it's only increasing. So education for sure is one of those areas that we're working in. But we work with all different kinds of organizations. We work with companies in California who make commercials. We work with companies in Massachusetts who are trying to cure cancer, with private equity and venture capital and other states, but anything from law firms, accounting firms to nonprofits to education, we kind of go all the way across. And one of the other ones is software development firms, software and software shops.
Speaker 4:Everybody who you described earlier, everybody was kind of on the internet. And if you're a smaller, immune-sized organization, you're a digital organization anyway you are a target. We work with a lot of manufacturing companies and manufacturing companies maybe in somewhere in mid-Michigan or upper Michigan to think who's going to? Nobody wants to attack me in so medium-sized, small company in mid-Michigan, nobody even knows I exist. Well, you're on the internet and if there's a door or a port open in your organization, those bad guys are looking to go through that Talk about those doors and those openings.
Speaker 2:Surely they don't have a human being sitting down trying to look for them. How does the cyber criminals? How do they locate the target?
Speaker 4:Yeah, so they're just, they have a, they have some great software, they have a bot, that is just just. I call them drive-bys, right, they're just driving by and they're spinning to see if anything's open. Once they see something's open, they get really interested and they go in and then they start to do a little intelligence gathering, and we're seeing this In every industry all over the world. Yeah, the other thing we're at.
Speaker 3:You know this because we all get it. Every person watching or listening to this. It's getting fishy me now. The ph kind, the kind that says here, here's a chance to win your yeti cooler. Here's the chance to say there's something really urgent, this offer is going to expire. Here's something you can do. All those are traps trying to get you to click on some attachment or something.
Speaker 2:There are some very clever ones that I've been personally bombarded with. It's like oh, here's your payroll record or your payment went through and they've spoofed my family office URL so it looks like it's coming from that and, obviously very small operation. I know it's not good, but I could see if you were running a 20 person company and it looked like it was coming from your company, you might click that yeah, we're getting them all the time and it's more than email now.
Speaker 3:Now you got to be ready for text messages and voicemail even so we stream yeah, open voicemail. We. We actually have it in our company where they try to get us. I mean we're a cybersecurity but that they would get a kick out of getting us. But we have people that are on our team. They get out Text saying please, this is for me, so please go out and buy a bunch of gift cards.
Speaker 2:Yes, right, I got an urgent need.
Speaker 3:I can't do it myself. Go out and buy a bunch of gift cards. If anyone asks you to buy a gift card, be worried. It's probably Sounds too good, be true, or super urgent. You have to build in an extra two or three. Second Response to say before I click this this could be really important, but let me check it out first. Let's hover over the address. Let me look at it. Come along with things.
Speaker 2:If it doesn't seem right, don't do it, get one letter off one of my ventures and it went through several people, but it looked like the chief operating officer telling the CFO to give them some payroll data and it went through three or four people that look suspicious. One person knows I'll take care of this right away, before the weekend starts and and just handed over a lot of information to a cyber thief.
Speaker 3:Yeah, that's what they try to do. They know Friday afternoon when someone may be trying to get out or a holiday, so anything that could be urgent. That way you have to be worried. If you're a fine answer, an HR person, you have to be particularly concerned about the email you're getting, because the common one, if your HR person is, I'm changed my bank, so my payroll deposit number is now this instead of this Be careful, finance person, any kind of wire, in particular if you're transmitting money, I would get that verbally confirmed or double checked.
Speaker 2:So that's a. That's a good take-home value there If you're sending a wire transfer to make sure that your financial institution has to call and get a voice confirmation. Now I understand with the AI they can steal your voice and make it sound like you too, but I don't know how Vosfisca did that is yet, but still as a measure.
Speaker 4:Yes, it's a good one. It started to get Pretty good deep fakes are getting really what really well done. But yeah, the point you just made about the institution calling you Well, you might want to call them and you might want to make sure you look up their number and not just take the number from the email they send you, because they're actually putting, like you were saying, they have call centers, so they let it be a fraudulent number. They tell you to call the verify and you call that number. You're calling the bad guys. Help. There's several steps, you know. There's several steps you can take to really protect yourself. And it's like you said, it's just take a couple extra seconds, take a deep breath, take these extra steps and you, for the most part, you're gonna be protecting yourself and your company.
Speaker 3:Yeah, there's two or three things so rich that we we would clearly put on everyone's list to do to check out. I mean passwords. The classic there is never reuse a password and we find it's probably Most people are using the same password more than once in some context. Really bad idea Because of the place where you use that password Gets hacked or that gets the bad guys get it. They know that password now. They know who you are. They're gonna try that password now on every kind of account they can find out about you, or just randomly, because they've done digitally.
Speaker 2:They'll take that sign on password combination and just Maybe get a hit.
Speaker 3:It cost them almost nothing, yeah, so never reuse a password. Come up with strong passwords, those alpha numeric things. Longer is better and, Again, this can be a burden for people because you may have a lot of passwords. Get a password manager.
Speaker 2:How now one of the things I was gonna ask you about password managers, and how does somebody protect the access to the password manager which has all your passwords?
Speaker 4:Yeah there. So there's a couple reasons why we recommend password manager. First of all, you can't remember all Right and when I do that talk, the idea that I do a talk where when I say, you know, in front of hundreds people I'll say don't reuse your password, and when I say that I can see people in the audience who are Reusing their password they turn pale or they mouth to the person. The next time I'm doing that and start writing out feverishly the password managers allow for you to have complex passwords, unique password for everything you're signed into, and they have it's encrypted. It's military grade encryption. There's several different layers they build into it. Now, nothing is I Will never say nothing's breakable, but the password manager is done well. There's a few and they're really really, really well done. I Really good, safe way of keeping your passwords.
Speaker 3:Just make sure you keep your password for your password, that's right, that's what I was concerned about was that picture that's complex, and don't lose that right, because I could If I'm a cyber thief.
Speaker 2:I'm gonna say yeah, mr being, you need to reset your password and I'm your password manager. Okay, and now I've got your password into everything.
Speaker 4:Yeah, that's that's. But in those situations, right there, take a deep breath, take a few seconds. Your password manager is not gonna call you and say you need to resell your pass right never go.
Speaker 3:So other things you should be doing in terms of turning on multi factor authentication or two factor authentic it's all.
Speaker 3:Tell our audience what that is for people that aren't familiar with two factor authentication yeah, it's basically the common one is is where you turn it on and it says we want to send you a text or an email To your number, in addition to you putting in a password to verify it's you. Usually it's a text, mm-hmm, and it'll be a code then that you have to enter Within a certain time frame to get in it. You should have that on whenever possible. Two factor authentication is a really good thing, so we really encourage people to do that when I were possible there.
Speaker 3:So there are simple things. The other one is your software. Make sure automatic updates are turned on and most people don't have I'm turned on and even when they're turned on, don't always believe they've updated. So you'll find that in all your hardware and software usually about you know there's a place for auto updates. Make sure that's enabled, because if you don't, then you may have an older version that the, the company that sold you that software, is identified where there's a security hole. The bad guys know that and they've sent you a patch to repair it and if you don't put that patch in place, you're vulnerable.
Speaker 3:So see they're all rich. There are a number of really simple things you can do to be safer. We tell people you know one can tell you to be safe. If anyone tells you you're safe now, they're lying Because the national security agency is not safe. If they're not safe, we're not totally safe, but you can be much safer.
Speaker 2:So we talked to factor authentication. We've talked about the password managers. What about some of these things you see advertised like life lock? What category of service is that, and are those worth it?
Speaker 4:Yeah, I actually I'm a big believer in those. You know, life-lack experience, all of those, because again, they're their organizations who all about securing your data military grade encryption on those as well. What?
Speaker 1:they do, is they help?
Speaker 4:monitor for your credit cards, even your passport, your email addresses, your phone numbers, your bank account. They're monitoring everything for you. And one of the things I really like about them is I actually use Experian and we have a whole bunch of people like why are you for my kids around it as well with me? What I really like about it, too, is I can just shut my credit off. I remember back when I think it was Equifax, somebody got breached and they were charged us $10 or $7 to open your credit, then close your credit or whatever. Now click the button and your credit's locked.
Speaker 2:So if somebody's trying to steal your identity and use your identity to check credit, they run into a block. It's like no, you can't use it.
Speaker 4:That's right, and then if they detect something, it's almost like a service we provide at Sunside, because we're doing vulnerability scans and dark web scans for our clients. When we detect something, we alert them and they do the same with those servers.
Speaker 3:Well, our company actually does that for these organizations, so we do it for the organizations where these other companies tend to do it for individuals, and there are all good things to do. They're really important things to look at. One other one that I'd mentioned in particular is if you travel, if you're in. All of us travel and we want to be online. So this is about getting a virtual private network. That's VPN, and many, many people don't have this. So if you go on an open network somewhere, the bad guys can often try to be get in your system. If you don't have a virtual private network and the classics are airports you shouldn't be on an airport open network unless you're on a VPN.
Speaker 3:It's a dangerous thing, and they're relatively inexpensive to get.
Speaker 2:I use a product called Nord and NordVPN. I know there's others out there and for our audience, if you get hacked, all the bad guy can see is the tunnel out to the VPN. They have no idea where you're going and it's an encrypted route so it's kind of a roadblock. So the virtual private network, not expensive. What about the vulnerability differences between going on that airport Wi-Fi and or just accessing the internet off your cell service? Are you better protected on the cell service or not?
Speaker 4:No, I would highly recommend a virtual private network whenever you can, or tether to your own device too, like I'd never jump on the Wi-Fi, the coffee shop or the airport or the hotel, I mean, and even though they may start. You see, some are starting to say, not, we're secure. I don't believe it. There's smarter guys, there are bad actors out there and they do something. So I always tether to my phone or my iPad or something like that, and then I jump on a VPN.
Speaker 4:A virtual private network. This guy's the acronym for police. He doesn't let me use it.
Speaker 2:Well, those of us who have been in technology, we don't realize how often we're throwing it out around an acronym, until someone's like stop it you know they're so good at telling people.
Speaker 3:It's like, yeah, you think, yeah, cyber people are from Mars or something.
Speaker 2:Right, that's the thing, guilty as church. So, on the VPN, I do a lot of work on my phone or on my iPad and I would just be onto the cell service and I turn the Wi-Fi off and my understanding and correct me if I'm wrong is that it's harder to intercept that cell signal, Not impossible. And what's the vulnerability for places that block you from using your VPN? So Ticketmaster, by way of example, if you're behind the VPN, it thinks you're a hacker, and there's a lot of them out there. What's going on in that cyber battle?
Speaker 3:Well, again, they're trying to protect themselves. So what I would say is, again, I would hopefully you don't have to buy those tickets at the airport, Right, or if you're on a cell system. So I mean, this is where you're gonna find these conflicts. You just have to work through them. They're challenging.
Speaker 2:Okay, so we're talking about VPN, we've talked about Experian or Lifelock, and we've talked about two factor authentication Some of the things too and, dave, I've had the pleasure here to speak about this and there's ruses and there's things that are obvious that someone gets an email. What's the right thing to do when you're looking at an email and it says click here?
Speaker 4:What do you do when it's obvious mission and it says click here?
Speaker 2:Yeah, or it's not so obvious. What are you at? How are people penetrating these networks?
Speaker 4:So, first of all, if you get an email that just is out of the norm and maybe some grammar's wrong, you have some of those spelling errors, or it's asking you to act quickly on something that is not normal, delete it, just absolutely delete it, right. There's no reason for you to even interact with that. I have people sometimes who will say, well, I'm just gonna mess with it and I'm always like don't do that, so just delete those. There's no, there's no-.
Speaker 2:There's not really a human behind it. You're not gonna mess with it. It's a AI vibe, right, that's doing it.
Speaker 4:If you don't know-.
Speaker 2:Artificial intelligence. Sorry, Rick, I got the I saw you going there.
Speaker 4:If you don't know who it's from, just delete it. Just get rid of it. Move on with your life.
Speaker 3:Yeah, so you find these all the time. So I got one yesterday Actually my wife Sue got it at first and she got it from an organization that said we had an alarm go off and it said a telco alarm or a telco fall, and so she was concerned. So she sends it to me and stuff like that. And so I go check out the address and stuff like that. And this one was easier than I thought because it was a legitimate address but it was for an organization in Bulgaria and it was like I don't think we really have an alarm monitoring system in with the headquarters in Bulgaria.
Speaker 3:Yeah right, this is one just to delete. So again, that's where you get them all the time. You just have to be extra thoughtful about checking them and it can happen to anyone. Another group, though, I would mention that are like that, but they've gotten so sophisticated. Docusign is a great-. Oh, yes, yeah, so they're now spoofing or making up fake DocuSigns on you. So if you think about it and you just bought a house, or you bought a beautiful condo or something and the closings in the paper, that's public information. So the bad guys may get that list to say, okay, you've closed on this condo, they know the address, and so they'll send you something to say congratulations, it's so exciting, you got this place. You just forgot to sign this one form, so please complete the DocuSign.
Speaker 2:I actually got one of those at one time. I deleted it yeah it's the bad guy.
Speaker 3:Yeah, I got one.
Speaker 2:And it looks very real. Yo, yes, if I'm not expecting to sign a document, I don't touch it. That's right that someone's gonna have to tell me it's coming and then I will deal with it. That way. These guys are ingenious about getting in and they can drain your bank account, they can steal your identity, they can take your sensitive personal information. You may mention that one of the places they go is the dark web, and people hear the term the dark web and it sounds scary and it is, but our audience is more of a lay audience. Can you just explain what the dark web is and what's going on there?
Speaker 4:Yeah, so the dark web is the underground of the internet where bad actors trade and sell information, personal information, credit card information, health records. It's where they barter and sell that information. It's where you know I, the dark web actually was originally developed for research, but then you know, the bad actors really took it over and it's.
Speaker 2:It's dark because I can't get it on my browser.
Speaker 3:Yeah, you have to know how to get there, and the people on there are anonymous, you know. So I mean, they're using some Identifier for them, but you don't know who they really are right, and so it's this under it. Is this literally a different world that you need to worry about? So one other area, though, I would mention to you rich, that we encourage people to look at, especially organizations, are what's your incident response plan? How do you respond if you have a problem? Because we've talked a lot about and we, if you look at the best practices framework put out by the Federal government that we emulate, we actually encourage people to do this. In our practices is there's like prevention and detection. Okay, see the bad stuff, stop the bad stuff, you come in you again, you can be safer. You can't guarantee something bad won't happen, but what happens if the bad thing happens? Mm-hmm, do you have an incident response plan to say this is how we respond, this is what we do, this is how we recover. How do we deal with this?
Speaker 2:so it's recovering response, kind of are these a service that small and medium-sized businesses can buy from you as a Package?
Speaker 3:yeah, we package this part of our whole solution where we try to help with that whole framework, and one of those elements is this incident response plan. It's a template, so you sort of fill in who are your emergency contacts, where are your backups, where are all these things ready to go? Because the analogy I give people it's like it's funny to watch people's reaction when you put it in terms they are used to understanding. It's like do you have a fire evacuation plan for your business? And everyone goes, yeah, we got a plan on what we do if we have a fire. I said, okay, you're in Michigan, are you ready for the tornado? Or, if you happen to be down Florida, do you have your hurricane?
Speaker 2:Yeah, exactly right.
Speaker 3:Yeah, and that's great. And I said do you have your incident response plan for cyber? And they go, huh, and it's like, okay, now let's talk about this. What's more likely? Are you like more likely to have a fire, to get hit by a tornado or To actually have a cyber incident? And everyone goes, well, yeah, the cyber ones, the ones that's really gonna happen. So you've got this backwards. You've got plans for the things that are less likely and you're unprepared for the likely and You're eating in the cooling company and you've got lots of trucks on the road.
Speaker 2:You're directing your technicians, you're ordering parts, you're having your customer sign invoices, it's all digital and it goes dark because you just got hit by a cyber attack. That's right.
Speaker 3:But if you have good backups you know where they're at, you know how to restore, you know how to do all those things you can make a huge difference.
Speaker 4:Yeah, I mean, that incident response man is really critical. I talked when I talked to small means. I was arduous all the time I talked about that, because It'll take that bad day and make it a bad day or days, but not a bad week or weeks or months, mm-hmm. And so that's why that incident response plan is so critical, because, as you said, you know, everyone has a business continuity plan, but they leave cyber out, right, and that's cyber is the one thing that right now can stop your business in an instant, like you just said so two questions here about cyber insurance and the wisdom of that, and then Secondly, but in not related but my understanding also is, some of these bad actors will go and infiltrate a network and Actually go and put bad code into the backup file.
Speaker 2:So you can't get your backups back either.
Speaker 4:So for that first, yeah, some of the more sophisticated groups. They will corrupt your backup, right, but there's tools now that there's things you can do to kind of help me Remediate that. But no, I'll put it this way if a bad actor really is coming after you and they're very sophisticated, it's gonna be tough to stop them, but there are things you can do to remediate it and be backup quickly and that's why we, that's why we work with small, indie size organizations to make sure they understand this is really common sense solutions you put in place to really help protect your company.
Speaker 3:Well, yeah, and then insurance. Go to your bag. We recommend you get insurance, cyber insurance, it's a good thing. I mean, it's another layer of protection to help you come back if you have issues. The issue was cyber Insurance, though you have to be really careful. It's not a simple field to get cyber insurance and a lot of cases, ransomware may be a separate policy or separate ways. So even if you get cyber insurance, you may not be covered for ransomware, so that's a whole issue.
Speaker 3:The other part that we try to help our clients with is filling out the forums to To get insurance. Again, they're not in English. Generally. I mean they're written in English, but it's back to cyber ease, quite on right, and if you don't check the right boxes or if you check something that really isn't true, you know what happened right yeah, yeah right yeah, you can still take the premium if you're not getting the coverage.
Speaker 3:Exactly the average small business person. To even know how to fill out a form is very challenging. So that's where we recommend we help our clients, but we recommend people get help to make sure you know what you're checking and it's accurate.
Speaker 2:So all these small and medium-sized businesses that protecting the enterprise, and you're bringing forth some great services around that. I want to make sure how do people get a hold of you guys? If they're listening to this Broadcast or podcast and they said this is something I need to do, how do they get a hold?
Speaker 3:Yeah, since I calm S c n s c y dot com and we've got a lot of great resources backup that you can just go get to. But since I, that comes to place. The goal and one thing that we do offer rich that we're very proud of is we offer the opportunity to get a Sense I score for free, no obligation, and as we started the business, we started doing sense I scores to help our clients. That was sort of the cyber health evaluation. Yeah, so it's a half hour long interview or lasts. It's 39 questions collects, like a hundred and some data points and Most people can answer those questions. They may need a little help but that's why we interview them to help make sure they understand you go through that.
Speaker 3:We'll come back and give you a score like your credit score. It's on a thousand point scale and Basically if you're 800 or better, you're in pretty good shape and meant you understood cyber. You've done a lot of good practices. If you're 5 800, it usually means you've recognized I need to do something on cyber. But you still got work to do. So we can. If you want to become a client, we can still help you a bunch, but you're on the path you're making progress. If you're below 500, the three choices I tell people are watch Star Wars, learn about the force, go to religious services or hire somebody like us.
Speaker 2:I thought you're gonna say I smoke Smith Corona's because you can't act.
Speaker 3:Those things are there's something like that You're below 500. Yeah, you're you're living on borrowed time, yeah.
Speaker 4:What we tell everybody is just Assess where you're at and you know, and that's we do again, it takes less than 30 minutes and if you score 400, you equate that to your personal credit score of 400, you know, you got to work on it, right? So it becomes really tangible and it's an easy way to start looking at cyber and a really Common sense, a sensible way, right, sensible cyber.
Speaker 2:Yeah, no, I like that. So one of the things I'm curious about is this that so all these small and medium-sized organizations are Populated with employees that are individuals and they have customers that are individuals, and these individuals might be in the Apple ecosystem or in the Google you know. They've got a Gmail and whatever, and aren't those points of attacks too, on the personal level, so that Individuals ought to be thinking their own cyber security?
Speaker 3:Absolutely. Again, that's going back to some of the services you can get as an individual that's doing all the things we talked about. The passwords, the auto on all these things that we talked about are equally applicable Whether you're an organization or you're a person. And when you talk about Organizations in particular, it's interesting that small organizations what we're seeing, our big companies now their greatest threat are going to be these small organizations because the bad guys seeing they're spending all this on defense the big organizations. It's going to be easier for them to go through and sneak up through the small companies if they're in their systems at all, so this is only going to keep becoming more challenging. If you're a small organization, you don't have a good place to hide. I mean, you can believe you can hide for a while, but do something and we tell people. A lot of this is Changing a culture from passive to active regarding cyber security. We're honest about this cyber security is never going to be your number one priority until you get hacked.
Speaker 3:Yeah but it needs to be a priority on your list of priorities. I told people I'm on my I said my fifth career. I never thought I'd be excited working a company where my key goals to help people sleep better at night. I don't sell pills or mattresses or I'm betting, but the goal is to help people sleep better at night, indeed. So a lot of this is to say how it's cultural. So too often people think this is all techie and all tech tools.
Speaker 2:And to your point about the something attached when we had outsourcing contracts, nothing out on the network. Well, one of the dietary with small department in a hospital went and bought a system and, attached to the network as a rogue connection, had a worm in it and I mean we got it quick, yeah, but it was somebody attaching something for. And that's why I think about the individuals, one of the questions that they'll always like. If you're using a Microsoft exchange, office 365, and you get something and it says you want to report this and say this is junk, or you can say this is a fishing attempt, Does anything actually happen to that stuff when you report that out?
Speaker 4:Yeah, so if you were, if you were part of an organization and you're doing like Microsoft 365 and you have the report Fishing button, yeah, click that. It will go to either your small it team or your managed service writer. Yeah, they actually look at it, they. They quarantine it for a minute. They'll check it out. But it's a really good point though, because if, if you have a report button and that doesn't look good, hit read, hit that report button.
Speaker 2:So I always do the report button and I will say that racks based, when we were using them, they were really good about following up. I'd send them something and they go Thanks, that's a new one we haven't seen. Yeah, and they're looking at it, they're gonna peek at it. They're good company General. We've covered a lot today. What didn't we cover that it'd be important for the listeners, that the readers and the viewers of the common bridge.
Speaker 4:I would just say this again Cybers never gone away. But there are certain things you can do, not only to protect your, your company, your organization, but if you do those same kind of practices at home, you're protecting your family too, and it's one of these things that's never gone away. And so that's why we're really excited about starting sensei, because we want to educate part of our missions, educate the world in cyber. So just take a couple extra seconds, take a deep breath, slow down and make sure you know what you're doing.
Speaker 2:Sounds great. Now imagine that you recall today, by a small group, let's say, the president of the United States, the head of Department of Homeland Security, and I was throwing the Treasury Secretary, that's right and they said, gentlemen, what national or state level policies do we need about cyber security? What would you?
Speaker 3:tell them. Yeah, one of the first things to do is to say broaden the discussion again, as, just as we said, it's a human issue. 90, 80 to 90 percent of the breaches are due to humans being involved in and it's having an active versus passive culture. Nationally, we treat it as a passive culture. They are. There are some really brilliant people that are doing cyber stuff at the national level, but if you look at the dialogue, it's all about them talking to other cyber people.
Speaker 3:Hmm, not much is really. It's about talking to agency to agency or about talking to government or talking about to their big suppliers. There should be an educational awareness thing for the average citizen. Just going through the list and making it much more visible. They do. We do have cybersecurity awareness month. It was October. How much do you remember seeing during cybersecurity awareness month? Not much, no. So this is the thing we need to get word out to people and again make it an active versus passive thing, and so the biggest recommendation I'd have is stop tree ant like a technical thing, or to techies. Stop keeping it just in the world of people that live in this world and help the general public understand they can be safer. It's, this is scary stuff. Let's make it so. You're concerned, but don't be scared. By taking certain actions, you can live a good life.
Speaker 2:It's common sense, things like locking your car up, that type of thing, and I think saw an Oakland County, michigan that the sheriff said that there's be sophisticated rings that are attacking for home invasion. They're doing the Willie Sutton thing. That's where the money is, and cyber is the same thing. It's not just your money, it's your personal data. There's a market for that out there. So, since I calm, great place to start and, gentlemen, as we wrap up today, any final comments for the listeners or readers and the viewers of common bridge. Thanks for having us on.
Speaker 3:This is great. This is on our topic to get out from people, so we're excited to share and we're excited. Let us know if you want us to come back with other scary stories.
Speaker 1:Solutions.
Speaker 4:Subject of the story. Yeah, really, thank you very much.
Speaker 2:All right, gentlemen, thanks very much. We've been talking today with Dave Behan and Rick Snyder of Sen Sai about cybersecurity. It's a big problem today. It's going to get bigger, but you can protect yourself. You can protect your organization. Let's just make it tougher on the bad guys and with that, this is your host, rich. Helpy signing off on the common bridge.
Speaker 1:Thanks for joining us on the common bridge. Subscribe to the common bridge on substackcom or use their substack app, where you can find more interviews, columns, videos and nonpartisan discussions of the day. Just search for the common bridge. You can also find the common bridge on mission control radio or your radio garden app.