Pairaphrase Founder & CTO Rick Woyde appeared on Podcast Detroit with Alok Sharma, Founder & Fractional CIO at Sharma Analytics. In this podcast episode they talk cybersecurity, discussing common enterprise security threats and how your organization can protect itself.

Listen Here

 

 

Alok Sharma (Left) and Rick Woyde (Right) discuss cybersecurity

Transcription (first 10 minutes)

Intro

You’re listening to the Podcast Detroit Network, visit www.podcastdetroit.com for more information.

Rick Woyde

My name is Rick Woyde and I am the CTO and one of the founders of Pairaphrase. And I’m here in the studio with my friend Alok Sharma of Sharma Analytics. And I will let Alok explain what his business does.

Alok Sharma

Hey, how’s it going, Rick? Rick, thanks for inviting me out. It’s good to talk, but yeah, you know, I’m the founder of Sharma Analytics. We’ve done some work together in the past. We are outsourced chief information officers. We work with lower middle market companies. So a little bit bigger than what you would consider a small business, but you know of the size where maybe they don’t want to have a full time chief information officer.

Alok Sharma

So we fit that bill for a number of companies and, you know, manufacturing. Some are software companies, we do it for dental chains. It’s a wide gamut of companies who need a part time chief information officer.

Rick Woyde

Very cool. That’s a really important role, too. And a lot of companies don’t have the budget to have a full time chief information officer, but they still need that service.

Alok Sharma

Yeah, you know, I think the way we look at it is, you know, everybody needs technology advice, right? I mean, everybody, regardless of the organization or the business you’re in and, you know, the question is what sort of advice are you getting? And if you’re not getting great advice, it can be very, very costly. And so the way we look at it is that everybody should have access to an experienced chief information officer who’s aware of best practices, who has done it before and who can, you know, quickly kind of help you make decisions about what your organization should be spending money on in terms of technology.

Rick Woyde

Very cool.

Rick Woyde

If people want to get a hold of you, how do they get a hold of you?

Alok Sharma

They can hit us on our website, SharmaAnalytics.com. They can reach us at info at Sharma Analytics dot com and they can also, you know, find us on LinkedIn. Alok Sharma. I think it’s /SharmaAl is my handle on LinkedIn. And that’s another great way to hit me. If you messaged me on any of those, we’ll get back to you.

Rick Woyde

Sounds good. So let’s dive right into it. Security, online security. It’s a big deal. It really is a big deal today.

Alok Sharma

It is. You know, it’s funny. We’re talking to a client today and it was almost all about security today. That was the whole conversation.

Alok Sharma

And this this executive, you know, he said to me a couple of times. That’s what keeps him up at night, right, even during this whole, you know, covid situation where they shut down a bunch of their offices for two and a half months.  Completely shut down. Could not could not run anything out of their offices. And even during that, security was his top concern for a variety of reasons. He had he had been part of an organization that had been hit with, you know, with a cyber incident in the past.

Alok Sharma

And he knew how awful it is to kind of recover from that. That was a big part of it. But it’s funny to, you know, the number of executives who say that to me now that cyber security is kind of the thing that they worry about.

Rick Woyde

Well, I think that’s even more true today with everybody working remotely, because that opens up a whole new can of worms that you’ve got to worry about.

Alok Sharma

Yeah, I think, you know, one of the things that was always difficult to secure was someone else’s device. Right. And almost everybody is in a BYOD or bring your own device environment. Almost everybody’s using their personal cell phone to answer business emails.

Rick Woyde

And we’re working on our personal networks now, too.

Alok Sharma

Yeah, yeah. So take the BYODm, your personal device, that was kind of a sticky wicket to deal with already.

Alok Sharma

And then, yeah, now in some cases, people are checking email on personal personal laptops, personal tablets, and like you said, on their personal networks or maybe at their Airbnb’s network. And and so you’ve taken all those issues and we’ve just added another layer of complexity to another layer of things that we have to worry about.

Rick Woyde

One more thing to keep them awake at night.

Alok Sharma

Seriously, one more thing to keep them awake at night. And, you know, I think you can get a handle on these things.

Rick Woyde

That’s not to say that, you know, an organization can be completely bulletproof and nothing will ever happen to them.

Rick Woyde

That’s impossible.

Alok Sharma

It’s impossible. Absolutely impossible.

Rick Woyde

Anybody that tells you that, run.

Alok Sharma

Yeah, absolutely. The moment someone says something like that…

Rick Woyde

…you’re talking to the wrong person.

Alok Sharma

Yeah, right. It’s really about how do we control incidents and how do we capture them before they become serious.

Rick Woyde

How do you mitigate risk.

Alok Sharma

You got it. Yeah. I mean, you know, that’s really what you’re shooting for. How much can we contain it? How quickly can we be alerted if something happens? That’s that’s almost the most important thing.

Rick Woyde

Well, I want to talk about the number one threat out there, because I do talk to a lot of risk managers and IT security people. You know, Pairaphrase, as a SaaS, we have to go through a very rigorous security check before these companies will sign up for our software. And without a doubt, every single risk manager or IT person I speak with, their biggest thing that they’re worried about is phishing.

Alok Sharma

Yep. It’s the easiest way into an organization if you’re someone malicious, easiest way in is to try to phish somebody.

Rick Woyde

Well, I don’t think people know how easy it is that you can just basically take someone’s logo off their website and stick it into your own email. You know, I get emails not only from like vendors or software that I’ve signed up for, but I get ones from banks that I don’t even have a bank account with.

Rick Woyde

And I know someone’s clicking on it. Fortunately not me most of the time, but somebody is.

Alok Sharma

You know, I got a Bank of America email came through and pass through my spam filter. It came into my inbox and I called them, I called Bank of America because it looked that real. And the phone number that they had listed on there when I Googled it, it was the Bank of America customer support line.

Alok Sharma

And sure enough you know, then I spoke to someone and they have to have a control code on their email so they can trace it and they can tell you pretty quickly if it was their email or not.

Alok Sharma

But, you know, I was looking at this thing over and over again, and I’m like, this might be a real email. This might really be from Bank of America.

Rick Woyde

Right, and you’re in this field. I mean, this is something you do every day. So what it looks that authentic to you. You can imagine what it looks like to somebody who’s just doing their job.

Alok Sharma

And this isn’t something that they think about all day long. Yeah, I know. You know, we just saw an email from that came from allegedly came from the CEO of a client. To the comptroller to wire a bunch of money to some accounts.

Rick Woyde

It’s a common, you know, activity request.

Alok Sharma

It is because either, you know, they can scrape the names of everybody, either from your website, the about us section, or they can grab it off of LinkedIn.

Alok Sharma

So it’s not too tough to figure out who the comptroller who is an executive there and then who might be controlling the purse strings.

Rick Woyde

Well, and there’s another black hole, too, and that is, you know, all the online shopping that we do. We don’t know what kind of security they have in place. And we don’t know if they’ve ever been hacked, you know, especially some of these guys that try to post themselves and do silly stuff like that.

Alok Sharma

It’s true. And but, yeah, you know, the phishing is absolutely the easiest way in. And, you know, what I say to people is that there’s a handful of things that you can do, very inexpensive. And I think every organization should do it. I don’t care if you’re three people or 30 people or three hundred.

Alok Sharma

And one of them is phishing training. It’s phishing simulation is sometimes what it’s called in the industry. And what it is, is it’s fake simulated phishing emails that are sent out to your team, to your employees or whoever has e-mail, and see who clicks. And if they click on an email, they weren’t supposed to, usually they will be sent to a web-based training that explains to them why you shouldn’t have clicked on that email. Here are the signs that this was a, you know, a phishing email.

Rick Woyde

Well, I think one of the most important things to is, is before you click on that email or link or, you know, an attachment is to hover over that email address and confirm and look at, you know, where that email address really did come from, because there’s a nickname usually on the email. And that’s not really the actual email address.

Alok Sharma

Absolutely. Yeah. You know, this one that came from the CEO, sure enough, had  his full name on it. And then you hover over it and, you know, sure enough, it looked like it was a Russian-based domain.

Rick Woyde

Well, a lot of them do seem to come from strange places, that’s for sure.

Alok Sharma

But phishing simulation is generally not super expensive. And you see you see some really good results very quickly. Right. Usually, you know, you look at how many people clicked on this simulated email in month one. You see how many people have done it in month two, by month three people have gotten pretty good and it’s not usually very expensive. It’s pretty easy to implement. And the benefits are fantastic.

Rick Woyde

Well compared to a phishing incident. I mean, it’s way cheaper. It’s not even close.

Listen to the Full Podcast Episode