B2B Tech Talk with Ingram Micro
B2B Tech Talk with Ingram Micro

Episode · 3 years ago

Data Security: What to Know About Digital Hygiene | D-Link Series

ABOUT THIS EPISODE

The average total cost of a data breach in the U.S. is $7.91 million. 

With that kind of money on the line, it would only make sense that we use the best digital security procedures available. Right? 

Surprisingly, a substantial portion of breaches can be prevented by simply educating employees on good digital hygiene. This is because each member of your team digitally acts as an entry point for bad actors. 


In this episode, we discuss the top digital hygiene methods, the best cloud storage options, and more with Senior Director of Business Sales at D-Link, Matt Vaillancourt

Follow Matt on LinkedIn - Matt Vaillancourt. 

We've had this digital revolution and we can't undo what has been done, but, like I said in the last example, you can be prepared and expect what's going to come next. You're listening to be tob tech talk with Ingram Micro, the place to learn about new technology and technological advances before they become mainstream. This podcast is sponsored by dealing technology make your home smarter, safer and truly seamless. Let's get into it. Welcome to be to be tech talk with Ingram micro. I'm your host, carry Roberts, and our guest today is senior director of business sales at dealing systems, Matt Balancourt, here to discuss data security. Welcome at so thrilled to have you as our guests today. Wescry, happy to be here today. So I want to start with the fact that data is growing exponentially and with such a large number of vulnerabilities, prioritizing data security seems super imperative. How can company start to prioritize their data security? You know, there's the that's the loaded question. There's a lot of ways that the companies can really impact and make a difference in securing their data, but I think one of the biggest things that most of this may overlook is just basic. That's practice. This is I mean nowadays you're finding that more and more. I think it's upwards the seventy five, almost eighty percent of all breached information that is coming out over the past year and a half or so is coming from the human element, meaning they're not hacking your system from a far away, from other countries in, you know, accessing it that way. What they're doing is is there actually going after the people within your organization and leveraging them as a vulnerability in order to gain access into your system. So something simple like having a strong password policy is going to make a huge difference for your company, and also employee training, making sure that your employees are educated how to spot fishing emails or how to identify if somebody's looking for maybe an executive scheduling information, so that they can figure out when a good time for an attack might be right. So taking of those things into account and making sure that you're educating and side effect to this too is that your employees can benefit from this in their personal lives as well. Right, these best practices aren't just a business type think, because all of us as everyday consumers are impacted by these these decisions that we make with our online hygiene day in and day out. So I think that's probably the biggest factor. Taking off from there, I mean there's the obviously network hardening and you know, your cybersecurity, and that's practices. I think that...

...a lot of people kind of focus on today from a hardware and a software standpoint. But, like I said, I really think that, you know, a lot of things can be prevented or at least identified far enough in advance to prevent any major damage by just working with people. Yeah, and I know that human error is such a big challenge. Can you give some examples of maybe recently things that have kind of come up at companies that people should be watching out for? Yeah, absolutely. One of the more interesting things that I've seen as of recent is the attackers are calling into or even physically coming into companies and they're at the front that's, you know, level a lot of people don't. They don't recognize that your reception area is your front line, right whether they're answering the phone or someone physically walking into the building, and those people are most often susceptible to social engineering. Attacks where people are coming in and garnering what we may all think is mundane, just information that that is irrelevant, right. But what's really happening here is they're getting into little nuggets of knowledge. It's going to help them better tone their attacks. So they're finding out what the executive schedule is. Are they on vacation? Are they on a busines this trip right now? They're level leveraging social media. You know, maybe you put a post out there that says, you know, this week's going to be crazy, my boss is out of town and I have so much work to do. And and as innocance as you might think that post is, and you know, as you might think, that that's only going to be read by your small group of friends, the reality of it is is that you're putting that at broadcast to that information out there for a lot more than just a few people to see, and they'll take advantage of that. Knowing that an executive or sea level or even a the IT administrators going to be out of physically, out of the building or out of pocket temporarily for a day or two or three gives folks the ability to basically better tone and focus their attack. Right. So what I've seen happen is when they identify that this set, let's just say a VP, is out of the office. One case that happened about a year and a half ago was the attacker came in and had basically spoof the Executive v now and knew that the executive was going to be out of pocket on an airplane in another country and started asking for Hey, we really need this gift card approved. So they were asking for them to they were using promotional gift cards as to get we really need these approved. Can you send me the CO modes when you've paid for them, so that I can get them...

...out to the clients that were rewarding for their sales effort from the last quarter. And the assistant that was processing all of this just didn't think anything of it. They looked at the header, they saw that it had the name of the boss. They knew the boss was out of pocket, so they were like, Oh my God, okay, a better help them take care of this and approve this and put it on the company card. And gets what? Once those gift card codes are in the wild, they're gone. You know, they've been monetized and used and moved around, then it's going to be very difficult for you to recoup those funds. Now, grantedy and know you can put a claim in with your your company's business credit card and things along those lines in order to recoup that stuff. But you know, all in all, it's a net loss and it's a net headache. And you know, when the executive finally came back online is when the assistant finally realized the error and was like, oh my God, that that wasn't him, that wasn't his request, and by then, you know, hours had passed and it was just it was just too late. I know exactly what we're talking about and have experienced that at a couple different places that I worked with, and it's crazy how it really is done very well, because it looks like it's coming from the CEO when it's not. How do you suggest to train somebody who, like you said, is maybe a receptionist or maybe an hourly employee that's up at the front that's kind of answering something like that, or there's things that they should be looking for? Yeah, absolutely, so again, I'll go back to best practices right making sure that they are not going to be giving out sensitive information about where an executive is or even where general employees are. You know, if you're a company that rolls trucks or things along those lines, giving out that location data of where those trucks are, where those employees are, is a crucial piece of information that a social engineer and ultimately bad actors going to be looking for. To setting up that best practice with receptions and say hey, look, get a phone number and or not I'm started active phone number, but you go into your files and get the phone number for the person that's calling you and call them back right. A lot of times these when you're experiencing these types of the tax book, it's very easy to spoof your phone number these days and make it look like you're calling maybe from a main headquarters of a company, when in reality you're sitting in a home hotel room somewhere, you know, with some software spun up and you're in you're just calling making it look like you're calling from these numbers. So there's nothing wrong with, especially in this dame age, having your reception team say, you know what, I need to verify a few things. What's your name here? And okay, you're with ABC Company, great of Gba, called back at the headquarters in a couple of minutes here. Thanks. And then call them back and make sure that you're calling the right number. Right. A lot of really get this back to our everyday consumer. Something that we can all relate to, right, is...

...you get that email from your bank and they say there's something wrong with your card. Call us back or emails back. Click this link. Right, we've all been thoroughly trained and ingrained into our brains. Don't put that link, look up the number on the back of your credit card and called that number and say hey, I got this email, wondering if it's real. Is there really a security issue that I need to talk to you about? Right. So the point that type of best practice that I think we should all have applied to our everyday lives and your business and your professional lives can be a lifesaver because it's not going to upset your customer. They should be more than understanding that you're going to call them back. And if they start to wiggle a little bit and they all well, call me on this number or call me here, or do this or do that or email me here, red flag should start going off on their heads right and the more pressure that's put on you as an employee to be about this information as a mission critical. If we don't do this, we're going to lose the stale or if we don't do this, our biggest customers going to walk to our competitor and things. All those points, those are all things that the social engineer is basing off of your feelings in your commitment to your company that Oh my God, I gotta I got to do this for my company, I got to take care of the company. I'm going to make a decision to do this, when chances are doing making that decision is the wrong decision. I think this is great information. I think it's interesting. We're always talking about keeping data secure and something so simple as you just said, making sure you get their information, their number, calling them back, something I haven't thought of before but I think is really crucial to a lot of businesses to use. Going a little bit more detailed in depth, I know metadata can be helpful in keeping your data secure. Can you define what that is for those that don't know, and how it can be used? Absolutely so, metadata. The best analogy that I can give is all of us have ninety population has a smartphone in their pocket nowadays and it has a camera on it and we're all taking pictures. You're at a conference to take a picture of some presenters slide or something along those lines, and you send it to a friend, be a text or email or whatever. But what you don't realize is that there's actually data embedded in that photo that you're sending. There's a typically a time and date stamp, possibly a location stamp in there as well, based off of the settings that you have on your camera or on your phone. And that information on itself, you might say, who cares, and they know what time I took the photo. Right, but when you combine that with a lot of other information that's out there, basically it's an online dost. See, a contributes your online dote of you. Right. So people take data that you stink would be absolutely meaningless and they combine it with...

...data that is already known about you and it tames to an even brighter picture of a potential target or a company or whatever it is that a bad actor may be looking to gain access to. And the more and more data that they have, the more and more efficient they can be at either a technical attack or social engineering attack or whatever it may be, that can really be damaging. So making sure that you're aware of what data is out there about you. And, as we all know, the Internet ever forget, right. So a lot of these breaches that have already happened with a lot of this metadata that has your address to like, and no big deal, right, but when you combine that with your name and your data birth and how many kids you have and how much money you make and what you voted in the last election, and you you can see how the painting becomes very bright when you start piling in all these different data points directly connected back to your name or your dress or your your company. So making sure you're aware of what data is out there already and preparing for it and taking action to distance yourself from the data, I guess, is the best way that I can put it. You're not going to change without there. You're not going to change the fact that it is out there, but what you can change is your actions and your habits and how you're reacting if you know that your phone number and your email and your address is out there. When someone comes at you out of the blue, let's just you know say a marketing attempt, right, and they say hey, we're here. You're interested in Kayaks, just like well, yeah, I googled some things on Kayaks, but I haven't told anybody I'm looking I'm interested in kayaking. But the reality of what happened here is they took all of your data, all of your information that's out there, and they put it together and they figured out what it was that you were looking for and now they're coming at you with marketing and promotions and other things to try to get you nudge to pull that trigger to buy that product. And then this is a marketing example, right, but you can apply that to attacks on your network and data attempts to extract data from companies by using that same method. So when you know it's out there and you're ready for it, you say, okay, Yep, I know exactly how you figured out I wanted to Kayak and thanks, but no, thanks right, I'm going to continue doing my own research. Have a nice day. Makes that a lot easier for the consumer or for the company to be better prepared. Yeah, and along those lines, you had said that you feel the biggest risk to our global society is losing control of our personal information and dad on line, which, as you've just stated, it feels like that's happening a lot already. Can you elaborate on this statement and how do...

...we kind of feel, you know, alert, but maybe a little less scared to what's going on? Yeah, absolutely. So, you know some things that, again, you could just be aware of and, I guess, cognizant of and your day and day out life. I'll never say, let I'll go be hermits, let's go pretend like the Internet was never invented and, you know, go back to sending letters through the mail and, you know, only talking to people. facetoface. Right, we've had this digital revolution and we can't undo what has been done. But, like I said in the last example, you can be prepared and expect what's going to come next. So be active on social media these days with your family and friends. That's really but understand what are your privacy settings on that service that you're using, you know, whether it be facebook or twitter or or Linkedin or any of those other things, who can see what you're posting right and make an educated decision? So in my world, when it's on Linkedin, I consider that my professional network and the only information that I put on there is relevant information to my job, my world, things along those lines. They don't put any personal information per se out on that that work. There are other networks that I use that are completely locked down to a small group of people that I want to choose to engage with when I'm putting in posting information out there, where it be photos or setting up meetings or invites for events and things along those lines. So again, just being aware of what it is that your your digital exhaust right, what it is that you're putting out there for people to see and understanding the world that we live in today can make this a lot less scary and you know, at times you may need to take actions, maybe changing up your email address right. It can be painful to sit there and say, man, I've had this email address for fifteen years. Everybody knows to contact me at this email address. But that's the problem. Everybody knows to contact you at that email address. You've used it for every single log in on every single account you've ever made on the Internet, and I think you can see where the potential problem with is that now I have at least one piece of the puzzle to gain access to your personal or your company information. I know your email address, which is, in today's Day and age, the most likely user name that you have for an account. So now I just need to figure out your passworth. And, as we know, with with a lot of the data dumps and a lot of the bad practices that hygiene that we have online, we reuse path swords, we make them simple so we don't forget them. We do...

...all these things and, you know, just makes a lot easier for a bad actor to gain access to a system. And you might think that I'm a little person, I'm a relevant to the grand scheme of what somebody may want to attack that. The reality of it is is that everyone is an access point to gain entry into a system. You know, give you an example, the target breach. There's about five years ago the bad actors gained access into targets POS system, to the HBAC system, which was managed by a third party. So they went out and they got credentials. May gained access by attacking the third party that manage their heating and cooling system. But the heating and cooling system was on their internal Internet and once they got into their they then got into the whole rest of their network system and and yeah, we can talk about the hardening of a network and things along those lines that could have prevented these things, right, but the reality of it is is that a lot of us are still in that same boat the target was five years ago, because we haven't taken any action to better protect ourselves and to better protect our companies. So, you know, the best thing I can say as far as making this less scary is really understand end that there are three principles out there. There's privacy, their security and there's convenient and most of the time it's very difficult to get all three. So if you want to log in everything you own with your Google account, it's definitely convenient, but it's not very secure, right because all subbody needs to do is get access to that one account and have access to everything. So I think the best thing that everybody can do is just really realize and understands that basic concepts. And it may take you an extra thirty seconds to views a password manager and copy and pastry paths word or look up your email address that you use for that particular log in, but it is so much more secure for you and it can help you be a lot more private as well on the Internet. Hey everyone, we hope you're enjoying this episode of BB Tech Talk With Ingram micro. Let's pause for a moment to recognize our sponsor, dealing systems. Our network speed slowing you down or security risk top of mind? Talk with dealing systems, leverage award winning products and deployed networks that are second to none with D link, wireless surveillance and switching solutions. Contact Ashley Ruggerio at Ingram Micro today. That's Ashley as hl Ey got Ruggerio. Are you GG ER? I Oh, at Ingram microcom. Also, before we jump straight back to today's episode, we want to share with you another resource you're going to want to check out. Did you know that you could start your guided journey through partner track today? It's D tool that eliminates uncertainty in the...

IT channel. You can access meaningful content, get trained on new tech and attend networking events, all while getting rewarded. Register now at Ingram micro partner trackcom. All right, let's get back to the show now. I know a lot of companies, and personally as well, people are using cloud storage. Can you share some pros and cons of using public versus private or a hybrid cloud storage of data. Yeah, absolutely. So the the the big differentiators here, and I'll start with public and private. So a public cloud, the best example I can give you that is like aws, right, Amazon web services. Google also has a cloud service where you're using their data centers, you're using their equipment, their infrastructure. There's, in most cases, their software. What you're providing, what you're bringing to the table, is the actual portal to get into whatever it is that you're that you're trying to manage. Right, costs are low, it's easy. Okay, I convene it. Going back to the last the last question, and they are pretty secure, right, but you don't control any of the data that is on that hardware. It's owned and controlled by the owner of that public cloud service. Now contrast that with private cloud. That's where you, as the company, own the equipment. It may be on site, it may be off site, but you on the equipment, you maintain the equipment, you manage the equipment, which would mean multiple servers, maybe stands, the rays, things along those lines. You're doing all of that and that's going to have an innate cost to it to maintain, purchase and manage that equipment. But you own that equipment, you own everything that's on that equipment. You can physically locate it. So it's a lot more secure in private for your customers. And then hybrid is just combination the too. Write. So a lot of healthcare organizations these days will leverage hybrid cloud services. So for their patient portals and basic log in and general and to the general information, they're getting that all from a public cloud. But when it comes to patient records and things that have hip a compliance or hip a regulations applied to them, those bits of informational on the private cloud. That is owned somewhere on site. So there is blending the two together. Can give you a little bit of ease of access. I need to spin up some more servers. We have more customers. They need access to the portal. Great, super easy.

Just spin this up, ad this, call up Amazon, have them at some things for you. But when it comes to their extremely important information, patient records, legal documents, things were on those lines. They're all a little bit more secure, a little bit more private being on the private side of that cloud. So to follow up on that, Amazon, Alexa recently became hippa eligible, which is really exciting, can be really convenient, and I'm just curious from your perspective, what are kind of the pros and cons to this going forward? Yeah, absolutely. So, obviously one of the biggest pros is going to be that this the the simplicity to the of leveraging, you know, voice assistance and in being able to access and engage and interact with data. I think one of the cons is still going to remain third party and that you're using a third party, that you don't control a lot of this stuff, and that can be good in that can be bad, and I'll give you my third party pitch here. And you know, in relation to Amazon, they have some great best practices in place, but there are definitely some am glaring holes, some concerns that should be addressed. So when it comes to third parties, and I mentioned that the target breach earlier, right, you should always be vetting and holding your third party partners to the same standards that you hold for yourself in both your personal and your business lives. Right. If so, if you have a pad, Ninety eight password best practice and it has to be twenty digits long or two thousand and twenty characters long and have a combination of all these different things. You should be asking your third party vendors what's your password best practice right now? What's your policy? You got your employee securing their log and information and if they don't have an answer for that, or if they don't have a good answer for that, might be a red flag for you to look somewhere else because, again, all it takes is that one third party that has access to the system to give up the keys and and now the kingdom is theirs. They can get in and move around to wherever they want to move to. So, you know, going back to the the Amazon, Alexis stuff and hip a compliancies. You know, again it's great to continue to advance this technology and nobody wants to impede our advancements by being overly concerned with security and privacy and things along those lines. But by design we need to make sure that we are take that into account as we advance with technology, that we are keeping top of mind security and privacy for the individual and for the company as we start to leverage these new type of services and be okay...

...that you ask the questions and that you hold those third parties accountable and you hold them to the same standards that you want to hold yourself and that you want to hold your own personal business to. And is there any other technology that you see coming in the next few years that you're either excited about or concerned about? Well, I'll throw out to buzz words that I think everybody has heard and probably be to death these days, and I'll say ai and I will say Iot. You know, the Internet of things is really exploding. I think a lot of people associated with the consumer side of things right, they're like bloom I s bridge is on the Internet now. Great, it can tell me when I'm well on eggs and I can buy more. Right, and that's a completely different question for a completely different show. But IOT also pertains to the enterprise space. It also pertains to commercial applications. Right, more and more data points are being put out there today, whether it be the heat, the temperature and your data center, or the humidity and your data center, or the slow of oil through a pipeline. Right, these are all monitors by sensors these days that give us that information, to give us that critical feedback so that if something's wrong I can take action a lot faster because it's it's dirt cheap to pay a censer to sit in the data center seven and tell me when something's wrong rather than paying a person to physically sit in a data center and physically watch everything that's going on. Right. So as that advance is that people see the value of the Internet of things when it comes to enterprise and commercial applications. Again, we also need to make sure that we are taking into account the security of those things because as more devices are connected to the network, again, those are more entry points for bad actors to be able to get into your systems. And you know, on the AI front, and I guess I'll pseudo lump facial recognition there as well, because I know there's been a lot of talk about that lately from a regulation standpoint, from at least in the United States, from a lawmaking and rule making standpoint. And I'll go back to the previous statement I made about not wanting to hamper our advancements in technology. Ai can be in facial recognition can be powerful tools to help advance US globally in the world as the society, as the advancing us in technology. But we need to make sure that we're using it responsibly and we need to make sure that we are addressing and seeing far enough into the future to identify sail point and potential issues that might come up with this technology and be prepared to address them before we even get there. You know, there's there's no doubt that a...

...machine learning, machine thinking device is going to be able to outthink an out predict the human mind in the next five to ten years. But again, being able to remain in control of that is to keep point here and thinking. With social recognition, right, you know, using your faith to get into a secure location. Great, you know, makes it super easy. I don't have my badge, I don't have an RP ID card, which can be easily either stolen or copied and duplicated to someone else can gain access into an area. Great for to factor style of authentication with something that's physical that you own. I eat your face. But what happens with that facial recognition data, right? How is that data stored? Is it deleted after choose? If I use it to as my ticket to get on an airplane, does it stay in a database somewhere? Why does it stay in the database? How long does it stay there? Couldn't they just delete it till the next time I need a ticket to go on an airplane? You know, there's these things that we need to think about where. Okay, I don't think anybody wants citywide surveillance with facial recognition tracking you, you know, much like the system that they have over in China today. But I also think that a lot of people want to take advantage of the ease of use in the in the general use cases that facial recognition could provide to better secure our credentials or our people or are buildings or our event and we need to find that healthy balance between the two. Now, you work for Dealingk, who's also sponsoring this podcast. Can you briefly tell us what dealing does and how it's helping businesses stay more secure? Yeah, absolutely so. Dealing has been a business for over thirty years now and our primary focused is enterprise switching, wireless IPE surveillance cameras, but we also were probably a lot more people who would recognize that they being from is our consumer line routers and consumer cameras and things along those lines, and in no where are we exiting or going to run from that. It's definitely part of our image and who we are. But we have been doing the enterprise style of things as well for over thirty years and doing it extremely successfully, and our biggest part and our biggest focus with our products is definitely around the physical control, in the physical security. You know, we don't make firewalls or things along those lines, but we do have a lot of great security features on our switches that help you in hardening your network. You know, some of the best actuses that I like to lift off for people when it comes to networking is using whitelists instead of, for an addition, to blacklist, segregating networks with V lands. It's pretty common thing that happens nowadays. The disabling had been logged in and creating unique log ins for different and leveraging different credentials for different access levels into...

...the network. These are all things that you can do, is see link networking switches and wireless products today, in addition to helping you monitor the traffic that's on your network so well, we're probably not the most thought of or at the the I guess, the face or the beautiful side of security and control and things along those lines on the back end on the backbone infrastructure. We are definitely the most crucial point where you should be starting to better have a better security practice for your network, which then stands out to your to your people and to your software's and to everything else that you're running on your network well. And it's obviously clear that you are so passionate and knowledgeable about security and about this topic. If people want to connect with you, either on Linkedin, social media or a website, where can they find you? Absolutely Y. So the best place for anybody to find me and connect with say, is definitely on Linkedin. We could probably post that information in the show notes. I feel like that's where I do the vast majority of advocating and knowledge based building of what's going on out there in the data privacy security world today. Perfect. Thank you so much, Matt. This has been so informative and helpful. Yeah, I know, I appreciate the opportunity to come on and and what I believe it's the inaugural episode here and hope that I can come back and maybe do deeper dive on some other topics into ture episodes. I thank you. If you like this episode or have a question, join the discussion on twitter at Ingram Tech Soul, with the Hashtag be tob tech talk. To learn more about DALNK, go to de linkcom or talk directly to Ashley Rows Aio at Ashly Dot rugg Rio at Ingram microcom. Thank you for tuning in and subscribing to be tob tech talk with Ingram micro. You've been listening to bedb tech talk with Ingram Micro, hosted by Carrie Roberts and sponsored by dealing technology. Beb Tech Talk is a joint production by sweet fish media and Ingram micro. Ingram micro production handled by Laura Burton and Christine Fan. To not miss an episode, subscribe today in your favorite podcast platform.

In-Stream Audio Search

NEW

Search across all episodes within this podcast

Episodes (429)