Hosts
- Justin Shelley (CEO of Phoenix IT Advisors, Dallas area)
- Mario Zaki (Owner of MasTec IT, Ramsey, New Jersey)
Episode Overview
This episode focused on preventable cybersecurity breaches and data protection strategies, featuring real-world examples of recent cyber attacks and comprehensive guidance on securing business data.
Key Highlights
Recent Security Incidents
- Two separate businesses lost significant amounts to cyber attacks in the same week:
- One company lost $100,000 (no cybersecurity insurance)
- Another company lost $175,000 (insurance status unclear)
- Attack Method: Email compromise through sophisticated domain spoofing
- Hackers created nearly identical domain names, changing one letter (i to l)
- Intercepted legitimate business communications
- Redirected payments to fraudulent accounts
Critical Data Protection Strategy
The episode outlined four essential steps for securing critical business data:
- Identify Key Business Functions and Applications
- HR
- Sales and Marketing
- Operations
- Finance
- Document Data Types and Sensitivity
- Determine what data is stored
- Assess its value to both the business and potential attackers
- Identify regulatory requirements
- Map Data Storage Locations
- On-premises systems
- Cloud services
- Hybrid environments
- Geographic considerations for compliance
- Establish Backup and Recovery Processes
- Document backup procedures
- Test restoration processes
- Verify data integrity
- Consider vendor risk assessments for cloud services
The 97% Security Formula
The hosts emphasized that 97% of breaches are preventable through basic security measures:
- Technology Protection
- Antivirus
- Firewalls
- Two-factor authentication
- Data Protection
- Comprehensive backup strategies
- Regular testing of backups
- Multiple backup locations
- People Protection
- Cybersecurity awareness training
- Regular education updates
- Clear communication of policies
Closing the 3% Gap
To achieve 100% protection:
- Implement clear policies and procedures
- Conduct regular policy reviews and updates
- Maintain comprehensive cybersecurity insurance
- Regular staff training and awareness
Key Takeaways
- Basic security measures can prevent most cyber attacks
- Never trust changed payment information without verbal verification
- All businesses, regardless of size, have valuable data to protect
- Regular backup testing and verification is crucial
- Cloud storage doesn't automatically mean data is secure
Best Practices Highlighted
- Always verify payment information changes via phone
- Conduct vendor risk assessments for cloud services
- Regularly test backup and recovery procedures
- Document all critical business processes and data storage locations
- Maintain updated security policies and procedures
Resources Mentioned
- Website: unhacked.live
- Available for security assessments and consultations
- Social media presence on YouTube and Facebook
