-
サマリー
あらすじ・解説
Show Notes: Christian Hyatt, Founder of Risk3Sixty, discusses the top three or four things that chief information security officers at sub-enterprise firms are most worried about right now. He explains that these concerns include the business environment, threat actors, cybersecurity regulation, nation-state actors like Russia and China, and phishing campaigns. He also highlights the unique bridge between cybersecurity and information technology coming to a head with the recent CrowdStrike incident. Advice to Clients on Cybersecurity Christian suggests that independent consultants should ask clients questions or warning signs to raise their concerns and consider consulting a cybersecurity expert. He suggests that clients are looking for someone who is a good listener and not operating off fear, uncertainty, and doubt. By listening to clients' needs and concerns, consultants can offer advice on implementing best practices on their existing toolset and spreading security awareness. Christian emphasizes that many big enterprise tools, such as Office 365 and Google Suite, have built-in security, covering many bases. Independent consultants should listen for how well implemented their tools are, listen for business problems they have, and offer security assurance. Offering advice on implementing best practices and spreading security awareness can help firms understand how security is impacting their business and make informed decisions about investing in security measures. Cybersecurity Due Diligence In the context of due diligence, Christian states that it is important to consider the company's internal infrastructure, including its cloud-based and on-premises systems. This can help identify potential red flags and ensure the company's sustainability and scalability. For example, if a product company is being acquired, it is crucial to ask about its application security, product security, and scalability. Additionally, understanding the company's mastery of its own product and its ability to scale without the team is essential. Another key factor to consider is the company's internal infrastructure, whether it is cloud-based or on-premises. Integrating with the acquiring firm can impact the cost of the process. Cybersecurity for Independent Consultants and Boutique Firms Independent consultants and boutique firms with a few employees should also take cybersecurity precautions. Some good tools for small businesses include G Suite or Office 365, which have built-in tools for file share sharing, email security, and internal messaging. These tools help protect against cybersecurity attacks that originate from email. Installing antivirus tools like CrowdStrike and Sentinel can help prevent attacks at the endpoint level. Blocking and tackling security processes, such as using file sharing platforms like OneDrive or Dropbox. It’s also important to identify areas where money changes hands and take protective measures. Creating an offline backup of key files once a month can help protect against ransomware attacks. Office 365 or G Suite can also be used to store files in the cloud, with tools like spanning for Office 365 creating backup copies of cloud storage. Exploring the full suite of options available to small business owners can help them get coverage for their biggest risks. Employee Training on Cybersecurity The conversation turns to the importance of raising employees' awareness of phishing dangers. He recommends using tools that periodically send white hat phishing messages to test employees' skills. Christian suggests that small businesses should focus on creating a culture of awareness and vigilance, letting candidates know about potential scams and asking questions if they feel uncomfortable. There are several tools available for security awareness training, including Curricula. Additionally, he suggests using YouTube videos as part of training, as they can be more effective than expected. By implementing these tools, businesses can create a culture of vigilance and prevent employees from clicking on suspicious links. The Origins and Growth of Risk 3 Sixty Christian started his firm as an independent consultant eight years ago, with a trajectory of impressive growth. He initially had one client, a $30,000 one-off engagement, but from there eventually grew the business to 60 clients. Christian shares a few of the tactics behind the growth, including his shift towards cybersecurity. He focused on a few cybersecurity services that had great demand and packaged them as multi-year deals, and recurring revenue. He also learned that organizations have huge compliance requirements. They built a SaaS platform to help them manage the information. They invested in the SaaS platform and started selling it as a subscription. Today, their services are tech-enabled services, where companies often outsource their entire programs to them due to the need for human labor. Christian made strategic decisions ...