#21 Unlocking Cybersecurity Strategies for Every Business Size with Peter Gailey

Show Notes

Unlock the secrets to a fortress-like cybersecurity strategy as we sit down with Peter Gailey, the powerhouse behind Gailey Solutions, who comes armed with four decades of tech expertise. As your host, I promise that you'll walk away with a clear blueprint for assessing your company's vulnerabilities and implementing a programmatic defense that's easier said than done. We'll dissect the delicate balance between employee access and internal risk, with Peter illuminating the need for a united cybersecurity front across all business departments. Whether you're a startup with lean IT muscle or a conglomerate, this episode is your guide to transforming cybersecurity from a buzzword into a business bastion.

Feel the weight of responsibility lift off your shoulders as we navigate the maze of data backup strategies, understanding the tiers of protection needed to weather any digital storm. I share the sobering reality of data loss consequences and how a structured backup policy can be the difference between a setback and a catastrophe. Through our discourse, Peter and I illustrate that robust backup practices are not just for the IT savvy, but a critical lifeline for every business, regardless of size or industry. This episode isn't just a conversation; it's a masterclass in safeguarding your operations against the unpredictable. 

As we peer into the crystal ball at the dawn of artificial intelligence's role in cybersecurity, the potential for both groundbreaking advancements and sobering challenges unfurls. We tackle the tantalizing promise of AI in revolutionizing fields such as cancer research and the daunting task of safeguarding our digital rights against the dark arts of cyber threats. With Peter's deep insights, we lay out a roadmap for preparing incident response plans and policies that keep you one step ahead of the cyber curve. This episode isn't just another tech talk; it's a vital strategy session for anyone serious about shielding their digital fortress in an era where cyber threats are not a matter of if, but when.

Book an Appointment with a Loan Broker!
A loan brokerage firm that acquires funding for business owners and real estate investors.

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

If you need assistance in obtaining funding, email us at podcast@tdjequityfundinginsiders.net. Tell what the scope of funding is needed and the amount. A broker will contact you to discuss your funding needs. And remember, at TDJ Equity Funding, we do not force your funding needs into a lender's box but find a lender's box that fits you!

Chapters

• 0:13: Equity Funding and Cybersecurity Insights
• 4:59: Importance of Cybersecurity Controls
• 12:56: Data Backup Best Practices
• 19:08: Enhancing Cybersecurity Strategies Through Training
• 30:51: Future of AI in Cybersecurity

Transcript

Intro: 0:13

Ready to get the inside scoop on equity funding? Tune in to TDJ Equity Funding Insiders Podcast for an in-depth look at what it takes to access financial capital and maximize your investments. Hear from experienced professionals, including bankers, underwriters, loan officers and industry experts, as they share their unfiltered stories and valuable lessons on securing funds Curing.

Jacquelyn Jackson: 0:45

Funds. Welcome to another insightful episode of our funding podcast. Today we're diving deep into a critical intersection of cybersecurity and business. With cyber threats on the rise, it's imperative for business owners to fortify their defenses and be prepared before disaster strikes. Joining us for this enlightening discussion is a seasoned cybersecurity expert who will unravel the steps every business must take to safeguard their assets and operations. So get ready to arm yourself with invaluable knowledge that could save your business from potential cyber threats. We want to welcome Peter Gailey. Gailey is with Gailey Solutions that is here in Texas, and we want to welcome to our show. So, if you would, we want to thank you. Can you give us a little bit of background on you to start off?

Peter Gailey: 1:35

with. First of all, thank you for having me. I appreciate it. Gailey Solutions. I'm Peter Gailey. I've been in the high-tech world for 47 years although I know I don't look like it 40, 47 years and I've I've done many, many different things uh in the industry. I've been in, uh, cyber security for about 10 years. So what I've done is created a company and what we do is we help people understand cybersecurity. We help them build a program, programmatic approach, a program approach. So cybersecurity, as we've talked, is not that hard to figure out. It really isn't. It's very, very hard to implement. It really isn't. It's very, very hard to implement. So, as we are on a journey together, it's not a one size fits all kind of a scenario with cybersecurity.

Peter Gailey: 2:33

There's a lot of nuances to it and the company I run, gailey Solutions, is an advisory firm, a consulting firm, and we help people understand what the requirements are. We provide a baseline assessment to help them understand where they are currently, and then we help with a program approach to help them reduce their risk and, in many cases, meet compliance mandates. Certain industries you have compliance, so that's what we do. Okay, that is great, certain industries.

Jacquelyn Jackson: 3:03

you have compliance so that's what we do.

Peter Gailey: 3:04

Okay, that is great. Gaily Solutions.

Jacquelyn Jackson: 3:05

Gaily Solutions, so we will give you information on him, where you guys can reach out and contact him as well, directly. But in the meantime, what we want to do is let's start off this way, asking a question Can you give us like, maybe, a challenging event you may have had in the field dealing with cybersecurity?

Peter Gailey: 3:24

Breaches yeah, we've talked to a bunch of breaches In your introduction. You talked about before, during and after.

Peter Gailey: 3:32

A lot of people just kind of ignore cyber security and just deal with the after which would be a ransomware event or a breach, or you're losing data or you know, an account that I have was a healthcare company that was providing fabulous services for, let's say, learning challenged kids, and she had a disgruntled employee that walked out the door with her database of all of her clients and then started emailing the clients right, very different stories and just nasty, just vindictive, nasty things Right, which hurt her business.

Peter Gailey: 4:14

Number one it hurt her business, so it's reputational damage. Number two it was HIPAA breaches, right. She had personal information. She walked out with personal, identifiable information of this company's clients and then was communicating with them, so that breaks every rule in the book. She called the police, she got the police involved. They'd cease and desist I mean all that stuff. So it was a mess.

Jacquelyn Jackson: 4:42

So let me ask you this, just based on what you're saying, just one account, one instance, that's what what you're saying? Just one account, one instance, that's what I'm saying With that one account, one instance. But if she would have had cybersecurity in place, that would be something. What would have been in place and what would have happened?

Peter Gailey: 4:54

She could have done some things to lessen her risk. A disgruntled employee is one of the biggest risks that people have, that companies have, so you can put things in place. There's a principle called the principle of limited access. Okay, right. So what you want to do is to get into some detail.

Peter Gailey: 5:21

There are some things you can do to create a profile of an employee and you don't want everybody, as a small or medium size or large business, you don't want to have everybody have access to the checkbook, right, right? So it's a principle of least privileges, is what it's called. So you set up a profile. Hey, the person in finance, the executive in charge of the company and finance, they're the only people that have privileges to get to the financials. I'll get you. You don't want to have a dock worker, shipping, receiving, get access to everybody's HR records, right? So one of the things that she could have done was set up a principle of least access, if you will, and just it would have only limited this disgruntled employee to have the information of the account of the people that she touched, not everybody.

Peter Gailey: 6:21

Not everybody, so a subset of the universe, if you will, right? So she had privileges for, you know, five or six different students and their parents and their Social Security numbers and all that stuff. So she'd probably be able to get out with that, but not the hundreds of other students, right?

Jacquelyn Jackson: 6:41

So you're basically saying which is a good idea with cybersecurity and let me say it because you and I have just talked before, that's what I was going to say.

Jacquelyn Jackson: 6:48

Let me. Let me go back, because you and I have talked about so much stuff that we believe IT technology would have taken care of that, but listening to you, no, no, it wouldn't. So we need to. Not only you say you need to make sense, you want to give information and give people access to what they only need to see. Privilege, privilege, okay, but we still need to have. It's not your IT guy, it's your security. What is that?

Peter Gailey: 7:13

No, it's a team. It's a team. In that scenario, it would be a team. Okay, it would be HR or whoever's, you know whoever's going to onboard the person, you should have an onboarding process. Hey, this is what they do, this is what their job is, this is what they should be able to see and this is what they shouldn't be able to see. And the IT guy may have tools or services that he says, okay, here's how we're going to implement that, and then here's how we're going to prove that we implement that but we need to have a cyber security officer?

Peter Gailey: 7:45

Maybe not Just some awareness that you want privilege? The only people that you want privileges to have access to that data are just those people. You don't want everybody to have access.

Jacquelyn Jackson: 7:55

So my thing is, though I'm asking you how do I need?

Peter Gailey: 7:59

It could be done with no IT. It could be the least privileges. I'm a small company. I got 25 people in the company. I have myself and my treasurer, my controller. Whatever, we are the only two people that have access to that signature. You know that in the checkbook with the ledger boom and it's locked up in a vault or in somebody's desk.

Jacquelyn Jackson: 8:21

Well, let me ask you this Can you help somebody like that that needs to set it up they're not, like I said, 25 people's DMs, a couple other people Can you help them develop that right team for that business? Yeah, oh, yeah, yeah, and that's what I'm thinking, that's important with us. We think that and I have seen it, I've been in meetings- before.

Peter Gailey: 8:40

That's common sense. Who do you want to have access to the checkbook, right? The president, ceo, vp of finance, maybe accounts payable, that's it.

Jacquelyn Jackson: 8:47

So if we just, man, you're saying you can set that up yourself, just to even start with that, and it's got nothing to do with cybersecurity, gotcha.

Peter Gailey: 8:54

Just that, at least. Right, it just happens to be in bigger companies. We use software to implement this stuff. Okay, that's right. So you've got to, as you would have your privileges, the three people the president, vp of finance and the accounts payable person. You would do it digitally, where they could do money transfers and all that and all that. So it's called controls. Right, you have to control your environment and there are specific controls for that.

Jacquelyn Jackson: 9:25

And I'm thinking we're going to go a little deeper, but I did want to mention this when you were speaking on it. It made me think about. I have a client that I know. Their front desk person kind of did everything Because, like her assistant, she said but you shouldn't have her do everything.

Peter Gailey: 9:41

Well, it depends. It depends on the company and the environment and the competence of the person. You know, the smaller the company, the more tasks that everybody has.

Jacquelyn Jackson: 9:51

But we still need to have a plan, though, no matter how small. Yeah, I mean. Well, yeah, you need to have control, control. Yes, that's not plan, you call it control.

Outro: 9:59

That's right, they need to have control in place.

Jacquelyn Jackson: 10:01

Okay Well, that makes sense, so let me ask you.

Peter Gailey: 10:03

So, if you're a receptionist, they could be doing phones, they could be doing scheduling, they could be doing buying, they could be doing payables. Okay, invoicing right, and it depends on-.

Jacquelyn Jackson: 10:13

But we still need to have controls with all of that is what you're saying yeah, okay. And the bigger you get. Like you said, the bigger companies are starting dealing with the software type controls. Right, they're coming in for the bigger companies. Is that what you're? Saying compared to us. Yeah, yeah, so basically just the controls we need to have in place.

Peter Gailey: 10:32

It's all about controls. Cyber security is all about controls. Let me take it a different way.

Jacquelyn Jackson: 10:36

Okay.

Peter Gailey: 10:37

Cyber security. Oops, sorry, that's fine. She said don't tap on the table Cybersecurity and security. You know, physical security is all about people, process, technology and data. It's ultimately all about your data, your information. Okay, so you want to have policies, procedures, whether they're written or not you know, hey, these are the only three people that have access to the general ledger system and the checkbook. That's a policy, okay, whether you write it down or not, you should Right Right, because if I get hit by, if the CEO gets hit by a truck, that's right.

Jacquelyn Jackson: 11:22

Well then, we all get it right.

Peter Gailey: 11:24

You know, let's keep going right, let's keep the business going right. Um so, people in process technology, because you're using software tools and stuff like that, you're using, you know, quickbooks and spreadsheets and crm, crm systems and billing system. You know all of those who has access to those. What level of privileges do they have? It's all again. It's not that hard. It's common sense, not that hard to figure out, but it's pretty hard to implement. And it's all about your data. It's all about protecting data.

Jacquelyn Jackson: 12:01

Okay, so then let me ask you this so you're basically what would be your advice that you would say for the small business that's looking to enhance their cyber security with limited budget. I think something that you kind of mentioned. What would you?

Peter Gailey: 12:14

recommend. There are some things from a cyber perspective. Now, cyber generally means digital.

Jacquelyn Jackson: 12:22

Okay, right.

Peter Gailey: 12:22

The stuff you're using hardware, software, digital programs.

Jacquelyn Jackson: 12:26

Okay, you know data.

Peter Gailey: 12:27

Within those kinds of systems, highest priority is protect your data. Okay, so there are ways to do that. There are several ways to do that. The first thing that I suggest is you take and you execute what's called and this has been around since the 50s, since the 1950s, ibm mainframes did this. At the beginning it's called HSM hierarchical storage management. You should have a minimum of three copies of your data, and here's why. So I'm banging I'm not going to hit my fingernails on the table, but I'm banging away on my system and I'm doing emails and I'm doing spreadsheets and all that stuff, whether it's on a notebook, whether I'm in the office, whether I'm at home, whatever. Okay, I have local data and it's dynamic. It's changing because I'm sending emails and stuff like that Periodically. The more, the more frequently, the better. You want to back that up, because if I leave my notebook in my car, if I leave it on an airplane, if my kid's using it and crashes it.

Peter Gailey: 13:36

If something happens, oh my Right, right, then I've lost a whole bunch of stuff and I may not even know what I lost, right, right. So all your files are so periodically. Depending on the size of your business, it's very inexpensive. It's a very expensive insurance policy. Back up your data.

Jacquelyn Jackson: 13:57

Now, when you say back up, should we back up like in the cloud storages?

Peter Gailey: 14:01

I'll get to that, okay. So you should have a minimum of three copies, okay, and here should have a minimum of three copies, okay. And here's one. The one is level one. Think of a hierarchy. Okay, level one in a hierarchy of storage management is your active data that you're banging on and changing. Level two is a local copy of a backup. Think of going to Amazon, buying that five gigabyte add-on drive for a hundred bucks Okay. Or five terabyte drive for a hundred bucks right. Buy two of those, okay.

Peter Gailey: 14:35

So you take one and you back up your systems, so you back up your notebook, you back up your servers, whatever. Okay, that's level two. And then you take another disk and you back it up again. So you have two copies of the same. You have three copies of the same disk. You have the one that you're banging on, that you're changing. You got a local copy and take that third copy and do what's called an air gap. So you take that third copy and you take it home. You put it in a safety deposit box, you put it in a drawer at grandma's house, you put it someplace away, okay.

Peter Gailey: 15:13

We have tornadoes, we have floods, we have buildings that burn down. So I'm sitting here in my business and I'm chugging along and the creek rises, okay, and I'm flooded. So I've lost my primary data, okay, okay, yes, building burns down, tornado comes from town. I've lost, you know, whatever right, I've lost my first level data. I can back it up with my second level data because it's local, because I have it in a closet or a drawer or a locked drawer, okay. But if the creek rises and the place floods out and that second version gets ruined, which is there, right, okay, on-prem, on-premises, you want to have that third copy, remote but low probability, my kid's going to barf on that, on that third copy. Or the creek rises or the building, okay, so three levels.

Peter Gailey: 16:10

And then you take. The process is then you take that. You know, periodically you back everything, once a quarter, once a month, once a week. Okay, some people, you know, in big, big enterprises they back up every day, they back up every half hour because they don't want to lose the transactions. You know the billings and stuff like that. So HSM, so that third layer is really secure, it's offsite, it's called air gapped, so it's not plugged into any network or anything, right, and you had set up before. You know a different copy of that might be online, it might be at a storage service, or it might be at Google, or you're going to have it at Microsoft in.

Jacquelyn Jackson: 16:51

Azure or Dropbox or something like that.

Peter Gailey: 16:53

Those are all different versions of probably level two or level three. Does that make sense? Yeah, it makes a lot of sense. Best, easiest, cheapest, fastest thing I can tell you to protect your business is execute data backup and do it religiously. Have a policy that says I'm going to do this every so often. I'm going to do this once a month. Have a procedure that says here's how I'm going to do it and then follow it.

Jacquelyn Jackson: 17:22

And then follow it.

Peter Gailey: 17:24

That's the best piece of advice I can give you to save your business. And oh, by the way, thank me later.

Jacquelyn Jackson: 17:31

Oh, yeah, definitely.

Peter Gailey: 17:33

You ever had your spouse have a system crash? They didn't have everything backed up.

Outro: 17:37

You want to talk about mayhem.

Peter Gailey: 17:39

Okay, think about that in your business.

Jacquelyn Jackson: 17:42

At TDJ Equity Funding, we understand the challenges you face, whether you're expanding your business, investing in real estate or launching a startup. We've got your back. Our expert team of loan brokers is dedicated to helping you secure the funding you need, hassle-free. Imagine a future where your business thrives, where opportunities are endless and working capital has made a great difference in your business. Tdj equity funding can make it happen. Book an appointment with us as easy as pot. Just visit our website at wwwtdjequityllcnet and take the first step towards your financial success. Don't let your dreams gather dust on the shelf. Seize the opportunity today. Visit wwwTDJEquityLLCnet and schedule your appointment with TDJ Equity Funding. Let's turn your dreams into dollars.

Outro: 18:37

Welcome to Frameworks Consortium, your partner for sustainable business success. Frameworks Consortium is your strategic guide, providing you with clear, actionable roadmaps to achieve your business goals. Our team of seasoned strategists provides expert guidance, ensuring you make informed decisions with clarity and confidence. We develop customized solutions that align with your unique business objectives, fostering growth and resilience in an ever-changing business environment. Connect with us today and harness the power of strategic planning for your business.

Jacquelyn Jackson: 19:08

You said cybersecurity is digital. Think of digital. It's more of a think of it as digital, I mean that's-.

Peter Gailey: 19:14

Well, there's physical security stuff, too, that you have to do Lock the doors and windows, right, right, but this is a way that you're locking the doors and windows in the digital world, right?

Jacquelyn Jackson: 19:23

Right, and that's what it is. And so many times we start a business and don't even think like that that we need to lock it, you know from that point. That's why I think it's so important for you to be on the show and also I want to emphasize to our listeners that you know Peter is available. You know his company is available. His company is available, so you all can reach out to him. Like I said on our website, definitely you can go and connect with him and let him go over what he has, that he can help you, because the big thing is not knowing what all you do. Now. With that said, I do want to ask about the bigger companies. How do they deal with their security? But I also want to ask we had some questions that were submitted what is some of the best practice for securing remote work environments and protecting sensitive data?

Peter Gailey: 20:08

Okay, same thing. Number one you know, back up your data, Okay, Okay. So when you say bigger company, that is a subjective term.

Jacquelyn Jackson: 20:17

Okay.

Peter Gailey: 20:17

Okay, so you, Jackie, have got how many employees whatever, and some of them you're working out of their houses. Some of those, are remote workers. Okay. So how critical is that data? The HSM strategy is the same whether you're a one-person shop or a 350,000-person shop. It's the exact same.

Peter Gailey: 20:40

Again, ibm kicked that right out in the right out of the chute in the fifties in the mainframe business and it's been executed religiously ever since. Okay, that's, that's the big one. The other thing is there's a um uh, software tool that's called and we all have it right, it's called multi-factor authentication.

Peter Gailey: 21:01

Okay, so let's say, on your iPhone or on your Android you have set up multi-factor authentication and it'll ask you do you want to secure your phone? And it says okay. The way to do that is whenever you go to log into an application or some data that application will send you know, let's sign in again, or let me send you a five digit code, okay. So I know you're going to ask me that, but it's, it's what you know. It's it's it's it's what's in this, what's in the system. So if you pull something up and it comes right up, it's it's, it's what's in this, what's in the system. So if you pull something up and it comes right up, it's like what you know, you know what you can get to. The second layer is they ask you something that's not that obvious, that you need to know. Okay, and that might be your password, okay. And then the third thing is that third party sending you back. Here's a five-digit code, okay.

Peter Gailey: 22:07

So, what do you know Right? What's the system know? What do you need to know? So I need to know what my five-digit password is, and then the last is that it's going to be a digital token to do that, as well To do that right. Okay, so that's multi-factor authentication. So you're at home, you're working on your notebook and stuff like that. You're tapping into your systems and you want to make sure that it's Jackie that's tapping in instead of your kid tapping in right Right.

Peter Gailey: 22:38

If there's somebody that's hijacked your session on your notebook, right, they're going to ask multi. You know you want to have it set up that there's multi-factor authentication so that they can't get in If you can't answer your password. You're not getting in. If they send that five-digit code to your phone, where you told them to send it, but that's not you, so they're sending it to you on your phone, but not the person that's fiddling with your system. Exactly, Multi-factor authentication.

Jacquelyn Jackson: 23:10

So we need to do that. I'm going to say this I know and I do have questions, but I have a home health and I have a hospice that actually I told them we were doing this show and they were really inquiring about it because they have did theirs with a IT. But they said, you know, knowing it's something else, they definitely watch. But so I want to ask this question because they had made a big thing about it. So they said that, beyond the traditional cybersecurity measures like firewalls, antivirus softwares, this emerging technology or approaches, what do you believe will play a key role in enhancing the cybersecurity defense in the future?

Peter Gailey: 23:49

Training, training, training is big, one of the biggest. You've all heard of ransom attacks and phishing and all that kind of stuff. What a ransom attack is is somebody breaking into your system doing mischief, whatever it is. They could extort you, ransom you and say, hey, give me money to get.

Outro: 24:12

I'm going to encrypt everything.

Peter Gailey: 24:13

You're not going to be able to read it, you're not going to be able to get to it until and unless you pay me. I've seen it. That's the ransoming you Okay. So if you have an HSM strategy, you don't care, because you wipe your systems, you reload your data, you're off to the races. Thank you very much. If you don't, then you are vulnerable, and when you're vulnerable you might have to pay that ransom.

Jacquelyn Jackson: 24:39

Right or not Right.

Peter Gailey: 24:41

So ransomware is still very, very big.

Jacquelyn Jackson: 24:44

That's happening around here and it's about it's grown.

Peter Gailey: 24:46

I just read something yesterday that it grew 75. It's really bad, but it grew 75. The number of incidents grew 75% last year.

Intro: 24:57

Wow Big time.

Peter Gailey: 24:58

Okay, it's not going away. It's not going away.

Jacquelyn Jackson: 25:00

The bad guys are winning Big time.

Peter Gailey: 25:01

Okay, it's not going away.

Jacquelyn Jackson: 25:02

It's not going away. The bad guys are winning, I know, and that's understandable.

Peter Gailey: 25:04

Whenever somebody pays that ransom, that's funding the bad guys.

Jacquelyn Jackson: 25:08

People paying the ransom yeah.

Peter Gailey: 25:12

Well, some people that don't have a cybersecurity strategy have no choice.

Jacquelyn Jackson: 25:15

Yeah, because they got it.

Peter Gailey: 25:16

Oh man, so you do the simple HSM that's a building block. Wow, boom, man. So you do the simple HSM that's a building block. Wow, boom. Okay, so we talked about this. You ever see the story about the professor that goes in and he's got a big beaker and he puts a bunch of big rocks. Is that full?

Jacquelyn Jackson: 25:34

And the students say yes, no, no, no.

Peter Gailey: 25:36

He puts a bunch of you know, smaller rocks in, gives it a shake. Is that full? Yeah? Brings in pebbles shakes, it Is that full, and then they're like, okay, and then sand Okay, and then water Okay. So you're building. So if you don't have the big rocks down in cybersecurity, you're done. So there's like 10 things to do that you have to do in order to just do baseline and that HSM protecting your data is.

Jacquelyn Jackson: 26:11

And that's what is protecting your data.

Peter Gailey: 26:14

Put controls in place, data backup, backup everything that identity access management that we talked about. Training have people understand. When somebody's trying to, you know, spoof them Right Right. And there's different training programs very inexpensive, some free.

Jacquelyn Jackson: 26:32

Okay, and that's what I want to talk to you about. The training, because that's what they ask too. So what topics of methods do you recommend that's effective for employee training programs?

Peter Gailey: 26:41

There's all kinds of training out there. There's all kinds of paid for, you know, free and training programs. So for small businesses, I would go on. I'd go online and do a Google search right in your Google search bar. Free cybersecurity training.

Jacquelyn Jackson: 26:56

Wow, that's not even free, we just need it.

Peter Gailey: 26:59

You just need to do it.

Jacquelyn Jackson: 27:01

Oh, my goodness.

Peter Gailey: 27:03

And so you put a. We haven't really talked about this yet, but I'm all about programmatic approaches.

Jacquelyn Jackson: 27:10

Okay.

Peter Gailey: 27:11

Let's set up a program. So the list of questions that we have here are all one-off one-off. You said firewall.

Peter Gailey: 27:19

Right you know, training, hsm, you know those are all projects. Okay, so when you're talking cybersecurity, I call it whack-a-mole. Don't do whack-a-mole and just do project, project, project, helter-skelter, just whatever right. Have a programmed program, put a program together and say here are the 500 things that I got to do, and here's the big rocks. And then here's the little rocks. Each one of those is a project. Each one of those is a project. So let's put together what we need to do, what's cheap, what's fast, how quickly should we get to it and how much return am I going to get on that effort? Okay, you got to do the big rocks first period If you're going to be serious about cybersecurity. And then after that, then you start doing the little rocks, and each one of those is a project. Multi-factor authentication identity access management.

Peter Gailey: 28:22

Right, these are all the other. You know, those are kind of the secondary second big. You know big rocks, but you know more the, not the huge rocks, but those are things that you should definitely be concerned with. So one of the things I do, frankly, is I'll go into a company and we'll do a baseline assessment and I can tell you, I can literally tell you how and this is for everybody, this is a giveaway, okay. Okay, I can tell you how mature your cybersecurity program is by asking you one question, One question, jackie show me an inventory of all of your assets, all your hardware, all your systems, all your software that you're using and your network access.

Peter Gailey: 29:19

Show me, hand me an inventory of your assets, okay. And if you say, right, I can't do that, then we go back to you have physical security, locking the doors and windows and the cybersecurity stuff. If you don't even know you have a window Right, then you are not secure at all.

Jacquelyn Jackson: 29:39

I love how you start that. Let's start with the doors and the windows. I can just do that. We can work it off.

Peter Gailey: 29:43

Lock the doors and windows. Those are the big rocks. You're right, okay, and then, if you can't even tell me that you, oh yeah, I did give a notebook to that contract guy. I never got it back, right, right, and I did give somebody access to my, I just moved somebody my email list. No, I just moved somebody from. They were in accounts payable and I just moved them to marketing, but they still have access to all the accounts payable stuff.

Peter Gailey: 30:13

No, no, no, no, no, no, no. Different profile Right Get into HR and say change them from A to B. Give them only privileges that they need in that B.

Jacquelyn Jackson: 30:25

Right, that is great Doors and windows, doors and windows. Exactly, and that's like now. Before we end, I want to ask so that's the one.

Peter Gailey: 30:33

I'm going to quiz you at the end of the show and ask you what's the one Doors and windows. Doors and windows. What's the one question so? I can tell you how mature you are Right.

Jacquelyn Jackson: 30:42

Right, okay, this is what I want to do Now. I know we talk a lot, so we've talked about this, but this is something I didn't tell you we're going to ask, but since we did talk about it, I think it's safe to ask. Let's talk about the future, yeah, of cybersecurity, and this may be a big question, but I think you can kind of work it down a little yeah, maybe, okay, yeah, ai, yeah, how do you feel how AI and cybersecurity, what's your opinion of that.

Peter Gailey: 31:09

Okay, everybody has heard the term AI, or if you haven't, you're living under a rock. Ai is what's called artificial intelligence. Ai is what's called artificial intelligence. So what is happening in the world of programming is there's been a new development that's called a large language model. Okay, so I've got a story, and you might have to circle me back because I'll go down a red hole in this, but I was working on a deal at. I don't want to say who they were.

Jacquelyn Jackson: 31:48

But you was working on a deal.

Peter Gailey: 31:48

Very, very, very, very, very, very, very large medical research entity.

Jacquelyn Jackson: 31:57

Okay.

Peter Gailey: 31:57

In Houston that was working on cancer research. That should narrow it down pretty well, yeah, okay. In Houston that was working on cancer research, that should narrow it down pretty well, yeah, okay. And they were trying to figure out, okay, how do we secure the intellectual property of when we cure a form of cancer, when we come up with a protocol and cure melanoma or something that's going to be a gazillion dollar business. It's going to be very, very profitable for somebody. So how do we secure the digital rights and make sure that the people that found this cure get credit for it, okay, okay, and receive the rewards financial and accreditations and that kind of stuff the rewards, financial and accreditations and that kind of stuff. So it was a mess. So one of the things that they did was the IBM. This is a lot. This is like 10 years ago.

Peter Gailey: 32:50

Ibm came out with a mega, big, big, big computer called Watson Okay, kind of a mainframe size, big, big machine. Watson. It wasn't a mainframe, it was its own architecture. And they said, okay, so my oncologist at this place in Houston, they can only absorb so much data. So I can only read. As an oncologist, I have my practice and I can only read like 100 white papers a year. Maybe you know to keep educated in what's happening and stuff. But what IBM did was they built this Watson enterprise where they had a bunch of them plugged together and they took every white paper that has ever been published and they put it into a database and it's all searchable and all that stuff. So it is a central repository of knowledge for cancer research. So what worked, what didn't, hypotheses that did work, that didn't, can we learn from this and relative and all that kind of stuff? So artificial intelligence now, with that large language model, has the ability to query that huge pool of knowledge light years faster than that one oncologist that can only read a hundred papers.

Jacquelyn Jackson: 34:13

Right, okay, so that's the upside.

Peter Gailey: 34:17

That's one of the upsides, and there was a guy named Alvin Toffler that wrote a book in the seventies called the third, or called the third wave.

Outro: 34:27

The first wave was.

Peter Gailey: 34:28

It's a book that I highly recommend everybody read. It's a book. The first wave was the agricultural revolution. That took about 3,000 years.

Jacquelyn Jackson: 34:35

Okay.

Peter Gailey: 34:36

Planting, you know agriculture. The second wave was the industrial revolution. Okay, looms, and you know knitting and you know spooling and making threads and all that stuff. And you know, started to build you, to build machines for mass production and stuff like that.

Jacquelyn Jackson: 34:56

The.

Peter Gailey: 34:57

Industrial Revolution. The third revolution was the Computing Revolution or the Data Revolution. I'm sorry. The Industrial Revolution is about 300 years. The Data and the Computing Revolution? We're still in the middle of it. It's about 75 years old. Maybe, arguably 100 years old. The next wave, that's Alvin Toffler the third wave. The next wave is artificial intelligence and we are right on the cusp of and we are right on the cusp of a huge evolution and revolution in thought and in practice. And my prediction, absolutely, the fourth wave is the artificial intelligence world.

Peter Gailey: 35:45

And it's going to affect every person on the planet. It's going to affect every industry on the planet every job on the planet. We are right on the cusp of a major, major set of developments. It's going to change everything, literally. In the cybersecurity world. It's going to be used for good, and it's also going to be used for bad. So let me give you an example that I talked about a little earlier today.

Peter Gailey: 36:15

I don't want to go dark, I don't want to go negative, but these they're called tools and services. They are so powerful that they can be used for misbehavior, and there are instances that some of these major, major breaches that we've seen that have affected institutions and governments, and we talked a little bit about deep fakes. You know where they're impersonating people, kind of thing.

Outro: 36:46

That's all here.

Peter Gailey: 36:47

And it's all now, and it's all driven by artificial intelligence. Most of it's driven by artificial intelligence. So it's a very scary frontier, so you can have four or five people that knit together some of these tools and let it loose in the wild. Yikes, I don't want to go dark or negative on this, but everybody should be aware. So what do you do to protect yourself? That's what I was going to say, nate, from a cybersecurity perspective Come on, call you. Protect your data.

Jacquelyn Jackson: 37:20

Protect your data. That's right. I'm sorry. Lock the doors. Close the windows, doors and windows, that's correct Policies procedures.

Peter Gailey: 37:29

Disaster incident response. What the heck do I do? Get in front of it. Get in front of it.

Jacquelyn Jackson: 37:35

Right. Get in front of it. That is so true. And somebody said.

Peter Gailey: 37:38

You know it's not if it's when, and that's an overused term, but it's true. So you have one of the big rocks in the scenario is called an incident response plan. Get in front of it, Just spend a half a day and just say what the heck, If this happened, what the hell would we do? Exactly? Okay, and you take all your executives you want to have your marketing person there because they're going to be communicating with the press.

Jacquelyn Jackson: 38:09

So our management needs to be involved. That's your team. It's a team. You're right, it's a team. You're right, it's a team.

Peter Gailey: 38:13

People process technology. The technology is that air gap Copy. The process is that technology person taking that air gap, killing all the you know, flushing all the systems out, rebooting them, reloading them. Here we're going to do it with that old data, but it's better than nothing. That's people and process and technology. So it's all about people process technology. That's a long-winded answer but again, that's what's coming and it's all automated. It's scary what's coming and it's all automated. It's scary what's happening.

Jacquelyn Jackson: 38:55

And, like you're saying, we're just going to have to get in front of it.

Peter Gailey: 38:59

Just get in front of it, yeah.

Jacquelyn Jackson: 39:00

That's basically what that is and I like the suggestion that you gave us. Like I said, YouTube. They go on and try to find that to start off, and then, if you see you didn't pick up a little knowledge, I'm going to recommend I know he made it, but I am that you reach out to Peter, because I'd rather you be safe than sorry and I think it's a lot of things happening so much with us being business owners. Our heads are down and we're working in our business and we're working on our business, but for some reason, cybersecurity is pushed to the side.

Peter Gailey: 39:29

You know what I call it. You're going to love this and again, I don't mean to be a jerk, I call it adult supervision. This is you need. This stuff is so. It's not hard to understand, but it's hard to implement. Okay, so I can tell you about each one of these whack-a-mole projects and items and stuff that you need to do and there are hundreds. Okay, so just bring in somebody like me or a virtual chief information security officer and you know we do contracts on an hourly basis, so you don't need to hire us. Just bring us in as a consultant it's called a virtual CISO. Okay, a couple thousand bucks a month or something, and whatever level of effort you need. So if I go in there and you can't give me an inventory, you need help, that's right.

Peter Gailey: 40:21

Okay, and I'm going to say here are the big rocks, here's what you need to do and I can help you do it, or you can do it yourself, I don't care, you just need to do it, do it right, I think that's awesome, I really am.

Jacquelyn Jackson: 40:35

I think it's not as well. Let's say it is, it ain't expensive. If you think because let me tell you something you think paying something to get it done.

Peter Gailey: 40:42

Try not to pay nothing to get done, and your business should? The numbers change every year? The last number I heard was 60% of small business small medium-sized businesses are put out of business after a hack in the first year. First year you're out of business, and that, to me, is just chilling and it's preventable, exactly, and we just hadn't.

Jacquelyn Jackson: 41:06

So that's why we're trying to bring it to the attention, because I think it's not us purposely trying not to, it's just having been brought to the forefront as business owners. Hey, add this along with your CPA and your attorney. Your lawyer and that's what.

Peter Gailey: 41:18

I'm saying your bank officer and your cybersecurity when is that Absolutely right. That's just another advisor that you should bring in and if you're, you know, depending on the size of the companies in this audience, you know, depending on the size of the companies in this audience, if you're big enough that you can afford that resource inside, it should be a priority.

Jacquelyn Jackson: 41:39

To do it and you guys can help them with getting somebody inside training and all that as well. That's what I think would be a big thing for you do a roadmap.

Peter Gailey: 41:49

Remember, you do a baseline and you do your plan of action and milestones. Right, and you just go and execute a programmatic approach and you know a year down the road, depending on the size of your company, what your budgets are and stuff like that. Why are we paying this external guy when we should probably hire some guy and have him on the payroll Right, and that's fine right.

Peter Gailey: 42:08

So it's reduce your risk and if you have compliance requirements depending on the industry that you're in, then you know what a VSO will do, or something like I'll do is come in and put a program together for you to help you. They help you do that Reduce risk, meet compliance.

Jacquelyn Jackson: 42:28

And that's what we need. Well, I do appreciate that, because that's definitely what we need, and I do thank you for coming first of all, so for enjoying you, for being here, and we definitely want to have you to come back on the show sometime later.

Peter Gailey: 42:40

I've enjoyed it. I hope I didn't just go crazy.

Jacquelyn Jackson: 42:43

You did, you did, so let's talk about our takeaways. I want to make sure you guys that the for my show today was preparedness is the key. Business owners must be proactive, preparing for cyber threats rather than reactive responding after an accident occurred, understanding the threat landscape and implementing the robust security measures that's in place. I hope you guys have gained some information. Again, we thank our guests for being with us today and if you all have any questions, you can go and log on to our website at tdjequityllcnet. You all again thank you and take care.

Intro: 43:20

We hope you enjoyed this episode of TDJ Equity Funding Insiders Podcast. If you'd like to be a guest or get in touch with us, please visit our website at tdjequityllcnet. Forward slash podcast or email us at podcast at tdjequityfundinginsidersnet. Until next time, take care.