Nerds on Site is known for providing top of the line cybersecurity solutions to entrepreneurs. What sets the company apart from other similar organizations?
Charlie: One of the major differences is our security platform and protocol. It is quite unique, and David and his team have just succeeded in having it patented in the EU, and it’s pending in the US as a status of intention to grant. It’s called AdamONE and it’s at the core of our security protocol. The secret to making money if you’re a criminal using cybercrime as your vehicle is to get stuff that isn’t yours. That means they have to invade computers, phones, servers, security cameras, printers, and everything that is online today. It is quite a remarkable assortment of endpoints and the secret to their monetization of cybercrime is their ability to drag out all the information that’s housed inside of all your company’s systems, and that’s what AdamONE does in the marketplace.
It has a secret sauce called “don’t talk to strangers”, the same advice parents gave children when they were first able to walk around and move on their own “don’t talk to strangers” because it’s dangerous”. Computers and all other devices when they are online should not talk to strangers, they should only talk to clients, suppliers, and only to team members who are part of that network of trusted colleagues. Criminals find a way to get your servers, cameras, and your computers to talk to them in other places like Asia, Russia, and Ukraine, so the “don’t talk to strangers” features protects that.
Criminals, when they’re looking at a client who’s protected by AdamONE, all of a sudden their curve isn’t flattened, their curve, is flatlined and nothing comes out, so before long they think we must be dead in the water let’s move on to someone else who is still alive – that’s the biggest single differentiator. The fact that it’s a very reasonably priced product in the SME space is also important, but most importantly we help companies protect their stuff like nobody else right now.
What are some of the best solutions for entrepreneurs when it comes to protecting their data and confidential information?
David: To protect their data and confidential information is to take an entire attitude of distrust of computers and technology and how they are going to be abused and misused. The moment you take the approach of I don’t trust an application or I don’t trust this program, you turn out to be questioning how you got the program, how it was installed, who suggested that you have it, did you look for it, versus someone just telling you to install it – so that’s a really good strategy from a perspective that is all-encompassing.
The other important strategy to apply is all online accounts should be protected with multi-factor authentication, meaning it is no longer just a username and password required for you to access online recourses. In addition to these names and passwords, an additional factor is required such as a number tumbler that could come in a physical form or an authenticator app on your smartphone. The best option you could have is a physical key that cannot be duplicated such as a Google Titan Key or a YubiKey that is just like the one for your vehicle, house, or safe in the bank – it’s the only key that works and cannot possibly be duplicated. This may sound overly excessive but the thing about security is that it’s always too much until it’s not enough, and that’s when we get caught – even those that are reasonably security vigilant.
In your expert opinion, what is the biggest challenge that entrepreneurs face when it comes to protecting their business from cyber-attacks?
David: The biggest risk that causes them to get attacked is thinking that someone else has my back or that I’m not going to be targeted because I’m a small business and why would they target me, I have nothing to offer. That laissez-faire attitude is what over time exposes such a business into becoming a target. It’s not just one industry that is being targeted, and we have now observed this by a very careful study that organized crime will focus on one sector at a time. No one is completely safe because we don’t know what the next sector or industry will be specifically targeted. Even though one industry is targeted by cybercriminals, very often in that lasso a lot of others get caught up in the process as well. Not to mention that if there if is an indicator that your organization is particularly weak in one area, then why wouldn’t they target that area of weakness.
We have seen cybercriminals make shifts based on what is going on in the industry. For example, if a security researcher follows the modern responsible disclosure process by where they find the weakness in a popular program, they will typically contact the vendor and say, “by the way, I found this weakness in your system and I’ll give you 90 days to fix it. But on day 91 I’m going public with my findings.” At that time hopefully, the vendor has already secured the weakness. In many cases, the big companies like Microsoft and all the other big security companies that have had their weaknesses exposed in the last year, and all had a patch – a security fix before it was publicly known. The problem is when it’s published, you still have a very large amount of an installed base that hasn’t yet patched the systems.
As soon as there is a weakness that is known, the cybercriminals immediately target and say, “this is excellent, we now know of new weakness, let’s go ahead and target that.” A very specific example, that I’m surprised is not more dominant in the media is how we have about 1 billion smartphones that are powered by outdated android. They are still in use today and have known vulnerabilities that will never be patched, so the market for cybercriminals is extremely large considering that we know there’s a billion vulnerable android phones in use today.
Charlie: One of the dangers that SMEs are presently experiencing is the move from in-house or inbuilding teams to remote locations. We’re talking about a footprint that is now distributed, but now much more importantly, hardware and software that may not, in fact, be secure. As many doors, windows, cracks, and holes in the walls that criminals had previously, there are many more today. We know that cyber-attacks are up more than 500% and, in some sectors up more than 600% since COVID was declared a pandemic.
It’s a frightening time presently because criminals are finding their way into private data and who knows how long 6 or 12 months from now when they go about the process of monetizing because they spend a lot of their time just surveilling, looking around, sniffing here, sniffing there. Once they begin the process of monetizing this access to data, there will be a crush in the marketplace once again of things like ransomware, identity theft, and alike.
What impact can cyber breaches have on the success of a company?
David: The impact of a cyber breach on the success of a company I’m not sure, but we know that there certainly is an impact on the lack of success. There’s a negative impact on the success of an organization because to patch and resolve a cybercrime incident in a company is always more expensive than to prevent it. Any organization that holds personally identifiable information of individuals – the cost of a breach in Canada that insurance companies use for cyber insurance, is estimated to be $197 per lost record. If your organization houses 10,000 records, then the actual liability case is almost 2 million to mitigate with either preventative mechanisms, cyber insurance policy, or both. The 10,000 records will not take you anywhere close to the 2 million dollars of liability that represents to protect in the first place.
It’s the same situation many decades ago before automobile insurance was required by law. As human beings, we tend to think irrationally, there’s a good book by the author Dan Ariely who wrote about the concept in his book called Predictably Irrational. We would not be opting for car insurance because of the $150, $250, $300 a month that would cost us we would say, “no, I’m just going to drive carefully and not have any accidents and I’ll save myself that money.” The majority of us would not be purchasing insurance because we have this predictably irrational disposition that it’s not going to happen to us – and that is how cybercrime is today. It impacts our chance of success because we have this outsized risk that we’re not taking care of proactively if we don’t take the proper security posture and implement a cybersecurity implementation.
More and more companies are embracing remote work. What are some of the solutions and programs that Nerds on Site provides to companies who are based remotely so that they can keep their business safe and secure from data breaches?
David: Working from home has opened new cybersecurity risks that are outsized and amplified because not everybody is prepared with a secure environment in their own homes. At home, we tend to be more relaxed about people that use technology, we install entertainment software and computer games – a lot of these games use aspects of the computer that make it less secure and much more vulnerable to attackers. Generally speaking, home routers don’t have security or content filters, so that sets up a home environment to expose a business use to additional cybercrime.
Our answer to that is to offer a secure work from a home device that can not only work safely from the home environment but also work safely from anywhere else. As soon as we have our quarantine listed, and we start visiting hotspots again like coffee shops for WIFI, we want devices to be safe there as well. These devices come pre-secured before they get into the hands of individuals that work from home and make it so that it is very difficult for cybercrime to ever occur on those deceives.
Charlie: It’s called home to base, H to B, a great product.
On a final note, given the current situation with COVID-19, what advice can you give to entrepreneurs?
David: My advice would be to not be afraid. Keep building your business as aggressively, as hopeful and as positively as you did before, this will pass.
Charlie: We are the SME. Globally the heart and soul of the economy. We have seen governments responding, specifically in our space for that reason. They know that if the SME attitude, spirit, and passion, die -so does the company. SMEs need to be the beacon and they need to be talking. Even though you may not be allowed to venture on the streets or your neighborhoods, please make full use of all the communication tools available to you. Your face, your smile, and your eyes are more powerful than you might give them credit for. Not just your voice but get your face on applications like Zoom so that others can participate. Our families are being impacted in a positive way because we’re spending more time together and finding more ways to include more people around the dinner table – even if we have an iPad at the end of the table. We need SMEs to be the ones who continue to create and innovate. We must use this time to think, to read, to learn, and to use the grey matter upstairs, along with the heart and soul behind that grey matter. We are the lunch kit.