Tag Archive for: Sileo

Just Wait for the Cavity: Dental Cyber Security

Dental Cyber Security is kind of like, well, being a dentist. You’re in your patient’s mouth. The red flags are clear as day: calculus buildup going back to pre-fluoride Woodstock days. Severe dentin erosion, onset of gingivitis, gums retreating like Arctic glaciers. But there is no actual decay yet. No cavities to drill or crowns to fill, no stains to cap or roots to tap. Absolutely. Nothing. Profitable!

So what do you tell the patient? That’s easy…

“Looks good! Come see me when that molar finally cracks.”

Of course that’s not what you say, but that is roughly how it sounds to me when a practice director tells me that they invest minimally in ongoing preventative cyber security because nothing truly bad has happened yet with their practice data. In other words, Just Wait for the Cybercrime Cavity and spend ten times as much recovering.

But I would never advise you to wait for the cyber decay, and you would never advise your patients to hold off on brushing, flossing and regular dental checkups. Nor should you wait to implement regular dental cyber security. We are both in the prevention business and we are building long-term relationships that have a great LTV. There are enough patients to keep us both in business with bad hygiene, so we can focus on doing our job well and stopping the problem before it takes root. That preventative mindset will save you approximately $380 per patient record, which is the average cost of breach recovery in the health industry (excluding reputation damage and customer attrition).

Here are what I consider to be the 5 Most Pressing Cybersecurity Vulnerabilities in Dentistry:

  1. Outdated operating systems (Windows XP/2000) and unpatched operating systems, software and apps
  2. Weak spam filtration and barely-existent employee training that leads to email-based phishing attacks
  3. Poor data backup and recovery planning that allows ransomware to lock and destroy patient and financial data
  4. Lack of solid encryption on data at rest (on servers), in transit (to patients, vendors) and in the cloud (practiced management software) that allows easy access to hackers
  5. Credential hacking of cloud data due to lack of 2-factor authentication and password managers

When your practice begins to protect patient data in the same way that you ask patients to protect the health of their mouth, you have just discovered a critical competitive advantage for patient acquisition and retention. Your patients want to know that their data is safe in your hands. Here are some additional resources to help you take the next steps in protecting your practice data:

What are the greatest gaps you see in Security Awareness Programs? Please share your brilliance below.


John Sileo loves his role as an “energizer” for cyber security at conferences, corporate trainings and in industry study clubs. He specializes in making security fun, so that it sticks. His clients include the Seattle Study Club, the Pentagon, Schwab and many organizations so small (and security conscious) that you won’t have even heard of them. John has been featured on 60 Minutes, recently cooked meatballs with Rachel Ray and got started in cyber security when he lost everything, including his $2 million software business, to cybercrime. Call if you would like to bring John to speak to your members – 303.777.3221.

Local Government Cyber Security: Our Next Big Threat

Security Awareness Programs Like Mushy Overnight Oats?

To diagnose your under-performing cyber security awareness programs, all you need to do is look at my breakfast today. My daughter introduced me to overnight oats. “It’s the perfect breakfast, Dad – full of energy, takes no time at all, packed with simple, healthy ingredients like oatmeal, almond milk and peanut butter”, she said. “That’s what I need!”, I said, “All of the power with none of the fuss”. So I took her recipe and promptly ignored it. I added cottage cheese, chia and some lemon – because if it was already good, I was going to  make it even better.

What I got was curdled mush that crawled out of the bowl like John Cusack’s dinner in Better off Dead. The theory of overnight oats was brilliant. It was my execution that made me gag.

Many security awareness programs choke on their own ingredients because, like my overnight oats, they don’t follow a recipe when they plan the program. The have no overarching security “end” in mind at the beginning, to paraphrase Stephen Covey. Empowering the human element of cyber security is the cultural ingredient that many organizations overlook. Think about tweaking your recipe a bit to make it more than palatable.

A Recipe for Effective Security Awareness Programs

One byproduct of serving as the opening keynote speaker for hundreds of security awareness programs around the world (in addition to the bottomless pit of mileage points I’ve earned), is that I have dined amidst training programs, OVER and OVER again, that leave me hungering for more substance and lots more flavor. Here is my simple recipe for a filling, enjoyable and effective Security Awareness Program:

Ingredients (For a Culture of Security that Cooks):

  • (1-3) C-Level Executive(s) who “Believe” (Ownership)
  • (1) Cross-Functional Business Case w/ Compelling ROI (Strategy)
  • High-Engagement Content Rooted in Personal Security (Methodology)
  • (6-12) Regular, Engaging Follow-on “Snacks” (Sustenance)
  • (1) Feedback Dashboard to Measure “Diner” Response (Metrics)

Ownership. Failing to have a highly-communicative Chief Executive leading your initiative is like expecting a 3-Star Michelin rating from a fast-food cook. You must have high-level “buy-in” for your program to work. I’m not talking about the CISO, CRO, CIO or CTO here – that would just be preaching to the choir. The missing cook in awareness programs tends to be a security “believer” from the executive team. Successful security awareness programs are clearly led, repeatedly broadcast and constantly emphasized from the top of the organization, all with an attitude of authenticity and immediacy. Whether served up by your CEO at an annual gathering or by your Board of Directors to kick off National Cyber Security Awareness Month, your security champion must become an evangelist for defending your data.

Strategy. Don’t expect to randomly add security ingredients to the bowl and blindly hope they mix well together. You’ll just end up with curdled oatmeal. Approach your program strategically, and devise a recipe to protect your intellectual property, critical data and return on information assets. You are competing for resources, so build a compelling business case that demonstrates the organization’s ROI in business terms, not buried in techno-babble. What did it cost your competitor when ransomware froze their operation for a week? How much would the training have cost to avoid the CEO whaling scheme that lost a similar-sized company $47 million? What do the owners of  compliance, HR and I.T. have to add to the meal? The most successful security awareness programs have a budget, a staff (however small) and cross-departmental support. Involve the business team and other stakeholders up front to leverage their expertise before rollout.

Methodology. Here is a litmus test for the potential effectiveness of your security awareness program: Does it begin by focusing on the critical information assets and devices inside of your organization? If so, it’s probably doomed. Why? Because your employees are human beings and they want to know how this affects them personally before they willingly invest time to protect the corporate coffers. Excellent security awareness kicks off by making data protection personal – by building ownership before education. From there, the training must be engaging (dare I say fun!?) and interactive (live social-engineering) so that your audience members pay attention and apply what they learn. Death-By-PowerPoint slides will permanently put behavioral change to sleep. Highly-effective programs build a foundational security reflex (proactive skepticism), and are interesting enough to compete against cute puppy videos, smartphone farm games and our undying desire for a conference-room cat nap.

Sustenance. Best practice security awareness training, like a five-course meal, doesn’t end with the appetizer. Yes, kickoff is best achieved with a high-energy, personally relevant, in-person presentation that communicates the emotional and financial consequences of data loss. But that is only the beginning of the meal. From there, your team needs consistent, entertaining follow-up education to keep the fire alive. For example, we have found short, funny, casual video tips on the latest cyber threats to be highly effective. And lunch workshops on protecting personal devices. And incentive programs for safe behavior. And so on. Culture matures by feeding it consistently.

Measurement.If you don’t measure your progress (and actually demonstrate some), no one will fund next year’s dining budget. What are your Security Awareness Training KPIs, your key metrics? How did successful phishing attacks decline as a byproduct of your program? Has user awareness of threats, policy and solutions increased? How many employees showed up for the Cyber Security Awareness Month keynote and fair? How department-specific are your training modules – or does one size fit all? When you can show quantitative progress, you will have the backing to continue building your qualitative culture of security.

And now, back to the meal. In spite of the lemon juice that further curdled the cottage cheese and ruined my oats, I was still hungry, so I ended up choking them down, vowing to listen to my daughter next time. And I hope you will listen to me this time: Approach your security awareness program like you are planning a feast for guests who matter a great deal to you. Because your uneducated employees, unprotected customer data, and invaluable intellectual capital are exactly what cybercriminals are eating for breakfast.

What are the greatest gaps you see in Security Awareness Programs? Please share your brilliance below.


John Sileo loves his role as a keynote “energizer” for Cyber Security Awareness Programs. He specializes in making security fun, so that it sticks. His clients include the Pentagon, Schwab and some organizations so small (and security conscious) that you won’t have even heard of them. John has been featured on 60 Minutes, recently cooked meatballs with Rachel Ray and got started in cyber security when he lost everything, including his $2 million software business, to cybercrime.

12 Days to a Safe Christmas: Day 12 – Holiday Security Tips All Wrapped up Together

Would you like to give the people you care about some peace on earth during this holiday season? Take a few minutes to pass on our 12 privacy tips that will help them protect their identities, social media, shopping and celebrating over the coming weeks. The more people that take the steps we’ve outlined in the 12 Days of Christmas, the safer we all become, collectively.

Have a wonderful holiday season, regardless of which tradition you celebrate. Now sing (and click) along with us one more time.  

On the 12th Day of Christmas, the experts gave to me: 

12 Happy Holidays,

11 Private Emails,

10 Trusted Charities

9 Protected Packages

8 Scam Detectors

7 Fraud Alerts

6 Safe Celebrations

Fiiiiiiiiiiive Facebook Fixes

4 Pay Solutions

3 Stymied Hackers

2 Shopping Tips

And the Keys to Protect My Privacy

 


About Cybersecurity Keynote Speaker John Sileo

John Sileo is the founder and CEO of The Sileo Group, a cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker and expert on technology, cybersecurity, and tech/life balance. He energizes conferences, corporate trainings and main-stage events by making security fun and engaging. His clients include the Pentagon, Schwab, and organizations of all sizes. John got started in cybersecurity when he lost everything, including his $2 million business, to cybercrime. Since then, he has shared his experiences on 60 Minutes, Anderson Cooper, and even while cooking meatballs with Rachel Ray. Contact John directly to see how he can customize his presentations to your audience.

12 Days to a Safe Christmas: Day 11 – Is that Holiday Email Really a Lump of Coal?

Holiday Security Tips: On the eleventh day of Christmas, the experts gave to me, 11 private emails

During the holidays, we tend to spend more time online, searching for the perfect gift, swapping emails with friends, viewing festive holiday pictures, jokes and so on.  Cybercriminals know this and guess what?  They’re online more, too—looking for ways to lure you into scams to ruin your holidays and steal valuable information.   Here are just a few email scams to watch for:

Holiday e-card scams: Each year, more and more people are going the environmentally friendly and cost-effective route by sending holiday e-cards.  Cybercriminals, looking to install malicious software on your computer, may join in the fun and send you an e-card with an attachment to open.

Solution:  Resist your curiosity to see that adorable elf dance; only open attachments from trusted friends and family. If you don’t recognize the sender, don’t open the e-card. 

Holiday-related search term scams: We all like to be a bit more festive at the holidays, so we look for winter wonderland screensavers or our favorite carol for a ringtone.  However, these items may be disguised malware or spyware and you won’t feel so festive after it compromises and exposes the data on your computer.

Solution:  Make sure that you have protected your computer with automatically updated anti-virus software and operating system updates. As a rule of thumb, if you aren’t paying cash for a download, you might be paying by giving away your free information.

Fake invoice scams: Cybercriminals know that we tend to do a lot of holiday shopping online or through catalogs.  To try to trick you into giving credit card details or other valuable information, the criminals will send fake notices, either about delivery status or phony invoices that appear to be from legitimate companies (UPS, FedEx, USPS).  They might say they need to credit your account or you need to fill out a form in order to receive the package.  When you comply, your information and/or your computer may be compromised.

Solution:  Log onto the website of the company supposedly contacting you to track your packages or get a phone number to call and check on the action requested.

If you must peek inside a package, choose the shiny one underneath your Christmas tree.  Just don’t open those scary email links! On the twelfth day of Christmas…

To review our tips from previous days, click here.

 


About Cybersecurity Keynote Speaker John Sileo

John Sileo is the founder and CEO of The Sileo Group, a cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker and expert on technology, cybersecurity, and tech/life balance. He energizes conferences, corporate trainings and main-stage events by making security fun and engaging. His clients include the Pentagon, Schwab, and organizations of all sizes. John got started in cybersecurity when he lost everything, including his $2 million business, to cybercrime. Since then, he has shared his experiences on 60 Minutes, Anderson Cooper, and even while cooking meatballs with Rachel Ray. Contact John directly to see how he can customize his presentations to your audience.

12 Days to a Safe Christmas: Day 10 – Beware the Phony Santa Claus Comin’ to Town

Holiday Security Tips: On the tenth day of Christmas, the experts gave to me, 10 trusted charities

Because you tend to be more giving throughout the holidays, scammers target you during this time of year. Whether they are asking for a donation to a charity, promising free iPads, claiming to be a friend in need, or are asking you to click on something outrageous or out of character, don’t fall for it.

Solution: Keep your eyes open for these common holiday scams

  • Phishing. Thieves, or hackers as they are more commonly known, will send emails that look like they are legitimately sent from a charitable organization when in real-life these are fake web sites that are designed to steal credit card information, donations and your identity. To donate, call or visit the website of a reputable charitable organization.
  • Click Jacking. Click Jacking is a type of social spam. After taking over a friend’s Facebook account, the spammer posts a message on your friend’s Facebook or Twitter page offering free gifts or recommending you donate. Since it looks like a friend has endorsed the post, it’s much easier to fall for the scam. If it’s not believable or out of character, don’t click, as it’s likely to install Malware on your system.
  • Charity or Friends-in-Distress Scams. Never send money (via check, cash or electronically) based solely on a wall post, email or phone call. Only donate to known charities and only when you have initiated the gift. Respond to wall posts, emails or phone calls for charity by contacting the charity on a reputable phone number or website.

The song tells you that you’d better not pout and better not cry; you won’t have to do either if you just watch out! On the eleventh day of Christmas…

To review our tips from previous days, click here.

 


About Cybersecurity Keynote Speaker John Sileo

John Sileo is the founder and CEO of The Sileo Group, a cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker and expert on technology, cybersecurity, and tech/life balance. He energizes conferences, corporate trainings and main-stage events by making security fun and engaging. His clients include the Pentagon, Schwab, and organizations of all sizes. John got started in cybersecurity when he lost everything, including his $2 million business, to cybercrime. Since then, he has shared his experiences on 60 Minutes, Anderson Cooper, and even while cooking meatballs with Rachel Ray. Contact John directly to see how he can customize his presentations to your audience.

12 Days to a Safe Christmas: Day 9 – I’m getting Nuttin’ (But Scams) for Christmas

Holiday Security Tips: On the ninth day of Christmas, the experts gave to me, 9 protected packages

Thieves are on the lookout for the delivery of packages, especially around the holidays.  FedEx and UPS packages might sit outside for hours, often in plain view from the street, making a mighty tempting target.  Not only can thieves grab the precious contents inside, but also the shipping labels often contain personal information the thieves love to get their hands on.

 Solution: Ship packages to your work address, or a PO Box or require a signature 

If your employer doesn’t mind your receiving packages at work, have them shipped there since someone is generally available during the day (when shipments arrive).  If that doesn’t work, consider getting a PO Box at the post office during the holidays.  When all else fails, ask to have your packages shipped with signature required so that they aren’t dropped off unless someone is there to sign.

Even if you didn’t put a tack on your teacher’s chair or tie a knot in Susie’s hair, you might get nuttin’ for Christmas if you don’t outsmart the thieves.  On the tenth day of Christmas…

To review our tips from previous days, click here.

 


About Cybersecurity Keynote Speaker John Sileo

John Sileo is the founder and CEO of The Sileo Group, a cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker and expert on technology, cybersecurity, and tech/life balance. He energizes conferences, corporate trainings and main-stage events by making security fun and engaging. His clients include the Pentagon, Schwab, and organizations of all sizes. John got started in cybersecurity when he lost everything, including his $2 million business, to cybercrime. Since then, he has shared his experiences on 60 Minutes, Anderson Cooper, and even while cooking meatballs with Rachel Ray. Contact John directly to see how he can customize his presentations to your audience.

12 Days to a Safe Christmas: Day 8 – What to Give the Person Who has Everything (and Wants to Keep it!)

Holiday Security Tips: On the eighth day of Christmas, the experts gave to me, 8 scam detectors

Most of us are too busy to monitor every form of identity that is at risk. Unfortunately, victims usually get hit when they take their eye off the ball.

 Solution: Purchase a comprehensive identity monitoring service

While a partridge in a pear tree may have been appreciated in 18th century England, it’s not a very coveted item these days!  Instead, help out the ones you love (and yourself!) by giving the gift of identity theft monitoring.

Traditional credit monitoring (which you can do for free at AnnualCreditReport.com) only detects a portion of identity theft. The remaining theft occurs as a by-product of non-credit loan activities (pay-day loans, etc), shared public records (court cases, real estate transactions, government filings, etc.), Internet trading sites (bought and sold on rogue websites), or in relation to medical or criminal records. It is important to monitor these forms of potential identity theft as well as your credit file. The key here is convenience; if you don’t have to do much to monitor a large portion of your identity, the work goes down while peace of mind increases. Make sure that your monitoring service has at least the following features:

  • 3-in-1 Credit Monitoring from each of the bureaus (Experian, Equifax, TransUnion)
  • Court & Public Record Monitoring
  • Non-credit loan monitoring like pay-day loans
  • Internet Surveillance for the buying and selling of your data
  • Sex Offender Reports to make sure crimes aren’t being committed in your name
  • Identity theft insurance to cover costs if you are affected
  • Identity theft restoration services to save you time

Forget the fruitcake; buy them something they’ll truly appreciate and remember long after the holidays! On the ninth day of Christmas…

To review our tips from previous days, click here.

 


About Cybersecurity Keynote Speaker John Sileo

John Sileo is the founder and CEO of The Sileo Group, a cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker and expert on technology, cybersecurity, and tech/life balance. He energizes conferences, corporate trainings and main-stage events by making security fun and engaging. His clients include the Pentagon, Schwab, and organizations of all sizes. John got started in cybersecurity when he lost everything, including his $2 million business, to cybercrime. Since then, he has shared his experiences on 60 Minutes, Anderson Cooper, and even while cooking meatballs with Rachel Ray. Contact John directly to see how he can customize his presentations to your audience.

12 Days to a Safe Christmas: Day 6 – Don’t Let the Grinch Steal Your Party!

Holiday Security Tips: On the sixth day of Christmas, the experts gave to me, 6 safe celebrations

Isn’t it unfortunate that holiday parties, at home or at work, are a major source of data theft? Crafty thieves are searching for smartphones, iPads, financial documents, checkbooks, credit and debit cards, laptops, client lists, thumb drives, files, mail, purses, wallets and all other sources of identity. The data on digital devices is a veritable goldmine equal to making off with the Roast Beast.

Solution:  During parties, lock identity behind closed doors (and away from acquaintances)

Ignore the voice of denial (it sounds like Boris Karloff) insisting that your friends, family, co-workers, vendors, customers and colleagues wouldn’t possibly steal from you. Cindy Lou Who didn’t suspect the kindly “Santie Claus” either! I hear hundreds of stories every year after my speaking engagements with the same sad ending: the victim knows the thief! Don’t assume the worst about your guests; just don’t assume anything and protect yourself preventatively.

Just before a holiday gathering, centralize all sources of identity into one locked location (like an office or bedroom with a locking door).When a potential thief disappears upstairs, you don’t have to worry about it. When the high-traffic season is over, return your house to normal (unless you regularly use a cleaning service or allow outsiders into your home).

Remember that Christmas “doesn’t come from a store. Maybe Christmas, perhaps… means a little bit more!”  Eliminating the risk up front will help you enjoy your friends, family, and coworkers at all of those holiday parties! On the seventh day of Christmas…

To review our tips from previous days, click here.

 


About Cybersecurity Keynote Speaker John Sileo

John Sileo is the founder and CEO of The Sileo Group, a cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker and expert on technology, cybersecurity, and tech/life balance. He energizes conferences, corporate trainings and main-stage events by making security fun and engaging. His clients include the Pentagon, Schwab, and organizations of all sizes. John got started in cybersecurity when he lost everything, including his $2 million business, to cybercrime. Since then, he has shared his experiences on 60 Minutes, Anderson Cooper, and even while cooking meatballs with Rachel Ray. Contact John directly to see how he can customize his presentations to your audience.