Cybercrime: What You Should Know & How to Prevent it
In this episode, we talk to digital entrepreneur Julien Phipps (Founder, Accellerra) about the nefarious world of cybercrime. In our conversation, Julien elaborates on the different types of cybercrime out on the Web, the financial and economic consequences of these actions, the importance of “cyber resilience”, and the steps that companies as well as small businesses can take to prevent future cyber attacks.
Topics discussed in this episode:
- What constitutes a cyber-attack? [7:56]
- Why cyber-attacks continues to increase worldwide? [9:34]
- What type of cyber-attacks that B2B and digital entrepreneurs should be aware of? [10:48]
- How can smaller businesses prevent cyber-attacks? [16:02]
Christian Klepp, Julien Phipps
Christian Klepp 00:08
Hi, and welcome to the B2B Marketers on a Mission podcast. I’m your host Christian Klepp, and one of the founders of EINBLICK Consulting. Our goal is to share inspirational stories, tips and insights from B2B marketers, digital entrepreneurs, and industry experts that will help you to think differently, succeed and scale your business.
Christian Klepp 00:29
Hi, everybody, and welcome to episode 5 of the B2B Marketers in the Mission podcast. I’m your host Christian Klepp, and today I’m excited to have Julien Phipps join me. Julien, welcome to the show.
Julien Phipps 00:40
Hey, thanks, Christian. Really appreciate it.
Christian Klepp 00:43
All right. let’s get started. Why don’t you tell us a little bit about yourself and what you do?
Julien Phipps 00:49
Sure. So for several years now, I’ve been involved in the financial industry dating back to actually to 1997 when I started my career in banking. Over a good portion of a decade since that time, I was moving my way up through the ranks in the banking industry, everything from frontline teller, retail environment, banking environment to handling banks liquidity and understanding, the investment brokerage side. From that point on, moved to having a startup that was operational in doing peer to peer exchange, doing currency exchange online. So that was novel at the time because there weren’t many of us doing it. So it kind of pioneered that space a little bit. Now moving forward was working in the industry selling banking technology and software, not only for the banking industry, but also for lenders for different technology companies, platforms, and also had the ability to actually lead sales as head of sales in Canada for a company in the fraud prevention space. So, essentially some of the developments there included: leveraging artificial intelligence and machine learning and a whole consortium of data to provide insight for companies on how to reduce crime online cybercrime online and kind of get a step ahead of the bad actors out there. So that leads me to where I’m at today doing some very interesting stuff in the blockchain world, digital assets and custodianship. And so if you think of the world of cryptocurrency, and all of those Bitcoins and Ethereum, that’s the world I live in today.
Christian Klepp 02:40
Yeah, that’s definitely an interesting career path that you took. It’s very interesting that you mentioned that you were working in the field of fraud prevention, because that’s definitely going to be the topic that we’re discussing today. But before we get on that, Julien, why don’t you tell us a little bit about what motivated you to take this new path, and this path through entrepreneurship?
Julien Phipps 03:01
Yeah, absolutely. So one of the great things I think, not only when you have experience under your belt, but also in an early stage or point in your career, taking sometimes what’s viewed as chances or risks in your career can be good and can be also come with rewarding, can also provide you with a lot of experience that you wouldn’t get otherwise. So for me, it was an opportunity to look at how I could leverage a lot of my experience throughout the years, apply that to a young startup company, that doesn’t always have all of the funding in place, but you are at an incredible point in the journey that allows you to have so many touch points, and be involved in not only the day to day operations, for me, being a sales and biz dev guy, being able to negotiate in the rooms with the likes of wonderful partners and different stakeholders that you’re engaging with, but also in the stage of attracting investment and dollars for your companies and learning how to really navigate those financials as well. That’s something that he wouldn’t necessarily always get exposure to, unless you were very highly skilled and trained in those areas. So, yeah, those are the some of the things that attracted me – the ability to consider entrepreneurial roles.
Christian Klepp 04:34
Fantastic. You’ve undoubtedly over the years, acquired a certain set of skills which are going to serve you well, on this new path and coupled with a bit of a risk taking attitude.
Julien Phipps 04:47
Yes, yes, absolutely. I feel like Liam Neeson, I have a very unique set of skills. So, it is one of his quotes in some of his movies there.
Christian Klepp 04:58
Yeah, just don’t go kill anybody.
Julien Phipps 05:00
Christian Klepp 05:03
So, I mean it’s almost as it happened overnight. The global pandemic has dramatically changed our lives and the way we work and a lot of people have switched to working remotely and working from home. Certainly, working online and the advancement of digitalization, it’s something that people are talking a lot about these days, right? Some countries have lifted their quarantines, while others like Canada, for example, we still remain the lockdown mode here. But as if the current crisis wasn’t bad enough, then we also have to deal with something which I would say was a result of the ongoing anxiety and fear that people have. And that kind of has opened the door to another threat, which was already happening before the pandemic and I feel has become even more of a reality right now. And that’s cyber-attacks.
Julien Phipps 06:01
That’s right. Yeah, absolutely. Cyber-attacks, I am dating back even to early internet days have been going on at some form or another in terms of data breaches. And I know there was a study back in 2013, a very interesting one that Verizon did. And it was reporting that about 71% of data breaches that were conducted, or by bad actors, were actually targeting small businesses with less than 100 employees. And of those hundred employees actually, typically, they’re actually a small businesses of 10 or less people. So imagine like the the impact of that can have on those small businesses.
Christian Klepp 06:43
Exactly. And it’s interesting you mentioned that because I did a little bit of research myself and I think it was the Canadian Broadcasting Corporation (CBC) that highlighted that it’s the current health system also in Canada that’s come under attack from cyber criminals because they’re trying to access patient information and other data, that hospitals are storing. And there was another report by Tri-City News in May 2020, that cyber criminals were trying to pretend to be Canada Post and they were sending out these fishing emails. But in fact, what they were trying to do, or attempting to do was steal people’s financial information online. Right?
Julien Phipps 07:22
That’s right. And there’s so many uses for the that information, health rate records, but also like, what some of cyber criminals are doing now. They’re putting together, essentially a whole new identities with piecing together these different pieces of information.
Christian Klepp 07:41
Right, exactly. So, I’m sure a lot of the listeners out there are kind of familiar familiar with what it is, but in your own words, what would you say constitutes a cyber-attack? And can you please expand on that a little bit?
Julien Phipps 07:56
Yeah, sure. So, my experience and my understanding with cyber-attacks is really when confidential data is being really exposed or compromised or even lost in a cyber-attack. So what ends up happening is both the people that are exposed and the businesses that are targeted are really the victims and all of this, right? So for hackers, they might be searching or pilfering for different, like personal information, they might be looking for your bank account information, credit card. We’ve all had our credit card probably compromised once in our lifetime, our social insurance numbers or social security in the US, right? So these type of key pieces of personal information, a lot of times are the targets. With those you can often conduct financial crimes. Financial, for the hackers, it’s really having a financial gain or, or having enough information or data breach that is valuable that they can sell on the dark web. So all of that is really just to say that, when identity is being untangled or like pilfered from different sources on the web. Usually, it’s a very long and strenuous kind of process that puts both the individuals and the businesses through a lot pain.
Christian Klepp 09:22
Yeah, that’s exactly right. So, why do you think that cyber-attacks have continued to increase, not just in the US and Canada, but like worldwide, especially because of this pandemic?
Julien Phipps 09:34
Yeah. Well, in light of the pandemic, you got to realize we’re also going through a very challenging economic time. And so, there’s going to be perhaps less, there’s going to be opportunities for criminals to to organize crime to actually go out and conduct even more targeted attacks and some of the challenges for people is now that you’re already in a compromised position perhaps financially or a business is struggling, you may be looking or more vulnerable to different types of attacks or ways that they’re trying to fish out information from you. So this is some of the reasons why I believe these attacks are on the rise.
Christian Klepp 10:24
Right. Right. Exactly. But that’s exactly it. Based on your experience, because, you were working in the field of email fraud prevention. What type of cyber-attacks did you see there and that our listeners, people like in the B2B world and digital entrepreneurs should be aware of?
Julien Phipps 10:47
For us, we were kind of leading, I guess, in a specific fraud sector where you could actually mitigate some of the fraud before it started. So, some of our use cases, we’re really if you have a website and you’re having people sign up for your services. It can be as simple as, gaining a little bit more information behind who it is that is coming to your virtual doors or your website to sign up for your service. So, these are kind of preemptive. And you’re able to then kind of detect based on different data signals that exist out in the web, or in the internet. You know, who that individual is, some of the technology that exists today allows you to not only track you’re located, in terms of geolocation. It allows you to see, where they’re potentially if that geolocation correlates to perhaps like a phone number that they’re entering in your formula, your questionnaire online, and also, you can correlate that to the first name last name does it match? You know, so all these pieces of information because very strong when you correlate them together, if there are discrepancies, then you say, okay, well, perhaps there’s a reason for that. But it at least allows you to give you a chance to then screen some of your good customers versus perhaps customers that are there for nefarious reasons. So that’s kind of one of the areas that we were specialized in. Of course, this is also powered by a lot of machine learning and artificial intelligence that correlates all of this data up to, around 150 data points, believe it or not. So, they could tell where you might have shopped before, if your email was seen in one of the partner websites, so all of this adds to the strength of you as an individual online. And so this is some of the types of technologies that are being utilized by very successful companies nowadays. And the good thing about it is it can be used by small medium sized businesses as well.
Christian Klepp 12:59
Hey, it’s Christian Klepp here. We’ll get back to the episode in a second. But first, is your brand struggling to cut through the noise? Are you trying to find more effective ways to reach your target audience and boost sales? Are you trying to pivot your business? If so, book a call with EINBLICK Consulting, our experienced consultants will work with you to help your B2B business to succeed and scale. Go to www.einblick.co for more information.
Christian Klepp 13:28
You brought up some really interesting points and at least to my knowledge, some of the things that you’re referring to, I think that’s what constitutes what they call social engineering, isn’t it? Like when they collect your data, like for instance, your email address and like your behavior online and so forth, and they try to create the so called persona view to understand or to anticipate. What your next move is going to be?
Julien Phipps 13:53
That’s right. Yeah, I mean, it’s digital, your digital persona and really cybercriminals on the flip. That are essentially the ones that are trying to create what are called synthetic IDs, leveraging a piece of valid ID but then creating a whole new persona behind that, like you mentioned. And these are some of the the modern day, I guess, ecommerce challenges, but also just general technology platform challenges that exist today. If you’re an entrepreneur, creating any type of online service where people sign up, you want to be thinking about ways that you can mitigate some of those fraudulent activities before they begin and before they infiltrate, and perhaps even sit dormant in your environment, until the day comes where they can strike and extract value out of your company or your operations.
Christian Klepp 14:46
Right. So how do you think cyber-attacks can impact not just larger B2B organizations, but especially smaller businesses, who may not have the means or resources to in place to prevent cyber-attacks.
Julien Phipps 15:04
Yeah, they can be affected in a number of ways. Sometimes it’s just as simple as having DOS attacks which are very troublesome they can basically stop your ability to conduct business, right. DOS, which stands for a disk operating system, essentially your DOS, your Microsoft DOS operating system, these are on every pretty much every computer right has a DOS system almost. If they’re able to, basically locked down your computer, your network for small businesses, this can be crippling and even put them out of business, right, they can lose all their data, they can have the potential that they couldn’t recover from such a attack, whereas larger organizations have become a lot better at securing their IT environments, reducing the threat of these attacks or DOS attacks as well. So what small businesses can do is really there’s a number of steps that we could probably get into, later on or now whenever you like, but some of them include just having as simple as having a strong policy password, right? Or password policy, I should say, yeah, and, and even knowing all of the devices that are connected to your network at your business, right, so maybe locking it down being understanding and having, ensuring that when people bring their own devices and connect your network that they have been verified or authorized to do so. So there’s a lot of ways of course, you can have a firewall and those are just kind of the top three things that I would start with. So having a strong password policy, knowing that the all of the devices connected to your small business network, and really having a firewall as well as probably an anti virus, anti-malware device or service on every device. So those kind of four top things really are very important. Later on, I can talk about some of the other aspects.
Christian Klepp 17:11
Well, that’s fantastic. Thanks for bringing up those simple steps that business can take to prevent cyber-attacks, but also to the next question and you’ve already highlighted it, but maybe you can expand on that a bit further. Can you explain the importance of what we can call cyber resilience?
Julien Phipps 17:33
Yeah, cyber resilience is really, I think it’s one of the things that where you’re prepared as a business and really being able to recover from any sort of cyber threat or cyber-attack. So a lot of users might think about users, I guess a lot of people in the IT world might think of this as an entity’s ability to really continuously deliver their products or service online, despite any sort of bad event or threat that occurs to them. So it’s really how you can reboot and recover from this. So that’s kind of really how I would describe that as best I could in simple terms.
Christian Klepp 18:21
Yeah. That’s, that’s really great. And it brings back this old this old saying that we had, um, back in university when I was studying production, operations management, and it’s basically prevention before detection. Yeah, yeah. And the same holds true, and the cyber in terms of cyber resilience or cyber threats.
Julien Phipps 18:43
Yeah, it’s having a contingency plan.
Christian Klepp 18:49
Exactly. So this is undoubtedly a topic about a challenging situation because, nobody wants to have their computer or their assets compromised, right? But let’s try to look at it from a more constructive and I would say, purposeful perspective. So from your view, how can cyber resilience and taking the right steps help businesses to improve and become better? And not necessarily just that protecting themselves from cyber-attacks? But what does that right mindset help them to do ultimately?
Julien Phipps 19:22
Well, it’s a few things. One is, educating not only themselves as business owners, small business owners, but also educating their employees. Having a playbook internal playbook of what is expected out of employee digital kind of behavior or understanding how devices connect and, what devices are authorized, what to click on what not to, things that are maybe what websites that they need to block from their network in order to remain safe as a business, right? So a lot of these are preventative measures but also educational in the sense that when you’re onboarding new employees, you’ve got a handbook or a training onboarding book that allows them to have a section on perhaps, you know, cyber threats or what to do and what not to do in terms of online behavior when you’re working on the business network. So these are very important because as we mentioned before, these attacks on small businesses on average, you got to look at the cost of what these potential infiltrations affect. On average, we’ll have to spend, you know, days recovering and fixing a lot of the damage that’s been done. That could take on average two to three weeks to perhaps put things back if you don’t have a strong IT department that has a, as you said, resilience, cyber resilience plan in place and also the financial impact. So a lot of small businesses have said either their reporting that their data has been taken and basically downloaded from their business. So it might be sensitive personal data that is very impactful not only on them, but the reputation of their firm. And it can also be financial in the sense that they’ve lost revenues or they’ve lost actual dollars, right. So, really, it comes into a point where you really have to educate, prevent, and really ensure that you have a playbook on this. I think it’s smart to to focus either your HR department and or in collaboration with your IT department if you have one, to have something in place in terms of making sure that it’s all it’s known throughout the organization.
Christian Klepp 21:55
Those are some really great insights, Julien, thanks for that. I think it’s also important point out. And I think it’s going back to some of the things that you’ve discussed them over these past couple of minutes. It’s also important for companies or organizations, regardless of their size to get on their team or their people to understand how the cyber resilience aspect, how that plays a central role or how it plays an important role in the overall ecosystem of the company and get them to see where that all fits in.
Julien Phipps 22:33
That’s absolutely true. One of the things here too, is that, you know, while a lot of what we’re talking about today is cyber-attacks that happen to the business. We just touched on the education portion in terms of ensuring all your employees and or stakeholders internally are up to date on what to do and what not to do. It’s also sometimes, human behavior, right. So if you can train the human behavior and also like your employees to know what is sensitive information and how sensitive information is being handled. A lot of times, you or I could be going out somewhere and shopping, and they might ask for some of your own personal information and you as a consumer also have sometimes the right to or do have the right whether or not you want to divulge some of that information. So, because once it gets into somebody’s hands, that you’ve given them a certain authorization to do what they are going to do with that information. But you have to know what is going to happen to that right. So where is it stored? Who is going to access it? I often find myself saying, okay, well, who are the people in the business that have access to your personal information?
Christian Klepp 23:56
Well, that’s exactly right. It’s really important know that. This is fantastic. Julien. So did you have any other advice or thoughts that you’d like to leave the listeners with or any other recommendations in terms of steps that they can take to protect themselves from cyber-attacks?
Julien Phipps 24:13
Yeah, well, we mentioned at the top of the segment, having a strong password policy is really knowing that the devices that are connected to your network, especially if they’re bringing together devices as well, ensuring you have a firewall and antivirus. What I would add to that really is also ensuring that, if you do have sensitive information in your business and your handling that have also a policy where you’re often perhaps or every so often checking and auditing some of that information that’s being stored is being done correctly according to your internal policy, are you handling it with kid gloves, making sure everything is in place properly. Educating the employees is definitely another one but also for some of the more sophisticated, perhaps online services, and you don’t even need to be that sophisticated, you can enable and use two factor authentication, which is not foolproof either. But it is a lot harder to infiltrate to two factor authentication. Because these again, for those that don’t know, are basically the ability to send a random kind of like pin generated number through an app or through your phone. And then you enter that as you sign in as a secondary method of verifying who you are. So that’s a nice thing to use, that will help deter different small business attacks.
Julien Phipps 25:43
And also really the use of cloud services because cloud services are generally, you could you could have information in the cloud, but how risky is it in another individuals or another businesses serve. So those can be hacked as well. So understanding the risks of using cloud services for your day to day small business use. I’m talking sometimes about different breaches that occur with larger corporate businesses. It can happen to credit bureaus, and someone. So these things do happen. You just have to be cognizant and careful of where your business is, storing sensitive information.
Julien Phipps 26:27
And I think the last thing that I’ll add to that really is sometimes if a small business doesn’t have the resources to employ their own IT department, you can use sometimes managed IT services and providers. The other thing that I’ve seen as perhaps a bit of a rise in or as a response to some of the challenges that we’re facing right now, in terms of the pandemic is for small businesses, you may want to look at desktop as a service, which is really having basically access to give your employees laptops that are fully secure GDPR compliant for a monthly subscription fee. So, some people say, Well, why would I pay a subscription fee for a laptop? Well, typically, you can buy the laptop probably cheaper than the whole subscription. However, if you don’t have the money to apply for a full IT department to secure all of those laptops and know what you know, the employees are doing on the laptop. You this will also allow you to have control over what programs they have access to. Do you have Microsoft on all of your office on all of your desktops, you know, and all of the different apps and products that you want to have like so Slack, do they have access to this or not? So you’re going to have basically a virtual desktop, secured and GDPR company client for a low monthly subscription fee of like anywhere from perhaps 80 to $100 a month or something like that. And that might be worth it for your business. That way you know that you’re protected.
Christian Klepp 28:14
Right? Well, that was really some great advice and tips and recommendations that you gave there. And this has really been an informative and insightful session. So thank you so much for coming on and sharing.
Julien Phipps 28:26
Christian Klepp 28:27
So what’s the best way for people out there to connect with you?
Julien Phipps 28:31
Yeah, I would be happy to connect either by direct email, we could do that or through business website. So that would be @accellerra.com.
Christian Klepp 28:53
Great. Julien, thanks so much for your time. I really appreciate it. So take care be safe, and I’ll talk to you soon.
Christian Klepp 29:04
Thank you for joining us on this episode of the B2B Marketers on a Mission podcast. To learn more about what we do here EINBLICK, please visit our website at www.einblick.co and be sure to subscribe to the show on iTunes or your favorite podcast player.