In this week's Industrial Talk Podcast, we're talking to Gary Chan, Founder and Information Security Consultant at Alfizo about “How Cybersecurity has changed because of COVID-19”. Get the answers to your “Cybersecurity” questions along with Gray's unique insight on the “How” on this Industrial Talk interview!
You can find out more about Gary and the Alfizo team by the links below. Finally, get your exclusive free access to the Industrial Academy and a series on “Why You Need To Podcast” for Greater Success in 2021. All links designed for keeping you current in this rapidly changing Industrial Market. Learn! Grow! Enjoy!
GARY'S CONTACT INFORMATION:
Personal LinkedIn: https://www.linkedin.com/in/gschan2000/
Company LinkedIn: https://www.linkedin.com/company/alfizo/
Company Website: https://alfizo.com/
Get your FREE Security Awareness Training here: https://start-training.alfizo.com/
THE STRATEGIC REASON “WHY YOU NEED TO PODCAST”:
OTHER GREAT INDUSTRIAL RESOURCES:
CAP Logistics: https://www.caplogistics.com/
Hitachi Vantara: https://www.hitachivantara.com/en-us/home.html
Industrial Marketing Solutions: https://industrialtalk.com/industrial-marketing/
Industrial Academy: https://industrialtalk.com/industrial-academy/
Industrial Dojo: https://industrialtalk.com/industrial_dojo/
Safety With Purpose Podcast: https://safetywithpurpose.com/
YOUR INDUSTRIAL DIGITAL TOOLBOX:
LifterLMS: Get One Month Free for $1 – https://lifterlms.com/
Active Campaign: Active Campaign Link
Social Jukebox: https://www.socialjukebox.com/
Industrial Academy (One Month Free Access And One Free License For Future Industrial Leader):
Business Beatitude the Book
Do you desire a more joy-filled, deeply-enduring sense of accomplishment and success? Live your business the way you want to live with the BUSINESS BEATITUDES…The Bridge connecting sacrifice to success. YOU NEED THE BUSINESS BEATITUDES!
TAP INTO YOUR INDUSTRIAL SOUL, RESERVE YOUR COPY NOW! BE BOLD. BE BRAVE. DARE GREATLY AND CHANGE THE WORLD. GET THE BUSINESS BEATITUDES!
people, gary, hackers, company, security, assessor, businesses, industrial, world, smarter, employees, podcast, locked, hack, training, pretty, cybersecurity, big, endpoint, challenging
Welcome to the industrial talk podcast with Scott MacKenzie. Scott is a passionate industry professional dedicated to transferring cutting edge industry focused innovations and trends while highlighting the men and women who keep the world moving. So put on your hard hat, grab your work boots, and let's go. All right, how you doing this great day, this fine day, this wonderful day to celebrate industrial heroes. That's what this platform is about. You're listening to the industrial talk podcast. And it is brought to you by wonderful people like you. You are bold, you are brave, you dare greatly. you innovate. And you're changing lives, and you're changing the world each and every day. That's why we celebrate you on the industrial talk podcast. Alright, in the hot seat. His name is Gary Chan. And hit the company is Alfizo. Alfizo. A,l,F,I,Z,O, and we're gonna be talking cyber, cyber security, which nobody likes to talk about. But boy with this COVID world. It is a must conversation to have, let's get cracking. Yeah, I just want to let you know that he is smarter than I am. Yeah. I'm not ashamed to say that because he is smarter than I am. I like the conversation of cybersecurity, and especially when we've got this sort of spread out workforce. And we're all just sort of working from our house, and we're trying to get things done. And we're you know, there's a, there's a lot of things that we've got to pay attention to, which we just don't want to pay attention to. And I think one of the things that we need to pay attention to, is, of course, cyber security. And I'm telling you right now, Gary knows his stuff. Boy, does he know his stuff. And it's interesting, because I like having this conversation, but nobody likes to say yeah, I was attacked. Yeah, I had a breach. Yeah. And so, you know, all you can do is just sort of take the conversation, like these are, these are strategies that you can deploy, but just be mindful of it. And definitely, Gary knows exactly what to do, somewhat scary, because he knows what to do. And, but he's a, he's a smart gun cookie. Now, better living through chemicals, that is my position. So I have this pool. And this is just sort of getting off on a tangent, but I have this pool, I had a pump go out. And then here in Louisiana, if you have a pump go out in your pool, it starts to grow algae, very fast. And then finally, right, finally, I get the pump in we have a hurricane, still sort of a mess. So it's green. I was able to find a a flocculant. That is called want to say revive. So if you have a pool out there and it's a little green, use a stuck on flocculent. So what it does, I've just never seen anything like it. It just takes care of that green stuff. It's amazing. And it's not. And it just drops down. You vacuum it up, pool is absolutely clean. Let's celebrate flocculent. So anyway, it's just an interesting story. Now, on the other hand, I did a live and I did a live because it was about webinars and I've got a big beef about webinars and you need to go out there to my LinkedIn account, or you can go online to industrial talk comm listen to it. It's It's good. And I mean, it's good. Because I'm just sort of stating the realities. And we've got to figure this out. As industrial professionals, we got to figure this out and be able to do it in a better way. Because we're losing people. We are we're losing people, people are not paying attention. People are not engaged. And we need to figure that out. Do we continue to just be bringing out these big dog on conference events and hope some people are listening or do we? Do we try to pare it down and be a little bit more targeted and have more engagement? Because really, once again, we'd collaborate and if we can collaborate even virtually collaborating with when people have ideas, we're all better for it, because they're thinking about it. I know I think about it, I know you think about it. So I highly recommend that you listen to that particular podcast, or video, or whatever it is. It's out there and it is alive. And I just sort of Yeah, it was a bit session. That's pretty much it. And then I came up with some solutions because I I've been living through it. Alright, let's get on with the interview. Once again, it's cybersecurity. Right? Let's have this conversation. Let's put our big boys and girl pants on and let's have this conversation. Gary Chan is the gent the company is a fizeau al FZ Oh, and that's that's the domain to I'm surprised If the domain was not taken, that's a joke. Anyway.
He does. And boy, I'll tell you on the forum, I'm looking at the form right here. He's, he's quite thorough. And like I said, he's smarter than I am. And I, I'm okay with that. And then he also gives free stuff out there, it looks like start training, Alfizo.com. I will have that link with his podcasts big time so that you don't have to sit there and try to figure out where to find the guy or you're gonna have it all there. Just go to industrial talk.com reach out to or just type in the search. Gary Chan ch A n, you'll find it you get all the doggone contact information plus his podcast plus his video plus everything else that you can possibly imagine. Alright, let's get on with the interview. Enjoy. Gary Chen. Gary, welcome to the industrial talk podcast absolute honor that you have joined this particular platform, and you're gonna share your Sage cybersecurity advice with the listeners. That's pretty damn cool. How are you doing?
I'm doing very well. Thank you for having me, Scott. Real pleasure.
I love it. I love it. It's a little late at night. But it's a weird time change, by the way. Anyway, I don't care. All right, for the listeners out there. Give us a little 411 give us a little background on who you are and why you're such an incredible professional Gary.
So I'm an Information Security Management Consultant. I earned a bachelor's degree in electrical engineering and computer science from MIT and hold multiple security certifications. I designed and deployed security solutions to state agencies as well as run the Information Security Department for large cap companies have fun fact, almost everyone in the US has used solutions that I've helped design. And today I help executives achieve their business goals that are related to security alone.
Don't go judge. You sort of like reading from a car, don't you? You're just you're rattling that off from a card I can tell. All right.
Well, let's see if I let's see if I correctly predicted stuff. That's right. I'm
gonna I'm gonna make it dance. I'm telling you right now. Now one of the things that I've been struggling not struggling. That's sort of an over exaggeration. But really, we need to talk more, especially now COVID. All the good stuff that when I say good, I mean, just sort of things that we have to deal with in COVID companies trying to, you know, survive, rebuild and prosper. What does that market look like? How do we do it? Where do we stand? And one of the things that people are somewhat reluctant n AR, is to talk a little bit about cyber security, it's either falls into I'm trying to survive, I don't have time to talk about cybersecurity and why that's important. Or I've had problems with cybersecurity, but I don't want to talk about it. So I'm going to ignore it. So both are very much challenging. But I'm interested in talking to you today about cybersecurity, and what's taking place in the COVID-19 world. Can you just sort of lay things out? And what's happening?
Well, yeah, no, it's pretty quite interesting. Whenever all the businesses shut down back in March, basically, cyber went away. In fact, a lot of my colleagues unfortunately got laid off. For good. Yeah, no, it's not good at all. Um, so businesses said, Oh, well, I got I got a, you know, I got nothing to protect, so don't need it. But then I think probably like late summer, you know, people just been banging down the door, I mean, just doesn't stop. Because basically, everyone sort of shut down their security over the summer, and then they realized that they kind of needed so. So I think it sort of went really way down. But then it went way back up. And I think the markets really, really changed. Just, you know, high level employee employees have now working from home, so it's different in plays using internet a lot more.
Those are, those are challenging little areas that you got to try to manage. that's for damn sure.
Yeah, definitely a lot of change a lot of change. So why?
Well, you know, you had the COVID, boom, hit, you gotta shut down, you got to adjust. You got to sort of change the way you do business. It happens. People start coming back, you still have that remote workforce? How come all of a sudden businesses said I need to do this what what was taking place in the in the world at the time? Now it's obvious,
right? Well, I think it's basically, you know, so let's look at it from the hacker standpoint, right? So we got to look at it, really from that standpoint. So what what you've got, if you've got people working from home, you're now using internet more. They don't have as much security there. I can still steal the same amount of stuff. It's now easier to steal it. The police do. Yeah, they're not really looking as hard for this because, you know, they're really busy doing other stuff right now. So if I get caught, I'm probably not going to get penalized. So, you know, it just makes a lot of sense for me to hack size. And so
Gree that is a really interesting problem statement. Yeah. Continue.
I'm sorry. Yeah, I agree. Yeah, no. So exactly it right. So the calculus has changed for the hackers. It's now more valuable. And the cost is much lower. So I'm going to hack. And so basically, businesses, a lot of them been breached, you know, over the past several months over COVID. Like, if you look, if you just do a search on the internet, I know it didn't make the news very much. Because COVID has been basically the front page news. But every company's being hacked left and right, because a calculus change for the hackers.
Come on, you just like, okay, so you're at your office you're on and you've got some sort of level control at it. And it's sort of your office, your brick and mortar setup, it's all there. And then all of a sudden, everybody just goes on home. I've got my Wi Fi, I'm just I'm just having a grand old time. Still got to get stuff done. Right. But the hackers know that.
Tell me, tell me why. Hackers do what they do. I don't get it. I just, it's like, it's like doing what? I don't get it. Just psychologically, really money.
It's just money. I mean, come on. So it you know, you can either let's say you want to rob a bank, right? So in the past, you would like to get a you know, get a gun and go go into the thing. You'd have to it's all this do crazy stuff, right? Maybe Maybe you watch Ocean's 11, or whatever, right. But there's a there's stuff you can do there. But now I can just do it, like in my basement. Like, I can just do it there and I can steal, like, imagine how much you basically need to get a truck, if you're going to steal like a million. You know, what, $10 million? You need a truck, right? I mean, I can steal $10 million by pressing a few buttons. Um, I mean, yes, it's more skill required. But I mean, I don't need a truck i can i can be halfway across the world where you know where they're going to do, right, if I'm not in a country that can be extradited to the US. So it just makes a lot of sense.
And, yeah, so there's the financial, there's the fact that it's pretty challenging also to to run these individuals down, right? It can be, I mean, how many, I mean, you're looking at a bunch of people out there in this whole world. And, and many of them are trying to break in. And it's hard. It's hard. It's not to people, it's 1000s, that are trying to, you know, break into your systems. Now, with that said, I think that's a really interesting problem statement. Now, with that said, me as a company, I'm not going back to my office, it is what it is. I mean, right now, we're all just sort of hunkered down in our basements, whatever you want to call this home, and we're hunkered down. What can I do as a business? Because I'm pretty vulnerable right. Now,
what do I need to do? So you can do a couple of things. One is focus on Endpoint Protection. So whatever it is that the employees have at their house, you'll want to protect it there rather than on the network, which is what companies used to do, which was do a lot of protection on the network. And secondly, I would just one second, define endpoint. What is that? Oh, so like your mobile phone, your laptop, right? Make sure that you have antivirus on there, make sure you've got other types of software that will help make sure that you're not losing data or you know, getting out malicious malware and stuff like that. Yeah, sure. Yeah. And I think a second thing that a lot of companies could be doing, which is actually really cheap to do, but they just don't do it is security awareness training. So I know that everybody says, Oh, yeah, I've got my security awareness training. I make everybody watch this, you know, 30 minute video once a year. And I gotta tell you, most people, do they just sort of click play. It runs in the background, and they're done.
Alright, I get to watch the security better. I'm better take notes. I'm better grab my notebook. Take notes. Really? Oh, yeah. Important point. Oh, no, they're not doing that.
No, I want it. I want to tell you. Exactly. I want to tell you a fun story. Actually. Yeah. So there was this there was this company that, you know, I was asked to, you know, just do I just sort of a fishing exercise, right. So I sent phishing emails to everybody. And then afterwards, you know, I said, Hey, you know, what do you think the, you know, what do you think the percentage of people that clicked on the email, link and gave me their username and password? And the answer was 25%. I like a percentage of you gave it to me, right? And, and I'm like, so, so you want to get, you know, security training, right. And so, so basically, the company's like, yeah, we want to do this. And so we, we did it, we had it, everybody went through training, they all did that. And then the next year did the same thing. So I said, you know, okay, look, you know, some of you might be new people, but but here's what happened. 25% you all got training. So how many of you think that you're like, way better than you were last year? And And like every Buddy rose their hand. Smart. Yeah. So I how many you think this year? Right? Everybody gets the lower number i was i actually this year 50% No, it's true. 80% I know. I was like, because every one of you thought that you were better. So now like you weren't. The thing is, is that I got new tools, I started getting better at fishing people. And everybody basically stayed where they were. And so, you know, it's, it's pretty funny that you can you can craft stuff like if the world cop, you can just use your whatever it is that they click on it. Oh, they see that.
It's like that, that is? So what did the executive think about that?
Well, I didn't, you know, I, he wasn't too happy with it, but
like, what it is?
Okay, so outside of the fact that I'd be happy on so we got, we've got an endpoint, you know, locked down, make sure that that's pretty secure. And then we've got to do some training, what else do I need to do to make sure now I'm at home, I'm still at home and might go on forever? I might become lazy, whatever it might be? What else can I do to help? You know, secure my my systems?
Why, if you're the company, sort of executive I think hiring an external assessor to come in and just take a look. I think that'll be really helpful. Oh, he may not? I don't know how big the company is. Obviously, I didn't. Yeah, for your list of
companies, different companies big, big, huge. I don't I just do this for for fun.
I believe the last but I do believe you do it for fun. I do. So But anyway, you know, you can hire an assessor to go in and take a look. And then that person would probably be able to give you much better, more specific advice based upon your organization size, what your hackers are doing things like that, it's got to be more challenging,
if I like that, okay. I mean, I, I'm all about collaborating, I'm all about finding the right people to do the right things, and especially now, but as your workforce is all just disconnected, it's all you know, spread around wherever and whatever that assessing makes it it's, it's even more challenging, correct.
Yeah, it is. Yeah, but what's what's good is that if your organization, you know, has it systematized where everything's repeatable, then you really only need to assess a few people, and then just see kind of, you know what they're doing, because basically, everyone else is probably doing very similar stuff. And then, depending upon what you roll out, you can, you can see, you know what, you can actually even just see it all from my basement and just see what everyone's doing without actually talking with anybody, right? Because if you interview people and ask them what they're doing, one, they're gonna lie to you. And two, they're gonna forget. And so they probably don't remember half the things that they did, but you can actually just see what
I laughing about the whole thing. But you know what it is? If I was a hacker, this is like, wow, this is an exciting time for me. Because Because what you have to as the end user, there's a there's a level of uncertainty. So I'm not as focused possibly. I might be doing. I don't know, there's just some more emotional challenges that I'm dealing with. Right. And so I would imagine if I focused hackers, but I'm locked out, so don't even think about it on the podcast. I'm locked down you, hacker. But yeah, I keep everything I do. As much as I possibly can. I do go don't boy, oh, am I opening myself up for problems? I'm not going
well, I hope that you are locking it down properly. I did have one executive tell me he was totally secure. And he was very serious. He showed me the lock that he put on his computer.
Different types of supply a different type. Yeah, they're not stealing it. Wink nudge nudge? Yeah, you keep locking that down. So now we have the external assessor. What else can I do is that, I mean, I would imagine if I'm looking at a pie, and I'm actively locking down that endpoint. I am doing some training, real training. And you businesses out there, have your employees focus and understand because there, there's some crafty people out there. And then having that external assessor to be able to say, Hey, you know, it's it's red, light, yellow, green light, you're good, whatever, have that type of thing. What else are we missing here?
I think that's really what the company should be doing. I, I mean, I can give you a laundry list of like 100 or 200 different things, but I'm going to tell you, you're not going to pay attention to it. So you might as well just hit the big targets out. Yeah. And that's really what it's gonna be like this is going to get you the 70 80% of the way there.
So you know, Like that, I like that in energy. And then you can get there, have that reinforcement of the training, keep current, keep assessing, and keep moving forward. And and eventually, you could probably chip away at, let's say, 30, the remaining 30% in some way, shape or form. But you don't have to bog people down, you pretty much feel pretty good about the security situation.
I'm just gonna mention one thing. Yeah, you actually don't need to get to 100. Because frankly, there's so many businesses that are like worse than you that it's the hackers are just going to go get to those people. So if you do that, if you do these three things, you're actually going to be pretty good.
Gary, you're a bit scary. You're both scary for me, just FYI. Because that's exactly what people would do. Try to get in can't go over here can Ah, here we go.
Yeah, that's right.
Yeah, I I hear you like yesterday's news. Definitely big time. So what's the biggest roadblock? What are we talking about? This is all great. It's all great stuff. But it's not once again, it's not, you know, cotton candy and lollipops and pink elephants out there. What's the biggest roadblock for this?
I think the biggest roadblock is people's understanding that just because they don't see an issue doesn't mean that there isn't one. So usually companies only budget for things that they perceive. And if they don't perceive that they're being hacked, like I constantly hear that, oh, Gary, we're fine. We're fine. We've we've we have no issues here. I'm like, Well, have you looked? No. But I don't need to I I know. Right? And and then like, I get a phone call, like, you know, it probably isn't gonna be tomorrow or even the next week, but like, six months later, they're gonna they're gonna call me. So yeah. Because they didn't look. But but but then they find out, you know, some money's missing from the bank account.
So yeah, he's coming in with a banner saying, Hey, I'm hacking. Yeah, hey, you know, of course, they're not gonna sit there, they're gonna be pretty, pretty shifty. on it. I like that. But so it's really it always gets down to the human side, doesn't it? I mean, you can technically, you know, the technology, you get the right people in place, but you get the technology and you line that up, right? You're pretty good. It always gets down to humans. It always gets down to the culture, the humans of the, of the organization. So
I got it, baby. So I'll mention a couple of things on that. Is lose, lose. So I so you know, whenever the company's first shut down, I think about the march april timeframe. Yeah, we can actually measure how many people were copying out data to external hard drives at home company data to the external hard drives that went up by 123%. Just in like, the four weeks whenever the company shut down, because everyone thought they were going to be laid off. And then they started stealing. So that's kind of interesting.
Interesting, all right. I didn't know that.
Yeah. Oh, and and just another one, too. So um, you know, it's if you're a hacker, you can do a couple things. One is you can actually try to break into the systems. Another thing is you can just bribe an employee. So if I, if I were to like, well, I shouldn't use me as an evil, I would never do this, of course. But what some hackers do is they will, if they want to install ransomware, what they'll actually do is they'll contact someone either through LinkedIn or what they just find somebody who works there. And they will be like, Hey, man, what if you just I send you an email, and you double click on this, your company gets infected, and I'll pay you some of that money that the company pays out. And you It looks like you just click the link like it's, you know, you'll keep your job. Do you know how much they offer for like, if you're like a fortune 500 company by how much the average offer for you to click on? That is? No 500,000 to $1 million?
Yeah. It's crazy. Because if they do click, and you can think of all of the company I won't, I won't, I won't name any companies on this show, but you can just look them up. And they are paying millions of dollars for this ransomware. So if they just have to pay you
out, that is not illegal.
Of course, it's illegal.
This ransomware thing is like, come on.
Yeah, it's of course, it's illegal. But imagine how many people will be willing to click for half a million dollars.
I'm gonna go curl up in a ball right now just because I'm afraid. I'm a feared. Alright. With that said, I'm looking at your form that you filled up, which is quite extensive, by the way, very well laid out. It's almost like a dissertation in cybersecurity, and I have it, but you've got a sort of a giveaway. Give us a little talk a little bit about that giveaway, because now I'm nervous and I need to talk to you.
Alright, well, I just want everyone to have an opportunity to you know, just if they want to give Employees some training, I have a freemium product there. It's a start dash training dot L fizeau. Al fzo.com. Basically, you can sign up, you can have all of your employees kind of watch a bunch of security videos. They're all very short, about a minute each. So you can, you can just watch a couple and then stop or whatever, it'll just help, right. And the average person, average company can just do it, it's free, you don't have to pay for anything. And it I think it'll help a lot with the security posture of your company, especially
like that. Like, can you give us a little background on l fizeau? The name?
Oh, I want to I want to. So
I spent a couple of months just trying to think of a company name, something that started with an A, so it showed up towards the beginning alphabetically, something that I could trademark, so it is trademark. And something that was fairly easy to spell something that I could get the phone number for. So nine to nine. So the URL, yep. So I had a bunch of requirements and that that fit the cake. I love it.
Because I'll tell you right now, there are people that have these lengthy URLs, and it's like, Huh, I can't I can spell it. My fat fingers can't type it. And I'm not sending you an email.
Yep. Yeah, it's
the way it is. All right. Are you active out there on LinkedIn?
I am. So linkedin.com forward slash in slash GS Chad 2000. It is.
So Gary s Chan. That's cool. He's got mad skills out there. MIT University. He comes. He went to schools that have no football. That's what I say.
I don't know football, but but a growing team.
Very good. Very good. All right, you guys got to reach out you will not be disappointed. I'm telling you. This was a great conversation. Don't lollygag hear the information reach out to Gary in a big doggone way. Gary, thank you very much for joining the industrial talk podcast. You were an absolute wonderful guy.
A real pleasure to be here. Thanks by Scott.
And thank you for what you do. I mean, that's that's a labor of love. It's a labor of love.
Well, thank you and I love listening to your podcast. I just the energy out here is fantastic. Dad's energy.
Alright listeners, we're gonna wrap it up on the other side, you know that I'm gonna have that list, or no that link, as per Gary's request, you got to do that. Just do it. Alright, stay tuned. We'll be right back. You're listening to the industrial talk Podcast Network.
All right. What did I tell you about Gary? Gary? Once again, Gary's is a smarter than I am. And he and he's really you can tell how passionate he is about this. And I'm glad we have people like Gary because he is passionate. He is really there to help us succeed, and be able to protect us from stinking nefarious people who don't care about you. And they don't care about you. They want to take your stuff. They don't want you to know about it. They're nasty people and Gary's there to help you with those nasty people. Alright, again, I want you to go out there. Let's build on this webinar concept. I'm going to be doing a live tomorrow. No Wednesday, email, I'll send it out there. Anyway, we're gonna be talking and then we're going to start venturing into sales, marketing, especially in this particular environment. I want you to be bold, do not get back. Do not pull back. I want you to be brave. I want you to dare greatly. And I want you to do with speed and tenacity and hang out with people who are bold and brave and daring greatly. You roll the change in a jet frickin Second. All right, thank you very much for joining. We have another great interview right around the corner. Thank you for joining the industrial talk podcast. We will be right back.