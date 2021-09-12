Don’t skimp on security, use specialists.

As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Vasiliy Ivanov, the founder and CEO of KeepSolid. KeepSolid is an international product development company that builds cloud-based security and productivity solutions for more than 25 million global customers. Some of the most popular products developed by KeepSolid include VPN Unlimited, Smart DNS, Passwarden, and others.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

Back during my childhood, computers were still a rare thing to see. Perhaps the lack of a computer in the house is what encouraged me to explore the world around me — and as I did so, I quickly realized that I liked to create. It didn’t matter what it was, so long as there was a process to it. Much later, I realized that the pleasure of the process and the joy of the result were the two forces that had drawn me to technology.

By the time I’d reached the end of high school, I had a computer and was able to study it: how it was set up, how to create programs, what the possibilities and the dangers were. Then, once I went to university, I began learning about software development technology, servers, websites, etc. And I started experimenting.

Perhaps this desire to experiment and obtain results is what I ultimately owe the creation of the company to, because when we were first starting out, absolutely all the knowledge of all areas of development came in handy, which enabled us to release our first products, build dashboards to monitor the commercial status of products, and create channels for communication with users.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I got my first computer when I was 13. At first, I was mostly interested in playing video games; by the end of school, however, I became more interested in creating something, rather than simply consuming content. I started out with various kinds of design, producing electronic music, coding, etc. During my years at the university, I realized that I didn’t have enough knowledge to do what I wanted, so my next step was getting a job in a company developing graphic products. It was an interesting experience. I learned the basics of software development and decided to begin creating my own startups. There were multiple attempts made, and each one taught me valuable lessons. I started to better understand just what kind of business partners I wanted to have, and what kind of projects I wanted to do. Eventually, I founded KeepSolid.

Can you share the most interesting story that happened to you since you began this fascinating career?

This story may be of interest to executives who are doubting whether they should run fast or proceed with caution. In the time since I was 20 years old up until now, I have come up with an idea at least 5 times, all of which had — at this point — been very new. I’m not assigning primacy to myself, I just want to say that new ideas often come to many people at once, simply thanks to reading literature and news.

But at the time, since I was unaccustomed to acting quickly, these ideas would come out much earlier from other nimbler, more well-known companies. In fact, Microsoft even released something once that my team and I had already been doing for about a year.

Coming in second place, and even with a paltry advertising budget, is always a failure. I want to advise those executives who implement their ideas that they should strive to become the first. If you cannot make a quality product, do not procrastinate. It is better to have your product out, start collecting some feedback about it and then gradually improve it, than it is to take a long time perfecting it and being the last to release it.

None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?

My wife is definitely such a person for me. She always supports me in my endeavors, no matter how risky they may seem. She has an analytical mindset, which is helpful in discussing problems and finding solutions.

Are you working on any exciting new projects now? How do you think that will help people?

The main focus of my attention right now is MonoDefense — a suite of Internet security products. We have recently released another product within this package — DNS Firewall, which will allow us to filter traffic and cut off malicious page downloads while they are still being processed by our server. Thus, harmful content will not even reach our users’ devices.

What advice would you give to your colleagues to help them to thrive and not “burn out”?

Try to eliminate from your life everything that keeps you down, such as people who make you feel bad or stressed-out. Burnout is something which may happen when you feel as if you are being ineffective, or you put a lot of effort into something that produces a small result. Try not to remain in these sorts of situations.

It is also important for a successful leader to have some hobbies that help them direct their attention to things other than work, so that they can later be able to look at their work tasks with a fresh viewpoint.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?

I would probably put the problem of user data accessibility first. Nowadays, it is very easy to collect information about a person from public sources and then influence them for profit. For example: in some countries, it is now possible to use someone’s license plate number to find the owner’s name and their place of residence. Then, it is not going to be difficult to find out their interests or family composition through social networks. From there, everything depends on the intruder’s imagination. In Ukraine — where one of our offices is located — there are often even simpler situations: parents might receive a call from an unknown number and hear a voice on the other side like a child’s saying, “Mom, I’m in the hospital, and I urgently need you to transfer me money, I will send you the account number now.”

The second problem to consider is the employment of teenagers. When they have a mentor, they’re learning technology to create value, in contrast to when they’re on their own, in which some will start looking for unethical ways to use technology. Some may do this just to play around, whereas others might choose to do it for profit. And here, I want to draw parents’ attention to the need for keeping their children occupied. If they have a goal that you can help them identify, then they are more likely to choose the path of creation.

And rounding out in third place, I want to mention the influence that states have on cybersecurity. While the desire of some authoritarian regimes to know everything about their citizens is something which cannot be changed quickly, giving people access to free information is something we certainly can do via one of the products we are currently developing, VPN Unlimited.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?

The security of the data that companies store or transmit over the Internet remains an urgent threat. The situation becomes even worse when it is the data of the company’s customers. I believe that companies do not need to skimp on IT specialists, and that they need to make sure their data is secure.

In the case of companies influenced by authoritarian regimes, there is also a solution — if possible — to move their repositories to territories where the rule of law applies, and then access them through secure connections.

Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

I guess I don’t have any interesting stories in that regard, because in the case of our product VPN Unlimited, we don’t deal with users’ private data, we have no logging on servers, and even I can’t know who — and how — our product helped avoid fraud or other unpleasant situations on the Internet.

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

First of all, it’s a VPN. In my case, I use our product VPN Unlimited, which helps both protect your data and improve the product based on your personal experience with it.

Second, complexity and the way that passwords are stored can be provided by password managers. There are a lot of offers on the market now, and it has even become a standard feature in browsers. For our part, we have added a password manager of our own to our suite of security products. It’s called Passwarden. Using a password manager will enable you to create complex passwords that are unique to each account and then never forget them.

It is also sometimes worth using resources that allow you to check whether an email appears among the compromised databases.

And of course, don’t forget about the security of the devices themselves. On phones and computers alike, it is a good idea to set a password (not “1111” or “1234”, but rather a really complicated password). On the computer, choose a short screensaver trigger time and the option to “exit the screensaver only by password”, or simply lock the computer after a few minutes of inactivity. If the device allows it, then you can enable disk encryption.

Remember to set up two-factor authentication for those services too, where possible. Even better if this is done via an authenticator application or a key.

How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter”software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?

I think that if we’re talking about only the company’s own data, then that moment comes when the executives themselves feel that their information already has market value.

When a company stores customer data, that moment comes with the first customer.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?

I think one indication might be a flood of emails, texts or other messages to an address that should not have received spam or inappropriate offers.

You can subscribe to news about the company where you keep your data, and be one of the first to hear from the media about problems. You can do this through some online magazine, or otherwise set up Google Alerts.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

The first thing they should do is notify customers so that they can react. For example, if bank card data were leaked, informed users could have time to block their cards at the bank before criminals got the chance to write off money from their cards.

Second, the company itself can turn to the state authorities to help resolve the situation, find the fraudsters, and resolve the incident.

How have recent privacy measures like The California Consumer Privacy Act (CCPA), CPRA GDPR and other related laws affected your business? How do you think they might affect business in general?

The main thing that we have felt is a little bit of a problem in the area of marketing and product development, as these documents obligate us to provide additional features for data processing and storage for users from different parts of the world. Otherwise, a person’s desire to remove all of their data from the company’s database is quite understandable, and I support that.

What are the most common data security and cybersecurity mistakes you have seen companies make?

Local companies often store customer data in the open or in spreadsheets and have wide access rights.

Another common situation is one in which an employee who works with customer data might take a laptop home with him. At the same time, however, such a laptop may be completely unprotected against theft and hacking.

As we said above, some companies simply do not involve professionals in security and do not provide the proper level of data security.

Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?

I don’t think the number of errors has changed. Once people left to work remotely, they continued to use the same technology that they were using before. It is probable that the number of errors could have increased only at the expense of those local companies that hadn’t been working online at all, but were forced to start.

I see more fun than danger in this situation. For example, jackets and shirts started selling a lot more than pants during this time. Indeed, why do you need a full suit when the conference takes place via Zoom or Skype? 🙂

Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)

Don’t skimp on security, use specialists. Use up-to-date technology — which is also updated regularly — that quickly fixes any vulnerabilities you may find. Issue administrative rules for all employees describing device password requirements, computer lockout rules, rules for handling customer data, and rules for interacting with unauthorized people. Set up disk encryption and two-factor authorizations. Switch the office WiFi to certificate encryption (WPE).

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂

I like to invest in education. It is important to get the student interested in what they are learning about, and help them get some practical experience in addition to the theory. They have to be excited by the idea of creation to change the world around them. Our company is very involved with the students, because they are the ones who are going to be changing the world tomorrow. This is an endeavor I am certainly planning to continue in the future.

