Get the basics right. Ensure you have strong passwords, unique for each site, and don’t share them with other people; install Windows updates; enable two-factor authentication. Do the simple things that you know but perhaps don’t take seriously enough.
Talk about cybersecurity regularly — don’t hide from the techies! The threats are always growing. Years ago it was mostly IT geeks and they really weren’t interested in stealing your data, they just liked to see if they could hack something. Now it has become a serious, criminal, commercial enterprise and you need to know what’s happening.
As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Ashley Pollak, co-founder of Cyber Alarm, a cybersecurity platform designed for SMEs like his other two businesses — a gardening delivery service and video agency.
Cyber Alarm is a cybersecurity startup. After Ashley’s business ETIO was hacked he realized that, as an SME, there wasn’t much out there to help him. Working with his business partner Dominic Aslan, a board level IT specialist, he has developed a platform to alert you when you have been hacked or when you are vulnerable to a cyberattack.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Before we dig in, can you tell us a bit about how you grew up?
Entrepreneurship has been an underlying theme of my life. Both my parents worked for themselves and there have been various smaller ventures that I’ve tried my hand at. My career to date has been in marketing & content, which I’ve really loved because I’ve worked with such a diverse range of clients. More recently I have taken that experience into my work building and growing Cyber Alarm.
Is there a particular story that inspired you to pursue a career in cybersecurity?
I developed a more serious interest in cybersecurity when my video agency was hacked. Suddenly I saw the consequences of a business like mine being attacked. This experience revealed to me the vulnerability of small businesses like mine.
Around the same Dominic, my business partner and Cyber Alarm’s co-founder, noticed that smaller businesses were suffering cyberattacks and facing many of the same challenges as the big businesses he worked at as Chief Technical Officer. Together we developed his vision of a platform that makes cybersecurity simple for businesses like mine. And so the idea behind Cyber Alarm was born…
Can you share the most interesting story that’s happened to you since you began this fascinating career?
My interest in cybersecurity developed out of my experience of the impact of an attack. The most exciting thing for me has been working with a great team to take that problem and build an effective solution to it.
Is there a particular person to whom you are grateful for helping you to get to where you are? Can you share a story about that?
I couldn’t have got to where I am now in developing my expertise in cybersecurity without my business partners Matt & Dominic. Their depth of experience has taken me in the last year from being a cyber novice to really understanding the nuts and bolts of making small businesses more secure.
Are you working on any exciting new projects?
We are ready to launch Cyber Alarm within the next month! Matt, our technical lead and co-founder, has been working obsessively on creating a fantastic product; Dominic has been following through on his vision; I’ve been working on the consumer experience. We’re really excited about changing perceptions of cybersecurity for small business owners and revealing to them that our service is a solution. It’s a service that alerts you when you’ve been hacked, or when you’re vulnerable to being hacked, and tells you in straightforward terms what you can do about it. For a reasonable monthly fee, Cyber Alarm watches your back, which is why we describe our service as ‘your burglar alarm for the internet’.
What advice would you give to colleagues to help them to thrive and not burn out?
It has been fabulous working with great co-founders and going on a journey together. We have taken our different areas of expertise and created something greater than the sum of its parts. There are challenges in building a new business, especially when you’re building something from scratch and you’re putting your own money into it. The support of your co-founders, alongside having a healthy balance in life, exercising and eating well, is key.
Now let’s shift to the main focus. The cybersecurity industry today is an exciting arena. What excites you most about the cybersecurity industry?
What interests me most with the cybersecurity industry is the surging number of cyberattacks on small businesses during the coronavirus pandemic, and the dawning realisation of business owners that this problem is going to affect them. We want to be part of the process of educating and supporting people through this.
The pandemic has transformed the working environment and forced people to accept the absence of corporate firewalls and secure office IT systems. Now everything needs to work from everywhere and data has to be accessible on any device. Cybersecurity has to get ahead of this. Regulators and lawmakers aren’t going to accept the reduced protection of private data, and companies aren’t going to risk it either, so businesses need tools and techniques to facilitate this new remote world.
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?
During the lockdown criminals have been learning new skills to be able to take advantage of people, not by stealing in person, but by stealing over the internet. The consequent growth in cyberattacks has been covered in the press. However, the solutions to this issue are less widely discussed. The reality is that many cyberattacks are not complicated. They don’t require complex knowledge. They often involve simple techniques, like sabotaging passwords using brute-force tools, which can pose an instant threat to anyone using insecure passwords. These threats can be managed by taking your cybersecurity seriously and preparing adequately.
Do you have a story from your experience about a cybersecurity breach that helped you help fix or stop? What were the main takeaways?
I’m not an IT expert so my experience of a hack is very personal. My main takeaway from the cyberattack which my video agency suffered, was that anyone can be a victim. Actually, small businesses are easy targets because they often don’t have adequate security in place.
What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?
Obviously Cyber Alarm to monitor my internet assets! But also Microsoft Authenticator. It’s so much easier for me to use this than multi-factor verification by text message. This will become very important as almost everyone uses multi-factor authentication now.
How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter” software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?
Many people who outsource their security think they are safe because they pay a company to deal with it for them. This could give a false sense of security. There has to be a level of commitment to cybersecurity from someone in your team. It’s your business and it will be your responsibility to deal with the aftermath of a cyberattack so make sure you are prepared.
Making cybersecurity a regular topic of discussion needn’t take a lot of time, but you need to help your team to understand the small changes in actions/behaviour can have a significant positive impact on. Once everyone is on the same page, then you can ask sensible questions, you can hire someone to get it done, or you can outsource its implementation.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can look for that indicate something might be amiss?
Cyber Alarm has hundreds of checks that it runs constantly to look for areas where a business might be hacked. Hackers are always looking for vulnerabilities to exploit. But, keeping an eye on your web analytics for a sudden change in user behaviour or traffic is an easy way to spot any security risks. It’s also important to ensure your systems are up to date. Don’t ignore the little red dots on your icons that notify you of an update. Finally, listen to your clients and partners. Often they will be the first to spot that you’ve been hacked if they receive a strange message from you. Don’t brush it off. Check it and investigate.
After a company is made aware of a data breach, what are the most important things they should do to protect themselves further, as well as protect their customers.
Your key responsibility is in being transparent with both your customers and authorities so that those affected can mitigate any further issues. GDPR laws require you to notify relevant authorities within 72 hours and you should inform customers without delay. Your next top priority is to urgently try to find out how it happened and fix whatever vulnerability allowed a hacker to steal your data. This could be as simple as changing your password or adding two-factor authentication, or it could require upgrading software.
Have the recent privacy laws, such as the California Consumer Privacy Act and GDPR-related laws affected your business?
The recent privacy laws have inspired us to build a tool designed 100% to address the risk of a data breach and falling foul of GDPR. One of Cyber Alarm’s features lets you add a fake entry to your company’s database. This is useful because if this fake entry is ever activated, you’ll know that your database has been attacked and that the data has been compromised. When this happens, we’ll alert you and give you some information as to how, when and where the data was stolen. Having our system in place gives you peace of mind that your customers’ data is protected.
Since the pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors?
Working from home, especially for small businesses, limits your control over individual computers. That opens up a lot of vulnerabilities. Cyber Alarm is ideal for the future of remote working, because our service is focused on the cloud and anything associated with your domain, hosting, website, or emails.
Here is the main question. What are the five things every company needs to need to tighten up in its approach to data privacy and cybersecurity?
- Get the basics right. Ensure you have strong passwords, unique for each site, and don’t share them with other people; install Windows updates; enable two-factor authentication. Do the simple things that you know but perhaps don’t take seriously enough.
- Talk about cybersecurity regularly — don’t hide from the techies! The threats are always growing. Years ago it was mostly IT geeks and they really weren’t interested in stealing your data, they just liked to see if they could hack something. Now it has become a serious, criminal, commercial enterprise and you need to know what’s happening.
- Educate your staff — no tool can protect against staff who make legitimate mistakes. The easiest and most common breach is a social engineering attack. Instead of involving computers or tech skills, it’s humans persuading other humans to do something, for example pretending to be the boss and asking the IT team to reset the password that ‘you’ forgot. So, train your staff to be on the lookout for the common types of attack.
- Know what data and IT systems you have and make sure that you are watching them all the time. Would you go years without looking at your bank account? I doubt it. So, don’t forget to regularly check the data that your clients have entrusted to you.
- While everything is calm and quiet, make a plan. Make sure you know your passwords for your systems and you know who to call when an emergency hits!
You are a person of enormous influence. (Why thank you). If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be?
In terms of making a difference in the world, with Cyber Alarm we’re aiming to reduce the stress and the pressure of having a cyberattack, so that has hopefully done some good! A little break from cybersecurity, my father is a hundred years old this year and he loves classical music but hasn’t been to a concert for years. So, I thought there are all these musicians that can’t go and perform, wouldn’t it be nice if I could hire a violinist to go and perform for my father. So I did! I found an amazing violinist who has performed at the Royal Albert Hall for the Queen and for various luminaries. I paid them £100 to come and do what they do best and to spread some joy to someone who’s usually quite isolated.
That made me think about the mechanism for turning something like that into a charitable enterprise whereby out of work musicians are connected with isolated people(if anyone is interested in helping make that happen then get in touch!). In terms of inspiring a movement, it’s about getting out and doing it. It can’t just stay as an idea. We’ve seen that with a lot of movements recently, whether it’s Black Lives Matter or the Me Too movement. It’s about creating something and running with it. That’s the most important thing.
How can our readers follow your work?
We also have a podcast called ‘cybersecurity demystified’ — https://spoti.fi/3lhi2Mg