Practice good cyber hygiene. Security should be something that becomes part of your routine business. Use VPN, anti-virus and good security controls.
Prepare for the worst. It’s not ‘if’ something will happen but rather ‘when’ something will happen, so be prepared. Have backups, practice your incident response plan and have a business continuity plan so you are ready for that day. An example is Capital One, which did a great job taking an email into an incident and response.
Know your supply chain. Most cyber incidents happen because of the companies you work with, so have a good third-party plan and make sure that you don’t compromise on the security standards of your partners and that they take it as seriously as you do.
As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Dexter Caffey, Founder & CEO of Smart Eye Technology, a screen privacy and document security platform that uses multilevel biometric authentication to allow users to share and access files securely. He brings a unique perspective on how businesses and consumers can protect their sensitive documents and data from cybercriminals and fraudsters. Before founding Smart Eye, Caffey spent 20 years providing Institutional Hedging for major publicly traded companies through his futures and options brokerage firm, Caffey Investment Group, Inc. He received a bachelor’s degree in business finance from Youngstown State University.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
Thank you for inviting me and I’m excited to be a part of this interview series. I grew up in Youngstown, Ohio. While many people associate Youngstown and the surrounding region with steel production, it also boasts a history of entrepreneurism. Good Humor ice cream was started there and the first Arby’s restaurant was opened just outside the city. When I was a young kid, my father encouraged my brother and I to sell local the local newspaper. He thought it would be a great way not just to earn some money, but to learn how to be out there speaking with people, listening to them and learning about what it takes to provide good customer service and hold down a job. This experience at such a young age really left an impression on me and fueled my interest in business. Ever since then I’ve had an entrepreneurial spirit which led me to where I am today.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
Actually, I didn’t initially set out to work in cybersecurity. In college at Youngstown State I studied business and finance and that led me to my first career where I founded an investment company called Caffey Investment Group, an alternative investment firm. My clients were Fortune 500 institutional investors and serving their needs was my focus for 20 years. I’d like to think that some of what I learned selling newspapers as a kid and focusing on customer service set me up for success with Caffey Investment Group. It wasn’t until later in my career that I got into the cybersecurity industry and founded my next company, Smart Eye Technology.
Can you share the most interesting story that happened to you since you began this fascinating career?
My most fascinating story is what inspired me to embark upon this career path. I was at a cybersecurity conference in Israel in 2017 and was sitting next to one of the cybersecurity experts there. As we were talking, I realized I could see confidential documents on his laptop. I asked myself, “Why is it that I can see confidential documents on this person’s laptop? It’s none of my business. How can I protect confidential documents on my screen? How can anyone protect their documents?”
When I got back from Israel, I couldn’t stop thinking about the larger security implications of shoulder surfing and screen peeking. I wondered why no one had created a technology that would make documents visible only to the intended viewer and block anyone else from viewing documents on your screen. Then I started doing research and talking to some cybersecurity experts I met in Israel and they said there really was no digital solution out there to ensure screen privacy. I was then introduced to a technology firm in Israel, and I gave them a project to help me come up with a way to use biometrics to solve this problem. After months of research, a solution was developed that would become the genesis of Smart Eye Technology.
None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
My father had the biggest impact on my life. He taught me how to deal with and listen to people. I learned how to respect people for who they are and to really get to know people on a personal level. I remember going to meetings with my dad and he always would talk to everyone. There were so many times that I remember where he took time to listen to their stories. I learned that listening is a key ingredient to success. He taught me that even if you don’t agree, just listen to what others are saying because you could learn a lot.
Are you working on any exciting new projects now? How do you think that will help people?
Yes! Thank you for asking. We launched the Smart Eye Technology platform first as a mobile app in the Apple IOS and Google Play stores this past July. We are in the process of finalizing our web app version which should be out before the end of the year. This web version will have an enterprise-level control panel for businesses to monitor, in-real-time, all documents shared within their organization and with other organizations they have approved to communicate with in the platform. The control panel enables governance and complete transparency over key business assets, confidential information and intellectual property shared over the platform. It will help to proactively identify potential internal leaks and threats and help to prevent data breaches, document loss, wire fraud, and so much more.
What advice would you give to your colleagues to help them to thrive and not “burn out”?
The technology world, especially cybersecurity, is a rapidly evolving industry. It also requires non-stop vigilance. So, this is a very pressure-laden industry to be working in as you try to keep up with technology advancements and protect your company from the myriad of cyber threats that exist. With this as background, I would highly advise my colleagues to find the time to practice self-care. Find a release that renews you physically, mentally and emotionally and don’t lose sight that you need to be whole and take care of yourself first and foremost. Staying refreshed allows you to think clearly, make informed decisions and stay laser-focused on your business. It’s like what the flight attendants say before the plane takes off — “If there is a need for oxygen the masks will come down. Place your own mask on first and then on those you need to assist.” You need to take care of yourself first in order to take care of those around you and help them thrive.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?
As I mentioned, this industry is rapidly evolving as technology advances. First of all, what this means to me and gets me excited is that this presents opportunities for new people, new possibilities, new solutions to help solve the cybersecurity threats that companies face every day. This is a problem-solving industry with little margin for error as the impact of cybersecurity attacks and fraud on businesses can be significant. Second, I enjoy seeing and learning about new tools that companies are using to fight challenges that exist today. Third, I am excited about seeing biometrics used to help fight fraud. I am really excited about behavioral biometrics. In my opinion, behavioral biometrics could take the place of physical biometrics for many aspects of security.
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?
What we are seeing is that the fraudsters out there are getting more advanced in their attacks. Not only are cybersecurity risks accelerating in terms of number of attacks, especially since the pandemic started, the types of threats and fraud have also accelerated in terms of their advancements and complexities. The types of ransomware and malware we are seeing out there is beyond expectation. As most companies have switched to remote working during the pandemic, ransomware attacks increased 72% in the first half of 2020. So even the organizations with the most aggressive and up-to-date security efforts need to always stay one step ahead of the advancements in cybercrime.
Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?
One of the big concerns I hear over and over again from companies has to do with wire fraud. Even some of the most tech-savvy companies that I have spoken to have had to wrestle with wire fraud and are losing significant amounts of money as a result.
A story that really got my attention and led to this being a focus area for Smart Eye Technology was told to me by a CISO at a large enterprise. He said one of their VP’s had received an email with wire change instructions from one of the non-profit organizations that they have been supporting for a number of years. The email said that they recently switched banks and wanted to make sure the company changed their wiring instructions for their annual contribution as a large annual event was coming up very soon and the non-profit wanted to see if the money could be sent before the event. The person’s name and email address looked like the email was from the person they had been working with in the past so the VP forwarded the wiring instructions on to their accounts payable department with a note to see if they could send it out sooner. As he was leaving the office for the day, he happened to run into his SVP. The VP told him that he just received wiring changes from the non-profit and asked the SVP if he was going to the annual event this year. The SVP turned to him and asked what wiring changes and said he was at a meeting at the non-profit a couple weeks ago and met with the person who supposedly sent the email. They had actually talked about when the money was needed and that he didn’t say he needed it sooner, nor did he mention anything about a new bank. The SVP asked the VP to call him the next morning to see what was going on. When the VP called the contact at the non-profit he said he didn’t send any change of wiring instructions. Sure enough, the email was sent by a fraudster impersonating a key person at the non-profit organization. Fortunately, they found out in time to stop payment. The CISO of the organization said they were lucky that time and that they lose millions of dollars every year due to wire fraud.
What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?
Great question. We spend a lot of time ensuring we use the most advanced cybersecurity tools and up-to-date frameworks and resources like:
- The NIST Cybersecurity Framework (The National Institute of Standards and Technology): This framework enables organizations — regardless of size, degree of cybersecurity risk, or cybersecurity sophistication — to apply the principles and best practices of risk management to improving security and resilience.
- The 20 CIS Controls and Resources (Center for Internet Security): This list provides a prioritized set of actions to protect an organization and their data from known cyber-attack vectors.
- CMMC Requirements (The Department of Defense’s Cybersecurity Maturity Model Certification): These are the cyber hygiene processes for managing the most common and pervasive cybersecurity risks the Department of Defense requires of their contractors.
On a personal level, I use a VPN and Anti-Virus protection on all my devices. I practice good cyber hygiene and closely assess every email I receive. If anything seems off, I don’t open it and forward it to our security team to look at and assess whether it’s legitimate or could pose a threat.
How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter” software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?
No one should have to limit their collaboration and communication with other organizations or individuals out of fear of falling victim to a cyber attack. I’ve spoken to and listened intently to leaders at businesses of all sizes across multiple industries and their cybersecurity risks and priorities vary.
Small businesses, for example, don’t tend to allocate much if any budget to cybersecurity software. The ones that do may only be worried about invoice fraud and choose to invest in a lower-cost platform that protects them from this threat. I’ve seen many reports that show large enterprises are earmarking significantly more money toward cybersecurity platforms over the last couple of years as their organizations are more complex and the need to protect IP, sensitive documents and ensure the integrity of contracts and financial transactions is paramount. That’s why we developed a web version of the Smart Eye platform which features an enterprise-level control panel for one or multiple administrators within the company to monitor, in-real-time, all documents shared within their organization and with other organizations approved to communicate with in the platform.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?
There are many indicators of a breach and many are hidden. With the more advanced breaches, you don’t know it’s happening until you see a ransom note. But some common things to look at include missing emails, device battery life and weird device behavior. Anytime something seems to be suspicious or out of the ordinary, it should be flagged immediately investigated.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
Once you are breached, you are out there. At that point the business continuity plan is the most important thing to focus on. How do you keep the business operating while recovering from the attack you are dealing with? Having a good backup and restore policy helps make that process much smoother. In the U.S., there are laws in each state for Data Breach Notification and one must focus on the forensics to see which data was compromised and notify the clients as soon as possible.
As I mentioned, our purpose is to protect the right to digital privacy, so we are aligned with and support privacy efforts like these. People have a right to know who has their personal data and how it is being used. This is how it should be.
What are the most common data security and cybersecurity mistakes you have seen companies make?
There is no single way to do cybersecurity right. There are many ways to secure your organization based on size, budget and infrastructure. You often hear about common mistakes, however, there are only a few ways to get into an organization and most of that is through the human factor. Things like an employee opening an email with a bad attachment, a click on a bad link, or visiting a malicious website can open the door for a cyber attack. Knowing these vectors can help you understand why there is no such thing as common mistake.
Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?
We certainly have. We have seen a significant increase in attacks through emails since the pandemic began. As I mentioned previously, ransomware attacks increased 72% in the first half of 2020. Earlier this year the FBI reported a 400% increase in the number of cyberattack complaints to their Cyber Division compared to what they were seeing prior to the pandemic. Business email compromise has become a huge issue given how dispersed employees are now and we’ve seen it happen across major industries. Fraudsters are trying to take advantage of remote workforces and reliance on human vulnerabilities when it comes to emails.
Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)
In my opinion, here are the five things every company should do to become more secure:
- Follow a good framework like NIST or CIS Top 20. Having good controls in place is a great way to have a strong baseline for your company. The U.S. government now requires companies to follow the NIST framework through the CMMC certification.
- Practice good cyber hygiene. Security should be something that becomes part of your routine business. Use VPN, anti-virus and good security controls.
- Hire good people. Security starts with good people focused on doing good work.
- Prepare for the worst. It’s not ‘if’ something will happen but rather ‘when’ something will happen, so be prepared. Have backups, practice your incident response plan and have a business continuity plan so you are ready for that day. An example is Capital One, which did a great job taking an email into an incident and response.
- Know your supply chain. Most cyber incidents happen because of the companies you work with, so have a good third-party plan and make sure that you don’t compromise on the security standards of your partners and that they take it as seriously as you do.
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂 (Think, simple, fast, effective and something everyone can do!)
I think if everyone could learn to listen better to and understand the life stories of others, I think we would grow to value and respect each other more.
How can our readers further follow your work online?
They can visit our website at www.smarteyetechnology.com and sign up for our newsletters, read our blog and whitepapers. We are working on a podcast series that we will be launching soon. They can also check us out on LinkedIn and Facebook.