Rytis Meskauskas of Nord Security: “Introduce cybersecurity tools into your workflow”

Introduce cybersecurity tools into your workflow. Using security tools, especially in the digital age, should feel as natural as pouring a cup of coffee in the office kitchen. Using the 2FA authentication method to log in to each system or using a VPN to ensure a secure and private connection from your remote workstations are […]

Thrive invites voices from many spheres to share their perspectives on our Community platform. Community stories are not commissioned by our editorial team, and opinions expressed by Community contributors do not reflect the opinions of Thrive or its employees. More information on our Community guidelines is available here.

Introduce cybersecurity tools into your workflow. Using security tools, especially in the digital age, should feel as natural as pouring a cup of coffee in the office kitchen. Using the 2FA authentication method to log in to each system or using a VPN to ensure a secure and private connection from your remote workstations are just a few ways of striving for cybercrime-free work.

As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Rytis Meskauskas, a Chief Revenue Officer at Nord Security, a family of advanced cybersecurity tools for private and business use. Rytis is a Certified GoogleTrainer and a lecturer of mobile marketing at the Vilnius University Business School with over 15 years of experience in performance marketing.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I was born and raised in Vilnius, where I also went to Vilnius University and received a bachelor’s degree in Computer Science and a master’s in International Marketing and Trade.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

Both my curious and analytical mind helped me at the beginning of my career, when I worked with digital marketing agencies. Then, after more than a decade of marketing and strategy experience, I finally landed in cybersecurity. I think it was bound to happen. The cybersec field, like the tech industry in general, evolves at a rapid speed. This means you always have to be a few steps ahead of competition and adversary forces, which is not an easy challenge. But, at the same time, the field motivates you like no other because the safety of your clients depends on your willingness to go that extra mile.

Can you share the most interesting story that happened to you since you began this fascinating career?

Many unusual situations have happened over the years, and it would not be easy to pick only one. However, since I’ve worked with many international clients during my career, many interesting cases occurred because of cultural differences. Distinct views on work ethics, communication, and cooperation often led to some peculiar, although still benign situations. I guess this goes to show that, even if our world is shrinking, it is still a vast place.

None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?

In every place I worked, there were at least a few mentors who helped me grow both professionally and personally. I would love to give some shoutouts to my current colleagues, though. My wonderful partners at Digital Academy Baltics are shaping a new generation of Google-certified specialists, and working together with them is always a pleasure. The whole team behind Nord Security pushes the cybersecurity envelope every day and makes me proud to be part of it. But, most importantly, a big shoutout to my growing family with an amazing and supportive wife.

Are you working on any exciting new projects now? How do you think that will help people?

At Nord Security, we are currently working on many different and extraordinary projects. We will probably unveil one of them soon, and I believe it will change how our clients use the VPN service.

What advice would you give to your colleagues to help them to thrive and not “burn out”?

I feel that our team members are genuinely enthusiastic about our products and the direction in which Nord Security is going. However, this in itself could be a double-edged sword. On the one hand, there are fewer problems with team motivation, but, on the other hand, the risk of potential burnouts is substantial. Our flexibility regarding the work model and the various perks help to mitigate those risks. For example, we are now operating in a hybrid 3+2 model, where people work from the office for three days and can spend two days working from home. This summer, our colleagues will benefit from a 4.5-day work week, having half a day off on Fridays. Physiotherapists and next-gen tools are there to support our colleagues’ mental and physical health. We’ll even have a professional coach teaching us proper running form starting in July.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?

  1. With each day, we spend more and more of our lives in the cyber realm. So, building better, more intuitive tools to keep digital users and their data or activity safe and private becomes not only a matter of a company’s growth but also a matter of safety for all of us.
  2. Mundane tasks or boring routines are virtually non-existent in the cybersec field. The rising number of IoT devices and global shifts to remote-access work are only increasing potential attack vectors. So, the challenges you overcame today could be vastly different from those you will face tomorrow.
  3. Continuous learning and self-improvement are a must in this line of work. It’s necessary if you are trying to be a few steps ahead of malicious software. Learning happens every day even if you are not consciously aware of it. I could write a lengthy book about top cybersecurity issues, but it would already be outdated by the time it got published.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?

The US Department of Justice’s recent push to make investigations of ransomware attacks of a similar priority as terrorism shows just how severe cyber attacks have been lately. One of the critical threats businesses will face is the rise of the Ransomware-as-a-Service (RaaS) business model. Cybercriminals seem to mimic the method of legitimate software developers, leasing their software and providing attacking agents with the opportunity to cripple their target — even if they lack hacking skills. Since criminals don’t publish financial reports, we don’t know the exact income numbers, but experts estimate that the total ransomware revenues stood at around $20 billion last year. In addition, businesses’ cybersecurity strategies will have to address the demand to provide remote access to work and the growing number of risky IoT devices.

Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

Our third-party provider had a security exploit a few years back. The key takeaway was that even if you follow all the best cybersec guidelines, risks are still prominent in areas outside your control. As a result, our clients’ trust was shaken, but, through hard work, additional security measures, audits, and transparency, we steadily earned it back. I would highly recommend any business to be proactive in verifying the cybersecurity policies of their third-party vendors.

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

It may sound cliche, but our own cybersec tools are something that we internally use every day. For example, NordVPN Teams helps us to stay secured and encrypted even when working remotely. Every private info like passwords or access points we share internally we do using NordPass. And NordLocker is always at hand to handle our encrypted files. So, in a way, it’s also a recognition: if we didn’t use our own products, that would mean we didn’t believe they are the best solution for our users.

How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter”software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?

I don’t believe there is a one-size-fits-all answer because it may vary case by case. The more complex the company, the more processes it has, and, therefore, the more vulnerabilities. On the other hand, companies with widespread operations can have efficient and, security-wise, easily maintained processes. At the backbone of every company there should be clear and extensive cybersecurity policies that can answer the most crucial questions. For example, what IT tools the organization uses and how, how data flows internally, what security measures are in place, what to do if the incident happens, and many more. If policies are in place and everyone in the management understands the importance of maintaining them, it’s already a step in the right direction. I see a welcoming global trend of increasing pressure from shareholders or stakeholders to address cybersec questions, resulting in more CISO positions at the C-level table.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?

The problem with malicious attacks nowadays is that they are tough to be noticed by laypersons. Your mouse cursor is unlikely to start moving erratically, because the breach will be happening behind the scenes. However, in some cases, it happens exactly like that: for example, in the infamous attack on the Ukrainian Kyivoblenergo, a regional electricity distribution company, operators watched in awe as the cursor on the screen switched power lines off one by one.

So, it pays off to be a little paranoid within your cyber surroundings. Emails from unknown or unexpected senders should be opened with extra caution, especially those with attachments or links, ideally confirming their true identity before opening the file.

Laypersons might be lacking advanced cybersecurity skills, but they usually have very good knowledge of their daily routines. That means that even the slightest change of the usual workflow should raise a red flag. For example, locked access to a particular directory, unexpected log-out sessions, modified or lost files, or the sudden gain of extra account permissions. A good rule of thumb is not to ignore those red flags or write them off as a malfunction of your hardware or app.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

First of all, do not panic, as that often leads to many judgment errors that could only make matters worse. Of course, to be calm under pressure, you have to know your contingency plans or have comprehensive incident response policies and maintain regular security exercises beforehand.

Then, understanding the root cause of the breach and the extent of the cyberattack is your top priority. If you still have compromised users or backdoors left behind, new attacks are bound to happen again. In addition, if you don’t know whether the attack took any data connected to your user base, you will have trouble being transparent with your clients.

How have recent privacy measures like The California Consumer Privacy Act (CCPA), CPRA GDPR and other related laws affected your business? How do you think they might affect business in general?

I believe that the wave of privacy-oriented laws and regulations has set in motion a more focused global attention to privacy issues. It affects the majority of businesses because, nowadays, everything revolves around data. At Nord Security, we have a Data Protection Officer, who ensures that data processing is compliant with the applicable data protection laws. Naturally, both us and businesses in general had to revise the related technological solutions.

What are the most common data security and cybersecurity mistakes you have seen companies make?

I’m glad to see the trend of phishing attack exercises happening in more and more businesses. I think this is the new standard measure for any risk management team. But, at the same time, I am concerned that these exercises can lull security team members into a false sense of assurance. Sure, we can train people to recognize low-level phishing attempts. But skillful attacks engineered for a specific target can fool almost anybody. That’s why another step after these exercises should be clear communication throughout the company that mistakes happen, and the security team will not hold them over the workers’ heads. Creating a safe space for reporting accidental slips will build trust for voluntary and swift disclosures. Falling for a phishing attack is not something you want your colleague to do, but, if reported quickly, the incident report team has a far higher chance of mitigating the threat.

Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?

It seems that there is a lot more buzz during this time when it comes to cybersecurity breaches. There could be many reasons behind it, like a more extensive area for attack vectors because there are now far more remote workstations. Or it could be cybercriminals using pandemic topics for unseen and therefore more convincing attacks.

However, I would guess that it also has something to do with old cybersecurity problems, which are now being unmasked. Databases storing passwords in plain text, accounts with excess permissions, careless attitude towards even the minimal standards of cybersec deterrence did not begin with the pandemic. All this is the symptoms of a long-standing ignorance towards security issues. But this attitude is changing, and CISOs globally are finally getting the attention and resources to do the job right.

Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)

Assume that your third-party vendors are your cybersecurity vulnerability. This doesn’t automatically mean that they are. But your stance with every system you do not own or don’t have 100% control over should be extra cautious. That includes regularly evaluating the security protocols of your third-party vendors, auditing all existing cybersec policies, and having an extensive understanding of what data flows between you and your outside partners and how.

Utilize bug bounty programs. If you want to stop the cybercriminal, you have to think like a cybercriminal. And that often requires a fresh, unbiased look at your network from the outside. Having a public bug bounty program requires certain preparations and resource management, but it can be a great addition to penetration tests.

Have a plan in place for when the breach happens. What would be your first steps? Which personnel are the first responders? How does the decision-making hierarchy change in a cybersec crisis? Do you count on your in-house specialist to be the incident response team, or do you use outside help? If so, who? Questions like these are just the surface of a comprehensive cybersecurity policy, but having answers to them will offer you a standing chance when facing a cyberattack.

Create a safe space to report phishing accidents. If you are lucky, large-scale email phishing attacks are probably going to be your only cybersec headache. So, exercises teaching your personnel to recognize emails containing cyber threats are a must. But they should also be followed by a policy of safe space reporting. If your people can feel safe disclosing that they fell for such an attack, they will be more open to reporting them to your risk management team. Undisclosed cases are ticking time bombs for your cybersecurity.

Introduce cybersecurity tools into your workflow. Using security tools, especially in the digital age, should feel as natural as pouring a cup of coffee in the office kitchen. Using the 2FA authentication method to log in to each system or using a VPN to ensure a secure and private connection from your remote workstations are just a few ways of striving for cybercrime-free work.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂 (Think, simple, fast, effective and something everyone can do!)

I would like to kickstart a movement of knowledge sharing. We are all experts in our various fields, and even small bits of experience or insights could launch new ideas in astonishing ways. It’s important to understand that knowledge sharing is not something that puts you at a disadvantage. Creating a dialogue and sharing know-how can improve both you and the community.

How can our readers further follow your work online?

Follow Nord Security’s news or catch me on LinkedIn.

This was very inspiring and informative. Thank you so much for the time you spent with this interview!

    You might also like...


    David Nuti of Nord Security: “Cybersecurity is a journey, not a destination”

    by Tyler Gallagher

    “Take the time to speak with each other” With Mitch Russo & Latana’s Rytis Jakubauskas

    by Mitch Russo

    Anuj Goel of Cyware: “Situational Awareness”

    by Tyler Gallagher
    We use cookies on our site to give you the best experience possible. By continuing to browse the site, you agree to this use. For more information on how we use cookies, see our Privacy Policy.