Training. One of the essential aspects of Cybersecurity is security awareness and education. Never estimate the value of Cybersecurity training. Train your employees often. Hackers rely on using tactics such as phishing to trick your employees into giving them access to your network — and they are only getting better at it.
Simple But Effective “Update”. Update the software and technologies your company uses. Keeping software up to date is a no-brainer for anyone who uses technology and cares about security. Many vulnerabilities can be illuminated by keeping systems up to date.
As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Sam Munakl. He serves as the owner of Cytek, a cybersecurity firm in Tulsa, Oklahoma. Sam has over 14 years of formal education and professional experience in the Cybersecurity industry. His formal education started at Damascus University, where he received his bachelor’s degree in computer engineering and then continued on to earn his master’s degree of science in cybersecurity from the University of Maryland. He has continued his professional training by earning several Microsoft certifications, including Microsoft Certified System Engineer and System Administrator, and is HIPAA Security Certified.
Sam’s passion is Cybersecurity, as can be seen in over a decade of work in the field. In building Cytek, Sam and his team have worked tirelessly to develop solutions to protect businesses’ data and privacy. Sam’s knowledge of HIPAA guidelines and expertise in cybersecurity helped him to create solutions that allow healthcare practices to seamlessly attain and maintain compliance without interfering in the day-to-day operations of an organization. Sam and his team have worked closely with healthcare providers to develop easy-to-use software, allowing an ideal and stress-free transition to full compliance.
In recent years, Sam has begun traveling the country speaking to professionals of all industries and educating them on the importance of privacy as well as the risks we face today in an ever-changing technology driven environment.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
I lived in several places, but I mostly grew up in the oldest inhabited city in the world, Damascus. I come from a culturally rich family, focused on volunteering and helping others, so I grew up with a passion for helping and finding solutions to problems.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
At some point in my life, I was super involved in human rights, journalism. One of the main issues in third-world countries is human rights and privacy. I pledged to create an email encryption solution that is easy to use and helps protect people by protecting their privacy and their right to free speech. That was what mainly inspired me to pursue a career in Cybersecurity.
Can you share the most interesting story that happened to you since you began this fascinating career?
I get involved in so many cases, breaches, forensics, and cases across the US, but one story I can tell is when a mother of a 14-year-old girl contacted me regarding a Cyberbullying case. The girl met a man overseas over the internet; soon enough, he got access to her photos and started to blackmail her and added all her friends from school. The parent did everything from contacting authorities to even trying to talk to the offender before contacting us. I got to personally work on this case, and I was able to help by removing access to all data and even contacting authorities in that country.
None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
Absolutely, I am so grateful to my parents; they have always supported me and have been there for me every step along the way. Also, my wife and my children for their constant support of my passion and my crazy ideas and adventures.
Are you working on any exciting new projects now? How do you think that will help people?
I am a big believer in how Artificial intelligence can help in many areas, so now we are working on several projects where AI will be utilized in Cybersecurity to help us identify risk more accurately and more efficiently.
What advice would you give to your colleagues to help them to thrive and not “burn out”?
Always work with purpose and ask, Why? Having a purpose can go a long way toward helping you avoid burnout and keeping stress at bay.
Look at the deeper impact of what you do every day; how does your work make life better for other people? How could you add more meaning to what you do every day?
The team and I at Cytek remember our purpose and our “why” daily.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?
Cybersecurity is so exciting to me because it is ever evolving. First, never-ending learning and reading daily in order to keep up. You work up a defense for a network; someone breaks through. How did they do it, and how can I prevent it?
Second, the number of cyberattacks is going up, not down, which means we have a purpose, and we are in a much-needed field, and our job is to help and come up with solutions to protect our clients from the evolving threats.
Lastly, being in Cybersecurity is like playing chess; you have to think about your move, and at the same time count the other side’s moves carefully.
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?
While we in Cybersecurity are trying to utilize AI to enhance security, hackers on the other side are trying to use AI to create better, more realistic phishing campaigns. I will say in the next few months/years, we are going to see more sophisticated and harder to detect phishing attempts.
Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?
We get involved almost daily and get to work on different cases. I will say, always do the analysis first, don’t panic, and react. Hackers might plan your reaction ahead of time. So be methodical and take it one step at a time.
What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?
I will say I use a lot of Cytek tools on a daily basis, such as Email Encryption and Chat. Email encryption for example, it’s super easy to use that is fully integrated with Microsoft Outlook and Office 365.
How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter”software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?
Unfortunately, small businesses are at greater risk since they don’t have the budget or the large infrastructure organizations have, which makes them an easy target. With this said, this was our top priority from the start to bring enterprise solutions to small businesses at an affordable price. Furthermore, even if the company has its own IT department or CSO, it’s always a good idea to have a cybersecurity agency perform a risk assessment to ensure all measures are taken to protect the organization. So, in short, seek external help: for most businesses, having all security and privacy skills in-house is cost-prohibitive. Take help from external consulting and MSS providers as necessary to fill the gaps.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a person can see or look for that might indicate that something might be “amiss”?
Always check for abnormal behavior such as slow network, different popups, and disabled Anti-virus.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
It all depends on the extent of the breach, after forensic analysis determines what data got breached, then correct measures will be taken to protect the organization from any further data leak. Finally, inform clients if any of their information has been affected.
I will say such measures helped us educate our clients and allowed us to really focus on privacy. As we all know, businesses are busy with day-to-day operations, and often it takes tough regulations in order to get people to comply. With this said, we need to get the message out and educate business owners on how that could affect them.
What are the most common data security and cybersecurity mistakes you have seen companies make?
Missing or not conducting regular risk assessments and scans. If you don’t frequently check you fall under risk quickly, especially with how fast vulnerabilities are changing.
Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?
Absolutely. Many companies were not prepared for the work from home, so employees started using their home devices which have never been part of any company security policy and never been scanned. This added all kinds of vulnerabilities and risks. At the same time, hackers took full advantage of that, so we saw a spike in cyberattacks.
Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)
A cyber risk assessment is used to identify, estimate, and prioritize the various risks faced by organizations — particularly when it comes to cyberattacks, data breaches, and malicious digital behavior. No company can say that they’re safe from the consequences of the cyberattacks the industry faces today. However, being prepared for any hacks can save your company time, money, and resources.
Cybersecurity is about finding the right balance between protection and running the business. We can’t protect from everything. Often, IT departments focus and spend so much time and money on items that are not considered high risk while they neglect high vulnerabilities. After the risk assessment is performed, resources should be allocated and directed based on phases starting with high exposures.
Value of Data
Understand the value of your data at risk. In order to make risk-based decisions on your cyber strategy and what privacy compliance efforts to prioritize, you must first understand not only what data you have but how your organization is using it. One of the scans we perform for our clients identifies where all critical data is located. This helps our clients determine risk. Based on that, we collectively decide to de-centralize data, encryption, backup, and even an insurance policy.
One of the essential aspects of Cybersecurity is security awareness and education. Never estimate the value of Cybersecurity training. Train your employees often. Hackers rely on using tactics such as phishing to trick your employees into giving them access to your network — and they are only getting better at it.
Simple But Effective “Update”
Update the software and technologies your company uses. Keeping software up to date is a no-brainer for anyone who uses technology and cares about security. Many vulnerabilities can be illuminated by keeping systems up to date.
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂 (Think, simple, fast, effective and something everyone can do!)
If I could inspire a movement, it would be to make Cybersecurity education mandatory in schools at a young age. Many other countries have already started that, and I feel we fall behind in the US on educating our children about the importance of Privacy, Cybersecurity, and how to protect our devices. Additionally, I would add the impact of Cyberbullying. Everyone should educate their kids at home, especially with the technology available now for them at such a young age.
How can our readers further follow your work online?
Readers can connect with me via our company Website, which is www.cytek.com, or through my LinkedIn profile.
This was very inspiring and informative. Thank you so much for the time you spent with this interview!