You can PREVENT most Data Breaches. Basic cybersecurity protection measures will prevent most attacks. The cybercriminals are looking for easy prey. Just like a locked door will typically dissuade a burglar, having basic cybersecurity protections in place will persuade most attackers to try another target.
As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Paul Katzoff.
Paul Katzoff is the CEO and driving force behind WhiteCanyon Software. Paul’s mission is to decrease e-waste globally and provide an alternative to physical destruction in the circular economy. It is estimated that over 150 million computer drives are shredded each year due to security concerns of the data on those drives. His company provides the WipeDrive solution for a software-based erasure of laptop, server, desktop, workstation, and mobile devices as an alternative to physical destruction (shredding). His concern for the environment and limiting impractical waste is the driving passion to work with public and private corporations to change their drive destruction process. Paul started out at WhiteCanyon Software as a Tech Support Rep before moving to Support Manager and, later, into the Sales Team as an Account Manager and then as Sales Manager. He left the company for Enterprise Sales positions at HipLink and SaltStack before returning to WhiteCanyon as CEO. His 10+ years in the e-waste industry enabled Paul to internalize strong user preferences for all-things-mobile, recycling, circular economy, simplicity, instant access, and engagement.
Paul holds a Masters of Business Administration from Utah State University, Jon M. Huntsman School of Business. He holds an undergraduate degree from Brigham Young University — Hawaii where he majored in Hospitality and Tourism Management.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
I grew up as an Air Force kid and lived in Germany, Japan, England, Hawaii, and Australia. I ended up in Utah for high school and have bounced between Utah, California, and Hawaii ever since.
Is there a particular story that inspired you to pursue a career in cybersecurity?
My first job out of MBA school was with Todd Martin Sr. at VARNA Products. Todd was 92 years old and worked 40 hours a week in the office. He had some of the first patents on dual propellers and had been an inventor his whole life. He had a quote on his wall that read “The interests of men run like rivers. Riches are to be found where they are deep.” I took from that quote, if you want to be successful, you must see where industries are moving to and what they are interested in. My answer to that was to pursue computers. I purchased a domain and a webhosting service, and I used HTML-Kit to build websites. Because of my experience in web design I got my first job at a software company. And since that time, every industry has moved into computers and the internet.
Can you share the most interesting story that happened to you since you began this fascinating career?
I feel privileged to have the opportunity to speak and partner with some of the largest employers in the country. I am still amazed when I get a call from a Fortune 100 company where they come out and say they have never erased any of their computers. And have been basically letting their data go out their back door without any protection. We quickly provided them with a solution to this issue and resolved a future potential data breach. It may be surprising, but this exact conversation has happened at least 10 times in my career.
My other favorite story is how data breaches can even affect Pawn Shops. We sell a tool that erases computers specifically for Pawn Shops. We got a call from a potential client that told us how the local news had done a story on a laptop they sold to somebody. That person went home and when they turned it on, it was the Mayor of that town’s personal laptop. There was personal information, tax documents and pictures/videos on the laptop. The Pawn Shop quickly implemented our tool, but it shows that data breaches can affect even the smallest companies.
None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
Are you working on any exciting new projects now? How do you think that will help people?
Yes, we are working on integrations and pursuing the IT Service Management trend which is brand new and is really creating value for SMB and large organizations. ITSM is providing a group of software products to IT managers so they do not have to evaluate, price, and purchase individual tools that are needed for every IT dept. ITSM provides these tools as a group at a low cost and will be the way IT solutions are marketed for the next decade.
What advice would you give to your colleagues to help them to thrive and not “burn out”?
Keep your passion. Focus on what you want to get out of your job and what you need to put in to get that results. There are negatives with every job, but your growth and personal/professional improvement should outweigh the negatives. Pace yourself and aim for the stars.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?
Cybersecurity is constantly changing, that is what I find most exciting. Once we solve one issue, there is another security threat that becomes a major priority. We can do ANYTHING with computers and this also means, nefarious activities can be done against an institution with computers. It is truly a cat and mouse game.
The importance of cybersecurity is paramount to any country. Wars and battles can be won with cybersecurity dominance. It truly is a game changer for organizations and nations. Information is power and protecting information is the key to success.
Cybersecurity is here for good, or at least until we no longer use computers. The desire to gain access to computers and information is not going anywhere and we will cybersecurity be a part of our lives, and a bigger part of our personal lives in the future. I love how cybersecurity is constantly changing, important and permanent. What a great industry to be a part of!
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?
I think blackmail will start to become a much larger component of cyberthreats. We will see CEOs/Purchasing Managers/Decision Makers threatened with embarrassing exposures and required to do things that are either illegal or spend money to hide them. There will become a personal component of blackmail which will focus on higher paydays for perpetrators.
I also think the cancel culture is a cyber threat and past posts/tweets/pictures/videos will be used to unseat business owners, executives, and others for internal political purposes, for stock advantages or for competitive advantages.
We are headed into a time where everyone will be able to find and publish everything about others. And it could be used for nefarious purposes.
How does someone who does not have a large team deal with this? How would you articulate when a company can suffice with “over the counter” software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?
The value of the data is what motivates the need for custom cybersecurity protection or over-the-counter software tools. Most IT team are trying to shrink their budget and employee count so there is a motivation to find bundled cybersecurity products that are affordable. If the value of your data is extremely high, then you need to have high measures to protect that data.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?
Look for procedures that do not make sense. A lot of times companies have procedures that are out of date but are followed because that is what the policy states.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
Companies need to first follow state and federal regulations when a data breach occurs. All 50 states require data breach notification to customers. There is a fine associated with not performing this or delaying when this is completed — each state is unique. Companies also need to check if the breach violates HIPAA, FISERV, GDPR or other regulations and then comply with their statutes.
Most importantly, the company needs to review their Internal Data Security Policy and ensure that it is up to date and relevant. This help protect them against further data security breaches.
These regulations are bringing data and privacy to the mainstream consciousness. CCPA does not have the teeth (financial penalties) of GDPR but it will be the foundation of a US National Data Protection legislation, which is currently in committee. We have seen demand for our products increase as more organizations realize the risks of not erasing their computers and instituting a more robust IT lifecycle plan.
The regulations will increase costs for businesses and consumers in the long run, but I think it will help protect our vital data and ensure basic safeguards are in place.
What are the most common data security and cybersecurity mistakes you have seen companies make?
Companies do not keep up to date with the latest threats and tactics. They are also terribly slow to institute policy. The cat and mouse game of cybersecurity means the aggressor will catch any of those that haven’t made changes, so being agile and current to threats is the best way to avoid a breach and should be the state of mind for every IT manager.
Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?
There has not been an uptick yet but there will be. Remote workers who are using home computers are storing company data on those systems. At some point in the future those systems can get out into the wild and there could be major data breaches. Most company’s data security policies do not cover a remote workforce, and this will be the biggest issue over the next 5 years. In addition to the data on the computers, issues will also be access to that computer — both direct and over Wi-Fi.
Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)
- All Data is Valuable
We hear about data breaches almost daily and most of them are of credit card information or logins. We are reaching a day where all data can be assimilated and processed for much larger attacks. An attack on logins for a small website, could provide the password for the network of a large corporation, which could then be used to access intellectual property, customers, or vital information. We are reaching a day where stealing multiple small pieces of information can lead to big breaches.
2. Any Breach will Cost Your Organization
Do not think that your company is immune to a data breach. Data breaches will continue to be a big item in news stories and your data breach will be brought up for years. It will also have to be addressed in Investor/Corporate information and could be a major burden. For small companies, having a burglar break in and steal computers and valuables from their store did not directly hurt the company’s customers. Data breaches for small companies are different, they can directly affect a business’s customers when their passwords and credit card details are stolen. This gives a business a bad reputation and could be detrimental to their client base. Any breach will hurt you.
3. You can PREVENT most Data Breaches
Basic cybersecurity protection measures will prevent most attacks. The cybercriminals are looking for easy prey. Just like a locked door will typically dissuade a burglar, having basic cybersecurity protections in place will persuade most attackers to try another target.
4. Data Protection is here to stay — just like physical security of buildings
Years ago, having physical security of your premises was looked at as an extra cost and was only done when the building was in a bad area or there was particularly important information to protect. Now we see most buildings have some sort of paid security service drive around or visit it each night. This basic protection dissuades potential intruders and keeps buildings safe. Not to mentions liability and insurance premiums.
Data protection will soon be viewed in the same light. Safely storing and managing data is a permanent fixture of business and will be for the foreseeable future. Organizations that are avoiding it for cost or other reasons will only see a data breach and negative consequences. Move now so your data is protected.
5. You can Rebound Back from a Data Breach
Data breaches are not the end all. They are a call to display to your customers, competitors, and industry how you respond to a failure of your cybersecurity system. New data security policies should be instituted, communication with affected parties should be direct. This communication is a chance to differentiate and ingratiate yourself to your customers and should be used to do so. A highly visible company can rebound from a data breach and must to stay in business.
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂 (Think, simple, fast, effective and something everyone can do!)
I would like to inspire a movement to limit microplastics in our environment. We are just starting to learn how these microplastics are in fish, plants, animals, and the ecology and that they may be a part of the Earth’s environment for centuries. E-waste is a gigantic contributor to microplastics, and I would love to see the day when 100% of electronics is recycled and reused.
How can our readers further follow your work online?
This was very inspiring and informative. Thank you so much for the time you spent with this interview!