Ransomware, Phishing and Fraud

Cybersecurity isn't just a concern for large corporations. It's vital for businesses of all sizes. It's essential for companies to know how to protect sensitive data, restore from backups, and regularly test their systems with internal pen tests to keep their teams safe. Today's guest is Bryce Austin. Bryce is the CEO of TCE Strategy, a cybersecurity advisory firm. They provide vulnerability scans, penetration tests, fractional CISO services, and incident response services. He is also a professional speaker on ransomware. Bryce is the fractional CISO to many companies, including one on the S&P 500.

We talk about the key aspects of cybersecurity for businesses, and how to be proactive with patching, training and strong password management. He shares his experiences with major cyber incidents including ransomware, phishing and the Target breach, and how defense in depth, backups and financial controls are key. Bryce also mentioned the use of password managers, regular vulnerability scanning and external monitoring to increase cyber resilience. We share practical tips for all businesses to protect against ever changing cyber threats.

Show Notes:

• [00:59] Bryce started TCE Strategy in 2016. It's their goal to keep their clients one step ahead of cybercriminal risk.
• [01:32] He has a degree in chemistry. Technology was just for fun. He ended up working in the payroll space which was ripe for cyber security concerns.
• [03:00] He was really pushing cybersecurity and then their company was purchased by Wells Fargo. It ended up being amazing training for starting his own cybersecurity business.
• [05:24] Bryce shares how he was affected by the Target security breach. He ended up unemployed and was deeply affected by food stamp requirements for his family.
• [07:34] He wanted to make sure he would never go through this again and started his company.
• [08:19] His public speaking began in 2011.
• [09:17] He was indirectly affected by the Target breach, and he also shares his indirect personal one.
• [12:59] Bryce was actually spearfished in 2018.
• [14:36] Incident response is when something happens from a cybersecurity standpoint and damage has occurred. Oftentimes data is encrypted. This is a ransomware attack.
• [17:18] Bryce tells the story about how a hotel was hacked and a large payment was able to be intercepted.
• [18:31] Phishing attacks are where someone clicks on a bad link.
• [20:38] His biggest Christmas gift was none of his clients getting hacked.
• [21:05] They also had a ransom demand where they had to pay a million dollars.
• [23:02] If they would have been looking harder this wouldn't have happened.
• [26:26] Issues with hooking up to the Internet and having default passwords.
• [28:07] Why it's impractical to make ransomware illegal.
• [31:12] Even criminals have a reputation to uphold and usually hand over the encryption key.
• [33:56] Bryce talks about some of the preventative things that people can do.
• [34:47] Be proactive and have diligent patching.
• [35:37] Don't use the same passwords over and over. Use a password keeper.
• [36:54] Have offline backups.
• [38:09] Follow all processes and procedures when moving money. Use unique passwords.
• [39:27] It's important to encrypt your backups.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Bryce Austin
• (612) 730-9897.
• Bryce Austin on LinkedIn