3 Steps to Take After a Data Breach with Robert Anderson Jr.

Taking a proactive approach versus a reactive approach to cybersecurity makes a big difference for the stress levels of employees and customers. The daily conversations that take place with management can change the impact of a ransomware attack remarkably.

Today's guest is Robert Anderson Jr. Robert is a national security expert, author, and business leader dedicated to helping companies improve cybersecurity and reduce business risk. As Chairman and CEO of Cyber Defense Labs, he brings decades of executive leadership and operational experience in cybersecurity, counterintelligence, economy espionage, and critical incident response.

Show Notes:

• [0:57] - Robert describes his current role as CEO of Cyber Defense Labs and his background in the FBI.
• [2:14] - The plan for Robert going into cybersecurity evolved over the decades of his career as a direct result of the evolution of how crime is committed.
• [3:52] - Anything you can do before something bad happens is the best thing for your company.
• [4:42] - Once a breach happens, it goes beyond inconvenience and risk for clients. It could mean the end of a business.
• [7:01] - In Robert's experience, most companies have a plan but the plan hasn't been tested and doesn't hold up to an actual data breach.
• [9:01] - Robert describes scenarios while working in the FBI in companies choosing to pay ransoms after being hit with ransomware.
• [11:10] - The larger the company, the more complicated this becomes.
• [12:50] - Breaches have changed in recent years and now ask for millions of dollars.
• [14:45] - Chris and Robert recommend approaching practicing for possible breaches like fire drills.
• [17:03] - Robert advocates for being informed and understanding all laws when getting involved with ransomware.
• [18:57] - The reason why ransomware is so prevalent is it's a trillion dollar industry. Bad guys are making a lot of money.
• [21:26] - Hacking ability or high level hacking is not necessary to perform a breach anymore.
• [23:10] - Skilled hackers make even more money because they are often contracted for jobs.
• [24:36] - Robert believes there should be a global set of norms similar to the UN when it comes to what the world will tolerate when it comes to cybersecurity.
• [27:30] - The first call a company makes is not for help. It's for mitigation.
• [29:18] - In Robert's organization, cybersecurity is a daily conversation.
• [32:03] - Robert will not open a single email if he does not know who it is from.
• [34:10] - Logging onto public wifi can be dangerous.
• [35:55] - Your frontline of your company is made up of your employees. Educate them.
• [37:58] - You must have an internal and external communication plan.
• [39:31] - What are three things you can do after a breach?
• [42:31] - Chris gives an example of proper communication from a company that included their proactive approach and a timeline.
• [45:32] - Communicating with customers is important but it is equally as important to communicate with your team.
• [46:36] - When it comes to class action lawsuits, nowadays, even employees can sue the company.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Cyber Defense Labs Website