Cybersecurity Is Everybody’s Business With Scott Schober

July 2, 2020

Scott N. Schober is the President and CEO of Berkeley Varitronics Systems (BVS), a 48 year-old New Jersey-based privately held company and leading provider of advanced, world-class wireless test and cyber security solutions.

Scott is a highly sought-after author and expert for live security events, media appearances and commentary on the topics of ransomware, wireless threats, drone surveillance and hacking, cybersecurity for consumers and small business.

Mr. Schober is the CSO & Chief Media Commentator for Cybersecurity Ventures. He is often seen on ABCNews, Bloomberg TV, Al Jazeera America, CBS This Morning News, CNN, Fox Business and many more networks. He is the author of ‘Hacked Again’, ‘Cybersecurity is Everybody’s Business’, and ‘Senior Cyber’.

John Shegerian: Welcome to another edition of Impact podcast on John Shegerian. And today, I’m so honored and privileged to have with us Scott Schober. He’s one of the top Cybersecurity experts in the entire world. Welcome to Impact, Scott.

Scott Schober: Hey, thanks for having me on John. This is great. Looking forward to a nice discussion.

John: Oh me, too. And you know, there’s no more timely period than to have this discussion with an expert like you, you know, the statistics that I’ve beengleaning from the FBI and other Federal officials is during this Covid-19 tragedy. Cyber crimes are up four times. But before we get into, you know, why your services and your books and your podcast are so important to all of our listeners out there. I want to share a little bit about I want you to share a little bit about your journey. How did you kid from New Jersey become one of the top cyberexperts in the entire world?

Scott: Yeah, it’s actually kind of an interesting backstory. Our company and I’m the next generation was founded 48 years ago by my father, Gary Schober. So it’s really a true family business in that sense that was founded in Berkeley Heights, New Jersey and hence the name Berkeley for Berkeley Varitronic systems, and we’ve always done kind of niche unique designs for companies. They come to us with a problem and then we would provide a solution. And we really had a kind of a growth spurt at the infancy of the World of Wireless when it kind of kicked off in the mid-80s, 1980s. We were doing a lot of stuff for the TV networks, audience television research, finding out what people are watching on TV with some unique algorithms and we license a lot of the technology to the major networks, but then we were approached by a company down in DC and they asked us to develop some of the very first Wireless test tools to find out where to put the cell towers and to measure how signals propagate all to make cell phones work and that took us in the first generation of traditional cellular mobile phones as we know it when they were giant bricks that we held to communicate and rich businessmen use them to where we are now going from the 4G fourth-generation to 5G fifth generation advanced smart phones that we see around the globe. Everybody’s got a smartphone or two on them. We develop all the test tools that make that technology make phones work. In the process of that we learned a lot of the vulnerabilities and how hackers will exploit a smartphone especially in the past ten years or so because your smartphone is really more powerful than most desktop computers these days. It’s like a supercomputer. So hackers will traditionally use that so they could gain access as a conduitto get into companies so they can find their way onto the network, work laterally, place malware, collect data, steal personal information passwords, whatever the case may be. So that kind of brought us to where we are. And then about five six years ago, I began developing a lot more security related tools. We call wireless threat detection tools mostly to U.S. DOD agencies and fortune 500 companies to keep their boardroom safe, to keep classified information safe from hackers things like that when there’s wireless threats and the more I educated and shared information in from presentations and whitepapers, E papers, whatever the more the hackers start the set their sights on my back and next thing you know is I became personally and my company a victim of repeated hacks and it started out innocent as probably all of us or all your listeners. May be a debitcard my debit card got compromised and my credit card personally. Then the company’s credit card and the company’s debit card they got reissued then it happened again and it happened again and happened again. I said something is wrong in here. Then my twitter account was hacked. Then we received repeated DDOS attacks distributed denial of service attacks with a flood your website with garbage traffic so you can’t do online commerce and now we’re not able to sell our wireless tools online our wireless security tools. So this kept going on things got worse and worse to the point where one morning I came in to work on Monday morning and looked at my computer went online to the bank account and $65,000 was taken out of our account. And that’s when I said guys this is not good. I got a serious problem, called the bank, law enforcement got involved since it exceeded 50,000 dollars in the federal investigation. So as you can imagine letters, phone calls everything under the sun and I finally was able to get all the funds back and cards reissued and so on and so forth, but in the process of being hacked and hacked again, and again, I learned a lot and I always thought as a security company and security minded people here we would never be a victim of that and I learned the hard way. So I learned we had to do some a lot of best practices that you assume you do, you don’t do because you get kind of complacent or a little lazy.

John: Right.

Scott: So then suddenly it’s you know, how do you secure passwords? And how do you secure information? How do you properly shred documents and dispose of things which you guys are certainly experts at computers, printers, fax machines, scanner understanding where the treasures are in your company and valuable information that you properly get rid of that. So nobody can compromise. It goes a long way so I kind of take people through myjourney, and then kind of the emotional side as a business owner and consumer and help them see where I went wrong and what I learned in the process. So hopefully, they don’t go down the same path that I’ve traveled and they could kind of empower themselves to be secure at home, be secure within their own businesses and train and share information and not being an island and keep being a victim of repeated hacks and that’s really the genesis and kind of the backstory of hacked again. And that, it was kind of funny when it first happened. I was very embarrassed. Here we are a security company and we’re- and the story kind of got out there trickled out there and we really kind of kicked it off. I got a call from the Associated Press and they were doing a feature story on it and they said they heard my story and wanted to interview me and I said, “Geez, I don’t know if I feel like going on record that I’m in I’m officially an idiot here and I let everybody down” but I said, you know what,it’s out there and I said if I’ll do it if this will be done in the sense where it will help other people so they don’t make the same mistakes I did. And after that interview, boom the idea for a book started to come together and I started documenting it and and here we are today.

John: You know, and I know your brother is partners with you also in the business. Is your dad still involved with the business?

Scott: Yeah. Yeah. He’s really retired. He’s technically our CTO still so he comes in to make sure we’re not bankrupt ordidn’t destroy the business yet, but he doesn’t he’s not active in the business anymore. He’s really retired with a fishing pole on a lake and just probably laughing at us working our butts off. So it’s good that he deserve that he worked hard he built up a great business and our business is predominantly word-of-mouth. We really don’t advertise which is kind of rare for a 48 year old company to survive the ups and downs and the recent challenges even with this virus, the Covid-19 stuff survive through it and thrive through it. I think it’s kind of a testament to our corporate culture and the legacy of a family business in America today. So it’s kind of a privilege. I always feel just to work here and have a part in it.

John: That is so- I really agree with you on all those points and for our listeners who just joined us we’re so excited to have with us today Scott Schober. He’s one of the top Cybersecurity experts in the entire world. He has a lot to say on these topics, I would listen and also read his books now. We’re going to get to your books in a second but to find Scott go to www.scottschober S-C-H-O-B-E-R.com scottschober.com or his company URL www.bvsystems.com. Scott, talk a little bit about how many years ago you wrote Hacked Again. And how was it received once you got it out there into the marketplace?

Scott: Well, first of all, I have to qualify and say I am not a writer which I find kind of interesting and I’ve spoken a lot of book expose, a lot of colleges, business seminars and people are very curious. How in the world did you become a writer? And you know, was it hard it just study this to college and I can honestly say I’m probably one of the worst writers out there, so I had to learn a lot. I mean everything from A to Z in the process of writing a book and what I quickly learned is there is some structure and things to do it, but there’s enough information outthere in the world that will quickly help you. Anybody can do it. The key to a good book is having a good story and I felt I had a good story and I got a lot of help obviously from my brother Craig. He helped really everything I would write I would hand him and then he would edit the chapter and we would go back and forth and to kind of get it refined and get the kinks out. So I always encourage somebody if you have a story to tell and you have somebody else that you could bounce the ideas off and edit and it would really happen.Fortunately for me growing up with my brother, with three years difference. I’m three years senior to him. He kind of is in my head already since we work together, we grew up together. He knows how I think. I’m more of the kind of the math and science mindset. He’s more of the artsy side with video and that’s a nice combination. You can kind of complement one another. So I always encourage people if you’re writing get somebody that kind of balances you out so that your story will come out and the averagereader will enjoy and read it so that the journey took me about two years to write Hacked Again. Again, that’s really a long time. And I guess it’s because I was learning on the way. I wrote a lot more chapters that didn’t get included because you just end up throwing it out. So all the things that I learned from book number one I said if I ever write book number two, I know what to do and what not to do and it really does help. It’s an amazing journey and process writing because you learn more about yourself than anything else. And I talked to a lot of other writers and I encourage people, too. If you have that story or in the back of your mind, you said like to write a book and I was encouraged to do this pick the genre that you’re writing about my case hacking Cyber security and they told me go to the bookstore and look at the books and buy 20 of them that you really that catch your eye. Maybe it’s the cover. Maybe it’s the title. Maybe it’s the subject and read them cover to cover. And I did that and it was painful but in the process you start to develop what writing style you like, what you enjoy and how you can better tell your story. So I kind of am a self-taught author. I feel from my first book and it’s interesting. Some people said they love the first book more than my second book and some people have said just the opposite and they said well you’ve improved a lot as an author in your second book over your first book. So it’s kind of interesting different takes people get out of it and it’s just an enjoyable journey and encourage people to do it.

John: How many years after you wrote Hacked Again did you write Cybersecurity Is Everybody’s Business which I have on my desk here, which I’ve already halfway through which I just think is so practical in such a great book how many years in between those two books?

Scott: Once, I would say I was probably about I think 2016 Hacked Again came out.

John: Right.

Scott: And it was probably 2017 into 2018. So there’s about a year or so to actually write my second book Cybersecurity Is Everybody’s Business. So there was a little bit of brief time in between there trying to figure out. Hey, is there another book here and what was hesitant for mewas is there another story or is there more to tell and I think it was probably the latter that stood out in my mind. Hey, I’m not done here. I told the story but a lot has happened since I finished Hacked Again and that really was the genesis of Cybersecurity Is Everybody’s Business. So it’s a longer read. It goes into a little bit more detail, but it picks up on a lot of topics some additional breaches. Cryptocurrency really kind of made center stage of the dark web and some of the crimes and things that have happened there certainly got a lot more attention. Skimming technologies that really took off in the past few years. So there’s a lot more I wanted to talk about and share with my audience and that’s exactly what I’ve done.

John: So what goes through a little bit, you know, we’re you know, when you listen to the professionals like the FBI and other Federal officials that prosecute and chase the threat actors in this space they say during Covid-19, Scott, cyber crimes are up at least four times. What key elements, what key themes do you want our listeners to keep in mind that they could take away if they read your book but give them a little bit of a taste of what they’ll start learning about if they pick up your book or download it today at Amazon.com or other great platforms.

Scott: Yeah, I think with all my writing and all my presentations, I always try to share with listeners and readers common themes that security and cyber security in particular is really in your control. Most people they seem to get lazy or complacent that deer in the headlight look because they get overwhelmed. I share this even dealing with my father this weekand he was overwhelmed with trying to create and maintain passwords and a lot of people I talk to they’re frustrated just with cyber security in general the important message. I hope to resonate with those that are listening that if you take a little bit of time and learn there are best practices that you can implement that are really common sense and it’s not necessarily a spend of money. Most people associate Cybersecurity. I got to go spend a lot of money and that’s not necessarilythe answer rather you have to change the way you think, the way you do business and that will translate to a more secure cyber perspective. I analyzed even in my book. In fact, both books I touch on it something as simple as something physical security. We think about a document we take credit cards for example, and we jot down the credit cards we get it over the phone, so it’s secure and not in any digital formor anything else. We jot it down on paper. What happens when we’re done processing that order? We actually have to shred that physical piece of paper that has somebody else’s, our customers personal information on it. Again, that’s simple. What do most people do? They buy a 1995 shredder that does very basic shredding. It really is not very secure. It’s more secure than crumbling it up and putting it in the garbage. But instead if you buy a micro crosscut shredder or you’re using a good company that actually provides shredding services that obliterates that so there’s no way somebody could repeat that together. That’s the proper way to handle security. What’s the difference in cost? Maybe it’s $200 to buy a Brothers micro crosscut shredder that’s closer to the equivalent of what NSA might do to shred a document. Then the $20 shredder that’s almost a giveaway. So sometimes it’s a little bit more money to spend but its more common sense.The way you implement security that’s what’s important and that it’s done throughout your culture in your company. It’s not just the Chief Information Security Officer or the President. I always say it’s from the janitor on up to the CEO. Everybody has to understand there is a culture that needs to be understood and maintained to keep the entire company secure and once you start to learn those best practices, everybody can implement them and again, it doesn’t have to always hit the wall, it’s not a big expense to implement these things most of it is there. Another good example two factor authentication, role used to logging on to a bank or a secure site. Yeah, we check. Is there a lock symbol? Is it HTTPS for secure? Those are the basics important. But if we’re going to check our 401k or a stock portfolio or check our bank account, whatever the case may be. Are we using two-factor authentication? Most of the time it’s there, it’s free, it’s available. But we need to make a balanced decision between security and convenience. Most people will opt for convenience over security every time. We have to think security. We opted for it’s going extra 10 seconds to do this 2 factor authentication, but I’m a hundred times more secure. Boom. That’s the way they go. And that’s what I try to share with people. Empower them to take a little bit extra time and think how this will save them from going down the path that I went with Federal investigations and documentation and phone calls and paperwork. It’s a disruptor from you’re in if you’re a consumer, but it’s even bigger disruptor if you’re trying to run a business and you’re distracted by all the fallout after a breach. It’s a mess.

John: You know, Scott the name of the book is great, Cybersecurity Is Everybody’s Business and for our listeners out there for the first, you know, Scott was kind enough to share some of his books with us and for our first six listeners that write to us and tell us why you want to read this book? We’re going to share a copy. It’s autographed as well from Scott to our great listeners. It’s really for all of you. And you could download it as well on your Kindle or your iPad or something as if you’d like to do that and get access to it immediately today when you’re listening to this podcast, but Scott the book is for not only someone at a big corporation. Like you said, it’s everybody’s business, but it’s also for the guy or woman who owns a dry cleaner and also for a mom or dad who’s running a household which has become an ecosystem of itself in terms of money and capital and commerce going through it. It’s for just someone who’s running a household as well. Not just the business. Is that correct?

Scott: Yeah, you’re absolutely right. In fact, it couldn’t be ever more appropriate right now. And we look at a third of America the workforce is working from home with this disaster with Covid-19, so now suddenly they’re trying to juggle things at home, but maybe they’re using their personal laptop or desktop computer, their iPad their smartphone, but they’re still doing business. There are still doing things from their remote office. So even more so do they need to be careful and take their time whether it’s password management, whether it’s two factor authentication, whether it’s caution on social media and watching their digital footprint. All of these things that I talked about are appropriate not just for the office but for somebody at home if they have their home office that they can do these best practices and I go into a lot of things about some of the scams and a lot about credit cards because that’s a huge area where there’s cyber crime taking advantage of us be it online or purchasing even sharing a credit card or over the phone but the common best practices and cautions that we need to employ if we areusing our credit card from home or the office.

John: Fishing and spearfishing, is that still one of the major ways people are falling for these threat actors and cyber criminals?

Scott: Yeah. Absolutely. You make a great point John. I think especially again reverting back to this Covid-19 cyber criminals are great at adapting they change their game often and it’s based upon what’s going to work on their advantage when somebody is fearful, when somebody’s distracted, that’s when they move in and that’s exactly what’s happening. They’re using effective phishing schemes. And in some cases they’re more targeted depending upon what they’re trying to accomplish where they’re selling, you know face mask supposedly, ventilator related things, the miracle medicine, all these different things tied around Covid, which makes people want to react and click because they say wow I need to know where I’m going to get tested locally here to see if I’ve got Coronavirus. Click here to set up an appointment just provide this basic information. Next thing you knew what know what are you doing? You’re divulging personal information, but your mind is focused on what if I have this, what if I pass this on to someone, what if my kids get this, how am I going to go back to work? So you’re distracted over here and that’s a very effective tactics. So immediately I always tell people stop. Don’t be so quick to click on email attachments. You’re better off always double checking it. Make a quick phone call. Grew directly go to the website that claims they’re doing this or that or promising. Enter that URL and so you can actually verify for yourself that it’s truthful. So taking a little bit extra time and steps before you’re too prone to click on things saves a ton and ton of embarrassment or financial ruin or other problems. And there’s a lot of great companies out there that can assist with it. You can do it yourself. If you’re hesitant, you have a company they’re just companies like no before and many others that offer security awareness training and that is important if you get it within the culture as I talked about earlier to make sure everybody understands it and understands the risks and implications if they’re the one that clicks on that specific attachment and of course ransomware. Every the last few years, I’ve been talking about ransomware to my eyes are bleeding. It keeps advancing. It’s more challenging and it’s becoming more lucrative and more targeted toward the medical community hospital so they could shut down any or lockup patients records demanding that ransom in bitcoin, which is certainly anonymous digital currency. So it’s hard to trace down these hackers and catch them. So it’s really important. Be careful what you’re clicking on because really the malware that’s embedded in a lot of these phishing attacks is a different strains of ransomware that keeps evolving and improving so it’s harder and harder to discover and prevent it from happening.

John: You know Scott, we’ve seen in our lifetime the growth and the proliferation of the internet of things. So ten years ago, we didn’t have a nest in our home a ring at our front door and Alexa on our nightstand whatever they’re called the Alexa tools or the Google tools that could just hear voice commanded. Talk a little bit about the inter connectivity of our homesin our businesses now with all these great tools that are designed to make our lives better in some places like ring safer more comfortable. What risks though come along with the internet of things and all these new gadgets that were all enjoying but also could put us at greater peril?

Scott: Yeah, you make a fabulous point and this is one thing that I have talked about extensively and even in my books it’s intertwined in there. IoT, the Internet of things is kind of a phenomena that has come about that we’ve all adopted whether we like it or not. And I too am guilty of this. In fact a couple years ago, I was at I think was the RSA show and somebody presented a point that within a few years you will have 50 IoT devices in your home. Do you realize that? And I kind of laughed, I said that’s ridiculous. And then one day, I sat there in counters I said geesh they were dead on.That’s about what I have in one of my homes. And to your point yet, what is it? It’s exactly that. I mean, I’ve got no wise wireless cameras in the nest, in the ring and this and that you go down the list and you start to realize everything from your TV to whatever is connected into the internet. The problem is when these things were designed a number of years ago and even more recent, cost was the driving factorbecause it’s consumer rich people want it high volume manufacturing. To add security to it add some dollars to the cost and they never want to do that. So instead they said well, well, we’ll figure it out later if it’s a problem and that’s exactly what’s happened. Security wasn’t baked in at the beginning and now we’re starting to pay for it. When you have tens of thousands or hundreds of thousands of unsecured insecure cameras out there that are IP based that has a specific address that could be from the other side of the world. A hacker and their easy chair can address that and turn it on without somebody knowing about it. That’s a real problem and when they’re not firmware upgradeable remotely. Guess what the consumer is not going to send it back. It’s installed. They climb the ladder. They mounted it whatever the case may be. They’re going to live with it until they cut the cord and rip it out and put something else in so. The mindset for Internet of Things device is really has to change and focus on encryption, focus on the ability to upgrade the specific devices and also the ability to monitor those things, we’ve developed here at my company Berkeley Varitronic systems tools that actually are used so you can sniff out and hunt down IoT threats that are brought into your environment, in your office, in your home and your business that you don’t even know about. The employee that brings in or the hacker that sneaks in and plugs in rogue access point that you don’t even know about.That connects into your neck computer network, and now they could be siphoning personal information off their compromised IP or anything else. I mean that’s very powerful these days and it’s very real. So it’s important that companies are very cautious but even consumers that they’re not too quick and I always tell people when I’m presenting, do you really need to plug that device in? Stop and think about it first and ask yourself some basic questions. What are you getting out of this device? What are you giving away in the terms of data privacy? That’s important for us to ask those questions.

John: You know, we’re living in this world Scott and for our listeners who just joined us where we got Scotch Schober on with us. He’s one of the top cyber security experts in the world. He has two books out right now Hacked Again,and Cybersecurity Is Everybody’s Business. I would read those books if I were you, whether you’re just a homeowner running your household or business owner running a big corporation or small business in a local community. These books are really great stuff and also to find Scott and maybe even hire him to work with you. You can go to www.scottschober.com or www.bvsystems.com. Scott, we’re living in a world where people are also excited about new transportation opportunities. The growth of the electric car and of course, Tesla and soon-to-be driverless vehicles, is it wrong for me to say that the electric cars basically become a computer on wheels? And if so, what does that mean to our cyber risks as both owners or lessees of these vehicles and also passengers in these vehicles?

Scott: I kind of knew it this way. In fact, there’s a chapter in Cyber Security Is Everybody’s Business. I think I call it Planes, Trains, and Automobiles and I talk just about that. My fear of where we are and where we’re going in the world of transportation and to your point just think about vehicles if anybody walks into a car dealership today and they purchase a vehicle be at a Tesla, Mercedes doesn’t matter what it is.High and low and guess what every single vehicle of the 50-plus manufacturers in the world have embedded 4G LTE cellular modems in there. Whether or not you subscribe to a service there or not there in your vehicle. What does that mean? That means there is wireless connectivity through the basic through all the the cellular networks that are out there around the globe. So what’s tied with that obviously GPS. So technically, can we be tracked? Sure. Can notification be pushed to our car where information pulled out such as innocent things like hey your car is ready for a service or an oil change? Yeah, absolutely. But more nefarious things could be done to buy a hacker and that’s been proven out by many researchers that have shown that hey they can basically affect the ecu’s inside the car electronic control units in pushing nation. That’s scary when it can affect our lives. Were take ransom on a vehicle just like ransomware attacks. That’s the future take over the car. That’s very scary and a real thing that we need to be cautious about.

John: I also read a story and I don’t know where wasn’t recent that was about 18 months ago, where a hacker did the same thing, excuse me, on a commercial plane.

Scott: Yeah, that’s Chris Roberts actually. He was a guest. I interviewed him on my segment what keeps you up at night and what he did there which was kind of interesting. On a flight, he actually tied into the infotainment center plugged in and played some shenanigans I guess you could say and he revved up one engines which caused the plane to tilt and he was greeted when the plane landed by the FAA and banned from flying for a while and I think he lost his job. It was a big mess, but he’s since moved on and I think learned from his debacle let’s say. What was the show us- It shows us how vulnerable-

John: Right.

Scott: When you’re talking about billion dollar companies, Boeing’s and others are developing some pretty advanced avionics and the fact that you could hack in through the infotainment center and it runs parallel to some of the avionics in the security where there were some basic open flaws that have since I believe been corrected throughout the flying community. So people shouldn’t be scared, but they should be concerned. It really researchers open up that conversation. So in my opinion he actually did a good thing. He prevented a real hacker from causing a major take down which is what we really want to do. We want to test things properly and get the vulnerabilities taken out.

John: His shenanigans prevented hopefully a tragedy.

Scott: Exactly. Yeah. Well said.

John: Let’s go back to what you just mentioned though, because you were kind enough to include me on a recent episode of what keeps you up at night, but why did you launch that podcast and how’s it been going? And share with our listeners a couple of the scariest stories you’ve heard since you’ve been hosting that.

Scott: Well, I tell you what, it’s a nice diverse group of business owners. All that how cyber security kind of touches their lives and I think I constantly have fears and I’m dreaming up things. I try to get into the mind of a hacker and I say to myself if I was going to try to do this. Here’s what I would do and to be honest when I was younger, I was addicted to games. My father worked for a number of years at [inaudible] he was the vice president of the research lab, so I grew up in my brother grew up surrounded by games. And at one point we got to the point where we were actually hacking games going on bulletin board systems before the internet as we know it for those old-timers out there and we would get on and we would hack passwords get onto the different levels and we’ll be pirating games and we did this we didn’t have any monetary gain. So I wasn’t I’m trying to justify it wasn’t a thief at that time. However, it was a lot of fun and it was one ofthose ego boosters who could collect more games than anyone else on the world and we did this for years and it was kind of exciting I think. So, I’ve always dreamed up and done things maybe from a hacker side but stayed on this side of the line, which is more of maybe a white hacker than a true black hat and getting in trouble getting caught and stealing things and I think that always kind of in the back of my mind said, you know what I’ve seen a lot of podcasts video audio. I enjoy them. I follow them I saidIf I’m going to do something I want to get into someone else’s mind and get a sense. What is their fear? What really does keep them up at night? So as I started to talk about that with my brother Craig, we said Jesus what if we just call it that and we keep it short and simple and will have a segment that basically has one question and we have no clue what the answer is and we’re going to learn from them and hopefully share with everyone else and that was kind of the genesis of the segment and we’ve done it now for a little more than two years. And had some great guests on there as you meant Chris Roberts. He was a lot of fun. He’s got his purple dyed beard when he came on and his kind of packing den and shared some interesting stories. I had the guy that actually inspired the movie War Games if you remember him.

John: Sure.

Scott: He came on and he actually came on from a secret spot on the other side of the world that’s undisclosed because he’s being hunted down by other people. So we did an episode with him, which was a lot of fun. A lot of people shared similar to your question about IoT. That’s a huge fear by many of my listeners. A lot of researchers have a lot of problems with deep fakes that keeps coming up concern about artificial intelligence. Where were that’s going and how that’s going to come into play in the hackers hand. So very diverse subjects that all crisscrossed the world of Cyber security, but I think it really invokes a lot of fear and that to me is good because it starts the conversation and hopefullysome of our viewers take that and say hey, here’s some stuff that I got a design or develop to counter what these cyber criminals are doing because it’s only going to get worse and I think we’re going to lose if we don’t work together and communicate and share where we are now, but where the future is going to be in the world of Cyber security.

John: Right? I agree, before we go on to what you’re cooking up for the end of the year your next book. Can you talk a little bit about the issue of Cyber Insurance? Where- Is it something that our listeners should buy to protect their businesses to protect themselves, or is it a little bit over hyped? Talk about the realities versus the the promises with Cyber Insurance.

Scott: Yeah. It’s a top very topical I think and it’s a question. I think almost daily. I talk about Cyber insurance whereas it used to be something I would talk about every few months. So I think it’s on a lot of people’s minds especially small business owners because larger companies they have cyber security insurance and they usually can afford it because it’s really about weighing the risks and offsetting those a bit smaller businesses is a little bit more challenging because they’re run mean and lean often. They’re not so quick to spend a buck and they’re a little more hesitant for most business owners that I talk to. I know I was that way myself go back post more than five years ago. We did not have cyber security insurance. After being hacked and hacked again, we do have cyber security insurance and I’ll tell you why because it’s now become in a sense like my second book. It’s become everybody’s business it now affects everyone and hence. It allows you to look at whatever information you have. What’s your secret sauce? What personal information do you have inside of your business that you need to protect? It could be employee records Social Security numbers, credit card information, passwords, whatever it is. Intellectual property know how software doesn’t matter. That’s all very valuable. So having some Cyber security Insurance protects you but it does not actually in a backwards way. I don’t focus as much as hey out if I am compromised or say if and when I’m compromised more importantly it gives you a discipline set of rules and regulations that you need to implement within a company and within a culture. So you think about cyber security and most good cyber security policies comes with some level of education. Just like if you’re familiar anybody that’s listening, PCI compliance. It’s I kind of call it a checklist that you got to go down. If you’re going to process credit cards to make sure you know, do you do this? Do you shred documents? Most people say yes, yes,yes, yes. If they’re in a meeting or over the phone. Why? Because they look like an idiot if they’re not properly complying to this but it’s a bit self-disciplined. You don’t want to lie, but you don’t want to you know confuse people and say that we’re really not secure. I think with Cyber security Insurance you need to take it to the next level and actually implement the policies and procedures for handling personal information and a good cyber insurance company and an agent is going to come in and make sure that you’re actually doing it and educate the staff to make sure that they’re properly doing it and I think that kind of goes hand in hand. Don’t look at it as if I buy this policy for a million dollars of coverage. That’s it. I’m done. I don’t have to worry about passwords. I don’t have to worry about factor authentication. And no that’s not the case. In fact, you need to do even more once you sign on the dotted line and you pay a premium. Why? Because if and when you are compromised in breach you’re going to want to pick up the phone 24/7 and have a person at the other end and say hey John Smith, I think I’m a victim of ransomware. What do I do? They’re demanding $50,000 in the equivalent of Bitcoin. They’re going to tell you right there stop and they’re going to move in and see if they have the decryption keys. So they can unlock that and put you back in business. They could tell you hey, remember that back up I told you have to do every week? Let’s revert you to that. They’re going to have some procedural steps. They’re going to step inand say hey Scott, guess what? We’re going to go in and we’re going to negotiate this you’re going to have to pay the ransom the policy will cover but instead of paying fifty thousand we’re going to negotiate it down to the equivalent Bitcoins for $15,000 and settle it. Get that decryption get you back in business. So a lot of it is reducing the risk getting an expert that’s going to hand hold you through the process so you’re not bumbling and we’ve got example after example of people that probably did it wrong and I talked about that the target breach and the Sony breach and Home Depot, Anthem, you know breach after breach things that will done.

John: Marriott.

Scott: Yahoo. Yahoo! Yahoo! Happened three times, right?

John: Right. Unbelievable.

Scott: Billions of people were affected. So do we learn things post breach from these large companies that we can now implement in our small businesses even Fortune 500 companies can look at those examples to say hey, we got to do some things here to improve our cyber security posture. And yes, part of that is having good coverage cyber security coverage understanding what it does cover and what it doesn’t cover. That’s very important.

John: Now, you know, obviously because you’re not doing enough hosting what keeps you up at night, having written Hacked Again, having written the Cybersecurity Is Everybody’s Business, and running BV systems.com with is PV systems with your brother and your father. You’re now writing and about to come out with a third book, which we’re going to have you back on the show and to when that book comes out to talk about it, but give our listeners a preview on the next book coming in. Why you wrote this one?

Scott: Yeah, absolutely. My continual frustration in the world of cyber security is analyzing who is targeted and why and one standout that I keep hearing again and again and again, and I lived through it the personal experience of my grandfather and he had several attacks. And when I say cyber attacks the more of what I call a scam through the phone that he was targeted and then also credit card fraud and acouple other things that he dealt with and tried to assist them through that. It pains me deeply to see how cyber criminals really just don’t care about their victim. They really don’t care. They just want one thing they want the money. So it’s kind of a crime that they never see the person and I always related to somebody that robs a bank. The old days they take a gun. They got to get away car. They put a mask on. They go into a bank. They hold up a gun and say give me all your money. They see the victim. That’s not the case in the world of cyber security. Somebody’s at some remote disconnected keyboard and they never see the pain exactly that their victim gets inflicted with and what’s happened is they’ve targeted the elderly they literally and I share the story in my third book and then the book is titled Senior Cyber and I actually dedicate it to my grandfather. He is- he was 99 years old just shy about a month of his hundredth birthday when he passedaway recently and it’s an interesting I try to take people through and give them some empowerment if they are elderly so they’re not feeling like they’re hopeless and they can’t get on the computer and they can’t use a smartphone and they can’t use the internet because of fear or fear of scams. So hopefully it’s educating the senior. So they’re comfortable enough to survive in this economy that were in in this life where you’re forced to use technology. So a lot of it- It’s a combination of building them up. I hope empowering them giving them education but more on a simple path without a deep tech dive and as I come across the term and Senior cyber, that’s unfamiliar. I literally will define it and then I will try to relate it to something that perhaps 50 years ago or decades back that they could relate to. So that way it’s draws a corollary every time they say Iremember when I got my first phone in the house or my first TV on the block that was new hot technology. Just like now I go on the internet and it’s something so different. So you didn’t have to be scared back then. You got used to it. Just like now you can get used to it, but you still need to take some basic precautions. So I try to balance that throughout so it’s a much light to read. It’s also a much larger font because as I get older. I’m now 50/50 in my eyesight starting to go so I made the font a little bit bigger. Trying to think about the senior to make it easier for them to relate to it. Read it. Enjoy it and more importantly share the information and the tips throughout the book so they could help others that are maybe thinking about getting a computer or going on the Internet or getting a smartphone and not being so afraid.

John: I love it. And when does that book come out?

Scott: It’s going to be later this year. So hopefully fourth quarter this year. It’s actually it’s been written. I finished writing it and it’s again co-authored by my brother because that worked so successfully in the second book. So now we’re going through the process of getting it published and we are self-published. So it’ll be available hopefully very soon on Amazon and all the popular book stores and online as well.

John: That’s awesome. And that’s going to give us a great excuse to have you back.

Scott: Yeah. I look forward to it.

John: Yeah, and before we sign off for today any final thoughts you want to share with our listeners?

Scott: I think I just want to again and I mentioned it before but really emphasize to people when you hear cyber security, don’t turn that switch in your mind and say oh that’s techie or that’s this or that, it truly is now everybody’s business and it is something that we have to embrace, learn about and make it part of our daily lives, even though we don’t like it we might liken it, too.Unfortunately, I hate to bring up this analogy with this virus we’re learning how to survive wearing a mask. We’re learning about social distancing. We’re learning about different type of hygiene with hand sanitizer and think that may be the new norm going forward and we will survive through it if we make adjustments just like cyber security. Once we learn about it, we will learn how to make adjustments so we can stay safe so we can still use our computers, our smart phones, the internet, wireless devices, IoT, I love technology. I embrace it. I encourage people to do it, but with caution don’t be afraid of it. But use caution to make sure that you’re doing it as secure as you can and into implementing best practices. So you’re not the next victim that gets hacked.

John: I love it, Scott and I can’t wait to have you back on. There’s so many questions I didn’t get to today that I want to ask you about GDPR and the new privacy laws and states and of course, we’ll have you back to then talk about your new book Senior Cyber. For our listeners out there that want to reach Scott or read what he’s doing or see what he’s up to. Please go watch his podcast what keeps you up at night. Also you could go to www.scottschober.com or www.bvsystems.com. If cyber security is on your mind and you’re worried about your security or your privacy or all your as it’s known in the industry your crown jewelsand your money, you should read Cybersecurity Is Everybody’s Business. It’s everybody’s booked for sure. I’ve read half of it already and I’ve learned more in that half of book than I learned in reading 10 other books on the subject. Scott, you’re making a great impact. You’re making the world a better and safer place. Thank you for joining us today on the Impact podcast.

Scott: Thank you, John and to all those listeners stay safe.