Host: Jeremy Cherny interviews Jason Claycomb, Founder of INARMA
“INARMA is a professional services firm. The short tagline is ‘We assess controls.’ So I really like how you think of security as a process and not a product – that’s exactly what we do. We help people with the process around security. Yes, there are products involved, but those are types of solutions and we help people pick the right solutions.”
Why is security so important to you and your clients?
We’ve all got sensitive data. There isn’t any business that does not have sensitive data in it or where the data isn’t critical to the running of the business. So we want to protect that data because, at a minimum, we’ve got to protect our reputation. But in some regulated industries, you have to protect data even more because of the various laws and regulations. At a minimum, hackers are going to go after credit cards, bank account numbers, social security numbers and we’ve all got that kind of stuff in our companies.
How do you stay on top of the latest security threats and the things your clients need to know about?
I live in this space, right? I’m talking to vendors, I’m talking to clients about what problems they’re having. I get emails from vendors and “security alert” types of services. All of the ones I use are free, too. So from there I can pick and choose what is relevant information that I need to know or my clients need to know based on what kind of clients they are. Also, podcasts like this one are super helpful as well.
How do you talk to clients about the importance of security awareness and how do you go about that training?
A lot of companies have this sort of attitude of, “It can’t happen here.” The problem is, it can. Everybody is a target, though some companies are bigger targets. But for example, any one of the listeners right now, their website and their external email servers are being scanned for vulnerabilities as we speak. And so if we’re not up to date, hackers are going to see the vulnerability and try and get in. Also, all of this is automated, so when we look overall at the big data breaches and the big dollar losses, that’s in the big companies. However, it’s something like 60% of losses, due to any kind of cyber breach or cybersecurity computer breach, are out of small businesses. So we have to be diligent too.
What are some security tips you can give our listeners?
Whether it’s the personal side of the business side, be careful about what you post out there. People can get passwords or password reset answers from a lot of the things you’re putting online. For business, you should be thinking about how important your data is. What type is it? How critical is it? What types of protections do you have around it? Enabling multi-factor authentication is a big one. Not just relying on an ID and a password.