04 Jan Industry Expert Doug Loots Talks Cybersecurity, WFH, and More
NINJIO CEO and co-founder Zack Schuler sat down with cybersecurity expert Doug Loots in April 2020, as businesses were shape-shifting to account for the pandemic. With more than a decade and a half of industry experience helping major companies improve their digital defenses, Loots’ insights about employees taking cybersecurity into their own hands is still prescient given the continued work from home environment.
Millions of Americans still can’t rely on IT teams and in-house cybersecurity experts to stay safe online. While this may seem daunting – particularly for employees who don’t consider themselves technically inclined – the idea that you need to be a tech expert to develop healthy cybersecurity habits is a stubborn misconception.
As long as employees remember a few important principles, they’ll be in a strong position to avoid falling victim to the ever-multiplying cyberattacks out there.
Here are some key excerpts from that interview:
Zack Schuler: When people ask you how to guard against cyberthreats, what’s the first thing you tell them?
Doug Loots: Know who you’re in communication with. Email is tricky because it’s anonymous and addresses can be spoofed. When it comes to transfers of sensitive information or money, you should verify in person whenever possible. Phone calls can be just as bad, which is why you should never disclose sensitive information on a call unless you’re absolutely certain you know who you’re talking to.
ZS: How do you see these attacks changing in the future?
DL: While attack vectors like the ones I just mentioned aren’t new, they will continue to be easily exploited. New deepfake technology will only exacerbate the problem and senior management teams are only beginning to glimpse how serious it’s becoming.
ZS: How can companies improve their cybersecurity platform?
DL: The process I try to follow (but have had little success with, as I’ve had zero support from top management) is that true change is behavioral change. This sort of change only happens when being responsible and secure is in employees’ best interest. The question is: “How can we make that a business priority?”
ZS: How would you answer that question?
DL: I’ve found that being able to tie security practices to making employees and their families safer helps. Coherent and consistent messaging is also essential. Messaging in today’s media only confuses employees, which is why cybersecurity professionals need to educate our users to be even more critical of the information they consume.
See the original post on Zack’s LinkedIn here.