Top-Notch Cybersecurity In Uncertain Times with Brian and Wes Gill

Today we have Brian Gill and Wes Gill joining us. Brian and Wes are brothers and cybersecurity experts.  They both have a great deal of business and technical experience within the space. ​

Brian is a computer scientist and entrepreneur. He is the CEO of Gillware, a company he started eighteen years ago.  During those 18 years, he has been helping businesses get out of IT disasters especially data loss situations.  Brian has been working with his brother Wes for the last twelve years.  Brian currently runs Gillware doing the most traditional data disasters.  Wes is the Vice President of Product at their sister company Tetra Defense. Tetra Defense focuses on cyber specific disaster and disaster prevention. 
​ 
Brian and Wes share current trends, misconceptions, and attacks they are seeing in our current times.  They also share beginning steps to take if your company is attacked.  We wrap up by discussing the importance of a disaster recovery plan.  They share what you really need in your disaster recovery plan and how often it should be reevaluated.  

​Show Notes:

• [00:59] Brian is a computer scientist and entrepreneur.  
• [02:16] Wes is the vice president of product at Tetra Defense.  
• [02:53] With 25-30 million Americans working from home the field of opportunity for the bad guys has widened big time.  IT people and IT budgets are stressed.  
• [03:39] They are seeing an initial wave of attacks that are coming into home networks.  
• [04:28] It is important that you don’t have any extreme vulnerabilities in your framework. 
• [05:52] When it comes to balance, take a look at what your systems are and what you’re using.  There are a lot of great tools out there that can do vulnerability scanning.  They will tell you if you have any glaring holes and you need to take those extremely seriously.  
• [07:21] Wes highly suggests that companies buy a YubiKey for all their employees working from home.  They are a great balance of security and convenience. 
• [08:55] Bad Actors are continuing to get more sophisticated and more aggressive with their ransom demands.  
• [09:41] The amount of money being demanded continues to multiply.  
• [11:19] Cybersecurity Maturity Model Certification (CMMC) is a new initiative from the Department of Defense requiring all the suppliers and their supply chain to obtain a cybersecurity certification.  There are five levels.
• [11:26] The first level is basic cyber hygiene and includes seventeen best practices that you have to follow. 
• [13:43] The DOD is blazing the trail with this very large scale certification requirement. 
• [15:38] It is not often one criminal syndicate at work.  Many times specialists work together. 
• [17:48] Often times companies are trying to protect themselves against risks that don’t exist and they are missing the ones that do. 
• [19:09] The biggest mistake if you have the security people on staff and they think they know everything.  They can be very dangerous. 
• [20:02] Those people that don’t know how to check their ego at the door, they are a dream come true for the bad guys.  
• [20:42] If you are under attack, you have to assume that whatever you have in there is going to be compromised if it hasn’t already then immediately isolate any nonimpacted back-ups you have.  Those back-ups are probably your fastest and least expensive way to recover.  
• [21:09] Next change your Azure AD passwords. If you don’t have advanced endpoint protection software you must put it into place. 
• [22:01] Contact your insurance company and banks and let them know what has happened.  
• [23:54] Don’t hide an incident if it happens, communicate about it. 
• [26:08] The first few pages of your disaster recovery plan need to be rock solid and reviewed every 3 months.  
• [27:56] Be more confident even as a beginner and it is ok to ask stupid questions.  
• [28:39] Make a challenge of something.  Ask questions and have conversations with the leaders of the company because often they are valuable.  
• [29:33] Don’t try to create too much yourself, others have solved the problems extremely well and you can just integrate them.   
• [31:29] Brian shares his best worst boss story. 
• [33:42] However paranoid you are, get more paranoid.  
• [34:08] Boards and CEOs all need to budget more money for defense across the board.  There is probably not a single company in America that is properly capitalized to prevent threats.  The threat is exponentially bigger than it was five years ago and your budget is like 2% bigger. ​

Links and Resources:

• State of the CIO Podcast Website
• State of the CIO Podcast on Apple Podcasts
• Dan on LinkedIn
• Gillware: Data Recovery Services
• Tetra Defense
• Brian on LinkedIn
• Wes on LinkedIn
• YubiKey