Friday, April 5, 2019

Bob Morris Interview: Bart McDonough on becoming “cyber smart” (Part Two)

Bart McDonough is the author of Cyber Smart: Five Habits to Protect Your Family, Money, and Identity from Cyber Criminals and CEO and Founder of Agio, a hybrid managed IT and cybersecurity services provider. Prior to founding Agio, Bart worked at SAC Capital Advisors, BlueStone Capital Partners, OptiMark Technologies, Sanford Bernstein and American Express.
Harnessing his expertise, Bart and the team he’s built of more than 250 employees have developed cybersecurity and managed IT tools tailored to protect businesses’ most precious assets: money and reputation. And they do all of this while having a blast doing what they do best every day with the people that matter. The culture at Agio is unlike any you’ve ever experienced. Once you’re in, you’re in, and everyone loves the Kool-Aid.
Bart currently sits on the board of two cybersecurity firms, TwoSense.AI, and Magnus Cloud. He attended the University of Oklahoma and received his undergraduate degree from the University of Connecticut.
* * *
For those who have not as yet read Cyber Smart, hopefully your responses to these questions will stimulate their interest and, better yet, encourage them to purchase a copy and read the book ASAP. First, when and why did you decide to write it?
I’m a 20-plus-year veteran of the cybersecurity space, as well as Chief Executive Officer of Agio, a managed IT and cybersecurity service provider I founded in 2010. We help financial services, healthcare and payments industry organizations manage their cybersecurity and data management strategies, which often requires in-person visits where I’ll talk to these folks about best cybersecurity practices in the workplace.
No matter which organization I spoke to, whether it was a large hedge fund or a smaller healthcare practice, every presentation would end the same way – people approaching me at the end to ask various questions about how cybersecurity applies to their personal lives. We live in a world of supply and demand, where more of our lifestyle is migrating to online platforms each day and I realized that American consumers need a guide on how to navigate the cyber world and offer peace of mind.
While several books out there address the topic of cybersecurity, the majority use fear-based conditioning and focus more on businesses and corporations. Very few teach individuals how to protect their homes and personal online experiences. Cyber Smart posits that while all technological advances have risks, there is no reason not to embrace them with open eyes and a keen awareness for keeping private information secure.
Were there any head-snapping revelations while writing it? Please explain.
The biggest revelation was the reason people suffer the consequences of poor cybersecurity is not a lack of knowledge, but instead a lack of consistent execution. My goal shifted from teach the “what” to really teaching the “why.” It is much more important to motivate people to follow their good habits, then it is to make sure they know every nuance around cybersecurity. By being consistent in executing what I call the “Brilliance in the Basics,” you can easily protect yourself and your family from the majority of online crime.
To what extent (if any) does the book in final form differ significantly from what you originally envisioned?
Well, considering I originally envisioned a packet to hand out it is drastically different. When I first started it wasn’t as in depth about how to protect your children or how to guard yourself when traveling which are all included in the book now.
Please explain your observation, “When it comes to our cyber lives, we all live in a bad neighborhood.”
I would define a bad neighborhood as one where people are trying to steal from your three-to-five times a day. This is the cyber neighborhood we all live in today. In a bad neighborhood, you are always on high alert – clutching your purse a little tighter, putting your wallet in your front pocket, being extremely attentive to sounds and movements. This is how we should be online – very skeptical and highly aware of who and what you are engaging.
What are the two or three specific areas in which most [begin italics] individuals [end italics] most vulnerable to cybercrime?
Bad actors use a range of attack methods, but some are notable cash cows that tend to be recycled repeatedly. Social engineering, the psychological manipulation of people into divulging confidential information or moving funds, is one of the most prevalent schemes and a particularly concerning one at that, given its broad use across more than 66 percent of all cyberattacks.
These social engineering attacks use a combination of phishing techniques spanning email phishing (mass-produced spear phishing, whaling, and email compromise), voice phishing (vishing), SMS phishing (smishing), and pretexting attacks. As vulnerable as some emerging technologies might be, social engineering’s danger lies in the fact that humans will always be an attack vector primed for deceit and exploitation.
Social media is also prime hunting grounds for bad actors because of its ever-growing user base, heavy consumption, and the significant incentive for users to disclose their personal information. With more than three billion users actively on social media, these platforms have become prime attack vectors for stealing a victim’s identity. In tandem with high consumer usage, the progression of data science now allows bad actors to collect, interpret and exploit massive amounts of data faster than ever before. As a result, hackers can now ‘weaponize’ data science to send out personalized attacks at greater scale and speed.
What about businesses?
The “set it and forget it” mindset. This is a massive cybersecurity vulnerability that is prevalent across all industries. Often, the firms that develop incident response plans expect to be effectively protected simply because they took this first step. However, cybersecurity occurs in an unpredictable, rapidly-changing environment that requires regular monitoring of internal events, external events, newly-discovered vulnerabilities and ongoing evaluation of new procedures and solutions. To address these issues, regular governance procedures such as meetings with operational staff and executives can help ensure that a firm is effectively protected. The efficacy of a cybersecurity program is highly correlated with the rigor applied to its associated governance, which requires active participation from Technology, Legal, Human Resources, Investor Relations, Compliance and Risk Management departments. Everyone has a seat at the table, they need to show up and take it seriously.
Cybersecurity is IT’s concern. This attitude is a major obstacle to enterprise cybersecurity. Without the participation of business unit managers and other stakeholders who help track information assets, uncover new weaknesses, and make strategic investment decisions, the effective prevention and response to cyber risk is not attainable. Individuals at all levels can create problems by sharing passwords, losing or failing to update their devices, accidentally emailing sensitive files and clicking on malicious links.
What about children? How significant is their vulnerability?
Children are extremely vulnerable because parents don’t actively check their children’s credit reports, and they can have years of damage before anyone even notices.
I am especially concerned about exploitation of the elderly. Why are they uniquely vulnerable?
I think it boils down to lack of awareness of some of the more modern scams and techniques. You don’t know what you don’t know, and that is where the book really can help by raising awareness of what has been done and assisting readers in resetting their internal “alarms” and helping them to better protect themselves or having loved ones do that for them.
What about the federal government and our two major political parties?
They are similar to businesses in that most executives of their don’t take it seriously. They tend to think cybersecurity is an “IT issue” opposed to a serious business-risk problem. There is often poor governance and inadequate resources allocated. They simply aren’t investing what they need to properly manage this risk.
What are the most widespread misconceptions about cyber crime? What in fact is true?
Many believe nation states are to blame for the majority of cybercrime. In reality, much of the cybercrime is conducted by low-level criminals. Alkso, the idea that “I can’t save myself” is a huge and wrong perception. Again, the reality is you can do a lot to protect yourself online. The book showcases tips which can help navigate what you can do to protect yourself. Readers have even told me they paused reading to implement the suggestions as they read the book. You don’t need to be a cybersecurity expert to protect yourself, you just have to know the basics and be consistent with them.
These five simple cyber-hygiene principles will significantly reduce the likelihood of cyberattacks:
1.  Update Your Devices
2.  Enable Two-Factor Authentication
3.  Use a Password Manager
4.  Install and Update Antivirus Software
5.  Back Up Your Data
How specifically can each reader determine the nature and extent of their current vulnerability to cyber-attacks?
Readers can assess themselves against the five main habits I discuss in the book and see how well they do against them. From there they can determine what they need to implement as part of their new cyber-hygiene routine.
Then what? Where to begin?
The first thing most people need to do is to make sure they have unique passwords for all of their logins and begin making sure all of their devices are updated. The book provides suggestions on how to handle these initial steps and guides readers through the process while explaining the importance of each habit.
Any specific dos and don’ts to keep in mind when embarked on that process?
Be honest in reviewing ALL of your devices and ALL of your logins. I think people only take security seriously for their banking accounts but it is important you protect all of your accounts.
In your opinion, which of the material you provide in CyberSmart will be most valuable to those now preparing for a career in business or who have only recently embarked on one? Please explain.
While there are literally hundreds of suggestions, the power is in developing good habits around the basics detailed in the five “Brilliance in the Basics” material. As a business person, regardless of your position, you need to keep yourself and your organization safe. If you consistently practice these five habits, you will certainly be an asset to your organization.
Which question had you hoped to be asked during this interview – but weren’t – and what is your response to it?
“What did you think five years ago that you now have a different opinion about?”
Five years ago, I truly believed in order to get more done, I simply needed to work harder and I would achieve more. I now strongly believe in the power of pulling back to see a different perspective which might enable me to accomplish an objective much differently or perhaps skip it entirely. That is, working smarter gets more and better results than simply working harder.
* * *
Here is a direct link to Part 1 of this interview.
Bart also cordially invites you to check out the resources at these websites:
His website link
The Agio link

Editor's note: This article was written by Robert Morris and has been rerun with his permission. Like what you read? Subscribe to the SFRB's free daily email notice so you can be up-to-date on our latest articles. Scroll up this page to the sign-up field on your right. 

Order it on Amazon today.
Two kings. Two princes. One queen. The true story of five aristocrats separated by time, culture, and circumstance -- all of them bound to the United States by accidents of history and left to hope for a tomorrow better than today. Prepare for a vision of the American Dream as few others have ever seen it.