Best known as the president and CEO of RAND Luxury Inc., Bradford Rand has made plenty of important events possible. Rand has produced over 1,000 different shows over the past 24 years, such as The Luxury Review, Go Green Expo, and TECHEXPO.
And, now as a producer of the Cyber Security Summit, a coalition built to combat cyber attacks, Rand has his finger on the pulse of anti-cybercrime. Indeed, considering the explosion of large-scale hacks and ransomware breaches, events like the Cyber Security Summit are more important than ever. In this exclusive interview, we speak to Rand about how businesses can avoid the threat of modern cybercrime, and what advice he has for regular consumers looking to keep their data safe.
Innovation & Tech Today: Big hacks seem to constantly be in the news these days. Do you remember a particular story of a major hack from one of your conferences that interested you or that you were able to learn from?
Bradford Rand: At one of our summits in 2015, the FBI was discussing paying ransomware. Many people had read the headline “FBI Says Pay Ransomware.” I think it had 300 million hits – [it] went all over the net. And, basically, that was a misquote. The reporter just put in “FBI says pay ransomware” but didn’t bother to include the fine print. What the head of the cyber taskforce of Boston was saying was “Someone said to me, ‘Hey, should we pay ransomware?’” And his answer was “Well, the FBI always says contact us, but, on a side note, should you pay the ransomware? Yeah, you probably should if you have not backed up your data.”
And if they want $500 or $1,000, these cyber-terrorists are actually very good with customer service. Meaning that once you pay the $500 to $2,000, you’re probably going to get all of your data back. If someone’s got your data and you did not do your due diligence, and you didn’t back up your data, and you’re going to lose millions of dollars, or you’re going to go out of business, yeah, you would probably be smart to pay it.
The Daily News, the San Francisco Chronicle, CyberWire. Everyone picked it up and used that headline “FBI Says Pay Ransomware,” making the FBI look very dysfunctional, and weak, and at the same time giving a huge plug to all of the cyber-terrorists out there saying that the FBI says you should pay the ransomware. Meanwhile, all he was saying was if you’re dumb enough not to have backed up your data, and someone has a gun pointed to your head, then pay the ransom. That story, as humorous as it was, almost got him and the FBI in big trouble, but was totally taken out of context.
I&T Today: If you’re a business owner, what are some of the most important things you need to know about cybercrime in this day and age?
BR: According to what I’ve read, insider threat still seems to be one of the major causes of a breach, and there’s really two major ways. [First,] an insider threat like corporate espionage – basically, one of your own employees stealing data or utilizing passwords they should not have access to, downloading the data, sharing it, selling it, or keeping it as a weapon for maybe a future competitive advantage over you. Like a sales rep downloading all of the contacts of your sales database.
Another more innocent version of that, which we all know, is the phishing scheme. A secretary, a vice president, whoever it may be (it happens to everybody) clicks on a link that they think is legitimate. That link is maybe a CNN news link; looks like CNN, smells like CNN, says “NEWS ALERT: Earthquake in California.” So they will click on that link and download some type of malware or a virus that affects the entire network, and either silently steals your data, or gets bugs in your system, or immediately shuts it down, like the Sony breach.
I&T Today: Obviously, cybersecurity is still important for the average user. Do you have any thoughts on some of the better antivirus software, or methods, for general consumers?
BR: Something I’ve learned from the computer companies: When they say “software update,” I never used to click those buttons. I never used to care about the latest version. Those latest versions have defensive measures that protect against bugs, that protect against viruses, that protect against malware. So, a common, healthy practice, is when you get that email saying “update your software,” it is actually very smart to do so. For the layman and the normal consumer, follow along that standard reminder.
Another thing, of course, is passwords. Probably the easiest thing to manipulate is your password. And that should certainly be changed every three to six months. I mean, I share my travel passwords with my assistant, and her assistant, and her assistant. Anyone can go into my Delta Airlines account and take all my points. Obviously, I do trust my employees and so forth, but let’s just say if my assistant’s laptop gets stolen, and she didn’t password protect it. Now, my passwords and my data are open. And now, in talks with you, I’m now thinking, “Wow, I’d better put in an Excel document a password to open or close that document.”
To learn more about upcoming events, visit Cyber Security Summits
Interview by P.K. French