Gabe Turner of Security.org: 5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity

An Interview With Jason Remillard

To protect against malware, it’s important to have all work-related devices downloaded with antivirus software. Many services also include protection against phishing, ad-tracking, and even spam calls. I used to get multiple spam calls a day, which would drive me crazy, but with antivirus software, I receive less and less.

As a part of our series about “5 Things You Need To Know To Tighten Up Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Gabe Turner.

Gabe Turner is an attorney and digital privacy expert as well as Chief Editor of Security.org, a website dedicated to digital security.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I grew up in Nashville, Tennessee and was homeschooled until the age of nine. This meant that I spent a ton of time reading books and learning about things above my school grade level. Later, I attended a liberal arts college in Tennessee before attending law school at NYU. I spent a few years working for the government, suing banks, before switching to digital privacy and home security at Security.org.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I was inspired to pursue a career in cybersecurity during my career as a lawyer. I sued many banks on behalf of the government and began to notice how often they had security breaches, which is particularly concerning given the sensitive financial information they hold. I started to look into things like hacking, identity theft and phishing and became more interested in the topic, so I switched fields and began working as Director of Content of Security Baron, which later became Security.org after it was acquired by Centerfield Media.

Can you share the most interesting story that happened to you since you began this fascinating career?

It has been interesting to see how important cybersecurity has become in regards to the 2020 presidential election. Candidates like Cory Booker and Bernie Sanders made cybersecurity and data privacy key issues of their campaigns. Along with my colleague Aliza Vigderman, Security.org’s Content Manager, we put together a comprehensive database of all the candidates’ positions on election security, data privacy laws, and tech monopolies. While we can’t say for sure, we believe this database may have an influence on the national election, making information more accessible to anyone online.

None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?

I would like to shout out my video director and editor, Corey Birnstengel. As a one-man operation, he helps me to shoot and edit my Youtube videos, which have received over three million views thus far. Since many people turn to Youtube for product reviews and security advice, it’s Corey that’s allowed us to grow our video presence and educate people that prefer watching videos over reading. Our most viewed video, which compares the Ring and Nest ecosystems, has over 346,000 views, so clearly, Corey is doing something right.

Are you working on any exciting new projects now? How do you think that will help people?

At Security.org, we always have several exciting projects in the works. Right now, we created a national database to report porch piracy, as there’s no national information available that’s specific to package theft as opposed to general larceny. Since package theft spiked during the COVID-19 pandemic, we hope to provide legislators with the raw data they need to better prevent and enforce package theft laws. We also did a study about child identity theft to see how parents prevent it, or not, which we think will be helpful to anyone with kids. Finally, we’re working on several webinars on digital privacy topics that are open and available to anyone with Internet. Our goal is always to educate people, and that’s why we share our research in so many different ways.

What advice would you give to your colleagues to help them to thrive and not “burn out”?

I would say that it’s important to take breaks throughout the day and throughout the month. Don’t be afraid to take mental health days when you are feeling stressed, and be communicative with your colleagues if you’re feeling overwhelmed. I also recommend practicing yoga, exercising, and especially getting a good night’s sleep.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?

The three main things that excite me the most about cybersecurity is its growing popularity, its ease of use and its necessity, especially given the political climate. Software that would have been generally unheard of is growing more and more commonplace each year. According to our research, 68 percent of adult Internet users in the U.S utilize VPNs, which equates to around 142 million people (Source: https://www.security.org/resources/vpn-consumer-report-annual/). Subsequently, as cybersecurity software becomes more popular, companies are making it more user-friendly than ever, which is a huge jump from crowd-sourced options that require knowledge of HTML and coding. Finally, given the political unrest and fear of censorship in this country, cybersecurity has the ability to give people privacy online while protecting their personally identifiable information, essential in the information economy.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?

I think a huge issue with having remote workers is more chances of cyberattacks. Companies need to prepare their employees with proper training and software for remote work. Since most Americans don’t follow the best digital privacy practices, companies need to have a defensive approach when it comes to digital security. For more information on how digital privacy risks as Americans work from home, read our research here: https://www.security.org/resources/digital-privacy-telecommuting/.

Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

Since I don’t work for a software company, I’ve never been involved in fixing or stopping a security breach.

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

On a frequent basis, I use a VPN to encrypt my web traffic and hide my iP address, identity theft protection to scan multiple areas for my personally identifiable information, and a password manager to add advanced authentication to my online accounts.

How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter”software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?

I think it really depends on what kind of business it is, not just the size of the business. Different businesses hold information that is varying levels of sensitivity. For example, medical practices and financial institutions clearly have more to worry about than a sandwich shop that only takes cash. So I can’t say for sure what size of business should use their own software versus hiring a third party or in-house personnel, as every business holds different data.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?

Yes, some signs of a breach include not being able to access your online accounts, unfamiliar charges on your bank account or strange phishing emails.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

First and foremost, the company needs to alert its customers of the breach, although the time allowance differs by state. Next, it’s important to alert all employees and implement cybersecurity software like VPNs, authentication, password managers, and identity theft protection. We’d also recommend antivirus software and employee training.

How have recent privacy measures like The California Consumer Privacy Act (CCPA), CPRA GDPR and other related laws affected your business? How do you think they might affect business in general?

This doesn’t really apply to me as I don’t have a digital security product.

What are the most common data security and cybersecurity mistakes you have seen companies make?

Many companies ignore data security completely, as we’ve seen with multiple Internet of Things devices that aren’t password-protected. I’ve also seen companies provide their employees with little to no cybersecurity training, which makes them much more vulnerable to cyberattacks.

Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?

We have seen an update in privacy errors. The World Health Organization, for example, has seen cyberattacks increase fivefold since the beginning of the COVID-19 pandemic, for example (source: https://www.who.int/news-room/detail/23-04-2020-who-reports-fivefold-increase-in-cyber-attacks-urges-vigilance#:~:text=Since%20the%20start%20of%20the,targeting%20the%20public%20at%20large.&text=The%20number%20of%20cyber%20attacks%20is%20now%20more%20than%20five,the%20same%20period%20last%20year).

Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)

1. Use VPNs: Especially if your workers are on public Wi-Fi networks, like in a coffee shop or library, have them connect to VPNs, or Virtual Private Networks, before doing any work online. This will encrypt their web activity and hide their IP addresses, making them much less susceptible to hacking. After I got sick of being on lockdown and cafes opened up, I started to work at coffee shops to escape my home, always connecting to a VPN first thing before doing any work online.
2. Use password managers: In order to protect employee accounts from unauthorized access, have them use a password manager for all business-related online accounts. Password managers will audit their current passwords, making sure there is a long, unique and complicated password for each account. Then, some password managers can add advanced authentication methods, like two-factor authentication in the form of a passcode or multi-factor authentication in the form of fingerprint or face ID, which prevents unauthorized access. Before I had LastPass as my password manager, I had to constantly reset passwords, and I used a variation of the same password for each account. Now, not only are my passwords protected in an encrypted vault, but I use Touch ID to sign in to accounts on my phone, which is both more secure and easier than having to remember a million different passwords.
3. Get business identity theft protection: Many people don’t know that businesses need protection from identity theft as well as individuals. Identity theft protection services scan a number of areas for businesses’ identifiable information, like their tax ID. When our business email was involved in a Poshmark data breach, we got alerts on our phones immediately and changed our password.
4. Use antivirus software: To protect against malware, it’s important to have all work-related devices downloaded with antivirus software. Many services also include protection against phishing, ad-tracking, and even spam calls. I used to get multiple spam calls a day, which would drive me crazy, but with antivirus software, I receive less and less.
5. Train employees: This should be fairly obvious, but some companies seriously skimp on training employees on how to protect business and customer data. At the very least, train your employees on how to recognize phishing links and emails, as they are the most common ways that hacking can occur.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-) (Think, simple, fast, effective and something everyone can do!)

I would recommend that people not automatically accept cookies. Now, we have legal protection so we need to opt in to cookies, which wasn’t the case in years prior. Many people still accept cookies automatically, which leads to ad tracking and a lack of privacy. Simply by opting out, you can greatly increase your online privacy.

How can our readers further follow your work online?

Subscribe to Security.org’s Youtube channel (https://www.youtube.com/channel/UC6DS1pJ0Y9UsjS5jz3cvU1g/videos), read the content on our website and follow us on Twitter.

This was very inspiring and informative. Thank you so much for the time you spent with this interview!

You’re welcome and thanks very much for having me.

About the Interviewer: Jason Remillard is the CEO of Data443 Risk Mitigation, Inc. (Publicly Traded as Symbol: ATDS). Data443 is a leading Data Privacy and Security company with over 40,000 customers worldwide.

Formerly of Deutsche Bank, TD Bank, RBC Bank, IBM, Dell/Quest Software, TUCOWS and others, Jason has been in information and data security for over 30 years with customers in virtually every country in the world.

Trusted to deliver — All Things Data Security — he is leading the charge in bringing data privacy as affordable, deployable and realistic solutions that every business owner can take advantage of.