Trendbreakers 58: The importance of having a cybersecurity strategy | Pamla Davitt, VP Business Development, Data Guard 365
Transcript Below:
Steve Watson (00:08):
Welcome to the show. I’m Steve Watson and I chat with business professionals from all over the country in order to share their stories with you. Why? Because I believe that the fastest way to your personal success is for you to replicate the accomplishment of your peers. So if you want to learn from business professionals ranging from human resources, all the way to finance and get an insider’s view on their success stories, then you’re in the right place because this is the Trend Breakers podcast.
Steve Watson (00:44):
Hey, welcome back to another episode of Trend Breakers. Today. I sat down with a good friend of mine, Pamla Davitt , who is the Vice President of Business Development at Data-Guard 365 and Pamla and I knew each other 16 years ago when I was newly married, my wife was pregnant with our first child and we were in the same apartment complex and got to be good friends with her and just had a chance to catch up with her recently and started asking her about what she was doing. And it got me really fascinated with this area of cybersecurity and the fact that employers, especially small employers, let’s say an employer with a hundred employees or 500 employees. Like we, we kind of knew about this area, but a lot of times we think this cybersecurity is for like the Targets and the Walmarts and the really big company.
Steve Watson (01:28):
And so Pamla and I dive into this area and what companies should be working on. And I know it’s starting to get close to the fall and, you know, Halloween scary stories and stuff. And so we’re going to talk a little bit about those scary stories in the show and why CFOs and HR professionals and CEOs really need to have some type of strategy in place to protect themselves against all kinds of hacks and ransomware and all these different things that are going on. And so I know you’re going to enjoy this episode today with Pamla Davitt,.
Steve Watson (01:58):
But first, really quickly, are you an HR or finance professional that is tired of employee benefit rates that go up every single year? I know I was and it came to a breaking point. Not long after I added HR responsibilities to my CFO role that year I got a 30% rate increase that 30% sparked a journey that led me to discover five steps that all companies can replicate steps that most brokers and insurance carriers don’t want you to know about. As it cuts into the billions of dollars that they take from us. Those five steps led my company to break the rising trend of healthcare insurance costs and save $500,000 per year. And now I’m on a mission to help 1000 employers replicate what I did at my company. I do this by helping employers learn and implement the trend breakers formula. So if you’re fed up with the increases you’re seeing at your company, and you want to learn more about the trend breakers formula, then hop on over to the website at www.trendbreakers.com. Now let’s
Steve Watson (03:00):
Get started with today’s guest Pamla! Welcome to the Trend Breakers podcast.
Pamla Davitt (03:05):
Thank you, Steve. I am so pleased to be here.
Steve Watson (03:08):
Yeah, it’s been fun kind of catching up. And so I knew Pamla well, I was like 16 years ago when my oldest was being born. We lived in the same apartment complex and got to be really good friends with you. And it’s just been fun to catch up. And today we’re going to talk a little bit about what you’re doing now, nowadays.
Pamla Davitt (03:24):
Thank you. Appreciate this opportunity. And it is so good to see you be in touch again.
Steve Watson (03:31):
Fortunately, you work in an area that most of us don’t really want to talk about and that’s cybersecurity, right?
Pamla Davitt (03:36):
Well truly. And you know, there’s, there are many misconceptions about cybersecurity and one of them is that all cyber criminals work in Dungeons in the wee hours of the morning and where you know, sweatshirts and black hoodies.
Steve Watson (03:54):
So now you’re going to ruin that, that for me too, that ain’t…
Pamla Davitt (03:58):
No, that’s not the truth. They actually are business professionals. They dress like we do. They work eight to five, they work in teams. They go about things, very methodically and disciplined and organized like any other business would do. And I was very surprised to hear that. In addition, there’s a whole another group of people making a business out of negotiating the rates for ransomware. So when you’re ransom, you can actually negotiate the price and there’s someone that will help you do
Steve Watson (04:33):
Cause that’s where they come and they kind of take over your system and then they hijack and basically say, I won’t give it back until you get some money or something.
Pamla Davitt (04:40):
Right. So we are at Data-Guard 365, were I’m the Vice-president of Business Development. We work very, very hard to stay at the cutting edge of fighting cyber crime. And we do a good job. We’ve been in business 30 years. We don’t lose customers and that’s probably our claim to fame. The Reese brothers started initially their military grads in it and tech savvy and cybersecurity aware and have built first aid and M.S.P, which stands for managed services provider and bed took it up to an M.S.S.P, which is a managed security services provider. They have Reboot and HIPAA guard, which they created when they began buying hospitals in rural locations to improve healthcare and found that there was no good way to document, track and achieve and maintain regulatory compliances with HIPAA. So they call that HIPAA guard and then did the same in 2018 and expanded that for all industries with uber focus, we should say on cybersecurity. So that’s their third entity data guard. And we are working really, really hard to keep as many people, as many companies as possible in a position where they never have interrupted operations and their data is never ceased or leaked or ransomed.
Steve Watson (06:03):
And so what kind of companies are kind of like the focus of, of Data-Guard that you work with?
Pamla Davitt (06:08):
Yeah. Very funny. You should ask. It doesn’t matter what industry everyone is a target today. And that’s one of the misconceptions. A lot of companies say, well, we’re too small or the payloads not going to be that big for the criminals. So we won’t get hit. I think again, they are patient and they make probably four or five times what any of us make in a year with the way they do their business, which is rotten when you think about it, but they can plant viruses these days and then let them explode two, three, four months later. And it’s worth it to them because the payload, if you say a small amount in thousands of companies is still a pretty big payday for them,
Steve Watson (06:48):
It’s a numbers game, right. They’re probably just planting viruses. It’s trying to hit as many companies as they can until they get an opening. Right. Yeah.
Pamla Davitt (06:54):
Absolutely.
Steve Watson (06:57):
Yeah. So tell me a couple, a couple of stories and I want to be, it’s, you know, we’re getting close to Halloween and all that stuff. So scare me a little bit. Tell me about some of those stories that you’ve heard in this industry. So it makes me want to like sign up for these kinds of services. So
Pamla Davitt (07:13):
Yeah, well, and there’s, there’s some services that are good for individuals and families, you know, like a home environment and we’re the kind that serve companies. But at the end here, I’ll share what I can give you and your listeners to how they should approach it based on, you know, where that comes from. Probably one of our saddest stories is a company that, of course I will not name everything’s very confidential, but we had met with them about providing them cybersecurity only a week or two prior. And they were just getting ready to sign the contract. And they got hit with the three and a half million dollar ransom. And had we been in there and started onboarding just a week earlier, we would have been able to identify that breach coming and stop it in their data would not have been seized. They would not have gotten the ransom and we could have just mitigated the whole thing. We can’t do that. We call it incident response when a company calls us in a panic and says help. We came to work and nobody can get their computer to work. And none of our data’s available to us. And, Oh, there’s this note we need to pay or
Steve Watson (08:27):
Let’s talk, let’s say like, how does that practically, where do they show up in the office? And then there’s just like a note on their computer saying all this numbers.
Pamla Davitt (08:35):
Yeah. Just as you’ve been, you’ve been hacked and the ransom fee is this and pay. And then we will not leak your data or pay and we will not sell your data. And there’s an article on the, on the wires today about students out in Las Vegas and the school not pay a ransom and their data was leaked. So, I mean, it happens every day. You’ll see two or three breaches. Now it’s gotten so bad. And what happened? We don’t like people come to us…
Steve Watson (09:08):
They don’t pay the ransom. It gets leaked. Do they get their data back to the company? Just like leave or are they just stays locked? And they have to like kind of reboot everything and like reset or like motor companies. What can a company do in that crisis?
Pamla Davitt (09:21):
What companies and attorneys and insurance companies tell them is pay. You have no real other choice. That’s what you’re told to do because you really don’t. And even once you pay, there is no guarantee. You’ll get all of your data back. In fact, you typically do not get all of it, not a hundred percent of it back, but you have to be given an encryption code. And that is what we would take and then get back your data. But you have to have that code and they won’t part with the encryption code and give that to you. If you, you know, if they breached you and you don’t pay the ransom. So it’s, it’s a service that you need to invest in now and not have this. It’ll never happen to me attitude because everything you have worked for your life’s work, if you’re the owner or the founder part of, you know, a co-op someplace where you’ve poured yourself into you stand to lose your entire life’s work.
Steve Watson (10:21):
What kind of systems are they going after? I mean, is this like they’re operating their ERP systems, their accounting software. I mean, what kind of like…
Pamla Davitt (10:28):
No, it’s not. They, they sneak in on endpoints. We call any laptop or desktop or server an endpoint. And so you need your end points protected. And typically in the past, antivirus would do that and doing backups on and off site would do that. But the hackers have become so advanced that that’s not sufficient anymore. It’s simply is not. There’s, you know, hundreds of different types of malware and new things come up every day. The FBI sends alerts out to the commercial sector and warning, you know, watch for this watch for that. We’ve seen this in Czechoslovakia. We’ve seen this in Japan. We’ve seen this in Italy. We’ve, we’ve seen this in the United States, 12 places in the banking industry and the real estate industry and the private equity sector in the medical. I mean, it just goes on and on education. They’re hitting everywhere because when you think about it, what all they need to know is what is your proprietary data?
Pamla Davitt (11:30):
What would bring you to your knees? And then that’s what they go out after that they sneak in through end points. So as important as the platform we use and the way we approach cybersecurity is the training. We do a company’s employees so that they know how not to open up the port that lets these bad guys in real quick, you know, I said an antivirus used to do the Trek and backups were enough. What today requires is artificial intelligence. And what that does is it traces the behavioral use of I.T. And can recognize, Oh, this function we normally see happening that person doesn’t do that function, or it doesn’t come from that endpoint. It’s not done from that laptop. This is a, this looks like it’s a virus that’s been planted in, you know? And so we know how to identify a breach as it’s coming down the pike and track it and mitigate it before they can actually get to the sees part. So your data and your operations are not…
Steve Watson (12:36):
Make sure I understand that because there’s there’s patterns that are happening all the time. Like I may log in the same time or coming from the same side of the same area. And so the AI comes into play as a, it’s noticing something different happening, right. The place or some different thing. And I’m being like, look, something’s going on and you just need to check this out. And you know, maybe, maybe the boss is on vacation and Czechoslovakia and whatever, but you know, if there’s something else going on and I know it’s not as easy as that, of like just kind of pinpointing like a place where they’re coming from, right. Something that’s a little bit..
Pamla Davitt (13:08):
Well, and they use, what’s really strange. They use phishing campaigns. Like they will, they will go in and send an email to, it just happened to me this week. This is, you asked for a story for Halloween. This is a good one. So I know the CEO of a fantastic ad agency. I won’t say what city and that’ll at least keep it very, very vague. And he became a friend in that place where I was working for the last couple of years. And he I got an email out of nowhere asking us to provide an RFP, you know, proposal. And it made no sense to me because he would never ask us for a proposal. It wasn’t asking for cybersecurity. It wasn’t, it was just, but it was his signature on the email. It looked like it came from his email address. I had it in my file. So I knew who sent it to me. And that was the other part that I knew that was wrong. He would not send an RFP. One of his people would, but anyway, I knew because that’s my business to know, but somebody else might not have, because they know this man. And they know whose signature that, you know, they might’ve said, Oh, okay, what does he need this week? And yeah, we’d love to do a bit on that. Right. And so when you…
Steve Watson (14:21):
You haven’t had a phishing thing done, then it’s coming. Like I get them all the time, just because of my title. People can look at my title and stuff. And so I get emails all the time and it used to be as easy as like, look at their grammar, looking, you can kind of tell, but they’re getting better and better and better at doing that. So we’ve had to just implement, like even you’re talking about like some of it, just the user training. And so anytime we do any major transaction, we’re getting multiple confirmations. Like it’s just not email. It has to be like some verbal, some texts, something, and some other system or something, to be able to process these things that you’re actually talking to the person that’s not coming to life digitally. Right.
Pamla Davitt (14:59):
But if I hadn’t been really aware, I might’ve clicked on the attachment and given my credentials, which would have opened things up for my company for a nightmare, a small nightmare, and see what this fellow had done without knowing that because someone had tricked him was he had given away his password and that’s how they got into his email. And we’re now sending to his entire database of contacts, an offer to provide a bid for something he doesn’t want. So anyway, he was able to…
Steve Watson (15:29):
Expectation. I mean, I know a lot of companies will have an it department, but you have to be specialized in this area of like data security, right? Just having somebody that can help you with the computers and with user stuff is not having debt that a security
Pamla Davitt (15:44):
Well in here, here’s the deal. Those are called managed service providers, whether it’s your own internal staff and they’re using an external service provider, those folks are educated in excellent at keeping your networks running and all of your computer’s working. And all of your patches done that are required with software periodically and all of that. And, and they should be doing backups and they should put a disaster recovery plan in place where we make the difference is we make sure they never have to implement the disaster recovery plan because the disaster never happens. I mean, nobody wants a disaster. The owners don’t their investors don’t. Don’t the I.T. Staff doesn’t want to be there for the next 14 days round the clock. None of the employees want to stop doing their work. Then you’ve got the catch-up afterwards, once your computer works again, if things are restored, right?
Pamla Davitt (16:34):
So nobody wants a disaster, but we all need a disaster recovery plan. We just make sure Data-Guard 365, make sure you don’t have to use it because we mitigate that. And it’s because cyber career specialists is exactly what it is, what it says, it’s a career. And it requires different skillsets tools that MSPs and internal it staff are not supposed to have. There’s no way they can have those tools. They leverage the cost of all of that by bringing us in as a partner. And so that’s our role is to be their backbone. And then we can 24/7 monitor their data and systems while the I.T. Guys sleep, go home to their family and sleep like they should. And we can set a protocol. So one firm may not want to even hear from us, you know, and, and we tell them in the neck the next morning, what we were able to mitigate another main once in a text message at 2:00 AM, if something’s being breached so they can see it roll back over. And now they’re going to get an email at 7:00 AM telling them all the details. So we set up protocols for, and then just have their backs.
Steve Watson (17:42):
A lot of people will listen to this, or, you know, CFOs and HR professionals. And I get it, you know, I may be an accountant at a company, a CFO, but I’m not a tax specialist. Like I’ll bring in a tax person to work on that area to outsource because it’s just very different or an HR, you know, you may be very good at HR, but you bring in a benefits broker to work on employee benefits because they’re, they’re a specialist in that area. I see this with I.T. But I agree with you. I think a lot of companies just think that they’re too small, that I don’t need to really worry about this. I’m not Target. I’m not these big companies or something like, why would they target, you know, Joe’s construction company that has 200 employees.
Pamla Davitt (18:20):
Yeah. We only did. We only did a few hundred thousand last year. We only did half a million and we only did 120. I mean, it’s just, it doesn’t matter anymore. And I you know, not to take it too far, but when you think about cyber criminals working like professionals, like they consider what they do a viable way of making money. Well, you teach your sons some things about the trade that you’ve done through the years. I can just see these cyber criminals taking their teenage boys sitting in front of the or girls putting them in front of a computer and saying, okay, son, okay, daughter, of mine. This is how you make a hundred grand next month. You know? And, and I mean,
Steve Watson (18:56):
And we talked about AI and needing, I mean, they’re using AI just as much as well. You know, I’m trying to learn new things and trying to hack in, and let’s just scary world. But yeah, I definitely love having you on the talk about this, because I do think we need to talk more about this area. So people want to connect with you, talk with you, what’s the best way to connect with you?
Pamla Davitt (19:16):
Well, we, they can call, we’d love to have a call or an email I’m on LinkedIn. I’m Pamla and my number, I have a Cincinnati and an Indy number. We are located in many places, but you can email me or go to LinkedIn and catch me, or use a (317) 558-9364 or (513) 207-1441. If you are someone that needs security for your home and your family I am happy to direct you to one of the fastest growing companies on the planet that has cybersecurity for individuals and homes. If you want a commercial introduction that is Data-Guard 365, and we do a little 15, 20 minute online meeting just like this where we talk through an overview of the high points of what cyber data guard can do for you and the price point. I want to speak to that for just a second, because everyone’s convinced that because of artificial intelligence and somebody, a human monitoring data, 24 hours a day, seven days a week, 365 days a year, that that has got to be cost prohibitive. It is not true. We are probably the best, the best price in the whole industry for the value you get.
Pamla Davitt (20:42):
And it runs somewhere between $15 to $25 per endpoint, and with large numbers of computers or longer-term agreements, we, we can come down below that $15. But if you think about hovering somewhere between $15 $20 an endpoint for a medium to large sized company, that is nothing compared to what you would save of trouble. And the questions that leaders need to ask themselves as they’re sitting and having these discussions in their executive teams is how long could we afford to be down and not have access to our data? What would that look like of time and energy to get back up and running once? And if we recovered, no, what price tag can we put on that loss? We can’t even begin to price what our reputation hit will be. And we liked talking to CFOs because they’re the people that sit in those conversations in a ransom notes been received or go, okay, John, how much are you going to write the check for it? I mean, can we do this? Are we going to do this? So these conversations need to happen now, before it happens.
Steve Watson (21:48):
Is that like per month, I assume that’s on per month. Like just a subscription, kind of the price, right?
Pamla Davitt (21:53):
Well, yeah, we, we have a unique model. Ours is a fixed fee, all inclusive. So when I say $15 to $20 per endpoint, I mean, that’s everything, that’s a project manager assigned to your account. It’s regular reporting and documenting, not just for yourselves, but for customers. That’s the other thing is customers are asking companies these days, if you’re not going to do show lesson assessment, you’ve done on your security of your data. We’re going to have one done on you because we don’t want you jeopardizing our proprietary data and our operations. So those assessments are included, all the documentation you need for any compliance or regulatory things you’re trying to achieve. We, we really are fairly priced. And again, it’s because the Reese brothers want to make sure that others like themselves who have built a fortress, keep their fortress, keep their fortune.
Steve Watson (22:42):
Well, I mean like your reputation’s on the line more than even that, that company. Right? And so if you’re able to protect everybody, so you’re going to do everything you can to protect who’s within your, your fortress, right?
Pamla Davitt (22:51):
Yeah. And the platform we use is the fastest growing Walmart, Netflix use it the owners Mike and Greg bumped up our security when things started to get very, very bad, a few years back. And so we have the deepest, dark web visibility tool. That’s on the market where with the fastest growing platform and that platform insures with a $1 million cap, any losses to your endpoints if we dropped the ball. It’s really impressive. So it’s, you need a partner like us because you just need that so that your, I.T. People aren’t trying to do things that were never intended for them to do that. They don’t have the tools and the wherewithal and 24/7 ability to do.
Steve Watson (23:41):
I think you hit on the right. I mean, everybody needs these services, right. And Data-Guard’s one of the ones that do it. There’s some other ones that do it, but you need this stuff and you don’t want that Halloween movie to be your, your scenario don’t want to be the next case study of having a ransom. I kind of imagined, like having, you know, showing up the office and having to deal with that.
Pamla Davitt (24:01):
Yeah. I remember meeting, I sat in and I said, how long could you be down? 10 minutes? Is that too long? I mean, that’s how most people feel. They don’t want to miss an email. They can’t miss putting an offer out there. They need to talk to vendors. They need to receive orders. I mean, you can’t have your data seized.
Steve Watson (24:19):
Well that, and then the, just the reputation, right? Because everybody trusts you and stuff. And I just was it Target a year or two ago, and it wasn’t even them. They have their data breach. It was like the little system inside of theirs. But then Target took the hit. You know, everybody was like, can I go to Target? Or I don’t want to go to Target. Like, yeah, just the reputation.
Pamla Davitt (24:36):
It speaks volumes to customers and to vendors when they see that you have some security in place and then you make a choice to invest in enhance security and, you know, they just, they know you’re being ultra-responsible and that makes a difference. It also hits your premium. You usually have a lower, lower, premium, or better ability to make claims were something really unexpected to happen with your insurance and cyber extortion. I wanted to get that out today. You need to make sure you have cyber extortion as part of your cyber security insurance.
Steve Watson (25:14):
Well, it looks like I got some work to do to go check my, my own policy there. So Pamla thanks for coming on. The Trend Breakers podcast today. It has been, I would say it’s been wonderful and scary at the same time, but I don’t think it’s horrible.
Pamla Davitt (25:26):
Thank you so much for having me and for letting Data-Guard have a little window here. And I it’s so good to see you again, Steve, you’re doing great things with trend breakers. I’m excited. I want to get more into that and learn what you have brought to so many industries. So many companies that are mimicking what you did. That’s great. All right.
Steve Watson (25:46):
Thanks. Well, that’s it for today’s show. Thanks so much for tuning in. I hope you enjoyed this show and if so, please leave a rating and review. I want this show to be able to help as many people as I can. So I love to hear your feedback. And if you want to learn more about my personal mission to help 1000 employers lower the cost of their employee benefit plans by replicating what I did, then I recommend you check out episode zero, the Trend Breakers podcast, where I tell my story and give you insights and tips on how to replicate it at your company. Please remember that while you can improve your chances of success by replicating others, to always share your personal stories, as well as other trend breaker stories with those coming behind you, nothing is more fulfilling in life than helping and connecting with others.
Discover Data Guard 365
Data-Guard 365 is a MSSP firm headquartered in Indianapolis, Indiana, with offices in Chicago, Atlanta, and other strategic locations across the globe. The company is a one-of-a-kind business partner whose people, processes, and technology provide invincible cyber security for a price point that pays for itself. www.Data-Guard365.com / (317) 967-6767 / info@data-guard365.com
Back to Articles/Blog
