
Be the first to curate this episode — add a title and quick summary.
Add title and summaryNo information listed yet. Be the first to add who benefits from this content.
Suggest who benefitsNo detailed summary yet. Suggest a summary to help the community.
Suggest summaryNo questions listed yet. Be the first to add a question for this topic.
Suggest questionJulie Ryan is the president of Isaturn, Inc., a company invested in data privacy and security. Today, Julie will tell listeners how to easily and inexpensively protect themselves, their companies, their employees, and their clients from data breaches, and what to do in the event of one.
Questions Asked: 1) Do data breaches really happen to small and mid sized companies? 2) What can executives and companies do to protect themselves? 3) What can I personally do to protect myself and my family? Contact Info: Website: www.isaturninc.com Email: julieryan@isaturninc.comAuto-generated transcript. May contain errors.
Time is precious and so are our pets, so time with our pets is extra precious. That's why we started Dutch. Dutch provides 24/7 access to licensed vets with unlimited virtual visits and follow-ups for up to 5 pets. You can message a vet at any time and schedule a video visit the same day. Our vets can even prescribe medication for many ailments, and shipping is always free. With Dutch, you'll get more time with your pets and year-round peace of mind when it comes to their vet care. Welcome to the Exit Coach Radio show, the show for baby boomer business owners who are looking for cutting edge information as they plan their 3 to 10 year business succession and exit. Every week we interview top professional advisors for their best tips, strategies, and precautions so you can be well planned. And don't miss our one minute exit coach tip of the day on Exit coach. com and now here's your host, the exit coach Bill Black. Welcome. Thanks so much for joining us today. My next guest is Julie Ryan from Isaturn Inc. in Birmingham, Alabama, and we're going to talk about data privacy and security simplified. So we're going to learn how easy, easy and inexpensively you can protect yourself, your companies, your employees, and. from and in the event of a data breach. Julie, welcome to the show. Thanks very much for joining us today. How are you? Hi, delighted to be here. My pleasure to have you on, Julie. Thanks for joining us. Tell us a little bit about ISaturn and your background and how you all got started in this particular sector of the workforce. OK, it's spelled like I Saturn, but it's pronounced Iour. And what I did in that name was I combined the goddess of simplicity, ISIS, and the god of simplicity, Saturn and came up with Iourn and then Googled the name and it wasn't anywhere, so I trademarked it. So you, you know, in this day and age you've got to look online and see if anybody's taken it before you come up with a company name. I am an inventor and an author and a serial entrepreneur. I have invented surgical devices that are sold throughout the world, and some are licensed through global medical companies. Some were manufactured by companies that I owned, actually just sold a medical manufacturing company a couple of months ago. So I am a serial entrepreneur in that I've started 9 companies from scratch and I, and they're not in related fields necessarily. I am always looking for trends as they're emerging, and about 10 years ago this data breach situation was just really kind of coming into the forefront, and we've really watched it explode over the past several years and so I always am looking for ways to simplify. Compliance and protection for business owners, especially small and medium sized business owners, and I lecture about this around the country. I heard Bolio earlier and I too am a visage speaker and also speak to other large conferences around the country and also in Canada. OK, and that's that's great to know. So if you're a visagege chairperson or if you're a leader of another type of a business group, listen in and think about bringing. into your group. So Julie, Iatur is mainly in the area of helping people learn how to protect themselves. What are some of the big issues these days? What are some of the, the, I guess the question is, do data breaches really happen to small and mid-sized companies? They do, and I believe that they're the most vulnerable. The small and medium sized companies are the most vulnerable because they don't have the financial wherewithal or the in-house departments of people to really Oversee data security and really even the big guys, if you think about it, they're spending millions. The industry is worth billions in firewall protection, and they're still getting breached like the Sonys and the Targets and the Home Depots and on and on. And the reason is, no matter how much money you spend in protections as far as firewalls, you can't keep an employee from clicking on a malicious link without training them. And millions of dollars' worth of firewalls are not going to protect you if you've got somebody in-house making a human error, and people don't know what they don't know. The other two things that I see often, Bill, around the country is that number one, companies aren't in compliance with the federal and the 47 states' laws that deal with data breach. And therefore when they experience a breach, you know, the head of the FBI, you may have heard him say that there are two kinds of companies in America ones who know they've been breached and ones who've been breached and don't know it yet. Every company's been breached. It's just inevitable. And so when they're not in compliance with these laws. The lawyers are at bay, the plaintiffs' attorneys, there's all kinds of, uh, lawsuits, class actions usually that are filed, and the regulators come in both on the state and the federal level, and fines are imposed. If a company is doing business in multiple states, each one of those state law comes into play, and, uh, it gets really complex and, and what I find is that C-suite executives, especially in the small and medium sized companies, it just makes their heads spin. So what we find is that if we can get companies into compliance with these laws, part of that requirement is that all employees be trained on identity theft awareness, and that means that your lowest paid employee to your highest paid employee. And so that's what I've come up with is a program to make it easy and online and fast and You know, affordable, so there are laws that require companies to have certain protocols and procedures in place to prevent hacking or breaching. And again, one of them is that all employees must be trained. And so that's where you come in and say, well, here's, here's the, here's the training program for that. Do do employees access this type of information? Is it online training? It's online training and it involves all the other documents and forms and policies and procedures that a company needs in order to get into compliance, not only with all of the federal laws, but with all of the state laws as well. And it's interesting in certain niches, Bill, because for instance if it's if the company's a medical provider, they'll be focused on HIPAA, but there are several other federal laws that pertain to them as well. They're just not aware of it. So we find that there are gaps in those coverages from a compliance standpoint, and and we help fill those gaps. The other big part of the equation that we see and we hear of this a lot, and that the target breach is a great example. Um, is that the laws mandate that all vendors are supposed to be in compliance with the data privacy and security laws as well. So anyone with either direct, um, electronic or inadvertent access to any kind of confidential information on the company, on the employees, on the clients. They all have to be in compliance as well, and we as owners of companies have to be sure that anyone with whom we're sharing any of that type of information and any one of those methods, they're all in compliance too. So my program has the ability to get those vendors into compliance and get validation that they're in compliance back to the customer who Needs to know that they are in order to share data with them. What percentage of companies would you guess or project are in compliance with these laws? Oh, probably maybe 1 to 2%. Wow, OK, it's a huge vulnerability, huge, huge, huge, because, as I mentioned, the regulators are all over them. The plaintiffs' attorneys have a field day with them in court because What they will say is, hey, look, you were supposed to be in compliance with some of these laws 10 years ago and you haven't even begun the compliance process. Therefore, we're entitled to double or triple damages. And the problem with data breaches in small to medium sized companies, Bill, is that most of the time they can't withstand all of the financial implications with a breach because they have to notify the victims. They're dealing with lawsuits, they're dealing with fines and penalties. They're hiring lawyers. They're hiring forensic companies to come in and figure out how the The data was breached. What happened, putting programs in place. So it's really important for companies to do this. I think it's the it's just a basic thing that every company needs to have in place in order to protect themselves because like I mentioned, the firewalls aren't protecting them. Another really important point that most small and medium sized companies don't understand until usually it's too late is that their general liability insurance isn't going to cover them. In the event of a data breach, it only covers tangible assets and data normally if it's breached by either somebody hacking into their system or more likely somebody internally either losing or stealing data and or one of their vendors losing or stealing data. So they've got to get cyber coverage in addition to their general liability coverage and their DNO and whatever else they have in place. One more, one more expense, one more thing, and I think a lot of people probably don't realize how critically important this is. And so, you know, they, you know, it's, it's like the government doesn't say you have to lock the front door of your business, but it's a good idea at night when you go home. But in this case they are saying because there are so much, uh, so many um potential. Downstream problems at risk here with people's confidential data. They've actually made these laws. Do most business owners even know the extent of some of these things, or did they, did they just kind of gloss over the information? They don't actually, and it's fascinating. I spoke to a conference. There were probably 700 or 800 defense attorneys, state defense attorneys in the room, and And several of them came up to me and emailed me afterwards, and they said we weren't even aware of these laws. This is amazing. I was at a conference where they had some Federal Trade Commission lawyers there who were speaking and somebody in the audience asked one of the FTC lawyers, Hey, you know, why don't we know about this stuff? And this lawyer shot back and said, look, we're an enforcement agency, we're not a PR firm. It's up to your associations and your legal counsel and your CPAs and and those kinds of folks to let you know the documentation's out there. They've got booklets, they've got if you go to FTC.gov, there's all kinds of information there about what is required for the compliance parameters to be in place. Another important note on the compliance point is that in order to get the cyber coverage, in order to get through underwriting, you've got to have a compliance program in place because all of those applications for cyber coverage bills say do you have a a security compliance officer in place. Do you have a written policy? Do you have mandatory training? Are all of your vendors verified that they're in compliance before you share information with them? All of those are check marks that have to be addressed before cyber coverage can even be purchased. And if it's purchased without that in place, you know, every insurance policy says as long as you're in compliance with all of the laws, this insurance policy is valid. Well, that just negates it if you're not. But they're not actually enforcing that you have that. They're just saying, do you have it and basically protecting themselves on the back end and saying if you don't, then you basically lied on your application and we're not going to cover you. That's right, and you're not in compliance with. Laws, you know, and I think part of it is, you know, everybody, some things are tangible and some things are under the must-have list and some things are under the nice to have list, and I think this is the type of thing that's been under the nice to have list for so long. But you know, people have HR consultants because they realize the severity of not having good employment policies in place, how it can come back and and and hit you, but this has not, there's there's not that many companies. I guess that would the smaller companies that would have an IT consultant or that that gateway they have to go through that say no, no, this is a must have. You must have this information and it sounds like even if they go and get protection and cyber protection they're still not saying Well, show us, they're just saying do you have it? And then if and then you need it's basically you're agreeing that you have it. You're exactly right on that and And the interesting thing about this is companies are way more likely to have an issue with data breach than they are with sexual harassment or some other HR issue, but they have that in place. So to your point, It, it just hasn't been discussed as much, but it's becoming much more relevant in this day and age where we hear of small and medium sized companies that are shutting down when they have a data breach because they can't withstand all the the fines and penalties and legal fees. What what we're seeing too is that cyber criminals in some instances are targeting small to medium sized companies because they're easy to get into. And then the plaintiffs' attorneys are targeting small to medium sized companies as well because they see them as low hanging fruit. They don't have their resources to defend themselves. They don't have in-house counsel normally. So that's an issue too. I think small to medium sized companies are the most vulnerable of all, you know, Target can withstand a billion dollars loss. Most companies can't withstand a several million dollar loss. Most small and medium sized companies, most can't afford they can't afford a $100,000 loss, so much less than so what the executives and companies do? Some of the things they can do to protect themselves. There are 3 really easy, quick, affordable, or free things they can do. The first one is to get into compliance with all of the federal and state laws, and there are lots of companies out there that do that. You want to have a company that's going to address all of the laws. There are companies that address, as I mentioned, just HIPAA for medical providers or just grimly. if they're financial services companies, but you want to have all of them covered because the feds are going to come after you if you have a breach on all of those laws. Also, you want to have the state's laws covered, especially if you're doing business in multiple states or throughout the country, because again, those states' laws will come into play if you have a breach with information on on either companies or individuals that live in whatever state. The other thing that they can do is they can offer in most instances companies will offer a voluntary identity theft protection benefit to their employees, and that's important because Not only in the event if the company loses their own employees' information in a data breach bill, but also if one of their employees has their identity stolen, which they all, every company has employees who have been victims of identity theft, when they're trying to fix their lives, they're doing it during business hours cause that's when the banks and the creditors are open. So you're going to, you've got a lost productivity situation in that event. So by offering voluntary employee benefits, that's identity theft protection, the employee pays for it so it doesn't cost the employer anything, but it protects the employer in the event. They lose their employees' information also in the event that their employees are breached by some other entity. And then the third area is to get cyber coverage. Talk to your insurance professionals and get cyber coverage in place because again, the general liability does not cover um any kind of uh uh data breach, whether it's through somebody hacking into your system or somebody internally they're losing or stealing data. Julie, great tips, great information. How do our listeners find out about more about Iour and you? Isaturn Inc. I S A T U R N Inc.com. So think of IS Saturn like iPhone, iS Saturn, but it's pronounced Iour, Iaturn Inc.com. What's some of the key information that they might find if they go to that site? They're going to find information about what they need to do to get into compliance. They're going to find the opportunity to um To sign up online for a solution. It's an immediate solution to their compliance requirements, both federal and state, and depending on their size, they're going to find out about another program that I'm involved with that does predictive intelligence and what we do is I like to tell people it's like digital 007. A predictive intelligence. We're scanning the internet both in the accessible, generally accessible areas and also the dark web where all the criminals hang out and we're looking for information on certain on our clients before it ever hits their firewall. So we're able to notify them at the first mention of problems. In the dark web bill, that's where the malware is is developed. I call it the R&D of the criminal world in cyberspace and um and so that's been very interesting. That's primarily for large companies that have a big digital footprint. So that's kind of that's kind of a fun thing too, yeah, yeah, I'm I'm looking for solutions that are easy and affordable to help protect companies from this that. You know, our military says that this is, this is the 5th area of risk. We've got land, sea, air, um, space, and now cyber, and those are the five areas that our government is concerned about defending us because cyber is just, I think cyber's going to be the next area where we're going to have, you know, instead of a 9/11 we're going to have a cyber 9/11 type of a situation, but In the short run, every company is vulnerable, and every company's got to be in compliance. Well, I'm glad you're out there for us, Julie. Julie Ryan of ISaturn, thanks for joining us today, and again, I hope our listeners will go visit your website, learn more about this. It is very important. Critical area and perhaps you can come back and join us again at sometime in the future and we can get deeper into some of these topics and give our listeners some more tips. What do you think? I'd be delighted to. Thanks so much. Well, thanks again for joining us. We're going to take a short break. We'll be right back after this, so please stay tuned. Just thinking about what will happen to your business if you're gone keep you awake at night? Will you get the price you need from your business to carry you through retirement? The BEI Network of Exit Planning Professions is the world's leading advisor network with the power to help business owners transition out of business on their own timeline and terms. Ask your most trusted advisor to create a BEI plan for you or visit us at exitlannning.com. That's exitlannning.com. You're listening to Exit Coachradio.com, the information station for age 50 plus business owners, where we're interviewing top advisors for their best tips, ideas, and precautions so you can be well planned. We upload new one minute tips every day. Exitcoachradio.com. Come listen for a minute. Thank you for listening to Exit Coach Radio. Time is precious and so are our pets, so time with our pets is extra precious. That's why we started Dutch. Dutch provides 24/7 access to licensed vets with unlimited virtual visits and follow-ups for up to 5 pets. You can message a vet at any time and schedule a video visit the same day. Our vets can even prescribe medication for many ailments, and shipping is always free. With Dutch, you'll get more time with your pets and year-round peace of mind when it comes to their vet care.
About Exit Coach Radio
Exit Coach Bill Black interviews Top Advisors for Tips, Ideas & Precautions for Business Owners who want to grow and protect their company value and plan for a successful Business Sale or Transfer. Listen daily so you can be well-planned!
People who have contributed edits to this page.