Episode 2: Don Geiter - ONE 2 ONE

Nicholas chats with cyber law attorney Donald R. Geiter, J.D., M.S.L. (Cybersecurity Law & Policy), CIPP/US, CIPM.

Episode Transcript

0:08

All right, Welcome to Servant Leadership Library, where servant leaders meet the digital frontier.

0:13

In this episode, we’re diving into the world of servant leadership with a cyber twist.

0:18

Picture this:

A cyber attorney navigating the complexities of the virtual realm
Defending against digital threats
Championing a new area of servant leadership

0:28

Get ready to unveil the secrets of leadership in the age of technology as we’re joined by cyber attorney Don Guider from Barley Snyder Law, the defender of both code and conscience.

0:39

This is where leadership takes us a bite out of the future.

0:43

So, I’m Nicholas Paulukow, the host of Servant Leadership Library.

0:47

I’m an entrepreneur that’s build this business on serving others of the last 22 years and living by core values to execute for good.

0:56

Today, we’re going to cover balancing leadership and legal responsibilities, especially in cyber law.

1:02

I encourage you all to subscribe and share the podcast.

1:05

After listening today, please go to ONE2ONE inc.com to connect with us on social media and understand more on how we serve others.

1:16

OK, let’s get started.

1:17

Our guest today is Don Geiter.

1:18

He’s a partner at Barley Snyder Law firm in Lancaster, PA. Don is the chair of the firm’s cybersecurity service team and chair of the firm’s finance practice.

1:27

He also serves on the firm’s technology committee and is the firm’s chief privacy officer.

1:33

Don first became involved in cybersecurity initiatives while he was a law clerk with the Office of Naval Research U.S.

1:41

Department of Navy in the late 1990s.

1:44

Currently, Don advises business clients on a board broad range of cyber, tech-related, and privacy matters, including employee and board training, data breach coaching and support, cybersecurity, privacy, compliance and auditing, counseling and transactional support, and contract review.

2:04

Don, welcome, and thank you for your time today.

2:07

We’ll get started by understanding how you became interested in cybersecurity law.

2:11

Could you tell us a little bit about that today?

2:13

Yeah, Nick, well, thank you for having me.

2:16

It’s exciting to be able to talk about topics that I really enjoy, which are cyber and also leadership.

2:22

So it’s great that you get to meld those together.

2:24

And we have this conversation.

2:26

Yeah, I actually got involved in, as in my bio that you read from describes way back in the 90s.

2:34

I don’t think we’d called it cyber then, but it even goes back to sort of the early 90s when I was choosing to go to college and choose a major.

2:44

Actually initially I was a computer science major.

2:48

Oh wow.

2:49

And computer science to legal that.

2:52

Yeah.

2:53

But, I sort of was a computer science dropout.

2:58

So when I, you know, went into my first couple classes my freshman year, I discovered that I was at a very much a disadvantage to my classmates because I was missing that one thing that they all had in their dormitory.

3:16

That sounds like it would be typical for somebody to have who’s a major and that would be a desktop computer.

3:22

I didn’t have one which was not necessarily a complete barrier to entry but it made it really difficult because I had had to go to the lab way across the campus and all that good stuff.

3:38

So, needless to say, I switched majors and stuck into business.

3:43

I actually also pulled in a criminal justice degree, but always had an interest in cyber related things or computer related things.

3:51

And and then got into into it more deeply from a legal perspective in the late 90s as I was finished out with my law degree and working for the Office of Naval Research where sort of tech was on the forefront.

4:03

OK, yeah, yeah, that’s amazing.

4:06

So, you know all of those that don’t remember the 90s, right?

4:09

I mean, computers were way different than they are today where we hand hold one right in our hand that’s probably more powerful than what you and I even played on in a computer lab, right.

4:20

Yeah, exactly.

4:21

Exactly.

4:22

Actually heard recently that there’s more computing power in your iPhone that was used to send our astronauts to the moon in 1969.

4:31

Yeah, absolutely right.

4:32

That 486 that they had that that was on to go to, you know, space, you know, is not even a quarter of the power, right, that we have on that phone.

4:44

That’s amazing.

4:45

Yeah.

4:45

Well, thank you for that intro and congratulations kind of on your path.

4:48

That’s amazing.

4:50

That’s really neat to learn and which makes it quite unique probably because many of your constituents maybe don’t follow that same path.

4:58

So it makes it quite unique that you can come from the IT side or the the computer programming side and now introduced kind of the legal before we get into the kind of the cyber items.

5:08

Tell us a little bit.

5:09

You had said earlier when we got started, like you know the servant leadership aspect to you is really important.

5:15

So can you tell us what servant leadership means to you per SE?

5:19

Oh yeah, absolutely.

5:21

I mean it it for me, it means leadership by example and leadership by doing and demonstrating things.

5:28

My son who is now 20, was a a Boy Scout and part of being a Boy Scout.

5:34

He went through some training that gave him some opportunities on leadership.

5:41

And I was sort of looking over his shoulder at some points during this.

5:45

And they discussed this thing called the EDGE method, which really delves deeply into servant leadership.

5:52

And EDGE is an acronym which stands for educate, demonstrate, guide and encourage.

6:01

And it’s interesting.

6:02

I mean, this came about probably 6-7 years ago and it was like, wow, that really just boils it down simply into, you know, great leadership style that sort of matches my style.

6:16

You know, I always, I like demonstrating.

6:19

I like encouraging people.

6:21

I like doing things.

6:22

I don’t ask people to do things that I’m not willing to do myself or which I haven’t done.

6:28

So that’s an important part, especially as I wear different sort of hats here at my firm and you mentioned a couple of them.

6:37

You know, I’m a practicing attorney, so I’m counselling clients, but I also have various administrative roles and responsibilities here within the firm.

6:44

I actually just wrapped up a couple of terms on our management committee, which is, you know, essentially 5 individuals here at Barley who managed the firm of over 300 people.

6:57

And you know that requires, you know, a different set of skills and so forth outside of practising law.

7:03

And I supervise a staff of folks here, head of a group department.

7:09

So there’s various elements there, but but yeah, just having the ability to, you know, to sort of step into the shoes that you’ve been blessed to be a, you know, to be a leader of, right.

7:22

Absolutely.

7:23

It is so critical.

7:25

You know having being an empathetic leader I think is important and understanding you know we all come to work every day with things outside of work obviously with families and other responsibilities and you know sort of understanding that we we all go through periods of struggle or adversity or you know and also joyful things as as well.

7:49

So you know understanding that and and helping and adapting as I, you know as I encourage my Co workers and so forth is so important.

7:59

So I think that’s you know, are things that servant leaders really strive for and and need to have as part of their skill set.

8:08

Their skill.

8:09

Yeah.

8:09

And you mentioned skill sets that you know how did you, you know work through continually to be a good leader.

8:15

You know, was there certain people that you follow, that you admire, books that you read that kind of continually help you understand how to be a good leader?

8:24

It’s sort of all the above.

8:25

I mean, I am a very active reader.

8:28

I always have been.

8:30

You know I was blessed as a youngster who you know my father would especially in the summertime, would drop me off at my aunt’s house here in Lancaster and she we would make a pilgrimage to the library and I would come home with five, six books and then devour at least one or two of them before my dad even came to pick me up at the end of the day.

8:52

You know, that happened pretty much all summer long and and to this day I mean, I still read 25 to 50 books a year on various topics.

9:00

Many of them are on leadership and I’ve gone through periods and spells of more of that.

9:07

I enjoy business biographies, stories about, you know, various people who’ve built their businesses and sort of to help understand their techniques and so forth.

9:18

I’ve read, you know, the Simon Simmick books as well.

9:21

Those types or you know, in leadership that are very intentional about, you know, leadership and those have great value.

9:29

And you know, my take away from all of them is that they all have nuggets in them.

9:33

You know, no, unless you write the book yourself, no book essentially is written for you.

9:39

So I think and we’re all unique individuals have been crafted with your unique personalities and skills and so forth.

9:46

So it’s a, it is a matter of sort of exposing yourself to as much of other people’s influence or books and lectures and so forth and podcast the sort of you know, get a feel of what works for others and sort of mail that into your own style and methodology.

10:06

Yeah, absolutely.

10:07

So it sounds like, you know, we’re all life learners, right?

10:09

If we want to continue, continue to progress, we always want to learn or understand from others.

10:14

Yeah, that’s great.

10:14

So like kind of now as we kind of take your, your servant leadership that you’re learning and kind of go into your field a little bit more, you know, how do you think, how do you see like a servant leader’s principles aligned with kind of cybersecurity, right.

10:28

Like, how do you connect those two?

10:30

Yeah.

10:31

Well, I mean from most of my work in cybersecurity is on sort of the front end or I would say like the policy or contract side.

10:38

So risk mitigation, so it’s essentially you know getting with clients and sort of understanding their business enough and I’m always curious about those.

10:49

So I’m more I’m always willing to learn about a client’s business especially in industries that I’m not as familiar so that I can understand where their most vulnerabilities or where they’re you know potential vectors of of of of risk are.

11:04

You know obviously for some businesses that are very data rich, they protecting and fortifying their sense of information is going to be critical.

11:17

In others it’s just a matter of a communication or access to communication.

11:21

Maybe it’s a business that relies on you know a networked system of people communicating, employees communicating with each other.

11:30

So it’s really trying to understand the business and getting in their shoes a bit to understand where the risks are so that I can then advise them on the legal components of where you know they can see you know the most risk and and opportunities to mitigate those risks.

11:49

But yeah, I think it, it really comes down to being you know, many of the same characteristics when you’re leading your own, whether it’s your family or your workforce is, is leading your clients and being empathetic.

12:03

Having being a good listener and sort of understanding which is tough.

12:08

You know, for any sort of profession like the practice of law where our inventory and I say that with air quotes is our billable hour.

12:19

There’s a tendency to sort of rush through things because everyone’s sensitive that they’re on the clock are being billed.

12:25

So sometimes clients don’t want to you know give you everything that you really perhaps need from an information perspective because there’s a fear that they’re getting billed for it.

12:37

So I try to be very upfront with clients you know about those types of situations.

12:43

So when I’m coming out to visit them, you know that’s all my dime.

12:46

It’s my responsibility to learn and understand about your business.

12:51

You know, I don’t need them paying me for that time.

12:53

That’s that’s my responsibility.

12:55

And so, yeah, just sort of being sensitive to those types of things, which I think again are characteristics of someone who is a servant leader who’s in tune from an emotional capacity of, you know, those around them and what’s sort of bothering them or what could be a sensitive topic.

13:11

Yeah, very good.

13:11

That’s excellent.

13:12

And and I think that’s a great, great way to explain kind of how your industry works, right.

13:18

Like you’re really trying to create a partnership with that client by trying to understand them kind of breaking the barrier down from this is just a transaction and an hour rate to try to create an understanding business that’s excellent.

13:30

You know what are the the significant things that you see from from a business standpoint that you know would concern you that you see that it is constant with businesses.

13:42

You know what could you help educate some of the people listening on some maybe tips and tricks that they should consider.

13:50

You know speaking from a general from a cyber perspective, Yeah, I mean it really it still is you know largely AI would say a staff or employee issue that I see.

14:03

You know we know as being professionals in the industry that from a technology perspective especially those businesses out there hiring you know the capable hands of ONE 2 ONE to to help them manage their their IT.

14:19

It’s the rest of a tech issue that’s covered.

14:21

You know ONE 2 ONE is doing, you know they’re going to keep you protected from the technology perspective.

14:26

But the reality is that the entry in to most networks from a from a risk perspective is you know the vulnerability that’s there with the staff and the employees and so forth.

14:40

So here we are, you know, two or three years into, you know, a push out there to guard our businesses from social engineering, and you know, phishing attacks and so forth that really prey on the employees and staff who have access to these networks.

14:58

I’m still seeing businesses that, you know, who largely think that for whatever reason they they will not be victimized.

15:05

Maybe it’s because they’re not right.

15:07

They’re too small, are they?

15:08

That’s not right.

15:09

Yes, absolutely.

15:10

Yeah.

15:11

So I see that as still being the prominent issue for most organizations that their businesses, you know that they really don’t value the training and other things that in the policy and procedure that goes into developing a, you know, that human firewall that businesses really do need to maintain.

15:31

Yeah, absolutely.

15:32

So I think what I’m hearing from you is, is that still today business and the protection of their assets and data really comes down to people, right.

15:41

So uneducated people generally become our biggest risk where as we can protect everything from a technology component.

15:47

But you know people’s actions seem to be a big risk.

15:51

So empowering and educating them sounds like a lot of what you’re doing all the time and then putting it down on paper from a policy perspective to kind of get everybody on the same page.

16:01

Is that kind of what I’m hearing and really encouraging businesses with different you know types of techniques that to you know to implement it is but you know those policies are great but the you know and having one is important.

16:13

But I think something worse than having a policy, well having no policy is having a policy that you just put on the shelf and don’t even follow and we see that happening a lot.

16:24

So like right now, you know, the hot button issue is developing AI policies, artificial intelligence policies like use policies because you know what?

16:36

You know, there’s ethical considerations and confidentiality issues that all sort of come into play.

16:41

And as employees maybe are tempted to use ChatGPT or sort of other plug insurance that are now available to, you know, some of their typical software programs that they’re using.

16:55

There’s not a good amount of sort of education on the ramifications of what that could be and what those uses are and what that means.

17:04

You know, an example of sorts, you know, in my profession is and in my the Bar Association, the American Bar Association and the Pennsylvania Bar Association are very good about getting out in front of this.

17:15

From an ethical perspective is, you know, so if I’m a lawyer and I want to craft a letter to a client and, you know, and I decide to, you know, hammer something out on word and then copy and paste it and put it in the ChatGPT.

17:29

Now I just potentially put confidential information in the ChatGPT, you know and you know there’s there’s issues with that.

17:38

So that’s a simple 5 version of a potentially common issue throughout throughout, you know, various types of organizations who are handling sensitive information.

17:48

Think about it.

17:48

If you had a, you know, a contract with a customer where you have a promise relative to confidentiality, you’re working on something for that customer and you just did the same thing I just said, which is you trap some sort of communication for that customer using that customer’s information and and you put it in, you know, the ChatGPT.

18:07

Now you just perhaps breached your contract where it says you can’t disclose that information to third parties because ChatGPT is a third party.

18:16

So they’re great uses to AI.

18:18

But but there’s also a potential there and I’m not even delving into the other sort of the generative aspects of what that could mean too with that information down the road.

18:30

But you know just from the simple breach of contract or even you know promises you make the clients relative to company and gouty.

18:36

So yeah, so developing policy, so working with clients on that, that’s been something over the last couple months I’ve worked with several clients on and then helping them develop, you know how to implement it in a way so that people understand it and how they can monitor it and keep tabs on it.

18:56

Yeah.

18:56

It’s interesting you talk about AI because in our industry now they’re talking about AI engineers, meaning someone that understands it and understands how to operate it, meaning adopting the use of it.

19:07

So that’s interesting, help kind of expand on what you mentioned earlier from like discussing from an ethical standpoint, like, you know, kind of marrying what you’re trying to do to empower and educate your clients.

19:19

But then there’s like an ethical standpoint to it like you do you ever find that your, your clients or others are kind of bridging that gap, you know, of an unethical situation or you know, you know, explain that a little bit to us.

19:32

You mean in the concept of AI or just, yeah, like AI or you know, in essence in protection of their business because it’s very people driven, right?

19:41

Like the protection of the business is very driven by our people.

19:46

It seems like if you, you know, I can imagine that everybody is ethical, you know, you know, are they trying to find loopholes on how to to manage to the cybersecurity guidelines or or, you know, storing of people’s confidential data.

20:03

Do you see that often or is most people pretty pretty, Yeah.

20:07

I mean there is a lot of sort of openness without naming names of products or services out there.

20:14

You know, there’s lots of talk out there on products.

20:18

In particular, it’s launching essentially a wearable that uses AI very significantly in a way you know to provide you with a a real time perhaps alternative to your your device, your your iPhone.

20:37

And you know, because it’s able to sort of condense a lot of information, it has to use AI to give essentially to give you on demand information because you have very limited abilities, is literally broadcasting on your hand.

20:50

I don’t know if you’re you’ve seen this product out there, but there’s if you read some of these products, their privacy policies for instance, there’s not really clarity in those policies relative to what kind of information they’re collecting or how they’re using it, who they’re sharing it with.

21:07

And, you know, from an ethical perspective, outside of the legal components, because there’s a plenty of legal requirements relative to what goes into privacy policies.

21:17

But much of it comes down to, you know, from an ethical consideration what it is that, what are we collecting and why are we collecting it.

21:24

So there’s that ethical component.

21:26

I think you know the other ethical components out there.

21:30

And I also speak of ethics from a lawyer’s perspective because that is sort of what regulates us.

21:36

We are bound by canon of ethics in our practice.

21:42

But you know, in other you know, in marketing and so forth, there’s issues relative potentially to using AI because are you now creating something that’s original enough that and belongs to the client.

21:55

So if you’re a marketing firm and you’re developing copy or trademark, you know, service mark type stuff and you’re using AI, there is issues out there relative to who owns that.

22:07

You know normally under the typical marketing arrangement you go and hire somebody like that who provides you a deliverable, right.

22:16

And it’s called a work for hire and you come out of that with a product because you paid for it as a customer, right.

22:22

But if AI is being used to develop it, there’s more questions about you know, whether or not that’s you know that that’s an original thing of sorts.

22:31

So there’s that issue as well.

22:34

It’s interesting that you say that, right, ’cause like even from a, from a standpoint of like trade marking something and now you’re asking AI to generate a logo or generate something.

22:45

That’s going to be crazy to understand how that in essence is going to be policed from even like a trademark standpoint.

22:51

Hey, it generated a logo that look like mine or use the name that that’s kind of crazy.

22:56

You’re bringing a lot of valid points that seems like it’s only going to get fuzzier till it kind of levels out again.

23:04

Yeah, it’s sort of the wild west, I think for a while.

23:07

And then and then the other ethical component is you know, where what do you want to do?

23:12

What’s your business focus here?

23:13

And are you trying to eliminate, are you trying to use AI to enhance your capabilities or to eliminate, you know, human aspects of your business?

23:23

So there’s that component as well.

23:25

And you know, there’s, you know, lots of debate over that.

23:29

Certainly you know as people we want to be meaningfully employed and work and be industrious and if we’re eliminating opportunities because we’re relying on AI you know and it definitely allows I think businesses and it levels the playing field to a certain extent, maybe breaks down throwing out a lot of cliches here, but breaks down a lot of barriers of entry into businesses.

23:51

I mean that was sort of, you know, we think about the advent of websites back in the day where where a small, you know, one person shop could could create a web site and give the illusion that there’s some big firm.

24:05

And that’s right.

24:06

That’s right.

24:06

There’s a lot of that still happening.

24:08

And then AI power, you know, use AI power you, you could, you know, become very industrious with very few people very quickly, right, depending upon the type of business.

24:18

So I think there’s an ethical component to that as well. And you know you know encouraging sort of the thought leaders in the in the space to think about you know emphasizing and I think there is a a good amount of this emphasizing the enhancement of how AI enhances use of people not replacing people.

24:41

And do you see kind of from a from a governmental level where do you see kind of any, do you see any policing from a legal standpoint?

24:48

Do you see any current guidelines being developed or put into place that are gonna kind of create some leveling fields here or create some clarity?

24:59

Well, actually the White House just issued one a couple of weeks ago on some guidance on use of artificial intelligence.

25:07

So, I think so everybody sort of starting to dissect that it’s, you know, like most things produced by any government.

25:14

You know, you know it’s not going to have enough substance.

25:19

It just tells you enough that the government people sort of important political positions are thinking about these issues.

25:27

You know of course like with anything I think the decision makers and the policy makers are always going to be a couple steps behind you know where the technology is and then it becomes a matter of playing catch up or sort of undoing or you’re trying to limit activities that you know businesses are already out there running with.

25:49

So that’s it’s always going to be I think the issue and the concern I got you.

25:55

Yeah, thank you.

25:56

And kind of changing subjects a little bit, you know, many times we get a lot of questions about cyber insurance, right.

26:02

And it kind of that same mentality that you brought up a minute ago.

26:05

Well, if I have insurance, if there’s a problem, they’ll just pay for it, right.

26:09

And so there’s a mentality of like, you know why I have something that’s just going to protect me from it, and I’m small enough that nobody’s really going to target me.

26:18

Can you speak on that briefly like how you feel about that, where you think the industry’s going and what business owners should really be considering when they’re thinking it kind of with that mentality?

26:28

Yeah, I mean there’s definitely a place and for cyber liability insurance and it’s certainly important.

26:34

You know, I think it’s been like 5-6 years ago that the OCC, which is the one of the regulators, federal regulators of our financial institutions, issued a memorandum to the banks that it regulates saying in short term, I mean as a relatively short memo itself.

26:56

But it said along the lines of of cyber liability insurance is not a cyber risk solution.

27:04

And I think what they were responding to was that when we ask you as a regular ask you bank what are you doing to reduce your cyber liability, The answer can’t be cyber liability insurance like that.

27:19

It has to be more than that, like you can’t rely on that.

27:22

And then so that was five, 6-7 years ago.

27:26

I mean that still holds true and then some.

27:29

You know the issue now as many businesses who have cyber liability insurance are facing is that even without an incident, a covered incident.

27:37

So you have a essentially claims free business who is looking to renew their insurance policy is looking to pay perhaps it’s double from a premium perspective to get the same amount of coverage or less.

27:51

That’s what’s happening because the amount of claims over the last five years are just going out, you know out the out the roof.

27:58

I mean it’s just crazy and at some point and the other issue out there is that there’s much standardization in insurance generally speaking.

28:10

So when you as a consumer shop for hazard insurance or property insurance, life insurance, like think about the insurance products you’re you’re really comparing apples to apples because you could shop from this, you know, this issuer to that issue insurer.

28:27

There is no such thing yet with side reliability insurance.

28:30

So if it’s cheap, it probably doesn’t sort of match up to your risk and your needs.

28:37

So there’s it’s hard to compare apples to apples and again it’s very important and they’re it’s good to have you know a broker who’s helping you who really knows your business and you know that’s just you know somebody that sort of understands so they’re helping you complete the applications because there’s also a lot of denial of coverage.

29:00

I mean insurance generally I mean you always have a risk of denial of coverage and that typically occurs for a number of different reasons.

29:08

One is because you didn’t complete essentially the application appropriately.

29:11

So maybe you didn’t fully represent or you mischaracterized elements of, you know, that maybe would increase your risk if you would have disclosed them.

29:23

And insurers, you know, can use that per the policy as an opportunity to deny you coverage.

29:30

There’s other ways that coverage can be denied as well, but you know, the application process so.

29:36

So what happens a lot of times is businesses sign up for something that really and they’re not filling out the forms, the applications correctly or something.

29:44

So you know I scan if anyone follows me on LinkedIn, you’ll see I’m very active and looking at active cases that are out there in the country that are relative to you know cyber liability.

29:57

Many of them have to do with you know, denial of cyber liability insurance and now you’ve got you know the actual business left holding the bag of that liability.

30:08

So the one of the other benefits though of cyber liability insurance, you know is that in order to get a really good policy that actually covers the risk that you need to have covered on your business, it probably will require you as a business owner to really examine and assess the processes and procedures and the technology you have in place.

30:35

So it does provide you that sort of like, you know, people that maybe apply for life insurance for the first time.

30:41

Hopefully it’s not the first time you’re getting a physical, but you will probably get a physical at that point because they want to know before they ensure you that there’s no underlying risk.

30:50

And that’s there’s a similar process now with cyber liability insurance.

30:55

That wasn’t always the case.

30:56

It used to be a lot of self assessments now or self, you know, check the box or checklist.

31:02

Now there’s even employed third parties and I don’t know if we’ll get into the safeguards rule, but that was a big thing came out this year too, which sort of dovetails with cyber liability insurance, which now essentially requires many more businesses within certain categories of businesses to get things like annual penetration tests and have annual assessments done, which you know, are things that businesses should be doing anyway.

31:27

So yeah, so I think that’s why, you know the application for cyber liability insurance in and of itself is a good exercise, but it should not be.

31:36

To go back perhaps the, you know, the answer for your question, it should not be the only thing you do, but that it’s you’re really not going to get away with that anymore.

31:45

It could have been 5-6 years ago, could have been the only thing you do.

31:49

You’re not going to get away with just signing up and getting cyber liability insurance and doing nothing else.

31:55

Well, that is you know, kind of segways into the next spot.

31:57

Thank you for that.

31:58

You know, you talk about kind of threats and protecting from them.

32:02

Is there any frameworks, is there any strategies, is there anything that you would recommend for anyone in business, you know, to pay attention to, to learn more about that would help them in regards to these areas.

32:16

You know, all these business owners, right.

32:18

They’re trying to run their business.

32:19

They’re trying to, you know, you know, develop in their business.

32:22

And this is maybe a very small component.

32:25

So there’s just something that’s pretty, pretty basic that you can kind of educate them with.

32:30

Well, yeah, and I mentioned it earlier, the safeguards rules, so that, you know, without a huge background on that one safeguards rule has been around for a while, but it applied really only to banks up until recently.

32:41

So this earlier this year the Federal Trade Commission, the FTC adopted a version or essentially adopted safe the safeguards rule under its purview to apply to businesses that are beyond and sort of just traditional banks and expanded it to businesses that they still call financial institutions, but would include any sort of business that handles essentially large volumes of money on a daily basis.

33:09

So that includes even things like car dealerships, mortgage brokers and things that wouldn’t necessary of otherwise applied.

33:16

So safeguards rule now applies to those types of businesses, but even if it doesn’t, you’re not in that category.

33:23

There’s essentially 9 or 10 different sort of requirements that form a really good framework within the safeguards rule, which as I mentioned earlier includes having you know actual annual assessments and penetration tests.

33:38

It includes having board updates on where you stand from a cyber perspective.

33:45

It includes in some instances having a written incident response plan as well.

33:52

So you know if you don’t do anything else, look at the safeguards rule because I think as a business it’s ultimately going to be something that’s perhaps adopted at the state level.

34:02

We are seeing some states already.

34:04

He actually if you do business in in the Commonwealth of Massachusetts, they have something already in place that would require you to do those things.

34:12

Even you know, if you’re a regulated business like I mentioned banks, healthcare organizations because of HIPAA and educational institutions, you know, you already have frameworks that you have to follow.

34:24

I understand.

34:24

OK.

34:25

Yeah, yeah.

34:26

I mean the other one that people talk about and there’s versions of it sort of for small business is the National Institute of Standards and Technology is NIST.

34:37

Their framework which is can be overwhelming if you look at it, but it can be done in phases.

34:45

And I find that businesses that start the process of looking at NIST find that they already have done many of the things and they include simple things like inventorying your assets.

34:57

So make sure you know what documented things.

35:00

Yeah.

35:00

And most businesses hopefully have already done that.

35:03

But it essentially allows you to it sorts at a macro level and really you can get as detailed as possible.

35:10

So, so yeah, I mean I’m a big proponent of you know what’s regardless of the size of your business, something can be you know from a framework perspective can be scaled.

35:21

And I really do think and unless you know you’re an anomaly type of business, you know if you don’t have some sort of framework in place you’re going to find yourself on that sideline not being able to do businesses, do business with certain types of businesses that are going to require you to do this stuff.

35:42

So vendor management.

35:44

So if you, you know, if you’re, if you have customers out there who are, you know, any sort of institution of any sort, any size, they’re going to be requiring you to follow these frameworks.

35:57

Yeah, excellent.

35:58

That’s a great advice.

35:59

I really appreciate that.

36:00

You know, kind of as we kind of move into advice, you know you started earlier that you were kind of a computer science guy and then you kind of moved in different career.

36:09

What advice would you give for individuals aspiring to get into the career that you’re in from the legal perspective, but the cyber right, quite unique like what advice would you give them?

36:20

Yeah, well, really make sure you have a passion for it.

36:25

And that’s advice for anything.

36:26

I mean, it’s amazing you can make anything into a career if you have a passion for it and it.

36:34

But the contrary is true.

36:35

I mean, you could have had what seemingly looks like a career, but it will be a drudge on you every day if you don’t have a passion for it.

36:43

So that’s you know.

36:44

Foremost.

36:45

No.

36:45

You know enjoy sort of the ever changing landscape of what technology brings.

36:53

You know some areas I kid with some of my partners who are in more static type of practices where you know nothing changes the law doesn’t change and that’s you know pretty rare but you know that that there there’s very very few but like real estate at the end of the day there’s not a whole lot of changes that happen in real estate law on an basis you know but so you have to be a if you want to get into cyber and wall in particular you going to know and have to be willing to be a life learner like you talked about earlier and constantly be reading and keeping up on things and so forth.

37:35

I mean my regrets is that I haven’t been as deep on the tech side.

37:41

So I think the toolbox that the most successful however you define that cyber lawyer would be one who does have a really deep technology bench of sorts or experience who maybe has that degree in you know technology management of some sort and then goes to law school sort of like what we see with patent lawyers.

38:11

So most if you’re not aware, but to be a patent lawyer you actually have to have an undergraduate degree in a hard science like you know an engineering or biology or something like that in order to sit for the the bar, the patent bar.

38:25

OK, OK.

38:26

Which is a little bit different.

38:27

But I, could see that being something that those that want to get into this should develop because frankly that’s the more complicated part of it, the law part of it is ever changing.

38:40

But you know that’s perhaps easier to pick up.

38:44

So yeah, no, it’s there’s definitely a lot of opportunities communities we don’t see you know especially and and I pride myself because in the in the idea that I service, I provide services that maybe are not otherwise only available by really big metro city law firms.

39:02

I mean we’re 130 lawyers here at Barley Snyder.

39:04

We’re not small, but you know many of our clients are middle market smaller businesses.

39:11

So to providing access to this type of practice area, you know I enjoy helping those smaller businesses that wouldn’t otherwise be able to secure you know that type of advice from another resource that’s wonderful.

39:29

And you know you mentioned earlier that you post a lot of content and you you give a lot of content out there.

39:35

Could you tell everyone how to access that information and maybe understand a little bit more what you’re providing every day?

39:41

Yeah, I mean so if you follow me on LinkedIn, if you want to connect with me, I’m there is Don Geiter my name and what I typically try to post three or four or five times a week are you know cases that I see out there.

39:59

And I’ll I’m the one who.

40:01

So you don’t have to.

40:02

I actually read the filings, the court filings and I often will post those court filings in case you really want to read them.

40:09

And you know it’s interesting that you know you you can grab some interesting facts from these.

40:15

I don’t try to comment too much on them from a what was done wrong or more of a take away like you know here’s something to think about.

40:26

So like you know even this one I posted today, earlier today was one of those rare instances where the fraudster actually got caught.

40:35

So this was essentially a 19 year old hacker, if you will, from Wisconsin who did some credential stuffing and essentially obtained credentials to various online gaming websites.

40:53

And I think it was at its heyday was running their own credential stuffing site on the dark web and earning, you know fifteen $20,000 a day.

41:06

Wow, Through that.

41:07

So they were actually caught.

41:09

He was caught.

41:11

So I, you know, I actually posted the criminal complaint and it’s interesting because it was brought by the federal government, United States Attorney.

41:22

It actually, it’s kind of scary that they put this information out there, but they almost give you a play by play in this complete with diagrams on essentially how the fraudster did what they did.

41:36

Wow.

41:37

So hopefully people don’t take these things and actually get ideas, but it does show you how these things go down.

41:45

And so that’s what I like to do and glean from these because frankly a lot of these cases don’t get litigated.

41:53

So you know a lot of things I talk about in warn we learn about breaches and we see those in the news and so forth and you know but you don’t always get the information of how it happened necessary from that.

42:08

But when that entity that had the breach get sued you could read the complaint and it gives you a lot of information of what happened.

42:17

So it reinforces a lot of the things that we’re trying to teach and educate people on.

42:21

Like I have an event that I’m speaking at in a couple weeks which will include Chief technology officers from all school districts in Pennsylvania.

42:33

And you know so I in preparation for that I, I’ve been more mindful of situations and cases that are impacting the school districts and so forth and and and found a, a situation, a case for earlier this week actually where A, A, a school district in Connecticut was suffered a loss by virtue of a business e-mail compromise to the tune of $6 million.

43:02

Wow.

43:03

Wow.

43:03

You know it’s interesting you say that we had a local school district in the state of Pennsylvania that had the same thing and IT manager completed a cyber application noting that they had multi factor when they did not that IT manager left and then in turn they were compromised in their entire payroll system through the entire district and the carrier decided that they were not going to cover the claim because they lied in their application but in turn the broker assisted them.

43:36

However that you know more and more is happening which is amazing.

43:40

Yeah, wow.

43:41

Well, did you have any parting thoughts or comments for, for anybody that’s with us today?

43:47

Yeah.

43:48

Well, no.

43:48

I just encourage folks to, you know, to reach out to us, me or you if they have any questions.

43:54

I’m always delighted to have conversations with people and I, really connect with those that I think are like us here who are just, you know, always curious and looking to, you know, to educate themselves and, you know, be life learners.

44:11

You know, I definitely subscribe to that idea that you know we shouldn’t be static beings and you know consuming right type of information.

44:18

Obviously our you know, our culture society is filled with information overload and you know too much information can be overwhelming.

44:28

But you know sort of fine and encourage people just to sort of find their you know their channel of sorts and and and make their way through it and learn as much as you can about, you know whatever topic interest you whether it’s this or something else.

44:43

You know, I love hearing and talking with people who are passionate about what it is that they do and it’s contagious frankly.

44:52

So it’s and just encourage folks that are listening to you know continue to consume those things that inspire you and know that you can make a difference with that information to help your, you know your clients and customers and others that are in your influence sphere.

45:12

Well, thank you Don.

45:12

I appreciate it.

45:13

You’re a wealth of knowledge and you’re kind at sharing your information.

45:17

You know everybody check out Don Guider’s LinkedIn.

45:20

Absolutely a great resource.

45:22

I’m always empowered through education through that format when I read what he posts.

45:27

And thank you all for joining us on this enlightening journey through the realms of cybersecurity and servant leadership.

45:34

As we conclude today’s episode, I want to leave you with this and the ever evolving digital landscape.

45:40

Leadership isn’t just about authority, it’s about service, empowerment, and collaboration.

45:46

Take these principles with you into your week.

45:48

Whether you’re leading a team, navigating legal landscapes, or simply seeking inspiration for your personal growth, remember the power to make a positive impact is within each of us.

45:59

If you enjoyed today’s episode, don’t forget to subscribe, share and leave us a review.

46:05

Your feedback is like fuel.

46:07

Connect with us on a social media at ONE 2 ONE Inc dot com to continue the conversation.

46:12

And it’s always, you know, good to stay inspired, stay secure and lead with purpose.

46:18

Until next time.

46:19

This is Nicholas Paulukow signing off with Servant Leader’s Library, wishing you a cyber safe and servant led journey ahead.

46:28

Take care.

Episode 11: Dana Hanchin

ByCharles Minguez April 24, 2024April 24, 2024

Nicholas talks with Dana Hanchin, President and CEO of HDC Midatlantic. Dana’s mission is to serve others by providing affordable housing.

Episode 5: Lisa Gonzalez

ByCharles Minguez February 12, 2024March 13, 2024

Lisa González is an EOS Implementer, developer of Process! Mastery Program, and co-author of the EOS® Traction Library Book PROCESS! and a Change Management Speaker.

Episode 6: Brandon Stanchock

ByCharles Minguez February 17, 2024March 13, 2024

From humble beginnings in a one-car garage, SWF has grown to become one of the most trusted names in the metal fabrication industry.

Episode 3: Dan Sahd

ByCharles Minguez January 3, 2024March 13, 2024

Nicholas chats with Dan Sahd, Team Leader at Sahd Metal Recycling and Board Member of the Columbia Economic Development Corporation, and Alex, a Team Member at Sahd Metal Recycling.

Mobile Device Management: Why It’s Crucial for Modern Businesses

ByCharles Minguez June 20, 2023February 26, 2024

Mobile Device Management is important for your business. Learn why it’s important, what exactly it is, and how to set it up.

From Fish Tank to Bank Vault: An IoT Hack!

ByCharles Minguez April 10, 2024April 10, 2024

Discover the real-life IoT hack involving a fish tank in a Las Vegas casino and learn how to secure your devices with expert tips.