Subscribe
Share
Share
Embed
AM/FM RADIO/PODCAST & TV SHOW
With millions of listeners a month, Building the Future has quickly become one of the fastest rising nationally syndicated programs. With a focus on interviewing startups, entrepreneurs, investors, CEOs, and more, the show showcases individuals who are realizing their dreams and helping to make our world a better place through technology and innovation.
Welcome to building the Future, hosted by Kevin Horrick. With millions of listeners a month, building the future has quickly become one of the fastest rising programs with a focus on interviewing startups, entrepreneurs, investors, ceos and more. The radio and tv show airs in 15 markets across the globe, including Silicon Valley. For full showtimes, past episodes or to sponsor this show, please visit buildingthefutureshow.com.
Welcome to Talk Data to me today I am joined by my two other co hosts. Nim, maybe why don't you give a little bit of a background on yourself and what we're going to talk about today, and then the rest of us will give background as well.
Cool. Thanks, Kevin. Nimna Raja, I'm one of the founders here at Critical Matrix. We've been in business for about 15 years. I've been doing this data security and digital transformations for almost 30 years. Very excited to be recording our second session of Talk data, Tim. So thank you.
Hello, everyone. My name is Jab Montel and thanks for inviting us back. Kevin. So I manage the operations for a company called Data and more operating out of Alberta, Canada. So we work a lot with data, the importance of data, how it's applied and what strategic value it contains when you apply to either governance, security, compliance and these type of things. So very interesting conversation. Thanks again.
Very cool. And I'm Kevin Horick. I've been kind of tech almost or over a couple decades now, mostly on the UX UI design side, kind of been a cybersecurity kind of. I think, you know, the three of us all kind of have complementary kind of skill sets. So I know we're going to talk about kind of the importance of data structure and some other topics today. But why do you think that is so important these days? Because data seems to mean everything and it seems to keep getting hacked.
I mean, in general, the conversations that we're having, we can put them in a few different buckets, right? So last time we spoke a little bit about the compliance side of things, legislation, some of the 1011 different compliance legislation that is either applicable in the US or coming. There's lots of changes since we talked. In Quebec, Canada, there's federal laws coming all over the place since last time we talked, Microsoft has been very active marketing copilot, which is very interesting, AI solutions based on language modeling, but also just generic security. When we look at security, we can see so many more activity on almost every level. And we can go literally since the last time we talked, we can go over hundreds and hundreds of examples, public examples, in us alone.
So the more time passes, the more things are being released, the more critical this is also going to become for every organization. And unfortunately, we have more and more substance to talk about, literally on a daily basis.
Yeah, I agree. The world of data is changing every day. And I think where a lot of people are making a mistake, Kevin, is they're taking their data for granted. Data is your commodity in the fourth industrial revolution. Nobody cares about anything. It's the new oil. If you're not protecting it and you're not doing all things that are right by it, the other guy is going to try to take it from you, because the more data they have, the better competitive advantage they have. Everyone's talking about AI. I still don't get it. For me, AI is still intelligent automation. AI equals IA. We don't have any sentient capabilities. We don't have anything that's thinking for itself. What's the one thing AI wants to eat? Data. So it is the most important commodity that we have.
We have to do everything we can do to protect it. And the laws are changing in favor of protecting data.
Interesting. Okay, so you guys mentioned about protecting data, and it's the most important thing. Where does somebody start? Whether they are a company for a long time or they're just starting out, or somewhere in the middle, where do you start?
To quote a famous historical book called the Bible, it says, where there is no vision, the people perish. And usually when you look at presentations, people start from a vision and effectively trying to work their way back. And what every company has been doing for last 1020 years is you build your portals, you got your systems, you have your platforms. There's all kinds of reasons why you do and don't choose certain software packages and certain options, whether you go with Google, Microsoft, or any of the other companies lately, we're seeing a big anti Microsoft platforms being spun up, where there's all kinds of pros and cons to it. So people build their presentation layers, people build their platforms, people build their digital workspaces, and they use all kinds of tools to make that vision happen.
But what every company has been doing for the last, well, arguably last 1020 years, is that the second we start talking about data, people run away. So one of my habits, and anyone who listens to this and wants to correct me, feel free to reach out. But one of my habits is that for the last few years, every CIO, every CISO, every CDO that I talk to. So data officer is, I make one statement, and that is that you have absolutely no idea what kind of data you have. And usually that is met with a smile because it's so blatantly obvious. We have all these tools, we've got these layers and layers of protection. We have all these ways of organizing data. There's all these options for structurizing data.
There's all kinds of ways to enhance it with managed metadata and all kinds of options. But the reality is we don't know what we have. And then we buy tools like Copilot, which basically you apply language modeling and all kinds of integrations to data of which you don't know that you have. So Nim and I, to give you an example, we did a presentation for SEO organization in May in Canada, and the interesting fact is that everyone was talking about AI, generative AI, but the day before became public that OpenAI was hacked, and everything that you've put into OpenAI was now public information. So we actually found that some of the engineers in Samsung, for example, on three different locations, they're trying to optimize their data, their coding, so they put sensitive, proprietary information into AI.
And what happened was that it's available to every form of organization. So to bring it back to the original point is that where there is no vision, the people perish. And what every company has been doing in the last five to ten years is run away from the question of what data do we have? So in the last six months, we see a lot of changes, we see a lot of legislation, we see a lot of proposals, see a lot of comments from even all the way up to such an adela, where he's like, we really need to focus on data. We really need to focus on structurizing data, really need to make sure that the right data is in the right places. But the reality is, as a society, as a market, we're not ready. No one's ready. It's nothing personal.
It's just where we know.
I'm going to put it to you this way, Kevin. For everyone listening, it's very simple. If you're wondering what's your first step, get your shit together. Because at the end of the day, if you don't know what you got, you don't know why you're protecting it, and you don't know how to protect it. So stop pretending everything's okay. Make an effort to start to understand it, because if you don't understand it, you're not doing right by it. Very simple.
I 100% agree with you. It's interesting though, because when you have these conversations with business owners, a lot of times it's like, well, nobody wants to hack me, I'm not valuable or my data is not valuable. And I get that response probably 80 plus percent of the time. Do you guys get that response? Or what do you say to people like that? Because it's just a matter of time before they're going to get hacked if they're not caring about this stuff. Correct.
I like to show them their data, and I like to show them they're worth about $5 on the dark web, especially their tin or their sin, that it's worth about $15 on the dark web and their credit card is worth about 20. And they're like, well, I didn't know it was out there. Well, of course it's out there because you don't take an effort to do right by it, and then there's a discussion of, well, what more is out there. Well, yeah, we can do a dark web analysis on your whole company. And I'll promise you that every employee in your company is out there because you didn't care enough to protect them and the bad actors now cared enough to go and get information from them.
Yeah, no. Interesting. Okay, so you show them what's out there about them, or people can do it themselves. Then what's the next step? And how do you actually start about cleaning some of this stuff up?
My suggestion, hire professionals. Because you can wake up one day and decide, you know what, I'm going to go put the plumbing in my basement. Then you frame it and you drywall it, and then you have a leak and you wonder why, right? So what I recommend is hire professionals. If you want to speak to myself or yap, you know what? Reach out to the show guys. We're happy to work with you. You need software, you need tools. You need people who understand how to tell you the story the right way. So there's tools available. One that I stand behind because yap is also on this call and I work very closely with them, is data and more. We run a quick index. We understand what data you have. We understand what it means from a compliance perspective.
We profile people to say, here's your high risk, here's your low risk. This is what we got to do, and we set you on the right path. This is not expensive. This is strategic. This is now sort of basic stakes at the table.
And there's also multiple reasons to why understanding your data matters, right? So there's all kinds of fear reasons, like negative reasons. You want to be able to do an audit, you don't want to get in trouble with the government, you don't want to get data breached. And when you don't want to have all kinds of personal identifiable information, healthcare information, or even sensitive information out there. Like yesterday, Xbox just releasing all their data through in the market up to 2028. And of course they're saying, well, everything is outdated and it's not as valuable as you think it is, but it's a problem, and data breaches are very expensive.
But even when you forget all the negative reasons, there's a lot of positive reasons to having a good data governance, like the ability to start using the right tools in the right places with access to the right people. Whether you are dealing with suppliers, whether you're looking at it for legal reasons, or even functionally speaking, like you actually want to start using copilot, which means you need to have a certain level of taxonomy in place. You need to understand what data you have in what location, and how to apply logic to it. So having a foundation, instead of looking at an end product for starting building your pyramid, if you will, or your iceberg, or building something from the bottom up with a solid foundation, has many advantages. And they're not all negative. Some really enable big chains and big positive elements.
It's interesting. I do obviously understand the negative sides, I think, and a lot of people do about that. But let's maybe talk more about the positive sides of things, because a lot of it can be used for reporting new feature requests, potentially even knowing about new business opportunities or other markets you can grow into. But what are some other positives about actually caring about this stuff as you're on this journey of trying to secure your data as well?
There's a lot of positive here. So the first thing is you're an avid hunter, right? An accurate gun, chose for the right role, with precision, gets it done right. You wouldn't hunt a moose with an Uzi, would you? It wouldn't make sense, you know what I mean? So the good that comes out of this is once you have clarity as to what you're trying to protect and what you're trying to control, you can then choose to invest in the high risk, high exposure items, and you'll probably get by solving that 20%, 80% of your risk going away. There's tremendous value in understanding that clarity. Secondly, absolutely, you get it. Yap. I mean, we've seen it every day when people go, oh my God, we didn't know we had all this. Let's fix that right now. Boom. Done.
Understanding user behavior is also very important because right now, people lead with a vision, and of course, a vision is very important, but to understand what's truly happening in your organization is also very important. Like, you can drive a car and you'd be like, okay, well, I want to drive it from Vancouver to Nova Scotia. That's great. But if you forget that your engine isn't working and nothing is lubricated properly, so your oil hasn't been changed properly, you're going to get in trouble. So when we start doing these insights, and we got a whole bunch of customers, and it's truly very intriguing, because when we start showing insights per department or per use case or per supplier, we start seeing very interesting behaviors, not just of data, but also of how users are doing things, how they're acting.
So with one example, we had a customer, and we're doing all these scans, and we're showing all these insights per department, and we start showing that, wait a minute, for some reason, there's a lot of WMA files, video files, text files, not text, but audio files. So we started looking into it, and we started to realize that these users are sending these type of files to avoid being picked up by security tools. So we can have 15 tools in place, but they won't pick any of them up because the users, like everything else, will find a path of least resistance, and they want to be able to send little video clips and voice clips and anything else without being detected. So now were able to see this behavior, were able to identify a problem.
We'll be able to work with whatever is that is given to us, but we can also then apply the appropriate action, and that is more of a reactive and a proactive strategy when it comes down to users. And of course, having the right data at the right places is very positive. It does create options. Like the example I mentioned for copilot. Having all invoices, all leases, all certain types of documents correctly in a place will make everything significantly better. And yes, that is proactively, but also reactively. A gal, data breach, or even a person got breeds. We know exactly what that person has access to, where they've been, what they have access to, what they could have been compromised, and even that data set across the board. We can also show who else is potentially impacted by this decision.
So we can deal with a lot of things very quickly, and it's just an optimizing and optimal scenario.
Interesting. Okay, so I'm curious then you mentioned about hiring professional. How does that actually work? Is there like a cost range on this? Because obviously, depending on your size of business, money could be an issue.
Money should never be the reason why you don't get security. The challenge is understanding where you can optimize your spending so you can do more with less is going to be key. So when we sit down with the CIO that, you know, I really want to do this, but I'm not sure where there's an easy exercise to go through to optimize your licensing. Optimize. Usually you're purchasing tools that also are given to you for free by Microsoft, but you're paying somewhere else for it. It's included. So there's a lot of things you can do to optimize your spend in order to free up working capital to do something more with it.
But money should never be the reason to not do it because that's like saying I'm going to put the alarm system in, but I'm not going to buy the subscription because I don't know if I can afford it.
No, that's actually a really good comparison. I'm curious, as somebody that's played with some of the cybersecurity tools, it's scary how easy it is to do kind of things, good or bad. Do you want to talk about some of the risks and simple things that people can do to a company to potentially gain access to some of your data?
Well, one of the biggest examples is all over the news today as we just happened to shoot this podcast. But the MGM grant, when you do an assessment, every CISO does this and they make an assessment of what is the weakest link, and the answer is always, well, hopefully is always going to be the same, and that is that humans are the weakest link. So in the case of MGM Grant, essentially what they did is it took a bit of time to prep, but that's okay. They looked at a person with the appropriate access on LinkedIn. So they found out who is this person. So they found one employee. They got his name, his title, location and email.
Then what they did is they just called the employee help desk, and they basically said, I'm this person, I can't access my email, can do this, can't do that. And the help desk just sent a password and allowed the hackers to go into the backend of the entire organization. And so the whole of MGUn grant got compromised and they didn't pay the hackers the money. Now, Caesars did a little different. They paid the money I think it was 15 million instantly, and boom, done. So if you got $15 million laying around, be my guest. But humans are always going to be the weakest link in it. But the result was, for the MGN grant, is that people like guests. You couldn't go into the resorts. Everything was locked down. You couldn't even go into your room.
So what happened was if you wanted to go to your room, at least that's what's happening right now, is you have to ask one of the employees to let you in. And all they're walking around with master keys. So if you want to go to your room right now, that's how it's happened. So essentially, one quick phone call crippled a $34 billion company into submission. And so the weakest link, in the end, is always going to be a human person. So I'm not here to talk bad about the help desk person, because honestly, this is something we see all the time. We work with healthcare companies where doctors get messages for two factor authentication, and they're like, we're just too busy. So they just press, approve, approve. And people are always going to do that, particularly people that are part timers.
What I mean by that is they're working partly for one hospital and partly for another, and they just don't have time. There's too much pressure. And you're going to create a system where people are going to be compromised over and over. And if you then give them access to your data, which, according to the IDC, they predict in 2025, 90% plus is going to be unstructured, then you have a choice. You can either sort it out afterwards, hire a legal team, hire lawyers, hire somebody that's going to go through everything. It will take months, if not years, or you try to sort it out now, like you're going to get hacked. No offense, but that's just the way it is. Just assume that's going to happen, because we see this everywhere.
In California, the government releases a data breach list of the ones that have been publicized, and it's at least one a day that gets publicized. So one a day, sometimes seven a day. And this is from the California government, where they've released the data breaches. So it's happening everywhere happenings all the time. You can either hire a whole team afterwards and deal with it, pay millions, or try to structurize and classify your data. Now, do clean up an organization now in an affordable manner. And that's kind of the message that we've got here. That we're preaching.
Yeah, what he said on point.
Okay. Makes sense. And you're right, I've been kind of following some of the news lately. And you're right, it's brutal how many companies are getting hacked today that are publicizing that they're getting hacked. Right. So obviously there's tons more that aren't going to say anything. But what is your thoughts around actually publicizing that? Because it can really cripple your business, but it also kind of needs to be put out there just so people, it hopefully doesn't happen to other companies.
So there's a couple things wrong with not disclosing. One, it's against the law. So the DoD, canadian law and regulators around the world have said you have to disclose your breach. Now, disclosing your breach I don't think has the shameful stigma as it probably did three years ago, as it has now, because people, community, civilians, whatever, have gotten used to it. But the consequence of disclosing means now you have access to a community of other victims who are going to step forward behind the scenes and help you. Sick kids got breached here earlier in the year, sorry, early last year and it was amazing the response. Obviously there was the ambulance chasers and sharks that were trying to go after.
But then I'm on the board of a hospital and we saw how the Ontario hospital teams got together and started working together with sickets to start recovery. Now the hackers, there is a little bit of honor among thieves. I guess they decided, oh, crap, we didn't know it was a kid's hospital. Here's the keys. We're sorry, we won't bug you again. Here's a list. Know, treat it as a pen test. Here's a list of holes. You should plug them, right, so they apologize, give the key and added value. Good for them. But that's not going to happen every time. But if you disclose properly disclose with honor and remorse. Go to your customers, tell them what happened, that you're aware and what you're doing.
Communicate frequently on what this means to them and what you're going to offer in terms of protection for them. And contrary to popular belief, engage your local law enforcement, FBI. If you're in the US RCMP in Canada, there's ways of getting a hold of them through websites or reach out to us. We've got the links. Here's why law enforcement isn't going to shut down your business and tell you, oh, we're doing an investigation. Everybody step away. This isn't exactly an armed robbery. Investigation. They're going to help you along your recovery process by connecting you with people, process and technology to help expedite it, but also maintain the forensic integrity of the investigation so they can take it away and add to their corpus of knowledge to prevention as well as ultimately apprehending them. And there's many examples of how this happened successfully.
Look at the cookie monster takedown that happened earlier this year. There were a lot of victims who did come forward, engage law enforcement, share that data and help with that takedown. It took a long time, but as a community, we as the potential victims have to work together because the bad actors guys, they all work together. Ransomware as a service is a real thing. I've been on calls and chats where they have an HR department, they have a finance department, they have a sales department, they work collectively together. Alpha v Black cat, who took care of MGM and hacked in. Well, they're collaborating with Klopp, they're sharing their techniques and vectors that worked with other bad actors so that there's collective education, so they, as a bad actor community, get better as well.
You think you have Chat GPT, there's a dark web version of Chat GPT that teaches them bad things, just like the good version of Chat GPT is helping us get good things done. So we have to unite, we have to stick together. There is no shame if you got hacked. Communicate, collaborate, elevate. That's how we're going to get out of this.
A year ago, we would have been ashamed and afraid to even mention that we've been hacked or that something happened. But these days, all you have to do is go to your browser, look at your passwords, and you'll probably have a few red exclamation marks next to it where some of your passport's been compromised. And since the last time we talked, Kevin, companies like Topgolf, Moveit, Psycho Discord, Microsoft, departments of Transportation and other ones, UPS store, Tesla, these are all companies that by law had to disclose the fact that they had data breaches. Now, these are all big companies with big amounts of security. And my guess is that for everyone that's here on that list, there's probably at least a few hundred that isn't.
And the reality is that by the end of the year, majority of companies will probably have been data breached in some way or the other. Like the way that the canadian government is defining a data breach, then we essentially almost all been guilty by it because we are all compromising data one way or the other. And it is a problem. But we also need to come to the acceptance that honestly, at this point in the game, with all the tools that are available, some of which Nim mentioned, it's just the way it is. We are no longer as afraid anymore to mention that there has been a data breach or that something has happened. And we just need to accept that this is just reality so we don't have to hide anymore.
We just need to start becoming part of the solution instead of hiding from the problem.
The other thing, it's interesting when you mentioned about your passwords being compromised a lot of times, even if you have a crazy secure password, if it was compromised in somebody else's system, that password is useless to you. You need to come up with a new one. And it amazes me how many people use the same password across everything and they don't actually check. And even if you tell somebody that my father in law is a perfect example, I was like, your password is totally insecure and guessable in seconds. And he's just like, I don't care, nobody's going to hack me. And it's like, I've had this conversation with him like a million times. But some people just don't care or they don't really understand something as simple as just, you should be changing your password. Well, I don't know, you guys.
Tell me, how often should you be changing your passwords to some of these things?
Well, my advice is get away from relying solely on a password. Every single service we as consumers subscribe to in the cloud has something called multi factor authentication. So in most systems, you go to account or my profile, security or advanced settings, it'll be there and it'll be turned off. You just got to turn it on. Follow the instructions. They might text you a code, they might use Google Authenticator, Microsoft Authenticator, or you can use anyone of your choice. That right off the bat, Facebook, Twitter, Instagram, LinkedIn, Microsoft outlook.com@gmail.com, HubSpot.com. They all have this feature. These are the big ones, right? TikTok? They've all got it. Now, when it comes to your password, make sure each one of them has a different password. Now, creating a password can be complicated. Use a password manager. There's a bunch of them. There's ratings online.
I like to tell people LastPass because that's a good product to use. Go download one, figure out how to use it. And you don't have to store your passwords there. Just use the feature to generate password if that's what you want to do and then store your password in some form of an encrypted vault. That's my recommendations.
There's, of course, best practices, right? So there's strong passwords. So even the backer hospital review, they published the 30 most common passwords, right, well, password being password itself or 123456 or QWERTy or these type of things, but I'll share you a bit of a story from that I had this weekend. So I woke up on Saturday, as I usually do, and I get a text message like, hey, your account has been restricted. Now, we live in Canada. We get tons and tons of restricted. So I'm like, I don't know what's happening. So I check it out, and it's a link from my bank, BMO. And I'm like, I don't click on links. Just out of pure. Out of principle. So I log into my account, and I'm like, yes, your account is restricted. My BMO credit card.
So I call them, and they're like, call this number. But I don't call that number. I never call that number. So I find out what the BMO credit card helpline is and I call them and I speak to a person, but a text was real. So from in the night, from Friday to Saturday, I wake up and there's been 37 transactions on my credit card. Now, what happened in the last few weeks is that I had two purchases that I made in Asia. And I checked out the website. I looked them up. They're legitimate. Everything seems fine. Thousands and thousands of reviews and everything else. I'm like, okay, fine. Worth a shot. So I had two packages come in, and a week later, somehow my information is all over the place. People have access to it. There's been 37 transactions.
One of them was trying to get an AWS store going and trying to take off. I think they were up to about $4,000. They're trying to take out. The AWS thing was about 1600, and that one got blocked. It got locked, but the other 36 went through. So I called them. They're now doing an investigation. It's credit cards, it's insured. But even when you do everything, you do your checks. And even, I mean, we're adults, right? We've been in this it space for a while. We kind of know what to look for. We mess up all the time and imagine teenagers going through this like, they don't have a chance. So following two factor authentication, hard passwords and everything else will get you a very long way. But just like with enterprise data, it's all about how you set it up.
When everything is in one place, unstructured, you don't know what you have, and you start giving random people access, like I did to my credit card. Tears are going to flow at some point.
Okay, sure. And I guess I had something similar. I've seen password managers get hacked, though recently. In the last few years, some of the more popular ones have actually gotten hacked, and then all your passwords are out on the web.
Common misconception. So Lastpass has been hacked five times in the past two years or three years. The passwords themselves are encrypted to the point where it is actually rendered useless to the bad actor. What they were able to get is some back end company information from lastpass and different variations thereof. But the consumer data is encrypted, salted and peppered, randomized to the point where it's useless to anybody that gets it. And then you'll also need the decryption p, which is specific to the password that you set and the local machine it's on. So there's lots of complexities that go behind it. A quality password manager that costs you money, like lastpass, is probably doing things correctly.
Okay, fair enough. The other thing that I found recently is my wife's father actually passed away, and his roommate wouldn't give the wallet back to us with all his credit cards in it. We called the bank before we even had a death certificate saying he passed away this day. There might be some, any charges that happen after this day were obviously not him. And they literally told us there's nothing they could do about it. And were just like, well, we're just trying to give you like a courtesy call. He ended up racking up hundreds of dollars on these credit cards, and it went to the fraud department, and then they put the money back in.
And it was mind boggling to me that even them giving a heads up to say, look, you guys should just monitor this, or at least put something on the account. Like, we're not asking for money, that they did nothing, and there were still charges on that account, and the money went back into the estate account. So stuff like that is so infuriating when you try to even be helpful to a big company. I don't think anybody really feels bad if a bank loses some money. But even when you try to be proactive, I find it can bite you in the ass. Have you guys found that? Or what are your thoughts around that?
I'm really curious about your example, because it borders into criminal intent. So I understand that when you provide a service, you can't just cancel. So I cannot call Nim's bank and be like, hey, Nim died. We need to do something here. And, like, they can just cancel it. But did they ask for, just out of purely out of interest, did they ask for, like, a death certificate or something that they can do something with?
We didn't have it yet, but even after we got it, just the whole experience was mind boggling to me. It's just like, you guys should flag any transaction that happens because it can't be him.
Kind of.
Go ahead.
Bringing that back to context of data and data security. Can you imagine if it was this frustrating dealing with a credit card that everybody has? They've got documented processes on how to deal with it. And it was very aggravating for both you and yap to deal with this fraudulent situation. Can you imagine dealing with a data breach? Can you imagine dealing with the pain, stress, anguish, physiological and psychological dilemmas you will be under and pressure you'll be under, trying to get your information back or trying to tell people, please don't do that. I'm too small. I'm a small business. I can't give you 5 million. How about five k and try to negotiate all that. It is aggravating. This is why we keep saying, identify what you have. Invest in protecting what it is important to you.
So that should a bad thing happen, you know what to do. And unfortunately, it takes people to learn a lesson that in yap's case or your know, asking your bank for that feature where you can log in and block a know from an estate planning perspective, telling your loved ones, hey, listen, join me to your account. Share your password with me. So if anything happens to you because you're elderly, I can log in and block your account, right?
Yeah.
But it takes a hard lesson for us to become aware. That's human behavior. We're going to be stubborn and persistent with our beliefs until proven otherwise. And the bad actors know that, so that's why people fall victim to their prey.
That's fair. And it's also hard because I could, in theory, make that call and say that about anybody. Right. So I get why they did it. That was just like a total good or interesting experience recently that was like. Right. Directed at this. Right. And it ended up costing them money. Not a huge amount, but still. Right. And it's just fascinating how insecure a lot of basic things still are. And there's no way to really validate a lot of things these days still, which if. I think there was simple measures that we could put in place in a lot of things.
How many people do you think are listening to this in their car? Quite a few of them, probably. Here's what's happening, guys. You're driving in this car. You got us on your Spotify, you're tuned in, and guess what? Your car knows that you're doing this and it's logging that data in some way, shape, or form, especially if you have a car with the digital and wifi connectivity solutions that are in vehicles after 2019. Now, as I said at the beginning, we're in the information era. This industrial revolution is all about data and information. Be consciously aware of how you're sharing it, where it's going, and what you're doing with it.
Yeah, I think that's actually really good advice. I hope more people take this stuff seriously, and I think they will as it starts happening to them more. Right. Like you mentioned earlier about just sometimes we're stubborn and it takes something happening to us to actually start paying attention and caring about this.
Maybe turn the volume down so your car doesn't hear it as clearly as you can. Pay attention to driving, if you are driving.
It's a tricky situation, for sure, because you need all kinds of security measures and tools. Even in some of the states in America, they started using biometrics to board a plane right now. And the problem is you also have to give up tons and tons of control as a person. And the question is always, where's the sweet spot? Like, how much effort do I have to do to ensure that this is me to authenticate a file form, document site, or something else? And how much am I willing to give up? Because you can have 15 factor authentication on there if you really wanted to for the most amount of secure data and everything else, but you're going to have to give something else up somewhere. It's a struggle. It just is.
I think the other thing that's interesting about it, at least in my perspective, is there are certain companies I'm willing to give more data and more of my personal information to compared to other companies, right? And then even just self governing that, and then even just simple services that I sign up for, I give, like, a simpler password to some services, and I give a more secure password to other services because I don't want that more secure password out as many places, right. I want it just like, at that one or two places maybe, where it's just like this constant thing that you're kind of thinking about and worrying about. Because you maybe trust companies more than others.
Yeah. And that becomes more of analytics based on user buyer personas and these type of elements, because it's more of an emotional decision. But even as a society, if you see how many people give access to TikTok on their phone, it is absolutely astonishing. And if you do a brief search on what's actually in the terms and conditions of TikTok when you install it on your phone, what are you giving away? Yeah, it's beyond mean. Hackers can access your data in so many different ways. And all we have to do is watch some, you know, some teenagers dance on TikTok, and we give away all of our price possessions within a few clicks. And then we go into our mortgage, and we insist on, like, a 27 letter password because we don't feel safe.
It's just such a complicated puzzle because we give away so much with a few clicks, and then we're so tight on the other ones. Yeah, it's scary. But from an organizational point of view, we can absolutely start tackling the things that matter most. And like Nim was saying in his introduction, data is the new oil. And like I said, anyone that wants to correct me on my statement, you don't know what data you have. Fair game. I did deal with one company once that said that every time they have data that's older than three months, they delete it. So they said, we're not entirely sure what kind of data we have, but we have a pretty good understanding. That was my only exception. So they didn't prove me wrong entirely.
But we're happy to start a journey with you, where we start truly focusing on the oil, the gold, the pillar, the foundation of your organization. That's its data. What do you have? Where is it? Where should it be? And can we help you fix the most common problems that we see? We'll probably surprise you, Nim.
Any other final thoughts, parting thoughts? Know if it's free. You are the commodity, and everything about you is what I want from you. If you're paying for it, you should be able to disclose how much of it you want to give up. And for what. As Kevin said, don't use the same password everywhere. Make an effort, guys. It's your data. It's your identity. Protect it, and really reflect on if you're a business owner or if you are working in a company. What data do you have? What data do you have access to, and how can you do a better job as a person, as a corporate citizen to protect it better.
Perfect, guys. Well, I think that's a wrap. And thanks for listening and tune into the next episode.
Thanks so much.
Thank you.
Thank you. You.
Thanks for listening. Please visit our website@buildingthefutureshow.com to join the free community. Sign up for our newsletter or to sponsor the show. The music is done by electric mantra. You can check him out@electricmontra.com and keep building the future.