How Do You Manage Your Digital Footprint
In the latest episode of the Cyber Insurance News and Information Podcast, host Martin Hinton, Executive Editor at Cyber Insurance News, engages with cybersecurity experts Trinity Davis and Chuck Randolph from 360 Privacy. This insightful conversation highlights cybersecurity’s direct impact on individuals, stressing the critical importance of managing digital footprints to enhance personal safety.
Trinity Davis, drawing on extensive military and executive protection experience, emphasizes how the digital space frequently initiates threats that manifest physically. With examples ranging from high-profile burglaries targeting NFL players to the exploitation of personal data, Davis underscores the vulnerability created by everyday transactions. The digital broker economy thrives on personal data, often compromising individual safety for convenience.
Chuck Randolph, introduces the concept of the “attack cycle,” explaining how attackers methodically collect online information to execute targeted attacks. Randolph, with experience spanning military operations and Fortune 5 executive protection, points out that while convenience drives modern life, it often inadvertently exposes individuals to risks like juice jacking, phishing, and identity theft.
The discussion also explores AI-enhanced threats, such as deepfakes and manipulated digital media, which pose significant risks to personal and corporate reputations. Practical advice includes compartmentalizing communications, enhancing digital hygiene, diligently managing privacy settings, and limiting Wi-Fi and Bluetooth use in public spaces.
The episode emphasizes the rising necessity of cyber insurance as an integral part of personal cybersecurity resilience, providing a critical safety net against inevitable breaches. Trinity Davis and Chuck Randolph convincingly advocate for increased public awareness, robust personal cybersecurity practices, and proactive insurance measures as essential defenses in the evolving digital landscape.
Listeners are encouraged to actively manage their digital presence and to view cyber insurance not as optional but as an essential component of their overall security strategy.
Find the Cyber Insurance News and Information Podcast at all the usual spots:
During the podcast, Trinity Davis offered some practical tips for hardening your digital security; below are 360 Privacy’s instructions on that for both iPhone and Android devices.
Other News: Cyber Insurance News & Information Podcast -Episode #3(Opens in a new browser tab)
Cyber Insurance News Podcast Episode #4 Transcript
NOTE: This transcript, or log, of the episode has been checked for accuracy but you should verify any items against the video to be sure. Trust, but verify.
Martin Hinton (00:05) cyber insurance news podcast
Welcome back to the cyber insurance news and information podcast. I’m your host Martin Hinton. And today we’re diving into the very personal side of cybersecurity and how it affects individuals. You probably hear a lot about how it affects big companies. And we’ve got two great guests to dive into that topic with us. ⁓ From 360 Privacy, we have Trinity Davis and Chuck Randolph. They’re both doing fascinating work in this space. And frankly, I’m really excited about this podcast because this is sort of a part of the…
subject matter that kind of gets glossed over as we hear about data breaches and all sorts of things like that. So without any further ado, I want to have Trinity and Chuck take a second to tell us about 360 Privacy. And then also a little bit about themselves and how they come to this space and this career moment, if you will. So Trinity, why don’t we start with you.
Trinity (00:53)
fantastic. Martin, first off, thanks for having us. ⁓ Really looking forward to this conversation. So 360 Privacy
is a firm that started in the physical space and quickly identified that the mass majority of the risks that we are facing in the physical space actually began in the digital space. So we kind of flipped the script. We all come from military special operations, security professional roles.
backgrounds, law enforcement, cetera. And I think that what the key part of that is, is that we all come from the operational space, right? We dealt with these specific issues that we’re trying to solve. We’re not simply engineers that are being made aware of an issue and trying to solve it. ⁓ So we are primarily focused at high network individuals, executives, know, families, ⁓ actors, entertainers, athletes, et cetera.
We are removing or reducing, significantly reducing their digital presence on the internet. And the key there is to prevent digital harassment from manifesting into a physical confrontation or far worse. ⁓ Myself, a little bit about my background. I left the military in the early 2000s, spun almost immediately into the ultra high network space, primarily the executive protection space. ⁓ I’ve been a partner here at the firm for
just under three years, but was actually engaged as a client
almost three years prior to the transition over. When I first was introduced to the organization, I was managing ⁓ the ⁓ security apparatus for an ultra high network family, a tech founder, probably one of the most prolific tech founders that you can think of. So everything from executive protection, residential security, travel security management, protective intelligence.
I then transitioned over to our financial tech firm after about four and a half years tenure with that family office. The financial tech firm was called Robinhood. It’s an app-based trading platform, stocks, cryptocurrencies, et cetera. Post meme stock war specifically around GameStop where trading was halted. Lots of Americans, well actually people around the world.
⁓ lost millions of dollars because of that trading being halted on that specific stock. And I’m sure you can imagine the amount of hate and vitro levied at not only the organization, but the firm. I stepped into to stand up an executive protection program there, primarily again, focusing on EP, residential security and travel security management. So I’ll kick it over to Chuck.
Martin Hinton (03:33) cyber insurance news podcast
Action.
Chuck Randolph (03:36)
Yeah, thanks. Martin, thanks for having us, by the way. It’s great. I love the conversational pieces that you put out, especially, you know, it’s more about getting to the people and just having a discussion, which is great. I brought my coffee just to make it so. I’m Chuck Randolph. I’m actually new to 360, and one of the things I think, Trinity, you summed that up great. One thing I would tell your listeners to think about is the attack cycle.
You know, whether you’re high net worth individual, Martin, or you’re a mom and pop person, or you’re just the next door neighbor, most people when they’re looking at you, whether they want to rob you, or whether they want to do harm upon you, they’re going through some type of attack cycle, you can look at that. And it basically goes from, hey, I’m thinking about Martin, to now I’m going to do something, I’m ideating to a point of action. And if you think about that,
the part where I’m thinking about doing something to Martin, there’s what we might call like search page one or Google page one where who is Martin? How do I find him? What do I do? And I think the thing that 360 kind of obsesses on and I think to kind of underscore what Trinity said, all of us being from the operational side, these are things that we were concerned about. Like how can you not find my client? How can we obfuscate the information so that it’s harder
for people to find Martin because when you disrupt somebody at that end of the attack cycle, it’s much easier than when I’ve gone through the whole thing and now I’m focused on Martin, I’m showing up at his door and I’m gonna do something. Now about me, I’ve been at 360, don’t know, trying to do what, 25 seconds? Just actually a couple weeks, but I am a former client in the company that I used to work at, which was in the protective intelligence field.
And Martin, I spent 20 years at a Fortune in five running executive protection, event security, global intelligence, protective intelligence team. I also spent three years running a strategic intelligence team where we looked at for the CISO, we looked at fiscal and cyber threats and said, hey, what’s emerging that we need to think about or what do we need to consider at this big company? I spent some time as a consultant.
⁓ I also have a 30 year career in the military, most of which was spent in the guard. But like most folks post 9-11, you’re on, you’re off, you’re activated, you’re not. And a good portion of my career on that side was spent in information operations, which is a little bit of think cyber, a little bit of operations. And now you throw in things like the battling narrative and the cognitive domain and mix it all together. And what do you got? You got a little bit of IO.
Martin Hinton (06:26)
All right, so it
seems like you guys are pretty good people
Chuck Randolph (06:27)
That’s a little bit about me, my friend.
Martin Hinton (06:29)
What are some examples that may be out there or anecdotes that you can share with any kind of details scrubbed about the threat and that illustrate sort of the danger people face? So I don’t know if you both you want to have one go with that question, but Trinity, why don’t you go ahead and start.
Trinity (06:48) cyber insurance news podcast
Sure. So, specifically on individuals, ⁓ one of the things that I think that a lot of folks don’t really realize is the amount of transactional data that’s available on all of us is quite staggering, to be quite honest. Every time that we transact, so that can be something as simple as ⁓ going out on date night and giving up our phone number so that the host or hostess can text us when our phone number is ready, ⁓ signing up for an app.
buying a home, house, car, et cetera, we are freely giving up our data ⁓ in a $200 billion a year industry ⁓ in order to make our life a little bit more convenient, right? We’re giving up, freely giving up safety, security, privacy in the pursuit of convenience. And because we’re becoming part of that data broker economy, ⁓ we are…
increasingly ⁓ exploiting ourselves. And what I mean by that is bad actors are or threat actors have two sources of intelligence they can pull from the open web, actually really three, the open, the deep and the dark web. If we focus on the open web, right? We’re primarily looking at the data broker space or people search sites, if you will. ⁓ These sites are range from free
to about $30 a month to gain access, unlimited queries. And they focus on primarily identifying phone numbers, email addresses, known associates, relatives, and they drill all the way down into our association with LLCs, trusts, EINs, and registry numbers, et cetera, of businesses that we have registered. So it’s a treasure trove of information to gather intelligence.
to social engineer or build a pattern of life on an individual. We pivot over to the deep web. So think any social media platform, ⁓ et cetera. We are ⁓ part of the sharing economy, right? We are, and I think that this is slightly taking a trend a little down, right? I think 10 years ago, the Gucci was having a very robust digital profile, being active on social media.
Chuck Randolph (09:09)
Mm-hmm.
Trinity (09:12)
kind of the new Gucci is I wanna be as limited in the space as possible, because I think people are realizing the amount of exposure that they’ve unintentionally opened themselves up to is pretty insane. And I’ll give you a couple of recent examples, right? So the string of, ⁓ I apologize, I had somebody trying to slack me on a video call just now.
Martin Hinton (09:35) cyber insurance news podcast
That’s okay, that’s okay.
Chuck Randolph (09:38)
How dare they?
That’s me, that’s me.
Trinity (09:43) cyber insurance news podcast
So I’ll give you an example. A number of NFL stars have recently been burglarized. And a couple of things really come at play there. One, they’re typically happening on game night. So it’s a very time and place predictable ⁓ that you’re going to be at game night in said town, your home, high chances of, high probability of it being, ⁓ you know, no one being home. Couple that with the data broker economy.
Someone can easily Google to Chuck’s point earlier, easily Google where you live, what your address is, what your phone number is, et cetera. So they’re putting two pieces of intelligence together to really exploit that individual for nefarious reasons, ⁓ Millions of dollars ⁓ have been ⁓ really gleaned from these individuals ⁓ across multiple, multiple players being impacted by these home invasions and burglaries.
Chuck Randolph (10:41)
You know, one thing I’d add to that, just thinking about what you just said, Trinity, is, you know, Martin, I’m an OPI. You know, I got out of college. I was a lobbyist for a year, hated it. And then, you know, found that I needed to do something. And I started out supporting the insurance industry, SIU units doing complex fraud. I think the last big case I did was against a gypsy fraud ring that went from Ohio all the way down here in Texas.
And I think back then we called it pre-texting. Hey, I need Martin to do a certain thing, so maybe I’m gonna call and say I’m from insurance. I’m not saying I did this, but that’s the way it was. I’m gonna call, gonna click on a keyboard so you think I’m from a call center. I’m gonna get you to give me your DOB or address, and now I got it, and I’m gonna come find you, get, back then maybe it was do some surveillance, or I’m gonna deliver a subpoena, or I’m going to come and try to take a statement, whatever that might be.
Now the cool kids call that fishing. And to Trinity’s point, we are in, it’s about convenience. how many times do you think about our kids like, can I have this app? Can I have this app? And the question we ask at my house is, well, what are you giving up to give that app? Because at the end of the day, while yes, it could be targeted for very nefarious reasons, a lot of it could be used for fishing because dang it, Martin, I need you to click the button for the free pizza.
to give me your information so I can skim off five or six thousand bucks and do that to you, Trinity, and 500 other people, and then I’m gonna go dark because I made my money. what do we know about cyber criminals, not necessarily nation state? I mean, they wanna do it easily too. I mean, they have to think about resource supply chain.
I saying they’re lazy? No, I’m just saying they wanna be efficient.
Martin Hinton (12:32) cyber insurance news podcast
So you both touched on something really
Chuck, you just talked about how we hear about the big hacks and the millions of dollar ones and the CDK breach and that sort of thing. But the scale that technology allows these criminals to steal 500 bucks from 5,000 people, if you will, is a part of it. And Trinity, you touched on this as well. When you put one piece of information over here, it seems like nothing, and it may be nothing alone. But when you create that spectrum, that ability to… ⁓
you know, take all of that intelligence about an individual, when their game is, where they live, are they married, you know, what all that sort of thing, you can create a picture that makes people incredibly vulnerable to both the cyber part of this crime. And then in case of the burglaries, you touched on Trinity, the physical part of the crime. What do people need to think about? I mean, again, you touched on it too, Trinity, the idea that people are kind of coming around to the idea that…
And I remember early on, don’t post photos of yourself when you’re on vacation while you’re still actually on the vacation, if you’re posting to social media, right? Cause then obviously people think, the house is empty, right? That’s, that feels like old advice, but it’s probably not that old. I just wonder whether or not you could touch on the idea of what practically people can do. Cause when you get to that box and it says, agree, whether it’s your iPhone iOS update or, you know, some pizza place for, you know, 20 % off your first order click yes. And I think I read something recently like that.
Chuck Randolph (13:42)
What?
Martin Hinton (13:55)
There was one large tech firm that’s agreement would take 10 hours to read, nevermind understand because of the way it’s written. I guess I’m curious in the real world where you have to navigate this sort of compromise, I suppose, ⁓ what advice you might give to people to make themselves a little more resilient or a little more safe in respect to these kinds of concerns.
Trinity (14:07) cyber insurance news podcast
Yep.
Absolutely. think that’s a number of really good questions embedded in that. ⁓ So a couple of things that I would immediately jump on. I think the advice of not posting on vacation is actually ⁓ still very, very relevant and easily actionable. Don’t post pictures until you return from vacation, 100%. Be mindful of what is actually being
⁓ that’s in the background of photos, because I can do a reverse Google image search of, let’s just say you took a picture in the front of your yard and I’ve now captured what the front of your home looks like. I can do a reverse Google image search and actually find an
So being very
Chuck Randolph (15:04)
Mm-hmm.
Trinity (15:06)
of even your children being in the background, I limit the amount that my kids are actually photographed and posted for a number of reasons, right? And then, you know, that kind of spins into the whole, ⁓ you know, AI, ⁓
the ability for AI to actually capture images and post them or paste. This is actually a very big issue right now where children’s faces are being posted on graphic images to now it appears
your child actually
Chuck Randolph (15:32)
Mm-mm.
Trinity (15:34)
explicit images out there floating in the dark web. So obviously very concerning things around photos. But I would also…
⁓ Be very mindful of the device that we’re carrying around on a daily basis and a couple of things that immediately jumped to mind there in terms of limiting the amount of data leakage or exposure that you’re unintentionally ⁓ exposing yourself to is don’t be in a mindset of, when do I need to turn my Wi-Fi or my Bluetooth off? It should be the opposite. When do I need to my Bluetooth and Wi-Fi on on my device?
Chuck Randolph (16:06)
Mm-hmm.
Trinity (16:10) cyber insurance news podcast
I don’t think a lot of people realize that every time that you walk up past a wireless access point, your device is doing a digital handshake with that WAP to say, hey, do you have the keys to enter or access this wireless access point? So you’re literally leaving digital cookie crumbs every single place that you every time you drive past or walk past something. So I would ensure that Wi-Fi and Bluetooth is always off if at all possible.
⁓ I would turn off significant locations on my device. It’s something that I’m heavily ⁓ practiced on and advise clients of doing as well. Because I’m sure that everyone’s gotten in their car at some point during their tenure ⁓ owning an iPhone and your device says it’s going to take you 15 minutes from point A, which is typically home to point B, which is the gym.
you know, work, whatever it is, your morning routine. And obviously, you know, Apple is trying to make your life more convenient. And I understand the premise there. But you’re also, ⁓ you know, allowing a device to track every single one of your movements, especially movements that are important to you. Typical places that you go. ⁓ It’s establishing a routine. And if for some reason I’m able to do a port out scam or compromise your device, now I’ve been able to identify all the places that you typically go.
in the times in which you go there. ⁓ Also trying to turn off ad tracking IDs, ⁓ cross sharing for targeted marketing. ⁓ There are platforms that can be exploited to where I can gain access to ad tech IDs, draw a geo fence around a location, identify the ad IDs that are there, and then track them as they move across the map, historically even. What devices they’re associated with, specific timelines.
There’s a lot of low hanging fruit that folks can actually do themselves. And Martin, I’m actually happy to share a couple of one-pagers that show
how to dial in privacy settings so that you can potentially share with your audience as well.
Martin Hinton (18:13) cyber insurance news podcast
So that would be great. One of the things that if you’re watching this podcast
So look in the show notes wherever you’re getting this podcast for links to that stuff. You touched on two things there. I just want to bring them up, Chuck. And maybe you can answer or Trinity, can continue. We hear a lot about AI, AI, AI. Is it fair to say that your example of the Google Image search, seeing something in the background that then might be somehow manipulated to
make a crime possible or make you the victim of some sort of attack. That’s an example of AI being used in this sphere. Is that a fair thing to say? Just gives people a practical example of what we all mean when we say AI could be this, AI could be that.
Chuck Randolph (18:52)
Well.
Well, okay, let’s be honest. mean, yes, AI will, like I said earlier, AI will make that easier to do something like that. And in a fair use way, or a less in a fair use way. Here I have a picture I wanna get rid of my old friend, and we’re gonna get rid of it and have it like that. That was being done before AI, Martin. That’s been being done for years. think part of what I would say people should take away from this is like, a lot of this isn’t new things, it’s just becoming quicker to do.
AI can take all the information. Let’s go back to the beginning. I’m focused on Martin. I’m following you, Martin. I’m taking all your tweets or whatever we call them now. I’m taking your LinkedIn posts. I’m following your blogs. I’m going to shove that all into AI and say, tell me about Martin. Tell me what kind of email will get to him. Tell me how I can find him, what I can do. And AI just wants to help you. And it’s going to.
come up with a way to do it, either like try these things or go to these places. So I think the idea is like, this isn’t Trinity and Chuck saying AI bad.
I think it’s us just saying
Trinity (20:02)
course.
Chuck Randolph (20:05)
⁓ will ⁓
increase the ability
Martin Hinton (20:08)
Well, you know, so.
Chuck Randolph (20:09)
the bad actor. So what do nation states and criminals have in common in cyber? It’s the great equalizer. If I’m China or I’m… ⁓
⁓ Morocco i have the same ability to interact with people on cyber space anything with criminals whether i’m a large criminal organization on just one guy that has it in for martin i now through tools and things in cyber space i have the ability to come after you in and unfortunately do do nefarious things
Martin Hinton (20:35) cyber insurance news podcast
Well, mean, so being a history buff, I bring it back to
this.
If your getaway car is a horse or a car, you prefer the car. The positive thing to that is the police can get a car too, right? So the idea that I think Trinity, touched on it, this isn’t new. The tools have changed.
Chuck Randolph (20:47)
Yeah.
Martin Hinton (20:52) cyber insurance news podcast
I think that that’s, you know, a really interesting thing to keep in mind as we try not to feel overwhelmed by this because there is the benefits to technology are great. So
Chuck Randolph (20:52)
Absolutely.
Martin Hinton (21:02)
touched on something
Chuck Randolph (21:02)
Look.
Martin Hinton (21:04)
When we think about all the ways, and I’ve done a documentary on this about all the digital sort of crumbs we leave as we travel through our day, easy pass, credit card, just the routine pinging of cell phone towers, WAPs as you said, ⁓ the ability to paint the picture of your routine. So if you’re someone who has something of value, which in cybersecurity sense, a lot of us do, ⁓ painting that picture of routine and then seeing a routine, this is one of the things that have…
Speaking of the old being new again, creating that routine and being able to see that picture routine makes someone vulnerable. You know, when they come and go, you know what routes they take to and from work, when they go to lunch, where they like to get their coffee. This all makes you a more likely or a more accessible target. Is that an interesting way or a possible way to think about it?
Chuck Randolph (21:53) cyber insurance news podcast
What do bad guys and marketers both have in common? They want a pattern of life on Trinity. One, if I’m a bad guy, I want a pattern of life because then I’m going to examine that and say, where’s the best place that I can do a bad thing to Trinity? But if I’m a marketer, I want to know what Trinity’s because now I can suddenly produce an ad that says, hey, it’s 9 in the morning. I know you normally work out. I know you work out earlier than that. But hey, here’s an ad about coffee or protein or whatever.
Yeah, that pattern of life that makes you, Trinity alluded to it earlier, time, predictable, which is a big statement in our world because you don’t wanna be time, place, predictable, but sometimes you can’t help it. If I’m a rock star or I’m an Instagram influencer, well, I need to be places and I need to be seen. So now I have a conundrum of how do I balance the need for air quotes here for folks listening, the likes with
the need for privacy. And Trinity, what is the thing, you and I just were talking about this, there was a rap star, I can’t think of the young lady’s name, but she posted about threats that she received and in the threat, the stalker basically said, I know exactly where you are because your friends and family are posting about you all the time.
Trinity (22:51)
Absolutely.
Yeah, I cannot for the life of me remember who I can’t for the life remember who it was. But to Chuck’s point, the two most dangerous times for for anyone, to be honest, that’s being actively targeted are arrivals and departures. And those arrivals and departures are time and place predictable. The one place that I will say that typically has
Chuck Randolph (23:28) cyber insurance news podcast
Mm-hmm.
Trinity (23:38)
the most amount of security resources infrastructure in place is typically the office. So back to Chuck’s point about being able to gather intelligence around pattern of life, I’m able to then pick a time and place that has the least amount of resources focused at securing you to launch my attack, whether that is some sort of reputational attack, some sort of financial fraud, or
God forbid a physical attack because now I understand that you go to the gym or to this yoga studio or actually this is actually brings up a really good really good point online online contributions, right? ⁓ Let’s just say for instance, Yelp Google reviews Because humans are creatures of habit for a few different reasons We tend to frequent places within a three to five mile radius of our home
Chuck Randolph (24:21)
Mm-hmm.
Trinity (24:35)
because it’s easy, convenient, it’s repeatable, ⁓ know, levels of service based on previous experiences. And I also want to support local businesses. So I leave a positive review for a restaurant and say something to the nature of, hey, every Wednesday night, you know, my wife and I come to, you know, Mario’s Pizza, know, ⁓ Chef Andre’s Fantastic, blah, blah, blah. So now as a bad actor, I know that…
Chuck Randolph (24:38)
Yeah.
Trinity (25:01)
Home is not a tenable solution because I know that there’s a ton of security personnel and cameras that are focused at safety and security. Home, there’s potentials, especially if I’m someone of note, I don’t want to be caught on camera or something of that nature. There might be a residential security team. Now I know that I can pivot to your favorite date night restaurant because now I’ve given a digital cookie crumb for a bad actor to easily glean off of an open source ⁓ Google contribution that I have freely given.
So I’m not saying that we shouldn’t support local businesses. I’m just saying we should obfuscate the way in which we support businesses and
any sort of online contribution if that makes sense.
Martin Hinton (25:39)
Yeah, it does. let me ask you now,
a lot of what I’ve encountered, particularly in the small business world, not so much in the individual world, there’s a bit of a ⁓ quandary that people have comprehending why their data is valuable. Like, well, why would anyone want to ransomware me? Or why would I be the subject to a phishing attack? And I generally say, it’s not about you specifically. It’s about the value that that data has elsewhere. Can you talk a little bit about that sort of, if you will, supply chain through the criminal network, how that works a little bit?
And what that means for an individual who might think, what do I have a value on my digital life? ⁓ How does that work?
Chuck Randolph (26:17)
But you can, I mean, look, the more there are, the more power there is in those numbers. like, one, if the three of us get our information taken, and then that’s added to 5,000, 500,000 more, whatever that might be, Martin, then as we all know in the dark, I’m sure you know this yourself from your studies, that gets bought and Just like your information would.
on an open market when they say, look, if you go and you click on the website and it says, we’re using cookies to track you. Now that gets amalgamated with others. then there’s patterns on the good side, we’re developing patterns so that we can say, hey, how do we better sell this widget? But on the dark side now, we can accumulate that with many others. And if I can get a dollar from you, a dollar from Trinity, a dollar from me or $5 and we’re not really noticing it.
the multitudes of things that we’re paying for. Now I’m quietly just skinning money off of maybe a thousand, 200,000 people and think of the money we’re making from that. And then of course there’s the, then you click on the link and then I suddenly get all your money or all your information or all those things. mean, what would you add to that,
Trinity (27:34)
The only thing that I would add a hundred percent on all of that, the only thing that I would add is also exploitive data that finds its way into the dark web off of, know, stemming from data breaches and leaks. So then it’s not only your PII that’s being bought and sold and traded. It’s also compromised credentials. ⁓ It’s also going to be your social security number that can be exploited as well to open up lines of credit, et cetera. It can also be. ⁓
Chuck Randolph (27:51)
Mm-hmm.
Trinity (28:02) cyber insurance news podcast
Credit cards that may have been linked to those accounts that were leaked ⁓ In the dark or that were breached and then inevitably leaked on the dark web. So There’s a ton of intrinsic value that’s tied to your persona your your your person ⁓ That is very very valuable to to to bad actors or threat actors to be quite
Chuck Randolph (28:26)
And it all sounds very exhausting, doesn’t it? Like, my gosh, like, I gotta track this and now these guys are telling me this. And really, you can’t let that overwhelm you. A lot of what we’re all talking about here, I think is like decisions. Don’t norma lly go, if you’re going to click, hey, I’m gonna let you have this data, we have to be able to understand what is it that I’m allowing and can I shut it off and when should I shut it off? ⁓
Martin Hinton (28:50) cyber insurance news podcast
Yeah. Yeah.
Chuck Randolph (28:54)
Because I think a lot of it, because if you think about this, it just like over, I mean, I was just thinking of ways you were talking about dark web sales, you know, as a retired lieutenant colonel, I mean, I got the OPM hack just like everybody else. And then six months later, I got something else. And six months later, I got something else. At some point, you’re just like, you know, this just my own personal opinion. Like what does a social security number even mean anymore? You know, it seems like everybody has it.
Martin Hinton (29:17)
Yeah.
Trinity (29:21) cyber insurance news podcast
No, I mean, I would say the vast majority of folks out there in the United States have their social security number compromised relating directly back to the national public data breach that happened back in August. And I think the best piece of advice there is at the very least, you should self-impose a ⁓ credit fraud alert if you do that across one credit reporting bureau.
Chuck Randolph (29:24)
you
Trinity (29:45)
It typically trickles out to the remainder and essentially that’s adding a layer of multi-factor authentication. However, I would strongly encourage everyone to preemptively freeze your credit. It doesn’t negatively impact you in any way, shape or form. It adds an additional layer of security. You can easily turn it on and off and ensuring that you’re doing it across the four credit reporting bureaus is key. A lot of people think there’s only three, there’s actually a fourth.
Again, Martin, I’ll push ⁓ the links to all four of those credit reporting agencies, the link that goes directly
where you need to sign up to freeze your credit, if that’s helpful as
Martin Hinton (30:22)
That’d be great. That would be super useful.
you touched on the way we normally travel. We’ve sort of, we’ve talked a bit about things that happen as a natural function of Google Maps or making life more convenient and the things that we want to do. What are some examples of cybersecurity breaches on the personal level? Like you could share to give people an example of how it might happen, whether it’s, you know, not so much your phone being pinged by for wifi, but there being some sort of
Wi-Fi trap or social media account takeovers or that sort of thing where you’ve encountered that sort of thing or what you’re aware of being sort of a trend within the criminal enterprises.
Trinity (31:02)
⁓ I think ⁓ a couple of things that immediately jump out ⁓ to me as a particularly invasive attack that is levied at unsuspecting travelers. And it comes really in two forms, really juice jacking.
So juice jacking would
Chuck Randolph (31:22)
Mm-hmm.
Trinity (31:23)
you plugging in your phone to try to charge it in a public forum. Let’s just say a ⁓
some sort of airline lounge or the airport train station, whatever it is. And a bad actor or a threat actor has placed something on the other side of that USB or USB-C port that then not only delivers electricity, you know, so you can charge your phone, but it also scrapes data the other direction as well. This can also be enacted on the unsuspecting traveler that’s utilizing some sort of, you know, car rental company, ride sharing app.
or I’m sorry, ride share, like a Turo or something of that nature, where essentially you are plugging your device into that phone or into that USB port. And that vehicle is actually scraping your data. And I’ll give you a really personal example of how this potentially can be exploited and something that really made my eyes open a little bit. ⁓
One of the previous, I did executive protection for 20 years, one of the previous principals, somewhere during that 20 year timeframe, we went to the same location every single year. And it was a very small community. And it was almost guaranteed that every suburban expedition, et cetera, that was available was going to my team or the supporting teams around me. So someone could identify time of place predictability, the type of vehicle that we always
Rented so they could essentially show up a week prior place anything they wanted inside of that vehicle listening device Data scrape or whatever it is that could be exploited because we were traveling with with ⁓ You know individuals of note that that if compromised they could steal IP, you you name it So from a very personal perspective that is definitely an easy way to to exploit someone’s digital device
specifically while they’re on the move. Chuck?
Chuck Randolph (33:26) cyber insurance news podcast
Let me add
one to that. So, know, Martin, I said before I worked for a fortune five and, you know, one of the things I ran was the event security team, although we call it event risk management and that’ll be obvious in a minute. And I had this idea from my time in information operations. said, look, this company does large events twice a year, company meeting, something else where we’re rolling out software. I said, prior to the meeting,
like two months prior, we would take a snapshot of the wifi that was available around where this event would be. Then two weeks before we would do it, we’d do it a week after and then a month after. And can you imagine the number of air quotes, wifi towers that popped up the closer we got to this event? So I go rewind all the way back to what Trinity said. Number one, it’s gonna save phone power to shut off your Bluetooth and wifi. But if you’re traveling,
Use your phone. You know, get it. Hey, I want my kid or something to be able to get on the wifi and to watch a video or do whatever. But you need, as the old phrase goes, trust but verify what you’re doing because these ghost wifi’s pop up. And as Trinity just said, I’m in, this is great. I got wifi and if something else is going the other way while you’re playing a game or checking your app or trying to figure out how to get from point A to point B.
Martin Hinton (34:51)
Yeah, you-
Trinity (34:54)
actually wear a very big tin foil hat, Martin. I travel with two MiFis, one for Verizon, one for AT &T. That way I know that I’m always gonna have consistent. ⁓ T-Mobile is my phone, so I have all three carriers.
Chuck Randolph (35:05)
We love UT Mobile!
Martin Hinton (35:09)
So you touched on
Chuck Randolph (35:09)
There you go.
Martin Hinton (35:12)
this sort of thing. One of the things that I wanted to mention and we discussed earlier when we spoke to Trinity was the evolution of deep fakes. And the one that I always come back to is the one from going on almost two years ago out of Hong Kong involving a wire transfer forward involving a deep fake. How much of a, you touched on ⁓ the classic photo editing to make something look like it’s someone else and it’s children on the dark web and.
and those sorts of vile kind of acts. ⁓ Moving that into sort of the personal reputation space and then even the corporate reputation space, ⁓ how much concern is there in the world where someone can appear to do something that they didn’t actually do, right? You talk about a crisis where you all have to manage the, is it actually real? Then you also have to manage the messaging. What kind of concerns do you have in that space surrounding the deep fakes and then the reputational attack?
⁓ potential they possess.
Trinity (36:09) cyber insurance news podcast
There’s actually some very interesting technology that’s spinning up in the space. That wire fraud that you’re talking about specifically though, was a $20 million wire fraud. That was a big payday for that bad actor. ⁓ So yes, I mean, you can actually with about three to five seconds of an audio clip or a video clip, you can actually implement a ⁓ very convincing deep fake.
For the uninitiated or someone that’s not paying close attention There’s a couple of platforms out there that are specifically doing some really interesting things to try to prevent especially over video conferencing Which is exactly how that wire fraud actually transpired that you were speaking about Where they are they are implanting a poison pill if you will or a poison pixel inside of images that are Available on their company websites that someone could capture
and utilize to create a deep fake. What they’re also doing is inviting an AI bot onto those platforms that are comparing and contrasting ⁓ known true samples, video clips, audio clips, et cetera, that are proven quality that are provided by the organization and comparing them against the feed that they’re getting in to identify ⁓ deep fakes that are being utilized as an attack vector across some sort of video conferencing ⁓
know, ⁓ So there’s some incredible technology that’s being spun up to combat ⁓ AI deepfakes. But to your point, it is incredibly concerning. And the unfortunate reality is it is advancing or evolving almost at lightning speed.
it is tremendously challenging to keep up. It almost feels like
we’re trying to solve yesterday’s problem today. And today it’s a whole different set of problems. Chuck, did you have anything to add there?
Chuck Randolph (38:07)
Now I think when you first started talking about this, Martin, I immediately was thinking about the Twitter takeover from the group, what was it called? OurMine And they were able to take over, think like Zuckerberg, Dorsey, a couple other CEOs, and they just said, hey, we’re testing your security. And I think one of the ways they were able to do that, I was thinking about the breach stuff that you were talking about earlier, Trinity, where they…
they gather breach data from LinkedIn and MySpace to guess at passwords. So thinking about deepfakes, well, we don’t really need to deepfake when we can easily just crack somebody’s password and push it out that, this is Martin, I need 10 bucks. And I can’t remember how much that group made over the period of time that they did that. I stress that to only say that Martin, like you said earlier, like everything old is new again, you know?
What did the who say meet the new boss same as the old boss. So it’s just a you know, it’s wearing a different hat. And Trinity’s right. It’s it’s it’s going at scale. I love the idea of like we’re We’re fighting the last battle. And part of it is us getting over ourselves as an industry to say, hey, look, we need as much as we’re obsessing on what we just did in order to get right of bang. ⁓ We need to start thinking what is that horizontal shift that’s coming.
Martin Hinton (39:30)
Yeah.
Trinity (39:30)
Speaking of deep fakes, so Martin, can’t 100 % confirm that this is legitimate. It was just sent to me yesterday. I’m waiting for someone to actually legitimize the claim, but they sent me a video of a crosswalk that was compromised or hacked in Palo Alto. And it was the voice of Elon Musk and the voice of Mark Zuckerberg. ⁓ were AI generated because there’s
Thousands of hours of audio samples of them But essentially when you press the crosswalk instead of it telling you wait like it typically does they both went on this basic diatribe talking about Doge and then Zuckerberg talking about I can’t recall exactly what it was But I’d be happy to share the video that was shared with me It was it was quite interesting and and I’m not gonna lie, you know objectively funny but ⁓ still concerning for sure ⁓
Chuck Randolph (40:02)
my gosh, yeah.
Well, do you remember
what was it like 15 years ago? I remember being in Seattle and ⁓ speaking of like hacking in and fakes and things and there was a construction sign that said warning zombies ahead.
Martin Hinton (40:39)
Yeah, well, I mean, think you talk about the, well, I mean, you think about the financial sector where you’ve got people laying hundreds of millions of dollars or five-year optic cable to do a trade fractions of a second faster. And if you, we see it with fake tweets that appear to be from someone about a financial situation with a company or an industry and it affects the markets. And obviously if you have poor knowledge of those sorts of things, you can ⁓ strike trades that can make you.
make money, right? So, or, you I mean, you can engineer reset or trading, which, which sort of gets to me to sort of the one of the last points I want to touch on. And you, you kind of touched on this. There’s a real convergence with the convenience part of this between the cybersecurity set of elements and the physical security elements. And I’m thinking about things like, you know, locks that you open with your phone or a tag, those sorts of things. And, and even, ⁓
Chuck Randolph (41:11)
Yeah.
Martin Hinton (41:37)
camera networks that are connected to your wifi and that sort of thing. I wonder whether you could touch on the sort of awareness that people need to have on a personal level about, sure, you want to be able to have a time of day when certain people can enter your home through that keypad electronically and not, but obviously that can be picked like a physical lock.
And I think, again, not to make this about something new that’s crazy and, my goodness, it’s like the sky is falling. You could break old locks, you could break new locks. And the idea is that you need to maintain some sort of a consistent perspective about that. And that’s an element of being secure. The idea that you can feel comfortable, but you know, I think Chuck, you said it, would verify as an element of this. Like it’s fine, but go ahead.
Chuck Randolph (42:20) cyber insurance news podcast
Well,
think about this, think about this Martin. So it’s springtime as we record this. And the last weekend I was home and I swapped out all the batteries in the smoke detectors. Now you’re like, okay, great. What does that have to do with this? That needs to be part of your personal pattern.
you know, high net individuals, people that Trinity and I used to work for, big organizations, they people like Trinity and I to say, hey, it’s time to do this, it’s part of our compliance, it’s what we’re doing, but as an individual, like every time or every three months or whatever that is, you know, change passwords, change your keys. Gosh, Chuck, Trinity, Martin, that’s hard, yeah, it is hard. You know, it’s harder trying to recover from a breach or trying to recover from, ⁓ you know, $15,000.
getting taken out of your account or it’s all scalable. So I think a big part of that, Martin, is thinking about it as, look, we don’t see cyber. Think about this show is about insurance. Look, if you give me a quarter and I say, Martin, I’m gonna walk you to your car and to the best of my ability, I’m gonna prevent Trinity, it’s gonna be hard, from approaching to talk to you. Great. But now if I say, give me a quarter and we’ll do our best to make sure that you’re safe, I’m like, you just don’t see that.
So you almost have to force yourself to see it. So that’s a lot of the way that I personally think about it is like, okay, it’s time to change the passwords. Let’s not go with solar ones, one, two, three, four, know, change the passwords, change the batteries, change the locks.
Martin Hinton (43:57) cyber insurance news podcast
Don’t put it on a post note under your keyboard at work. Is that where we start? I mean, you touched on something now because we’ve been talking a lot. mean, part of the focus of this is personal cybersecurity insurance. And one of the things that we know about this realm at every level is that a huge number of the breaches are down to personal ⁓ choice, you know, events, right? So a human error, I suppose, would be the way to put it, which seems unfair, but that’s the phrase that’s popped.
Chuck Randolph (44:01)
my lord no.
Mm-hmm.
Martin Hinton (44:25)
And I wonder whether or not that in the scheme of things, there is a layer of life to be added on to go with all the convenience we’ve engaged now with as a function of smartphones and technology and wifi and that sort of thing, where we need to have a more fundamental education in the way we teach kids to look both ways when they cross the street, that you change your password. You utilize something that creates passwords that are more complex and harder to pick. ⁓
a more organic necessity or holistic reality to how we build the cyber resilience that is quite clear we need to have because of the scale of the crime. And I guess, you know, it’s a little outside what we discussed and what we shared before we set this up, but I can’t help but think that there’s, it’s not a quick fix, right? That what we’re looking at is something that needs, not unlike a lot of other things, a more sort of robust approach that maybe starts with, again, like, is it school? Is there like cyber security home?
kind of component kind of thing or health class maybe it is. What do you think about that?
Trinity (45:24)
Okay.
Chuck Randolph (45:26)
I mean,
Trinity (45:26)
Yeah.
Chuck Randolph (45:26)
you’re talking about culture change too. And I don’t mean like culture as American culture or Western culture versus I’m talking about even microculture like the Randolph family, the Davis family, the Hinton family, the schools they go to, these microcultures or even generational cultures where like, hey man, I don’t really care. It’s fine, whatever. They’re gonna get me one way or another as opposed to now coming in and saying, yeah, but.
Trinity (45:29)
100%, yeah.
Chuck Randolph (45:52)
What about your parents, your friends? I I think it all starts with some culture management. ⁓
Trinity (45:58)
I think that culture also changes as time moves on. I mean, if we think it from this perspective, I didn’t have my first smartphone until I was in my early 30s, to be quite honest. So I’m certainly not tech native, but the generation that’s Gen Z, they are tech native. They’ve had a device in their hand almost as almost coinciding with their first steps.
Martin Hinton (45:58) cyber insurance news podcast
Yeah.
Trinity (46:26)
So I think that good digital hygiene practices left to us older folks in the space, definitely is education is needed, right? Especially generations above us. ⁓ But I think a lot of the younger folks, it’s almost embedded in their understanding of technology and devices and using multifactor authentication and password managers. Now, not to say that it shouldn’t be embedded and I completely agree with you that
Digital hygiene would be a great class that you take in in in middle school and high school to kind of focus in on on the vulnerabilities that you face in the digital space and understanding that Everything you put in the ether stays there. There’s a digital tag from now until forever ⁓ So yeah, I think that that’s something that surely certainly should be top of
Martin Hinton (47:19) cyber insurance news podcast
So I want to move towards wrapping up. And I’m curious, as you travel this professionally now, where do you see the role of the cyber insurance policy on the individual level or on the sort of home ownership level or the family level? Where do you see that as it is now? And what do you think about that as an element of the resilience and the protection for, you know, should there be something that goes ⁓ wrong, even if you take all the best practices, which we know happens, right?
that these criminals are very, very motivated. I guess I’m curious where you think that that stands in this space.
Chuck Randolph (47:53)
Well, you you said it resilience. And even if we do everything right, there, you know, risk, risk is chaotic and there’s always chaos theory there’s a chance that something will happen. And I was thinking about like we said earlier, like, hey, look, I lost 10,000, you lost 100,000, Martin, it’s scalable. And that can be traumatic just like if there’s.
a rainstorm or the hailstorm and I my roof or my car or something. Now that creates a whole second, third, fourth, fifth, sixth orders of effect that can be very detrimental to me and my family. So I think about why insurance? Well, it’s a resilience. So if I have insurance, maybe part of the thing is I just am trying to get back to the point the second before the issue happened.
because then I’ll have to go all the way back to zero. Maybe I only need to go from five to three. And that’s a heck of a lot easier than having to go all the way back to zero and trying to climb my way out again. So I think about that. just like we change oil in our car, just like we have liability insurance and others, mean, the idea of this resilience and getting us back on our feet as soon as possible, I think’s important.
Martin Hinton (49:08)
Yeah, anything to add on that front, Trinity?
Trinity (49:11)
I’m gonna go back to the old school physical security guy in me and say, you know, looking at this from ⁓ probability versus criticality, I think this really isn’t a not if, but when, but how many times over the duration of your life are you going to be breached, ⁓ you know, digitally? And I think having, number one, I think that,
Chuck Randolph (49:34)
Mm-hmm.
Trinity (49:39) cyber insurance news podcast
⁓ having cybersecurity insurance in place is a necessity just like having insurance on your car as you drive down the street. But I think it should also come with, just like with driving, have to have, you know, driver’s education. You have to pass a state test. There should be a baseline of protections and understanding in place in order for you to have a cybersecurity policy in place ⁓ to protect.
the organization on having to pay out on some sort of claim for sure.
Martin Hinton (50:10)
Yeah, so yeah, you need…
Chuck Randolph (50:11)
And you
writers everywhere just gave you a thumbs up.
Trinity (50:14)
You ⁓
Martin Hinton (50:15)
The idea that you need to be, people knock insurance, but there’s this idea that it can, if the policy requires certain levels of protection, like my homeowner has a discount for having an alarm, right? That is something that helps you feel safer, because insurance is one of those weird things. You kind of need it, but you wish you never had to use it, which is a hard bill to pay, particularly for small businesses and that sort of thing. ⁓ So I think those are really, really good points.
Chuck Randolph (50:37)
Mm-hmm.
Martin Hinton (50:43) cyber insurance news podcast
So as we wrap up, just want to give you guys the chance to, is there anything else we didn’t touch on or anything else you want to say or anything else you think people should take away with this? As you mentioned, Trinity, we’re going to have some resources in the show notes with links to various platforms with some of the stuff we’ve talked about so people can study that further and act on it if they see fit. But go ahead, gentlemen, if there’s anything else that you’d like to say.
Chuck Randolph (51:08)
Well, I would start to say like, this is, by the way, thanks for this conversation. And really it’s fascinating. I think, again, our goal is to kind of bring this down to user levels. Trinity and I both have been at Fortune 50 companies. These issues are no longer just techno thriller issues anymore. These are things that affect us. They affect our clients and the folks at 360 Protect, but they also affect us as individuals.
think it was Leon Trotsky that said you might not be interested in war, but war is interested in you. And I think there’s a play on that. You may not care about cyber, but the crooks care about you and chaos cares about you. And it’s just looking for a way in your house.
Martin Hinton (51:50)
Yeah. Yeah. Trinity, anything to add to that?
Trinity (51:52)
I agree more. Yeah, so I would say ⁓ the data economy isn’t going anywhere. In fact, it’s growing on a daily basis. I think it’s become a secondary revenue stream for almost every facet of industry. So you are the product, 100%. Everyone in the United States is a product. So I would limit the amount that you’re sharing. I would compartmentalize communications. And what I mean by that is ⁓
You know, I have one email address that I communicate for just finances. I have one email address that I communicate for other business functions, one email address for friends and family. That way all my lines of communications are compartmentalized. And if one of those is compromised, it doesn’t bleed out and affect others. I would use multifactor authentication, ensuring that I’m doing my due diligence and understanding what is best practices when it comes to digital hygiene. ⁓ I limit your exposure on social media.
⁓ You’re dialing those privacy settings. Only allow people that you know and trust to have access to everything. ⁓ Just at a high level, those are some things that kind of jump out top of
Martin Hinton (53:02) cyber insurance news podcast
I thought your email reminded me two is one and redundancy. That’s there must be the, the veteran in you there, bringing all that back. ⁓ gentlemen, thank you so much. So Trinity Davis, Chuck Randolph with 360 Privacy. ⁓ thank you so much for the conversation. Those of you watching have a share, leave a comment, ask a question. We’ll do our best to answer them when we see them. And I’m Martin Hinton. This is the Cyber Insurance News and Information Podcast. Thank you so much for watching. Enjoy the rest of your day.
END – EP#4 cyber insurance news podcast