Cyber Sip Barclay Damon LLP

In this conversation, Kevin Szczepanski and Jessica Copeland of Bond, Schoeneck & King define generative AI as basically the use of large language models to create natural language responses. They note that AI has been used for decades—examples of it in everyday life include personalized recommendations on Amazon and Netflix. They then move on to the use of generative AI and AI governance. Generative AI has both benefits (efficiency and time savings) and risks (including accuracy, bias, confidentiality). Governance is crucial, and listeners will hear some recommendations for developing a robust AI governance plan, including selecting the right tools, identifying decision-makers, assessing security features, and
implementing policies and training.

Kevin and his guest, Jodi Daniels, founder and CEO of Red Clover Advisors, discuss the importance of privacy as a fundamental human right, noting that building trust is a two-way street. Jodi explains that a privacy consultancy helps companies comply with data privacy laws and build trust with their customers. Jodi emphasizes that privacy is both a legal compliance issue and a market opportunity. By prioritizing privacy and being transparent about data use, businesses can differentiate themselves and gain a competitive advantage. They also discuss the book Jodi coauthored with her husband, Data Reimagined: Building Trust One Byte at a Time, which provides a story-driven approach to help professionals understand the importance of privacy and navigate privacy regulations. 

Kevin and guest Ziming Zhao, assistant professor in the Department of Computer Science and Engineering at the University at Buffalo, discuss Ziming’s work in systems and software security. They focus on ethical hacking and its goal of responsibly disclosing vulnerabilities to vendors. Ziming says that hacking can be fun and doing it ethically serves a purpose, though he emphasizes that ethical hacking is not a guarantee of absolute security. Companies still need to have a security in design mindset. Ethical hackers can help raise the security bar for companies and organizations. Ziming also discusses the relationship between academia and industry in the field of ethical hacking. 

In this episode, host Kevin Szczepanski and his guest, Bill
Haber of TEKRiSQ, discuss tips to prevent phishing attacks, which, they remind listeners, are “fraudulent attempts to obtain personal information through electronic messages.” Kevin and Bill highlight the prevalence and success of
phishing attacks, emphasizing the need for vigilance from both individuals and organizations. Covering examples and types of phishing attacks—spear phishing, smishing,
man-in-the-middle attacks—they offer takeaways including slowing down, being cautious of urgency, verifying suspicious emails, conducting trainings, and
implementing tools like VPN and DNS filtering. These practices can both enhance cybersecurity and improve the chances of obtaining cyber liability insurance.

Kevin Szczepanski and Arun Vishwanath, chief technologist of Avant Research Group, discuss the urgent need for cyber-hygiene education for children, including about security and privacy. They highlight frequent cyberattacks targeting schools and other education systems, which often have outdated technology and may lack sophisticated IT security skills and resources. The conversation also touches on the role of the private sector in providing cyber-literacy education. Kevin and Arun embrace reforming credit monitoring for children and expanding its scope to include reputation management, and they agree about the importance of protecting the next generation from cyber threats and the need for systemic changes.

 

Kevin Szczepanski and Kyle Cavalieri, president of Avalon Cyber, discuss the increasing risks of funds transfer fraud, covering topics such as understanding this type of fraud, how it works (including fake invoicing and “vishing” attacks), red flags, and how to respond. Red flags can include unexpected calls or emails, and it’s important to be prepared for when these contacts occur. Kevin and Kyle emphasize the growing threat of such attacks, which can result in significant financial losses. They discuss the importance of immediate action, including updating credentials, notifying the bank, involving an attorney, and reporting the incident to law enforcement. Listen in to learn more.