Data Protection Isn’t Optional, Even on Day One

ByAnna Angelova
Tweet
Share
Share
Pin

“People, not software, are the most common cause of data breaches.”

– Anna Angelova

protect client data

Data breaches aren’t just a big business problem. They can, and do, take down small businesses too.

In this episode, we explore why protecting client data isn’t something to “get to later,” and what you can do from day one to safeguard your business, your clients, and your reputation. No tech team required.

You’ll learn:

  • How to handle sensitive client info before you have any formal systems
  • The daily habits every founder and team member needs to adopt
  • Why most data breaches happen because of people, not technology
  • What social engineering is (and why it’s shockingly effective)
  • How to think about your intellectual property as a high-value asset
  • Why cutting corners on data security could cost you more than you think

We’re not sharing this to scare you. We’re here to make sure you’re protected.

If you’ve never thought about digital security before, or you’ve been meaning to “get around to it,” this is the episode you need to hear.

Want to grow your business fast and with no overwhelm? Check Thrive360 here.

“Security isn’t just a department. It’s a culture you create from day one.” – Jores Minasvand

Transcript for “How to Protect Client Data From Day One”

The transcript below was automatically generated. Please ignore any errors or inconsistencies in the text.

Anna Angelova   0:05
Happy Tuesday and welcome to today’s episode of More Than Just Task Management, your favorite daily podcast where we help you build a thriving business with me, Anna Angelova, business coach and consultant, and my co-host Joris Minafan, the business consultant. Morning, Joris.
Dangerous.


Jores Minasvand   0:24
Good morning, Anna. Happy Tuesday. It’s Tuesday, right? I am sometimes. Every day is a Friday for me, but let’s call this a Tuesday. I usually have six Fridays a week except for Saturday. But yeah, it’s happy Tuesday.


Anna Angelova   0:27
It is Tuesday.


Jores Minasvand   0:39
The topic of our day-to-day is to how to protect, protect your customer data and data in general. I mean there’s you also have to protect your employee data when you grow pipeta blah blah, a lot of stuff comes in privacy so.
Data passwords. How do we protect those? So you wanna jump in, Anna?


Anna Angelova   1:06
Yes, let me start. So thinking about day one, so day one, you might not have your systems ready. I think you might still do things a little bit manually, right? You might not have a CRM, you might just.
Use an Excel spreadsheet where you put people’s names and some Contact information. So ultimately it All starts with the processes and it All starts with you. It All starts with you having good habits.
Of you just mentioned that before before we started the recording, you just mentioned locking your your computer, right? Locking, locking your your own laptop where when you get up and go like people don’t see what’s in there so.
A lot of things start with you and your own habits initially, and from day one that how you protect is of course these are some of these things should be a no-brainer and we shouldn’t even be talking about, but don’t post this.
Even through Gmail and things like this, you know sending the customer data or something like this. Don’t post this online anywhere and again even from your own.
Habits like having different passwords for different things, and I know we’re All guilty of using the same password in multiple places. It’s human nature, but as you were starting to build a business.
And especially when it comes to your customer data, even in the beginning stages, when some of these things might be a little bit more manual, like as I said, you wouldn’t have a CRM in place. For example, you do want to have a password protect the file, for example.
Yes, there’s no foolproof method and like as as we are recording this and the quote it’s what the we are publishing this on August 5th I think 5th I think yeah so because we’re publishing this on on August 5th like just.
What, 2-3 weeks ago, there was news about a breach like for Microsoft SharePoint, I think. So it’s so yeah, these things happen and no matter how much we try to protect.
There’s always something happening and there are some things that are out of our control. There are also at the same time things that are in our control when it comes to protecting client data from the day you start your business. And again, there are even just simple things like password protecting.
A file where you might keep information and making sure that your own laptop like your own systems, having having a scanner like for viruses and things like this, not clicking on suspicious emails and opening suspicious.
Uh, links and things like these. These are simple things that start with you as you’re starting your business. And then as you build, as you build the team, as you build the business, as you start implementing, of course, as you start getting the different systems.
Then then it comes to also proper installment, like how you properly set up these systems to protect and to make sure that passwords are updated regularly, that only the people who need to have access to the data have access to the.
The data and only for the purposes they need the access for. So this is where I’ll start and I’d like to hear your thoughts as well, Joris. You’re way more into this world even now than me, so I’d really like to hear your perspective as well.


Jores Minasvand   5:19
No, it was a good start. You mentioned about SharePoint being hacked 2 weeks ago and this is Microsoft. If you go online and you check Microsoft’s certification for cloud on their tool on their services.
I think it’s 600 pages long. All of their their certifications and protection when they are telling corporations, yeah, I can’t put your data on our systems. However, as technologies evolve, so do hackers.
So how do we? Because they also use technology faster, even AI, they’re going to use more processing power to guess more passwords faster, whatever the way or backdoors or whatever. But so how do you, how do you protect yourself? I think it’s a combination of what you mentioned, Anna.
People, process and technology. So today’s technology is like you probably know this. I was so irate a few weeks ago. I got a new laptop and it was as soon as I walked away. In 5 seconds it blocked itself. I was getting actually upset. I had to go get our administrators.
To turn that off. So there is technology that you can do that, but then that could be to the detriment of productivity and knowing your people. So I think it’s a combination. Teach your people awareness. Like you said, don’t leave your desktop and this needs to become second nature, right?
So when you say don’t leave your desktop open so other people look at, that person needs to be aware enough and smart enough to apply the same thing to their phone. Because maybe later they’re they’re on the road, they’re going to see a customer, they stop for lunch, they have something on their phone.
The.
As they’re having a sandwich or whatever. So you need to like it’s end to end. Apply the smarts. Don’t click. Like you said, don’t click on suspicious emails. If you have any doubt, ask somebody or think and read more before you click. Protect your password.
Protect your desktop, protect your phone physically. And I think if you have a combination of all of this, I don’t wanna say being hacked is inevitable, but it’s.
It’s you can reduce the chance it will come. I mean, if you have a big enough information, if you have expensive enough information, they’ll come for it.


Anna Angelova   8:00
And it’s not this is the other thing that it’s not just only it doesn’t happen only for corporations, right? Like we don’t want you to be paranoid and be like, oh wow, I need to like no like take take necessary steps like educate yourself. I mean, I was seeing.
Articles recently on on not just hack, it’s some UK companies and not big companies, right? Like not big companies. Yeah, medium sized kind of businesses where.
They actually took over their systems and and wanted a ransom. There was a ransom demand of, I don’t know how many millions. So again, we’re not saying these to scare you. We’re not having this conversation to make you paranoid.
It’s the awareness that you need and to put the necessary people process technology, absolutely. And technologically, yes, you can have a lot of things like you can have the multi step verifications and things like these that people are doing.
The companies offer you can have All these things in place. Yet it’s also goes back to processes like do you have the right processes like are people following and then it goes to people like are they following this and one of the things is that.
Even to this day, it’s not that hackers have technology that’s like people are the weakest link even to this day. What I’m trying to say is, as harsh as it might sound, we people are the weakest link because we should overshare on our own socials. We overshare or oh, I’m going.
On vacation right now and it’s like, oh, perfect. And you live over here. Amazing. Let me go and check your house or whatever it is and see what valuables you have. We overshare and this applies to.
Things about our businesses, not just about our personal life. And you’ve especially if you have worked in the corporate world, like you’ve worked for someone, you’ve probably gone through those trainings about fishing, about social engineering when someone calls and says oh.
This is this person from somewhere. So there is so much information right now online and for for people, for hackers and people with bad intentions to try and play their way into your your corporation and your company.
So again, starting with the awareness and taking the necessary steps to protect and Joris, you mentioned this, it’s not just the client data. At some point it’s your employee data, your your IP as well, intellectual property, yeah.


Jores Minasvand   10:59
Your formulas, yeah, yeah, your recipes, your formulas. You want to keep those your pricing, how you price there. These are things that that yeah, I mean if if it has any value and the more valuable your data becomes or your IP or service becomes.


Anna Angelova   11:02
So.


Jores Minasvand   11:19
The more prone to hackers hacking it will become and you need to be vigilant in protecting it. Combination of technology, people and process and and I remember, I remember and this was getting very, very bad in the late.
Around between 2008 and 2010, hacking and social, especially what do they call it? Social, social engineering. Yeah, they were. They were walking into a reception. They were saying, oh, I want to go to the washroom. It was a very.


Anna Angelova   11:48
Engineering.


Jores Minasvand   11:57
Dressed woman. The washroom actually had two doors, so she went out to the other door, through the other door. This was a company that did an audit on this other company’s hackability and she went straight through the other door, out the other door because the way the office was set up.
And across from the washroom door, women’s washroom door, it was the VP of HR’s office. She walked in the the the laptop was unlocked. The VP had walked away. She copy and pasted and and took pictures of.
A whole bunch of employee salaries, including the CEO, everybody, everybody. And then she walked out and then the next day they came back to the company and they showed them in the audit that we were able to actually, we know how much your CEO makes. And they were like, how? And she said very simply, I used the polite list from your reception and said I need to use the washroom.
A woman walks in distraught. Hi honey, you know it’s it’s whatever I need to use. We are be we we are non confrontational. We want to be polite. We want to be accommodating. But again you need to teach your people so so many places.
This company failed. The reception wasn’t trained. The HR wasn’t. The HRVP wasn’t trained. There should never be an HR VP of HR’s office located outside of the washroom. There’s so many things that we need to think about, like logistics.


Anna Angelova   13:31
Especially public public washroom, right? A washroom that can be used with no, no, yeah, yeah.


Jores Minasvand   13:38
No access. Yeah. So now actually there are companies, they reacted to these stories and there are companies that they actually have to go outside for washroom. There is no washroom inside your your office. Almost 90% of companies right now in outside office, our washroom is outside of the building.
So there are there are so many examples of this that it’s it’s like countless and and yeah people fall for this. So protect yourself. Don’t take this lightly and pick the the don’t when it. This is something that I would say when it comes to this.
Protection. Don’t save money. Don’t go over money saving. Don’t pick a software that is $50 a month less than the other one. Go for the expensive one in the long run. Think about it. You have insurance of two to $3,000,000 liability as a small to medium sized business, maybe more $10 million.
Dollars. Why?
Because things happen, you cannot control variables. So protect yourself, get the right technology, teach your people. And and a few months after that, what that happened was Dell, I think this was 2010 and Dell had a very big meeting.
In in a boardroom, in a glass boardroom with a vendor. There were, I think, 25 people in that classroom. They all got up to go take a break for lunch. The head of security of the of Dell walked in.
And I think 80% of the laptops were not locked. So everybody in that boardroom got fired, the vendor got fired and they made an example. So put that in your employment.
Breach of data intentional or not following the rules and company policies that will make that that will that may end up with a breach of data is grounds for.
Being fired. So you teach your people, protect yourself, protect themselves as well from themselves and build these systems that will protect everything. I think your IP is more important than customer data.


Anna Angelova   16:02
And again, we’re not saying this to scare you. We’re not saying this to make you paranoid. These things are really important. And one thing is that corporations, they tend to pay really a lot of attention to this.
Nowadays, the way things are working, even as small, mid-sized businesses, this is something that we can’t ignore. And if we forget about the recent example with Microsoft, I don’t know if you’ve seen this.
I think I saw it last week. It turns out that ChatGPT shared. If you create a link to share a ChatGPT chat, if you want to share a ChatGPT chat, when you click share, it creates a link.
And this link, I don’t know if open AI has fixed this or or or not yet. This link becomes indexable on Google.
Wow.


Jores Minasvand   17:10
I had not heard of that. I did not know that. Wow. See, these are the things when you put in all this hype about AI. Rush, rush, rush, rush, rush, rush, rush, AI without proper governance, throwing it out there, scaring people that do AI or your company’s dead. It’s putting so doing.


Anna Angelova   17:14
Yeah.


Jores Minasvand   17:30
So much hard, putting so much a danger, whereas I like a couple of, I know a few big corporations that they completely shut it down. They don’t care. And until there is governance and they can control it, they don’t care. Don’t use AI unless we know what it does in the background.
I think the biggest problem now is the newest. So AI wasn’t enough. They were throwing all this stuff about AI. Now it’s about the agenting AI. Create an agent that calls an agent that creates an agent that calls an agent that does an agent. After the second agent, you don’t know what’s happening. You lose complete control.
Complete control.
So yeah, technology is is is good, but then you need to know how to use it and how it’s used. So yeah, it’s it’s a tough world to be in and we will deep dive more into this technology and how to pick them, what to use and how to use it.
But wow, that was scary. I did not know that about the the index. Wow.


Anna Angelova   18:36
Yeah, they might have fixed it already. I don’t know. I I haven’t seen it. But ultimately when you share a link, it makes it shareable usually, right? So whoever has the the the link can see the chat and like you said with bigger corporations.
Because they have All these rules, because they have All these. Sometimes we think they’re cumbersome and too much bureaucracy, but because they are monitored by different regulators and things like this, they say no, we don’t know how this work. We don’t know what this is. We you’re not allowed to to go there.
But for smaller businesses, everywhere you go, it’s like if you don’t have this AI tool, you’ll be left behind. And then suddenly it turns out that oopsie, this is actually available and because we’re talking about putting customer data, protecting your customer data.
If you have put your customer data there in a chat to ask for help for some things that you’re doing now, this is available or it was available at least for a little bit for people to see it was accessible.
Again, being aware of this and taking the necessary steps. This is why we’re having the conversation. Not to make you scared, not to not to paranoid you. This is the reality of the world we live in.
And one step at a time, don’t get overwhelmed. And we did mention it yesterday. We mentioned it again today. Wherever you need help, whenever you need help, we are here for you. I’ll put the link to our services so you.
You can see what we offer and also the whether whether this is something that you want to explore right now.


Jores Minasvand   20:34
100% This is a very important topic. Unfortunately, the generalized part of it is very broad, so it’s important to talk to people, understand your systems and customize something for yourself, something that works for you.
And no, we’re not trying to scare people. These are realities, our lives and.
Yeah, some companies, actually what they do right now, they actually, once in a while, they send phishing emails to their own people to see who clicks on it.
One of the a couple of weeks ago I had a very I was waiting for a very important e-mail from Microsoft. So I got two out of the four and then I don’t know if this was coincidence or the actual outside Company Fishers, they actually were waiting for this.
The third one that came it was phishing. I clicked on it and then our we have we have phishing hack stoppers. So they stopped it and then our IT from Europe, they called and they told me that you clicked on a on a phishing. What happened? And I explained it to them.
And they actually had to take my machine offline and do a complete check for for malware.
Yeah, it’s it’s it’s happens even today.
Love it. Love it. All right, Dana.


Anna Angelova   22:06
I think we’re.


Jores Minasvand   22:06
I think we’re.
Good. Like I said, they Call us if you need help. We are here. We have a lot of experience with this and we can help out. And I think, yeah, build the right system, train the people the right way and use the right technology. You will minimize the the potential for hacking and and.
Lawsuits.


Anna Angelova   22:30
Yeah, just an update. I I checked it to see what’s going on. It does say that a open AI is removing the conversations. So like they they are making them non indexable ultimately. Wow. But it it it is something again that’s why we’re having the conversation and.


Jores Minasvand   22:35
Mm.
Wow.


Anna Angelova   22:49
I’m sure we’ll have more of these kind of conversations in the future. This is more than enough for today. Thank you, Joris. Really appreciate it. And we’ll be back tomorrow with another awesome topic, one of my favorite topics on how to figure out whether your employee or a team member is ready to.


Jores Minasvand   22:56
Mhm.


Anna Angelova   23:09
To move to the next level and become manager.


Jores Minasvand   23:12
Look forward to it. Thanks, Anna. Bye, bye.


Anna Angelova   23:16
Thanks. Bye. Bye.

Tweet
Share
Share
Pin

Similar Posts