Roman Stanton: One Step's Virtual Chief Information Officer (vCIO)/ Client Compliance Advisor
What do you do as a vCIO/Compliance Advisor?
My top priority in both my vCIO and compliance roles is to provide the best solutions for my clients. As a vCIO, I serve as a strategic business partner, offering advice on all aspects of technology, including hardware and software recommendations. However, I also recognize that technology is just one piece of the puzzle, and I may need to advise on non-technical matters to help resolve broader business challenges.
In my compliance role, my primary responsibility is to ensure that my clients comply with the laws, regulations, and standards that apply to their company. This involves implementing industry best practices and adhering to governing bodies' regulations to minimize risks. While my focus is not necessarily on defending against specific threat actors, I am protecting my clients from all of Hollywood.
When did you first take an interest in technology?
I remember breaking my toys as a kid and putting them back together. Sometimes they worked again, and sometimes I threw them away so mom didn't know I broke them. However, the tools used to fix the toys always had me looking at technology in a different way. When I had the chance to work with computers, I was happy that I could change parts, break software, and put it back together again.
Cybersecurity To-Do List
What are some actions you take on a regular basis that help you maintain your cyber hygiene?
On a weekly basis, I go through my personal emails and block, report, and assign to spam. I learned a while back that no one's job is on the line when it comes to stopping spam. Since there is no one in charge of that, it will never stop. Since the easiest way for cyber criminals to get into your system is by sending a phishing email, this is the first line of defense I try to stay on top of. Annually, I like to go over my browser settings. The updates are not supposed to revert changes, but sometimes they do.
Does clearing browser history and cookies regularly make a difference in terms of improving cybersecurity?
I try to clear my cookies regularly, with a nice glass of iced milk. Doc says I should cut back, but it's all in the name of cybersecurity, I tell him. In all seriousness, clearing the cache, cookies, and history is beneficial. Cookies are tracking devices that leave a trail of crumbs to where you have been and what you do online. While it's nice to be reminded of that perfect gift your partner was looking up, threat actors can now get access to your search habits and the history of your browser — allowing them to tailor the perfect scam email. Most of the scams we see are just forms of social engineering. Why would you want to give the bad guys more ammo to use against you?
Do you have any tips for cleaning up your digital footprint on social media?
Social media is one of the hardest parts of our digital lives to clean. The algorithms that guide the social media platforms keep, and use, our data to help themselves grow. The best cleaning is done at the beginning. If it's too late for that, then I would, and do, go to the security tab to see if the settings have changed. Social media terms of service allow them to change your settings, and share your data as they see fit. Remove all public facing options, not only in the "privacy and security" sections, but in the "profile" section too.
My wife had contracted a company to remove her from the web. So there are certain firms that will scour the net, look for similar names, have you verify the data, and then they will remove it from public use. I was amazed. I am more of a public figure than her, so I have not gone through the process but I saw it work. Amazing all the opportunities the WWW offers.
Do you have any tips for cleaning up password habits?
So, back in the day, I was pretty lax about my passwords. I mean, who hasn't used Password123, letmein, or reset123 at least once in their lives? I thought, hey, if someone really wants my stuff, they'll get it anyway. But, over the past ten years or so, I've really changed my tune. I've learned that there are standards for creating strong passwords— you know, the whole 8 characters, upper and lower case, numbers, symbols thing. And, even though it's kind of a hassle to deal with, I'd much rather put in the extra effort than have to deal with identity theft.
I actually had a friend go through that, and it took them a whole year to clear it. It was a total nightmare for them, constantly having to prove their identity over and over again.
Anyway, now I use what's called a passphrase for my passwords. They're not really new, but not a lot of people know about them. Basically, it's a password that's a phrase, like "PeanutButterJelly!" You want to make it a bit more complicated, so it takes longer for those bad guys to crack it. So, maybe something like P3@but*u#erJ3lly^, where you change some of the you can remember; something that your mom or dad says, or an inside joke with your kids. It should be complex, and not something that is commonly known about you.
Now, where do you keep this super-strong password? In your head, my friend! It's the one password you remember, and you use it for your password manager. A password manager is a program that stores all your passwords in one safe place — either in the cloud or on your local computer. There are a bunch of different programs out there, like OnePass or PassPortal. So, don't be like me in my younger days — make sure you've got strong passwords and a good password manager to keep 'em all safe!
What do you do with old, unused technology?
When it comes to getting rid of old personal electronics, the first step should definitely be to clear off any sensitive information. This includes wiping the hard drive of a computer, resetting an iPad to its factory settings, or deleting any personal data. Simply throwing these devices in the regular trash is not a good idea, as they can contain hazardous materials that can harm the environment.
Instead, it's important to properly dispose of these in a responsible manner. This can be done by recycling the devices through certified recycling programs, which can often be found through local government websites or electronic retailers. Many of these programs will accept a wide range of electronic devices, including computers, printers, and cameras.
How should businesses dispose of old technology?
As for businesses, there are often stricter regulations in place when it comes to disposing of old technology. This is because businesses may have sensitive customer or employee data that needs to be protected. Some industries, such as healthcare or finance, may have specific regulations regarding how electronic data should be disposed of. Compliance, compliance, compliance...
What is the best way to store backed-up information?
Backups are clutch for clients. You really need to take those seriously. There are several methods of their backup. I tell my clients to get a backup of their backup.
You should have a Local Backup and a Cloud Backup. These could be file or image-level backups, or a combination of both. I know it seems redundant, but it's the best practice for anyone who lives off their data. Now this is not "I backup my old spreadsheets and marketing materials, etc." even though those should have two levels too. This is for the clients who keep customer data that they use for daily business.
So, for example, cloud backup is what most people these days think of... my data is in the cloud. First off that's great. Let's take the scenario: You are a retailer and there is a fire in the back office, which holds the server, modem, firewall, etc. The fire doesn't destroy the building structure. What happens if you cannot get to the cloud.... the Internet Service Provider line was cut? Does this cripple your business? Well, if you have a local image backup that gets sent to the cloud, you can spin up the database locally on a system to act as a server and you are back in business.
90s Roman Would Say
Yo, listen up folks!
Backups are like, super important for all you clients out there. I mean, seriously, you gotta take a bunch of different ways you can do it, but let me tell ya, you should always get a backup of your backup. I know it sounds like overkill, but trust me, it's the smartest move for anyone who relies on their data.
And we're not just talkin' about your old spreadsheet and marketing stuff, ya know? This is especially crucial for those of you who keep customer data that you use on the daily. Let's say you're a retailer and there's a gnarly fire in your back office, where your server, modem, and firewall are chillin'. What if you can't access your data in the cloud, like if the ISP line got cut or something? That would be a total business-killer, right?
But if you've got a local backup that also gets sent up to the cloud, then you're covered, dude. You can just spin up that database locally on a system to act as a server, and boom, you're back in action. So seriously, don't mess around with backups. They're the bomb-dot-com.
Like What You're Reading?
Subscribe to the Cyber Roundup E-Newsletter for useful tips, relevant blogs, insights from experts, and upcoming events.