Life hacks are good, like sharpening scissors with tin foil or using candle wax to lube a sticky drawer. Hackers attacking your business, not so much. And it’s not just big corporations that have to be on guard, according to Michael Sluss, Founder/Owner of The Security Nerd, who joined FITCI in July 2021.
The Security Nerd helps small to medium-sized businesses protect one of their most valuable assets – their information. “Many people think of hackers as hoodie-clad teenagers in their parents’ basement,” says Michael. “That may be true in some cases but, in reality, cybercrime is a multibillion-dollar industry. Some people go to work every day and their job is hacking other countries or companies. Throughout the world, there are many state-sponsored cybercrime activities. Computer crime is an organized crime.”
Companies that lack the resources for an in-house IT security department – including local utilities, nonprofits, web-based businesses, and hospitals – are often prime targets. Any company that takes credit card payments, both online or in person, can also be a target. Unfortunately, cyber-attacks make the news regularly, like when the Colonial Pipeline was shut down earlier this year by ransomware or when access to a Florida water treatment facility’s control was hijacked in an attempt to poison water supplies by modifying the amount of chemicals in the water. Every day, companies around the world are forced to pay to unlock their own information and operating systems. Others suffer when sensitive customer or personnel data is compromised.
When downtime becomes a matter of life and death, or loss of business, criminals have a distinct upper hand… and they know it.
Even big, international enterprises can feel the crunch. Michael explains, “Many times I’ve seen companies create page after page of complex security policies, standards, and procedures as a ‘check the box’ activity for an audit or a regulator, but the policies are too daunting and impossible to follow, so, in practice, they are not used. That is not the way to keep a company secure. When it comes down to it, you need something practical to be effective.”
That’s where The Security Nerd makes a difference.
“I started The Security Nerd because a lot of businesses need this expertise, but they don’t have the option to hire a full-time team,” he says. Indeed, according to the US Small Business Administration there are 30.7 million small businesses in the nation. That’s 99.9% of businesses overall, accounting for nearly 60 million jobs and about half of the US economy.
The Security Nerd helps fill the resource gaps by creating customized information security practices that are both practical and sustainable.
Sluss discovered a passion for IT and information security in college, thanks to an influential teacher who brought real-world examples into the classroom. He honed his focus while working as a network and firewall engineer as part of his early career before moving fully into information security. Since then, Sluss has built entire compliance programs, working with both small and international companies on everything from general information security management, PCI/DSS compliance (payment card industry/data security standards), and ISO 27001, an internationally accepted standard around information security management. When a former associate asked for him to consult on an important security project, Sluss saw a way to help more companies protect themselves.
“We start with analysis of the business and their risk factors.” Sluss explains, “How do they make money? What is important to them? How do they operate? What is their tolerance for risk? Because, obviously, every mitigation comes with a cost. Once we understand their goals and business objectives, then we create a targeted approach that works for them with a hopefully minimal impact to operations.”
A complete information security management system considers digital and physical assets, including paper, media tapes and CDs, especially in HR and accounting departments which often maintain sensitive printed information.
“There’s no silver bullet to stop hacking attempts completely,” continues Sluss, “but there are mitigations to put into place that can reduce the likelihood and impact a breach will have on a business.” The first line of defense may focus on how to physically secure non-digital files, initiating a routine schedule for digital backups, or providing security awareness training for employees. “Something as simple as backing up your important records can go a long way in recovering from a ransomware attack where the attacker encrypts your files.”
The key to effective information security, Sluss insists, is developing manageable and practical processes that people can and will actually follow.
Sluss’ career brought him from West Virginia to Virginia and now to Frederick, Maryland, where he enjoys time with local family, including twin nephews who just started preschool. With just a few months at FITCI under his belt, Sluss says he’s looking forward to meeting other FITCI members and participating in FITCI’s “Startup U” programs, an ongoing training series for entrepreneurs led by proven CEOs that covers topics such as marketing and messaging, creating a solid business model and discerning your value proposition.
Sluss is encouraged. “I have very well-rounded experience in my field, but The Security Nerd is finally getting some bandwidth and I feel like I’m in the right place to grow my business while enabling others to protect and grow theirs. And it’s a good time to help other businesses protect what they’ve worked so hard to create, too. Once their information is secure, they can get back to doing what they do best.”
