Episode 240 – Dr. Eric Cole – Protecting Yourself From Cybersecurity Attacks
Steve Shallenberger: Welcome to all of our Becoming Your Best podcast listeners, wherever you may be in the world today. This is your host, Steve Shallenberger – and I am excited about this guest that we have today! With more than 30 years of network security experience, he is a distinguished cybersecurity expert and keynote speaker who helps organizations curtail the risk of cyber threats. He has worked with a variety of clients, ranging from Fortune 500 companies to top international organizations, banks, CIA – he’s been around and he’s been the featured speaker at many security events and also has been interviewed by several chief media outlets such as CNN, CBS News, Fox News, 60 Minutes. So, welcome, Dr. Eric Cole!
Eric Cole: Thank you so much, Steve, for having me on the show!
Steve Shallenberger: Oh, you bet! Okay. Well, I’ve just told you a little bit about Eric, but before we get into it, I’d like to just give you a little bit more of a feel and then we’ll hear from Eric. Dr. Cole is an industry expert with breadth and depth experience across integrated cybersecurity. He focuses on creating, enhancing, and solving complex problems by bridging the gap between a business and a technology mindset, and this is with a focus on security and innovation. He is the founder of Secure Anchor Consulting – a leading provider of cybersecurity solutions and services. So, Eric, let’s just start off! We’d love to have you tell us about your background, including any turning points in your life that’s really had a significant impact, and how in the world did you end up in cybersecurity?
Eric Cole: Excellent! Thank you so much! I’ll give you my background focusing on three key turning points. So, when I was in high school in the ’80s, I loved architecture. I was always fascinated with how things worked and operated, so I was going to major in architecture, but a friend of the family sat down with me and said, “Eric, everything is moving to computers. So, why don’t you major in computer science? And then you can do anything you want, including architecture!” So, to me, that key turning point was, you need to surround yourself with advisors, coaches, and smart people that sometimes see a bigger picture.
Eric Cole: And then, the other key turning point there, is I realized there is a big difference between passion and purpose. So, yes, I had a passion for architecture – and I still do today. I still love buildings and bridges and how they work, but my true purpose in life was really to help people and make people safe and help protect people. So, there was sort of that big differentiation between them.
Dr. Eric Cole: And then I got recruited by the CIA, and I worked for the Office of Security, doing cybersecurity. And the other big life-changing of that was, I was in a big meeting with about 3000 people – it was an all-hands meeting at the agency – and nobody was asking questions. But they were talking about the internet, and I had a big question. So, I raised my hand and I asked a life-changing question, which was this: “How do we know these systems are secure? How do we know they’re protected?” And they looked at me and said, “Okay, Eric! Why don’t you figure it out?” And it turns out, there’s no way to prove the system is secure. You could only prove it’s not secure by breaking in. And that’s how I became a professional hacker for eight years, which set my career in motion. And that was one of the other key turning points, which is don’t be afraid to ask questions, even if no one else is. I’m sort of known, I sit on a lot of boards and I’m always the guy that asks those hard questions, those difficult questions that they get everybody thinking about the problem.
Eric Cole: Then, I left the agency and I’m both a techie and an entrepreneur. So, I bought and sold several companies and I had one of my companies that I really wanted to sell. It was a government contract and I built it solely to be a market need because I wanted to move on to my next adventure, and we’re trying to go around to sell this and I’m getting noes, and noes, and noes, and noes. And everyone’s like, “Eric, it’s not the right time.” And I’m like, “You know something? The right ‘yes’ is out there!” And I kid you not, 723 – I joke with people I want to get that tattooed on my back – that’s how many people I had to ask until I got a ‘yes’. And then, I ended up selling that company for $400 billion, just under half a billion, just because of that persistence. So that’s sort of the other one where I look at life as sort of the ‘Find Waldo’. I don’t know if you’ve seen those Find-Waldo pictures. In Find Waldo, there’s all those distractions, there’s all those things out there. And to me, that’s all the noes. And it’s easy to focus on the noes and get distracted by the noes and get upset by the noes, but what I do is I look at life as a ‘Find Waldo’. There’s a ‘yes’ in there. ‘Yes’ is the Waldo. You might not see the Waldo, you might have to work really, really hard to find it, but somewhere in there is a ‘yes’, and if you’re persistent enough, you’ll be able to get to that level. And then after selling that, I then built multiple courses, wrote multiple books and now I’m running my company, Secure Anchor Consulting.
Steve Shallenberger: What a fabulous story! So many lessons just in that introduction! Way to go, Eric! That is fabulous! I love it! Dr. Cole and I were talking about Becoming Your Best, the 12 Principles of Highly Successful Leaders, just before we got on today. Eric, as you know, that’s a result of research over 40 years of what sets apart highly successful individuals from all the rest – the same with their organizations. And what we discovered, over and over, is that there were 12 things that were present, and you just kind of ripped off about three or four of those. You’re doing them, already! One of those is ‘Never Give Up”. You know, you keep adapting, you keep learning and, wow, what an inspiration that is! Thanks for sharing that!
Eric Cole: Oh, my pleasure! And I read your principles and I believe in every one of them. And I was laughing as I went through them before this call, to prep, because I’m like, “Oh, I’m doing that and didn’t even realize it.” And I did actually learn a few things too! I was only probably doing about eight of the 12.
Steve Shallenberger: That’s pretty inspirational, so thanks! Well, now, how did you ever maintain your positive frame of reference? I love this description! You just kept going, you’re focusing on finding Waldo – where is he? So, how did you keep your feet under you with all that rejection, all those noes and keep the inspiration, the motivation to keep moving forward and looking for the ‘Yes’? How did that happen?
Eric Cole: To me, what it really comes down to is having a very clear vision and purpose for your life and not letting anything get in the way. And one of the things – I have three kids – that I tell my kids all the time is “Don’t let other people’s opinions of you dictate or control who you are.” So, every time somebody said “No”, I said, “Okay. They’re just not viewing the world the way I am. But I know there’s somebody out there that does.” And it’s just believing in yourself, and it’s the focus. If you’re focused on the ‘Yes’, then noes don’t bother you; the noes don’t impact you. The problem is so many people take it personally, that after three or four noes, or three or four rejections, or three or four people saying “That’s the dumbest idea I ever heard”, they take it personally, they get upset and they get frustrated. So, to me, it’s really believing in yourself knowing that what you believe in is true, and not letting other people’s opinions get you down or get you negative.
Steve Shallenberger: Okay, well, that’s great! And congratulations, also, for being in the arena. You’re in the arena and you’ve accomplished so much! I mean, it takes work. None of this is really a ‘give me’. So, what can you tell us about creating the life that you want, that you hope for?
Eric Cole: Be laser-focused. Make sure you have your goals and your dreams in front of you. And what I do – and it drives my team crazy because they know what’s coming – every time somebody says, “Should we do this? Should we start this new area? Should we start this new product?” I go back and say, “Does it support our mission of making cyberspace a safe place to live, work, and raise a family?” And if it doesn’t support that mission, then I don’t do it. So, it’s so easy to go in – and I know you hear a lot of people talk about ‘Yes, yes, yes, yes, yes’ but, to me, I go in and unless that opportunity is directly aligned with the mission, you want to get in the practice of saying ‘no’, and being laser-focused. Because you have a lot of energy. The problem with most people is when you diversify it when you start doing too many things and trying to make too many people happy and work on too many projects. As soon as your energy is diversified, it’s not powerful. But as soon as you get laser-focused on one thing, and only focus on that, that’s when you become very powerful.
Eric Cole: And the other rule I have is the two-year rule. I go in and I set goals and I set focus, and I set mission. And once I’m convinced that’s right, I will not change it for two years. Because what I found with myself is I would start off, and after 30 days I’d be like, “Oh, look at that shiny object over there. That’s even better!” And I changed my goal. And then, 30 days later, “Look over there! That’s even better.” And then what ends up happening after a year is you worked on 12 different things but never made progress because you never gave the scenes a long-enough time to generate. So, just knowing me that I have so many ideas and get distracted, I force myself, once I lock in – I lock it in for two years and then I reevaluate.
Steve Shallenberger: Okay, wow! That is so inspirational! And if you don’t mind, do you prefer Eric or Dr. Cole?
Eric Cole: I would prefer Eric. That’s what I go by. And especially with COVID and me being home with my family driving them crazy, they’ve been calling me a lot of other forms of the word. So if you’d call me Eric, that would be a compliment!
Steve Shallenberger: There’s a lot of four-letter words in Eric Cole! That’s great! If you don’t mind, Eric, would you repeat your vision and mission that you just shared? Because that is so inspirational! Look how laser-focused that is! But it’s good for us to hear it again because we all want it!
Eric Cole: It’s to make cyberspace a safe place to live, work, and raise a family. And I just want to emphasize because, like other folks, when I talk to them, they said, “Shorten it down, and just make it ‘to make cyberspace safe’.” But my problem is that’s too broad. If you look at my websites or what I do, or what I work on, it’s always in one of three buckets. To make cyberspace safe for the family – now that I don’t make a lot of money on, but I believe in helping the next generation and there’s a lot of kids out there that are being targeted in cyberspace. So that’s more of a personal peeve. And then, to work and raise a family. So, if each one of those buckets where I have three buckets, and if it doesn’t fit into one of those three buckets, then I’m not going to do it.
Steve Shallenberger: Okay, great! I love the laser focus, the vision that you have. So, how do you do it? How do you help people achieve that vision?
Eric Cole: First, is through awareness because most people don’t think they’re a target. When it comes to cybersecurity, most people aren’t going to think that they’re going to be targeted, that it only goes after governments and big folks. So that first one is awareness. So, once I change the behavior and awareness, the second way is I, then, show them what the problem is. And this is what I believe one of my other gifts is, to make things very simple and understandable so they can really understand the problem. And then, the third piece is giving them a solution that they can practically implement to protect themselves, their family, or their business.
Steve Shallenberger: Okay, good! Well, how do they find out about this?
Eric Cole: Through a couple of ways. From a business standpoint, you could go to secure-anchor.com. From a personal standpoint, you can follow me on social media, at drericcole. And I actually have a book that I’m giving away for free right now to help people. So, you can also go to onlinedanger.com – that’s the title of the book – and sign up to get a free copy of the book.
Steve Shallenberger: Okay, good! At the end of the show, we’ll get that information one more time, but that’s awesome! Alright! So, let’s have some fun here. What are some of your favorite stories from being a hacker for the CIA?
Eric Cole: Well, the funniest one is, I was working in the evening trying to get into a utility entity, a company that runs electricity for a certain area of the world. And I’m sure you can imagine, I’ll leave some of the details out so none of you get killed or shot after the show. But I’m trying to get in and I’m trying some simple passwords, and the third one that I tried is a password of ‘password’. And, all of a sudden, I’m looking at the prompt, and I have full access to the system. And I’m sort of looking around going, “Is somebody punking me? Because it can’t actually be that easy to get in there.” I thought it was going to take me days, weeks, or months and I actually got in within about five minutes. That was over 20 years ago. But still, today, the lesson is, it’s much easier to get into systems than people realize because most people aren’t really focused on security. So, you would think your bank account, you would think utility companies, hospitals, and things like that would make security a priority, but the scary part is, in most cases, they’re actually not putting the effort and energy that you would think and they’re much more vulnerable than people would realize.
Steve Shallenberger: Okay! Yeah, that should start waking people up. So, what are some of the dangers of cyberspace?
Eric Cole: The first one is to recognize that 100% security, in any practical sense, doesn’t exist. The way that I always explain it to folks is, imagine a line, a vertical line, and on the one side there’s security and on the other side is functionality. If you go to the top, where you have 100%, security, you have zero functionality. So, you could be 100% secure. I jokingly say, the best way to be 100% secure, is to go Amish. Buy a horse and buggy, give up your cell phone, give up your computer and you will be good, but you don’t get any functionality or benefits. So what you have to remember is, every time you’re adding in functionality, you’re reducing your security. You’re reducing that exposure.
Eric Cole: What I always teach people is, most people ask one question: What is the functionality or benefit? So, if we’re talking about putting an Alexa in our home, or talking about a new server at work, we’re going to say, “What is the value and what is the benefit?” And if we get value and benefit, we go ahead and do it. But what I want to encourage everyone to do is ask a second question, which is, “What is the risk or exposure?” And then, once you understand the value and benefit, and the risk and exposure, you can say, “Is that risk worth the decision?”
Eric Cole: So, for example, when Alexa came out, everyone was like, “Oh, this is so cool! I can go in my house and say, ‘What’s the weather?’ or ‘Turn on the music!’ and Alexa automatically follows my command.” And they loved the benefit. But then, a few years later, when they realized that Alexa is listening in, monitoring and recording your entire conversation and storing it and it could be recoverable and admissible as evidence in court if something happens, all of a sudden people were like “The benefits are not worth the security risks! The benefits are not worth the exposure.” And everybody started ripping out Alexa. My point is, that was two years later. So, what you really want to do in all areas of your life, whether it’s personal or with your kids, with Tik Tok or with business, is always go and say, “Okay, I know the value and benefit, but what are the risks and exposures, and what can I do to either minimize, reduce or eliminate those risks?” And if you have that mindset, then you can actually operate much safer in cyberspace.
Steve Shallenberger: Okay, great advice, Eric! And so, how do we recognize these threats and protect ourselves from them – these cybersecurity threats?
Eric Cole: As my family members and friends would say, “Be a paranoid freak.” That’s what they call me. They say I’m an anomaly because, in regular life, I’m a very positive guy, I always look for the positive, I’m always going to smile. But when it comes to business, I’m very paranoid. I’m always going in and looking for the worst-case scenario and how you can fix it. But the way that I would recommend is, today, you need to understand two main things: that you are a target. Whether you have $5 in your bank account, or $5 million, whether you have a job where you’re making 60K a year or $6 million a year, everybody is a target. Nobody is an exception. So, as soon as you raise the awareness and recognize you are a target, that’s going to be the first step. The second one is, cybersecurity is your responsibility. You need to go in and address it.
Eric Cole: So I’ll give you a great example! Security is built into most applications like banking, but it’s not turned on by default. So, you need to go in and turn it on. So, if you do online banking, I’ll give you some quick takeaways. First, you want to go in under the settings under security, and you want to turn on what we call “Two-Factor Authentication”. And what this does is, now, instead of a static password that could be guessed, every time you connect, it’s going to text you a unique one-time password, which makes it much safer. And then, the second one – which is actually the better option – is to turn on account notification. So, now what happens is, anytime somebody tries to do an EFT (an Electronic Funds Transfer), or they try to take money out of your account or do anything that can be impactful to you financially, you receive a text notification, and you have to approve it. Because with most bank fraud and identity theft, if you catch it within 24 hours, you can stop it. The problem is people don’t have the visibility into their account, they don’t know it’s happening, and therefore they catch it two or three weeks later, and by then, the money’s gone. So, you really want to go in and turn on alerting and notification, so you can have the visibility to see what’s happening.
Steve Shallenberger: Okay, well, that’s the real deal, isn’t it, Eric?
Eric Cole: Exactly. I mean, I know a lot of people say “Oh, the hackers in the cyberspace it’s Tom Clancy movies”, but I can’t tell you how many times I get phone calls from a friend or a family member – I just got one last night where their daughter’s account was hacked and stalked and a 45-year-old person showed up at the house because he was stalking her online pretending to be an 18-year-old teenager, and targeted her and went after her and we had to get police and other involved – or the number of times individuals have their identity stolen, or their information compromised. So, this is a real threat and you need to recognize that, no matter who you are, you are being targeted and your family is being targeted.
Steve Shallenberger: Yeah. Eric, if you think that you are being targeted, do you have some evidence that seems to pop up that someone’s hijacked your account? If they’re getting into your bank, what do you do?
Eric Cole: So, the first thing that you want to do if you believe that somebody is in your account, or something’s happening – the best way to know that is to look for anomalies. So, if you’re noticing unusual activity, or unusual patterns, or weird messages or things like that, you want to take action. And the first thing you want to do is change all your passwords – so, alter or modify the passwords so if they are in the system, you’re locking them out. And then, you want to immediately notify any of those authorities and temporarily lock your account. So, if you think that somebody might be in your bank account, might be in your credit card, might be in your investment funds, after you change the passwords, you want to call them up and put a temporary lock that says, “Okay, until further notice, don’t allow any activity.” And then, that will allow you to assess the damage, work with somebody from that financial institution, and make sure that you’re actually secure, protected, and review all the transactions. But you want to stop the potential bleeding as soon as possible. The problem with most people is they dismiss anomaly. So, they see something unusual and they’re like, “Oh, it’s probably not a big deal. It’s probably not a big deal. It’s probably not a big deal.” And then, 60 days later, all their money is gone and if they would have taken action when they first noticed a little anomaly, they could have stopped or minimized the damage.
Steve Shallenberger: Okay, good! Yeah, great advice! I think we’re all aware that there really are criminals out there that target cybercrime. They’re good at it and they’re working at it. I had a friend that’s a doctor and he had somebody take over his system and then blackmail them. They said, “Send us a half a million”. This was a doctor’s clinic with 28 doctors, so a lot of doctors and a lot of clients. They said, “You’re shut down, we’ve got all your information.” They had to settle with him. They paid him a quarter of a million dollars. I mean, this is a real deal. That’s scary. So what can they do?
Eric Cole: So a couple of things: first, remember, the most valuable part of your life and your business is your data. It’s your information. In the case of the friend that you’re referencing, a doctor’s office, it’s your patient information. And it sounds like what you’re referring to there is what we call ‘ransomware’ where they basically encrypt all of your data and unless you pay that ransom, you don’t get your data or information back. So, the first thing you want to do is make sure that your critical data and information is being backed up to an offline location. So, if something like that happens, you still have your data, you can still recover and you can still get the information back.
Eric Cole: The second very important thing is to start creating some separation in how you run your life and business. Right now, because 90% of the computers on the planet are Windows operating systems, most of the malware that we’re seeing is for Windows only. So, if you go in – and this is the number one way, I would bet that this is how your doctor friend got impacted – but most likely, they get an email that looks legitimate, they click on an attachment or open a link, and boom! The malware drops on their system. So, the two most dangerous applications are going to be email clients and web browsers. And the malware is targeted to run a new windows box. So, what I do, what I have my team do, and what I recommend to everyone, is, when we check email, and we surf the web, we do it from a non-Windows computer. So, every morning when I get up and I do some email checks and some research, I’m doing it on an iPad. And now, there’s two benefits: one – if it is malicious and it’s meant to run on a Windows system and I’m using an iPad, it’s not going to impact me. It’s going to have no impact on my system and I can delete it. Second, because I’m using an iPad that doesn’t have any of my data on it and it’s on a separate network, now, even if the malware did run on an iPad, it would impact the iPad but it wouldn’t impact my business. So, I really urge people, when you’re checking the email and surfing the web – which is the number one way of getting malware and being targeted – use a separate non-Windows device. And that’s going to go a long way to keep you and your family protected.
Steve Shallenberger: Great! Great advice! Well, I’m just amazed at how fast time goes. This has been a delight today! Any final tips you’d like to leave with our listeners today, Dr. Cole?
Eric Cole: I guess a couple. One that hit me when you said earlier ‘be in the arena’ and ‘be active’. So, one thing I would say – and I do this – if every week you’re not getting a little bloody, and you’re not getting a little cut up, and you’re not pushing yourself and didn’t get those, then you’re not in the arena. You’re sitting on the sidelines. So, to me, jump in the arena, get some noes, get some bloodiness, get some cut up – and that’s how you’re going to get to that next level. And then, on the tech side, remember, you are a target and cybersecurity is your responsibility.
Steve Shallenberger: Alright! Well, that’s great! What a valuable visit this has been today! It’s been a delight! You are an amazing fellow! I wish we could talk more about different aspects of success in life, but we only have so much time and maybe at another time, Eric!
Eric Cole: That sounds great! And I appreciate you so much for having me on the show!
Steve Shallenberger: Okay, now, let’s just repeat one more time. How can people find out about what you are doing in fulfilling your mission – what a great vision that is! I just love it! Tell us about it one more time!
Eric Cole: To make cyberspace a safe place to live, work, and raise a family – from a business standpoint secure-anchor.com – that’s my business website. We have a lot of great free resources. And then, on the personal side, you either want to go to onlinedanger.com where I post videos every single day – motivational, cybersecurity. Follow me on Facebook, LinkedIn, Twitter, Instagram –I’m drericcole.
Steve Shallenberger: Perfect! Well, thank you Dr. Eric Cole for being part of the show today. It’s been a blast!
Eric Cole: I had a great time! And like you said, time flies when you have fun!
Steve Shallenberger: It does! Well, we wish you all the best as you’re making a difference in the world! And to all of our listeners, never forget: as you’re just consistently working a way on these things we’ve talked about – the 12 Principles – and we’ve heard about them so much today – it literally helps you become your best. And you are making a difference every single day of your life! I admire that, and I compliment you. The very fact you’re listening in today is a cue that you’re trying to do exactly that: to make a difference. So, thanks again, Eric, and we’ll talk to you the next time around!
Eric Cole: It sounds great! Thank you so much!
Steve Shallenberger: Okay! This is Steve Shallenberger with Becoming Your Best Global Leadership, wishing you a great day!