Speaker 0
0:10 – 0:12
Welcome to Tech Talk. Bye.
Speaker 1
0:13 – 1:48
CT. Welcome to CTT's Tech Talk where we dish on tech and Internet policy while also explaining what these policies really mean to our daily lives. I'm Brian Wasilowski, and it is time to talk tech. National Cybersecurity Awareness Month continues. And this week, we'll be talking about how businesses, especially small and medium sized businesses, can become smarter about their cybersecurity. Without question, cybersecurity is no longer a nice to have, but it is a must to have. We'll also be talking about one of my favorite topics this week, food. And as a novice foodie, it's impossible not to notice how technology is changing the way we eat, how we shop for food, how all kinds of food products are produced, and how access to food in food deserts is improved across the world. National cybersecurity awareness month continues, and hopefully people listen to the last tech talk for some very helpful tips on how to stay safe online. I'm thrilled to welcome back Michael Kaiser, the executive director of the National Cyber Security Alliance, to talk to us this time about how businesses should be approaching cybersecurity. It is great to have you back, Michael. How are you doing today? I'm great. Thanks for having me back. Oh, it is our pleasure. So last time when you were on, we talked about mostly how individuals could take better control of their cybersecurity. Let's talk about businesses today. How different is it for businesses? Is it, you know, a similar type situation or is it a fundamentally different situation when thinking cybersecurity?
Speaker 2
1:49 – 2:41
Well, in some ways, it's similar. Right? So business small business and medium sized business in The United States really vary in size, you know, from, you know, a couple people selling stuff on eBay out of their garage to and the definition of a small business can go all the way up to, you know, depends who you talk to. A company that does $500,000,000 a year in sale or has a 100 employees. So the range is huge. The fundamental difference though and so some of those basic things always apply that we would say, you know, to individuals about, you know, software updates and those kinds of things clearly apply in the business setting. What changes in the business setting, to a degree to a large degree is the fact that your customers are entrusting information to you in most cases. Right? So now you're not just in business and shipping things to people or serving pizzas or doing whatever it is you do, but you're actually taking in personal information of people. And I think the expectation is that you're protecting it. Yeah. Absolutely. I mean, I
Speaker 1
2:42 – 3:09
think as you look at businesses now, you can almost make the case that there is not a single business in the world that is not in some way a tech business because of that personal information that they're collecting and that data that they have that they need to store and protect. So whether that's, you know, information on the goods you've bought, credit card information, or geolocation based on, like, kind of the steps that you've taken throughout the day. What are the most important ways that businesses can protect this very personal data in some
Speaker 2
3:10 – 4:18
cases? So it really starts, you know, in a kind of non tech way, actually, with business. It really starts with thinking about what are the critical digital assets that you have, identifying those, finding ways to protect them, and then understanding what you would do, either a, how you would find out that something happened to those events to those, sorry, to those assets. You see that sometimes, like, breaches go on for a long time and people kind of amazed by that. What you would do to identify that something's gone wrong, and then how you would respond and recover. And that's how businesses have to start to think. They have to start to think in this framework of data that needs to be protected. And I think in the world, sometimes what we see is that businesses get overwhelmed because they think every threat applies to them. And it doesn't. What applies to them are the threats to the critical crown jewels of their business. So whether it's customer data, employee data, intellectual property they may have, you know, who's what's the formula for the secret sauce. Right? You know, things that are like core to their business, they have to protect those first and then work their way to the rest of the business. You mentioned small and medium businesses. And, of course, they can vary, as you mentioned, significantly in size. Businesses. And, of course, they can vary, as you mentioned, significantly
Speaker 1
4:18 – 4:33
in size. For some, I would imagine that cost would be a barrier for some of these things. Is that the case? Or are there yeah. I mean, I think asking the questions that you just asked upfront would be helpful. But what if the answer is, wow, we need to invest in a lot of software or
Speaker 2
4:34 – 6:39
a firm to help us with this? Yeah. Well, I think it's gonna really depend on the business size. I think there are some things that are basic that don't cost. Right? So keeping your operating system up to date does not really cost a lot of money because usually you buy your computer, comes with operating system, and there's an update available to you. You can put it in there. So you've already made that investment. The same is true if you have, like, you know, antivirus, keeping that up to date, although usually that updates automatically. So some of the more basic, having good password practices, for your employees does not really cost any money. Even adding multi factor authentication in most cases is not gonna cost you We just forced that at CDT. Every single CD CDT employee now must have multi factor authentication on their work email. Yeah. And so Yeah. Well, so sometimes that could be free if you know, depending on what email service you're using. Or if you have it, you know, you might have to put it on your network. It's still not, you know, brutally expensive. So some of these are not huge investments. The more you have, you know, more data, more personal data, if you have to comply in any kind of way because you might have health data or other kinds of things that, you know, put you in another realm of complying with sort of cyber security or privacy rules and regulations, you know, you're gonna have to make more investments, but that's your business. Right? And, you know, you wouldn't, scrimp on, you know, meeting the fire code. Right? Like, oh, I think we're gonna put exit signs up here today because it costs too much money. Right? You do it partially because you're forced to do it. I get it. But, you know, that's the right thing to do. Right? You want, you know, in an emergency, people to be able to get out of the building. I mean Absolutely. And we've certainly seen examples of where poor cyber security has led to, if not sinking businesses, certainly harming reputations. And I'm certain there's examples, of businesses that have failed because of poor cyber security. What is the oh, go ahead. Well, I was just gonna say, you know, in that regard, they don't always fail because of poor cyber security. They sometimes fail because they haven't thought about how to respond and recover. Right? So, you know, I mean, accidents happen. Yeah. Right? But if you don't know what to do after that accident or let's just give a, like, concrete example. Say that you, have a business and your server with all your information gets corrupted and the all the data has been exfiltrated
Speaker 1
6:39 – 7:05
and you don't have a backup and you don't have a way to replace that server, that actually is what might kill your business more than the data being lost. But that's still a cybersecurity issue. But Good point. Good point. So what let's go back to kind of like breaches and hacks. What's the most common entry when it comes for businesses? I've heard before that a lot of times it's the individual employee that is the most vulnerable or the oftentimes the target that leads into the broader system.
Speaker 2
7:06 – 8:15
Yeah. So phishing, attacks and spear phishing is what they call it in this kind of case. Right? Really super directed attacks even sometimes to an individual person in a company, perhaps, you know, a CFO, someone who has, ability to access the finances, maybe to the chief executive, maybe to, someone in a particular department whose credentials could give them access to other parts of the network, still really, a major vector of attack. And I think sometimes small businesses don't understand that they're being phished not necessarily to steal the data from their business, but because they do business with other businesses. Right? And so they're part of the ecosystem. So I'll just give you kind of a quick example that you have a firm that sells paper supplies. Right? They're not a big firm. They're, you know, a small firm in this town, but they serve the bigger companies. And so I get into the small to the paper supply company's email from the director of sales, and I send out a PDF using their credentials and their email address to all my customers saying, oh, we've got a hottest sale going right now. You know, this is the time to order your paper. People still use paper.
Speaker 1
8:17 – 8:22
I can't help but think about Dunder Mifflin in the office right now. So it's perfect example. I love it. The visuals are
Speaker 2
8:22 – 10:00
Yeah. So, you know, and there it is. It comes from looks like it comes from me. It looks legitimate, you know. I mean, maybe something or maybe I do send out sale flyers every quarter anyway. People click on it as malware. Now, I'm infecting the bigger business. So, you know, you should understand that you're a part of a food chain, and so that the phishing is still very common. Simple mistakes, going to websites that people shouldn't go to during the day that have malware that get downloaded in the system. USB devices, right, you know, memory, devices infected with malware. Sometimes just, accessing the the business network from home where the home computer might be infected. There's a lot of different vectors for attack for small businesses. That's a lot to think about there. So trust, obviously, now in the digital economy is huge. Yeah. What role does cybersecurity play in trust as you kind of enter into business in the digital age? I think it's critical. I think that, you know, we believe in a safe, secure, and trusted Internet. We believe that the trusted platform is what provides the opportunity for people to actually do the things they wanna do online. In fact, I my definition of cybersecurity isn't about stopping people or, you know, shutting things down or putting up walls. It's really about enabling people to do the things they wanna do online. Good security allows you to do more, and trust is inherent in that. Right? So, if I go to your business and it feels a little off to me, if I don't see the signs that say, oh, then maybe they're concerned about security, or they're collecting too much information about me to do this transaction or all kinds of things. I'm probably not gonna trust you. And we know from a lot of research that people do drop off of shopping carts, and we knew that for some of that reason is because they didn't feel good about the transaction. So we know that trust is essential in there.
Speaker 1
10:01 – 10:36
And, of course, if you lose that information, then you have, you know, brand tarnishment. You have other things that could, really impact the trust your trustworthiness online. I've experienced that before where I've half gone through, you know, filled up a nice little shopping cart and thought, oh, this will be great, and then just did not feel good about the transaction for some reason and, you know, gone. No more shopping cart. But this, you know, startups, this seems like something startups should be thinking about. Any sage advice for someone, you know, ground you know, just starting right up. I have a great business concept. What should I business concept. What should I be thinking about? I mean, there's different business models, but what should they be thinking about in terms of cybersecurity?
Speaker 2
10:36 – 11:27
From day one. Cybersecurity security of your, business is not an add on. It's not something that you do once you have a million customers. It's not something that you do later on. It's not something that it's not a luxury. It's, you know, it's not a convenience. It's an essential piece of your business. And if your business is gonna be predominantly online, it is the element of your business is securing your customers from day one. And so I I think, you know, in the rush to create something, it may sometimes feel that security should be, you know, a second part of that. But, that really sets you up for problems later on down the line. Because in some ways, it could actually become more expensive later to add security. So if you write code and it's bad code, and then you have to fix the code later because there's security problems, you know, once it's a lot of code, it could be a bigger problem for you than it was, early on if you had just gotten it,
Speaker 1
11:28 – 12:46
straight from the start. That's some great advice there and hopefully some people will heed that as they are starting their businesses. Thanks so much for joining us again, Michael. It's been great. I know you've had a busy month and I hope the rest of it is amazing. Certainly an important issue. So thank you for coming on. Well, thanks for having me again. I really appreciate it. Our pleasure. See you soon, hopefully. Whether it's improving the implementation of a government food assistance program such as SNAP or developing new ways to grow food more efficiently and sustainably, technology is revolutionizing all aspects of the food industry. And as CDT's resident restaurant expert, yes me, I gained most of my early insights into what is hot from a range of blogs, apps, and online reviews, while booking the majority of my reservations online. The always creative Ali Lang recently did a signature CBT always on event that focused on food called Table for Tech, which was hosted by the National Restaurant Association. Ali joins us today to talk food and tech. What a great topic. Welcome, Ali. Thanks, Brian. So first, what is it that drew you to the topic of food and tech? Well, I was thinking a little bit about, technology in daily life and just the many ways in which we sort of track ourselves and monitor ourselves.
Speaker 0
12:48 – 13:30
And it occurred to me that there's a lot of potential for the data that we collect about ourselves, about what we're eating, mostly through apps, I would imagine, like MyFitnessPal or Weight Watchers or what have you, to go the same way that, the data about wearables and health wearables and, you know, Fitbits and this type of technology, have become very profitable. That data has become very profitable for insurance companies or employers looking to cut costs, just on on the outset there's really no reason why you wouldn't think that food data would go in the same direction. That one thought opened a world of information to me about the extent to which data is used to in the food production system from the soil to table.
Speaker 1
13:31 – 13:49
It's really incredible and awesome, and I've learned a lot of really interesting things. I can imagine. So what you've touched on a little bit, but what are some of the most fascinating and interesting changes that you're seeing as you've done this research in food and tech, whether it be, you know, what we eat, like where we go out to eat, or how food is produced?
Speaker 0
13:50 – 15:12
Yeah. It's actually a little bit off off topic for CT at the moment, but I think the most interesting thing I've learned is, the I didn't understand the sophistication of the collection tools on farm implements, like on tractors. Okay. So John Deere has really sophisticated software that basically tracks square foot by square foot, the condition of the soil, and helps you decide what to plant, square foot by square foot so the planter can alternate the crop in a really specific way. This these systems can be linked up to, irrigation systems that are also capable of sort of deciding what needs to happen in the field, in a in a really detailed and granular way. So the entire the entire farm for some of for a for a, you know, a large scale sophisticated farm is essentially connected to to itself and to to each other, all the parts, making determinations about what needs to happen. This has a lot of really great outcomes. Right? Like, you can be more efficient when you're thinking about how to use water or other resources, and you can, you know, increase the yield. You can understand if trees can be planted closer together, further apart, what have you. But it's also really interesting the way that the data is is managed between the farmer and and John Deere or the farmer in Monsanto. Like, how the how the data is controlled between the entities is also really interesting and a little bit different than sort of systems we're used to seeing. Fascinating.
Speaker 1
15:13 – 15:55
Yeah. I think that food is one of those magical things that you go to a grocery store and you forget how much has gone into getting it into that grocery store from, you know, the planting of it to then the harvesting of it to then, you know, the packaging of it, the distribution of it across the country. It's fascinating stuff. So I'm sure tech is throughout all of that as you've highlighted there. I know you're a huge fan of farmer's markets. I am as well. There's a great one in DuPont. There's great ones all throughout DC. And I think everyone notices now that a lot of them are accepting the various forms of either vouchers or coupons from government food assistance programs, which I think is great. But for some, this is one of those flags where you're like, oh gosh, gosh. Food and privacy.
Speaker 0
15:56 – 18:27
Does this raise any privacy concerns for you, the farmers market, and are there other privacy concerns that you see around food and tech? It was really interesting. On our panel from always on, we had a woman, from a organization called Arcadia. And what they do is they have two vehicles. They drive around. One's a bus and one is, another sort of Jeep like thing, I think. They drive around and, they provide sort of access to farmers market food to people who don't live near farmers markets. So, one of the ways that they've sort of made the system more efficient is they have a point of sale app that automatically calculates the benefits that you get from these programs. So a lot of food stamp programs at various levels of government come with rewards if you spend the money at farmers markets. So you get twice as much money worth of food if you buy it at a farmers market as opposed to a grocery store. The idea being to encourage people to go to farmers markets, but also to make them accessible because that food is tends to be a little more expensive Right. And higher quality. So it's a great program. However, each sort of layer of the program, whether it's, you know, DC's local program, WIC, or sort of the women and children, program from the USDA or the SNAP program from the USDA, they each have sort of different expectations and and, benefits. So creating a point of sale app allowed the the retailer, the person who's sitting there checking people out to sort of determine what foods should be categorized under which program faster and also to make sure the person is maximizing their extra money. All of and doing this on on on a tablet sort of also not only makes it faster, but it it helps with a sort of optics issue where somebody who may have paper vouchers or something that's sort of more obviously a government support program Mhmm. Doesn't necessarily have to be so public and waiting, and the the retailer isn't frazzled and and trying to figure it out and creating a line and creating a fuss. It can all be done a bit more discreetly. Not to say that people who are using these programs should feel they need to be discreet, but just I think that there is a stigma about it, and I think people like the option to just be normal shoppers, which is really what they are. Mhmm. So that was a really interesting, side effect of this. The data that they're collecting through the app is not personalized to any one individual shopper, so they've actually managed to collect a really interesting dataset that shows, what foods are popular, when they're popular. One interesting trend that I think they said they've noticed is that, the spending goes down as the month goes along. So there's benefits are typically applied at the beginning of the month. So there's a question there about, is there a way to help people budget their their spending throughout the month rather than having this constant kinda crunch crunch time towards the end of the month for beneficiaries.
Speaker 1
18:28 – 19:08
It seems like there's a lot of opportunity clearly for technology and data to help inform these decisions. But privacy, I mean, certainly it raises flags just when you think about, you know, you compared it to wearables. It's a lot of information that insurance companies might wanna have or you name it. You know, I also was at a conference just this week about how health data has become one of the the most sought after pieces of information black data market because of the profiles you can create and the fact that it sticks with you forever as opposed to a credit card which can be canceled. Are there any policies we should be thinking around about around, like, protecting the privacy of people in food programs
Speaker 0
19:08 – 21:00
or food and tech in general? I would say that at the moment, the biggest policy concern would be sort of playing defense against efforts like some we've seen. There's a a mayor in Maine who wanted to publish the roster of people who are using benefits. Mhmm. It's not necessarily a technology problem except that if you had had to publish it on sort of a piece of paper, that would be less effective. Right? So having the ability to share information online, also the online or the it's just one big database somewhere. Right? So they just it's easier to to print that out or put that up online rather than try to go collect this kind of information from paper records, makes a difference. But in general, I think playing defense is good, but I think also this the question about health data about food possibly being rolled into health data is really, really interesting. I think people haven't yet kind of haven't that hasn't occurred to people that it that it's a potential thing to happen. Maybe it isn't. Maybe there's something stopping it that I don't know about. But if I were an insurance company, I would sure want that data. I mean, if you're thinking of it from the perspective of people's identities also, which is something we do at CDT a lot, talking about, you know, our digital selves as our fearless leader likes to describe. If if you are what you eat, then this data is sort of the ultimate indicator of your identity. Right? That's an adage, so it may not be completely useful, but it is interesting to think about, what someone could learn about you from what you're eating and your habits and preferences. I mean, certainly, you can see some fairly obvious inferences about heritage, and culture, right, that come from from your dietary choices. So there's a lot to be learned from that information. Like you said, I think some of it could be really useful for individuals and for the public good. Helping people administer programs more effectively, making sure people can get the resources they need, understanding better what people need and when is really useful information. A lot of this has a huge potential though, just become a political football that distracts from the underlying questions. So I think whatever policy choices we make, make, we need to make sure that we discourage that outcome.
Speaker 1
21:01 – 21:17
Makes a lot of sense. So let's talk about your panel. We touched on it a little bit, earlier. But you had people on there from Yelp, the USDA, you mentioned the Arcadia Center, and then you also had the esteemed Virginia UBanks on there. What were some of the the insights from this
Speaker 0
21:17 – 23:56
seemingly amazing panel that came out that really stuck with you? There are a couple of major threads, but I think my favorite conversation was was about this exact question of how do you sort of use information for public good, without undermining people's personal choices and and autonomy. It's a really hard question, and I think that all of us can agree at certain broad strokes where the lines should be. And then I think, you know, I think, for example, the majority of people who work in the policy space would probably agree that publishing a role of people's names who collect benefits isn't the most productive thing to do. Even if your end game is to reduce people on benefits, I don't I guess you could shame them out of of going, but I don't know that it would be very effective, in protecting the economy from the drain of people who can't feed themselves. I I yeah. I'd be curious to see what the Plus it's just kind of a jerk move. Yeah. It's not pleasant to think about. So in any case, this is, you know, I think most of us would agree that's ridiculous. On the other hand, it is interesting to think about the idea that, Walmart knows more about how SNAP benefits are used than the USDA does. You know, so the USDA is in charge of administering this program is really at an information deficit. It's interesting to try and figure out how to thread that needle. And so on our panel, we had this discussion between, Pam Hess, who is from Arcadia and who has this point of sale app that I was just grabbing earlier, and all this really interesting broad strokes data and aggregated data about what what fruits and vegetables are of interest to people who are using these programs, what's helpful, when are they buying it, how are they paying you know, are these sort of supplemental amounts of money being useful and this kind of thing is really useful data that's aggregated. We talked a little bit about how you might be able to make that information available to the individuals also, not to collect it in such a way that it can be like, that you can figure out who individuals are in the dataset, but to let individuals see their own habits so that you might be able to provide value to them in terms of how they can, you know, plan their month or how they wanna use their own benefits. But I think that, ultimately, the the sort of takeaway from that between Pam and Virginia and, Moshe from the USDA was that preserving people's autonomy, is really, really important. And at the same time, we do need to figure out a way to make these programs more efficient because people are still hungry. And we have sort of a a huge surplus food in problem in this country, and then we have hungry people and it just doesn't make any practical sense. So there's a lot of puzzles that really fit together if you could just sort of get the right information in the right order, but the information is siloed,
Speaker 1
23:56 – 24:07
and a lot of it held by private enterprise. Yeah. I don't have the data in front of me, but I've seen numbers before on food waste, and it's just staggering. And it's at all, you know, points of the supply chain.
Speaker 0
24:08 – 25:46
So what I think this is actually one of the areas that you were exploring food waste. But what are the next areas that you plan to explore here at CDT in terms of food and tech? So we're talking a little bit about food waste later today. Again, we're trying to sort of make the comp steer the conversation at its early phase now, and we're trying to figure out how technology what the role technology and data are gonna play in solving these problems. We're trying to insert ourselves really early on in this conversation before there are privacy concerns to try and prevent them. So for example, in the food waste, if you're looking at food waste as an issue, there was an effort by a lawmaker in Seattle to sort of have garbage people keep track of how much food people were throwing away. And and garbage is not yours anymore. It's not private anymore. But at the same time, that's just not doesn't seem productive, and it's still a violation of sort of general concepts that we should be focusing on responsibility, institutional responsibility over individual responsibility just as a way to be effective. So for the food waste question, I think that technology has a huge potential to be very, very useful in sort of localizing the food chain, izing the food chain, and making sure that people do understand, like you were saying earlier, you know, just go to the grocery store and expect that everything will be there all the time. Maybe that everything shouldn't be there. Maybe that you should have to go early and get what you want and maybe it will run out. Like, the idea of running out of food in grocery stores is something that really very rarely happens with the exception of the, social Safeway maybe in Georgetown. Or, it used to be nicknamed the Soviet Safeway on Seventeenth Street. So Yeah. Exactly. So sometimes these things do run out, but for the most part in America, if you go to a grocery store, you're almost guaranteed to have options to you, including all fresh fruits and vegetables, which is it's just incredible. It's incredible.
Speaker 1
25:46 – 25:58
Something we take for granted. So finally, to wrap it up, what is your favorite restaurant in DC and what's next on your list of places you must go? You know, I still haven't been to Rose's Luxury because I'm impatient. I'll get on it. I know. It's ridiculous.
Speaker 0
25:59 – 26:09
I don't know if I have a favorite restaurant actually. Oh, I used to really like, Thai Crossing. They opened a new I haven't been to they have an actual storefront now. I liked when it was in the basement of, of the house with the cats
Speaker 1
26:10 – 27:09
and the pumpkin curry. I think if I just if I drown in a pile of pumpkin curry, I will have died happy. It's ridiculously good. Well, you're very seasonally timed for that one too. So thanks so much, Ally. This is actually a really fun topic, a fun project. Glad you're doing it. And if you can find a way to get some of the awesome restaurants in DC involved, I will certainly thank you. And I think the rest of the staff will. Thanks, Brian. Thanks for, thanks for the visit. Anytime. Thanks for tuning in to CDT's Tech Talk. That's it for this week. Be sure to visit www.cdt.org for more information about the topics we discussed today, and certainly continue to be cyber secure throughout October and well beyond. Check out staysafeonline.org for tons of useful tips for individuals and businesses on how to enhance your cybersecurity. As always, tweet us any questions or topics you'd like covered to at sendem tech. Until next time, I'm Brian Wasilowski. Thanks for listening.