Artwork

Content provided by qpcsecurity. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by qpcsecurity or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

Dark web monitoring and avoiding FUD decisions

1:50:09
 
Share
 

Manage episode 352223467 series 2981977
Content provided by qpcsecurity. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by qpcsecurity or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

Kathy Durfee – CEO & Founder of Tech House joined Felicia to discuss dark web breach monitoring

Scenario: FUD report from a competitor

Perceived: Multiple users in their environment were breached. Perceived proof was report with the listing of the users and the passwords and columns that the customers did not know what that data was.

Good: Customer told their current IT service provider about the report.

FUD – Fear, Uncertainty, and Doubt – is, in the wrong hands, a powerful tool to drive snap decisions within a company. However, it is not a viable or valid sales tactic: for all it could potentially do well, causing unnecessary stress and suffering is what it does best. Speaking with Kathy Durfee, CEO and Founder of TechHouse, a managed services and solutions provider based in Florida, we walk through a recent case of FUD with a customer of hers that received a worrisome report from a potential competitor. During our chat, we covered:

  • The key aspects of FUD (and how it does not work)
  • What the Dark Web is, and the logistics of monitoring and combating it
  • Leadership training and best practices for helping a team best meet their security and regulation requirements
  • Identifying the key differences between commodified and relational partnerships, especially in the technological sphere
  • Shared responsibility between MSPs, their customers, and those customers’ clients

Where does dark web monitoring and dark web data risk reside on the continuum of risk? How best to mitigate?

What really is the risk and the mitigation?

Put the efforts into prevention.

Put the individual in the driver’s seat of managing the risk that is best managed by them by putting the right tools in their hands.

Resources

https://haveibeenpwned.com/

Perception of the proper allocation of the budget

Businesses must make time for training.

ITSP must include in service catalog what the client is getting in terms of services.

  • What do we need to do? Cross reference on tools that accomplish outcomes and cover risk mitigation and ensure that the client understands what those are.

Training is how you squeeze the juice out of the orange. Without it you may not get all the juice out of the orange or get any juice out of it at all.

Common business objections to allocating time for training

Payroll costs, but avoiding training is not legally defensible anymore.

Policies

The IT Service provider CANNOT alone write policies for you, and they CANNOT approve and enforce your organizational policies.

Four pillars

  • Policies
  • Technical controls implemented
  • Automation of technical controls
  • Reported to the business – It’s YOUR report, your organization.
    Shared responsibility – some months the CFO does it, some months the CEO does it.
    Set a schedule and do it. 3 weeks any habit; trainer or partner

Do you look at your P&L and balance sheet every month? You should be understanding the reports from IT.

An interesting lawyer opinion on the topic:

https://abovethelaw.com/2023/01/dark-web-monitoring-for-law-firms-is-it-worthwhile/

  continue reading

98 episodes

Artwork
iconShare
 
Manage episode 352223467 series 2981977
Content provided by qpcsecurity. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by qpcsecurity or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

Kathy Durfee – CEO & Founder of Tech House joined Felicia to discuss dark web breach monitoring

Scenario: FUD report from a competitor

Perceived: Multiple users in their environment were breached. Perceived proof was report with the listing of the users and the passwords and columns that the customers did not know what that data was.

Good: Customer told their current IT service provider about the report.

FUD – Fear, Uncertainty, and Doubt – is, in the wrong hands, a powerful tool to drive snap decisions within a company. However, it is not a viable or valid sales tactic: for all it could potentially do well, causing unnecessary stress and suffering is what it does best. Speaking with Kathy Durfee, CEO and Founder of TechHouse, a managed services and solutions provider based in Florida, we walk through a recent case of FUD with a customer of hers that received a worrisome report from a potential competitor. During our chat, we covered:

  • The key aspects of FUD (and how it does not work)
  • What the Dark Web is, and the logistics of monitoring and combating it
  • Leadership training and best practices for helping a team best meet their security and regulation requirements
  • Identifying the key differences between commodified and relational partnerships, especially in the technological sphere
  • Shared responsibility between MSPs, their customers, and those customers’ clients

Where does dark web monitoring and dark web data risk reside on the continuum of risk? How best to mitigate?

What really is the risk and the mitigation?

Put the efforts into prevention.

Put the individual in the driver’s seat of managing the risk that is best managed by them by putting the right tools in their hands.

Resources

https://haveibeenpwned.com/

Perception of the proper allocation of the budget

Businesses must make time for training.

ITSP must include in service catalog what the client is getting in terms of services.

  • What do we need to do? Cross reference on tools that accomplish outcomes and cover risk mitigation and ensure that the client understands what those are.

Training is how you squeeze the juice out of the orange. Without it you may not get all the juice out of the orange or get any juice out of it at all.

Common business objections to allocating time for training

Payroll costs, but avoiding training is not legally defensible anymore.

Policies

The IT Service provider CANNOT alone write policies for you, and they CANNOT approve and enforce your organizational policies.

Four pillars

  • Policies
  • Technical controls implemented
  • Automation of technical controls
  • Reported to the business – It’s YOUR report, your organization.
    Shared responsibility – some months the CFO does it, some months the CEO does it.
    Set a schedule and do it. 3 weeks any habit; trainer or partner

Do you look at your P&L and balance sheet every month? You should be understanding the reports from IT.

An interesting lawyer opinion on the topic:

https://abovethelaw.com/2023/01/dark-web-monitoring-for-law-firms-is-it-worthwhile/

  continue reading

98 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide

Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Listen to this show while you explore
Play