Maintaining Compliance With SEC Cyber Rules and Security Regulations

Intro  0:01  

Welcome to the She Said Privacy/He Said Security Podcast. Like any good marriage we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.

 

Jodi Daniels  0:22  

Hi, Jodi Daniels here. I’m the founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified informational privacy professional providing practical privacy advice to overwhelmed companies.

 

Justin Daniels  0:36  

Hello, I’m Justin Daniels. I am a shareholder and corporate M&A and tech transaction lawyer at the law firm Baker Donelson, advising companies in the deployment and scaling of technology. Since data is critical to every transaction, I help clients make informed business decisions while managing data privacy and cybersecurity risk. And when needed, I lead the legal cyber data breach response brigade.

 

Jodi Daniels  0:59  

And this episode is brought to you by I was very loud, Red Clover Advisors, we help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, ecommerce, professional services, and digital media. In short, we use data privacy to transform the way companies do business. Together, we’re creating a future where there is greater trust between companies and consumers to learn more, and to check out our best selling book Data Reimagined: Building Trust One Byte at a Time, visit redcloveradvisors.com.

 

Justin Daniels  1:36  

Well, Spring Break seems like a distant dream.

 

Jodi Daniels  1:39  

It really does. Because since then, it’s day three, and I’ve had nine to five meetings straight. I’m well, back in the swing of meetings. Yes, you are and work tree. No more No, right? Really lovely.

 

Justin Daniels  1:54  

All right. So today, our guest is literally the only person who could get me to dress up as a pirate with a hat. And come speak to an audience. And if you don’t believe me, check out my LinkedIn this week because I posted the first minute and 45 seconds of my video. And so with that, I would like to introduce Charlotte Baker, who is the CEO of Digital Hands, a cybersecurity service provider that has won numerous industry awards, the most recent in 2023 as most innovative MSSP at cyber defense con and Incs power partner for privacy and security. With 100% US based delivery clients experience unparalleled speed and detection and response and let me add Digital Hands. Get there first, Charlotte, how are you?

 

Charlotte Baker  2:47  

Hi there. It’s a pleasure to be with you both today.

 

Justin Daniels  2:51  

It’s really fun. Well, their spokesperson — I know a little bit about this company, as we will soon learn.

 

Jodi Daniels  2:57  

Okay, well, Charlotte, we always ask how did people find their way to their current role? And so if you can take us on your career journey, we would greatly appreciate it.

 

Charlotte Baker  3:10  

Sure. Well, my career journey started with a lot of large companies in, you know, sales and marketing technology companies primarily. And over the course of time, I think the catalyst for me moving into the entrepreneurial world was a stint with Microsoft as a product manager for FoxPro database. And it was back in the some of the earlier heydays of Microsoft, when the company was still on that entrepreneurial cusp. And I think that we only had 24 buildings out in Redmond. And I really got to see examples of creation doing things roughly right? Inspiring whiteboard sessions, and I said, you know, one day I want to do that, from that standard took me about five years and with stents in the institutional fixed income market, learning about the debt and equity markets, the stent in mergers and acquisitions and strategic planning and long and the short of it is the this particular company is one it’s not my first, but it’s one that I’ve been with for about 20 years now. And every year, we reevaluate where we are, where the products are going, if not quarterly. And what I find is every four years, this has become a different company. So it’s like in 20 years having five different startups pursuing a different part of the journey. So I’ve been here about 20 years. Co-founder, this company, has a passion and a mission for something that’s near and dear to my heart that is protecting, protecting from threats and we have a fundamental belief that everyone every company has the right to operate their business. In this room from the threat of fraud, three, free from the threat of brand damage and free from extortion.

 

Jodi Daniels  5:10  

Well, congratulations on nearly our air over, I guess two decades in business. You know, so many businesses fail after the first five years to be able to get to five, 10, 15, and 20. And beyond is truly an amazing accomplishment.

 

Charlotte Baker  5:26  

Well, thank you, you know, that’s one of our well, you know, people will ask me, yeah, what, what makes you different in this industry? Well, one of it is the tenure, you know, one of the one of the differentiators, a lot of companies in this space have been created in the last five years, we have highly tenured, incredibly smart people that have celebrated themselves, their 510 15, some of them 18 year anniversaries with us. And so that tenure really counts when you can say, you remember when this industry was all about performance and availability, and just keeping the IT assets up and running. And now it’s critical thinking and content creation and dealing with privacy laws and dealing with strategy. And so it’s been a fun ride and continues to be fine. And we’re just really fortunate to have the clients that we have that trust us with their strategy, their data and to be their trusted partner.

 

Justin Daniels  6:27  

Speaking of uniqueness, what is it that makes Digital Hands value proposition so unique as an MSP? Because I certainly have thoughts on that. But I’d love to hear what your thoughts are about that. I’d be

 

Charlotte Baker  6:41  

interested in your thoughts as well, other than the fact that we throw the annual Gasparilla cybersecurity summit and ask people to dress up like pirates. You know, if I really had to come down to say what differentiator it is, is it speed, speed, flexibility and execution, the speed part of it, you know, it’s getting there first. And that’s our tagline: get there first. And when you look at the industry, you know, we’re looking at assimilating massive amounts of data and actioning, that data, we’re at a time when seconds matter, you can’t afford to have an SLA that puts you into the next day or to flop the problem back on your customer. So speed and execution would be a differentiator, on the speed, it’s enabled by some proprietary platforms and technologies that we find really cuts out a lot of the false positives on the execution side. Again, I mentioned our tenured folks, some of the smartest people in the, in the industry. You know, we’re in an industry where a lot of people are new, a lot of companies are new, we have the tenure, we have the systems, we have 20 years of workflow evaluation and optimization. And in the end, we care. It’s mission focused, we care about doing the right thing every single time for our clients.

 

Justin Daniels  8:05  

What I would add to that Charlotte’s answered, well, we do have answered, here’s what I would have answered. Add for our viewers. Yes, Digital Hands does happen to be a client of mine. But what really makes you guys unique, it’s the culture. It’s when you deal with everyone how everyone is such a team and how everyone has each other’s back and how everyone has known everyone for such a long time. It just makes what you do so cohesive, because you can see that people are committed to the mission, because they’ve been there a while they genuinely like each other.

 

Charlotte Baker  8:40  

That’s hard to find. It’s, it’s, it’s definitely something that we don’t take for granted. And thank you for saying that.

 

Jodi Daniels  8:51  

Well, as the business owner, who also cares a lot about culture, I know how important culture is and how hard that can be. So again, kudos to what you’re doing. And it really does make a difference. Because when you’re on a project, and you have team members who know how to collaborate and work together, they don’t have to spend their time figuring that out, they can just get straight to the problems. So the tagline of get their first also is really important, and how they’re even just executing on whatever the task at hand is.

 

Charlotte Baker  9:20  

There’s definitely get there first from a threat perspective, but get there first, as you’re saying, Yeah, from an execution standpoint, and not, you know, we call it high speed, low drag. And everybody really buys into that. And we have people that can be ambidextrous, if you will, and, you know, right with the right hand and their left hand at the same time and fill in for folks and know when to bring in the right. right person. So yes, we’re blessed with a culture that, you know, also extends to our clients. I mean, our clients feel like they’re a part of us and when they show up for our annual Gasparilla style have a stomach, you know that I really am grateful when they say, you know, I really love working with your team and feel like they’re a part of my team. And so that extension into the client cultures is important to us.

 

Jodi Daniels  10:14  

I’d have to borrow that high speed, low drag phrase. That’s really cool. I like that one.

 

Justin Daniels  10:18  

But you know what, Charlotte, I want to ask you actually a follow up question, because I’ve now been to Gasparilla twice. And it’s such a unique event that’s themed around Gasparilla, and pirates. And maybe you can talk to us a little bit about the origins of that event, because companies are always looking for a way to uniquely provide value to customers and prospects. So talk to us a little bit about the origin of that event and why it’s become so important to the company.

 

Charlotte Baker  10:46  

Well, this year, we were, I think this was our 11th, annual 11th annual Gasparilla cybersecurity event. And we didn’t do it one of the pandemic years. Yeah, we didn’t do it in 2021. But we actually were, we were actually one of the last events a lot of our customers attended because it happened in January of 2020, before the shutdown around the March timeframe. But after, if you go back 11 years, actually 12. What happened is, we would gather together some of our key partners and customers and talk about them the year ahead and what we were planning and always happen in January. And so I’ll never forget it. The folks at McAfee said well, why don’t we come down for the event in January. So why don’t you come during Gasparilla and I had a friend that loaned us her boat. And, you know, that happened in you know, 12 years ago, and we started having thought leadership, and the next year it got bigger. And the next year, some other manufacturers that we work with came along, and then more customers and more customers. And then it became a word of mouth and a couple years ago is that RSA and somebody screamed across the floor, there’s the pirate woman. And so it’s become kind of a tradition. It’s an invitation only. But you know, we wouldn’t deny somebody who really wants to attend for thought leadership reasons. And there’s no selling going on at that event. And what you’re doing is you’re bringing we’re bringing in the Secret Service, the FBI, you Justin to talk about, right the insurers, we’re bringing in customers, we’re bringing in case studies, we’re bringing in new companies that are on Bleeding Edge like Bryson boards, organization at Skype. And we’re really getting around the table to share all cameras off kind of that whole idea of when it’s sensitive information, shut the cameras off, and let’s have this conversation so that we can help solution. And so love and years in the making, 12 years in the making, and it has really exploded and it’s something that we look forward to every year, every year, we’re exhausted before we put it on, and I said I’m not doing it next year. And then the day after, it culminates in a big invasion as part of the and you know, there’s an event that’s over 100 years, the 100 125 years, I think it is an event, which is the Gasparilla invasion of Tampa Bay. And so we jump on a boat, we come in and we celebrate and these relationships last for years, you know, we see people that come in, and they’ve been with, you know, five or six different companies over the course of 12 years, but they know each other, they trust each other. And it’s kind of our give back so that people know who to call people know who to call and Secret Service or the FBI, people know to call Baker Donelson people know, and these are relationships that just keep giving back. And it’s our gift back to say, hey, we’re doing this with the intent of bringing a community together that cares and the No button and we don’t allow other people to sponsor it, we sponsor it ourselves. And that keeps the you know, the people from you know, opening up their jackets saying, hey, look, you know, I’ve got a line card I want to sell you and a lot of fun.

 

Jodi Daniels  14:00  

A lot of the topics that are getting discussed these days are security regulations. And I would love to hear how are you seeing these regulations around security impacting your customers and channel partners?

 

Charlotte Baker  14:16  

Well, it’s interesting, because that topic came up, realistically, you know, not just this Gasparilla but the one prior, and you know, I can honestly say that the the topic of privacy, the topic of regulation, that’s impacting everyone and at one point, it was all about what’s my risk of getting fined? Under the regulations we are going to do, do I have sensitive information, do I have PII? Do I have the information? And if breached do, I get fined and am I going to roll the dice separately? Now what’s interesting about it is it’s become not only a conversation about expense and risk, it’s become These regulations have become a conversation about companies not being able to participate in the game if they don’t comply. And so you know, that would kind of be around the trickle down conversation about the SEC rules, even the smaller companies are coming into scope about this. So, the regs are definitely driving behaviors that should be good hygiene in the first place. But it’s kind of the hammer for which people say I have to comply rather than roll the dice.

 

Jodi Daniels  15:32  

We see that often in the privacy space as well, I do think it’s moving away from just that fine. Compliance concept. And moving towards, I have to do this, especially in the b2b space, my customers are expecting this to happen. The consumer side, I think, is waking up to what’s happening all the time. They keep getting all their data breach letters, and wondering how did this flier come in here? Why is this company sharing my information using ways that I didn’t expect, it all takes time to get there?

 

Justin Daniels  16:04  

So Charlotte, speaking specifically about the SEC, cyber rules, why don’t you get out your pirate crystal ball little bit and talk to us a little bit about what you were expecting to see in the next year about this trickle down effect, because you and I both agree that privately held companies who have these publicly traded customers just don’t appreciate what’s coming their way, from a requirements standpoint for security from their publicly traded customer. So maybe you could share a little bit about what you think you’re going to see happen here over the next year or two.

 

Charlotte Baker  16:42  

Well, you know, having been in this industry for so long, we’ve been subject to them in order to do business with large enterprises that we do business with. And so having things like, you know, ISO, PCI, sock two, those kind of things we’ve been, you know, because of the business we’re in, we’ve been on that treadmill for over a decade. What, prior to what happened in DC, I think it was December with the SEC rules. A lot of companies felt like they weren’t publicly traded, regardless of size. Some of these things didn’t apply to them. So we were forced at an early stage to start getting these and I’ll never forget, it was a large insurance company that was our client. And they said, Can you get the PCI compliance? And we said, well, we don’t need it, because we’re not processing, you know, credit cards, we’re not looking at that information. And they said, We understand. But if you would, please get this because it helps us with our regulators. And so we did it. And we were pressured at the time, because of what we do for a living. Fast forward to today, still, companies think that, you know, the SEC ruling that happened in December, really hasn’t gotten out there for a major source of discussion yet. And I mean, even at Gasparilla, some of our publicly traded companies didn’t realize the downstream effect of the SEC ruling on some of their supply chain members. And, you know, when we think about when it’s going to impact, you asked me the crystal ball question. A lot of people since December have not been up for their renewal on their annual contracts as a supply chain member to larger publicly traded companies. And so when they come up for renewal, they’re going to seal a whole different set of questionnaires, you know, you can, and, for example, they’re gonna say, hey, you know, what kind of certifications do you have? And if they say, none, it’s okay, then fill out these questionnaires for us. And the questionnaires are pretty onerous. I mean, you might as well go through the certification process because of the amount of information that’s needed. And I think what’s going to happen is we look, you know, this is March, so the reg has only been out there, and it’s still being disseminated and understood in the last few months. But between now and December, using a crystal ball, all these companies that are up for renewals on their annual contracts are going to be scrambling for how do I comply with this? And, you know, I think that’s where you really got to understand these companies have to understand that that’s more than just going on the internet and downloading a privacy policy or a policy on you know, what you do with your data, you’ve got to actually prove that you do it. And with the privacy laws that are you know, vary by state. You need some help. I mean, even we use you Justin at Baker Donelson to say hey, you know, which ones do we need to comply with? And what are our notices if we are breached and those kind of things. Ie This is not a DIY type of scenario. So I do think that especially people that are not publicly traded companies that are not publicly traded that are in the supply chain doing business with publicly traded companies are in for an awakening that happened in December that they don’t see coming yet.

 

Justin Daniels  20:00  

That’s interesting, Charlotte, because when I get asked that question, the tack that I take is, I don’t think these privately held companies are going to realize that buried in their security addendum they have to sign as if they do have a breach. The publicly traded companies’ money like this is all the information you’re gonna give us because we have to decide if we have to disclose this. And oh, by the way, any kind of public pronouncements, we’ll be the ones doing it, you’ll have little say in it. And it allowed them to throw them under the bus and could cause the privately held company to be in violation of all their other contracts. And unless you understand what that means, I don’t think they realize that should they have a breach, their entire breach response could get hijacked by the publicly traded company, because that’s what they agreed to in these new, more onerous security addendums.

 

Charlotte Baker  20:49  

Ya know, not only would the companies need to have expert advice for setting up an incident response, scenario, communication scenario, even publishing their own policies, they’re going to need to have somebody look at those addendums that they’re signing, because it is buried language, and it does look generic. And then when you really think about it, some of the, you know, we had a conversation with a few companies where we said, what would happen in the event and we painted out a scenario like this, and they said, it’d be lights out. And these were not mine, or companies that would say it would be lights out, these are not startup companies, these were established companies in the SAS arena. And it is something to be concerned about. And you know, with all the noise that goes on in the security industry, in the privacy industry, you know, someone needs to hold up the beacon to say —

 

Justin Daniels  21:50  

Do you realize this is what kind of changing tact a little bit, Charlotte as a business owner, you provide benefits to your employees, because that’s what you do to have the culture that you have and love if you could share the story about how privacy concerns for your employees impacted features relating to your company health care plan.

 

Charlotte Baker  22:12  

Yeah, that’s one that really, really lights me up. Without naming names, recently, we switched healthcare plans. And we had been with one provider, we have a really stellar, we use a very stellar like, pop to your brokerage firm to negotiate the benefits for us. And so we shopped among multiple providers, and carriers if you will. And we chose one for many reasons, but one of the reasons we didn’t choose it is because of a couple of bells and whistles. In the end, it came out to be the, you know, the price of the plan and the richness of the plan for our constituents. And in this particular scenario, there’s a little side benefit. And the side benefit that was described to HR here was that hey, did we recognize that we’ve got this, these, these these funds available. And so we had it with the previous carrier and the previous carrier, set aside funds for us to do health events for our employees. And we would spend it on things that delighted them that got them moving, doing walking marathons and things like that, and had competitions with prizes. And this particular carrier said, we have a program where you earn dollars. And these are like fictitious dollars. And what they’ll do is we’ve got the portal set up, they’ll go into the portal their register, and what we’ll do is we’ll start rewarding them for good behavior that is great for their health. And I mean, it sounded like a great idea. It did not go to our CIO or to me to think about privacy issues, etc. Because it just seemed to be part of a normal plan. And so HR was pretty excited about it. rolled it out. And of course, I’m on the plan. So I thought I’m gonna check this out. And the first thing I did when I went to see about enrollment is it said, you need to click on the privacy policy. Now, most consumers are not going to click on the privacy policy and read a 40 page document. But the first thing I did was say what am I? What am I giving up here? So for dollars, let’s just call it a couple of dollars. I wanted to know if the juice was worth the squeeze. And I started looking at what kind of information I’m giving up. Well, before I got into the actual doing of the site and putting in the information, I see that the statement was that I am freely giving the information. The information is sensitive information. The carrier has affiliates that they can have it to and partners that they can give it to, and basically the world that they can give it to, and they have no responsibility for the protection of the privacy of that data. And they have in the event of a breach, they have no liability, and I have no recourse as the consumer. And furthermore, where it goes and how it’s used, after I put it in, is not going to be governed by them. And, you know, tada, so that really the privacy policy, you know, I downloaded and like read this, you know, and it just, you know, it really is surprising. And so I can guarantee anybody that would have clicked on that would it just had been like your Apple phone, you know, I agree. I agree. I agree. Because if I want the dollars, I need to do it. Then I said, Okay, I’m gonna agree to this, and I’m gonna start going into the website. And some of the information had asked was very shocking. That, you know, you know, it was medical information, it was information about your prescriptions, it was information about things in family history, for example. And I thought that’s interesting. So they’re collecting this information. And so it’s a dumb. Why would somebody want to do this? Why would they be collecting this kind of information? disclaiming any kind of privacy around it? And what is the benefit? Well, the benefit is, is that you the consumer, or the product, when they’re collecting information in order to sell in order to market. And it was really shocking to me that, if you think about how that trickled in, it’s that here is private information being gathered. And an employer that said, Here’s your health care program, and they’ve got this cute little program on the side with these dollars that you can then spend to buy things like a pedometer. And it’s done in a competitive way to say I get points, it’s kind of a gaming way. So you look at reputable companies, your employer, a large top-tier healthcare company, and what you’re not thinking about as a consumers, where’s that data going, and you didn’t read the privacy policy. So it really concerned me that how that came into our organization just. And it’s no different. By the way, if you’ve ever gone to the doctor’s office, this is really amazing to me, and I had several bouts of COVID. And so heart doctor, lung doctor, etc, even my dermatologist uses as one system that again, I won’t name, but you think you’re using it or check in, you’re using it to check in and ease your check, and nobody likes better than to pull up to your doctor’s office not have to wait not to put in a credit card and just fly through the process. At the end of that it’s the same thing. It’s this system marketing to you gathering information, asking you questions, and then selling the information and bringing partners into it. And I think you know, are the doctors offices, getting a free checking system in exchange for saying, as long as the consumer says yes to it, you can mark it to my consumers? And do they know it? Are they aware of it? Because once again, you’re not clicking on that privacy policy. So that whole thing about being an employer, and thinking about the privacy of your employees, or even your customers, you know, people aren’t reading the privacy policies and what they’re putting at risk. And you walk a fine line between being big brother to be protective, and actually saying, Hey, are you reading what you’re giving away? And it? I am, I’m going to be surprised if we don’t see more legislation coming down about the responsibility of people giving away that information that are the conduits for it.

 

Jodi Daniels  29:10  

starlet, I think your story brings up a few points that come to mind for me, one of them is most people aren’t reading that privacy. Notice. I think for a couple reasons. When it’s really long, it’s hard. It’s not easy to read. And so when companies don’t make them even easy to read, no one’s going to want to read them. I would hope that we’d move to people in the privacy space have talked for a long time around the nutrition label concept, but even just visually appealing read, it’s easy to read that check in process. If we’ve experienced the same one, we’ll let it remain nameless. And my very big challenge with it is it’s incredibly deceiving. It’s a massive dark pattern, because that very last page looks like a HIPAA consent. And it’s not. I mean it has consented has health related and you have to really read the fine print in a very small type, no spacing, no pictures, no visual, no bolding, nothing, just a long, long document and you have to really read it. And most people just they don’t understand or they think well, all the forms are all consent. They’re just using the software program. Of course, it’s the doctor’s office that everything there must be HIPAA compliant and safe. I should check the box. Much like how in the first scenario with the insurance carrier? Well, it’s a big insurance carrier, surely there. It’s a big company, they’ve done what they’re supposed to, and people just trust, because of who it is. And I think that element of trust and not realizing no, actually, I shouldn’t necessarily trust them. And it’s really hard to get to the information because of how it’s presented. For me, those are the two really big reasons why we have this conundrum. And companies are continuing to do these practices and get away with them. I am hopeful that there’s enough practitioners out there like us who are trying to get companies to think about it first. And say, if you want to do this, then do it up, right, you know, do it the right way, be upfront about what’s actually happening and educate people and explain, here’s the benefit, you get this really awesome pedometer and all kinds of really cool little benefits, you also have to share all this information to be able to do it. I mean, when your order story, the first thing that comes to mind is that my health activities shouldn’t be rewarded on their own, I shouldn’t also have to go backwards and present who I am health wise to also get the benefit. To me that’s just being greedy with wanting more information.

 

Charlotte Baker  31:41  

Well, who you are giving that information and allows them to then market to you would you be interested in this program? Would you be interested in that program? It would, you know, it gives them a fuller picture so that the holder of the data can go out to other partners and say, you know, I have I mean, it’s down to the basics of marketing, qualified leads, they’re selling marketing, qualified leads have a highly curated audience with attributes that customers themselves has verified that consumers have verified it. It’s not speculative data. And then it’s you know, then the, you know, you think about, you know, how companies market, they look at the price per marketing, qualified lead MQL that Jacks the price up, and so they can sell the data. And it just, you know, that nutrition label concept really is interesting, because, you know, if you did have that nutrition label concept that you’re talking about, it would say, Does this company have affiliates? That there yes. Are they selling the data? Yes. Are they collecting the following types of data from you? Yes, yes. No, no, no, no, no. What are you getting? On average, you’re getting a $10 coupon? And what are you giving? You’re giving all this information? And then, you know, kind of like the checkbox? Is it worth it, you know, at the end of that nutrition label. But you’re right about that one particular doctor’s check in that probably half America’s seeing is that that, that that disguised HIPAA form? Really is shocking. And I’m surprised somebody hasn’t come down on that already. I know.

 

Jodi Daniels  33:25  

We’re gonna keep talking about it forever. But we might talk about some other things. Yes.

 

Justin Daniels  33:30  

Charlotte If you’re at a cocktail party, maybe after Gasparilla, and someone comes up to you and say, Hey, Charlotte, what might be your best security tip? What would you share with our audience?

 

Charlotte Baker  33:44  

But I assume the cocktail party isn’t the day of Gasparilla. So? Yeah, because I’m not sure what the answer would be on that day. Lots of fun. Well, ironically, you know, the number one tip that I’d have is, you know, to an organization is you’ve got to have multi factor authentication. And, you know, that is something that has been touted for years and years. And there’s been a big push in the last couple of years, but you’d be surprised at technology companies. They have about an 87% adoption rate just because of who they are. But when you look at finance and banking, the adoption rate on MFA is about 60%. Healthcare and pharma. It’s far less you know, it’s in the 50s. Government’s in the 40s. The retail is in — I mean, retail’s abysmal, because a lot of retailers are not, they don’t have the profit margins to afford some of this. I don’t want to say they’re cheap, but they’ve got to make survival decisions and they’re in the, you know, they’re they’re just bumping up around a 40% adoption rate. And the reason that’s important is this is a day and an era where passwords just don’t cut it. And you know, that would be my number one. Tip besides MFA, which, you know, again, seems obvious yet adoption, isn’t there? Really, you know, I think what’s important is that, you know, we’re in an environment where you can’t afford to fix everything. And, you know, you could spend all the company profits, or you could spend all the company revenue on having a great security program. It’s just not, it’s not reasonable. So if you’re really going to think about how to grow along the maturity, maturity journey, I think you, you need to have a roadmap and that roadmap would say, Here’s and forget, forget the point solutions. Now one of the things that gets very confusing in the industry is looking at what everybody does, if you go to RSA, there’s, there’s a ton of companies, and it’s called the Hall of smoke and mirrors, you go in there, and everybody talks about what they do. And we really think about it, they do five things. And, you know, it’s where do you fit in the buckets. And so the tip would be to stop looking at point solutions. Look at where you are in the security maturity journey. Get a scorecard on yourself, do it through a virtual scissor service, and we offer those or get get, get a consultant to come in and get get whoever your trusted network is to come in, give you a scorecard, give you a roadmap, and help you so that you look at this, between now and the end of say, three years or four years. And that way you can budget appropriately. And that way, you’re not getting bombarded with information about point solutions, you’ve got a holistic way of looking at it, and then you bring in the solutions as you need it. Right now. There’s just too much technology chasing some fundamental problems that need to be shored up. And technology is not always the answer to the problem.

 

Jodi Daniels  36:50  

When you are not helping solve client problems, and being the CEO of Digital Hands, what do you like to do for fun?

 

Charlotte Baker  37:00  

Well, over the last five years, my time has been spent as passionately dedicating time to the Board of Trustees for the University of Tampa. So I will say that what I’ve done for fun outside of my Digital Hands job, has really been working with the University of Tampa and their governance. And I’m turning the gavel over in May, this last year has been a pretty intense year of selecting a new president for the university. That’s an amazing university that, you know, their programs are second to none. And they’ve got over 11,000 students that we’re going to be getting a new president, and I’m going to be exiting the chair role and turning the gavel over. And so while I have two years as immediate past chair, I’m turning my attention to two new chapters and I have yet to figure out what that is I’ve got until the summer but my heartstrings are really with struggling veterans, and the homeless. And so we’ll see what the next chapter brings. I think, you know, if I had to get out of the dimension of work and and kind of volunteer stuff, thinking about horses, maybe in a new equestrian pursuit, but yeah.

 

Jodi Daniels  38:26  

Well, our kiddos over here, love horses, we have lots of horse books, if you ever would like to read any.

 

Charlotte Baker  38:32  

Better than the privacy policy.

 

Jodi Daniels  38:34  

There you go. They’ll show quote, you’re thirsty. So Charlotte, where can people connect with you and learn more?

 

Charlotte Baker  38:42  

The best way to connect with me is on LinkedIn. And to learn more. You know, I can say that going to our website and taking a look. We’re getting ready to revamp it but going there now we’ll get you a rough approximation of what we do. And there’s some links on there to click and we’ll get the right books to you. But LinkedIn is probably the best place.

 

Jodi Daniels  39:05  

Wonderful. Justin, any parting words?

 

Charlotte Baker  39:07  

The website is digitalhands.com It’s that simple.

 

Jodi Daniels  39:11  

Wonderful. Parting words.

 

Justin Daniels  39:14  

Parting words. Digital Hands: get there first.

 

Jodi Daniels  39:20  

Thank you so much for joining us today packed episode with all kinds of goodies.

 

Charlotte Baker  39:25  

Thanks, I really appreciate being with you guys.

 

Outro  39:32  

Thanks for listening to the She Said Privacy/He Said Security Podcast. If you haven’t already, be sure to click Subscribe to get future episodes and check us out on LinkedIn. See you next time.