Kenji Kuramoto is the Founder and CEO of Acuity, a financial management firm that builds and maintains financial functions for entrepreneurs and startups. Through his work at Acuity, Kenji achieves his core business mission: to offer scalable financial solutions to busy entrepreneurs so they can focus on effectively growing their businesses.
In addition to this, Kenji is also a Founding Venture Partner at NextGen Venture Partners and a Board Member at Entrepreneurs’ Organization. His specialties include strategic planning, financial forecasting and analysis, accounting process optimization, and more.
Here’s a glimpse of what you’ll learn:
- How Kenji Kuramoto’s background in technology and financial services helped him build his financial management firm, Acuity
- What is a fractional CFO and how do you know if your company needs one?
- The role part-time CFOs play in mitigating a small company’s privacy and security risks
- A CFO’s most important responsibility when it comes to privacy and security: raising awareness
- How to quantify a brand’s reputation based on their privacy and security measures
- Kenji’s best privacy tip: SMS-based two-factor authentication isn’t all it’s cracked up to be
In this episode…
Do you ever wonder how your CFO impacts your company’s privacy and security? Or, if you’re a small company without a full-time CFO, are you looking for a better way to assess your privacy and security risks? If so, this episode of She Said Privacy/He Said Security is for you.
Most business owners primarily look to CTOs for their privacy and security concerns. However, did you know that CFOs can also greatly influence your business’ safety? It makes sense: CFOs are privy to a great deal of your company’s financial data and technology, which gives them insight into where you may be at risk for data breaches, ransomware attacks, and more. So, how can you ensure that your CFO is safety-savvy and ready to protect your company’s privacy and security at every turn?
In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels sit down with Kenji Kuramoto, the Founder and CEO of Acuity, to discuss how CFOs can maintain their company’s privacy and security. Listen in as Kenji talks about the value of fractional CFOs, how they can effectively mitigate your company’s security risks, and why avoiding SMS two-factor authentication is his number one privacy tip for individuals and companies. Stay tuned!
Resources Mentioned in this episode
- Kenji Kuramoto on LinkedIn
- Kenji Kuramoto on Twitter
- Acuity
- Google Authenticator
- Authy
- Jodi Daniels on LinkedIn
- Justin Daniels on LinkedIn
- Red Clover Advisors
- Red Clover Advisors on LinkedIn
- Red Clover Advisors on Facebook
- Red Clover Advisors’ email: info@redcloveradvisors.com
Sponsor for this episode…
This episode is brought to you by Red Clover Advisors.
Red Clover Advisors uses data privacy to transform the way that companies do business together and create a future where there is greater trust between companies and consumers.
Founded by Jodi Daniels, Red Clover Advisors helps their clients comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. They work with companies in a variety of fields, including technology, SaaS, ecommerce, media agencies, professional services, and financial services.
Their free guide, “How to Increase Customer Engagement in a Private World,” is available here.
You can also learn more about Red Clover Advisors by visiting their website or sending an email to info@redcloveradvisors.com.
Host (00:01):
Welcome to the, She Said Privacy. He Said Security podcast. Like any good marriage, we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.
Host (00:22):
Jodi Daniels here. I’m the founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and a certified information privacy professional, helping to provide practical privacy advice to overwhelmed companies.
Host (00:37):
Hi, Justin Daniels here I am passionate about helping companies solve complex cyber and privacy challenges during the life cycle of their business. I do that through identifying the problem and coming up with practical implementable solutions. I am a subject matter expert in cybersecurity and a business attorney at Baker Donaldson.
Host (01:00):
This episode is brought to you by Red Clover Advisors. We help companies to comply with data privacy laws and established customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, SaaS, e-commerce media agencies, professional in financial services. In short, we use data privacy to transform the way companies do business together. We’re creating a future where there is greater trust between companies and consumers to learn more, visit RedCloverAdvisors.com.
Host (01:35):
So before I introduce our guests today, what is today, Jodi?
Host (01:40):
Ah, yes. The day of recording it’s data, privacy day, happy data privacy day. Woo.
Host (01:45):
And this is also my first episode as a fully FAA, licensed commercial drone pilot with a, with a drone, with even a better camera to come and surveil your whereabouts during the workday. Thank you.
Host (02:00):
You can keep stocking the dock. That’s great
Host (02:03):
With that in mind. I want to introduce our guests today. So we have Kenji Cora Moto, who is the founder and CEO of Acuity, which has provided fractional CFO and accounting services for thousands of entrepreneurs and small businesses. Hello, Kenji. Hello,
Kenji (02:23):
Jody and Justin so glad you’re here. This is to, yeah. What a momentous day to be here on a national data, privacy day, Justin getting some kind of licenses. It sounds like he can go break privacy laws and spy on people with, I mean, it’s just, it’s all coming together. This is perfect.
Host (02:41):
Everyone should have a drone pilot in their family.
Kenji (02:44):
Sure.
Host (02:46):
Yeah. So I’ll spare you the five months of he’s studying every Sunday night and all this other stuff, but I’m excited. I wanted to fly an airplane like the, you know, the ones that go in the sky and Jodi was like, yeah, you’re not going to do that. So this is where we came to our marital compromise.
Kenji (03:03):
Is there a such a thing as a top gun for drone pilots? Is that something you can pursue?
Host (03:09):
Well, it’s funny, you said that because on LinkedIn, I said, move over Goose and Maverick ghost rider says the pattern is not full – in the air I’d come maybe one day, maybe one day it’s easy to fly in certain ways near stuff, as you would think. But with the AI and whatnot, we could do a whole show, but let’s talk about yes, but we could do another. All right. So let’s talk about fractional CFO and let’s begin. So Kenji, talk to us a little bit about your interesting career path to where you are today.
Kenji (03:46):
So I guess where I started, I, I somehow in college picked accounting as a major. I’m not sure which kind of broken individuals do that, but I was one of them and I do it. I knew there was something about you that they’re like, yeah, those are so coming out of college went to go work for in the big six back in the day when there was a big six for a firm called Arthur Anderson. And if you’re of a certain age, many people, you may have heard of Arthur Anderson. If you’re not, maybe you’ve heard of them because you’re big into watching documentaries about major fraud cases. So, you know, that’s where I started my career. I was, I was not involved with any of that, but I started doing their Atlanta office working in the audit practice. And while it was a wonderful place to start a career, it was not the most riveting of, of career choices.
Kenji (04:43):
I felt. So I left about four or five years in and went to go work for a technology services company. This is right around 2000. So this was when the first big .com bubble was building. And so I had thought, Oh great, I’m going to go and help them go public. Cause if you had any kind of form of technology in the business, that’s what you did. You just naturally went public. And so I went there as their controller, which is kind of a mid tier level financial role and an accounting function. And then about a year after I was there, the old bubble burst and we weren’t going public and the mission became, how do we keep the small startup technology company from completely cratering? And our CFO took off. So I got promoted to the role of CFO as a pretty young professional, trying to keep this thing out of the ditch.
Kenji (05:38):
We managed to do that and ran that business for about four years, really enjoyed kind of the small entrepreneurial tech field. And then I found myself just with other friends of mine who were entrepreneurs or small business owners were kind of asking for things like, Hey, could you help me with financial model? Or I think I’m starting. They want to start something and it would, we’d go out and get drinks or catch up, but I’d kind of share some advice. And I was having fun doing that, kind of just moonlighting doing that, you know, getting compensated and time with friends or with a drink or dinner and thought, you know, can, this could be kind of fun actually to do something more consultative around my two backgrounds, right? So one being, having a fairly good understanding of what a, an accounting infrastructure should look like from a big global firm perspective, but how do you apply that into a smaller startup company perspective? So that’s when Acuity started, that was 2004 can’t believe, 17 years ago. And started with the very first service line that we offered was fractional CFO services. So we started looking for Atlanta entrepreneurs who were just like some of my friends who just said, Hey, I certainly don’t need you full-time but could you spare a couple hours a week, a month? It’s kind of help with this CFO role. And so that’s how we started.
Host (06:56):
And so 17 years later, you have fancy hats on, and I am aware of Arthur Anderson. I actually started my career at Deloitte for five years and then left and went into Sarbanes-Oxley implementations. That’s what was the big thing after? And I was actually just talking to someone how I don’t hear about accounting frauds anymore. So either reporting them or Sarbanes-Oxley is doing a good job of mitigating
Kenji (07:29):
There, there, there they’re certainly there there’s probably some less with, with newer controls and things like Sarbanes-Oxley our, our also maybe just our Arthur Anderson Enron one just sucked all the air out of the room and nothing you paired anything that large and everything just seems, you know.
Host (07:44):
Yeah, exactly. Super small in comparison. So talk to us more about how does a company know needs a fractional CFO and what, what does a fractional CFO do?
Kenji (07:56):
Yeah, so it can get a little confusing. And I, I think the simplest way to think about what a CFO does is that really almost everything a CFO is doing should be forward-looking. And in fact, much of accounting work we do is historic it by nature. An event happens, a transaction occurs and the accounting team goes and organizes it in a nice way and sticks it in essentially a database and out you get meaningful financial data. But a lot of that is very historic in nature. So a lot of the roles below a CFO, like a controller that I was for many years, we offer those services or bookkeeping the best way to think about those are those are activities that are kind of happening currently on your financials. Or maybe in retrospect, you’re trying to organize them to get ready for taxes. The CFO function should predominantly if not, totally be forward-looking.
Kenji (08:49):
And so you’re doing financial modeling, you’re doing forecasting, budgeting and planning. Oftentimes there’s two, if there’s a lot of external stakeholders involved in the business, the CFO will play a more external role and meeting with bankers and investors folks like that helping kind of manage the relationships with the board of directors. But yeah, I like to think of it when people were kind of confused about what, which role goes, where is that it’s really should be in a very forward-looking state. So that’s where we kind of provide, I mean, small businesses, again, that’s a function that most of them will maybe have some aspect of, Hey, I’ve got someone who’s working in QuickBooks for me, who’s keeping things organized. Is that a CFO? And we typically say, no, that’s probably not. Unless for some reason that person is also doing some excellent modeling and forecasting that help the business make some decisions about future events.
Host (09:39):
So is there a baseline or a size company? So in other words, when should someone be thinking, Oh, I really need that person. Yeah.
Kenji (09:48):
Yeah. So it tends to be somewhat industry depending on the industry, the size of the company, but also what events are happening. And so you can be traditional business, you know, you might not have much in the way of needing a CFO as you hit a few million dollars in revenue. You might just very sporadically need someone just to help you think about a budget or maybe you’re going to need some help thinking about going and getting a loan at the bank. So you might have very, only very specific needs. And you might, it may be worthwhile engaging someone just once, twice a year, every blue moon for something like that, when it starts to become more, Hey, we should probably get someone in a dedicated role and this could be full-time or it could be part-time depending on how much these events happen is we typically see that all of a sudden, either the business grows and scales dramatically from a revenue standpoint, usually the complexity follows there, or you could be a startup company.
Kenji (10:45):
And suddenly you’ve got a cap table full of a lot of investors who are expecting good, clear reporting and accountability, and maybe revenues are small, if not small, maybe non-existent, but you’re raising significant rounds of capital to where then all of a sudden having someone in there to kind of do some of that board reporting back and forth is typically where we also see businesses needing CFO’s presence ramp up a bit more. So those are a couple of different flavors. If you’re more kind of an organic growth story, I would say that by the time you’re kind of hitting four or $5 million in revenue, there’s certainly a, probably a few needs you have on a somewhat regular basis. If you are a investor backed company you’re probably gonna need it much sooner than that, just to term some of that’s determined based on the complexity and size of the, of the investor deals.
Jodi (11:33):
Super helpful. Thanks.
Host (11:35):
Awesome. I think now, Kenji, we want to take the conversation with the CFO and focus it a little bit more on this privacy and security concept and would love to get your thoughts around the CFO’s role in these earlier stage companies and how the privacy or the security issue does, or maybe doesn’t come up when it should.
Kenji (11:57):
Yeah. It’s a great question because it’s, you know, the way we view the CFO as having a role in that, certainly. But again, these are small, early stage companies and I think, you know, you’re limited in your resources for what you’re going to be able to do. You know, we’re a small business, right? We got started, you know, Jodi, I think a Red Clover, right? You get that going and you go, you just, you know, there’s not enough people to wear enough hats. We’re kind of growing into those roles. So what do you, how do you approach security and privacy? There is no full-time CFO there there’s no full-time CTO, there’s no chief privacy officer there. So how do you start implementing some of the things that someone would do in those roles in the larger company? And I think that the CFO role is certainly not the expert when it comes to security and privacy.
Kenji (12:44):
I viewed that that what a CFO can help with the most, in that case is helping think what the financial impact of a privacy or security issue is. And I think that’s important because, you know, while you’re helping quantify that risk, you can then start prioritizing the risk. You can really get a sense of, okay, go, Oh gosh, if that event does happen, the magnitude of that is much larger than the magnitude of this other risk. So we being limited in resources, we probably need to take our limited resources and apply them to where the magnitude of risk from a privacy or security issue is going to be the highest. And so I think it kind of starts there in, in, in being able to, first of all, just assess the risk so that at least the business can be aware of it. And then you have to kind of start looking for professionals or other people to help you. So that’s where the first place I like to make sure our CFO team is thinking in terms of quantifying of risks.
Host (13:42):
Can you use a follow up to that when I’ve worked with smaller companies, usually the privacy or the security comes up in one of two instances, one, you have an event. And now as I like to say, you are reborn because if you’ve had to have, if you’ve dealt with ransomware and it shuts down your company that gets everybody’s attention. But the other one is when you want to do business with a larger enterprise who starts asking you the questions or who says, Hey, you know, Mr. Startup or small company, I like what you’re doing, but if you can’t meet my privacy or security requirements, that’s going to be a barrier for you to even get in the door, to get to that revenue in the contract.
Kenji (14:23):
Right. Absolutely. Yeah. And we see that quite a bit. I think that there’s nothing like, and it’s unfortunate when there is that, like the first thing you mentioned you a serioes of an events happened, right. Suddenly, wow, all these things like policies and procedures and proper use of tools and technology and training suddenly become important when they weren’t, because there has been an event now. And sometimes that event very clearly has a dollar denomination attached to it, which nothing like to get a business owner’s attention when, when he’s going to have to go out the door for, to deal with an issue. But also it’s more on the second part of that opportunity costs, you know, Hey, you built a business depending on who you’re working with could be a government entity could be a large scale, fortune 500. That is going to have some requirements to say, Hey, to do business with us.
Kenji (15:11):
We’re going to ask you to jump through some hoops. And that’s just the cost of doing business to where we’re going to have to go and operate in a way that shows more transparency into our processes, into how well we’re holding customer data in managing it and keeping it secure. So those do come about. And again, I think it’s, we see it across the board in different places, but in different scales, you could be a venture funded software company that is doing electronic medical records, right? For you know, state run medical centers. And you go, okay, you may not be very large, but you can just immediately think that all of the different areas of security and privacy, privacy issues around investors, HIPAA, patient lawsuits, intellectual property protection, there’s just a multitude of things there. And you might think that like the local pizza joint, right, as a small business goes, well, you know, their, their issues pale in comparison, they might in certain ways, but they’re just different right there. There’s credit card fraud. We’ve seen issues with security, you know, people the way that people have used security videos and cash that, so there’s different orders of magnitude. And it’s not always applicable to every business owner, but yeah, we see it from whoops, an event happened and it’s costing us. And then also, whoops we’re not going to get this amazing opportunity if we don’t put some things in place, depending on who the business.
Host (16:37):
So when you see those types of things and let’s take maybe those technology companies more than the, the, the pizza joint cause they’re really going to have that B2B impact a lot more. And they’re a bigger target from an external viewpoint. How are they starting to tackle privacy? And you know, so there’s these risks, the CFO’s recognizing there’s a financial consequence either to revenue, won’t get the deal signed. There’s a financial consequence to potential investment. It might not get the continued investment or there’s the financial consequence of, of a data breach. The marketing team over there might be talking about trust and brand and the impact from that standpoint. So when companies are, have these types of conversations, where what happens next and what role do you all play in those conversations?
Kenji (17:26):
Sure. Well, like I mentioned, I think first it’s the awareness and sometimes when you put a price tag on it, which again, should be accounting, financial teams should be able to help put a price tag on it that should help drive some of that awareness. Okay. Okay. We’ve got some issues here that could potentially bubble up. We need to kind of deal with them. And then I think to your point, like, what’s next, okay, great. You’ve got some of these risks. How do we go about them? And in some cases you know, you certainly look for whether there are just processes that can be deployed, you know, to go ahead and start mitigating. Some of the risks, are there just some better processes that we need to put in place? And then after processes, I mean, usually kind of maybe in conjunction with process and we start talking about certain systems, do we need some external tools that are going to help mitigate risk and some things around there.
Kenji (18:16):
And then oftentimes once we’ve kind of, I won’t say exhausted, but maybe put forth great effort on the process side, the system side, then you may be looking at from an insurance standpoint, where are there gaps, you know, how much can we really do as an internal organization in different software and where are we gonna need to find some places to do some gap fill because maybe we just can’t tap down every single risk. So we need to maybe look for some coverages to kind of fill in between and does that, you know, do the combination of those things, get us to a place, whether we can talk to the business owners or the investors or wherever it might be to say, Hey, that’s going to put us in a, a good enough place where we can still execute on the business and not be so worried about either the likelihood of huge expense exposure or the huge loss of revenue.
Kenji (19:04):
And then that’s going to needs to be reviewed and updated on a regular basis, going back and assessing those risks. And so that’s, that’s usually the way that we typically go about it. In many of those places, when it comes to processes and systems, we’re not the experts we would, I’d be, you know, calling Jodi or Justin going, Hey, what do you guys think from this? Here’s something from a HIPAA perspective, that’s outside of our league, what would you recommend? But someone and usually a good place to start is the accounting financial team. They typically tend to be a little bit more process oriented, a little bit more risk attuned is a good place to start that. But then oftentimes you need to bring in those other experts to help build that, build that entire risk mitigation profile in place for the company.
Host (19:45):
So Kenji you mentioned the issue of insurance because I find in most smaller companies from a cyber perspective, the CFO is intimately involved in that because that’s for many companies, smaller ones they use, I like to say they use cyber insurance as a panacea and not a tool in risk mitigation. My question is obviously there’s data out there about cyber breaches and whatnot, but a lot of things that Jody always talks about as I do as well, is about the reputation of the brand. And I’ve been in conversation where people will, Justin, how do I put a, put a figure? How do I quantitatively evaluate that? And I don’t always have a good answer. And I’d love to get your perspective because there is that trust of brands we’re seeing what Apple just came out with. With there are no iOS for privacy and Facebook and others, but for smaller companies love to get your perspective on how do you quantify this elusive concept of the reputation of your brand from a privacy and security perspective.
Kenji (20:45):
It’s whenever a client of says, Hey, we need some help measuring or doing ROI on things like marketing or branding, right? It it’s, it’s a challenge. I mean, it’s a, it’s kind of an interesting challenge, right? That’s sometimes very interesting projects, but it’s also difficult and there’s usually some ranges of possibilities or ways to approach that. You know, again, I think there’s one of the ways that I think sometimes can be a little more resonant with clients, even though these are perfect is in thinking about clients who are going to maybe run through an RFP process or have a very competitive process when it comes to acquiring clients. And, you know, we know that we’re going to be one of three vendors looked at here or however many. And in certain cases we can say, gosh, well, we can start looking at what the cost of acquiring a client is.
Kenji (21:34):
And any time that maybe someone has a better brand than we do, and from the sense of whatever it might be. And maybe in this case, it would be in reputation because they didn’t have a breach. Now we got, Oh my gosh, we had a breach. That’s probably going to affect our close rate when we’re going competitively against these other firms that haven’t, and you can start actually, if you’re doing, it’s going to impact your closing rate of how many deals you close and you can estimate that to some extent you can actually start working into, well, gosh, if our close rate goes down, then what that’s really telling you as a business is the cost to acquire a new customer, just went up, just got more expensive for you. And so, you know, can you specifically say that because of the reputation image of our brand, that we know that it had an 18% impact?
Kenji (22:20):
Probably not exactly, but you can probably start working through those and getting at least in mind of going, okay, where do we have to protect reputation enough to where we just can’t keep losing out, see these other, other competitors of ours. And that may be a way to approach it from I use it like doing that with, with entrepreneurs. It’s a little bit more of an I think a positive or a way to look at it and going, okay, we, we want to close more deals more than our reputation higher. We want to improve that close rate of an acquisition of new businesses. The other way you can go at it. And that’s a bit more of the carrot approach. You can go the stick approach, right? If you want to go well, Hey, let’s take a look at what this has cost other businesses.
Kenji (22:59):
Who’ve had a reputation hit because of privacy issues or lawsuits. And you can dig around a little bit and talk to some of your favorite lawyer friends, right? And say, Hey, can you give me some insights on what you’ve seen the typical cost for someone to go defend this type of legal action if it comes up and that’s a bit more of the stick approach, you know, but you can kind of use those as a little bit of some ways to quantify and get at least some dollars in mind of either lost revenue again, or the expense. If again, that brand reputation takes a hit, but it’s still a little bit some there’s going to be some art in that. Anytime we always say there’s marketing and branding, and there they’re a little bit of arts not purely science on quantifying that ROI.
Host (23:41):
I think that makes a lot of sense. You’ve you mentioned something that’s really interesting to me, the carrot and the stick. So there’s going to be more privacy laws coming, more security breaches. And I’m very curious to know when you’re talking with companies, do people gravitate, just, just kind of your sample size of those that you’ve worked with over the years? Do they gravitate more to the stick or the carrot?
Kenji (24:08):
I think ours go more for the caring. I mean, these are, we’re dealing with entrepreneurs who are, who started something and their stars are in their eyes and they are just going, going, going. They tend to be more of a ask for forgiveness. So I think they’d have a natural bend and lean toward, you know I’ll deal with that risk if it pops out and they’re looking for, how do I take down more business – How do I grow, grow, grow? And so yeah, I think that’s where most of have a proclivity in that direction is they’re already thinking they don’t usually need a whole lot of stimulation around the opportunity. They sometimes need to go, Hey, time out a little bit here again. I know I’m playing the CFO wet blanket, the person that says no, but someone in the organization needs to be talking about some of the discipline we have to where we do need to be cognizant of, you know, new things coming out.
Kenji (24:57):
Have you seen, I’ll give you a good example of this one is I think a lot of small businesses, especially in the tech space go through, you know, probably some gray areas and they shouldn’t be greater as they’re around can- spam, right? Because how are you doing grow, grow really quick, right? We just closed our series a and we’ve got a couple million dollars and the investors all say that they want us to grow sales and marketing. So we’ve seen that very frequently as a very fast way that people love to jump in and go, well, let’s go sales and marketing. Let’s go get some lists and let’s pump it in some systems and let’s go, go, go. Right. And that is a very frequent one that we see that clients in tech companies that don’t always consider like, are we doing this in a, a way that follows some of the legislation out there and they don’t really stop and ask that it’s more like, Hey, investors said, we got to grow, we’ve got to grow sales and marketing acquire new customers. We’ll figure out that later. I don’t know if you’ve seen that thing. I know that’s a place that you work in Jod
Host (25:55):
Yeah, I see all different kinds of things. The other one that people should pay a lot of attention to is just in the United States is TCPA the texting one, which texting, supposed to continue to catapult even more people are going to want to jump on that bandwagon. And it is a polar opposite to can- spam. It is an opt in approach. So anyone listening it is opt in and there are plenty of plaintiff’s attorneys just waiting to pounce and find the companies that are not doing what they’re supposed to be. But certainly that is true across all types of marketing channels. People want to grow. And, and that’s the interesting challenge. And why I asked about the carrot versus stick approach is oftentimes what I see is it’s a lower priority, but it’s a real business risk where they’re losing deals. And so they’re losing sales. And then when there’s an issue, aside from the loss sales, you potentially have the increase costs for fines. That’s just very expensive to deal with. So that was why I was so interested to hear what you see.
Kenji (26:59):
Yeah, it’s, it’s, we we’ve always liked. It’s probably one of the reason, one of the reasons why we liked working with startups, one, me and my partner and I, and our team loves just new technology and things like that, which is great. And so many of us have worked in startups, but also because at some point usually investors come in and professional investors come in and there’s nothing like was we say all of a sudden professional investors coming in that allows the organization to quickly go, you know what time to kind of act more like professionals. So let’s get better for us in the accounting and the accounting world. It’s like, let’s get better revenue recognition policies, gap based financials. But we tend to see other places too, where they say, Hey, let’s go and let’s go and fix some other risks here. That in certain cases, it’s, it’s been a little harder to get the self-made entrepreneur. Who’s the only person on the cap table to really make a move on that when they’re pulling down a lot of money each year and they’re like, yeah, things are fine. It’s hard to sometimes get them motivated.
Host (27:56):
It’s funny you say that Kenji, because I’ve spoken to at investor events where they bring, brought me in to do a tabletop or speak about cyber and from a professional investor standpoint, I’ve had them tell me, yeah, that’s about 10th or 12th on our list. So there’s obviously an education gap there as well. Cause in the series, A I’m worried about keeping the lights on and growing revenue. Justin I’ll deal with this problem. The challenge comes is if they get the problem, it could wipe out the entire business. Cause I’ve seen that as well. But I would like before we ask you a personal question to say, okay, when you guys think of this carrot and stick, I’m thinking about chocolate and peanut butter in the Reese’s peanut butter cup. And I’m thinking it’s more of a chocolate. That’s how I’m thinking about this approach now because it just, I have the Reese’s peanut butter cup in my mind.
Host (28:45):
See, I have some of that because it chocolate covered broccoli. They, everyone wants chocolate. They don’t want broccoli. You have to eat more broccoli. So give them, give them their chocolate, but then cover it in broccoli. Yeah. Got to dress it up somewhere,
Host (28:59):
Thinking this’ll be your set Red Clover with the chocolate covered broccoli anyway. So Kenji would love to get your perspective as a business owner who also advises small businesses as well as do you have a best personal privacy tip?
Kenji (29:18):
I’ll just share one that I’ve been doing more and more of these days, it’s around two factor authentication. And he is really trying to move away from some of the text-based. I think two factor authentication is great. I’m not crazy about some of the SMS space or text-based, because we’ve had some problems with that and have started really using more of some of the authentication tools, Google authenticator, things that are a little more secure, just because, you know, I think you can realize depending on what kind of device you’re using, your, you can get your SMS, text messages coming in on your computer. And so in some cases you lose your computer, someone gets access to it. You know, the two factor authentication doesn’t really work that well because they’re also giving the authentication. We’ve actually had, we do a lot of work in crypto which is a whole other ball of wax, which we should have you should, if you ever want to get to that, to have my business partner on is the real expert.
Kenji (30:12):
But we’ve had some issues where we’ve been targeted with SMS attacks to us. Because these crypto companies can sit on a lot of currency that can disappear quickly. And we’ve seen that. I think people think that, Oh, I’m getting a text message, which means it’s secure. And if you don’t understand the full process that people can go actually go and take over a phone account. And maybe not everyone going through that. But I would say that we’ve seen more and more sophisticated hacks around that where I think people just assume that text-based two factor is the gold standard. And I think there’s some better approaches out there that are actually pretty easy despite adding on your phone or your Google authenticator, which we’re starting to see more and more than I think some of the better software requiring that as the standard versus some of the tools, that’s a relatively easy one that people can add that doesn’t add much complexity in their day. So yeah,
Host (31:11):
It’s a great recommendation. I use Authy and really enjoy it. What’s nice about Authy is it can be on your computer or your phone and they’re in sync. Which is,
Host (31:19):
Which is great. It is nice. Yeah. So
Host (31:21):
When you’re not using two factor authentication and not advising people what do you like to do for fun?
Kenji (31:30):
Well you know, let’s see, what do I like to do for fun? I think the, my most recently the thing I’ve been doing, I think everyone’s got their COVID hobbies, right? So, or something they’re doing there. Mine has been a little funky and then I started brewing my own beer. I know lots of people were doing making their own bread and things like that. I thought, well, how about the liquid version of bread? And so, yeah, I’ve been brewing my own beer. So the basement and unused portion of the basements turned a little bit into my old brewery area. Yeah. I’m on batch number. I think 11 now I’m getting better slowly. So I still waste these beverages on friends of mine. And some of them are, you know, good enough friends that tell me the actual truth.
Kenji (32:18):
Some of them kind of go, Oh, it’s great. And probably dump it out, you know, as soon as I leave, but it’s actually been kind of fun. It’s been something that I’ve enjoyed doing, takes up a takes a little bit of time, but it’s been actually the most fun part about it has been whether they’re friends, the neighborhood or other friends on sometimes just go surprise and be like, leave a couple bottles on their doorstep or stick them in their garage. Like, Hey, go check on your work bench. I put a couple of bottles out there. You know, this is not a great beer, mind you, but I think it’s been kind of fun. Like you feel like you’re leaving little gifts and people get a kick out of it. So that’s been kind of my fun thing I’ve been doing more recently. We’ll see if that continues to go at the pace it has been. I don’t know if there’s going to be a brewery in my future. I don’t think so. It’s been, it’s only been up on pastime or I’m at home more often these days, so.
Host (33:06):
Excellent. Well, can you, where can people find you and connect and learn more?
Kenji (33:12):
Sure. you can find me on Twitter. You can reach out to me there. It just Kenji Kuramoto there’s my Twitter handle. You can connect with me over on our website, which is just acuity.co. So not.com, but just acuity.co. You can find me there and love talking to other small business owners. So feel free to reach out if you have any questions.
Host (33:33):
Wonderful. Well, thank you so much. It was great to have you
Host (33:36):
Thanks for listening to the, She said Privacy. He Said Security Podcast. If you haven’t already be sure to click, subscribe, to get future episodes and check us out on LinkedIn. See you next time.
Privacy doesn’t have to be complicated.
As privacy experts passionate about trust, we help you define your goals and achieve them. We consider every factor of privacy that impacts your business so you can focus on what you do best.