Listen on These

Tom Held on Cyber Security, Phish Testing, and IT Risk Management

Episode: 30

The greatest thing to do, the best thing to do, is to be prepared But if you’re not prepared, it’s going to bring down your business. ~Tom Held

If you haven’t given IT security much of a thought, this episode will change your mind about doing so…immediately!

I got the chance to speak with Tom Held, Senior Consultant of Cyber Security and IT Risk Management with The Oakland Group, about intellectual property theft and why your business – yes, even a small nuts-and-bolts kind of distributorship – is ripe for ransoming.

The thing about ransomware that you don’t hear about it because it’s happening on these small scales, says Tom about the day-to-day business of hacking.

Once the domain of basement-dwelling malcontents, the industry is now a profitable, illegitimate revenue stream. At one extreme are the organized crime syndicates from countries like Russia and China making big news by targeting large corporations and institutions. But a more likely threat to your business is posed by the 9-to-5 job con men. These criminals hit multiple small marks in a day, racking up millions of dollars a year with dozens of daily low-ransom hits – all from the relative safety of the internet.

In addition to jamming company laptops, phishing tactics – those help a Nigerian prince reclaim his kingdom emails – have also become more sophisticated. Think you’re too savvy to fall for a fraudulent bank notice, tax documentation request, or accounts payable issue? Think again.

We’re vulnerable to our daily routines, right? We’ve got other things to worry about, says Tom. Those day-to-day responsibilities can overpower our better judgement, especially when we’re in a hurry.

That email comes in and, okay, fine. I’ll click on this thing… By the time you’ve realized what you’ve done, the damage is done and it will cost you not only money but lost time to repair your business.

It’s difficult to persuade small businesses they need cybersecurity but Tom has seen hacking’s devastating consequences. He recommends three key actions for getting a handle on your exposure.


Distribution Talk is produced by The Distribution Team, a consulting services firm dedicated to helping wholesale distribution clients remove barriers to profitability, generate wealth and achieve personal goals.

This episode was edited & mixed by The Creative Impostor Studios.

Connect with Jason on LinkedIn:

Connect with Tom on LinkedIn:

Phish testing strengthens employee susceptibility to socially engineered scams.

A data inventory and risk assessment narrow down potential access points for hackers. Where’s your going? Where’s it being stored? Who’s sending it?

And creating policy ensures that protocols are in place before your company is forced to address a breach.

Still not convinced? You may find yourself scrambling for Bitcoin and taking ransom instructions from a hacker’s hotline.

In some cases, the customer service is so great that you’re almost reassured that you will [regain access to your data] because they want future business, Tom says. What’s odd is, in this industry of ransomware, the big players want people to know that they will get their stuff back because then they’re more likely to pay the ransom.

That’s a level of dark web client care we can all do without.

Episode Sponsor