August 7, 2022

JF2896: Cyber Security Tips for Investors ft. Timothy Cague

Timothy Cague is the President of The Cyan Group LLC, which specializes in cyber execution protection and monitoring services for numerous Fortune 500 clients. In this episode, Timothy shares his advice for high-net-worth individuals on how they can protect themselves from cyber threats and keep their personal information safe.

New call-to-action

Timothy Cague | Background

Timothy Cague, President of The Cyan Group LLC, specializes in cyber executive protection. He has a Master’s in Business Administration from the University of Maryland University College and a Bachelor’s of Science in Computer Engineering from the Rochester Institute of Technology. After graduating from RIT Tim served as a Communications Officer in the U.S. Air Force and later as a government contractor. He then went on to found The Cyan Group where he and his team provide a wide range of Cyber Executive Protection and Monitoring services for numerous Fortune 500 clients.

Say hi to him at

Download the Cyan Group Social Media Contract here!


Click here to know more about our sponsors:

Trevor McGregor Coaching 

Trevor McGregor Coaching 


Cash Flow Portal

Cash Flow Portal


Cornell Capital Holdings

Cornell Capital Holdings



Joe Fairless: Well, hi everyone. Welcome to another Wealth of Knowledge interview. Today we're gonna be talking about cybersecurity and how you can protect yourself against online threats that you might be aware of, but also online threats that you might not be aware of. What information of yours is currently out there and for bad guys to come across and do bad stuff with, and what can you do about that. So today we're talking to Tim Cague. First off, Tim, how are you doing, my friend?

Timothy Cague: Good. Thanks for having me.

Joe Fairless: Well, my pleasure. We're speaking to Tim and he's gonna help us navigate all those questions. So a little bit about Tim - he's a president of the Cyan Group, he has over 20 years experience specializing in cyber research and analysis, he went to the Air Force, so first off, thank you for your service in the military; I sincerely respect you and your colleagues for that. And he has a background I'm gonna let him talk a little bit more about, but as president of the Cyan Group, he and his team provide cyber executive protection, due diligence and investigative research to high net worth individuals and corporations. So this is what he does for a living, and we're going to enjoy your time with him to learn more about how we can protect ourselves.

So first off, Tim, let's start with just a little bit about yourself as it relates to cyber security and protection. Can you tell us a little bit about your background?

Timothy Cague: Sure. So I've been a computer nerd since I was about eight years old. I grew up in a family that owned a computer store, went to college, got the computer degree, but then I entered the Air Force. And I had some amazing opportunities in the Air Force to travel around the world and protect our base networks from the bad guys. So acting as kind of the bad guy, see what vulnerabilities are there... And this was wonderful. After leaving the Air Force, I wanted to capitalize on that, and I got into something called Open Source Intelligence, which is exactly what we're here to talk about today... But for the government realm. What can we find that's out there to protect our country? And that was a really great experience. I love doing that work. I feel like there's a lot of interesting information you can find on the internet that you don't have to put other assets in place to do that.

So I decided to make the move many years ago to start the Cyan Group. I said "If we can do this for the government, imagine what we can do for high net worth individuals, public figures... We know we can help them out." So we didn't want to be the company that was just protecting routers and doing antivirus. There's this whole other overlooked area that we saw, which was finding information on the internet for our customers and getting ahead of it, and helping them secure things that are out there - their social networking profiles, all of their accounts, finding out when their data has been breached.

So that's where we came from. It's a very interesting realm, we don't see a whole lot of individuals that have focused on this very specific aspect of protection... We think it's often overlooked. People are like, "Eh, it's the internet. Eh, my information is out there." But it is a very serious topic for us.

Joe Fairless: It's very serious, because money aside, reputation is much more valuable than anything. I'm thinking someone could do some very bad stuff, that could be completely untrue, but they can manipulate things online, and if you're not staying ahead of it, then that's a problem. And that's an unlikely circumstance or situation, I imagine, but still, there's all sorts of things that could come up.

So let's talk about something that piqued my interest when you were talking about your background, and that is you were pretending to be a bad guy and you would try and see where there were breaks in the system. I believe you were mentioning that was when you worked in the Air Force, right? Working for the government. So let's not talk about that necessarily, but let's take that same principle or situation and let's apply it to a hypothetical high net worth individual. If you were to act as a bad guy and go after a high net worth individual, what would be the steps that you'd take, and what would you try to do to benefit yourself, and then also make life miserable for that individual?

Timothy Cague: Absolutely. So we have the unfortunate experience of dealing with the adversary acting like this towards our clients. So it puts us in a position of "Let's pretend we're them." We always start with a baseline for our clients. Let's pretend we are the aggressor. Let's go see what's out there. So in the first phase of any job like this, you're gonna go out there and canvas. But not just the individual; you have to look at their family, you have to look at their business, you have to look at their homes. Did a child take all kinds of photos inside their house with geolocation data, and posted on that on the internet? Did a lawyer file some company documents and have your signature all over them, and those are now publicly accessible? So it might not sound like "Wow, that's not really that bad", but when we come together, we put all this information together. We have a targeting package; we then know who's the most vulnerable, who would possibly respond to a phishing email. Maybe it's the younger child in the family, maybe it's the house cleaner. So that gives us all this targeting information that in and of it by itself might seem innocuous, might seem like "Eh, so you've got my name, you've got my address. Everybody knows that." But when you put it all together, it makes a huge difference.

Joe Fairless: Hm... Will you keep elaborating on that, as far as the targeting package goes? What that is exactly and what are the components?

Timothy Cague: Absolutely. So it would all come down to what the adversary wanted to do to the individual. Do they want to impersonate them? Do they want to antagonize them by showing up at their house, protesting, because they don't like their business, or something in their political life or personal life? So we start with what would be the goal? If the goal is to threaten the person - well, then physical locations are going to matter. If the goal is to impersonate the person, then we're going to want to know what do they use for email address? What does their online social profile look like? Can we copy their Facebook and create a secondary Facebook, so it looks like them but isn't them? So all of these different avenues of attack, as we call them, are what we're looking for. What is out there?

Sometimes when we're doing this work, we actually find that it's already happened, and the client doesn't know that there's already four Twitter accounts and three Facebook accounts created under their name. So then we have to go down there and say, "Alright, what's going on there?" So any of these attack avenues are what we're looking for for our clients, and say, "This is what we need to focus on. This is what we need to look at."

Joe Fairless: So one item that's necessary to understand is what is the goal of the adversary, and you mentioned threaten, you mentioned impersonate... What I didn't hear is money. Now, I assume that through impersonation, then there's money involved, because they're trying to impersonate someone to try and convince others to give them money. Is that correct?

Timothy Cague: Absolutely. We see everything from fake cyber ransoms, to extortion, to threats, to false purchases, they try to sell them something over the internet, they approach them... We definitely see all these avenues lead to money. So while you might have two-factor authentication turned on on your bank account - which is a great thing; everybody should have two-factor authentication turned on all their accounts. By that I mean, it sends you a text message every time you log in. All these things are really great. But at the end of the day, if they can get to the individual and convince them to sell them some Bitcoin, or make a purchase, or order something, and it's fraud - that's going to be a successful economic attack.

Joe Fairless: Okay. What are some specific examples from clients that you've worked with, or other colleagues who've worked with clients? Some negative situations that have happened to individuals. I know you said you've seen cyber ransom attacks, but can you tell stories of what took place with some individuals?

Timothy Cague: Sure. Would you like to focus specifically on the financial one, or just threats in general?

Joe Fairless: I'd say financial one is probably most applicable... Because the threats - I don't imagine... Now, I'm speaking out of turn probably, but I imagine if someone is being hacked, the primary purpose for individuals not in the public spotlight would be to get their money, not necessarily to threaten them. But first off, is that assumption correct based on your experience?

Timothy Cague: Unfortunately, not.

Joe Fairless: Really?

Timothy Cague: Yes. We have such a multitude of physical attacks. I will tell you, the number one thing that we've seen in the 13 years doing this business is that it comes down to relationships. Ex wives, ex husbands, boyfriends, the family gardener that had to be let go... Emotions flare, and they know that they're gonna get caught if they do something physical, so they resort to cyber threats. Sometimes those threats become physical when the people have a mental illness or other emotional distress; they start actually coming after our clients. It's a really interesting world that a lot of these threats start in the cyber realm before they go physical. We've had individuals get on the internet and say that they are going to kill our client at a time and place of their choosing. We've had individuals that set up a multitude of websites to threaten our customer and disparage them. In those two cases specifically, they led to the aggressor showing up at the workplace, showing up at the house. One, I will say, is currently spending time in a mental facility, getting the help that they need. The other one was dealt with through litigation.

But we do see the financial ones. Most recently, we had a startup that was offered millions of dollars in funding. But of course, they wanted to give him this funding via Bitcoin, via electronic currency. And they were a foreign investor, so we were very happy that our client came to us first and said, "Tim, something doesn't sound right about this. Can you look into it?" And without divulging anything, we actually found out that it was fraud. It would have hurt our customer a lot if they would have went forward with that deal.

Joe Fairless: So I think a lot of us will hear that last example and [unintelligible 00:12:14.29] Bitcoin, investing in my startup from another country, and probably to do it they're going to ask me to deposit a little bit of money upfront, just for XYZ reason. It seems like a lot of us would red flag that, as your client did. Do people fall for that?

Timothy Cague: They do. They absolutely do. We unfortunately get many calls after the fact, of "Tim, this happened. Can you help us get our money back?"

Joe Fairless: You can't.

Timothy Cague: The answer is no. And we'll be the first to tell them when it isn't. But some of them look very legit. The one I just told, it did look a little sketchy and it triggered them, but it can look very legit. We've had most recently a worker for the house, and they approached that they were going to provide these services for the house. I am trying to keep this pretty clean, so I don't identify anyone... And it turned out there were a scammer. They had done this to multiple families, house to house to house, gotten into the house, and then started to steal things, to steal checkbooks, to falsify signatures on these checks... And it sometimes seems very plausible. We have international investments. That's a common thing. We live in a global economy. So this company was like, "Hey, we're a startup. We want funding from any place. Let's not turn down any potential investor." And they sold it; they really sold that they were a real company.

I'll throw out one more example that we had. The client came to us and said that they represented a travel agency, and that someone had set up a fake travel agency saying that they were a subsidiary of the actual travel agency, and they had sold travel packages to all these innocent people. It looked legit, especially when you're using the big name of the primary company, [00:14:02.16] So all these individuals then started reaching out to this company saying "Hey, we want our money back." So to no fault of our clients, right? They didn't do anything wrong. Not a single thing they could have done about this, unless they were monitoring for their name being used on the internet. It turned out that that was a very large fraud ring based out of Florida. In those cases, we turn that information over the FBI, to prosecute that case.

Joe Fairless: Let's go back to the individual who's watching this or listening to this. Without knowing that specific person, because there's a lot of people watching and listening, what can you say about generally speaking where are accredited investors most vulnerable online?

Timothy Cague: Hm. Where are they most vulnerable online? Their social lives. I would absolutely say their social lives. Usually, there's a whole security team or IT team that's protecting their corporate email, their corporate phone number, their corporate offices... But especially those that created all their social profiles before their companies got big, or before they got in the public eye - it is always the social aspect. Our largest customers, our most wealthy, biggest businesses - that's what it comes down to. They come to us and say "The attack vector came from the personal account. It came to the house, it came to the husband or wife of the individual." And it's so often overlooked, because it's our personal lives, right? When we come home, we feel safe. We feel as long as we lock the door, we're good. And we've grown up, this generation, me included, has grown up on the internet; it is just part of our lives. So it's an interesting concept that you have to act differently now that you are in a public position. You have to go back and look what was out there, what accounts are out there, what's open to the public.

Joe Fairless: So what can we do about that?

Timothy Cague: Sure. So the way we approach it is three phases. The first that I spoke a little bit about, which is you've got to know what's out there, you've got to do a baseline. We usually come back with 20 pages minimum of real data, like "Hey, here's what we found out here. Here's your accounts that have been breached. Here's your accounts that are just unsecured and public, that we should lock down." What's the totality of your footprint on the internet? And that's just a starting point.

The second part is you have to work with the customer and say, "Alright, go on your Facebook, make sure it's blocked down in such in such a way. Try taking these photos down, with the knowledge that once stuff is on the internet, it can be there forever." And a lot of it is education, of "Hey, this is done. Let's just not do it going forward."

After we have that done, all the locking down of accounts, the cleaning up of data... That's kind of phase two out of the way. But that's only one moment in time. The next phase has to be you have to monitor. From the second that we come forward and say "Here's what we've found", new stuff is coming out the very next day. So that is our biggest service we provide our customers, is our collections platform, that goes out on the internet, looks at tens and hundreds of thousands of pieces of data every day for our customers and says, "Hey, we've found this, we've found that. This is what's out there." And a lot of it is just alerting. "Hey, there's some new articles about the book you wrote. There's some new articles about the product. People are naming you personally in this lawsuit."

Joe Fairless: Were they aware of it? Has that been a surprise?

Timothy Cague: The threat of lawsuit has been a surprise.

Joe Fairless: Okay, the threat of lawsuit.

Timothy Cague: Yes, yes. Hopefully, they all know about the active ones. But sometimes they don't know that it's made it public. They think it's in a private court, and that it's not out there, and it's not going to be picked up, which is going to affect their brand management. So we find the monitoring is a very important part of the process.

And then the last part is you have to have someone you can go to. When somebody gets an email that's a threat, that they think has a virus embedded, that there's something going on, we want to be that team; every individual should have someone that they can go to and say, "Please help me identify if this is something I need to worry about."

Joe Fairless: So what do you do about it? First, you see where you're at by aggregating online footprints, and determining where accounts have been breached, where your password might be shown in places on the dark web... And then once you identify all the skeletons in the closet, then it's a matter of the second step, which is taking it down, or locking it down, or not doing it again, or whatever that specific circumstance or circumstances are. And then the third is monitoring it for the future, so figuring out "Okay, well, now we know what's out there. Now we've removed it, or we won't do it again, or we've locked it down. That's the past, and now in the future we're going to make sure we take care of it as it comes up."

Timothy Cague: Absolutely.

Joe Fairless: So as far as your cyber footprint, we've got public information that's out there, we've got account security, we've got data breaches, and we've got threats. Will you just talk a little bit about each of those four, for a moment?

Timothy Cague: Sure. Let's see. Let's start with the threats. I want to give one example, because it really drives home how the cyber world affects the physical world. We know that many of our high-wealth individuals - they like to purchase their homes through an LLC. So if their name is not on the documentation. This is a common practice; lawyers will suggest it. It's also a way that I've identified the properties of most of our customers doing this, because the last step is they sign the documents forming the LLC. They don't use a power of attorney; they don't use their lawyer to create the LLC. They create it so with just a couple hops back, and usually 10 to 15 minutes of work, we can discover who owns the house. So they may have paid this lawyer quite a sum of money to attempt to hide their house, and that feeling of security, of like "Hey, nobody can find my house. I've got it under an LLC." While we can't change what's already happened, we can at least say "Hey, you're not as safe as you think you are. We need to just put this down as a risk. It's a threat now that somebody could find out where you live."

Joe Fairless: That's good info.

Break: [00:20:13.14] to [00:21:58.27]

Joe Fairless: So the solution there is when you create the LLC that owns the house, to have your attorney, him or her, power of attorney to sign on your behalf to create the LLC, so your name is not associated with it.

Timothy Cague: Absolutely. And everyone should know what's publicly available in their state. In a state like Delaware, business filings are much more private. In Virginia, you can look up almost any document you'd like on a business formation; all of the documents that a business will submit to include signatures are right there for public view. It's important to know that for the state that you live in. Same thing goes for traffic violations, criminal cases. Some cases, civil cases, in many states, that's now public information. You don't have to be a private investigator, you don't have to be a police officer to get to that information.

Joe Fairless: Okay. What about data breaches? Just an example, and just if you could talk a little bit about that.

Timothy Cague: Sure. Data breaches are so difficult, because to no fault of the client - let's pick one, the Target breach that happened. The Target credit card breach. We all use our credit card at Target. We did that. So to no fault of our own, that data was compromised. We don't try to protect the credit card information; that is done by a few companies. LifeLock has an amazing service. I am not paid to say that. I believe in their service. Discover has a new one that's coming out, that focuses on the credit bureaus, and credit cards being open, and that data being released. So we can find it for the client, "Hey, this breach has come out on your account, this and that." But we do recommend that service as well to protect against that threat.

Joe Fairless: Account security.

Timothy Cague: Account security. Everyone that probably is watching this, me included, is guilty of one time or another using the same password across accounts. Using an easy password, writing down passwords... When I was in the Air Force, if you ever wanted to break into someone's computer, you just looked at their admin's keyboard. You flipped the keyboard upside down and there's probably a post-it note with the password.

Another time they asked us to get into a whole bunch of computers - making the story short, we pulled off the front of the computer, like the old desktops, and there was a post it note on the inside of them with the passwords. It's still happening. People would think that this stuff doesn't happen, but we've all been guilty. These passwords are getting longer, and they make you change them every 30 days... So we'd recommend a password manager, which is a piece of software that you can put on your phone, on your computer, that will help you manage and use secure passwords. If you have an iPhone, that is something that Apple is offering. When you go to create a password, it says "Do you want to use a strong password?" We highly encourage things like that. Do change your password, do turn on two-factor authentication.

And then be very careful about the WiFi that you connect to. This is another, tip but it does relate to account protection. Sitting in an internet cafe or a coffee shop with your laptop open, with all these cameras in there, everybody can walk by and record, and joining their WiFi, and then using your password is not something we'd recommend.

Joe Fairless: Okay. I actually had never thought of someone recording what I'm typing with the camera on their phone, to see the password that I'm typing in. I didn't even think of that. I know that using public WiFi is a risk, but I have software on my computer to hopefully prevent against that, or mitigate it. I never considered "Well, they could just be looking at what I'm typing."

Timothy Cague: Absolutely. [unintelligible 00:25:20.24] the people watching those scenarios, especially in the cyber protection realm. I was just recently in a new coffee shop, and everybody had a laptop open. But something's changed since COVID, at least in my opinion. A lot more are working from these coffee shops. Not just students, but they're actually spending hours and hours performing their job. And the sensitive information that I've seen brought up... And the cables have gotten closer to squeeze people in, and you can just sit there and watch, and you're like "I can't believe this. This company would not be happy that this was all being up on the screen."

So we definitely recommend against doing any business. Don't connect your business laptop. I personally would never use a coffee shop WiFi, period. I know that's a tough choice for many, but we definitely recommend against it. If you can have a personal hotspot on your phone, that is a much better solution than using free WiFi.

Joe Fairless: Good to know. And public information - what can you describe? Tell us about that, and perhaps what we can do to help.

Timothy Cague: Sure. The unfortunate truth today is that public information is out there on every one of us. There are hundreds and hundreds of websites that you can find out my phone number, my name, my address... It's all out there, it's not going to go away. We still present that in our findings, of like, "Hey, this is the baseline. This is where anybody would start." Anybody's going to start with the low-hanging fruit. It's out there, we need to know it.

Joe Fairless: What's the best website to find someone's information?

Timothy Cague: Unfortunately, I wouldn't say there's one. They all will give you a part of it. So maybe on Infoseek, or, or one of those sites - you'll find a little piece. You'll find an age, you'll find a birthdate. We have to look across many to get the whole picture. And some of them are wrong, we see that as well. We always try to tell our clients that what we present them is what the internet said; it might not be the truth. If it says you have three children, and these are their ages, but really you had a fourth child who just doesn't have a social media presence, because they're too young - it's not wrong, it's just what the footprint shows.

Joe Fairless: I guess it's public information being pulled from other websites and other sources. So unlike account security data breach, [unintelligible 00:27:29.05] use LifeLock account security, have a password manager. Is there anything we can do to decrease the amount of public information out there?

Timothy Cague: I'll tell you, there are some services that I have tried, individuals and companies that I know, and the unfortunate truth is when you get it removed, it will probably be back within 30 days. Because the current law says they have to remove it when you request it, but it doesn't mean they can't add it back in. So the next time they buy a database and your information is there, it will show up again. So it's this constant chase.

So instead, what we'd recommend is don't have your name on your phone. If you have an LLC that isn't tied to you, have your phone set up, purchased through that. Don't use the same phone you're going to have for your friends and family in your business life. Have the business phone, have that out there. Maybe that's the one that some adversaries could call you on. But as far as your personal phone, where your photos are, all your interactions with your family - have that separate; and if you can have that not purchased under your name, all the better.

We talked a little bit about hiding your location, your home - that's getting very tough to do, right? Everything wants to use GPS, your location... We love to have our photos tagged to our house... It's got to be a choice. If you don't want this stuff out there, you have to give some things up in the way of convenience. Convenience is usually always at odds with security; you can have one or the other.

Joe Fairless: Hm. Just educate me a little bit on purchasing the phone through your LLC that's not associated to you. You would recommend this, to have LLCs, both not associated to your personal phone, or just with one LLC, and the other business phone through another LLC?

Timothy Cague: You could do it that way. There's a multitude of ways. We even procure phones for individuals, and then we will manage the payment of those phones. So they're completely through our--

Joe Fairless: The payment of the phone meaning the phone bill?

Timothy Cague: Yes. The phone bill and everything can be managed through a third party. But as soon as that person wants to put their name, sign up for their Apple ID and start connecting themselves to that phone, you're almost doing yourself a disservice, because now you've identified that phone as you. And this method is not for everyone. We understand that. This is going to be for the select few that really have threats out there, or have had threats in the past, and they need that extra level of protection. For everybody else, perhaps just having the passwords and having a different phone for business and commercial might [unintelligible 00:29:59.10]

Joe Fairless: You mentioned having a password manager. I've got a ton of passwords. I'm sure everyone listening has a ton of passwords. Which password manager would you recommend, and how do they not get hacked?

Timothy Cague: Hmm. I don't have a specific one that I would recommend. I've used many.

Joe Fairless: Which one do you use personally?

Timothy Cague: I should know that. I should be able to say right now, because it's right on my screen, so give me a second. [laughs] Let me get back to you on that. I have so many in play...

Joe Fairless: What are a couple big ones? Let's just go with that. Or a couple reputable ones.

Timothy Cague: You can use browser-based ones, such as the Firefox one that's built-in. That one is plenty fine. The Apple iOS is a great Password Manager; using the Keychain in the iOS is going to be the easiest for individuals to get to. They don't have to install or download anything. If they have a Mac product - great. If they have an iPhone, it's already there. It'll sync in the cloud, secure, be right there in front of you.

Joe Fairless: Okay. You mentioned Firefox... What browser is the most secure and which one's the least secure?

Timothy Cague: Hmm. I think whatever I'd say, I'd get flamed by all my friends in the cybersecurity realm. We've seen great advances in browsers. They are all doing their absolute best to get ahead of the game. Right now on my screen I have Safari, Firefox, and Chrome all installed. I use them all. I am not a huge fan of Microsoft products. That's just a personal thing. I feel personally more safe using Mac products, for multiple reasons. That doesn't mean you can't use Windows. That's just a personal choice. I would stay away from browsers that don't update. And you may have never even heard of these, because they're not as popular... But opera. Opera is one--

Joe Fairless: Oh yeah, no one knows that one.

Timothy Cague: Yup. So stick with the main ones - Firefox, Google Chrome, Safari, and then Microsoft Edge. And what's really important about using any browser though is keeping it up to date. All these browsers will fail you miserably if you don't update the security.

Joe Fairless: Okay. Anything else that we haven't talked about, that you think we should?

Timothy Cague: I think there's one important thing that I always start with my customers, and it's initiating this conversation with your family. And this is my story. No aunt would ever take photos of their nephew and give it to a pedophile. They wouldn't. That's insane. But they wouldn't think twice about posting it on their public Facebook. Right? And that's the world we live in. So we always try to have a conversation with the entire family. Let's have a social media contract; not a physical contract, but a verbal contract among the family that we won't post photos, that we won't take pictures inside the house, or that we won't say certain things online. That usually stuns clients, because they're like, "No, no, I'm just here to protect myself and my wife and my children." And we're like "It has to extend to the third aunt Edna down the road", right? It has to extend to everyone.

So start the conversation, and it's going to be a concerted change in life. I don't have social media. Now, I have some accounts, right? We need them for looking around. But I don't use social media. I have never posted to Facebook or Twitter in my life. I have plenty of online accounts, I shop online, I do that, but I never connect to WiFi. I don't have a photo place. I don't have an Instagram account that my family can look at photos. And that's strange. That's not the norm today. A lot of people like are like "What do you mean you're only going to text me a photo?"

Joe Fairless: But you're an outlier. Most people listening aren't going to do that extreme. So having that contract is really beneficial, because we've got to meet in the middle a little bit, because as you said, convenience and security are always going to be going head to head. So it's just a matter of where you want to be on that spectrum.

Timothy Cague: Absolutely. The second thing I would add is if something does happen, if something comes out on the internet negative - there's a negative photo, or something's out there - don't do yourself your own harm by telling everyone, because they're all going to click on it, they're all going to go to it, they're going to share it, and they're gonna make a bigger problem out of it. Keep it controlled, go to your professional and have it handled that way, so that it doesn't make its way around the company per se. Because that usually bumps it up in the Google results, because they're going to check "Is it still there? Is it still there?" and their friends are doing it, and then their security teams doing it, and then their lawyers are doing it, and they're causing themselves a disservice. So when something happens, take a breath, step back. It's going to be emotional. But then work with a professional to approach it in the right way.

Joe Fairless: Would you mind sending the example of a social media contract?

Timothy Cague: Yeah, I would absolutely send you one, sure.

Joe Fairless: Thank you. And everyone who is watching and or listening - we will include that when we share this episode. So you will already see that magically in the email, the link to download that, because I think that's going to be a great tool for everyone, myself included.

So some takeaways I got from this conversation, among many... And first of all, thank you so much for investing your time sharing your expertise with us, so that we can become more secure online. Some takeaways... One, use a password manager, and some suggestions are the one that comes on your Apple device, or iPhone, or browser-based one. Use two-factor authentification wherever you can. That's another takeaway. So we'll go with those two takeaways.

The third takeaway is when you're in an internet cafe or a public WiFi, don't use that; instead, have a hotspot that you can tether to from your phone to your computer. So that's number three. And I'll go [unintelligible 00:35:53.09] something underneath three that I wasn't thinking of, that you brought up... Someone could be recording what you're typing when you type in your password. So kind of give a look over your left and right shoulder, just to make sure you're not getting creeped on.

Number four, data breaches. As it relates to data breaches, you said LifeLock is a great service. So there's that.

Five - this is really interesting for people who are buying homes, which purchase the home through an LLC; that has anonymity for you, because you gave your attorney the power of attorney to sign on your behalf with the LLC. So you aren't at all associated to that LLC. I think that was five.

Six, social media contract. Tim will be kind enough to give us an example, and you'll have that to download when we share this interview out.

And what are we on? Are we on seven? Is this number seven?

Timothy Cague: I think so.

Joe Fairless: I think so. I didn't number them in my notes, I just highlighted them in yellow. So number seven, if anything does happen negatively online, don't share it out with your friends or family, like "Oh my gosh, I can't believe this happened." That's just gonna make it worse, it's gonna pop up more in the search results. Go to a professional and get it taken care of.

And let's do number eight. Last one, number eight - if you're a bad person looking to target people online, most likely you're going to put together a targeting package (whether you use that term or not) and the targeting package is going to be by canvassing your online profile, which includes your online profile, but then also your family members' online profiles, and also your business' online profile, and also the property that you own... And putting it all together and finding a vulnerability and then pressing down on that one vulnerability and targeting that.

So we've got to be mindful of all of those things... Is anything I say not accurate, did I not capture it correctly?

Timothy Cague: No, that that was a great synopsis.

Joe Fairless: If someone who's watching wants to reach out to you, how can they reach out?

Timothy Cague: Sure, they can definitely contact us via our website, which is I can send you that link. There's a form right there, they can reach out to us, and we'll be happy to contact you and see how we can help.

Joe Fairless: One final question. If I'm the ultimate bad guy, wouldn't you be the Holy Grail to crack? Because you've got all these clients who have their private information with you...

Timothy Cague: Sure. I'll absolutely talk about that; that is a really important part. We usually don't do that in the first conversation, but you asked and I'm happy to answer. A lot of individuals doing this work will come out of the same IP address, the same point; they will have their data unsecured. When we do this research, we have the knowledge to push our traffic out through cloud nodes using Amazon Cloud nodes and different things, and go out and collect the information differently every time. We have strict protocols on purging information. Because of the realm that my employees and myself came from, we're extremely cautious on how we encrypt our data, clean our data... We probably take it to a level not many have seen before, because we just think it's that important.

You'll never see us doing our research in an internet cafe. You'll never see us coming out of the same IP address twice. We even wipe browsers between client research. It has to be handled that carefully. We offer our clients other ways of transmitting data to us than email. We see a lot of times like "Hey, I want to send you this in email." Email is not encrypted. It is in the clear. So sending me something sensitive is something we discourage. We have other ways of protecting that data. So it is a full lifecycle protection of the data.

Thank you for investing your time with us. Really appreciate it. You've given a lot of really good tips and some practical things, and I appreciate everything we discussed... So have a great day, and talk to you again soon.

Timothy Cague: Thanks for having me. I appreciate it.

Website disclaimer

This website, including the podcasts and other content herein, are made available by Joesta PF LLC solely for informational purposes. The information, statements, comments, views and opinions expressed in this website do not constitute and should not be construed as an offer to buy or sell any securities or to make or consider any investment or course of action. Neither Joe Fairless nor Joesta PF LLC are providing or undertaking to provide any financial, economic, legal, accounting, tax or other advice in or by virtue of this website. The information, statements, comments, views and opinions provided in this website are general in nature, and such information, statements, comments, views and opinions are not intended to be and should not be construed as the provision of investment advice by Joe Fairless or Joesta PF LLC to that listener or generally, and do not result in any listener being considered a client or customer of Joe Fairless or Joesta PF LLC.

The information, statements, comments, views, and opinions expressed or provided in this website (including by speakers who are not officers, employees, or agents of Joe Fairless or Joesta PF LLC) are not necessarily those of Joe Fairless or Joesta PF LLC, and may not be current. Neither Joe Fairless nor Joesta PF LLC make any representation or warranty as to the accuracy or completeness of any of the information, statements, comments, views or opinions contained in this website, and any liability therefor (including in respect of direct, indirect or consequential loss or damage of any kind whatsoever) is expressly disclaimed. Neither Joe Fairless nor Joesta PF LLC undertake any obligation whatsoever to provide any form of update, amendment, change or correction to any of the information, statements, comments, views or opinions set forth in this podcast.

No part of this podcast may, without Joesta PF LLC’s prior written consent, be reproduced, redistributed, published, copied or duplicated in any form, by any means. 

Joe Fairless serves as director of investor relations with Ashcroft Capital, a real estate investment firm. Ashcroft Capital is not affiliated with Joesta PF LLC or this website, and is not responsible for any of the content herein.

Oral Disclaimer

The views and opinions expressed in this podcast are provided for informational purposes only, and should not be construed as an offer to buy or sell any securities or to make or consider any investment or course of action. For more information, go to

    Get More CRE Investing Tips Right to Your Inbox