Webinar Transcription

Kuntal Warwick (CITC): Thanks, once again, for coming to attend California International Trade Center – CITC’s Industry Innovation Webinar Series for this month. We’re looking forward to sharing with you today’s topic on steps that ecommerce companies can take to safeguard against cyber threats. I think an issue that’s only going to increase in relevance from this point forward, and how smaller companies can develop greater cybersecurity competency.

Joining us today is Sem Ponnambalam, President at XAHIVE, a cybersecurity company based in California with offices in Canada, New York, and the UK. She will share some background on herself, about her company, as well as things that businesses of all sizes need to be aware of and implement as they grow their online presence. Sem is not able to join us virtually, but she’s joining us through the telephone. She’s certainly going to be available to answer any questions that you might have as we go along. And you should see a question or a Q&A button on, I believe the right side of your screen. Feel free to ask your questions throughout, we will get to those at the end. We do have some questions in advance as well that we’ll start with, but feel free to interact with us throughout and we’ll get to your questions towards the end of the presentation. Sem, thanks for being here, and I will hand over the floor to you and bring up your presentation.

XAHIVE, Cybersecurity Company & Services

Sem Ponnambalam (XAHIVE): Great. Thank you so much, Kuntal for this opportunity. And I want to thank CITC (www.cainternationaltrade.org) for this opportunity. And thank you all for joining us, especially in this challenging time. And I’m really excited to be here and to speak to you about ecommerce and the importance of cybersecurity for ecommerce businesses.

First, let me just quickly introduce myself. As Kuntal has mentioned, I am the president and co-founder of XAHIVE and we offer three services. Our first service is a software as a service where it’s a secure, encrypted communication both at rest and in transit. And it is compliant with U.S., Canadian, and EU regulations. And our second service is online cybersecurity education. And we work closely with Centennial College (www.centennialcollege.ca) who we’ve partnered with in Toronto and we’ve actually developed nine different cybersecurity online courses aimed at non-IT professionals, predominantly people in the ecommerce field. And finally, we also offer a third service which is online audit, which comprises of cybersecurity technical and governance audits as well. And in addition to this, we offer, through our partnerships with Blackberry (www.blackberry.com), for instance, we’re partnered with them globally, we offer products such as Blackberry Digital Workplace, especially useful for ecommerce sectors like yourself. And we’re also partnered with Red Hat (www.redhat.com) globally as well. And we work on reselling products such as OpenShift open source for cloud enterprise application platforms. And similarly, we’re partnered with QA Consultants (www.qaconsultants.com.) We work with North America’s largest software development company as well. And XAHIVE has sat on cybersecurity panels at the World Economic Forum and also the G-20.

Now, in today’s presentation, I’ll be going through what is cybersecurity and cybersecurity governance. Then, I’ll get into what are the challenges of COVID-19 that ecommerce businesses face. We’ll be looking at as well steps to take to protect your business and your value chain, and also looking at the importance of digital cybersecurity competency supporting your international audience. And then, finally, I’ll talk about some lessons learned that we’ve seen from other clients that we’ve worked at and things that you could take away as an ecommerce business.

What is Cybersecurity?

Next, we’ll go into what is cybersecurity? Most of you may know, but just to recap, it’s essentially the state of being protected against criminals or unauthorized use of electronic data or the measures taken to achieve it. I just wanted to quickly just go over that as a definition. Next, we’ll look at what is cybersecurity governance. Essentially cybersecurity governance is managing how people, the applications, and the infrastructure all interact together. This talks about looking at organizational structure, work culture, security awareness, and this all comprises of cybersecurity governance.

Next, we’ll talk about why hacks occur. But just some stats that I think would be of interest, especially for ecommerce businesses or organizations it’s not a matter of if you’ll be breached, but when you find out. The cost of a data breached for businesses like yours, in 2019, was over US$2 trillion globally. That’s a pretty staggering number. And the average data breach cost was about US$4 million, highest being approximately US$8 million. And 67% of the cost occurs within the first year. And this is mainly due to either lawsuits, the cost you have to pay to acquire your customers due to competition to rebuilding your brands and fixing your reputation.

And it’s also important to note that small to medium-sized businesses end up actually paying more to recover relative to the size of an organization because enterprises have the means to deal with the technology and so on. And it’s also important to note that over 60% of small to medium businesses tend to go out of business after they found out that they’ve been breached within six months, so it’s really important to ensure you have good cybersecurity tools and also cybersecurity governance in place for your organization.

A recent report, actually, in 2019, indicated that 53% of companies found over 1,000 sensitive files were accessible to everyone, including their value chain. This includes your subcontractors and so on. And the average employee actually has access to over 17 million files, which includes personally identifiable information or personal health information. This includes anything from a customer’s name, email, address, date of birth, their age. These are all the things that organizations have access to. And 90% of malware is actually coming from email. And this is easy to install, especially now under the COVID-19 pandemic warning. We’re all getting bombarded with emails constantly having COVID-19 on the title. And we often tend to open it unknowing that this is actually malware that’s being installed. And cyberattacks actually occur every 39 seconds, so that’s something that we should all be aware of. And what used to be approximately 200-plus days in a lifecycle of a malicious attack for breaches, last year it’s gone up to 314 days is the lifecycle of a malicious attack from breach to actual commitment. And globally, by 2021, cybercrimes are estimated to cost almost US$6 trillion. And 71% of breaches are financially motivated, so that’s something to keep in mind. And most of the threat actors fall into different categories, one being hacktivists. These are people who want to actually make a political gain out of a breach. They’re also due to internal breaches. Oftentimes, employees, or third-party vendors, or value chain members who may not know what they’re doing, but they may unintentionally cause breaches. And the other parties are cybercriminals, of course, who sell your data on the dark web. And the other threat actor is actually hardware failure. If you don’t have things up to date, patches in place and so on, that could also cause a breach. And finally, state-sponsored actors. These are state actors who are spending 30% to 40% of their military budgets aimed at cybersecurity, economic warfare. This is something to be aware of.

And also to note that this is not just targeting specifically one sector over another, if you fall into the education sector, or finance, or legal, health care, insurance, if you’re in essence, a small-medium business, or enterprise, or government all fall prey to cyber breaches and cyberattacks. And anyone essentially who’s sharing information, again, that’s personally identifiable, or personal health information, this includes any information you may be sharing with your clients, any of your business information you may be sharing on social media. Right now, a lot of people are switching to online streaming for some of their entertainment or online gaming, banking online, obviously, shopping online. If you’re applying for jobs or college applications, if you’re connecting with professionals, like your healthcare professionals, or accounting, or legal professionals, these are all the things that are easily breached. And also, your vendors as well and how are you connecting with them.

COVID-19 Cybersecurity Challenges

Next, we’re going to be taking a look at challenges of COVID-19. As you can see in this slide, the total spam messages have gone up to 907,000. And this was just in Q1, and this is only growing. And this is what’s only been reported, so there are lots of people who haven’t yet reported their information. And also, you can see the malicious URLs related to COVID-19 because, I mean, everyone’s getting information. Whether you’re applying for small business loans, or if you’re getting information from your bank, or even from your vendors, or from anyone about as we take steps to potentially returning back to what the new normal is, we all open up links and we assume it’s actually from a legitimate source, but that’s not the case.

And there’s been definitely an increase in spam from February to March by 220 times. That’s quite large. And I’m sure that’s continuing to increase now. And the largest location, of course, has been the United States that’s being targeted for spam, malware, and malicious URLs. But the two biggest states that are being impacted are California and then followed by New York. As we all rush to working from home and for most of you who already have an ecommerce business, you may have been better prepared than other vendors or your value chain, but just remember, the weakest link could be someone from your value chain. It doesn’t necessarily have to be within your organization itself.

Steps to Protect Your Company

Next, we’re looking at steps to take to protect yourself. You may think, “Oh, cybersecurity is really the responsibility of my tech team.” In fact, it’s everyone’s responsibility, especially for ecommerce businesses and for those of us who have had to switch over to ecommerce. Technology is really important. It’s not just looking at from a tactical perspective, you have to also include the people aspect. Whether it’s cybersecurity governance, education, training, skills, qualifications to ensure that your teams are up-to-date on not just, “Don’t click on these links,” but why shouldn’t you click on these links. What are the ramifications? What are the regulations that you need to abide by? That’s something I’ll touch a little bit further.

And also, the processes so as management, governance, IT. This falls within everyone’s responsibility. And you need to not only make your own organization take these steps, but you should also be ensuring that your value chain and your third-party subcontractors are also working to ensure that cybersecurity is a responsibility for all within their organizations as well.

When you’re looking at steps to protect yourself, it’s important to have policies, and plans, and procedures in place. Most of you may already have a cybersecurity or privacy security official assigned in your organization. If you don’t, it’s very important that you do that right now. Figure out who would be best suited for this. Is there an information breach plan in place? It’s not a matter of if but when, so you need to ensure you have a plan in place. You should also have policies in place or bring your own device, especially for now, during time of COVID-19, most people are using their own personal computers. Some have been lucky enough to be able to take work computers home, but some may not have. And you should also realize who’s accessing that information. If you have children or if you have your partner is maybe using it for their banking and other services, what are some apps that are being utilized on there. And if you are accessing your work email and so on from your phone, please make sure you take a look at the apps that you’re using on your phones as well, because those could potentially bring problems. And then, within your organization, you need to know what is your role. If you’ve finally detected that there’s a breach, you need to take the following steps and make sure you report it to the appropriate person accordingly. And then, finally, I would recommend, like everyone practices for fire drill, you should be practicing a cyber drill bi-monthly because it’s much more important now than ever, especially when people are relying on ecommerce for everything. You need to ensure you continue to protect yourself and find out what are the gaps and weaknesses within your organization.

Cybersecurity Competencies & Training

Next, we’ll look at cybersecurity competencies. This is where most people look at perhaps taking some courses, especially now that some of us may have some extra time, it would be really ideal to ensure that your teams can get into learning about what is cybersecurity, again, not from a technical, but from a non-technical perspective. What are some tools and steps you should take? What are the regulations? Especially being in California, you should know about the California Consumer Privacy Act, and what are the impacts for you and your value chain? If you are an ecommerce business and you have clients in New York or if you have clients in Europe, what are the implications for how you conduct business? Because all these different jurisdictions have different requirements and they also have pretty strict fines as well associated with it if you don’t comply. It’s very important to take the time to do that. And it’s also important to understand what is cybersecurity from an ethical perspective as well. For those of you who are in professionals and working in finance, or legal, or medical, or healthcare sectors, you need to be able to ensure that you look at these courses as well. And when you are looking at them, definitely contact your local colleges to see if they offer such courses. And if not, please feel free to contact me and I can point you in the right direction to appropriate places. As I mentioned before, we’ve worked with Centennial College and we continue to, and we work with a number of colleges around the world as well. It’s important to have those cybersecurity competencies in place.

Next, we’re looking at cybersecurity education for non-IT professionals. As I mentioned before, especially if you are in any regulated field, you need to make sure that you’re maintaining and protecting personally identifiable and personal health information. You need to be aware of any threats that could impact not only your immediate clients or your organization, but also your value chain as well. And this means you should be looking at programs that teach you on the importance of password management, multi-factor authentication, why encryption is important? And a lot of people use encryption as a buzzword, but it’s really important that you find out and you ask whichever company that you choose for your encryption software where the actual encryption keys lie. Because if the encryption keys are going to be on the server and if the server gets breached, then the encryption keys could be used to decrypt all the information. Just because you don’t have an IT background, you could definitely ask them this. You don’t have to rely on an IT person to help you with that. And also understanding the potential harms of viruses, malware, and ransomware, and so on.

Cybersecurity Lessons Learned

Next, I’m going to go through some of the lessons learned. These are things that we’ve learned over the years working with different ecommerce and other businesses to protect themselves. Definitely look at patch management or certification process. You can talk to your IT teams about this. Ask them if you have, or you should be able to check as well on your own computers if you have antivirus, malware, Trojans software installed. And if you do, great. Make sure it’s up to date because oftentimes, people have this, but they forgot to update the license and it’s no longer protecting them. Make sure that you talk to your IT team about your host intrusion prevention solution or a firewall. If not, they should be able to address these things. As well, periodically perform vulnerability scans. And make sure you use encryption solutions for every workstation. Whether it’s you’re working off of your phone, or your iPad, or your laptop, or your desktop, make sure all of those are encrypted. And employ a password management system. Please note, do not store all of your passwords in one password management system. Because if that system is breached, everyone will have access to your banking, your medical files, to your social security, your financial files, your clients file. If you do have a password management system in place, make sure it’s not only stored in the cloud, but you also have it on a hard drive or a USB stick as well.

Next, it’s important to review the wireless security for your business. Talk to your IT team, find out what are the stuff they’re doing related to that. Really important to look at email filtering for Internet and traffic filtering as well. Again, this is something your IT team should be working with you on. And automate scans for malware on your network. If your IT team doesn’t have that, please contact a good cybersecurity company who can help you with that. You should be reviewing your cloud storage security. I mean, you can, again, talk to your IT team or you could even call your cloud storage company to find out what are the steps and policies that they take to protect their clients. And if they have insurance, cybersecurity insurance, what are the things they need to take related to that. And then finally, review your remote access for your users, especially now a lot of us are remotely accessing our workplace information. This is really important to see if that’s up to date or if things need to get patched or modified. Definitely, you need to do that with your IT teams as well.

Next, it’s important to back-up your business and data information on a daily basis, not just in the cloud, but also on a hard drive or on a USB stick because if you are hit, or when you find out you’ve been hit with ransomware or anything related to that, you don’t need to pay someone Bitcoin ransom money because you already have things backed up and you can revert back to that rather than falling prey to them. Set up cybersecurity and liability insurance. This is much more important now than ever, especially for ecommerce businesses. And there are plenty of cybersecurity insurance brokerage firms out there. You need to make sure you speak to someone who specializes in cybersecurity insurance, not just business insurance because not everyone specializes in getting you the best deals. And also ensure, as I mentioned before, policies are in place for regular behavioral reviews for not only your team, your staff, but this includes your employees, your executives, and also your board because they may be the weakest link. You never know. And finally, along with your value chain as well, look at your vendors and ask them are they able to demonstrate that they do have secure practices in place, and do they have cybersecurity insurance? That’s something that I would highly encourage only getting into relationships with vendors who can prove that.

Next, your organization should have a long-term cybersecurity plan. I know a lot of people are thinking, “Oh, it’s just going to help us now with post-COVID-19.” But this is going to be the wave of the future. More and more businesses are going to go online, so this is the wave of the future. You need to ensure you’re looking at a long-term goal, not just something for the first 6 months or 12 months. You should be updating your data analytics. Again, this is something you can work with your IT teams on. And then, make sure you conduct semiannual audits. This is not something you only work with your IT teams on, but also your compliance and your privacy teams as well. It’s very important to do that.

And then next, well, I would recommend that you do a daily review of your common vulnerabilities and exposures. If you Google that, common vulnerabilities and exposures, it’s actually a website that is run by the FBI, where it’s open source. Businesses like yours, go on there and say, “Hey, there has to be a patch. I noticed there’s an issue with this. Things need to get updated.” It’s easy for you guys to take a look. It’s, again, something that’s for free. I would highly recommend that you assign someone within your company or your IT division to ensure that they review this. And as I mentioned before, and I can’t reiterate the importance of this, using encryption for sensitive business, whether it’s personal identifiable, personal health information. And make sure the encryption is not just in transit, but also at rest as well. Make sure you have policies in place for disposing old computers and media safely. I don’t know about you guys, but a lot of us have now upgraded to newer laptops or desktop, especially now that we’re all working electronically in an ecommerce business. Make sure that you get rid of your hard drive safely. Don’t just throw it out. Take the steps to wipe it clean, backup certain things, and make sure that it’s fully cleaned before you give it to your IT teams or get your IT teams to take those steps. Also, important, plan for disasters and information security incidences. Obviously we’re now living through COVID-19, but there could be a big cyber incident in the future where other things like the grid could go down. You never know. You need to make sure there are steps in place that you can take to protect, again, your entire value chain, along with your organization, and of course, your clients. And most importantly, I wouldn’t recommend getting on a conference call, especially if you’re talking about anything with intellectual property or anything where you may be discussing a client’s personal identifiable, personal health information. Make sure you turn off Alexa, Siri, and other AI devices because it’s not just those organizations that are listening to you. They have third-party companies that are helping with the recording. And what may end up happening is they may be breached. That’s important to keep that in mind.

XAHIVE Case Study

Next, I’ll end with an actual case study. We were working with a company that had offices in Canada, in California, in New York, and UK, and they wanted to make sure that they were compliant. And it was a small to medium-sized business. They wanted to make sure they were compliant from a regulatory perspective in these locations. What they ended up doing is they contacted us. They underwent an audit. It was done electronically. It wasn’t something that we went in-person, so everything was done online. And essentially, we were able to identify the strengths, weaknesses, and gaps for all of these different regulatory systems for all of their offices, both from a technical and governance perspective. Once we identified that, they immediately decided to take some cybersecurity education training for their full teams across the different regions. And it doesn’t have to be anything expensive at all. You don’t have to be paying thousands of dollars to take these courses. There are courses that are offered by certified colleges that are a lot less expensive and much more feasible. And, in addition, they ended up encrypting all of their personally identifiable, personal health information. Especially when they are transferring data from one region to another, you need to make sure it’s compliant in those regions as well from not from a cyber, but from a privacy perspective. And finally, by doing all of this, they actually qualified for cybersecurity insurance. And the interesting fact is that what they spent for the actual audit, education, encryption and other stuff they took, they ended up saving that amount on their cybersecurity insurance. That’s something to keep in mind. And when you are looking at budgets for cybersecurity, you should put aside at least 15% to 20% of your actual budget, not your IT budget, but your overall budget towards cybersecurity. By doing that, you will take steps to essentially hinder or protect your organization from breaches in the future. That’s it. And I’d like to thank you guys for listening patiently through this presentation, and I look forward to answering your questions now.

Cybersecurity General Recommendations

Kuntal Warwick (CITC): Okay. Thank you, Sem. That was really very valuable information. Especially now, I think a lot of companies are looking at ways to do more online or bolster their online operations, particularly ecommerce companies and certainly, cybersecurity is, I’m sure, very much at the top of the list for them. We do have a number of questions that we had early on. Again, the floor is open to everyone else. Please submit your questions. We’ll be happy to answer them. But just to start off, I know you mentioned password management system. For instance, our computers, when we put in a username and a password for something, the software asks us whether we’d like to have the password saved. And many of us say that we do, and so how does that work? How vulnerable are we? Or if we have antivirus software and other kinds of protection on the computer, are we covered? Just I want to get a sense of how that works.

Sem Ponnambalam (XAHIVE): Sure. That’s a really a good question. Password management systems, I mean, some people put their passwords on apps like 1Password and things like that. But I would highly recommend not doing that because if you get breached or if that system gets breached, then they have access to all of your passwords. What I would recommend is to change your passwords. Don’t choose anything that someone can guess through social engineering, because a lot of us share a lot of information on different social media, and people could pretty much guess different things quite quickly. And you may be thinking that you’re actually communicating with your friends but, in fact, if someone else has breached your friend’s account or pretending to be your friend and getting all of that information, then they can breach your system. And oftentimes, it’s collateral damage. They’re not just going for specifically one organization. They, for instance, the target breach happened by an HR company getting breached. It’s they may easily go through a smaller vendor, or your vendor, or your subcontractor, and then they’re able to penetrate into the system. And usually, as we said, the life cycle is over 300 days now. These are bots that are sitting in there pretty much looking and learning on how you and I communicate with each other. And then, they’re able to get information about each other, and then pretend it’s each other, and get us to provide things like that. Now, and I’m sorry, your second part of the question was on viruses and the software related to it.

Kuntal Warwick (CITC): Yeah, exactly. Like, when we type in our password through our computer and then the computer saves it, how likely is that to be violated and how easy is it for that, and are there steps that we should be taking?

Sem Ponnambalam (XAHIVE): Yeah, it’s very easy, unfortunately. I mean, you and I could go on to YouTube and learn. There’re videos on rainbow table. So, if you type in “How to conduct a rainbow table attack,” even if you have a portal and it’s secure, you can get into those portals. So, it’s, unfortunately, quite easy to do these things. The most important thing is to ensure that you do have up-to-date virus software on there. Make sure that it’s up to date, because a lot of people get it installed and they think, “Oh, yeah, yeah, I’ll get to it.” And then you end up actually not renewing that software, you know? And it’s important, as I said before, to protect yourself by not just saving things to the cloud, but also saving it to a hard drive and to do it daily, especially when it’s dealing with your clients and any personal health or personal identifiable information. Not just for your clients, your value chain, but also for your family members, too. So, you want to make sure that’s all protected as well.

Kuntal Warwick (CITC): Okay. I think the other question we have also is, what is the minimum that ecommerce companies need to be doing right now to protect themselves? What steps should they be taking? What kinds of things should they be thinking about?

Sem Ponnambalam (XAHIVE): Yes, that’s a really good question. I think the first thing is education. That’s the most important thing. Just learning about cybersecurity and just governance itself. Because, again, don’t just rely on IT companies. And they’re actually overwhelmed right now. Because a lot of ecommerce businesses, depending on their size, they don’t necessarily have an IT division internally. They often have someone else working with them an MSSP. They are not cybersecurity experts at all. It’s very important to understand the minimum basics of what is cybersecurity, but from a non-technical perspective so you can take the steps to protect yourself from a governance perspective. Because you can have the best tools in place and the best systems in place, but if you’re not educating your own teams internally, or your executives, or your boards, or your value chain, then you’re continuously exposing yourself to potential vulnerabilities.

Most Common Areas of Vulnerability

Kuntal Warwick (CITC): Okay. And a follow-up to that. I mean, what are the most common areas of vulnerability for ecommerce companies? I mean, is it payments, product searches, history of products, buying history, addresses? What kinds of things, in your experience, are you seeing?

Sem Ponnambalam (XAHIVE): Well, anything related to financial gains, right? There are two major cyber threat actors as we mentioned before. The one being hackers who actually are wanting to gain. It’s all about financial gains, right? They want to make money on the dark web off of your information. And it’s not just one person when they do it. And this is something else for people to note as well. When a breach occurs and you oftentimes read or hear in the news, “Oh, only 10 million or 15 million have been impacted, or 10%, or 15%.” A breach never happens with a small portion. When a breach happens, whoever the cyber attacker is, they have the entire system. They don’t just take fragments of it. They may be releasing fragments of it because they feel that they can gain more money by doing fragment releases of that information and then getting people to pay fragments, like, for ransomware and so on. That’s important to keep in mind as well.

Kuntal Warwick (CITC): You mentioned breaches. I’m sure, if they’re companies out there that have already experienced this, they could probably share with us, but what would be the first line of reporting a breach or suspicious activity? Where would companies go first to deal with that, to report it, to have it enforced on some level?

Sem Ponnambalam (XAHIVE): Perfect. I would immediately contact your local FBI office, so you can go to ice.gov. There’s a website link, and you can look up what is your local office. If you’ve been hit by a business email compromise and someone’s taken money pretending it’s actually your vendor, but it’s someone else in a different part of the world who now has US$1 million or more of your money, then you should contact your bank as well. And all of this should be done within 72 hours because the sooner you do that, the faster authorities, law enforcement, and also the banks can take steps to protect yourself. And if you have insurance, definitely contact your cybersecurity insurance provider right away. And, of course, work with your legal teams and your compliance teams to make sure that all of this is built into your cybersecurity plan. It’s really important to have these steps identified because, again, it’s not a matter of if, but when.

Kuntal Warwick (CITC): And this is, I think, an interesting one. Do you have recommendations of ecommerce platforms that do a good job with cybersecurity that are very well protected and protect their merchants equally as well? Like, if people were on an Amazon or an eBay, from your perspective, what are some things that merchants should be aware of when they’re considering online platforms and which ones do you think are doing pretty well?

Sem Ponnambalam (XAHIVE): In terms of online platforms, the bigger the platform the better because they have more cybersecurity policies and procedures in place. They have better insurance as well. Try to look for stuff that tends to be more open source if you are looking at a smaller online platform. But I would highly recommend the big ones, because they tend to have the steps to protect their entire value chain that they work with. They tend to have better tools and policies in place to protect people.

Kuntal Warwick (CITC): And just more generally, what kind of companies or sectors, I guess we can talk in terms of sectors, but which sectors are getting it right? I mean obviously, the tech sector, but are there others that are really getting this right that you think are a model for what other companies should be looking towards?

Sem Ponnambalam (XAHIVE): I don’t think its sectors per se, because there are organizations within each of these sectors. Whether you are in healthcare, finance, legal, or you are in entertainment, or just regular retail ecommerce businesses, it really depends on whether like, the executives on the boards take cybersecurity as a priority. Because cybersecurity is something that is very important. Just as much as you have a good business plan in place, you should also have a good cybersecurity plan in place. Because especially in ecommerce sector, without this, you are not going to survive if you find out when you’ve been breached. I think it’s just a matter of taking all the right precautions. And you don’t have to necessarily spend a lot of money to do that either. And especially if you’re looking at being a vendor of an enterprise of a client, most enterprises are now requiring their value chain members to prove that they have US$1 million to US$2 million in cybersecurity liability insurance. And by taking the steps to protect yourself, you actually save money towards your cybersecurity and liability insurance itself as well.

Kuntal Warwick (CITC): Well, I think all of this has been really great information. I know, again, as well said at the beginning, more relevant than ever. I so appreciate your being on. And if there’s anything else you would like to share with us, just as some parting thoughts, feel free. But I think, otherwise, we’ve learned a lot today. And I believe we have your information on the screen so that people can contact you. They can certainly reach you through us as well. And I know we’ll be hearing from you in the future also with CITC, but really great to have you on. And as always, if you would like to find out a little bit more about the California International Trade Center, and the great free ecommerce tools, resources and services that are available, please go to the website www.cainternationaltrade.org and you can learn more about us there. And, Sem, I will look forward to talking to you again soon. And thanks, everyone else, for joining us today. Be sure to join us next month when we’ll be talking about sustainability in ecommerce. And we’ll look forward to seeing you, I believe it’s on June 11th next month. But anything else that you’d like to share with us, Sem, before we say goodbye.

Sem Ponnambalam (XAHIVE): First of all, I just wanted to thank you and CITC and, of course, all of you who’ve joined. Please feel free to contact me (sem@xahire.com) if you have any specific questions. I’ll be more than happy to direct you as well. We’ll be sharing some factsheets after the presentation from both the Department of Homeland Security and also some factsheets that we can provide some tips and steps to take to protect yourself related to cybersecurity.

Kuntal Warwick (CITC): Actually, before I let you go, we do have one comment here and question. It’s from someone who either they’re in Tunisia or they are Tunisian, and they’re a founder of a graphic design and architecture company, and wanted to ask about the vision economy before the pandemic ends. I’m not quite sure that I understand, but perhaps just thinking about maybe virtual reality and where the economy is going and being able to use more of the virtual elements as we move forward post-COVID-19 or recovery from COVID-19. And so, given that maybe I’m not quite getting the question exactly right, but if you could just speak to virtual reality, the virtual economy as we move forward and the cyber aspects of that.

Sem Ponnambalam (XAHIVE): Okay. As more and more organizations are switching to an ecommerce business or an ecommerce platform, virtual reality is been considered for workplaces. Rather than having an actual workplace, you’d have VR or similarly, for universities and so on. The tricky aspect in terms of the cyber component, again, is ensuring that you not only look at the technical aspects to protect these virtual reality spaces and who’s connecting to them. And it’s not just one or two people that will be connecting, it will be thousands and thousands of people around the world that will be most likely starting to use this. It’ll be important to ensure that you have good cybersecurity policies and governance in place within your organization and for your computers and however else you are going to be connecting to these virtual reality environments. I think that’s what they were asking, so I hope I’ve answered their question.

Kuntal Warwick (CITC): Okay. Great. And, of course, for everyone who is joining us and has registered for the webinar today, we will be sending this out afterwards. And Sem’s contact information will be along with the slides and with the webinar recording. If you’re not able to see it here, you’ll certainly get that afterwards, and you can contact her directly at that point. But I think those are the only additional questions that we have. Again, thank you all for joining us, and we hope to see you next month. And thanks, Sem, for giving us your time.