In 2015, Zack Schuler was plagued with a common entrepreneur’s problem: After successfully building and selling his Los Angeles-based I.T. Services company two years prior, he was starting to get the itch. He began digging around for potential problems to solve and came across an article lamenting the abysmal security awareness landscape, and how managed service providers were having trouble keeping their clients secure. According to the source, 95 percent of security breaches were happening through human error, which meant employees simply weren’t being educated properly. And who could blame them? Most security awareness videos were on par with watching paint dry.
A lightbulb went off, and he knew there must be a better way. Zack called a few of his close friends—including seasoned television writer Bill Haynes—with an idea: a security awareness business that would use Hollywood-style storytelling to educate people about cybersecurity, breaches, and easily avoidable threats. This wasn’t going to be a “check the box” training program; this was going to be a platform driven by emotionally connected content that could change human behavior.
A few months later, NINJIO was born. Today, the company serves Fortune 500 companies and small businesses alike, and has changed the behavior of hundreds of thousands of people through engaging, emotionally-driven storytelling.
What was the inspiration for NINJIO?
After selling Cal Net Technology Group in 2013, I was happy with early retirement—which allowed me to spend more time with my family, pursue advisory work, and focus on hobbies. But the truth is, after awhile, I’d become mildly depressed and started wondering: What am I going to do with the rest of my life? Because this can’t be it.
I got to thinking about how many times Cal Net responded to a breach simply due to the fact that one of our clients’ employees had clicked on something sketchy without realizing it wasn’t safe. I knew there was a problem here that I was actually interested in solving. After all, I’d seen and experienced the negative side effects firsthand.
I wanted to test my hunch, so I did a quick YouTube search for “security awareness training.” After watching my first 45-minute “death by PowerPoint” training video (I zoned out after one minute), complete with a lecture covering 14 topics within the first 10 minutes, I was utterly confused. Even as an I.T. pro, I wasn’t retaining the information—so how did companies expect a non-technical person to absorb any of it?
I enlisted my former college friend Bill Haynes, a member of the Writers Guild of America who had over 70 episodes of CSI NY and Hawaii 5-0 (written/produced) on his list of accomplishments. Next, I tracked down animation expert Ben Reynolds, recognized his talent, and immediately brought him on board full time. Then I reached out to another longtime friend and designer, Roy Dequina for help with the branding and website. After a couple months of extensive research and hashing out the details, I officially launched NINJIO.
What are the most common misconceptions about cybersecurity breaches and hacks?
For starters, the idea that hacks only happen because of computers or devices not being up to date is misguided. In fact, the majority—as in, nearly all—of breaches happen due to human error: people not recognizing scams, employees not being educated about threats, and organizational leaders not prioritizing security awareness training. In other words, it’s a people problem, not an I.T. problem; and it all boils down to human behavior.
Secondly, this overplayed stereotype of some anti-social, hoodie-wearing college dropout lording over a computer in a dark basement is great for movies, but has very little basis in reality. Most hackers are “hiding” in plain sight, and most breaches are carried out in a systematic, organized fashion. These are a combination of both low-skilled criminals and highly educated thieves, both of whom have access to complex and illegal technologies to prey on innocent individuals and organizations. When we start looking at cyberattacks for what they are—premeditated, illegal measures by bad actors—it changes our approach to defending against them, or at least it should. We need to be prepared, not reactive.
Last and certainly not least, much like the assumption that everyone should just know how to invest their money and spend it wisely, thinking that most individuals will know a scam or a threat when they see one couldn’t be further from the truth. Cybersecurity education is the only way to create a culture of security within an organization. In my opinion, it is on par with sexual harassment training and should be a high priority at companies large and small due to the dire consequences of cyberattacks. Think about it like this: If every device had a physical ticking time bomb attached to it, and the only way to avoid detonation was to teach people how to disarm it, do you think we would prioritize it? Probably so. This is the way every organization should be thinking about cyberthreats. They are there, we often just can’t see them until it’s too late.
How can small businesses with minimal budgets protect themselves?
The first thing to remember is that protecting an organization of any size is about changing the way people behave. At the very least, a small business can open up the initial conversation with employees by developing guidelines and processes for reporting potential threats. You’d be surprised how many organizations don’t ever address the potential of a cyberattack until after it happens. Small business owners can set the stage for a “culture of security” simply by making team members and employees aware of the existence of cyberthreats.
A study by the Better Business Bureau reports that cyberattacks cost small businesses an average of almost $80,000 every year, and losses can range up to $1 million. That’s a frightening statistic, and it demonstrates that small businesses definitely need to prioritize cybersecurity awareness training. I’ve seen firsthand how breaches can destroy small businesses. After watching two friends nearly lose everything they’d worked for, one due to wire fraud and the other because of ransomware, we developed an affordable, battle-tested solution geared toward smaller organizations. I believe it will prevent thousands of breaches in the future, and is truly worth considering in terms of a systematic approach to educating employees about cybersecurity. Additionally, every organization that arms its employees with our NINJIO SMB solution will also gain access to Friends and Family Use Rights for seven additional friends or family members.
Ultimately, our goal is to create secure cultures at work and home for everyone—small businesses, large companies, communities, and loved ones. We hope this is the way everyone on the planet starts thinking about cybersecurity. It’s a crazy virtual world out there!
Zack Schuler is the founder and CEO of NINJIO, a cybersecurity awareness company that empowers individuals and organizations—from Fortune 500 companies to small businesses—to become defenders against cyberthreats. Prior to launching NINJIO, Zack was the founder and CEO of the I.T. services company Cal Net Technology Group. In addition to his entrepreneurial pursuits, Zack is a member of the Forbes Technology Council and he’s on the board of governors for Opportunity International, an organization that provides microfinance loans, savings, insurance, and training to more than 14.3 million people who are working their way out of poverty in the developing world.