Welcome To Our Carpool Consulting Video Series
-
• 5/26/26Carpool Consulting Carwash with Mike Branch from Geotab
0:00
0:01
1 second
Sharon: A traffic jam is like privacy because
0:08
8 seconds
Mike: you have to stunt me on that one. Eh a traffic jam is, Do you have an answer to this? You do, don't you? There's a It's a little
0:15
15 seconds
I don't know, Sharon. Why is a traffic jam
Sharon: I'm not telling you, You have to come up with it on your own. I'll let you think about it. How about that?
Mike: Okay. Um
Sharon: You think
0:23
23 seconds
about it while I drive us to the car wash. My next guest is Mike Branch from Geotab. Mike is VP of data and
0:32
32 seconds
analytics. Geotab is one of the greatest telematics companies ever. He also helped to launch an AI assistant for Geotab,
0:41
41 seconds
making fleet data a lot more accessible and transparent. I see him. Let me get him in the car. Hey, need a ride?I
0:48
48 seconds
Mike: I think I might. I think I might.
Sharon: Come on in. Let's do this.
Mike: Thank you.
Sharon: What is Geotab? What do you guys do?
Mike: We're a connected vehicle platform. So, uh, if
0:56
56 seconds
you want to know anything about your vehicle as a fleet, ever if you're harsh braking, if you're speeding, um, if there's a problem with the battery in
1:03
1 minute, 3 seconds
your car, all that kind of stuff, we connect up to the OBD port in your vehicle. That little plug that's usually the side of
I don't think you have a Geotab device in here. It doesn't look like it, but you should
Sharon: No I dont, . But, well,
1:13
1 minute, 13 seconds
well, after this episode, I may. Maybe I have now a connection.
Mike: Yeah. Exa Exactly. And, and so we help fleets across the whole globe, giants, uh, Giants like
1:20
1 minute, 20 seconds
UPS and PepsiCo all the way through to mom and pop shops. Um, you know, we have over 4.7 million connected vehicles
1:29
1 minute, 29 seconds
across the globe. So, we're managing all that data at scale, helping them uh drive down collisions, helping them reduce downtime, helping them reduce emissions. Transition to EV is a big thing
1:37
1 minute, 37 seconds
Sharon: Okay. So, Mike, I I know that you have a lot of really good information about your industry, about telematics,
1:48
1 minute, 48 seconds
about what you can do with this information. Like, give me the top secrets. Like, I know everyone just
1:55
1 minute, 55 seconds
wants to hear all the juicy juicy details. Tell us everything.
Mike: Oh, you want to hear everything?
Sharon: I want everything.
2:02
2 minutes, 2 seconds
But but the good stuff. Like the juicy stuff.
Mike: The juicy stuff. All right. Here we go. Okay. So, here.
Carwash Noise
2:18
2 minutes, 18 seconds
Sharon: That was amazing. And I'm really glad my viewers got to hear that directly from your mouth. Mike: Not too many people know this story, Sharon.
2:29
2 minutes, 29 seconds
Sharon: Wow. So, this segment is called Yay or Nay. Okay.
So, is it smart safety or
2:37
2 minutes, 37 seconds
surveillance overkill? So, your telematic system alters your fitness app every time you visit a fast food drive-thru?
2:47
2 minutes, 47 seconds
Mike: hohoho Absolutely. Nay. Nay.
Sharon : Really?
Mike: Yeah.
Sharon: Why?
2:51
2 minutes, 51 seconds
Mike: Well, you know what? I wouldn't want my um telmatic system to know anything about my fitness. Those two worlds
2:57
2 minutes, 57 seconds
should not be intertwined. Uh unless
Sharon: what if it helped your fitness?
Mike: I mean,
3:03
3 minutes, 3 seconds
Sharon: it could it could be a good thing
Mike: It it could be a good thing, but you need a proper consent. You want that to happen. But I would say if
Sharon: You're very responsible
3:10
3 minutes, 10 seconds
Mike: Absolutely.
Sharon: Yes. I mean, you're you're in the business of being responsible.
3:14
3 minutes, 14 seconds
All right. Next one. Your parents get a notification every time you break hard.
3:18
3 minutes, 18 seconds
Even if you're 42 years old and paying off a mortgage, yay or nay?
Mike: I would say yay as long as there’s consent. Like I you know
3:25
3 minutes, 25 seconds
what? Specifically, if it was for my kids uh and I had a device in the vehicle, I want to know that they're they're driving. Well, if and
Sharon: What if
3:33
3 minutes, 33 seconds
they're 42 years old?
Mike: They're 40 years old and and they consent, then fine. But I I can't imagine many 42 year olds
3:41
3 minutes, 41 seconds
consenting with that.
Sharon: Exactly.
All right. Your seat detects crinkling chip bags and asks if you prefer apple slices
3:49
3 minutes, 49 seconds
instead. Yay or nay?
Mike: Uh, that's that's a nay. That's a huge invasion of privacy there. I think
Sharon: really that you like
3:57
3 minutes, 57 seconds
Chips.
Mike: But that it's detected the fact that I've got, you know, this these chips on the and and then I say, "Hey,
4:04
4 minutes, 4 seconds
you should you should have a fruit instead."
Sharon: Yeah. That's a good thing.
Mike: It is a good thing.
Sharon: Maybe having fruit will will waken you up and you can drive
4:11
4 minutes, 11 seconds
better.
Mike: Yeah. Right. I still think I still think they get a lot of nays here. I'm probably a little bit more responsible than you
Sharon:. I
4:19
4 minutes, 19 seconds
think you're too responsible.
Your telematics logs every time you honk,
4:23
4 minutes, 23 seconds
rates it on justified or petty, and sends you a monthly summary. Yay or nay?
4:29
4 minutes, 29 seconds
Mike: I I kind of think yay to that. I think so. Um
Sharon: I think so, too. Yeah.
Mike: You could pick up some. There might be some aggressive behaviour there that is
4:38
4 minutes, 38 seconds
unwarranted, right?
Sharon: That's right. And then you get a summary and you learn.
4:41
4 minutes, 41 seconds
Mike: Yeah. You get a summary. You learn from that as she comes into your app. Right.
4:44
4 minutes, 44 seconds
Sharon: Exactly. Last one. If you cut someone off or speed, your car sends an apology tweet on your behalf saying, "Sorry,
4:53
4 minutes, 53 seconds
that's on me. I'm working on being better." Yay or nay?
Mike: Oh, yay. Yay. And uh it should uh maybe give them a little
5:02
5 minutes, 2 seconds
gift certificate to Tim Horton at the same time. Starbucks. Come on.
Mike: Starbucks.
Sharon: Yeah. Uh well, again.
5:09
5 minutes, 9 seconds
Okay. So, first of all, congratulations.
5:12
5 minutes, 12 seconds
I know you are a, Geotab won the Picasso award about a year ago or so
Mike: We did we did, very excited
Sharon:. So,
5:18
5 minutes, 18 seconds
congratulations. Which means that you're obviously doing something really well with privacy. So, explain to me with the
5:25
5 minutes, 25 seconds
data that you're collecting, uh, what personal information are you collecting that you're even thinking about privacy?
5:31
5 minutes, 31 seconds
Mike: Uh, you know what, a lot of people don't think about that right away cuz they think, oh, you're, you know, your personal information is your credit card information, right? It's your healthcare
5:38
5 minutes, 38 seconds
information. Uh but uh your vehicle lays a bit of a track, right? So uh your
5:45
5 minutes, 45 seconds
vehicle driving habits if you're coming from home to work every single day,
5:48
5 minutes, 48 seconds
there's a pattern in that data and uh that pattern can divulge a little bit about you uh from a privacy perspective.
5:56
5 minutes, 56 seconds
So that is the geospatial element is the biggest concern for us when it comes to privacy. Um you know there's other pseudo identifiers like VIN as well too.
6:05
6 minutes, 5 seconds
Yeah. Where it's traveling. Um that's that's our biggest um risk area.
Sharon: If you're a fleet company, isn't that the information that you want to collect?
6:14
6 minutes, 14 seconds
Mike: That's exactly it. And there in lies a conundrum, right? You you absolutely need that data to do your business. Um but you have to also give privacy
6:22
6 minutes, 22 seconds
measures to the fleet uh to allow them to turn off um uh GPS data whenever somebody's in say like a personal mode.
6:30
6 minutes, 30 seconds
For us, it's really important to uh to understand if we're dealing with uh data that might be personal or not. Um and
6:39
6 minutes, 39 seconds
you know, you have a driver that works for a company, they may take that vehicle home. You shouldn't be tracking the data that is in that kind of personal mode. Um and so as we're
6:47
6 minutes, 47 seconds
developing new data and insights for a lot of our customers, we can't be doing it based on a lot of this personal data.
6:53
6 minutes, 53 seconds
But to your point, absolutely our customers want to know where their vehicles are. It helps for routing,
6:59
6 minutes, 59 seconds
right? helps for uh a whole series of things. They couldn't run their business if they didn't have that GPS data.
Sharon: Are you using that data for any other
7:07
7 minutes, 7 seconds
purpose or sharing that data for insights for other organizations or municipalities or anything like that?
7:14
7 minutes, 14 seconds
Mike: Yeah, we believe that you know there's certainly um a whole host of reasons that you can use this data for that can really benefit society.
Um you know we
7:23
7 minutes, 23 seconds
recently did our platform Altitude which we take all this data privacy compliant and made it available um for municipalities to look at you know areas
7:32
7 minutes, 32 seconds
and cities where there's congestion and where you might look at better planning for uh for freight. Um we did a study with uh on the Gardener Expressway which
7:40
7 minutes, 40 seconds
as we're all familiar with you know there's three lanes in uh three lanes out and now construction has been done and you've got two lanes in two lanes
7:47
7 minutes, 47 seconds
That has a huge impact on uh on productivity in the whole city. And so as a result of some of the study we did
7:55
7 minutes, 55 seconds
to show that impact it was able to bring down the construction time. So I think another $73 million was put um into that
8:03
8 minutes, 3 seconds
project to bring down the time. But you can't do that without privacy compliant data. And that's why I always say like not all GPS data is is created equal.
8:11
8 minutes, 11 seconds
Sharon: Yeah. So what do you mean by that?
Mike: So you could you could slam on your brakes at an intersection. A whole bunch of people do that. You want to be able to understand is that a dangerous
8:20
8 minutes, 20 seconds
intersection or not. Um and that is an okay use. You're not divulging private data at that point if it's happening from multiple vehicles in a common area.
8:30
8 minutes, 30 seconds
Dangerous driving. But you don't want to start divulging things like Mike drove from his home to the office every single day.
There was that New York Times
8:39
8 minutes, 39 seconds
expose. It was, do you remember that? It was like one data set, zero trust. And so in that data set, what they exposed was individual vehicle driving patterns.
8:50
8 minutes, 50 seconds
Sharon: Okay.
Mike: And he was able to very clearly see when somebody was um going to maybe change their job. They went from their home to Microsoft, home to Microsoft,
8:59
8 minutes, 59 seconds
then they went home to Amazon, then home to Microsoft. you could see that that pattern dulged information that it that
9:06
9 minutes, 6 seconds
it shouldn't.
Sharon: So Mike, I understand you were instrumental in launching the um ACE platform, which is Geotab's AI
9:14
9 minutes, 14 seconds
assistant.
Tell me about it.
Mike: Our our theory was if we launched ACE um that a lot of our fleet customers want to just be able to ask a question about their
9:23
9 minutes, 23 seconds
vehicles or their fleet cuz you're you have this data deluge, right? So you got these dashboards every which way. Um,
9:30
9 minutes, 30 seconds
you know, we're streaming 100 billion data points a day into our ecosystem.
9:34
9 minutes, 34 seconds
Sharon: God that’s crazy
Mike: a hundred billion with a B and uh we have got 55,000 you know customers across so many different verticals.
So to be able to
9:42
9 minutes, 42 seconds
create this oneizefits-all dashboard for everyone doesn't really make sense. So similar to chat GPT like can I ask a question about my fleet and have it give
9:50
9 minutes, 50 seconds
me the answer and that was the theory and and so when we ran some initial tests with customers they love this this idea right being able to ask you know
9:58
9 minutes, 58 seconds
who are my safest drivers you know um uh do I have a problem with you know any of my vehicles um batteries just anything
10:05
10 minutes, 5 seconds
you could think about for your fleet ask it
Sharon: I imagine though with any generative AI tools there are risks never
10:14
10 minutes, 14 seconds
Sharon: Never. Wow. I think everyone needs to come to you and figure out what you
Mike: Absolutely. We made, you know, AI that never hallucinates.
Sharon: So,
10:23
10 minutes, 23 seconds
how do you make it responsible? Tell me about it. What was your journey?
Mike: The whole concept of responsible is, I think, an interesting one cuz there's so many different kind of facets to it. So,
10:32
10 minutes, 32 seconds
you want to make sure that it doesn't go off on a tangent, right, and answer questions that it it it really shouldn't. So, we've done a lot of
10:41
10 minutes, 41 seconds
training there is it can't answer a question like, "Who should I fire?" it can or it can’t.
Sharon: Okay. Okay. It cannot.
Mike: Um and we have to make sure that that it
1
0:50
10 minutes, 50 seconds
doesn't, right? And so we implement a whole series of things like red teaming.
10:54
10 minutes, 54 seconds
So we've got um a small team of folks uh at the uh at the office who will go in and try to debunk it, right? And try to
11:01
11 minutes, 1 second
trick it into giving it.
Sharon: This is like their full-time job.
Mike: This is pretty much their full-time job
Sharon: That’s amazing
Mike; . Yeah. Um
Sharon: how do you get a job doing that?
Mike: It's pretty cool,
11:09
11 minutes, 9 seconds
Right?
Sharon: Yeah
Mike: It takes because it takes a little bit of understanding what's going on behind the hood and some creativity as well too. Um, so we're looking at ways to automate that a little bit more,
11:20
11 minutes, 20 seconds
which would be really interesting.
11:22
11 minutes, 22 seconds
Um, but yeah, it can't answer things like that. It can't answer things that are completely off base as well. We've had people ask it, you know, uh, who's going
11:29
11 minutes, 29 seconds
to win the World Series? Sorry, I'm a fleet data science uh, agent. I can't answer these kinds of things. Sharon: So, it's okay.
11:37
11 minutes, 37 seconds
So I know a lot of our viewers are thinking about AI. They are thinking about implementing AI and they are also
11:44
11 minutes, 44 seconds
hearing a lot of buzzwords like responsible AI. So what advice would you give them if they're just getting
11:52
11 minutes, 52 seconds
started um and they want to do the right thing? They may not know how to do the right thing.
Mike: I I think a lot of it is a people thing uh to begin with. You have to buy in throughout the organization.
12:02
12 minutes, 2 seconds
So you know we created a responsible AI policy, right? And that grounds how you make a whole series of decisions going
12:09
12 minutes, 9 seconds
forward. Uh so you have to come together as a leadership team because you can have a policy that's drafted but if you don't have full buy in throughout the organization it's not going to really go
12:18
12 minutes, 18 seconds
Anywhere.
Sharon: Where is it? It's on your website.
Mike: It's on our website. You look up Geotab.com and look up responsible AI policy and you'll you'll find it in there. Ad we also have some tips and tricks of what we did for Geotab ACE.
12:28
12 minutes, 28 seconds
There's a whole document in there shows how we apply a responsible uh AI policy in the implementation uh of ACE. So I
12:35
12 minutes, 35 seconds
encourage all the viewers to go check it out.
Sharon: Check it out. Um so someone told me
Mike: Okay
Sharon: That you um you like uh
12:45
12 minutes, 45 seconds
Chocolate-covered almonds.
Mike: Oh yeah.
Sharon: Uh when you go on a road trip.
Mike: 100% I do.
12:51
12 minutes, 51 seconds
Sharon: So here you go. Feel free to bust it open. We are on a road trip after all.
12:55
12 minutes, 55 seconds
Mike: All right. Like I can do this now.
Sharon: You can totally do this now if you want.
12:59
12 minutes, 59 seconds
Mike: Sharon, I mean, you've given me something here that I'm absolutely going to,
Sharon: but you know, you have to share.
13:04
13 minutes, 4 seconds
Mike: 100%. What do you think I am? Here you go. There you go. You get the first one, too.
Sharon: Aw, thank you. All right.
Mike: Awesome.
13:16
13 minutes, 16 seconds
That's a great question. Who's a better driver? My me or my wife?
Sharon: Oh, do you both have Geotab devices in your vehicles?
Mike: Uh, we don't, but I but I have
13:24
13 minutes, 24 seconds
to get one in on her vehicle. I have it on mine. I don't have it on hers yet. So we can So we can So I can So I can ask it in her time.
Sharon: Maybe she doesn’t want it in her car, She doesn't want you to track her.
Mike: So I can ask Ace that question.
-
• 5/25/26Carpool Consulting - Employees and Porn!
0:00
[Music]
0:01
1 second
Sharon: it's highly embarrassing um to be monitored when you're going to look at porn
Lauren: sounds like you have experience with this
0:10
10 seconds
Sharon: I do not have
0:22
22 seconds
experience
Ross: getting like loosened up are we
Sharon: we loosen yeah okay feeling good all right. so guys here's the situation we
0:30
30 seconds
have a client we work closely with the security team they're actually wonderful
0:36
36 seconds
and it came out that they're looking at who's going on various websites that
0:45
45 seconds
they should not be going on and the topic of porn came up
0:56
56 seconds
Lauren: How did it come up did it come up when they like actively monitoring
Sharon: their security
1:02
1 minute, 2 seconds
lead was actively looking at who is going on prohibited websites
Ross: it's not
1:10
1 minute, 10 seconds
unheard of though because you know part of the protections is actually looking at repeat offenders and
1:19
1 minute, 19 seconds
things like that so you've got to have some sort of discipline there I guess
Lauren: but is it necessary to sit there and watch what everyone's doing like we no
1:27
1 minute, 27 seconds
Ross: Well that's a fair point that's probably not what you should be doing
Sharon: well I mean okay so the issue that I had
1:33
1 minute, 33 seconds
with it was that he knew exactly which employee was going on what site um and
1:43
1 minute, 43 seconds
my concern was that these employees have no idea that they're being monitored and
1:50
1 minute, 50 seconds
it's highly embarrassing um to be monitored when you're going to look at porn
1:57
1 minute, 57 seconds
Lauren: sounds like you have experience with this shit
Sharon: I do not have
2:04
2 minutes, 4 seconds
experience.
okay so as a uh security professional within a company are you
2:11
2 minutes, 11 seconds
allowed to look at which websites your employees are going on or at least
2:19
2 minutes, 19 seconds
trying to go on
Ross: providing that there is you know correct notice and that it's perhaps in your employment contract that
2:27
2 minutes, 27 seconds
you've got security aspects of it like that. In all honesty I think if you're employed by a company in a lot of ways you know you shouldn't expect that
2:35
2 minutes, 35 seconds
degree of privacy on a company-owned piece of equipment. I think personal equipment just gets a whole lot hazier but company owned equipment you know I I
2:44
2 minutes, 44 seconds
wouldn't be wanting to go on porn and things that I shouldn't be going on to on company owned equipment, and I think I should expect that someone would monitor
2:51
2 minutes, 51 seconds
it but that's maybe me coming from the security background. I I think it's it's fair providing those notice
Lauren: there has to be noticed
Sharon: right so like what kind of
2:59
2 minutes, 59 seconds
notice cuz what is sufficient notice
Lauren: are they in Ontario cuz then they if it's above 25 employees they need a policy
3:07
3 minutes, 7 seconds
employee employe monitoring policy
Ross: I think you know as much as there's notice in email I don't think that's necessarily effective because of exactly
3:15
3 minutes, 15 seconds
what you're saying. But if it's in even in your employment contract that like okay here's the deal as to what happens
3:22
3 minutes, 22 seconds
as as part of your employment here maybe that's our first point of notice um but yeah speaking to Lauren's point employee
3:30
3 minutes, 30 seconds
notice policies that actually detail this
Sharon: but I mean if those websites are already blocked you cannot actually go on.
3:38
3 minutes, 38 seconds
You can attempt to but you can't then do you still need to Monitor and attempt to go on something that you can't
3:46
3 minutes, 46 seconds
actually even browse or go on
Lauren: so hang on he was monitoring just people are attempting
Sharon: yes
3:54
3 minutes, 54 seconds
Lauren: I'm to someone they may do something wrong
Ross: no it's not that it's not that they may do something wrong like they
4:01
4 minutes, 1 second
are actively trying to get to a a blocked site but like you know once or twice is an accident um more than that
4:10
4 minutes, 10 seconds
is deliberate and when you're starting to deliberately do this or you start looking at trends of someone going to multiple sites that they shouldn't be going to that then I think is a security
4:20
4 minutes, 20 seconds
thing that the company should look at
Lauren: but would that person still be attempting if they knew they were being monitored? I think that's also the we
4:28
4 minutes, 28 seconds
can't just decide things on based on what's wrong or what we feel is like morally incorrect we've got to break it
4:36
4 minutes, 36 seconds
down into what's allowed in privacy legislation and otherwise.
Ross: like I think there's ways and means of doing it cuz I
4:43
4 minutes, 43 seconds
mean it's also it's what would be very subversive is if you were monitoring and still allowing people to get to the
4:50
4 minutes, 50 seconds
Lauren: sites like um like entrapment
Ross: yeah whereas like this at least would show a screen saying you know you're not going
5:00
5 minutes
To the site surprise you please see
5:06
5 minutes, 6 seconds
HR I personally think that on a reactive side like if someone is frequently doing this then it should be I don't think it should be actively monitoring, like Hmmmm
5:15
5 minutes, 15 seconds
where is Jimmy going today um I think it would be you know okay well this user has reached a threshold of 16 blocked
5:23
5 minutes, 23 seconds
sites in the last 24 hours what do you want to do
Lauren: if only you could have a policy that said to employees don't be Dumb we won't be
5:31
5 minutes, 31 seconds
creepy
Ross: I love that I think we should title our policy that
Sharon: very creative
Ross: don't be dumb we won't be creepy I like it
5:39
5 minutes, 39 seconds
Sharon: Speed Bump
Lauren: whoa these are the guard rails just stay within them don't do anything that you wouldn't want your mom knowing
5:47
5 minutes, 47 seconds
that you're doing
Sharon: all right I think that solves the problem
so if uh if you're an employee
5:55
5 minutes, 55 seconds
going on some porn sites on company devices don't be an idiot just don't do
6:03
6 minutes, 3 seconds
it if you
Lauren: that's a professional
Sharon: great Consulting
Ross: use a
6:12
6 minutes, 12 seconds
VPN
Sharon: and then if you are the employer monitoring your employees just give
6:19
6 minutes, 19 seconds
notice man right yeah
Ross: set the expectations yeah
6:29
6 minutes, 29 seconds
Sharon: Ross are you monitoring us
Ross: not yet
Sharon: um okay
-
• 5/27/26Carpool Consulting - Cyber Insurance with Kyle Nichols
0:01
1 second
Kyle: a hacker will hack into their thermostat their IOT thermostat and they will crank up the heat and lock the owner out and
0:08
8 seconds
they will say if you don't get us
Sharon: Oh my God
Kyle: uh you know a Bitcoin or some sort of digital currency ransom payment we're going to
0:17
17 seconds
cook your house, yeah.
0:28
28 seconds
Sharon: Okay so my next guest is a managing director at-risk Strategies. He's worked in the insurance industry for 25 years
0:37
37 seconds
um and I see him so let's go see if we can get him in the car. Hey, you need a ride
0:45
45 seconds
ride
Kyle: hey Sharon fancy running into you
Sharon: how are you
Kyle: in my neighborhood
Sharon: very nice to see you
Kyle: or your neighbor our neighborhood
0:53
53 seconds
Sharon: both our neighborhood and I have a ton of questions for you
Kyle: fire away
Sharon: Can you tell us what cyber insurance is
Kyle: Cyber insurance is a policy that comes with a
1:03
1 minute, 3 seconds
suite of services to protect companies and individuals from cyber threats
Sharon: okay
1:10
1 minute, 10 seconds
Kyle: from hackers extortions accidental um release of information data all that
1:18
1 minute, 18 seconds
good stuff um and they have a component of first party. So if there's a claim they write a check to you or third
1:25
1 minute, 25 seconds
parties who who if they write a check it goes to not you, it goes to the Third third party who was injured or uh had
1:32
1 minute, 32 seconds
the claim happen against them
Sharon: so when we're talking about cyber Insurance most people think oh a cyber security
1:40
1 minute, 40 seconds
incident occurred
Kyle: right
Sharon: would it still apply to something that was a privacy incident ? I'm talking more like um misuse
1:49
1 minute, 49 seconds
of personal information by the company that was collecting it
Kyle: oh sure, yeah
Sharon: so would that be covered through cyber Insurance
1:56
1 minute, 56 seconds
Kyle: there are coverage grants that allow for, to protect the company against such accidental releases
Sharon: okay
Kyle: uh for sure i
2:05
2 minutes, 5 seconds
Sharon: If you wanted to get Cyber Insurance do you need to prove anything to the insurance company like walk me through it
Kyle: yeah the
2:12
2 minutes, 12 seconds
privacy posture the IT security landscape with and how the company operates uh are all looked at. How do you
2:20
2 minutes, 20 seconds
handle and treat uh sensitive information uh do you have like when I say clean desk policy, it's like hey at night like where are these files going
2:28
2 minutes, 28 seconds
that contain private information
Sharon: Right, okay they do like an assessment on you to determine you know whether you're worthy
2:36
2 minutes, 36 seconds
of insurance like how does that work
Kyle: Yeah it's kind of like uh going to Canada's Wonderland you have to be this tall to ride
Sharon: okay yeah thanks I know what you're
2:45
2 minutes, 45 seconds
trying to do, I know most of you don't know but I am very sure, so thanks for trying to bring that in Kyle
Kyle: no problem
2:54
2 minutes, 54 seconds
no problem
Sharon: That was rude
Kyle: we go way back so we're fine
Sharon: yeah you have to be worthy of getting cyber insurance. Why is that?
3:02
3 minutes, 2 seconds
It used to be really simple
Kyle: yeah uh we've seen an a lot of losses take place
3:08
3 minutes, 8 seconds
and insurance companies act on data so when they have all this information then they can start underwriting for it
Sharon: okay
3:17
3 minutes, 17 seconds
Kyle: and asking those questions and then as you go into more what I would say crucial Industries like healthcare
3:25
3 minutes, 25 seconds
technology data center type stuff um the underwriting gets uh pretty significant and so you do need, if I can do a little plug here, you do
3:34
3 minutes, 34 seconds
need a broker who understands what is required in those Industries in order to get insurance but also get the best
3:43
3 minutes, 43 seconds
insurance most appropriate insurance and the right cost coverage and limit in place
Sharon: right
Kyle: very shameful plug
Sharon: very shameful. Well okay all this talk is
3:51
3 minutes, 51 seconds
getting me hungry and someone told me that when you're on a road trip you like team McDonald's Kyle: yeah I do
Sharon: all right um
3:59
3 minutes, 59 seconds
so we're we're at McDonald's um hi there what can I get you
Kyle: small coffee small fries
Sharon: That's it
Kyle: That's it
Sharon: What about Big Mac
4:07
4 minutes, 7 seconds
Kyle: no way
Sharon: can we have extra ketchup
Mcdonalds: ketchup on the side
Sharon: yes please did she just ask me if I want a ketchup on the side
Kyle: yeah
Sharon: what what's my other option
4:16
4 minutes, 16 seconds
ketchup on my fries? do they do that?
Kyle: no I no they
Sharon: then why did she ask me that
Kyle: I don't know
Sharon: that seems like a useless.
4:23
4 minutes, 23 seconds
question kind of a waste of time do insurance companies ask useless questions what what what one useless
4:30
4 minutes, 30 seconds
question does an insurance company ask I know they do this for sure
Kyle: um I mean I'd like to say that all the questions have
4:37
4 minutes, 37 seconds
a meaning behind them
Sharon: okay pretend none of your insurance friends are watching this
Kyle: don't worry none of them will watch this. I think sometimes they ask.
4:46
4 minutes, 46 seconds
questions to to get more information around the company that might appear as being useless but they always have a
4:54
4 minutes, 54 seconds
have a they don't ask questions that don't have a meaning behind them
Sharon: so there's always a reason
Kyle: there's always a reason okay
Sharon: uh oh you're paying
Kyle: I'll pay
5:03
5 minutes, 3 seconds
oh thank you okay
Kyle: it's the most I can do
Sharon: what's what's your password
Kyle: uh yeah password is
Sharon: no no okay
Kyle: I'm now insurable
5:12
5 minutes, 12 seconds
Sharon: yes premiums um so they used to be extremely affordable
Kyle: yes
Sharon: um now it seems
5:19
5 minutes, 19 seconds
like those premiums have gone up uh what is going on with that
Kyle: premiums are a function of the capital deployment costs
5:27
5 minutes, 27 seconds
that insurance companies have and then they kind of narrow that down into industry and what the loss profiles look like and then down into the individual
5:36
5 minutes, 36 seconds
company itself
Sharon: okay
Kyle: and how they're handling their cyber exposure
Sharon: can you negotiate premiums by the way
Kyle: 100%
Sharon: okay so how do you get your premiums to go
5:45
5 minutes, 45 seconds
down, how do you negotiate that? like I understand okay you need to have good privacy posture or privacy security posture Etc
okay let's bust out the
5:54
5 minutes, 54 seconds
fries um but how do you like it
Kyle: I have to get through all this ketchup that you car there's your ketchup with the side of
6:02
6 minutes, 2 seconds
fries french fries, and coffee can't go wrong
Sharon: Privacy is like a french fry because
Kyle: it's the perfect compliment for
6:11
6 minutes, 11 seconds
your business meal it's that good
Sharon: I love that
Kyle: all right there you go
Sharon: um okay so okay how
6:19
6 minutes, 19 seconds
do you so give us the tricks how do you um negotiate your premiums
Kyle: for someone who has never bought cyber before
Sharon: mhm
6:27
6 minutes, 27 seconds
Kyle: are you are you putting ketchup on individual fries
Sharon: yeah how else am I going to do this in the car I wish we oh we do have napkins
Kyle: what we look for is
6:35
6 minutes, 35 seconds
how do we show their policies and procedures and their history in the best light and what resources have they
6:42
6 minutes, 42 seconds
committed to their IT systems and also what do they do to educate and train their employees
Sharon: so you you just have to
6:50
6 minutes, 50 seconds
hide all of the breaches that you've experienced have
Kyle: if you haven't been breached um just wait for it, right
6:58
6 minutes, 58 seconds
Sharon: So you're saying it's not a matter of
Kyle: if
Sharon: if it's a matter of when someone in your company is going to click on an email
7:06
7 minutes, 6 seconds
from the prince of Nigeria
Kyle: correct okay that that's a great case scenario to say okay let's game this out
Sharon: okay
7:13
7 minutes, 13 seconds
Kyle: If there was a breach what is your response; we establish what they do with their actual
7:21
7 minutes, 21 seconds
IT infrastructure what would they do with their uh colleagues and how they train and educate them what I like to say is like the best defense against
7:29
7 minutes, 29 seconds
cyber uh threats
Sharon: yes
Kyle: it’s a really well educated Workforce and a culture of risk awareness so it's the the front end and
7:37
7 minutes, 37 seconds
then the back end right if there is a breach how are you protecting yourself how are you responding yeah and that's
7:44
7 minutes, 44 seconds
Sharon: Yeah
Kyle: That’s one of the advantages of cyber Insurance because a lot of companies don't have a lawyer on retainer or a PR firm on
7:52
7 minutes, 52 seconds
retainer
Sharon: yeah
Kyle: but the insurance companies do
Sharon: this is where we need to like have a conversation, when is it
8:00
8 minutes
a bad idea to call your broker when you may not be sure if you experience a
8:08
8 minutes, 8 seconds
breach
Kyle: never a bad time to call your broker
Sharon: okay
Kyle: what we can do is let's suppose you think there might be a breach
Sharon: mhm
Kyle: but you don't know so what we
8:17
8 minutes, 17 seconds
like to do is say hey there's a circumstance that may give rise to a claim that checks the box for notification
Sharon: okay
Kyle: and what they would do is then they would say okay give us as
8:25
8 minutes, 25 seconds
much information as possible we would intake and manage the claim and probably get our client to
8:32
8 minutes, 32 seconds
call. We would call them to the adjuster
Sharon: okay
Kyle: and lay out the circumstances and they would say Okay odds are it’s not a
8:39
8 minutes, 39 seconds
claim but we're going to deploy resources to help you
Sharon: will your premiums go up in that situation
Kyle: well great question
Sharon: thank you
8:48
8 minutes, 48 seconds
Kyle: um insurance companies believe it or not are there to pay claims right they are we have had
8:55
8 minutes, 55 seconds
several insurers pay claims on Cyber
Sharon: so are you saying that that cyber insurance claims are paid
9:04
9 minutes, 4 seconds
more than they're not paid do you have any statistics on this
Kyle: I do not have statistics on that. Tenai Moyo is our cyber
9:12
9 minutes, 12 seconds
practice lead here in Canada she could probably tell
Sharon: not a shameful plugin she's actually awesome
Kyle: she is amazing
Sharon: okay here's another question for you
9:20
9 minutes, 20 seconds
You experience an incident not necessarily a breach yet I report a breach to you or
9:27
9 minutes, 27 seconds
an incident you're not contractually obligated to notify the insurer
Kyle: we would
9:34
9 minutes, 34 seconds
take direction from you to say
Sharon: okay
Kyle: we have your authority to notify the insurer we would then discuss the pros
9:41
9 minutes, 41 seconds
and cons of reporting it versus not reporting it
Sharon: do you have an obligation to report it to the insurer you must
Kyle: so,
9:49
9 minutes, 49 seconds
Sharon: you can't keep it a secret
Kyle: well I mean you you can but don't expect to get coverage 3 months later when you're like hey we've tried to figure all this stuff
9:58
9 minutes, 58 seconds
out we can't now we're going to claim against the insurance coverage
Sharon: you know tell me some examples of um breaches or
10:06
10 minutes, 6 seconds
incidents that occurred that the insurance company refused to cover
Kyle: so willful negligence like gross negligence
10:15
10 minutes, 15 seconds
Sharon: like what
Kyle: like telling us that you had multiactor authentication but in actual fact you didn't have it on certain
10:23
10 minutes, 23 seconds
aspects of your business
Sharon: one more example
Kyle: like notifications, so delay notification so we have had incidences
10:29
10 minutes, 29 seconds
in the industry where a client has tried to solve their own problem
Sharon: mhm
Kyle: and then 6 months later they say okay we have
10:38
10 minutes, 38 seconds
tried to negotiate with this bad actor and you know they're not listening to us we can't get them the money we're going
10:47
10 minutes, 47 seconds
to get you guys to pay for it now
Sharon: every time you submit a claim does your insurance go up your premiums
Kyle: uh not
10:53
10 minutes, 53 seconds
necessarily but more often than not yes
Sharon: hey if you were doing carpool karaoke
11:01
11 minutes, 1 second
which artist would you want coming in your car
Kyle: oh Bob Dylan
Sharon: oh that's a good one
Kyle: yeah
Sharon: do you know why
11:08
11 minutes, 8 seconds
so many people love Snoop Dogg's presence?
Kyle: oh boy this is going to be bad
11:15
11 minutes, 15 seconds
Sharon: why cuz he's a great rapper.
what I've never heard of Quishing
11:22
11 minutes, 22 seconds
Kyle: yea
Sharon: I'm probably like the last to hear of it for those of you like no idea what he's talking about
Kyle: I'm going to assume your audience
11:29
11 minutes, 29 seconds
is familiar with a QR code
Sharon: yeah I think
Kyle: so so you take your camera and you take a picture of a QR code and that enters
11:38
11 minutes, 38 seconds
you into a different website a portal whatever and they'll say hey get a coupon. scan this QR code but behind the
11:46
11 minutes, 46 seconds
QR code is actually malicious software that allows them to enter your operating system
Sharon: oh
Kyle: yeah and
Sharon: we're seeing more and
11:55
11 minutes, 55 seconds
more QR codes like everywhere like menus QR
Kyle: yeah your your commercials on YouTube
12:03
12 minutes, 3 seconds
right like they'll show an ad for a company or product and next to it is a QR code
Sharon: you're like on carpool Consulting and there's a QR code
Kyle: right
12:12
12 minutes, 12 seconds
Sharon: yeah pull out your camera let's see let's see is he actually going to do this
Kyle: it's taking me to a verified email
12:22
12 minutes, 22 seconds
address Rick rolls Rick rolls Playbook getting
12:29
12 minutes, 29 seconds
Sharon: I hoped you have insurance for that
Kyle: right this has been going on for years they find the most vulnerable uh place within the
12:38
12 minutes, 38 seconds
network to attack
Sharon: okay
Kyle: and a lot of the times it's actually through the most unexpected ways. there was a um a claim
12:47
12 minutes, 47 seconds
in the industry where um they came in through the um IOT connection of the
12:54
12 minutes, 54 seconds
company's aquarium
Sharon: wow
Kyle: talk about fishing yeah
Sharon: Ha! oh
Kyle: yeah we we've seen that and like you know HVAC systems, the
13:02
13 minutes, 2 seconds
target hack ages ago actually came through their provider so when we when we have subcontractors who are going
13:09
13 minutes, 9 seconds
into large Fortune 1,000 companies they get a a request for insurance right they say they send it to us we review the contract and it says oh you need to
13:18
13 minutes, 18 seconds
carry cyber insurance and they're like but we just we're hammering Nails right
Sharon: yeah
Kyle: and but the company is so concerned that if they ever plug into a system
13:27
13 minutes, 27 seconds
that they're not covered
Sharon: so so we're going to play game this is going to be so easy for you . don't look at it all right. on a risk rating from 1 to 5
13:36
13 minutes, 36 seconds
one being the lowest five being the highest risk
your IT guy naps through every cyber security training session
13:44
13 minutes, 44 seconds
because he says hackers would never dare target us do we call this optimism or denial
Kyle: ignorance is bliss
Sharon: what's that
13:53
13 minutes, 53 seconds
Kyle: it's denial denial
Sharon: so how would you break this you did talk a lot about like the awareness the culture and the training
Kyle: yeah it's a five cuz cuz that's
14:02
14 minutes, 2 seconds
part of the culture and it comes from leaders within the organization and leaders of that IT department
Sharon: Absolutely
Kyle: if they don't take it seriously
Sharon: no one will.
14:09
14 minutes, 9 seconds
Kyle: why should they
Sharon: yeah all right here we go your office toaster gets hacked because it's connected to the company WiFi and now it's emailing ransomware
14:18
14 minutes, 18 seconds
demands to HR; is this a crumb size risk are we looking at a full loaf of one
14:25
14 minutes, 25 seconds
Kyle: you're looking at um a full loaf of risk oh yeah and who buys an IOT
14:32
14 minutes, 32 seconds
toaster
Sharon: don't shame those people
Kyle: don't yuck my yum
Sharon: yeah yeah okay thank you Kyle this was thanks for the pleasure
14:41
14 minutes, 41 seconds
Kyle: Thanks for the lift and for the french fries and for the coffee
Sharon: thanks for covering it all
Kyle: yeah why am I thanking you
Sharon: yeah I don't know
Kyle: well you remember my password
14:50
14 minutes, 50 seconds
Sharon: right yeah safe with me
Kyle: good
14:54
14 minutes, 54 seconds
[Music]
-
• 5/27/26Carpool Confessions: Happy Privacy Day (Part 1)
0:00
Sharon: Which is worse, someone reading your texts or seeing your screen time report?
0:05
5 seconds
Son: Mom, I don't have a phone.
Blonde Girl: Screen time report.
Sharon: How much time a day?
0:10
10 seconds
Blonde Girl: I don't know. Maybe like five, seven hours.
Sharon: Oh gosh. Okay.
0:18
18 seconds
Woman with Glasses: Hmm I don't know.
Sharon: You might be one of those people that has their phone to their face.
Woman with Glasses: I often work on my phone as well.
Sharon: Yeah.
0:24
24 seconds
Woman with Glasses: I mean, add that between the mindless scrolling and it's probably pretty I'm probably, you know, reducing my life expectancy with the number of hours on my phone.
0:36
36 seconds
Sharon: Okay. All right
How How many minutes a day are you on your phone?
0:40
40 seconds
Son: Well, if you let me get a phone, maybe I'd be able to tell you.
0:43
43 seconds
Brunette Girl: Does it depend on who the person is who's reading this?
Sharon: Um, okay. Let's just say your parents, cuz those are presumably the most important people in your life
0:52
52 seconds
Brunette Girl: I think that both, if they both saw those things I'd get in in trouble.
0:58
58 seconds
Sharon: Yeah. So, like how much time you spent on your on my phone? Like I as well as the texts. Brunette Girl: Well, my texts, Well, yeah,
1:04
1 minute, 4 seconds
cuz I had screen time and even I'm scared to look at my screen time cuz it's just so shameful probably. Sharon: How many hours a day?
1:11
1 minute, 11 seconds
Brunette Girl: I don't even want to know.
1:12
1 minute, 12 seconds
Sharon: Do you have limits? Like…
Brunette Girl: I used to. I used to. And I think that's why I get anxious because I'm like, "Oh my god, I'm going past my set limit."
1:19
1 minute, 19 seconds
like everything's my mom's going to kill me. But then I figured out a way to change the password. So they know that
1:28
1 minute, 28 seconds
though cuz it's I figured out the password.
Sharon: Be honest.
1:31
1 minute, 31 seconds
Do you use the same password for at least two accounts?
Man with Glasses: Probably more.
Blonde Girl: Yeah.
Sharon: You know that's terrible, right?
1:39
1 minute, 39 seconds
Blonde Girl: Yeah. But it's like school stuff, so
Man in Toque: I can't say that on camera.
Sharon: Well, that makes me concerned.
Man in Toque: Probably.
1:45
1 minute, 45 seconds
Sharon: Oh jeez. Hi. Mhm.
1:50
1 minute, 50 seconds
Do you know that's very bad? Why do you do it?
1:53
1 minute, 53 seconds
Man with Glasses: Cuz when you're older, you can't remember all the passwords. So, it's much easier to remember one or two passwords.
2:00
2 minutes
Woman with Glasses: I create crazy passwords.
Sharon: And do you remember them all?
2:06
2 minutes, 6 seconds
Woman with Glasses: I remember them because Well, I can't I'll tell you I can't tell you my secret.
Sharon: No, don't tell us your secret.
Woman with Glasses: I do write down a prompt.
Sharon: Mhm.
2:14
2 minutes, 14 seconds
Woman with Glasses: Only I could interpret the prompt. So if if something happens to me, my family is screwed cuz no one's would work it out.
2:20
2 minutes, 20 seconds
Sharon: So do you have like a black book prompt?
2:24
2 minutes, 24 seconds
Woman with Glasses: Oh, I have a couple. So some of them look like, you know, the scribblings of a beautiful mind.
2:31
2 minutes, 31 seconds
Sharon: Mean your parents do not use a very good password.
2:33
2 minutes, 33 seconds
Brunette Girl: They use the same password for everything.
2:38
2 minutes, 38 seconds
Sharon: Uh oh, we need to have a talk with them
Brunette Girl: My mom's going through menopause. Don't do that to her.
2:47
2 minutes, 47 seconds
Sharon: What is the most embarrassing thing that your phone knows about you?
Son: Mom, I don't have a phone.
2:53
2 minutes, 53 seconds
Sharon: Do you like throw in all sorts of your like embarrassing private symptoms on chat GPT?
Man in Toque: No.
Sharon: Oh,
2:59
2 minutes, 59 seconds
Man in Toque: never. No.
Sharon: Really
Man in Toque: Chat GPT is not a therapist. Chat GPT is not a therapist.
3:06
3 minutes, 6 seconds
Sharon: What is the most embarrassing thing your phone knows about you?
Blonde Girl: Probably like my random searches.
3:13
3 minutes, 13 seconds
Sharon: Mhm.
3:16
3 minutes, 16 seconds
Woman with Glasses: If anyone did a deep dive into my pictures, my photos, I got moles, I got body parts.
3:22
3 minutes, 22 seconds
Man in Toque: Well, I'm going to assume it knows everything about me because the phone is like at least my primary source of all electronic communications.
3:31
3 minutes, 31 seconds
Woman in Glasses: All medical appointment purposes.
Sharon: Oh,ok
Woman in Glasses: you know, for followup.
3:35
3 minutes, 35 seconds
Brunette Girl: Sometimes I like bring it with me on the toilet and like it's just like probably not the best thing ever. And I also like write like the silly things to my friends.
3:44
3 minutes, 44 seconds
Blonde Girl: They're just like,
3:45
3 minutes, 45 seconds
"Can I put the dishwasher on with like this in it or something like that?"
3:49
3 minutes, 49 seconds
Sharon: Oh, like, "What do you put in your dishwasher that you need to look at?"
3:52
3 minutes, 52 seconds
Blonde Girl: Like, random like stuff that doesn't have like a label on it like
Sharon: Oh, okay. That's the most embarrassing thing on your phone.
Blonde Girl: Maybe. I don't know.
3:59
3 minutes, 59 seconds
Sharon: Maybe you just don't want to tell us.
Blonde Girl: Who knows?
Sharon: Yeah.
4:02
4 minutes, 2 seconds
Brunette Girl: I think my phone knows too much about me.
Sharon: Too much about you.
4:04
4 minutes, 4 seconds
Brunette Girl: But then sometimes I feel like I also lie to my phone cuz sometimes I write things in my notes app and then I lie about it even though that's not true.
Sharon: Oh, like you try to trick your phone.
4:12
4 minutes, 12 seconds
Brunette Girl: Yeah. No, I try to trick myself
Sharon: Explain this to me.
4:15
4 minutes, 15 seconds
Brunette Girl: Like if I'm just like, "Oh, that really bothered me, but in reality it didn't."
4:19
4 minutes, 19 seconds
And I just like felt like it should have bothered me. I would write down it that bothered me to like kind of trick myself into making it bother me. Does that make sense?
Sharon: No.
4:27
4 minutes, 27 seconds
Man in Toque: I am also a pretty private person in terms of not wanting to leave a huge electronic footprint. So, I have disabled all of the tracking.
4:35
4 minutes, 35 seconds
Woman in Glasses: I've deleted them all. But are they ever really deleted? Are they really gone?
4:40
4 minutes, 40 seconds
Sharon: I mean, depends on the retention of those deleted photos.
Woman in Glasses: Yeah.
4:44
4 minutes, 44 seconds
Sharon: Yeah. It's photos that you don't necessarily want everyone to see.
4:47
4 minutes, 47 seconds
Woman in Glasses: No. Well, no one wants to see those photos.