During his more than 25 years as a computer forensics investigator, Mark Lanterman has helped to solve crimes, exonerate innocent parties, protect billions of dollars in corporate assets and even protect our national security. This is all serious business, but how he got into the business is a funny story.
After completing his undergraduate and master’s degrees in computer science, Lanterman was slightly sick of computers. He moved back home to Philadelphia to contemplate what he wanted to do with the years ahead. One day, his mother sent him to the corner bakery for bagels, and on the way, he picked up a copy of the local newspaper. While standing in line, he read a report about a local bank that had been hacked – his bank. Lanterman was very upset. All $130.00 of his life savings was in that bank. Somebody had to do something.
“You didn’t hear much about hacking then, and as I started dissecting the article, I realized the analysis about how the hackers did it wasn’t right. I naively drove to the police department, introduced myself, and explained to the officers that they didn’t know what they were doing. Of course, they thought suspect No. 1 had just walked into their office. Then they realized I was just some stupid kid with nothing better to do.”
As it turned out, that stupid kid was right. Lanterman volunteered the next four months assisting the police in apprehending the hackers and eventually received an invitation to join law enforcement.
“I grew up knowing I wanted to do something with computers. The opportunity to get into law enforcement kind of meshed my computer education with my love of chess. How do I plan ahead to prove or disprove allegations and catch the bad guy? I’m glad my mother sent me for bagels.”
A lot of other people are also glad Lanterman’s mom sent him for bagels. He went on to become the senior forensic analyst for the United States Secret Service electronic crimes task force, where his duties included educating citizens about cybersecurity. Over time, he was approached by various entities asking if they could hire him privately to assist with internal investigations.
“These were organizations that didn’t want to involve law enforcement, or felt it was premature to do so. Eventually, I got enough inquiries that I thought maybe I was missing an opportunity.”
Entrepreneurialism beckoned, but this husband and father of then five children (the count eventually increased to nine) was reluctant to leave his steady job. Then his wife presented him with a gift , a bronze plaque inscribed with a quote by Mark Twain: “Why not go out on a limb? That’s where the fruit is.”
He recalled, “I had an epiphany in that moment. I got in my car, drove to the office and quit. I followed the lead of Cortez and burned all my ships.”
Needless to say, Lanterman was highly motivated to succeed. And succeed he did. Two days later, he had his first project. Three weeks later, he hired his first employee. He marshalled his talents, networked his contacts, and he has never looked back. In the past six years alone, his company, Computer Forensic Services (CFS), has conducted more than 5,000 electronic discovery and forensic analysis cases.
“I have great appreciation for entrepreneurs. I know how scary it can be, and I think it takes a special kind of person who is willing to risk it all for what he or she believes in, in business and in life.”
A lot has changed since 1998, when CFS came into the world. Initially, Lanterman thought his clients would be banking institutions, since those were the first to call. But over time, the bulk of his clients have turned out to be law firms. CFS assists with investigations and e-discovery in a range of matters, including lawsuits, criminal investigations and data breaches.
CFS also assists law enforcement with processing and examining electronic evidence. “In about 12 percent of these cases, we actually exonerate the suspect,” Lanterman explained. “It’s part of the reason I love what we do. Electronic evidence has no bias. It doesn’t lie. It is not prejudiced. It doesn’t care what your politics are, what color your skin is, or how much money you have in the bank. It simply tells a story about what occurred. It allows for justice.”
As Lanterman has watched data storage go from floppy disks to the cloud, and from increments of megabytes to yobibytes, he has learned a thing or two about how to protect his clients (and you) from those craft y assailants who are trying to get their hands on your valuable information.
“Data is power today,” he said. “It’s worth money. It’s not hard to steal, but it’s difficult to protect. We come in and assist our clients not only in protecting what they have, but if they are victims, with putting a narrative together so a court understands what happened, step-by-step, with a defined timeline. We can prove it, and help them get resolution.”
Lanterman cited numerous examples of clients who had inadvertently opened themselves up to hackers. Last year, several prominent Minneapolis law firms sought Lanterman’s help aft er they had mistakenly sent their firm’s W-2 information to a malign entity.
“These are sophisticated people who all fell for the same scam. One of the most important things an organization can do is provide training. If employees receive an email asking for sensitive information, they need to think twice. Maybe follow up with a phone call to ask who is making the demand and why the information is needed.”
In another instance, a professional organization responsible for continuing education had been collecting unnecessary date of birth, driver license, and Social Security information from its members, everything a hacker would need to commit fraud. When this was called to the CEO’s attention and he confronted his membership director about it, he was told that it seemed like a good idea to collect as much information as possible. “There was no legitimate purpose for collecting the information in the first place. The lesson for professionals is that when someone asks you for private information, ask why. It’s probably either a bad guy or someone who means well but hasn’t thought through the consequences. Organizations have an obligation to take reasonable precautions to protect client data. If the worst happens, you may not be held legally liable, but I’d hate to be your shareholder.”
Lanterman also cautioned about the Internet of Things (IoT), that expanding network of physical devices like cars, HVAC systems, home appliances and public utilities that have their own IP addresses, providing a back door for hackers to enter a home or business without resistance. “We’re seeing these and other technologies being embraced by corporations and government agencies, but we need to remember that whenever we gain convenience, we lose some security.”
CFS does its share of using its expertise to foster community goodness. The company was recently retained to assist law enforcement with its efforts to prevent human trafficking during the 2018 Super Bowl festivities in Minneapolis. “The Nflis trying to be proactive, because wherever the game goes, prostitution follows. Women are often slaves being held under threat of violence or death. Our company will provide real-time forensics to investigators and law enforcement during the 10 days of Super Bowl celebrations, 24 hours a day. I’m very honored to be working with Pete Orput and the Washington County Attorney’s Office in this effort.”
There’s no doubt that Mark Lanterman knows his stuff, but he said his company is successful because he’s hired the best. “Everyone here is smarter than I am. To build a successful organization, you have to be choosy. You shouldn’t look at the short term. Hire people like you’re getting married; you’re adding family members. Our people here are our greatest strength. They care about the people we serve.”
Finally, Lanterman urges the old-fashioned notion of personal responsibility in this high-speed technological world. “No product, vendor or government can protect you. We have to protect ourselves. Usually, we are the weakest security link, and hackers take advantage of it. Embrace technology; it’s not going away. Don’t be afraid of it, but don’t be ignorant to the potential risks. Stay educated, and don’t delegate your security. You’ll be in a better position to make good decisions and leverage technology in the way it’s intended, without unintended risks.”
Simple Steps to Protect Employees, Clients & Shareholders:
- Slow Down: “Hackers need our help. They trick us into doing something by saying something like, ‘You’ve won a free iPad. Click here.’ When you click, you’re downloading malware that compromises data on your system. In my experience, most hackers are allergic to spellcheck. Read an email carefully. You’ll oft en find clues that it is not legitimate. There will also be a call to action with a sense of urgency. ‘You need to do this immediately.’ We’re so familiar with technology now, we do things almost without thinking. Slow down.”
- Have a password that is not password: ‘Nuf said.
- Put a clear, corporate acceptable use policy in place: “Companies should not allow comingling of personal and business data on company-issued laptops or cellphones. They should also have a policy against going to unseemly websites on corporate devices. This accounts for probably a third of all corporate breach cases. There should also be an enforced document retention policy.”
- Provide training: “The most important thing a company can do is train its employees. This past November, I trained the entire federal judiciary at the Federal Justice Center in Washington, D.C., including the U.S. Supreme Court. Education is important from the top down, and it must filter to everyone in an organization. We conduct about 100 sessions a year, not just for our customers, but also at events geared toward educating C-suite executives. Boards and C-suites are starting to take more notice of the importance of security in their organizations. It just takes one headline to destroy decades of goodwill with your customers.”
