Here’s the transcript from Ryan Grimes’ presentation:
Ryan G.: So anyway, we’re going to get into our presentation here.
Ryan G.: Let me go back.
Ryan G.: So I started off wanting to do something a little bit,
Ryan G.: You know, what you don’t know can hurt your business, but that’s a really negative thing and we’re trying not to be negative.
Ryan G.: This is cyber-security awareness month.
Ryan G.: So, what we did is we switched everything up and are presenting six tech tips to make your business stronger.
Ryan G.: A little bit about me.
Ryan G.: I’m the president of My IT Indy.
Ryan G.: If you scan the QR code with your phone up there, I’ll bring you to my contact page or you can download my contact or schedule a meeting or check out our YouTube or Facebook or or even sign up.
Ryan G.: It’s a service called Popple, and it’s an app on your phone.
Ryan G.: You can do a lot of these cool splash pages with, it’s really kind of changed how we market on platforms like this.
Ryan G.: So without further, any further ado, I will dive right in here.
Ryan G.: So, the first tip is use multifactor authentication and I know this is something that most people don’t know a whole lot about, so we’re going to explain it.
Ryan G.: Basically it’s when you are supposed to type in the password on a website and it pings your phone saying, is this really you or not?
Ryan G.: And your phone you go on your phone, you look at it and say well yeah, this is really me or no, I’m not in Russia right now, I really don’t.
Ryan G.: That’s not me, so let’s escalate this to our IT team or outsourced IT department and let’s see what’s going on. This is a big deal and I’ll tell you a little story about why you need this, so we had a, uh, a law firm that decided to part ways with us.
Ryan G.: There was a small firm in Illinois.
Ryan G.: And they said, you know, we are very educated individuals, that we are going to manage our technology on our own.
Ryan G.: I said OK, and I wish you the best of luck.
Ryan G.: And then we parted amicably and then about two years later, my old point of contact got ahold of me and said Ryan, we were phished and I was like, oh, that’s too bad. How much was the damage and they said, well, the cash damage was $50,000.
Ryan G.: And he said, but the ongoing damage to our reputation and ongoing, ironically enough, legal fees, are going to be over $100 – $150,000 mark.
Ryan G.: And I said, well, walk me through this.
Ryan G.: And what had happened was one of the principal attorneys I got an email saying ‘hey Mr Attorney, you need to reset your Microsoft password. Click here if you want to keep the same one.’ And he said, OK, that looks legitimate.
Ryan G.: He clicked on it.
Ryan G.: He typed in his password and it was game over.
Ryan G.: Because they did not have multifactor authentication enabled on their Microsoft tenant, they never got this little prompt you guys see on your screen here, so they were able to log into his email account from anywhere in the world.
Ryan G.: We don’t know exactly where it was breached from, but they had access to the principal attorney at about a 25-year-old law firm, unfettered for 10 days, and they waited.
Ryan G.: And, one of the other attorneys emailed him an invoice and said, hey, can you have Mrs Office manager pay this invoice? She’s authorized for up to $50,000 and he said sure, so he forwarded over the invoice to the office manager and she paid it: And then the phishing got crazy and the hacker sent impersonated the email address [email protected] but the from address was from the other attorney and sent him another invoice and said hey can you have Mrs Office manager pay this ASAP and so he said, sure and forwarded it on.
Ryan G.: Not knowing that that invoice was fake, so she paid the invoice out of their checking account. Because it’s an ACH wire and nobody noticed that it was a fraudulent invoice until about two or three weeks later when they were redoing, when they’re reconciling their books, and they had this invoice and nobody could account for, and the only one who had a record of it was the principal attorney.
Ryan G.: At that point, they tried to figure out what had happened and backtrace the whole affair, but at the end of the day, they’re out $50,000.
Ryan G.: They had no cyber security coverage to even help with that.
Ryan G.: They didn’t have multifactor authentication turned on, which is literally a checkbox.
Ryan G.: It’s required for all accounts and by not having that and not having a proper payment procedure in their business to authorize payments.
Ryan G.: So, if Mr Culp [for example] worked with me and got an invoice from me saying to pay it, it’s over a certain dollar amount, his first job should be to call me and to verify that I actually sent it.
Ryan G.: And those two things, by not being there, ended up costing them a lot of money, their reputation, and ultimately a lot of damage is ongoing because they now have to notify every single one of their clients that this happened to them.
Ryan G.: So, enable multi factor authentication, please and make your business stronger.
Ryan G.: The tip #2 is use Microsoft or Google for email. I know that there’s a lot of cheaper alternatives out there, but I’m going to say that these are the two strongest offerings.
Ryan G.: They have the most integrations, they can make your business better, but we constantly come into new prospects that have been using their cheap GoDaddy $10 a year email and what I’m going to tell you is that every penny you save by being on that email, you’re going to pay someone like me to migrate you off of it because that is, it’s a bad system.
Ryan G.: It doesn’t have a lot of the protections involved with a good email platform.
Ryan G.: It also does not have the integrations available for scheduling and calendaring.
Ryan G.: It also doesn’t give you any of the system syncing like with calendars and contacts and shared calendars.
Ryan G.: It doesn’t give you any of that, so yeah, you’re paying $10 a [year] for those cheap systems, but it’s costing you far more.
Ryan G.: And that’s really not what you want your business to be at.
Ryan G.: Tip #3 is know what you have, if you don’t, if you don’t know what you have for technology, how can you even protect it?
Ryan G.: So the first thing we do at a company is do a discovery and it’s a paid discovery because we dive deep into the technology that these businesses are using, including hardware.
Ryan G.: Hardware procurement.
Ryan G.: When they bought stuff, lifecycle management, licensing for any platforms you’re using, domains that you’re using, expiration dates, credit cards, all the painful stuff.
Ryan G.: And then we also go talk to your employees and ask them what their pain points are and if you don’t know what you have, you really can’t even come up with a plan forward for your business and protecting it.
Ryan G.: And that’s what we do.
Ryan G.: Is, you know, we really come in there and it’s, it’s kind of invasive because they’re asking painful questions. You know, just like your account or your attorney or your insurance agent are going to ask you about your business, but it helps you plan for success because we really show you how the path forward can be, and it sometimes doesn’t have to cost a whole lot.
Ryan G.: Tip #4 is plan for growth. Good technology will absolutely grow with you going back to point #2 about bad email – any bad platform, any cheap computers – any you know ’Hey, I bought my computer it was a 2.99 special at Office Depot, it’s running Windows 10 home. It’s got like a 10 gig hard drive and the two inch screen.
Ryan G.: Yeah, we call that a piece of garbage. Get good technology and it will absolutely grow with you.
Ryan G.: 1 of the things we did was, actually, I’ll get into that one next. So tip #5 is evolve and succeed, so going back to the good technology, if you’re not evolving your technology continually, you’re not going to be keeping up with current trends. Because remember about two years ago, when zoom and teams were just kind of not really, a thing that most people use.
Ryan G.: I mean, we’ve used it and people used to be offended when I’d say here’s my zoom link, schedule a meeting, now it’s built into my email signature because I just send that to people in every email and everyone just books meetings, but that’s evolved.
Ryan G.: You know, that really took, unfortunately, a global pandemic for, you know, for that technology to be adopted, but it really has changed how quickly businesses can operate.
Ryan G.: You know, working from anywhere / home.
Ryan G.: That’s also a thing. So, what we did was, we went to every single one of our contract clients back in January of 2019 and said, look, you’re going to have to close. We don’t know when.
Ryan G.: But, let’s take a look at all your technology and see what we see.
Ryan G.: What can work from anywhere and for the most part, most of them were OK.
Ryan G.: Uh, most tech forward companies like yeah, we don’t need to do anything.
Ryan G.: You’re already in the cloud for everything.
Ryan G.: You don’t really need to have any advice or change anything. You do like you’re. You’re ready to go. And sure, you know they actually never came back to the office. They’re a larger law firm of about 35 people and about 17 of them are in the office at any given point because they didn’t have to be.
Ryan G.: But they embrace cutting edge technology. They have zoom phones, voice over IP phones. They use cloud file sharing systems, they really just use all these pieces of technology that enable their businesses to work from anywhere and they don’t have to, they’re not beholden to their desk.
Ryan G.: We come into lots of clients and they’re just not prepared for this level of technology and the issue that they’re having is they can’t hire young talent, because if I was in my mid 20s, I really wouldn’t want to be tied to a desk and only able to work there.
Ryan G.: I’d want to be able to take my laptop and go work at home, or especially as a parent with kids if they’re home from sick for quarantine anything like that.
Ryan G.: I don’t have to take a sick day. I can pop open my laptop and keep working from home as if I’m sitting at my desk and that’s important. That’s the new way of doing business, and if you’re not doing that as much as possible, then you’re really losing out an opportunity.
Ryan G.: And the final thing – is I don’t know why this screenshot? Those pictures in there they got reused it accidentally – is strong company culture is top down and this isn’t really a tech tip, but one of the things we’ve noticed is that if the leadership of the business supports our operation and supports our manner of handling technology, then they are infinitely more successful than companies that think they know what you know.
Ryan G.: They know how to do our business and they try to do it themselves. Because we are the professionals.
Ryan G.: Like most people in this group, like you are the guru in your area, so if people aren’t listening to you in following directions, it’s kind of silly. They’re not going to be as effective.
Ryan G.: Some of the things that happen if you don’t have good technology is, people will find work arounds.
Ryan G.: So, we had one client fire an employee, not because of their working around the technology, but they ended up firing them. Well, they it turns out that their technology was so bad this person had set up a personal Drop Box account and was working out of it on production stuff and they let him go and he just deleted his drop box account and he lost all that data but they had bad systems in place before.
Ryan G.: So he was simply trying to work around them and to be more successful, which he was but at the end of the day ended up costing them a lot of money to recreate that, those files because he had just simply, they had vanished and they had no way to get them back.
Ryan G.: But that’s what happens when you don’t have a strong company culture embracing tech forwardness, which I don’t know if it is a word, but it is today and it didn’t underline on my thing, so I’m going with it.
Ryan G.: It really if you embrace technology at that level and get your employees to also embrace it and understand the importance of doing things this way, it really makes a business environment successful, and it makes it helps everyone work together and ultimately leads to business growth and efficiencies.
Ryan G.: So, at that point, are there any questions that people have?
Ryan G.: I’ve not been in zoom, so I apologize. I’ve been in my app that I’m using to share these things, so are there any questions?
Ryan G.: Did anyone see my presentation? ‘Cause I totally forgot to click it over.
Ryan G.: You did? OK, good.
Ryan G.: Yeah, it’s a third-party app I use so I’m just making sure that it’s all being transferred over.
Ryan G.: It’s been ironically, it’s been a tech nightmare today where my computer setup died and I had to replicate it real fast on some completely different hardware.
Ryan G.: So yeah, there are ways to hack MFA [multi-factor authentication].
Ryan G.: I totally understand that SIM cloning is a thing.
Ryan G.: MFA is the best thing we have right now.
Ryan G.: It’s the, it’s the best-worst answer to the situation that we have going on.
John: Hey Ryan, I have a quick question for you.
John: So, in the past I, right from the very get go, whenever you said use multi factor authentication and my experience with that in the past has been difficult to say the least and that’s because I’ve had phones where you know you set up two factor authentication or you have a bank account or something, and then if for any reason you forget that second password, especially when a lot of them just use a conglomeration of letters and numbers and it’s not something that is easy to remember.
John: Uhm, I end up breaking the phone or I have to go to the Apple Store and reset everything and it’s just, it’s just a pain in the tuchus honestly, a lot of times to use two factors, so with, with the time that I break the phone.
John: Now every time I see something that says two factor authentication I it’s like putting up a crucifix in front of a vampire, I run from it and I’m like no no no no no, I don’t want any of that.
John: ’cause I’m doing good to remember the 35 or 40 passwords I need for my day to day life as it is.
John: So for somebody like me who’s not super tech savvy, what do you recommend buddy?
Ryan G.: So, there’s a lot of different ways you can do it.
Ryan G.: A lot of times what you’ll see is that QR code you can scan with the phone, right?
Ryan G.: So, who do you use for your email platform, John?
John: Well, so we had Gmail, however, whenever we first set up the account, we wanted everything to look professional.
John: So we have a pop account.
John: So it’s [redacted]. However, I’ll be honest, I’ve gotten to where I don’t really give that out that much anymore because it drops into my Gmail.
John: And using Gmail is much more prevalent than it was whenever I started this 14 years ago.
John: So whenever, or longer than that, I guess.
John: But anyway, so a lot of times and I don’t know why, but on our website hosting from what I understand, it goes through our website hosting to go into our Gmail account.
John: It takes sometimes, it takes like an hour or two to get an email.
John: So, in order to make it expedient service and you know, especially if I’m on the phone with a vendor or customer service or something like that, I’ll just tell them my Gmail account.
Ryan G.: So, one of the things I’d say is you probably need to get that figured out and cleaned up because depending upon what you use Google and Microsoft for, they actually have their own authenticator apps that most multi factor authentication platforms will accept.
Ryan G.: Basically what it will say is it will give you a log in with Google or it will say you can have the Google Authenticator and it will pop up on the website. Be like a little QR code and you open the Google Authenticator app and you scan it, but I would never tie that to a personal Gmail account. I would tie that get your [domain] situated with Google first since you’re using, since you’re familiar with Gmail, I mean paid G suite is the same thing as Gmail in terms of functionality and the interface, so I would personally get that straightened out or we can talk about that offline.
Ryan G.: But what I would say to do is get your Google Authenticator App tied to your work Gmail account and then scan everything in there and it will say, hey what’s your password?
Ryan G.: And then you’d open the app and it would say oh it’s this but it also backs it up to your Google account.
Ryan G.: So if you get a new phone and you log back in, it will put those codes back on your device.
John: OK, thank you.
Ryan G.: Yep, uh, Michael asked me also, what about uh firewall appliance for an SMB so?
Ryan G.: In terms of an SMB, that’s a that’s a sliding scale, because technically the SBA classifieds any business as 499 employees or less as a small business, which is why you see such crazy skewed results with regarding small business loans and all that, so a firewall appliance absolutely you may not need, and they’re not that horribly expensive.
Ryan G.: I mean, it depends on what you’re doing for your business and how many people are at your office now.
Ryan G.: For instance, we had a client where they had 35 people at their office. Well, that’s a different level of appliance than say, 10 people at the office.
Ryan G.: The other issue we’re seeing is that with working from home, security has now been spread out to the computers themselves as being more important than protecting the network.
Ryan G.: Because if I’m working at Starbucks, that’s a different level of security than if I’m sitting there at the office where I can control the entire network infrastructure and what goes in and out.
Ryan G.: So the answer is yes very, but also security is a it’s a layered platform.
Ryan G.: It’s kind of like a seven-layer jello, right?
Ryan G.: It’s got all the different layers of all the stuff you need to put in there.
Ryan G.: You got to have computer security, gotta have phone security, you gotta have cloud security, gotta have network security and I hate to say it, but this stuff is not free.
Ryan G.: You should be paying every month for a lot of these things and I hate to say it because it, you know, as a bunch of business owners, we hate to hear that word.
Ryan G.: You gotta pay for something, but at the end of the, at the end of the day, like if I don’t change my oil, my car is not running right.
Ryan G.: You know it, it’s a lot of those things, you just have to accept that this is a cost of doing business.
Ryan G.: Now, we have a sliding scale of risk, so if you’re a law firm that deals with escrow account bank accounts with millions and millions of dollars in it, that’s a different level of risk than if you print T shirts.
Ryan G.: So, we have different levels of security for those clients simply because of compliance and what they need to deal with, and ultimately what their cyber security, their insurance policies dictate.
Ryan G.: Because Brian will go through all the, give them a 12-page questionnaire that they have to answer and then we figure out how to check all those boxes for them and make sure that they’re as safe as possible.
Ryan G.: If your VPN tunnel access and tunnel is good – kind of sort of.
Ryan G.: So VPN is great if you need to get into a remote network, but at the end of the day, if you don’t have anything protecting your end point, it doesn’t matter where you’re connected to. We had a case where, this is way back in the day before any of this stuff was really mainstream, they had, someone had downloaded and put their corporate Drop Box account on their home computer that was apparently being used by their kids to stream every terrible flash movie in the world back in the day and along the way they downloaded something bad and as soon as they put their corporate Drop Box account on there with 102 or 200 gig worth of data, it encrypted every single file in their corporate Drop Box account, which of course because the files had changed. Drop box goes. Hey, all these files have changed. We need to put them on everybody else’s computers too.
Ryan G.: So yes, it was not an ideal situation for anybody at that company, but that was before a lot of these things came into play, so it was really, one of the first attacks of that we even witnessed, so we definitely up our security game as well.
Ryan G.: So yes.
Ryan G.: Are there any other questions people have?
Ryan H.: Yeah Ryan, I have one for you, sure.
Ryan H. : So, what is your opinion of Office 365 for business as a cloud storage solution?
Ryan G.: For most verticals it’s great.
Ryan G.: If you deal a lot with Word and Excel and PowerPoint and those types of documents which a lot of businesses do, it’s a fantastic platform because you can Co-edit documents live with the applications on your computer, kind of like how Google treats their document management, but you can actually use the Microsoft Apps, it doesn’t matter if you’re on an iPad, a Mac, windows, it doesn’t care, and it’s really a great platform for that level of work. Now there are limitations to it, regarding the amount of files you can have in any Sharepoint site, which is kind of, it can be a little, it can be something to manage.
Ryan G.: Google is better about that.
Ryan G.: However, they have their own set of limitations.
Ryan G.: Which we’re not really a Google shop.
Ryan G.: We are strictly a Microsoft shop.
Ryan G.: I don’t care what computers you have Mac or Windows, iPhone doesn’t matter to us, but the back end of a lot of our business clients is all Microsoft.
Ryan G.: For most small businesses, it’s a fantastic platform. You can run into some limitations. There are also file naming limitations on it.
Ryan G.: You can’t have slashes or spaces before or after a name, so if you’ve been like, oh, I’m going to put a space at the beginning of this file so it’s at the top of the top of the list.
Ryan G.: Well, it will actually, it won’t sync that because Microsoft has deemed those characters as illegal and a slash in a filename typically means a folder, so it really gets confused about stuff like that and won’t sync it.
Ryan G.: But that stuff if you use a Mac or windows, the OneDrive Slash SharePoint client will tell you that you’re using illegal characters and it will help you fix them so that you’re going to be magically all better.
Ryan H. : So then, in addition to that, should you also be implementing additional backup solutions?
Ryan G.: Yes, the cloud is absolutely, positively not in any way shape or form a backup.
Ryan G.: Some of them offer versioning, which is kind of OK, but if someone deletes a file or someone deletes a folder and walks out and you don’t notice for 30 days like there’s no way to get that file back unless you enlist a third-party backup provider.
Ryan G.: We like a couple of them, but they are channel only, so they only go through people like us because we manage them for clients, but typically they’re unlimited in nature.
Ryan G.: They’ll backup SharePoint teams, any of your email contacts, Calendars, shared documents, uh, OneDrive, OneDrive for Business, OneDrive for SharePoint and it really makes for a great experience for when somebody does something bad because we have had that happen where somebody will delete everything and walk out the door and we’re like that’s cute.
Ryan G.: Here’s everything back, and here is the documentation showing that you deliberately tampered with company intellectual property and now it’s a police business and an FBI business on out, so.
Ryan G.: We’ve had those situations as well, but yes, you absolutely have to have backup for your cloud.
John: Hey Ryan, another thing that at our, at our shop we have a computer here at station one and another computer at station two and one thing I’ve been looking at like right now, it backs up to a to a, uh, a one terabyte or two terabyte hard drive. Every night it’s set up to do that.
John: But one thing I’ve been considering doing is putting basically a third tower in between the two stations so that they can both just connect into that and what I in my thought process for, this was basically if something happens where one tower goes out and bricks for some reason, then we can automatically tie into that third substation.
John: Do you think that’s a good idea or am I like doing it all wrong or what are your thoughts on that?
Ryan G.: Yeah, having a backup is always great, so when we do backups for clients, we do two stage backups. First stage is having the data sit on something else at the business, which sounds like what you’re doing now.
Ryan G.: The second stage is getting it up to the cloud because, let’s say God forbid a tornado comes through and takes out your place of business there. What are you going to do? You know you find a hard drive located in Hamilton County that if you know flew 100 miles off course? Well, that’s really not good business continuity. So we highly recommend stage backups, we’ve got some options there.
Ryan G.: Some of the backup solutions we have it takes images of your computers. It takes like a snapshot of it.
Ryan G.: So if you’re like, Oh my God, my computer just died, but what we can do is grab another computer and then boot off of a USB drive and then image it back so that it’s as of the last snapshot that it took of it, and it can really reduce the downtime.
Ryan G.: Uh, because that’s one area that’s the hardest to get a customer through is, you know, the bad thing happens, OK, what does it take to get back up and running?
Ryan G.: And how can we compress that as much as possible.
Ryan G.: Simple file backups, even to the cloud, can take days and days and days to download because the speeds are not great.
Ryan G.: So how do we get your business back up and running as quickly as possible.
Ryan G.: So, you’re on the right path, but I think that we should probably have a little conversation to make it so that you’re as protected as possible because you know this is your business, and if you can’t have your computer’s going, it really, you know it’s going to hurt you.
Speaker 3: Ryan, so you talked about someone, so someone gets ransomed, right?
Speaker 3: They have that, and that happened to them and you have to go in and do some of the forensic stuff. What kind of cost are you looking at to go in and do some of the forensics to either figure out the ransom or how long someone’s been there. What does that look like?
Ryan G.: It looks like the world’s longest nightmare, because you’re going to be down until this is figured out. So the first thing you’re going to do as a business that has any sort of ransomware is reach out to your IT guy, someone like me, and what I’m going to do is take a look at what’s happened. Look at the event.
Ryan G.: And then, depending upon the severity of it, we’re going to have to call your insurance agent and maybe get some experts in, because it’s that severe, we are great at a lot of the lower-level stuff, but if you have a massive breach going on across your enterprise, you’re going to need, like any of the hospitals that have happened, they’ve called in a national security companies to dive into the forensics and you’re looking at hundreds of thousands of dollars to get that level of technology you know, snooping and figuring it out because it’s a long hidden paper trail.
Ryan G.: It’s like trying to find the bread crumbs at Hansel and Gretel to get out of the forest and they’re just not there.
Ryan G.: So you gotta dig and dig and dig and try to figure out you know how to get that information back, and that’s actually beyond the scope of what we have had to deal with, but if you’re talking about like a computer gets encrypted, or you’re talking about, we’ve had clients get their email and you know get their email hijacked.
Ryan G.: That’s at least, you know, a couple thousand bucks just for those small incidents just to get back up and running because we’ve got to dive into there and scope everybody.
Ryan G.: If a 30-person company has one bad thing happen, we’ve got to go through all 30 accounts on whatever platform that is and make sure that they’re OK.
Ryan G.: So yeah, that’s a lot of money nobody wants to pay that money because that’s not covered under any managed service agreement you have with us unfortunately.
Speaker 3: But it is on your insurance policy, As long as you make sure it is.
Ryan G.: Yes, exactly, and that’s a Brian question and he will absolutely take care of you.
Ryan G.: I think I scared Jeanette away, she ran off.
Ryan H.: So Ryan, some last minute tips to offer folks if, for anyone in business walking away from this meeting today what’s something they need to do?
Ryan G.: Something to do now is when something offers you a multi factor authentication, please turn it on it.
Ryan G.: Either use the Microsoft app or the Google app depending upon what you use for email and get that going yesterday.
Ryan G.: The other thing is if you work for a larger company, ask to see, and it’s kind of a hard one, because if you work for really large company they may not tell you, but you know what you’re paying for technology.
Ryan G.: I mean, if you’re not paying a monthly ongoing thing for technology maintenance and some sort of IT security, on some level, you’re really doing yourself a disservice.
Ryan G.: You know we, we have numbers that we’d like to throw out there regarding what you should aim for, but you need to be paying something. You know, we have companies come and say, you know, we’re just not, you know, we haven’t paid for technology in 20 years. Why do I need it now?
Ryan G.: Like, well, you know you had a horse at one point, too, but now you got a car.
Ryan G.: And those cars take gas. You got to put money, you got to, you know, pay for that so.
Ryan G.: You know, we really try to help people evolve.
Ryan G.: And if you feel that your technology is frustrating, especially as an employee, that’s a huge indicator that something bad is going to happen because people are going to work around that frustration and not just deal with it.
Ryan H.: Does anyone have any other questions for Ryan?
Ryan H.: All right, well let’s give Ryan a hand for his presentation today.