ApplePodcasts | Google Podcasts | Spotify

Want to know what every hacker hopes you believe? “We’re small…nobody wants to hack us.” This is the #1 reason why people (companies) get hacked. They dismiss the importance of IT security because they’re only a “small business.” This is a lazy, irresponsible excuse.

One thing is for certain: NO ONE is immune to cybercrime. In fact, one in five small businesses fall victim to cybercrime and that number grows every year. Plus, half of all cyber-attacks are aimed at small businesses BECAUSE they make themselves low-hanging fruit with sloppy or nonexistent security protocols.

And one more critical point to ponder: If YOU aren’t giving IT security the attention it deserves, how do you think your CLIENTS would feel about that? If for no other reason, you need to do it to protect your clients’ data, even if the only information about them you store is an e-mail address. If YOUR system gets compromised, hackers will now have access to your CLIENTS’ e-mail and can use that for phishing scams and virus-laden spam. I’m sure your clients want you to be a good steward of their information and privacy, so stop lying to yourself and get serious about putting essential security practices in place.

 

Episode Show Notes:

  • In this episode we talk about this article by an info security magazine study.  In this study they show that 100% of law firms have been attacked or targeted between January - March of 2020. [2:30]
You are probably thinking "100%? That is B.S." right? Listen now...
  • In this study they are talking, specifically, about the Legal Industry is under attack. They make it sound like more so than anybody else. [3:40]
  • We could do our own study and show that EVERYBODY is under attack 100% of the time 
It is a matter of time before they get in, that’s the bigger point here.
Interesting statistics from this study: [4:07]
  • 15% of law firms were likely compromised (that’s a lot)
  • Nearly HALF of law firms had some other form of suspicious activity on their network.

 

[5:58] - Problem #1: 

  • The problem we face in security is that it is just rampant, the attacks are everywhere. They are automated. They are relatively easy to pull off.
[7:30] – Problem #2:
  • As a business owner (theoretically say I do not own an IT company or have any experience in IT). Maybe I own a law firm and I am the managing partner of the Law firm. Maybe I’m the primary doctor or physician at a local clinic. Maybe I own an accounting firm. I am the guy, I started it, I filed all the paperwork and my specialty is in my craft… How do I prevent a cyber-attack, Joe?

 

What to look for in IT support:

  •  Businesses operate on some pretty slim margins. So, when I’m out looking for tech support and 3 people show up at my door saying hey, we can all do the same thing, how do I choose? [8:20] 
Point #1: I as a business owner of any industry outside the IT world, I DON'T KNOW HOW to pick a good IT company.
Point #2: Just because I found a good IT company doesn’t necessarily mean I found somebody that knows anything about security.

Cyber Security is more of a specialty. Whereas IT consultants are kind of generalist – think of your family physician.

  • “Like Joe said in the beginning, statistics could be made up, could be manipulated, BUT Every time I look at the statistics it’s about 20% of businesses get hacked.”
  • I’ve seen it a bunch of different ways, but...The reality is, if you play the odds long enough, the real likelihood of some sort of a breach is probably approaching that dreaded 100%.

As a business owner, as a managing partner at a law firm, as the practice manager who is responsible for the clinic. When somebody gets hit, that falls on YOU. 

 
"The problem here like I said in the beginning, I don’t know how to vet an IT company, and I sure as hell don’t know how to vet a cyber security firm." [13:07]
 
[13:25] – Let’s say, we hired this firm to come and protect our company. If we were going to make sure they were doing their job properly, what should we be looking for? 
  • How do you vet an IT company if you don’t know anything about IT?
[14:00] - So let’s give them a formula:
  • NOTE: If you try to implement this yourself, that is flat stupid. Because you can’t. It is like me trying to do heart surgery myself. Please for the love of god don’t do that. 
The reason that we are going to lay this out is so you the listener can understand or hold your guy accountable because we don’t know how to pick them. We don’t know how to vet them, and we sure as hell don’t know how to hold them accountable. What do we really know about holding these guys accountable? [14:25]

 

At [14:57] we go through a basic checklist of what should be happening behind the scenes to protect a company:

Starting at the top:
  • We want to make sure they have strict policy on of use of company devices.
  • Procedures – have a document in place
  • Have some sort of regular training or education for employees for safest and best practices.
  • Ongoing education
  • Letting the client know if information has been compromised immediately.
  • You SHOULD have an incident response plan for if and WHEN you get hit. What are the proper procedures?
  • Constantly updating security and hiring digital security firm if needed.
  • Like we mentioned earlier, if you have an IT guy that’s great, but you NEED a security guy. 
You have got to have somebody or some entity that is looking out for security, that stays in on this, that is just living and breathing network security all the time. Like us!
  • If you were to be compromised: [18:05]
    • 1. There should be a policy and
    • 2. It should be enforced
We’ve got policies, procedures, ongoing training, what are some other things that might be maybe more on the technical side? [20:00]
  • Quick point about Two Factor Authentication: If your IT guy if your security guy isn’t talking to you and beating you up over Two Factor Authentication (2FA) then you probably better find a new one!
  • [20:40] – Here is a great litmus test: If you aren’t annoyed as hell at your IT company for all the security stuff and hoops you are jumping through…you better find a different one!
[21:45] – Justin’s sign off:
  • The stupid answer here is to not be prepared. To not be paying attention to this. To thinking that you are invulnerable.
  • To think that this isn’t going to happen to you is asinine I mean 100%
  • It is rare that we can say 100% on anything, but the fact that you are being actively targeted right now is 100%...
[22:30] – Go to www.mastercomputing.com/discovery and book a 10 minute call, and we will talk about this, we will create an ACTION PLAN for you.