In this episode of the Main Street Business Podcast, Mark J Kohler welcomes Rick Jordan, founder of ReachOut Technology, to discuss the ins and outs of cybersecurity and how small businesses can shield themselves from cyber threats.
Here's what you can look forward to in this episode:
Learn more from Rick Jordan: https://www.rickjordan.tv/
In this episode of the Main Street Business Podcast, Mark J Kohler welcomes Rick Jordan, founder of ReachOut Technology, to discuss the ins and outs of cybersecurity and how small businesses can shield themselves from cyber threats.
Here's what you can look forward to in this episode:
Learn more from Rick Jordan: https://www.rickjordan.tv/
Welcome to another episode of the Main Street Business podcast, where I have the honor and the pleasure of interviewing Rick Jordan, a leading authority on cybersecurity and digital protection. As a consultant to the White House and the founder of Reach Out Technology, Rick has dedicated his career to safeguarding Americans and business owners against cybercrime. Rick also has a best selling book, two compelling documentaries, a national speaking platform, and a top rated podcast. All in. Join us as we dive into the world of cybersecurity with Rick Jordan. Well, Rick, thanks for being here. It is an honor, and I know my guests are going to benefit from this. I'm taking notes myself. Excited to have you here.
Rick Jordan:Awesome. What's shaking? I'm very grateful to be here. This is gonna be a good combo today.
Mark J Kohler:Well, people don't realize how valuable your information. I mean, I'm a tax guy. I'm saving money, protecting assets. But, dude, you're on the front lines. Cybersecurity. So cool.
Rick Jordan:Yeah, it's a. As were talking backstage, you were even talking about enrolled agents. You know, that's something that I know coming up here soon. This is like the grace year I see for enrolled agents, because now I believe it's. I can't remember the form, but there's a self certification that you have specific cybersecurity controls in place for enrolled agents. The form escapes me. Was just talking about this with my team the other day. As an enrolled agent. Now, you have to self certify that you have specific cybersecurity metrics that are in place every single year because there's a form. Correct me if I'm wrong, there's a form you file with the IR's every single year as an enrolled agent. And now it's going to be a little checkbox that says, yes, I'm protected.
Mark J Kohler:Well, we've got to talk, because I'm talking to hundreds, if not thousands of enrolled agents on a regular basis who want to be on the cutting edge. Yeah, we're going to have to talk about that. Well, one of my first questions, if I may, just as we get going here, is how did you get into cybersecurity? Like, what? What was your background, and how did you get led to this? You're passionate about it. We love what you're doing in that area. How did that happen?
Rick Jordan:Well, it goes back to when I was a teenager and I wanted to be a cop for real. I was, That was kind of the route I was going to take as a career choice. It's funny. I was on somebody else's show the other day, and they're like, well, you have that cop vibe to you. I'm like, what is it? Like, is it the hair or something? Like, yeah, it's kind of the hair. I'm like, but now I'm a cool tech CEO of a public company. I'm a speaker. You know, I go on tv all the time, and it's like, I do this really one because it's modern and hip, but also it eliminates the grays, so nobody sees the grays.
Mark J Kohler:You look ten years younger.
Rick Jordan:Thank you. Thank you very much. Yeah, I know. That's how it rolls. But when I was going to join the marines, that was my thought. And the marines was, I wanted to, yes, do something awesome for my country, because I value everybody who serves in their military. I also saw it as a milestone, kind of like a jumping off point, because you could do that for four years on a tour, maybe military police, then you'd have your ticket into any state law enforcement agency. And when I was going through that, they declined me because of a medical history of asthma. But I had already been a police cadet. You know, I didn't want to go to college and ever wanted to. I actually went for two weeks, and then I was like, screw this. I'm out. And that was my route in order to get into the judicial system, you know, criminal justice without having to have a degree. And my buddy, who was a marine, I love going back to this. He was like a family friend, like big brother, big sister kind of thing. And he had said, you wouldn't have made a good marine. And he was a Marine, retired marine. And I'm like, why is that dude? He's like, cause you always ask the question why? It's like, if somebody tells you to go attack that Hill, you know, you're not gonna just go up there and do what you need to do as a good soldier. You'd be like, why isn't there a better method? I can already think of, like, five or six different strategies that are better than yours. Lieutenants.
Mark J Kohler:Yeah, that's not gonna fly.
Rick Jordan:Exactly. Right on. But I still carry that today because, I mean, that's. I like that. I like the. What happens after, what happens next. It's something I've always taken on. So security kind of falls into that, you know? And I think back to 2014, when I. When I really realized, damn, I'm in cybersecurity now, because it goes back before then. I mean, I did servers and. And computer rollouts to Merrill lynch and I would find security flaws in their network back in like, 1999, 2000, as a very green 18 year old just learning the industry. But even before then, dude, it was business because I was a store manager at a Radio shack when I was 18 years old. I credit to this day because now I'm a. It's a public company, and I'm doing roll ups, right? Little companies, making it one big nationwide brand. I learned how to read a p and l when I was in Radio Shack as a store manager, was 18 years old. They would train you like, this is your store. I was the youngest store manager at Radio Shack at the time. Three days after my birthday, they promoted me, gave me a million dollar store and said, you've been trained. You could control everything. I mean, all the way from obviously top line, but then you controlled your cost of goods, you controlled your expenses, because you controlled your inventory, your ordering, your payroll, the rent, you could negotiate. It was almost like even though it was corporate owned, you ran it like a franchise. And all that you were bonus on was profitability. So you could run it any way you wanted to. And as long as it was profitable, you got extra cash. It was all the way back to then, man. People are like, how are you so good? You're a tech, you're an engineer. I'm like, really? I was business first, and even before then, I was sales because I worked at McDonald's. It's like, hey, do you want fries with that? That's the best upsell question in the world. So now it's getting into security. After I got out of Radio Shack, you know, I had an aptitude. I was good at tech. I could do it. But it's something like, who was it? I think it was like Mike Rowe, right? Dirty jobs. I heard him speak one time. He's like, I found something I was good at. Then I learned to love it, and I got rich. Like, that resonates with me because I was good at tech, but it was more. So what can tech do for people? What's the outcome? Because if you talk to engineers, they geek out. And rightfully so. I'm glad I have these people in my company, dude, because it's like the shiny object, the coding, the scripting, all the different rules in a firewall. It's awesome that they just, like, dive in and they get off on those things. For me, it's like I'm sitting. It's like, well, what's that going to do for me if that's going to put this protection around me? So nobody can come in and siphon 200k out of my bank account. That's really my outcome, right? If I can do some kind of risk mitigation, because that's really what cybersecurity is. I mean, for all the cpas that are listening, risk mitigation is one of the biggest primary responsibilities of a CFO. So cyber really falls underneath that. And then, of course, that translates into the financials. How do we protect what the company has from a financial perspective? Assets. It all ties together, man. So 2014 is when I first realized, because I could build the servers, I could build the networks, program the firewalls, and then I got a call New Year's Eve. I actually have this today because I'm getting over a cold. So I've got scotch right here. It clears my throat a bit while I'm talking like this. I'm a big McAllen fan, brother. Big McCallan. It was a lawyer, actually, who got me into single malts about eleven years ago.
Mark J Kohler:Leave it to a lawyer to get you some sort of substance abuse going, for sure.
Rick Jordan:It was great. I was. I was at. It was a sales engagement with him, right? I'm in there and I'm like, the company's only three years old now. It's 14 years old, you know, and it's a big deal that I'm selling, you know, for me, it was like, at that time, I was like, one hundred k a year, which was a big deal at that time. And I'm like, yeah. And then when we do this, I'm gonna bring in a bottle of Johnny Walker Blue. I was just pulling something out of my ass when I said that, because I knew that was quote unquote, good scotch, you know, whatever. And he looks at me, he's like, oh, no, we're not doing that. And in the, in that moment, I mean, what was that? Yeah, so eleven years ago, I'm only 33 at that time. And here's a seasoned attorney in his sixties, you know, a very commanding gentleman. I mean, the guy takes on amazing personal injury cases, you know, still a client to this day, by the way, and it's because of this moment, for real. And he's like, oh, no, we're not. I'm like, what do you mean? He's like, there's no blended scotch here. We don't allow that crap into our office. Like, what? He's like, only single malts? And then that point, I felt so green and so much of a noob. I'm like, what is he talking about, you know, so I go out and look at it, and it's like, well, sure enough, it's like, then I dove into it. I had Glenlivet 18 as my first one. You know, I still like Glenn. Livid dude. But McCallum's the best. I know I'm chasing a squirrel on this, but it's a. It's a good story, especially for lawyers and cpas, right? Like, this is why he said, no blended scotch now. I mean, it's. It's great because it's. This is McAllen. This is McAllen 15 I've got in front of me. It's a good everyday having these. I was having a couple drinks on New Year's Eve, and my number two, who actually is still with us, he's been here 13 years now. He was employee number two in the company. Name's Ryan. He calls me up, and he's like, I think there's some bad actors in one of our client systems right now. I'm like, what do you mean? He's like, we're getting a lot of weird traffic in 2014. That's ten years ago. Cybersecurity is still not a big thing in 2014. I'm like, okay, well, let's go look. And sure enough, this is the strategy stuff that I was talking about that I love to see. I can always see what happens after what happens next. And I'm looking at where this is coming from, and sure enough, we're seeing traffic coming from China. And it's like, we shut it down because this client of ours has 14 international patents. So they were after intellectual property. It was a legit attack, and, I mean, tens of millions of dollars to them. You really like his lifelong work that was at risk on this. We shut that down, you know, from. From that IP segment, that IP address segment. For people who aren't, who are listening, an IP address is really kind of like your street address on the Internet. It shows that I'm in Chicago right now, right? If it comes from here, you know, it just locates where your system is on this big, wide web. If you think of it as, like, a neighborhood, we shut that down, and then it bounces to, like, Syria, and now there's an attack from there. I'm like, what is happening here? So, like, right in the thick of it. And then understanding the strategy from years ago with Merrill lynch, I'm talking, like, 14 years ago, and seeing how the networks were designed, because I had certifications on top of certifications at this point. And I start to think it's like where are they going to go next? Because you could see that they were just bouncing around different points in the world and we had to stay at least two steps ahead of them and start to think where they were going to go next to block these connections. So it's probably about 45 minutes, six drinks in because it was New Year's Eve and we're fighting hackers in China for one of our clients. And it's like there's got to be a frickin better way. There's got to be a way to automate this stuff. So then we started to figure out after that, put procedures in place before these systems were automated. It's like what countries do we need to block by default for all of our customers because we don't want to go through this again. And it's always been that proactive step to continue to provide that protection because it's a push and pull man, when it comes to hackers, to bad actors. And that was a real scenario. Nowadays there's different motives, right? Because nowadays it's more like e crime groups that'll do something like this and try to get cash, ransomware, all of that. But back then it's like we talk about it being the stack in our industry, like this list of tools that will do these things from an automated stance. When it's like back then I like to speak on stage, I'm like, in 2014 I was the fucking stack. Wow.
Mark J Kohler:Well you and I have similar missions. You're there trying to help so many small business owners. Main Street America. What is the number one risk for that small business owner? They may not be doing tens of millions of dollars in transactions and be exposed to China, but there still is exposure. I know that cybersecurity is important for everyone. What do you see? The biggest risk for the average small business owner is with a website, you know, trying to do some e commerce maybe what's out there.
Rick Jordan:E commerce is fairly safe because most of those systems have everything in place as they need to already. Especially theyre hosting like Shopify or whatever else. When you get into the big set, when theyre doing tens of millions, its a different scenario. But the small ones are mostly protected. For ecomm. What you have to look out for is the human aspect because the biggest risk still to this day is phishing. And thats when even if youre doing a million dollars, I mean as a CPA firm you probably have a couple of people on staff, so well just call him Bob if theres a Bob listening sorry, Bob. I always pick on Bob. There's always a bob in every company, no matter how big or small.
Mark J Kohler:That's true.
Rick Jordan:That will click on anything. Jeff. Yes. And so when it comes in and they'll see this, like, this is a real example that I've seen before. Chick fil a sends a marketing email, or at least it looks like Chick fil a because we've got our new spring lemonade coming around. It's like strawberry ink or something like that, you know, and like, cool, I need to go there. So then you click on the link to get this coupon. I'm doing air quotes. If people aren't watching this on video to get this coupon, and it says, hey, sign in with Google or sign in with Microsoft to get this. And they'll do that. And it looks like a Microsoft page. It's not, though. It's a fictitious page that now just captured your real email address and password. And most of the time when these come in at work on a work computer or work assets, they're using their work email address to get that password. And if it's somebody who has privileged access to systems, to files, to data, now, those hackers have the keys to the kingdom. They don't have to spend a lot of money. So, like, the same legitimate emails, you get to, like, raise your testosterone, right? That's what these hackers are using. They're using social engineering methods to get people to just straight up give them, without delay, willingly, their usernames and passwords, they save that, like, all the. All the research and development for e crime. You know, it's legit to where they're trying to brute force their way into a system. They save that stuff, man, for, like, Putin's laptop for real, because there's a much bigger payoff. But they can have these swaths over, and then when they get in, they have a foothold. They stay there for a while, they monitor emails and be like, oh, this person's, you know, as a CPA firm, they just invoice ten grand to a steel company that's a client. They'll send out an email from that person's email account saying, hey, we have new wiring information or new Ach payment information. And that's how money gets diverted to a different account, rather to that small business owner. What do you do? You throw up your hands. Customers saying, I sent it to you. You're saying, I never received it. And they can provide transaction proof from their bank that they actually did pay it. Where do you go from there, because now it makes you look like the dummy that you got as a CPA.
Mark J Kohler:So the takeaway is obviously, and we've done some trainings in our firms.
Rick Jordan:Yeah.
Mark J Kohler:Where we go through it over and over again every year, every six months, we have that reminder in a staff meeting, don't open anything, don't click on anything and what phishing emails are about. But if business owners didn't realize what they're really trying to do is access your customer information, credit card information, anything they can do to divert funds. And it doesn't have to be like a national secret or anything, not only trying to get credit cards.
Rick Jordan:Yeah, a lot of this stuff is automated. So these e crime groups, I mean, with AI as well, they're getting better at writing these emails so they look more real. It's. I used to think it's like, if anything starts with please kindly, this was part of our training. If the. If the. If the word. The copy starts with please kindly relay, you know, or what the word kindly, I'm like, that's indian. Because that's overseas. That's how, that's how they speak, like, when it comes to, well, type anyways, you know, and then you start to see some other grammar errors and all that. I'm sure you remember that from years ago. Yeah, you could tell just from the grammar errors. A lot of people would still skip over that. But now with AI linguistic language models like chat, GBT and others that are out there like Bard and Gemini, it's writing it for them in perfect grammar. So it's a little more difficult to spot these things and they can do it en masse. Wow.
Mark J Kohler:So what are you doing at reach out technology, the company that is impacting so many small business owners, what are some of the services you're providing? And this isn't to be an infomercial, like, I literally am. Like, what does your company do to help that small business owner, other than educate your employees not to be dumb and click on things?
Rick Jordan:Yeah, that's a bit. That is a big part of it. But then tech comes into play. We call it layers. I mean, if you want to look at it as a cake, and for anyone that's listening, that works with an MSP is what they're called, managed service providers. You want to make sure that they have some basics in place. If they're not offering things like two factor authentication, which a lot of use these days, but if they're not offering that for your business systems, go somewhere else. If they're not offering something that's called EDR, which is endpoint detection and response, and then MdR, which is managed detection and response. That's next generation antivirus that actually uses behavioral analysis, artificial intelligence, to examine what's happening with someone who might try to get on your network. Can I give you an example? It's a. It's very simple this way. Before, you used to open a PDF, right? And I'm sure you don't deal with PDF's or word docs at all, being a lawyer or cpu.
Mark J Kohler:Oh, not at all.
Rick Jordan:Yeah, I was joking with one of mine the other day. He's our. He's our securities attorney. And I'm like, dude, I sent him a Google Doc, and he's like, did you send it to me in word? I love him. His name's Matt, right? And I like, what are you talking about? Because he's working through our filings, our certificates of designation for the shares. We just went public. All of these funny things, and he's like, I don't really know Google too well. I'm like, what do you tell? He's like, it's us lawyers, man. I'm like, legit. Because the red lines and everything. It's like, I get it. It's actually more difficult to do in Google than it is in Microsoft. I understand, but it's.
Mark J Kohler:And, Rick, last year I was working with an attorney that said, catch this. Can you send that to me in word? Perfect. I was like, what do I need to go to? Ask jeeves.
Rick Jordan:Yeah. For real? That's great.
Mark J Kohler:Unbelievable.
Rick Jordan:That's fantastic. So PDF's and word documents. Exactly before viruses, right? Or they used to. It was a fingerprint, right? And your fingerprint, I mean, unless you burn your finger off, it's the same. It's always the same. That's how you identify yourself. That used to be how viruses and all these things existed, where it was a fingerprint based. So if it was on your computer, if it's on my computer, that virus that was in that PDF or that word doc, it looked the same all across the board. They'd scan it. See? Okay, well, this is a virus. This is not a virus. The fingerprint matches. Now, it differs from computer to computer. It mutates very similar to, like, a pathogen in your body. But now the behavioral analysis is what the artificial intelligence takes over. So if you open a PDF or a word doc, and all of a sudden that PDF starts to contact Russia or starts to look for other computers on the network that you have inside your office. Exactly. And it doesn't do it immediately because this is machine learning. Sometimes it can take a look at like the contents of that and be like, okay, maybe this is normal, you know, but a lot of times it'll look at those behaviors and be like, this is abnormal, I need to shut it down. And then it raises a flag for a human being to look at because there might be legitimacy to what that file is trying to do. That's the, that's the EDR point is the artificial intelligence looks at the detection and response within that PDF to see what it's doing. Then the managed detection response is when a human from reach out jumps in and analyzes what happened, you know, to see if that's legitimate or not.
Mark J Kohler:So if I can restate the first line of defense that your company is constantly teaching is the human response of good practical skills. And don't click on email and sending documents and all that. The second level is based on the complexity of your client. You'll add some layers of this virus software, like you said, next level that's using AI to kind of just see what's coming into your emails, what's being opened, what's being used and sent, and seeing if there's this mutated type of hack that can evolve in your software is trying to stay one step ahead of them and alert you when there's a bad document in your small business.
Rick Jordan:You got it.
Mark J Kohler:How you summarize that, probably, yeah, that's.
Rick Jordan:A great way to talk about that layer. And I can zoom out a little bit too because there's over 30 different layers that we use. I gave you just one. So other things like manage firewall. And that's when it's like, when I speak on stage, it's like, how many layers are you guys using in the industry? And it's like, keep your hand up. If you've got five, you know, in almost every hand in the room. Like, keep your hand up. If you have ten, half the room goes down. Keep your hand up if you got 15. Now there's like ten people. I'm like, how about 20? In a room full about 500 people in my industry, for real, how about 20? And now it's like, no, hands are up. And I'm like, I'll keep mine up. How about 25? How about 30? You know, and at the time it was like, how about 34? That's what reach out has. And the reason is because there's so many different ways that these bad actors can get in. You have to cover all of these angles. So it's how protected do you want to be? I like to make the joke. It's like, do you want to be the condom of cybersecurity? You know, only 72% effective. Something can still get through while nothing's completely protected. We want to make sure that, yeah, we have the protective nature in place for anything that might happen. And if something still gets through, we still have the humans on the back end to take action because at mostll be like, yeah, well throw the software on. But then what were really good at is making sure that it doesnt go far, you know, so if something happens, its like the longest any of our clients have been down has been 2 hours. And thats the difference. If you have only a couple of those layers, right. Youre only covering a few of those holes. Weve taken on clients that have been down for two weeks, a month, two months. Look at the municipality of Dallas. Right. A few months ago it was sometime last year that was down for so long from ransomware. It's because they didn't have the reactivity put in place to where they could recover fast. So it's still, there's still stuff on both sides of the spectrum, proactive and reactive, that have to exist.
Mark J Kohler:Well, where does a small business owner start? With a cost benefit analysis even? What should they expect to at least start with and spend, or then ratchet it up based on the level of information they're protecting?
Rick Jordan:I love how you look at it that way, because it's one of the salespeople in my company. We're launching a new bundle coming up soon to where it's kind of the basics. We might call it the fast track or something. I don't know the branding yet, but it's the essentials and it really fits kind of two segments. It'll fit the companies that have internal it because it's the white elephant in the room. It's a competency that they don't have. They don't have the cybersecurity competency. They can fix printers all day long, servers, whatever, but they don't know how to protect anything. We give them this nice little box of stuff in a bow to say, here you go, you know, and then we'll monitor, we'll feed back information to them. It also fits the micro business segments because it allows them to obtain or check off the boxes for cyber liability insurance, you know, at a price point that's more of like a commodity. Once you reach about 20 people, maybe 15 in your company, then you have to look at the full solutions that I've been talking about, you know, to where it covers everything. Because, let's be real, this shit's expensive. And that's one reason why most, you know, if you're not big. And that's one reason I went public, man. It's like the financial accessibility to this stuff. The bar set really high. That's why enterprises have budgets and they can afford it. You know, even for other it providers are like, this stuff's too expensive for me to buy, to resell to my customers, and then not to even mention the skillset to use it. We've figured that out. We've invested time and money into this. We've grown big, which is why we can utilize all this stuff. So for the small business, there's a list of, you know, five or six things, and I'm happy to share that with the listeners and the viewers, too, man. These are the basics that you need. This will actually even allow you to be underwritten cyber liability, which, by the way, is now becoming part of general liability. So a lot of, I'm starting to see a lot of insurance carriers that won't even underwrite a policy just in general liability if you don't have these controls in place, because they see five.
Mark J Kohler:I want to write these down, these five things every small business owner should begin with. And then we've got to talk about this essentials that you're going to be rolling out at.
Rick Jordan:It's inexpensive. It starts with like 60 or $70 a month person, you know, because it's a bundle of these. It's affordable, you know, versus, like our full blown reach out one is like $600 a person. And that's everything. That's all those layers that I was talking about, you know, but when it comes to a company that's doing $10 million in business, you know, you have to. You absolutely have to. Or, you know, even beyond that is compliance. Like a steel fabricator, you know, you think, okay, it's manufacturing, but if they're making aircraft carrier parts for the Department of Defense now, they have to. It's. It's a different level of compliance they have to have for cybersecurity, you know, and that ends up being like $800 a seat, you know, but for 35 million in revenue spending that, I think it's around six hundred k a year or something like that. For that amount, it becomes an expense that you need in order to continue to have the revenue you have. It's just a requirement, but yeah, I'll pull it up. I'm actually pulling up a Google sheet right now.
Mark J Kohler:Oh, I love it.
Rick Jordan:Google? No, Microsoft. But this is in the works right now. I'm giving you good information, right?
Mark J Kohler:No, I'd love it.
Rick Jordan:Yeah. The very basics are this is in order to have the capability being underwritten with most carriers now, dark web scanning and monitoring to make sure if your stuff's out there or not, you know, usernames, passwords, bank accounts. If it's on the dark web, training, which is phishing training, and it's, when I say training, it's also simulations. What happens is that these apps will actually send out emails, fake emails to your entire company. Even if it's five people, it'll grade people, you know, on their likelihood to be the person. It's pretty bad. Like here's your weakest link, you know, here's your bob.
Mark J Kohler:I love it.
Rick Jordan:But then you can hone in on a couple people to be like, okay, you need a little more education here. Here's why, you know, and it's quite literally your job and everybody else's jobs depend on it. Then also there's email protection, right? The usual stuff, spam, viruses, all of that. The stuff that's been around for years. Then there has to be. This one's interesting. Whether it monitors Google or Microsoft, this detects fictitious logins from different countries so it alerts you, I don't have a name to call this yet, but what it'll do is it monitors the logs of either Microsoft, which is outlook. Right. Your email, or Google, and will alert you if there's somebody trying to log in from a country where they shouldn't be. So it's monitoring for these bad actor logins from different places to make sure that it's legitimate or not because you might have people that are traveling, you know, in Canada or Mexico or even overseas from your company, you know, so it's like, is this legitimate? And warns you of that is most of these. Now it'll also come from specific ip address within the United States because now they've gotten smart. Remember my story? I was bouncing around to different countries. Well, now they're smart because they'll vpn into the United States, into a data center and it'll look like that traffic's coming right from Texas or California and that's where this login attempt is from. But this maintains a list of things to see if that's bad. It traces it back to the source.
Mark J Kohler:Wow. All right, so we've got dark web scanning and monitoring.
Rick Jordan:Bingo.
Mark J Kohler:Then the phishing training, email protection, and then software for fictitious logins.
Rick Jordan:And number five, and the last is EDR that we talked about already, endpoint detection and response, which is the AI.
Mark J Kohler:Wow, I love this. We'll make sure we have a link down in the description, everyone, for you to check out this service and package and everything. It's just the reason why, again, this is so important to share is so many small business owners don't know where to turn, and they get. It's. It's almost like a scam to try to get help with cybersecurity security, for sure. Get out there, think they're buying good cybersecurity protection, and they really aren't.
Rick Jordan:You can get these from real. Anybody who's an MSP as long as they can afford to buy this stuff and resell it. You know, that's a, that's the, that's a downside, because it's like the small shops, man. Like the one in two man shops, which I know it because I started there. It was literally just me when I started the company 14 years ago, and times have changed. It's like, this stuff is expensive, especially when you're doing en masse. And unfortunately, consumers or businesses cannot go direct to the source on these things, which is also a reason for the difficult financial accessibility, like the EDR, if you go straight to the source. Sentinel one is a. They're a public company. You can look them up. Right. They're. They're one of the biggest providers and they're one of the best. Same with carbon Black. We use Sentinel one in our stack because they are one of the best. The minimum license count to buy directly from them is 2000. 502,500 licenses. Yeah. So it's like, obviously a small business can do that. A small MSP won't even do that.
Mark J Kohler:Well, one other thing I've heard, and I wanted you to confirm for me, if you don't mind.
Rick Jordan:And it kind of.
Mark J Kohler:It goes back to the. The tv show Mister robot with Elliot. It's crazy show, because it seemed so far fetched. But I've heard that one of the biggest enemies are ourselves. Like, we. We may implement some cybersecurity protocol, maybe not, but then we go to Starbucks the next day, sit down, get on an open network, and start playing around, and we just blew out all of our cybersecurity protection jumping on Wi Fi. Is that true? What's your recommendations in that? Should you ever get on open Wi Fi or not.
Rick Jordan:I will say, it's not a complicated answer, but I kind of put a dividing line because I will go to Starbucks and get on an open network. But when I go to Starbucks to get on an open network, I might be booking myself a flight somewhere. What I won't do is I won't open up Chase bank or Bank of America because that. And I'll use different passwords, different randomized passwords for different things, using a password manager. You know, I actually have a pretty basic one for Netflix because I don't care if my Netflix account gets hacked. Who cares? Somebody's going to watch, I don't know, breaking bad or whatever on me. Go for it. Have a good time. Yeah, exactly. I use basic generic passwords for those because my kids share it. Everything else, whatever. But don't access information that you don't want out there. Sensitive information. When you're on a public Wi Fi network, an open network, what you can do is you can either hotspot from your phone, is this is secure, or you can use a VPN, one of those two things.
Mark J Kohler:And do you have that? I'm sure as a cybersecurity specialist, you have to know your enemy and their techniques. I mean, theoretically, if I jumped on an open wifi network, could you pop up right next to me like Mister robot and go, boom, I'm just going to look right into your computer and look at wherever. Is it that easy for a hacker to do?
Rick Jordan:It is. There's a device that you need that happens at a lot of Starbucks and coffee shops these days. It's interestingly called a pineapple. I don't know why they've ever named it that way. Huh. Yeah. But it acts as an intermediary device. So if you go to. I think Starbucks is still provided by Google. Right, the Wi Fi there. And it'll say Google Starbucks. In the. In the Wi Fi name, you program the pineapple to act as a. As a bridge, which it'll connect to the real Starbucks open Wi Fi, and it'll broadcast under the same name. But when you open up your laptop, mark, and you connect to Google Starbucks, you're actually connecting to the pineapple. So every single bit of your password, every password you type, every website you go to, filter through this pineapple device for it to be recorded. You can't tell a difference because it also passes it on to the real Fi, the real Wifi, and then sends the website back. So it just looks like, as it normally would if that bad actor wasn't sitting there drinking a latte. Yeah, but if you use a phone, your hotspot on here, or you use a VPN, it puts a protective tunnel around that where they can't see inside.
Mark J Kohler:What just. What happened to the good old days where I just leave Starbucks and someone just holds me up by knife point?
Rick Jordan:Yeah, I know, right?
Mark J Kohler:I've learned my krav maga, you know, I'm doing a little and Liam Neeson training.
Rick Jordan:Well, I hear that still happens in Elgin, right?
Mark J Kohler:Yeah. Now it's like all complex. I gotta, like, you know, fight tech to tech.
Rick Jordan:Yep.
Mark J Kohler:You know?
Rick Jordan:Yeah.
Mark J Kohler:I'd rather get in the ring. Let's get in the ring.
Rick Jordan:I know. I feel you. I feel you. It's funny.
Mark J Kohler:Wow.
Rick Jordan:Yeah.
Mark J Kohler:Well, one last.
Rick Jordan:If you could.
Mark J Kohler:If you had what you do, you've got thousands of small business owners watching this interview. If there's one thing you could tell them, just please do this. You don't know how dangerous it is out there. If this is your warning shot, there's one thing you want them to hear. What would it be?
Rick Jordan:Yep. Two things, really. Multifactor authentication. You can enable it on almost everything. Your bank accounts, Google, Microsoft.
Mark J Kohler:I hate multi factor.
Rick Jordan:Everybody hates it. I get it. I hate it too. I hate it too. But it's a. It's one of the best things to protect yourself because nobody else has this in their possession. You know, it's something, you know. Plus something you have. You know, it's very difficult for somebody to steal your phone and your password.
Mark J Kohler:At the same time unless they're a teenager living in.
Rick Jordan:Very true. Yeah. Oh, man. The second is freeze your credit reports. It's stupid simple, you know, that protects you against identity theft. And if you need to go buy a new mercedes or something like that, you can just easily tap and unfreeze from an app on your phone. That way nobody can.
Mark J Kohler:I want to get number one, you said use multifactor authentication wherever you can. And then number two, freeze your credit report.
Rick Jordan:Bingo. You got it, huh? Okay. Makes it very difficult for bad actors to get into everything that you have and also keeps that layer of protection so nobody can open up an account in your name.
Mark J Kohler:And then for business owners, what? One third tip there, like the business owner with employees and data, I guess it's implement something. Training, at least.
Rick Jordan:Yep. Training is a big one. I mean, the six things that I gave you, that's kind of the baseline these days. There's. There's no one thing that's going to protect you. You know, it used to be. You could go down to best buy and pick up Norton. You know that. That's not the days of protection anymore.
Mark J Kohler:You know, I just want an easy button.
Rick Jordan:Yeah, I do, too, Rick. Come on.
Mark J Kohler:Everybody asks me, Mark, what's the one thing to save? Taxes?
Rick Jordan:Well, yeah. Right on. Yep. My easy button is, I say easy, let me buy you. Oh, my gosh.
Mark J Kohler:Well, Rick, this has been a pleasure. I'm so grateful for what you're doing out there in.
Rick Jordan:Thank you, brother.
Mark J Kohler:Main street, America. We need people like you. And I want to continue to share your information with my followers because we don't have many places to turn for this that's reliable and trustworthy. And thank you so much for sharing these tips.
Rick Jordan:My pleasure. Thanks for having me.
Mark J Kohler:Well, we're going to send more people your way, too. Everyone, please get down below. Look at the description and all the links and the things that Rick has to offer. See if there's something that fits your small business, and you just cannot throw caution to the wind. Get on board, protect yourself, and keep living the dream. Thanks again, Rick.