U-R-G On the Go
An informative podcast for the United Recyclers Group. Each week we will feature an entertaining guest that will share their knowledge and information with you, providing you with tips and tools to help you become a more profitable business.
U-R-G On the Go
The Digital Fortress: Cyber Security for Auto Recyclers
Cyber criminals have significantly stepped up their game, with attacks costing businesses $22.5 billion in 2024 – a staggering increase from just $1 billion in 2022. For auto recycling yards, this presents a new frontier of security challenges that can't be solved with traditional measures like fences and security cameras.
VGM Forbin's Jeremy Heideman and Nick Gerrans join the URG On the Go podcast to break down what this means for recyclers of all sizes. Drawing on Jeremy's 14 years of experience working directly in an auto recycling yard, they provide a practical roadmap for protecting your business in the digital age.
The conversation shatters several dangerous myths, including the belief that small yards aren't targeted (they often are precisely because they typically have weaker security) and that basic antivirus software provides adequate protection. The experts detail how comprehensive security requires addressing three critical components: the human element through training, appropriate software implementation, and robust infrastructure.
One particularly eye-opening segment covers email security – revealing how free email accounts (Gmail, Yahoo) not only create significant security vulnerabilities but may be actively costing you business. When potential customers compare two similar service providers and one uses a professional domain-based email while the other uses a free account, the professional impression can be the deciding factor. Beyond appearance, business-grade email solutions provide essential security controls that free accounts simply can't match.
The experts also walk through practical steps any yard can implement immediately, from multi-factor authentication to incident response planning, while emphasizing that the investment in proper security measures is far less expensive than recovery from a successful attack. With server downtime directly impacting revenue in the fast-paced recycling industry, cybersecurity isn't just an IT issue – it's a core business concern.
Ready to strengthen your digital defenses? Visit forbincom or reach out directly to the experts featured in this episode at jeremyh@forbin.com or nickg@forbin.com to learn how they can help protect your yard from increasingly sophisticated cyber threats.
Welcome one and all to the URG On the Go podcast. You're there and we are here. This is your podcast. It's the true voice of the automotive recycling industry. It was created for the pros that have a need to know that are on the go. I'm DJ Harrington, better known as the cardiologist. I'm your co-host, but the real host of the program is the talented Amanda Morrison, who is director of member and vendor relationships for URG. Amanda, how are you this beautiful day?
Speaker 2:I'm doing great, dj. We had the flooding come close, unfortunately, here in Texas, but I'm praying for all the people that we lost here and everyone's recovering now and the efforts are going good. So, yeah, it's been a tough 4th of July weekend over here in Texas, but we're doing okay.
Speaker 1:Now I was on the URG Foundation Scholarship Board meeting this morning and they're in Georgetown and they were going through a tough time. How far are you from those waves that within 45 minutes got to be 30 feet tall?
Speaker 2:Yeah, it was actually about a football field away from me here at San Gabriel River. It wasn't too far from me. I wasn't in the worst of it. There were people across the river that ended up having to be evacuated, but we didn't have to be evacuated, so that was good. The major floods are about an hour away from us, so in Kerrville.
Speaker 1:Well, this will be a good one. You have a great company on and this will be one, so I'll turn it back over to you and I want to thank all of our 10,000 listeners. This has been a real success factor in this going on.
Speaker 2:So we're gonna hopefully be sharing this here on on multiple different avenues so people can listen and view and share and and like and please follow along with us. And it's great to see your face, dj, and it's great to see our guests face faces. And so today we've got VGM Forbin digital and IT here. We've got Jeremy Heideman and Nick Garin's here. Thank you guys so much for being on the podcast today.
Speaker 3:Thanks a lot. Thank you, looking forward to it.
Speaker 2:Awesome, so I wanted to try to get started. Can you give us a brief introduction of what VGM Forbin does for automotive recyclers and how you guys can be utilized?
Speaker 3:Yes, absolutely. Bgm Forbin is a division of our parent organization, BGM. Bgm does a whole. We're a member services organization that does a whole lot of things for a whole lot of different industries and customers throughout the country. Our Forbin division provides managed IT services for folks in a variety of different industries, including the healthcare industry and including the automotive industry. We got our start in the automotive industry on the retail side, servicing automotive dealerships and the larger auto groups in our area, and we have expanded and evolved into servicing now the auto recycling industry. So a lot of the same concepts and the same protocols that apply to the auto retail side we are applying to the auto recycling side with great results.
Speaker 2:Very cool, and so can you give a brief background in cybersecurity and how that plays into what you guys do?
Speaker 4:Yeah, sure. So you know, when it comes from a recycling standpoint in the past, yard owners are really good at fortifying their business from a recycling standpoint. Visit in the past, um, yard owners are really good at fortifying their business from a from a security standpoint, like building fences and putting up security cameras and that's really all they had to worry about. Um, in this day and age, it's it's it's gotten much more complicated and it's you know, protecting your network is now another hurdle that they have to overcome.
Speaker 4:I was looking up earlier some of the statistics of cyber attacks and one of the things that really jumped out to me and it said in 2022, there was $1 billion in cost in cyber attacks. Seems like a lot of money. That's grown substantially in the last couple of years and in 2024, it grew to 22.5 billion. So we've had a huge ramp up in cyber attacks in the last couple of years and it's gotten pretty serious. So you know the yard owner that's worried about you know somebody hopping the fence or stealing parts out of the warehouse is pretty minuscule compared to what they can do now from a cyber standpoint. So you know, fortifying your business is is a you know, internally on your network is a pretty important thing now.
Speaker 2:Yeah, and so that kind of goes into the that segment of you know. Can you explain fortifying your business means and why businesses should focus on that?
Speaker 4:Absolutely. Yeah, you know, fortifying it means you can't just leave things open, and we'll get into this. You know further as we get into the podcast here. But you can't just have just a willy-nilly approach to your cybersecurity. You have to have a plan going forward and there's some best practices that we'll run through as well. You have to have a plan going forward and there's there's some best practices that we'll run through as well. But you know, just thinking or just assuming that you have your bases covered on your network side and your email and a lot of the internal IT solutions, it's not good enough anymore. You have to have a plan. You have to have somebody that knows what's going on in your IT.
Speaker 3:And Amanda, think about it and your listeners think about it like this when we're talking about fortifying a business, think about it in kind of three different buckets. You need to have the human component, the person that can do it. You need to have the software in place to be able to do it, and you have to have the software in place to be able to do it. And you have to have the infrastructure in place. And, as Jeremy kind of alluded to, we can go into some of the greater details about what each of those components look like as we kind of proceed here.
Speaker 2:Awesome, okay, and so we kind of touched already so the internal security. Why is that so crucial of having it be internal in the business?
Speaker 3:When we're talking about internal security. This is where we're talking about the different bases that you have to cover, if you will. So I know that anybody that's run a computer or used a computer over the last 20 or 30 years, we all know phrases and terms like antivirus software or anti-spamware or anti-malware. These are all great things. They are still relevant, but what we found over the last several years is there's a lot of different, what the industry calls attack services, surf surfaces where for the lack of a better phrase the bad guys can get into. Not only is it computer viruses being transmitted from computer to computer, but there are now bad actors out there that are sending emails that look legit, like they're coming from one of your suppliers or one of your vendors, but they're not really them, but they're asking you to click on something and enter in some information. There are now circumstances where you know people. Yard management systems have different protocols that they need to have in place so their system can communicate with the yard to provide their services. What those yard management systems aren't necessarily that concerned. Their priority is providing quality services for their yard management system. Their priority isn't necessarily making sure that connection is secure. It falls on the yard owners. It is their responsibility to do that. So you know, to secure those connections, you need the right person to do it, you need the right software to do it and you need the right infrastructure, the right actual equipment to do it. So what we found is a lot of yards have these bases covered, you know, but there is an awful lot of them that do not. So when I say things like you know, there's antivirus software there's. You know, plugging the holes for these ports that are communicating between the yard and the yard management system, software there's, you know.
Speaker 3:Multi-factor authentication is something that can be implemented as an internal control. When it comes to multi-factor authentication, we're talking about making sure that when your employees the employees of a yard log into their email, make sure that that employee is who they say they are. There is technology out there that can simulate. You know, once you get somebody's username and password through a data breach, you can access that email anywhere in the world. If you implement a multi-factor authentication policy, it's a form of check and balance. So as that user enters in their username and password, there's another device that they can. It pings that device and they can verify that that person is indeed who they say they are.
Speaker 3:There are all kinds of different. There are all kinds of different Jeremy kind of touched on it but incident response plans where you know it's not necessarily a question of if we're going to be a target, but when we are a target, if something does happen, if one of our, if one of our teammates does click on a bad email, what do we do? What is our plan? And that is something that yards can start implementing today with just get a dry erase board out and a marker and pull your team into a room and say, let's spec this out and let's just kind of role play. If somebody clicks on something, who's the first person we need to call, who are the teams that we need to get involved and what does that process look like? So there's a variety of different things.
Speaker 3:So gone are the days of, you know, 30 years ago, when Yards can say, yeah, we have some computers we have. You know, I bought antivirus at Best Buy. No, I don't know if it's still valid, but you know I got it when I bought the computer. Everything's all good, I'm protected. Unfortunately, there are so many different attack services in 2025. You need to either cover all those bases or determine how much risk you're willing to take, and it's as simple as that. There are a lot of different organizations out there, such as ours, that help you mitigate that risk by saying, hey, if you want to stop this problem, here's the solution For this problem, here's the solution For this problem, here's the solution. There's costs associated with those solutions, of course, so it's on the yard owners to decide. You know, mitigate the risk with, with what's in the budget.
Speaker 2:So right because, that would you know, any kind of attack would end up costing you a lot, probably a lot more money than you're going to invest on the protection right absolutely and I I kind of skipped around to you guys work have worked with recyclers and in the industry as well. Can you give us a little bit of background on on what you guys have done in the industry and how you guys, you know, brought about BGM for foreman?
Speaker 4:Yeah, yep, so I was actually involved directly in the industry for about 14 years at a yard in Iowa actually involved directly in the industry for about 14 years at a yard in Iowa.
Speaker 4:And you know, at that time I wore a lot of hats, as a lot of people do in salvage yards. So one of my hats was IT and you know I would be the first to admit that I didn't have all my bases covered and there were things that you know I thought I could do and I thought I was doing well, just like Nick alluded to, having antivirus and and making sure that, you know, computers were up to date with the latest security policies and things like that. But you know, as I look back now, knowing what I know now, there are a lot of things that I didn't have covered and it's super important, more now than ever, and so my background was that and it's it. You know it can be frustrating, as somebody that wears a lot of hats, to be able to try and cover all those things when you're not an expert in that field. So you know, partnering with an IT company or or at least having somebody on staff that truly understands it all, is super important to keep everything up and running smoothly.
Speaker 2:Percent, yeah, and I think that is kind of a missing piece for a lot of especially the smaller yards. Right, they're, you know they're focused on the sales they're focused on, on getting connected, but they're not sure how, how or when, if they can be breached or not, and so having someone, an outsource, and you know URG, is great about, you know, protecting their data feeds, but there's so much more to it, right, there's there's so many different ways that you know people can get into your, your systems and and and wreak havoc essentially and we've heard stories from other recyclers that have actually had this happen as well.
Speaker 2:So I think it's so key to be able to have an avenue, like you guys, to be able to have the recyclers come to, absolutely.
Speaker 1:So I love that.
Speaker 2:So what are some of the best practices businesses can implement to enhance their internal security? Can we dig into a little bit of that?
Speaker 4:Yeah, absolutely. Nick alluded to some of those. So MFA, or multi-factor authentication, is definitely in the top 10 list for sure, and I jotted down some notes on that as well. But another thing that I wanted to mention too don't store your passwords in the browser, which you know, honestly, that we had a lot of that going on in the past and and it's a big no, no, I mean, if you have a breach, um, that's the first place they're going to go look. So it's kind of like, um, you know you have all your passwords stored somewhere and you're just handing it over to the criminal. It's not a good idea. So you know we use things like password managers for that, versus using a browser. And then, just in general, implementing some security controls.
Speaker 4:Another thing that a lot of the APIs or third-party providers will want is everybody to be an admin on your network. You know the reason for that is sometimes it's easier for those software to work and to update. The bad news is, having everybody as an admin on that network is a security risk. So that's something that we try to deter against and we set up, you know, access controls within your network to help you with that. Nick also alluded to the fact that you need to have a plan going forward, an incident response plan. I kind of liken that to just like a fire evacuation plan or a weather plan, anything like that. It's just as important to have a plan going forward in case that happens, because it will Eventually something will happen.
Speaker 4:You can't protect against everything and um, you need to have a plan and somebody to call if you have a have an issue for sure yeah, and then, in the end, just training your employees knowing what to look for, I mean, knowing you know if a, if an email comes in as it is a legit or is it a phishing email, and those are things that, um, you know are critical. Now it used to be just kind of an afterthought and now it's mandatory. There are things that your employees definitely need trained on.
Speaker 2:For sure, yeah, and I think that the training process is pretty impactful too. Do you guys help with that training and getting everyone on the same page then, when it comes to that?
Speaker 4:We do, and you know we take kind of a layered approach to all things cybersecurity and we have we have a definitely a plan for all of that. One of the things that we do in our layer, or security stack that we call it, is our education portion, which includes things like sending out simulated phishing campaigns which test your employees. So we'll send out fake phishing emails and you know, if they click on those, then you know the good thing is nothing happens. But you know the bad thing is is hey, we're training you. This is a bad email, don't, don't do this. And we also send out some training videos that show you what to look for and and help you along that process. So we definitely do.
Speaker 2:So can you share some examples of effective internal security policies that you guys have? I know we kind of already discussed best practices and you know emphasizing the role of the employee, training and awareness programs, but do you have anything you want to touch on that as well?
Speaker 3:It's getting. Multi-factor authentication means different things to different people, and we hate to keep harping on it, but one of the most low-hanging fruits that there is, one of the easiest things to turn on, is to implement multi-factor authentication when logging into either the network at the yard or if, if there is no traditional network with an on-premises server, necessarily, um, you know, at least turning on multi-factor authentication for the email uh setup, um. And which brings me to another point, there are there's there's free email and there's paid email. Uh, and I don't know about, uh, you or any of the listeners, but when something's free, I have a tendency to prefer that.
Speaker 3:So yeah so I I understand. I understand the benefits of free email. I understand that it doesn't come with the cost up front, but I would challenge Yards to say it might be time to turn on a paid email service because not only does it make turning on things like multi-factor authentication and instituting security policies easier, but you may be surprised at the little cost involved when you start weighing the risks. So we're talking about single dollars a month for each user at the yard to have a business-grade email account.
Speaker 3:I know the auto recycling industry isn't subject to you know a lot of regulations per se, or you know federal and state regulations from a. You know it's not like it's a medical field or that's covered under like HIPAA regulations or financial that's covered under the SEC. But that doesn't mean there aren't some immediate benefits that can be reaped just from a security standpoint and actually having a business grade email. So when it comes to some examples of some things, that multi-factor authentication with an actual business grade email is an example of what we call a low hanging fruit that is easy for a yard to implement in a very short amount of time with a very small investment financially.
Speaker 2:Yeah, and that's like I said, it's just such a need, just the education piece, right, and knowing what's out there and what's available. I feel like some people just don't realize what's out there and what's available, so it's great to have someone to kind of reach out to. Dj. Are we going to take a quick break?
Speaker 1:Yeah, let's take a break when we come back. This is very, very interesting. So let's take a quick break, folks, and we'll be right back. You, you, you, you, you, you, you Welcome back listeners. You know you're listening to the number one podcast in the industry. Recyclers all around the world are listening and we can't thank you enough. Please, every week we have Amanda and myself try to bring you a very informative podcast like we're having now. Make sure you download and listen. We're available on Spotify, itunes, pandora, stitcher, iheartmedia or wherever you get your podcasts.
Speaker 1:So just before the break, amanda, I asked and I want to tell all of our listeners this is a great podcast. I mean, I'm taking notes because I'm trying to say, okay, I have a paid email. But it was a guy who taught me, who helped me with the webpage, and he just said DJ, we're going to have a paid email, we're not going to go with the freebie. If you guys could kind of steer down at auto data direct, they had monthly employee meetings. Do you have a scale training? I mean like a nordstrom's? Like we had shannon nordstrom on the podcast a couple months ago and he was phenomenal. He has 83 people, but we have a lot of people listening right now that have six or seven people. Do you have something, nick, that could spare down to their level?
Speaker 3:Absolutely, and, as Jeremy had alluded to before our break, the employee empowerment or employee education is a core piece. Not only that everybody should be looking at, but it's a core piece of Forbin's business that we offer in our IT offerings and it does involve that training and DJ. These trainings are scalable. They're scalable for large yards, they're scalable for, you know, extremely small yards and then everybody in between, because whether these trainings are in person or whether they're virtual, driven through videos and whatnot, the trainings are scaled down to be accessible to anybody's readiness level. In other words, sometimes people involved in the IT industry, like Jeremy and I are.
Speaker 3:Sometimes we get a bad rep for using a lot of acronyms, like a lot of alphabet soup, if you will, and a lot of technical jargon. You need training that meets people where they're at. You need training that speaks their language. That meets people where they're at. You need training that speaks their language and good training modules on IT security, cybersecurity, risk mitigation. Those are one. They're quick, because if you talk about IT to somebody who's not necessarily all that interested in IT, you talk more than 15, 20 minutes and nothing's resonating. So they should be, they should be quick, they should be effective and they should be digestible. In other words, meeting, meeting your audience where you're at or where they're at. So you know alphabet soup and acronyms and technical jargon that doesn't mean anything to anybody who's not sitting in front of a computer working on it all day. You know, the trainings that we provide need to be quick and easy to digest and a lot of the trainings that we provide, the same rules apply whether it's a yard that has 80 people or it has three.
Speaker 2:Yeah, so we were talking about email security. What are? Which features should businesses look for in a secure email solution? So what? What is? What are some of the features that they should be looking out for?
Speaker 3:Yeah, when, when you're talking about secure email, you're you're basically talking about three different things who owns it? Number one, who controls it? Number two and number three is who secures it and what a lot of people don't know and, I'll be honest, I wasn't even aware of this until before I started with Forbin that those I'm not here to knock free emails by any means. We've all used Gmail. My kids give me grief all the time that I still have my Yahoo email account that I've had for like over 20 years.
Speaker 3:They're like dad, you got to get something new. I love free email as much as the next person, but what I didn't really realize is I don't even own my own email account. When you have a free email account, it is owned by the provider of that email, as a general rule. So when it comes to a paid email service, when you are paying for that email account, you own it. So you check the box in the first one my free Yahoo email account, the free Gmail accounts out there um, yahoo owns it. Gmail owns it. Um, so that's number one. Number two who controls it? Um, you can't. It's real hard to control something that you don't own. Uh, and it's that simple. So if, if you do not own that email, it is much harder. It's not impossible, but it is much harder to control it because you are at the whims of the owner of that email.
Speaker 3:Google is providing free email services to the world, which is great. What they don't want to do is have 8 billion people have in their own email account and have a bunch of different controls in place. That would be a logistical nightmare. So they make it easy and they just say you're not controlling it, you're, so if you can't control it, then you can't secure it, and the free emails out there do provide, you know, some basic email there, do provide some basic email security. They provide some basic spam filtering, in other words, some filtering of bad emails coming in, not only ads that you may or may not want, but truly malicious emails, like those phishing emails that are trying to spoof and trick people into getting themselves in a bad situation, to getting themselves in a bad situation. So you got to pay attention to when you're looking at a paid email service there's quite a few out there but when it really comes down to it, if you look at the business community as a whole not only just auto recyclers, not only automotive, but every industry it's Microsoft 365 and Google Workspace or G Suite. The names mean the same thing, but Google Workspace is the latest branding of Google's paid email service. Both of those services are incredibly robust and that is a great place to start.
Speaker 3:I'm not here to say, you know, microsoft or Google, which one's better? It's kind of like which one's better Coca-Cola or Pepsi? They're both Colas, they're kind of the same. You know, I drink Coca-Cola and Pepsi. I use Microsoft and G Suite and Google Workspace.
Speaker 3:Some people are adamant one way or the other. So in terms of a starting point to go from a, you know if you take nothing else from this podcast, if you just want to have an actionable item, talk about your organization moving from everybody having their own free Gmail account to conduct the yards business to moving to a business grade email. You start with either your current IT provider. You can start with a company like BGM Forbin or you know Microsoftcom, googlecom. There's some resources out there as well, as long as you have the person at the yard that is willing and capable to wear that IT hat, like Jeremy Heidemann said, that he did for many, many years. You know you can start there, but I think you got to pay attention to who owns the email, who controls it and who secures it. Those are the three things to be looking for.
Speaker 2:Okay, yeah, that makes sense. Well, and I feel like, you know, seeing an email come from a Gmail account versus, you know, at the business namecom, I feel like it does kind of give you a level up of professionalism as well. Right, and that's something that would be able to give you.
Speaker 3:Incredibly important. Incredibly important. I actually just spoke at a conference a couple of weeks ago and I I talked about that and I talked about a scenario where you know, if two think of, say, you need a plumber at your house, right, and you don't know any plumbers. You don't have any referrals from anybody, no connections and you go online and you find two plumbers that look like they provide the exact same services. The prices are the exact same. The only difference is to reach out to request a quote or to have somebody come to your house. One of the emails is jsmith at gmailcom and the other one is info at abcplumbingcom. If that is the only difference, it's apples to apples and the only difference is who's got a professional-looking email and who doesn't. I know me personally. I'm going to start with the one with the professional email and if I reach out to that organization or call that organization and I get the answers I want, I'm not even calling the other one you know so you're.
Speaker 3:You're right on the money, amanda, with with the just the marketing and reputational benefits of of having a having a business grade email.
Speaker 2:Exactly. Yep, I, completely, completely and and I do the same thing. You know, if I'm looking at a business and I'm seeing just a generic email, I'm like is this actually right? Are they getting one? And even just like payments, like are they gonna? Is my payments going to be protected? Is you know anything about the customer going into the business? They're going to be a little hesitant if it doesn't look as professional as you would hope.
Speaker 3:Exactly, exactly. So. That's why we talk about business grade email as such a low hanging fruit, because it checks so many boxes. It checks so many boxes, it checks that security, it checks the marketing boxes, it checks some reputational boxes and confidence boxes for your customers.
Speaker 2:Definitely. I completely agree. So how do email monitoring and filtering contribute to the security when we're talking about emails? I think we may have touched a little bit on that, but do you want to elaborate on it?
Speaker 3:How does monitoring? And I'm sorry, what was the second thing?
Speaker 2:Filtering contribute to the security. So there's filtering on the emails.
Speaker 3:Yeah, so I touched on it a little bit. Regarding the filtering email filters are important. Spam filters have been around for a long time as long as email has been around or as long as antivirus has been around. But filtering out unwanted ads is one thing, but what we're really talking about when we're talking about cybersecurity is it's not the ads that are a nuisance that we're talking about. We're talking about malicious emails. We're talking about an email that says it's from you know, say it's from. It says it's from Staples staplescom office supply place that your company does business with but it's really not from Staples. It's somebody around the world trying to say, hey, there's a problem with your account. Just please click on this link to make sure that we can straighten this out. Or there's, we've lost your account number. Please log in here and verify it to you. Yada, yada, yada. Those are the filtering that we're talking about.
Speaker 3:But I want to make something extremely clear. There is not an email filtering system out there today, a one-shot deal. Just, you know, as long as you pay enough money for this email filtering thing, you won't get any malicious email. I don't know of one to date that filters everything. So it's. It kind of goes back to that layered approach. You got to do what you can to filter out the bad emails. But if a bad email does get in and somebody clicks on something, have that incident response plan, just like, just like Jeremy said, you know which is the equivalent of a. You know, if there's a tornado, you have a tornado drill. If there's a fire drill, or if there's a fire, you have a fire drill. Somebody clicks on a bad email. Here's what you do. Here's here's our incident drill. So it's filtering it out.
Speaker 3:Is is one thing, but also knowing what to do if something does happen is another. And when you had mentioned how that relates to monitoring your email paid emails is the first step, but if your full-time IT person or your IT partner needs to be monitoring the email logs as well. So what that means is it's not monitoring who's sending what email to what, it's not scanning for what type of content's being sent. It's. This email account was accessed at this date and time at this location and it was logged out of at this location. This is all metadata that's not reviewed by a human, but it is logged, and it is logged in case there is an incident, not for forensics to figure out what happened from a law enforcement side, but there's also the forensics for who's responsible for what.
Speaker 3:If it's like a cyber liability insurance claim, if somebody did click on something and somebody needs to track down money and the responsible parties, you need that type of log monitoring as well. So there's the filtering out the bad stuff, but you want to also be able to audit those logs if necessary. It's not something that you would ever need to have somebody you know scanning those and scrubbing those lists every week. I'm not talking about that, I'm just having, I'm talking about having access to those logs if needed. And a lot of those free email services out there. Unfortunately, they make it pretty. They make it a pretty cumbersome process to have access to those logs if you need them.
Speaker 2:That makes sense and just kind of protecting yourself on the front end if anything does happen? Yep, and then did you want to mention anything about the BGM Forbin secure email solutions? Was there anything you wanted to touch on that heard?
Speaker 3:the monitoring yeah, I mean I, I, I've talked about it quite a bit, uh, or already. So I don't, I don't want to, I don't want to belabor the point, but when we talk about a business grade email solution, we're talking about identifying the email for who owns it, who controls it, who secures it, the email for who owns it, who controls it and who secures it, and then not only getting that business grade email in place, but getting the right filtering and monitoring in place on top of that.
Speaker 2:So that's what you guys will all encompass whenever they get integrated with y'all right.
Speaker 3:Absolutely, and people in the IT industry especially, and we try our best to not be. But it can sound complicated, but the nice thing about the solutions that Forbin is able to provide on the IT side is they are turnkey solutions. We've gone through the complicated stuff on our end. So then it's when we're talking to a yard owner it's as simple as how many devices do you have at your yard?
Speaker 3:How many desktops and laptops? Do you have any servers? And then how many employees do you have? And of those employees, how many people access email? Some of that basic information. Guys like Jeremy and I take that back and we come up with proposals based on what that yard owner wants to do, based on how much risk they are willing to stomach and how much risk they are willing to get rid of if that makes sense.
Speaker 2:No, it definitely does. Yeah, I just wanted to kind of wrap it up and say what you guys do, because I want to make sure to pinpoint what you guys are able to do for our yards, because it's it's a great resource and I think this could be very helpful, for you know big and small yards.
Speaker 3:You know all around well and and just if I, if I can just take another minute we've talked a lot about email and business grade email, but what we haven't talked about is you know what happens if you need help desk support or tech support. You know so, whether your yard is across the street or across the country. Not only you know, forbin prides ourselves on being able to provide remote support to anyone who needs it at any time. 99% of our tickets that are technicians who are parked just about 20 yards behind me, the tickets that they work over. 99% of them are all they come in. We work the problem remotely and we solve the problem remotely.
Speaker 3:So you need if there are yards out there that are looking to partner with anybody sure, bgm Forward would love a call, but just if you're talking to other IT providers, you want to make sure that they provide base level services that cover cybersecurity risk mitigation. They cover system monitoring. In other words, all of the workstations that are at the yard. You need to make sure somebody is double checking that all of the automatic updates are being installed correctly, all the security patches are being done. It's something that, unless that's what you really like doing, nobody likes doing that, unless you have a paid IT person on staff, that that's what you really like doing.
Speaker 3:Nobody likes doing that. Unless you have a paid IT person on staff, that that's their job. That would be a hat that a guy like Jeremy wore for 10, 15 years. That ran him ragged because he was also in charge of other stuff. So you want to have somebody that can manage your cybersecurity risk mitigation efforts, your system updates and management, and then you want to be able to have somebody that can provide help desk support, whether that's in-person help desk support like boots on the ground, or remote help desk support, which is where the vast majority of the industry is going because it's the most efficient. Where the vast majority of the industry is going because it's the most efficient. It's not like we don't like being face-to-face with people and working, you know, hands-on. That's not it at all. We want to get in, fix the problem so yards can do what they're best at, and that's conducting business and taking care of their customers.
Speaker 4:Which is a super fast-paced environment, and that's the biggest thing is. You know it's probably not uncommon to some other industries as well, but especially in the auto salvage industry it's so fast-paced that you know you can't have downtime, because downtime is you're losing money, and it's. You know. Most of the yards out there still have servers and those servers need to be up and running for business to happen. Yards out there still have servers and those servers need to be up and running for business to happen. And you know the second that a server goes down because of a security update or whatever it is. It's costing you money. So that's our goal is just to to help these yards just stay up, just constant uptime, because that's when you're making money.
Speaker 2:That's perfect and I completely agree. Yeah, there's, there's no downtime at these. These places you can hardly get them on the phone for you know unless you're wanting to buy a part. They're like why are you calling me so? It totally makes sense. All right, DJ, are you ready for our last break?
Speaker 1:Yeah, last break and folks, we'll be right back. No-transcript. You know you're listening to the number one podcast, urg On the Go podcast, so remember to like, review and share everywhere. If you'd like to hear another industry expert like Jeremy and Nick, just dial a hotline number right here and Amanda will do her very best, along with my assistants. Just dial 706-409-5603, and we'll have that industry expert on the podcast to help you grow your business, because we always say you know your business, but URG helps you grow your business. So, amanda, I'll turn back over to you. I think this is one of the best ones we've done. Amanda, very informative and very, very nice people.
Speaker 2:I agree. Yes, it's going to be a great avenue for all of our recyclers. So I did want to ask what, what are some of the biggest mistakes or one of the biggest mistakes you've seen as an automotive recycler, when they're running their, their information, what, what do you feel like is the biggest mistake there?
Speaker 4:I can. I can talk to that. So one of the things that I always had a challenge with was literally just security updates, and you don't think of it as a big deal, but if you're letting your server run 24-7 and not looking into doing the security updates, it lends itself to a security hole, and those are what the cyber criminals are looking for. They're looking for any chance that they can breach your network and if it's a security patch that hasn't been implemented, they're going to find it and they're going to find things like that. They're going to find things like open ports or we talked about it earlier. If everybody within the network is an admin and you know they can, they can, they can confiscate one of those usernames and passwords pretty soon. They have control over your whole network. So those are a few things that I've seen. I think it's just important for somebody to know when to run those security updates and when not to, and just to understand that.
Speaker 2:That makes total sense. So just some final thoughts. What's some advice you would give to a business looking to improve the internal security? Obviously, we've kind of gone through a bunch of of different avenues and what email, how important that is, but what are some of your final thoughts on on advice to give to these yards?
Speaker 4:Yeah, you know, at a minimum. I think anybody should just take a hard look at their their IT, at their IT infrastructure and their security plan and have somebody just give them a you know kind of a current status of where they're at. Just have somebody overlook, where are you at now? This is what we see, Sort of almost like a test of where you're at, to know where the holes are. Just to know where you're lacking holes are, just to know where you're, where you're lacking, Don't you know? Just assume that you have secure policies in place. You know just because maybe you've got an employee that says they know what's going on. Maybe have a third party look at that, just to be, just to give a, just to give an honest opinion of that, and then in the end, just planning for the worst. You know and I think Nick said this earlier, but it's not if something's going to happen, it's when, I mean, in this day and age, everybody is possibly going to get attacked, and so it's something you just got to plan for.
Speaker 2:That makes total sense, yeah, and even personally. Right, like it's good just knowledge for your personal day to day too. I'm learning things that maybe I need to do differently as well, so this is very informative just for business and for personal. So I did want to touch too. Are you guys going to the URG conference here next year? Are you going to be at that conference in Colorado?
Speaker 3:Yep, looking forward to it, looking forward to it.
Speaker 2:That'll be a great place for you guys to talk to our members and kind of get face-to-face with them too and get in front of them. So definitely look forward to seeing you guys there. How would they get in touch with you if they're wanting to learn a little bit more about what you guys do and what you can do for the yard specifically?
Speaker 4:Absolutely. Yeah, so you can visit our website at forbincom that's F-O-R-B-I-Ncom. Or if you just want to reach out to Nick or I, our emails are jeremyh at forbincom or nickg at forbincom. Yeah, we're open to any suggestions or any questions, for sure.
Speaker 3:I think Amanda had you said maybe we will have a phone number on the website as well. Is that what you said?
Speaker 2:Yeah, yeah, we'll have some information on the u-r-sgucom website too, so there's some links on there for you to check out and you can see all the associate members on there too. So this has been an awesome ad. And again, I think we talked a little bit about this on the break, but you know, big and small yards can take advantage of this and it's you know, even the small yards can be targets. Right, jeremy?
Speaker 4:You were saying Absolutely yeah, and you know. It's important just to know that. Just you know. If you think that, hey, I'm a small yard and these rules don't apply to me because you know the criminals aren't going to come after a small yard, that's not true. We have some smaller companies that we work with that have been hit by ransomware right here in Iowa several times before they started working with us, and that was the reason they called us. Is they think we're not going to get hit? And then they do. And the cyber criminals are looking for big payloads, for sure, but they're also looking for easy targets, and sometimes that's smaller businesses, and that's just important to understand.
Speaker 3:Exactly.
Speaker 2:Makes complete sense. Yep, so well. Thank you guys again. So much for being on today's podcast, and this is our first video podcast, so congratulations, you guys are the first of many that we'll have, and thank you guys so much for showing up today and giving us all this great information. Do you have any final thoughts that you want to end with I?
Speaker 4:just want to thank URG. Thank you guys very much. It's been great. You guys have been great.
Speaker 3:Yeah, amanda, thank you so much. Urg has been great. I have learned so much about the auto recycling industry from my colleague and now dear friend, jeremy heidemann, from his experience and going to the urg show. Uh, last what? When was it april? April yeah, april, uh, it was fantastic experience and had a great time. Can't, can't wait for denver next year awesome yeah it was a good time dj, it was DJ. It was great meeting you too, man I look forward to talking with you in the future.
Speaker 1:Yeah me too, because there are people. I wrote down some of your tips. You know, like you're not going to believe how many yards you visit and Amanda ask them well, how many ad beds do you have?
Speaker 2:Seriously, or how many of your passwords are John123? And you're right.
Speaker 1:Nick is right when he said that I'm thinking I wrote that down. I wrote down some of the tips that you were doing and then I thought you know what I need to find out more about the training that you have and see if maybe we could put it in a monthly employee meeting and so you could help out.
Speaker 3:I'd love to, I'd love to continue that conversation, dj, whenever, whenever you would like. I would love to entertain that idea and I think we could come up with something pretty cool.
Speaker 1:Yeah, I agree. And Amanda, you did great, like normal.
Speaker 2:Thanks, dj, you're so sweet. Thank you for everything you do as well. You're a rock star.
Speaker 1:All right.
Speaker 2:All right, we'll see you guys next week. Thank you so much. Yep Thank you Bye you.