The Small Business Safari
Have you ever sat there and wondered "What am I doing here stuck in the concrete zoo of the corporate world?" Are you itching to get out? Chris Lalomia and his co-host Alan Wyatt traverse the jungle of entrepreneurship. Together they share their stories and help you explore the wild world of SCALING your business. With many years of owning their own small businesses, they love to give insight to the aspiring entrepreneur. So, are you ready to make the jump?
The Small Business Safari
Cybersecurity Essentials for Small Business Survival | James Sanford
Your small business is vulnerable to cyber attacks whether you realize it or not. In this eye-opening conversation, IT expert James Sanford reveals the shocking truth that companies like yours face dozens of digital attacks daily—even if you're "just a handyman company" or small service business.
James takes us through his journey from solo IT consultant to managed service provider, explaining how the cybersecurity landscape has dramatically evolved from annoying pop-ups to sophisticated ransomware operations that can completely shut down your business. With remarkable clarity, he breaks down complex security concepts into practical advice using colorful analogies like "putting alligators in your digital moat" that make cybersecurity accessible to even the most tech-resistant business owners.
The most valuable segment comes when James outlines the five essential security measures every business needs: a proper firewall, endpoint detection and response software, password management tools, multi-factor authentication, and comprehensive backup solutions. These fundamentals form a solid security foundation that can protect your business from the most common threats without breaking your budget.
What truly stands out is the paradigm shift James describes—moving from reactive IT support that only fixes things when they break to proactive management that prevents problems before they impact your business. This approach not only improves security but dramatically enhances productivity by eliminating those frustrating technology disruptions that kill your team's momentum and waste valuable time.
Don't wait until you become another cybercrime statistic. Take the first step toward protecting your business by implementing these essential security measures today—because the cost of prevention is always less expensive than recovery after an attack.
From the Zoo to Wild is a book for entrepreneurs passionate about home services, looking to move away from corporate jobs. Chris Lalomia, a former executive, shares his path, discoveries, and tools to succeed as a small business owner in home improvement retail. The book provides the mindset, habits, leadership style, and customer-oriented processes necessary to succeed as a small business owner in home services.
But what if you change that mindset to your customer that I want to have less of those break-fix incidents because those are disruptive and I can't control them? But if you start thinking about proactive maintenance, hey, let's look for the top things we see go wrong with a PC Monitor for them. And what if we can self-heal those issues?
Speaker 2:monitor for them? And what if we can self-heal those issues? Welcome to the Small Business Safari where I help guide you to avoid those traps, pitfalls and dangers that lurk when navigating the wild world of small business ownership. I'll share those gold nuggets of information and invite guests to help accelerate your ascent to that mountaintop of success. It's a jungle out there and I want to help you traverse through the levels of owning your own business that can get you bogged down and distract you from hitting your own personal and professional goals. So strap in Adventure Team and let's take a ride through the safari and get you to the mountaintop.
Speaker 2:Alan, here we go again. Everybody's listening. I'm getting all kinds of feedback here lately from people about all right. One of them really sucked, but it was my sound quality on one of the episodes, and so Chris had to go back to podcast school to get his audio fixed back up. But he's back and we're going to be back rocking. Now here's some of the cool feedback we've gotten. Alan is I listen to your podcast every week, got that one. Your podcast every week, got that one. Hey, buddy, I was just listening to your podcast and I wanted to give you a call and tell you, man, I really love that episode talking about some of the topics that we've had as of late, which had been kind of cool and so that's been kind of fun.
Speaker 2:I love that kind of feedback, so we're getting some really good feedback. Of course, I got the radio gig going now and we're really starting to hit our stride here in Atlanta, where we're only focused on home service companies here and helping people in their home improvement stuff. But today I've got a really exciting guest. I am excited about this one because there are so many different ways we can go with this guest, but I asked him to focus in on something that I think is important to all of us. So I have my IT guy here today and I have James Sanford who takes care of all of our information technology and all of the safety that we need to have in this new crazy world of cybersecurity.
Speaker 3:Man, you're just getting right into it. There's no dad jokes, no puns, no what you did this weekend no Vegas. That's what happens when we have a dry podcast. All right, so everybody, you didn't even no what you did this weekend. No Vegas. That's what happens when we have a dry podcast. You didn't even ask me what I did this weekend.
Speaker 2:All right. So here's the problem. Usually, alan and I get together in the afternoon and it's bourbon four o'clock, I mean bourbon five o'clock, as it were. But today we're doing this one during the day to accommodate some different schedules but to make sure that we're getting out some great episodes, great coverage. And you're right, I didn't talk to you about my big daddy weekend, so I will tell you I had a proud papa moment this weekend. You did, I did. My daughter has walked with her white coat in her PA school. Congratulations, thank you. Very exciting. And one of the things I got in the comments on Facebook was hey, she's one step closer to getting off the payroll. And of course, she's home today and I just got done approving a $2,000 expense on her vehicle before she takes off to do her first rotation.
Speaker 3:They never leave and I've told you the story about my wife's father's father who, at 13, his dad said time for you to leave the home, head down to the docks in Portland and seek your adventure At 13.
Speaker 2:I know right.
Speaker 3:What are we doing? I don't know. We're coddling our children.
Speaker 2:It's not healthy. These kids are 26. They need to work in the docks. That hits a little home for somebody. She's 26 and not off the payroll Whoa. And what are we doing? That's right, you can't see this because we actually have an extra special person in the audience, but she's not going to be on the podcast. We have James' daughter Savannah, who has recently joined his company, and in literally one hour she blew my mind on AI, on what the heck she's doing.
Speaker 3:But we're not going to talk AI today. Savannah, that's not that hard to do.
Speaker 2:That's true. I mean AI. That's a lot of syllables.
Speaker 3:I mean it's at least two letters.
Speaker 1:I think it's actually longer than your password.
Speaker 2:So we're going to get into this, guys. Man, this is going to be so much fun. Cybersecurity James Sanford thanks for joining us today. Like I said, we can go in so many different directions. He's done so many things in this business in terms of automation, scaled without having to add staff. Oh my God, hello, you don't have to add people. Oh, I need that one.
Speaker 3:Yeah, Until they build robots that can you know, do construction. I think you're screwed with that Not happening.
Speaker 1:You have to have labor.
Speaker 2:So we could go that way. We could talk about all the stuff they're doing with AI, so we'll probably end up having James on. But today, man, I wanted to focus on what James has done, because no more than at least three different times he has blown my mind on cybersecurity and stuff that happens. And here's the thing, right, when we all get started. I started with a laptop, a flip phone and a camera, right?
Speaker 1:The good old days, the good old days, right.
Speaker 2:So I had my laptop, which was a client server-based CRM system. I was pretty cool, except the client and the server were all on my laptop, which was in my truck, which was driving around with me every day, and so I had that. And then I had a flip phone and then, as I've grown to where we are today, where we have the Atlanta and the Athens division, I've got a server in the office but we're all on the web now, right, but I have voice over IP. I have all this other stuff going on, and I let one of my ladies go work from home, and so we set up a computer at her house and she happened to be doing all of our payroll, all of our books. She's a threat, oh my god, she is a threat.
Speaker 2:So james, james, there's a leak. He says he, he, uh. He says hey, um, chris, uh, can, can we do? I think he said vpn. I forget exactly what he said, but we need to do something about this computer. I'm like why he goes. It's getting attacked 90 times a day to get into our. I said, but we're just a little handyman company.
Speaker 3:He goes oh, that's like the Matrix.
Speaker 2:With the little Right. So, james, welcome to the show.
Speaker 1:Well, thanks for having me. I'm really excited to get to be here and talk to you guys. Nice to meet you. Yeah, nice to meet you. Sorry, it's not over a bourbon Well I agree, but you were missed last week. I mean not by Chris, no he actually got a little sentimental. I listened to it, I did.
Speaker 3:By the way over this weekend I was at a big, fancy wedding in LA. It felt like I was in a movie and I heard maybe the greatest seven words I've ever heard in my life um, you're three thousand dollars short on your minimum at the bar, oh, my god and then, and the night had already kind of wound down and so we're like bring me the, bring me the bourbon list.
Speaker 3:Cousin brad was like bring me the wine list and the next thing, you know, champagne for everybody. It was. And I was trying to be good that night. That went to hell and all of a sudden my brother-in-law showed up and he's like, okay, we're to six bucks. And he just shut it down.
Speaker 2:So we made up the gap you made up the gap.
Speaker 3:We made up the gap. Wow, you know things that you do for family, somebody has to do it. Oh, my God, that's awesome. I was in the right spot. You know opportunity preparedness, all those things that go into. You know performing.
Speaker 2:I'm proud of you. You pivoted well, I did.
Speaker 1:You had a problem presented and you found a solution. I was a solution provider.
Speaker 3:Well, the other solution was to use someone else's credit card to keep going. No, to pay the whole thing. No, no, that's not as fun. Oh yeah, but yeah no, it was.
Speaker 2:It was already prepaid. So, oh my gosh may as well hit it so you had, you had, you were in la with cousin brad. Did they mention that you were on a podcast, that you were a celebrity when you're out there?
Speaker 3:yeah, that was it was part of the wedding vows and then. But cousin brad and I did get to play a little round of golf and uh, at his country club at his club.
Speaker 3:That is so, you know. Nicholas redesigned it right. There's a couple holes where it's almost like 11 at augusta where they you know, they say if, uh, if you actually hit the green, I missed you know, because you're supposed to hit front, right right out on. We had a couple shots like that. You know, I haven't touched a stick in a while and we ended up uh coming from behind. I tied it on 16 and cousin brad put the knife in their heart and we went up one up, uh went on 18 there we go.
Speaker 2:Nice, now that's a big trip. You didn't have a big daddy weekend I was just over here buying in the store, doing the podcast trying to help people, educate them a little bit about this and that, so all right, let's get into. So james sanford started team spring. Uh, when did you start that?
Speaker 1:gosh savannah uh 99. She was born 26 years yes ago.
Speaker 2:What's this, what's this? That's, uh, bourbon light, uh, that is that. That, and I cannot perform a miracle. I cannot turn that water into wine. You keep drinking water, alan. We're gonna keep you going and we'll almost stay on track, almost so, 26 years ago, you left the corporate world and started.
Speaker 1:Well, I didn't initially just jump ship. So what happened was I was part of the dot-com era, you know, building enterprise software blue martini, different other products and when she was born and then her brother was born a few years later, I was like, every time I come back from the West Coast, every week they look different. You know how the kids grow so quickly. And it just got to the point where you saw the writing on the wall with the dot bomb and you're thinking gosh, I really want to do something on my own, my own consulting company, my own something. That entrepreneurial instinct kicked in ever since I was little. I mean, my brother and I would go on the beach in Savannah and get shells and drag our little wagon around and sell them things like that. So we even created detectives on the spot dots for the Hardy Boys, and so we've always had this little inclination that we wanted to own our own thing. So I initially started doing custom software development. That was eTech Software. That was the initial name of the company. Everything was e-something back then.
Speaker 1:So around 2006, I finally left the corporate world and went in full force. That is the hardest thing is jumping ship. That first step is absolutely the most terrifying until you're off the boat, until you're doing it yourself and you have to perform. You have two little children, a wife, you have to perform. And so then it turned into okay, I've got all these great programming gigs, you know, building out CRM systems and workflows and things like that, but you're always hunting. You're always hunting for that next thing. So at that time then customers were asking for tech support. It was starting to get to the point where the Internet is now a very stable thing. It's not Earthlink, you know dial up.
Speaker 3:Talk about being at the right place at the right time, Like I was at that bar. I mean his customer. The whole world is expanding and you happen to be right there and know what you're talking about.
Speaker 1:Yes, and so at that point I'm like you know what? There should be a monthly recurring revenue component here. If I'm going to have to support somebody, we are supporting them, we're charging them an hourly rate. And so then I thought, well, maybe we come up with plans silver, gold, platinum where you get two hours a month, four hours a month or six hours a month, and then anything above that you get built in a little reduced hourly rate.
Speaker 2:But at the time nobody had that idea, nobody Right. So you didn't say well, say well, listen, I'm gonna put you on a subscription program. You're doing subscriptions before.
Speaker 1:Netflix was even thinking about it, maybe a future seer. It was really. Really. It started to get to the point where, okay, I've got some momentum here, I've got some cash that I can at least have, knowing it's coming in each month. So at that point technology is starting to really blow up. There are ways to remote into computers, there are ways to automate things associated with tech support, and so I bought into an enterprise software package called Kaseya that allowed me to remotely monitor and manage my customers' machines. So I can now turn a reactive question hey, my computer broke into. Hey, I see that your hard drive's getting full and fix it or call them before they can't work anymore.
Speaker 2:So that is part of the subscription. You came up with gold, silver, platinum, yeah, and you started selling people on it. How was the original adoption with that?
Speaker 1:Well, I went slow to begin with. Right, the typical startup entrepreneur is everything has to be just absolutely perfect before you introduce it to a customer, and everything is never perfect. So I started it with just putting the agent, those tools, on the machines, because it helped me not have to drive over to your office or somebody else's office and as a one-man show, I still had little children that I, okay, I can watch them, honey, while you go out and go grocery shopping. Well, you know, and not if I have to have an emergency and go help somebody. So then that started becoming more and more prevalent. I still, I mean, at that time that was an $80,000 investment for a one-man company to buy this. It was considered enterprise software. There was no cloud version of this. I had to have a server in my house, in my basement, that these agents would check into and we would just manage it, and then slowly I'd charge, and we would just manage it, and then slowly I'd charge. You know, whatever it was, that base package.
Speaker 1:Well gosh, now suddenly viruses are coming in and being more prevalent. I mean, you know, 25 years ago you didn't even really hear of a virus. No, you know. And then until one day I'm looking and I'm clicking on something and suddenly all these pop-ups keep happening. They're very, I mean, they're just annoying. Right. At the time they were just annoying Right, and all you had to do was download things like Viper or McAfee or, you know, trend or any of those reactive antivirus tools. And so I'm like, well, we should have some component of security. Yes, there's this. Let's ask for managed security.
Speaker 1:Then suddenly, oh gosh, all these servers that everybody have, all these small business servers that Microsoft came out with, that had their own exchange server for email, their own shared volumes and things of that nature. We need to back that up. So again, my thought was it has to be perfect. How am I going to do this? Well, I was like my business coach at the time, and I think everybody needs a business coach If you don't have somebody that you can look up to, no matter what level higher than you. It's so important. I said, well, it doesn't have to be perfect. Can't you just drive over? You only have 10 customers Drive over on Mondays. Swap the little USB drives. I was like days, swap the little USB drives. That's a great idea and I maybe I can get my friend Jay to do it for me.
Speaker 1:But so at the time it slowly progressed. And when I say slowly progressed it, you know we went from 10 customers to maybe 12 to, you know, and now we're at 50 and manage a thousand computers. Then it turned into it was getting annoying doing two hours and then billing somebody for an extra three because they had more questions, and then gold. And then it was getting annoying doing two hours and then billing somebody for an extra three because they had more questions, and then gold. And then it was constantly getting to the point where I'm getting. I'm spending a lot of time answering questions about invoices and what's included and what's not, and so I finally I think in 2010 or so said you know what I'm not taking any customers that aren't on our all inclusive plan. I'll lower the rates a little bit, but I want to take the billing aspect.
Speaker 2:So in 2010,. You said I will work with you if you buy my subscription, but I will not just come set up a computer for you. Correct, and that was in 2010. That's why I'm writing this down for the timeline.
Speaker 1:I met you in 2014, I believe.
Speaker 2:And.
Speaker 1:I already fully vetted this as all-inclusive one plan.
Speaker 3:That's really a tipping point in a business life when you can actually be selective on who your customer is.
Speaker 1:Well, yes, it is and it isn't. I still was taking up people that had four machines or five machines. Now our average customer is 15. Our biggest customer is more than 50. It, you know, it's all relative. You know, at the time that was plenty of money for us, it was just one salary. Um, then it became the next first hire who do you first hire? And then it was an assistant, because nobody is going to everybody's like, oh you need to buy us. Hire a salesperson, yeah.
Speaker 2:So until that point, in 1999 to 2010, you were still a solopreneur. You were by yourself, doing all this with no help. No help, wow.
Speaker 3:Okay, no vacation no sick days Right. Yes, that is correct.
Speaker 2:Yeah, All right. So in 2010, you started a subscription-based business and did this, and then you started selecting and putting your shingle out for this, and this is now what we've learned to call. The industry term is Managed service provider MSP that's what we like to call it here.
Speaker 3:Alan MSP. What is this?
Speaker 2:He started saying these things like, well, I'm a managed service provider. I'm like, well, I don't know what that is. And then, sure enough, what do I hear now out networking, you know? And how many contacts, how many emails do you get? Guys, you probably are getting all these emails too. Hey, we can be your IT guy, we can be your managed service provider. And you're like, well, I don't even know what the hell that is. You know, I'm just a handyman or I'm just a knife sharpener. I'm just a, I'm just an auto detail where you guys are. These are all the two guys who called lately. So how do you explain managed service providers?
Speaker 1:Okay, so prior to managed service providers it was a break-fix model, Just like the automobile. You're trying to do proactive maintenance on it so your daughter doesn't break down down the road. Typically in the past, dads would just get an AARP. What is it? Aaa card?
Speaker 3:We started talking about the fact that I'm 55. He was looking at you when he was thinking.
Speaker 2:AARP hey, easier You're a capital A.
Speaker 1:So yeah, it was reactive break fix. My computer broke, I took it to somebody, fix them, charge them an hourly fee, bam. But what if you change that mindset to your customer that I want to have less of those break-fix incidents because those are disruptive and I can't control them? But if you start thinking about proactive maintenance, hey, let's look for the top things we see go wrong with the PC Monitor for them. And what if we can self heal those issues? Like if I see a hard drive gets below 20%? Some of the things I can have a script do is go and clear out cache, clear out temp files, clear out things that then I don't have to get involved with. So the ability to automate that transforms you from a break-fix to a proactive managed service provider.
Speaker 2:We are proactively managing things so let's go back to Chris's progression in his career.
Speaker 3:He's got computers managing, I'm gonna have PSD if we go the way. I got what's going on with that water. It, it lit up.
Speaker 1:This is what my daughter has decided I have to drink now. That is the not-so-great thing about having your child work for you is she's healthy and I'm not. This is what Savannah Molecular hydrogen, molecular hydration water. So it puts I don't know magic in the water. Why did it light up? Because it can charge and it'll bubble up. So it's, and then it sinks to tell you, this is riveting podcast.
Speaker 2:It is we are not, we're not. We can't even explain it. But all right, we'll put that in the show notes well, and then?
Speaker 1:molecular hydrogen water and the other thing you need to look at is plodai. It's a digital transcription. Oh, I got it.
Speaker 2:I've heard about that, you keep giving me crap.
Speaker 3:I'm going to ask him what he thinks about your password.
Speaker 2:No.
Speaker 3:The home password. The home password.
Speaker 2:You can't share that with everybody.
Speaker 3:This goes out to seven times the universe we can give an example.
Speaker 1:Savannah just asked for it, so we know yeah, so we know he's already in trouble.
Speaker 2:We're going to go back to see. James is talking about this proactive stuff and I think as a business owner or somebody in business, you don't get what he was putting down. Let me tell you what the pain looked like when I wasn't doing what he's talking about. So at the time when I met James, I realized we were outgrowing. The Chris is the IT guy and Chris was the IT guy. The Chris is the IT guy and Chris was the IT guy. And again at that point we had gone to a different software package that was quote-unquote web-based.
Speaker 2:But what was happening was every day at about three o'clock, the computer would just get really slow and Chris would be out selling his ass off. Come back in the office and I'd have one lady out back smoking, one lady out in the front talking on her phone and the other lady beating the mouse against the wall because nothing would work. And I'm like man, it happens every day at three. I don't know what's going on, and but it didn't. Obviously that didn't happen like day one, right, of course. It just kept happening. You know, little times one day it would happen, next time it wouldn't, and then we would lose our internet and then we would lose our internet and then we'd have to get Comcast involved. And then we're starting that whole world getting Comcasted and I'm chasing my tail all over the place trying to figure out what's going on and it's just not working. And I met James and at the time, again being cheap, I was like I'm thrifty a frugal.
Speaker 3:So you got James as a provider before he decided to have standards on who he would want as a customer.
Speaker 1:It's true, I was really broke. I had just gotten remarried.
Speaker 3:You were desperate, I was desperate, oh my God.
Speaker 2:And a guy who's been on our podcast, wayne Sugar, introduced me to him, so we had to play the friend card.
Speaker 3:He got ready to help.
Speaker 2:And he said he's going to look like an ass, but he's really kind of a nice guy. So that's how James came to work. When is that going to happen? The nice thing doesn't happen, bro. So so James got involved and here's what he did. He says let me put my agents on here, let me do these things. And all of a sudden all those three o'clock problems started to go away. Then the voice system started to work the right way, and then we figured out that Comcast wasn't really providing the circuit they were supposed to be providing, and then we had to get a different one. So all these things. At first I went, oh man, I can't afford. You know, at the time I think I was doing it on my own. I would say it cost me like $500, okay. And he was like well, this is my program, this is what it is, and for the machines we had at the time. And then I'm like oh, I got it. And then Wayne said you need to do this. So I was like yeah, and so that's when it happened?
Speaker 1:Well, it took you a solid nine months to make a decision. You don't act that way anymore. No, we both have changed a lot. And our business acumen has grown.
Speaker 3:Chris can make a really quick decision when it's like fun and lifestyle oriented.
Speaker 2:Hey, if I was at that bar dude I'm talking we would have had some fun with that one. We would have been lining stuff up. It probably would have been an epic viral video. But going back to that, that's called evidence. What was the?
Speaker 3:three o'clock thing. Was there a particular TV show on Somebody?
Speaker 1:watching porn. What's happening? It was the fact that, where they were, the circuit that Comcast or whatever provider it may have been, spectrum, I can't remember at the time was underserved in that location. And so what happens is they'll say, yes, we have internet capability for you. But what happens is, yes, they have it, but cable is one little pipe down, and if you have 50 people on the pipe, great. If you have 500, you're still sharing that same bandwidth, whether you're paying for this, that or the other. So what we found was, at three o'clock, there were people trying to keep awake watching videos or maybe not YouTube back then but a lot of bandwidth was being consumed and we had to put Comcast on notice and eventually we got a new circuit and then you moved.
Speaker 2:And and then you moved. I've kept the circuit sense, but one of the things that we thought about at the time was that we were at the end of this line in Comcast. In between the beginning of line the end of line were a lot of houses and apartments and a lot of kids came home from school at yeah, we get on get online and start doing their thing and we would lose it.
Speaker 2:that's what. So, yeah, so we end up having to go to a t3, not a t1, and uh, we've. I still have the t3 today, but uh, since we've gotten this fixed, this is one of those things where you don't realize it until you think about it and as you think about it. I haven't had a three o'clock disruption like that ever again. I've had Comcast go down, maybe twice, but I would tell you now, with having a service provider, I wasn't at the office it was like a Saturday night and I got a text message that came from his system saying your power's out. The power company didn't tell me no, but they did. They said, well, they set your servers offline.
Speaker 1:And this wasn't an easy. We've realized it. It was. How many times was I out there making the Comcast guy stand there with me and asking the questions Well, that doesn't make sense because of this, this and this. Oh well, you know, no, let's try it on this laptop directly and let's try this. And so now the tools have gotten to the point where I can tell so-and-so is watching YouTube videos and so-and-so is playing Spotify. And it's exactly the time you said things were slowing down. And it's, by the way, this machine and this person and this iPhone, big brother, baby, that's right, big dog.
Speaker 3:But what it's really helped. Help me understand how YouTube helps your job performance. Questions you know on your one-on-ones.
Speaker 2:I will say that one of them is help. Here's another stat. Here's a mind-blowing stat I just saw on TV they said that the Gen X and millennials 90 I'm sorry, 75% of workers will watch TV while they're doing their work during the day. I'm like, do what? Look at my daughter going. I'm like, do what. I'm like this isn't Final Four. This isn't like the start of the NCAAs, which is supposed to be the lowest productivity time ever. I was like you've got to be kidding me. So we went and looked it up and, sure enough, so I did have to ask one of my csrs.
Speaker 2:so help me understand I said so what are we watching today on your phone, through our, through our internet?
Speaker 2:with the little grin yeah, I said what are we watching today on our phone? So, but but that's the kind of stuff you know when you go back. I don't want to talk about this one too. So performance of your company, you know it's, it's a cost, you know, and to have that cost, I don't even think about it. I mean, you get all these email guys I know you do, and I get approached at least weekly about somebody who wants to get a free quote on it, quote unquote. Or you go to a networking group and they're like, hey, can we come over and just give you a free analysis?
Speaker 1:I'm like, yeah, I I actually it's not even worth my time right now. Well, that's why we do quarterly business reviews with you. I mean, the thing is, it's one thing to be at your revenue levels, but if you go back to startups and thinking about the things you can do, this isn't just about let's talk about where you started with. Well, I'm just a little handyman company. Why are they looking at me? They're now.
Speaker 1:It's not the pop-ups, it's not even just the ransomware, it's the email attacks. I mean, you've gotten it now where I know you're out of the country, and I say why is there a valid login from Ethiopia when I know Chris was at his office for 25 minutes ago when I left there. We get that constant security operations center monitoring and I'll get a phone call in the middle of the night. James, there was a valid login in Costa Rica for so-and-so-and-so. Oh, yes, that's valid, because I got an email from him that he was going to be out of the country.
Speaker 1:We have rules associated where you can log in where you can't log in. But think about this the average business that has five people or less, or maybe 10 people or less, or just a solo entrepreneur, they're not going to be able to spend a ton of money, but there are some things they can do to protect themselves. And so you get to your level. You're going to have a managed firewall. We're tying that event log and the event log of your computers and the event log of your email and the event log of everything you do into a security operations center that is going to 24 by 7 US-based. Monitor it and record those logs for a year. So if you are breached then we can turn it over to your insurance company and prove that you did what you said you did on your application, because that's half the battle you hit.
Speaker 2:You done two things. Let's go with that. The last one first. So just getting ready to do my insurance renewal, and at the back of my insurance renewal is cybersecurity protection and they had. I had to show them that I had an MSP so that they could provide me this protection and obviously charged me less premium.
Speaker 1:That's true, and the more you can report on it and actively show hey, when I help you, it used to be they just a business owner would send me the policy and I'm supposed to fill it out. Well, I can't take that risk anymore. You're responsible for a certain level of risk. I can help you mitigate that risk and I can report on how you're doing it. But ultimately, if the city of Atlanta can get ransomware, if all these pipelines and you can't throw enough money at a small MSP like me in a size revenue, you are to say, James, can you 100% protect me? No, it's layers of security.
Speaker 2:So let's go to the next thing, because you's bringing this one up ransomware. Why would anybody ransomware me, and what the hell does that mean? What's that?
Speaker 1:mean. So ransomware is an evolution of the virus and the ability to lock down your computer. So basically, what they're doing is taking a bet that you want your data back. So bad, you'll pay for it. We've encrypted it and unless you pay it with Bitcoin that can't be traced. Well, first of all, don't pay it, because the minute you do, they will unencrypt it. However, they got it in there in the first place hasn't been solved, so they'll re-ransomware you.
Speaker 1:I had my customer in Savannah which is Coastal Grading. They're a great company. It's been sold a long time ago. But they had a friend, a companion company, that got ransomwared. They paid the ransom, bought new computers, put everything back on. It got ransomed again. They expected the insurance company for their cybersecurity to pay for those new computers. No, you also got to look at what your policy if you have a cyber insurance policy will pay for. I know I'm birdwalking there a little bit, but ransomware is where somebody's clicked on something or somebody's downloaded something that are a computer. Or you've had a child at home that's got Minecraft and they've downloaded something to make them cheat at Minecraft that happens to have malware or a bad payload or something in it and they're playing on your work computer and you happily go to work, not knowing that your kid was using it for gaming. And you open up and suddenly hi get to your files.
Speaker 2:This is crazy, right. So I was asking him. I'm like, well, what will they do? He said, well, they'll hold your files. Now you can't work, and so they're going to ask for a number and they know that you can't go anywhere else and you're going to have to go back to them.
Speaker 1:That's right, it's evolved and it used to be. They'd say we want $500,000 or $50,000. Now what they do is they get into your systems and try to move laterally across the board, everything from your cell phone to your. They don't. Now they've seen you log in. They see you have a $20,000 bank balance, pretty regularly they're going to ask for $15,000. If they see you have $100,000, they're going to. But it's not just that. They've started to realize, well, a two million dollar ransom isn't going to be paid for this guy. He could probably pay 15 or 50 or whatever. But more importantly, it's who you're doing business with right, because if they can trick your system and this happens all the time you have 12 tabs open and one of your employees clicks on a fake email, logs in, suddenly they have access to every login on every one of those tabs. So think about the tabs you have open on your browser. It might be your bank, it might be your CRM.
Speaker 1:It might be your QuickBooks online? It might be. Yeah, Boats, boats, boats.
Speaker 2:I have 18 open right now.
Speaker 1:So if you were to click on that, they have access to all of those systems. So suddenly you're communicating with your attorney or you're about to close on a piece of property. They see that there's a oh, you're buying a piece of property in Captiva and so, and so, suddenly, they'll interject themselves into that email chain with your signature. Looks like it came from you, it might even have been from you, and they've got hidden rules in your Office 365 that are moving anything from this to a hidden folder and you don't even know that. So and so is not there clicking on replying oh yeah, I'll give you an updated wire instruction. And suddenly that money for your down payment or whatever, whatever.
Speaker 3:This is making my blood pressure go up. I mean, I'm so uncomfortable right now because you know, to be honest with you, when we start talking about computers it's blah, blah, blah, pop-ups, blah, you know. But this is how close are we to being able to hit a button and nuke them back?
Speaker 1:Well, I can tell you this If I had my laptop with me, it's in the truck, but I can actually get in and pull up Trusted Toolbox and tell you every attack down to the apartment building or the city they're in. Oh, so we can trace them now Can't do anything about it other than block that IP address or block.
Speaker 3:Chris knows some people that can do some things. Yeah, that's a different podcast. No, it's this podcast. Yeah, it is my podcast.
Speaker 2:I've asked too, and he said, no, you can't do that.
Speaker 2:I said where are these 90 attacks coming from? He goes, yeah, I know where they're coming from. I said, all right, let me have it. He goes. I can't Give me the address, so, but all right, so we have that here at the Trusted Toolbox. Trusted toolbox. But if I am a smaller guy, let's say I've got three or four people, what, what should? What preventive measures should I take before I decide to go yeah and and take the leap into ms 100 paper and courier pigeons. Thank you, thank you capital aarp, yeah get off my lawn kids savannah's watching the movie already.
Speaker 3:Yeah, we. We've already lost her. She's gone Long gone.
Speaker 1:She's planning dinner. So before you, you'll know you need an MSP. When, just like you mentioned, chris, when it comes to the point where you're spending enough time that it's preventing you from proactively working on your business, employees will hide behind the tall grass. And so things like productivity is the point where I'm smoking at the back. The internet's not working, I might not take a smoke break. Oh, my printer doesn't work. They will find every excuse not to do their job, and then they've taken that monkey and put it on your desk. So at that point, when you're doing too many balancing of monkeys, that's when you know you need to invest in a third party. Somebody that has the ability to multitask and has a team of people that are can help you with your IT needs.
Speaker 1:But to start with, if I was a brand new startup I just read E-Myth Mastery, one of my favorite books, michael Gerber and you take the leap of faith and you say I'm doing it the first thing I would invest in is a firewall. You know you'll see people at home using their Comcast modem thinking that that's going to protect them, and it doesn't. It just doesn't. Comcast isn't in the business of protecting your data. They just provide you a pipeline to get to a certain place. So a firewall is very important, and that can range from a few hundred dollars to something like we've got in place with you, which is monitored and proactively managed, and several thousand dollars versus a Netgear or a WatchGuard, or WatchGuards are managed as well, but those ones you see at Best Buy Okay. So that's better than nothing.
Speaker 2:So good, better, best, you're saying that's good, it's okay, let's at least get a firewall, and let's at least change the default password from admin.
Speaker 1:Admin or your password of password A.
Speaker 3:B, C, D, E it's actually 1, 2, 3, 4. I just had a heart attack. You're gonna have to change it before this airs. That's so funny, I love it so, yes, that that.
Speaker 2:So now everybody can hack into everything for me, no, come on. I mean, my passwords are all over the place. But um, how many passwords?
Speaker 1:well, that's actually that comes into number three on my list, all right go. But so the firewall is basically. Just think about it, as you just built a moat around your castle right, got it, so you've got a better. It's better than just having the castle walls up, which is good, but you need a moat. Well, at that point, the next thing is replacing those Alligators in the moat, that's right, We'll call that EDR.
Speaker 1:That used to be antivirus Endpoint detection and response. I'm getting computers, Chris, Did you hear that? So the second thing is and this is I'm trying- to, I make fire.
Speaker 2:Good job, alan. Go back to coloring your crayons. Gronk, chunk, ronks, make sparky. I get computers, alligators and butts. Hey, I got it and he comes up with EDR. I'm like, I'm trying to I'm actually trying to write down EDR, because I don't even know what it means.
Speaker 1:It's shorthand for alligator Detection and response. Think of it as antivirus on steroids Used to be. You'd have antivirus and the definitions would come down once a week or whenever. Edr is the advanced version of that, where real-time your activity is being scanned. If there's a malware or a bad piece of software, it's called a PUP Potentially Unwanted Program Something that you might have clicked on and said, yes, you know how impatient we all are. I've done it. You log in, click, click, click, yes, yes, yes, give me what I need to know. I've got a phone call in 10 minutes that one. So EDR is the next Plan on spending between $3 and $7 per person on something like that.
Speaker 2:For a basic level of EDR. So I've got to put a firewall in. I need to get an endpoint detection response. Give me a name on that one.
Speaker 1:We use Datto EDR, but there are things like Huntress. There are countless good versions. That sounds good. Get that one.
Speaker 3:That does sound sexy.
Speaker 1:It gets to the point where you can lock down to nothing called Threat Locker, where it is a zero-trust type application where nothing is trusted unless we approve it ahead of time, but an EDR, even some of the decent manufacturers. Now you don't want McAfee. Some of these are just crap. They just come on the home edition computers. Do your research, Don't expect to spend more than $7. At that point you're going to get into where you have a security operations center monitoring for things a little bit more proactively than just the software trying to do it's true, because I mean, if you would have said, what would you do?
Speaker 2:I was like, well, I knew they're norton and I knew mcafee. That's the only two names I knew. Right, but I don't have to know that stuff anymore. But now he's saying he's unlocking it for you. You know to tell you what to do.
Speaker 3:So firewall, put your alligators in your moat for alan that's called edr and then the next thing is you put oil in the moat and light it on fire.
Speaker 2:That's why I can't wait to hear what number three is.
Speaker 1:Well, I think the third Wow.
Speaker 2:No no, guess it's a whole new level you haven't even reached the wall yet Wait to see what's coming. Wait to see what he does with that thing, I think the password manager is the most important thing.
Speaker 1:Next, things like LastPass. There are so many passwords and there are so many times where we'll do a scan on the dark web and we'll see that Chris has used password as his password for 93 websites or whatever complexity, and then you forget them having something that is encrypted Capital P password and the at sign for the A Weird Ooh, uh-oh oh here, I didn't even give that one up, and now he's gotta go to teach my password again.
Speaker 2:Don't worry, I've got you what?
Speaker 1:all right, so last pass, last pass is a good one. There's others. There's there's a quite a few, and all of them have been breached at one point of the other. Theoretically, I'm just mentioning that one. There's a lot of others. Just something to manage your passwords where it's not a spreadsheet or a note on your phone, because my wife keeps her passwords and notes on her phone.
Speaker 2:So we don't do that at the Trust the Toolbox, we just use sticky notes.
Speaker 3:I think sticky notes are the most secure thing I've heard so far in this podcast. No, actually.
Speaker 1:I think his rates are going up far in this podcast. No, actually I think his rates are going up, oh my god.
Speaker 2:So what's funny is I said, hey, james is coming over, and I used to go to cindy. I'm like, hey, I think it's time to get rid of those posted.
Speaker 3:They're faded, the color's gone.
Speaker 2:Yeah, and she put a bit in her drawer, one that we don't lock.
Speaker 3:I'm like that's awesome I think that, I think that actually kind of works. No, actually everybody no no, no, so you said something. Sorry, I'm going to digress a little bit. What is the dark web? I mean, it sounds so ominous. It's where the mafia hangs out and all the Russians and all that stuff. Basically, okay.
Speaker 1:So it is a version of. I'll try to make this as simple as possible.
Speaker 3:Thank you, I appreciate it.
Speaker 1:Alan sport rock.
Speaker 3:Don't forget the oil and the alligators. I got flaming alligators. The listeners were on it with that. Okay, great, I've lost my train of thought. What's a dark web?
Speaker 1:Okay, so think of the Internet where you can Google anything you want, all right, yeah. Now if you provide a VPN or a hidden tunnel to another version of the Internet, that's a dark web. It's where your identity is stolen and they sell your credentials. Perhaps you may have gone to a lot of this happens to a lot of people. They'll go to Chewycom or OfficeDepotcom and Office Depot hasn't protected your username and password, right. They get breached and suddenly you'll see, oh, on the news, blah, blah, blah, I got breached and they've lost your social security number, your credit card information. It doesn't take just one of those Like Office Depot is going to give a username and maybe a password. Well, that's a starting point for them. So then, what these brokers do for pennies. I could buy 15,000 names and social security numbers and medical information on the dark web for a penny a piece.
Speaker 3:Why don't you just do that for your customer list, Chris. That's what I'm thinking.
Speaker 1:I've already done that for her. Okay, how do you think I got the new truck?
Speaker 3:Hey, you do have a nicer truck than Chris does. What is that?
Speaker 1:Oh, a nicer truck than chris does. What is that? Oh, I haven't seen that man. I was already. I was already in here getting ready for the podcast. Sorry, no, seriously it's so. Just think of it as the bad guy's home. Everything's for sale, whether it's drugs, whether it's weapons, whether it's.
Speaker 2:I mean, I'm making this very simplified, but not enough for alan, but for our listeners they're getting it but it's just not easily found, I mean, it, it.
Speaker 1:It is if you're a bad guy and you can think about the way sophistication apparently I'm not a bad guy, no, I'm not either, if they spent half their time, half of this time, getting a real job.
Speaker 3:I know I know there's really brilliant, so for a password manager.
Speaker 1:Think between there's free versions. Last pass has a free version for your family and the nice thing about that is you can put in your Gwinnett water all the things that if something happened to you your Facebook, your phone pin it's encrypted. Your wife would be able to log in and see all of those things if something happened.
Speaker 2:It's just being you know All right. So, man, we're running out of time. This stuff is so good, all right.
Speaker 3:So, man, we're running out of time.
Speaker 1:This stuff is so good, all right, so one, two, three. What else do you have?
Speaker 2:Multi-factor authentication hey, you almost did your password One, two, three, four, five, six, seven.
Speaker 1:So multi-factor authentication. It's upside down. Everybody hates it. Everybody finds it completely annoying to have to go to your phone, get a text message that says type this in that's the base level you want for your banking or anything important. I got out of that one.
Speaker 2:You broke me. You love that one, didn't you? I broke out Multi-factor authentication. So I have that. We have that because we have Office 365. So they're the kings of that one right now, right.
Speaker 1:Well, yes. However, do you have it on your ability to remote in and look at your files? Do you have it on your phone system? Do you have it on all the devices that you can turn that on? It's a pain. You should then get a tool like duo or microsoft's authie or authie, and then microsoft has their own, and what will happen is it'll it'll instead of text messaging you, because now we can clone phone sims, right, so we can make a fake version of your cell phone. Wow, the bad guys can not me. Wow, right, so then I'm a good guy.
Speaker 3:I think he can, I think he could be a bad guy. I know he's just choosing to be good.
Speaker 2:He's chosen the right path. You have chosen wisely. It's like a paladin.
Speaker 3:But what happens then?
Speaker 1:is. It's a push notification to that application. That's tied and encrypted and again, that's simplified. Last thing backups, thing, backups. All right, here we go. That's what I wanted to get to this at the very, very minimum. Think about your office 365, your email, your files in the cloud dropbox, one drive, any of the e-folder, any of the data services. Consider yourself a renter and think about renters insurance. Microsoft Office 365 is there to provide you the apartment. They're there to make sure the apartment's interable. If something happens and it burns down, they have to replace the infrastructure. What happens to your stuff inside there? Make sure you have cloud backups. Make sure you at least have something if you're a one-man show and don't have a server, things like a Carbonite or anything that will cloud backup your laptop if you don't have what you have in place.
Speaker 2:Wow, All right. So in Alan's case, what would happen there is that the oil alligator oil on fire would come into his place and blow it all up.
Speaker 1:Alan's case. He's going to be at the kitchen.
Speaker 2:He's going to put a plank down for the guy that looks like you know Freddy Krueger, to bring in the groceries and leave it down. That's right, alan, all right. So here's. Here's an example of why backups are so important. Also, it's not even cybersecurity, it's not. It's just some of your employees can get ahold of a file and delete it really quickly and then they go. Hey, chris, can't find our price list. Where'd it go? I can't do anything. Where's my price list? I'm like, well, it was right there, let me go. Where is it? Well, I went in there and grabbed it. I'm like did you grab it? Or did you hit the D button for dumbass? D delete dumbass and that Delete dumbass All in the same sentence? That's an innocent issue.
Speaker 1:What about something more along the lines of you have somebody in your QuickBooks that's doing your state Sales tax Sales tax, for instance but instead of paying it electronically to the and this happened to somebody I know, a customer their person was routing their state unemployment tax. It's shown in QuickBooks that they paid it. They were routing that money into their personal bank account.
Speaker 3:Now, obviously, they got caught. You need to fire your accountant right now. No, my accountant's not doing that?
Speaker 2:Your bookkeeper? Yeah, no, oh, okay, are they doing that? I don't know.
Speaker 3:But here's the point. Can't you tell I don't either, if you have done right.
Speaker 1:You can go back months and potentially you've done accounting. What was the P&L then versus now? At least you have the ability to go back, even if you're just to have one computer, carbonite or something along those lines.
Speaker 3:We're going to have to skip the four questions. I know we are this is great.
Speaker 2:Guys, as we wrap this one up, you're figuring out there's a lot of little things you can do on your own. But if you want to go to a managed service provider, I don't think you're going to find it as expensive and you can actually cost justify it quicker than nine months that Chris did. Let me speed this up for you. It definitely was a help because it took me out of the. Well, I need to get a new laptop for a guy, all right. Well, I need to get a new laptop for a guy, all right, chris, what did you used to do?
Speaker 2:Well, I used to go look at Best Buy, then I go to Costco and then I go see if I can get a deal with Dell, and then I'm all over the place and then I get the one. That all, basically, is just a web appliance. Isn't that good? And those guys? So now I just say, all right, this is what I need. And they go okay, set it up. They buy the laptop, they get it cheaper than I could have gotten anywhere, and I don't care, because it's all set up and it sits right there and the guy can start working day one and I can start training him on trusted toolbox shit as opposed to how do we set up a computer shit. What a massive time saver. It really has been a massive time saver for me and peace of mind, a lot of peace of mind, because we did get hacked. You know, our email got compromised years ago. That was me, no, but that again.
Speaker 1:It happens still every day.
Speaker 2:Yeah, so you guys closed it down quick and then we had to go back in. Everybody had to get password educated again. And now good news is all my passwords.
Speaker 3:What is it? It's apparently didn't stick 9876?
Speaker 1:Apparently didn't stick.
Speaker 2:I'm going to throw one off on you. Don't forget the L. But that's an upside-down. 7. Oh, multi-factor authentication. Chris has got it going on, I'm going to use the upside-down 8 in my password. There you go. I love it All. Right guys, this has been awesome, Like.
Speaker 2:I said we could have gone all over the place. We got a little taste of how James started his business and scaled using technology. We'll get him back on talk about AI and scaling in the future, because I think it'd be awesome to have you come talk about that. But in the meantime, this is something that if it's happened to you, you know it's a big deal and it's a pain in the ass, and it's happened to me, and not in a big way, just in little things, and that's made me go wow, I don't ever want that big thing to happen. So I'm actually I'm all for it, I like it, and when I see people trying to kind of crisscross in our world, in my business, I'm like no, no, you got to get back in, you got to do this thing the right way and don't open those stupid emails.
Speaker 3:And what are you watching today, alan? All right guys.
Speaker 2:I'm watching my water bottle.
Speaker 3:This is a great episode Alan the cool water bottle. I really like that water bottle.
Speaker 2:You know what Echo? It's like the Fountain of Youth. It's a high-tech water bottle. Screw that we're going back to bourbon next episode.
Speaker 1:All right, guys. If you put bourbon in it, what would happen?
Speaker 2:Oh, healthy bourbon. Healthy bourbon, we love it, I love it when they say healthy bourbon.
%20png.png)
