Small Business Pivots
Tired of fluff-filled business advice? Small Business Pivots delivers raw, honest conversations with entrepreneurs, content creators, and industry experts who’ve made bold pivots to grow—whether to six figures, seven, or simply the next stage of success.
Hosted by nationally recognized small business coach and BOSS founder Michael Morrison, this show shares the unfiltered stories, mindset shifts, and behind-the-scenes strategies that help real business owners overcome burnout, build momentum, and grow a business that works—without working themselves into the ground.
With over 100 episodes, Small Business Pivots is a trusted resource for small business owners who are serious about growth. From the early struggles to the key turning points, you’ll walk away with practical tools, honest encouragement, and actionable insight every week.
🎯 Sample episodes dive into:
• Small business marketing and content creation
• Building referral networks and strategic partnerships
• Mindset, burnout, and decision-making as a founder
• Time management, leadership, SOPs, hiring, and team culture
• Systemization, SOPs, and franchising
• Social media, branding, automation, and scaling strategies
Whether you're aiming for your first six figures or scaling beyond seven, this podcast gives you the real-world insight, inspiration, and community you need to take your next big step.
Subscribe now—and start making the pivots that move your business forward.
Want to visit with our host, Michael Morrison, about business coaching services for your small business? Go here: https://www.michaeldmorrison.com/consultation
Small Business Pivots
Pirates, AI, and Your Business: The New Cybersecurity Battlefield | Josh Cochran
What if the pirates of the high seas never disappeared — they just moved online? According to cybersecurity expert and Oklahoma City business owner Josh Cochran, that's exactly what's happened. In this must-listen episode of Small Business Pivots, Josh shares how today’s cybercriminals use AI-powered tactics to quietly infiltrate your business, steal sensitive data, and redirect payments — sometimes without you noticing for months.
Josh is the owner of Diverse CTI, a leading managed IT and cybersecurity company in Oklahoma City. As a second-generation entrepreneur in IT services and a first-generation founder of an automotive upholstery business, he offers a rare dual perspective on risk, business growth, and protecting your digital empire.
In this conversation, you’ll learn:
• Why the internet today is like the lawless oceans of the past — and what that means for small business owners
• How hackers use AI to scan thousands of emails, create fake invoices, and siphon money undetected
• The biggest myth about cloud storage (hint: it doesn’t actually back up your data)
• The essential cybersecurity steps every small business should implement today — from multi-factor authentication to endpoint detection and response (EDR)
• What cybersecurity insurance really covers (and what it doesn’t)
• How running both first- and second-generation businesses shapes leadership decisions and risk tolerance
Josh shares real stories, including one about hackers who redirected $150,000 in payments through a fake invoice that looked exactly like the real thing.
Whether you’re a startup founder, a multi-generational business owner, or just beginning to think about IT security, this episode will help you understand the modern threats facing your business — and how to defend against them.
👉 Visit diversecti.com to try their free cybersecurity assessment tool and find out where your business is vulnerable.
Josh Cochran: CEO of Diverse CTI
Website: https://www.diversecti.com/
LinkedIn: https://www.linkedin.com/in/joshjcochran/
Blog: https://www.diversecti.com/category/blog/
#CyberSecurity #BusinessProtection #JoshCochran #DiverseCTI #AITech #DigitalThreats #Hackers #Malware #FamilyBusiness #SmallBusinessOwner #BusinessGrowth #Entrepreneurship #OklahomaBusiness #ITServices #ManagedIT #BusinessStrategy #BusinessCoaching #BuildYourEmpire #OurBusinessIsHelpingYoursGrow #BOSS #BOSSBusiness #BOSSLoans #BOSSEmpire #SmallBusinessPivots #MichaelMorrison #OklahomaCity
1. Want more resources to grow your business faster?
https://www.businessownershipsimplified.com/
2. Want to connect with our Host, Founder & CEO on LinkedIn?
https://www.linkedin.com/in/michaeldmorrisonokc/
3. Want professional business coaching with our Host, Founder & CEO?
https://www.michaeldmorrison.com
4. Want to set up a FREE business consultation with our Host, Founder & CEO?
https://www.businessownershipsimplified.com/consultation
FOLLOW US ON:
- WEBSITE: https://www.businessownershipsimplified.com/
-WEBSITE: https://www.michaeldmorrison.com/
-LINKEDIN: https://www.linkedin.com/in/michaeldmorrisonokc/
-YOUTUBE: https://youtube.com/@businessownershipsimplified
All right, welcome to another Small Business Pivots. Today we have another special guest from around the world and this guest is almost in my back door, the great state of Oklahoma. We are featuring Oklahoma business owners this year this summer, and I know that no one can introduce themselves and their business like the business owner, so I always let you do the introductions so you can say it like you want it said.
Speaker 2:Well, thank you, thank you. So my name is Josh Cochran and I'm with Diverse CTI. We are an IT managed services company and we specialize in basically managing the IT infrastructure for small to medium sized businesses that have really reached that point where the hourly IT guy is really not a match anymore. And I always tell people you know it doesn't always mean that you know you're frustrated or you think your IT guy isn't doing a good job. A lot of times it's just related to the maturity of the company. You reach a point where you need something a little bit deeper, a little wider, maybe a little more technical expertise, and that's usually when companies come looking for me and my team.
Speaker 1:Awesome, awesome. So we've got small business owners listening. How do you think we're going to help them best today?
Speaker 2:One of the things that I think just recently maybe in the last four to five years that I've begun reflecting a little bit more. I've been doing this for 25 years, been an entrepreneur for 25 years. My dad started the company that I'm in right now. My dad started the company that I'm in right now 40 years ago, maybe almost 41 years ago, back in 1984. So I was kind of raised in that entrepreneurial maybe more of an epiphany that I've always seen myself as an entrepreneur because I've started some other businesses I'm in another business with one of my best friends and it's in the automotive industry but this is really my passion diverse CTI but I think I've maybe realized that this is somewhat of a second generation entrepreneur journey and that's been an interesting lens to look back through the years on, because I don't think I ever really looked at it that way.
Speaker 2:I looked at it, you know, it was like me and my dad and we were partners and I'm one of the lucky ones my dad and I are still best friends. He's retired now. He retired in 2019. And so that kind of caused me to start looking at things a little differently, because I'm kind of on my own at this point. He's been an excellent partner through the years. He's been an excellent partner through the years. But anyway, just recently I've been kind of realizing that in some ways, the journey of a second generation entrepreneur is very different than just starting the business from scratch, which I've also done. I've done both of those. The business from scratch which I've which I've also done, I've I've done both of those. So, uh, my other business that I'm in involved with, uh, my best friend is, is a $2 million, you know, uh, gross revenue business as well. So so I kind of have both sides of it and I'm realizing, um, for whatever reason, I didn't really think of diverse CTI as a second generation business.
Speaker 2:I just because I grew up, yeah.
Speaker 1:Yeah, so it is different being a business coach and working with family businesses, generational businesses, partnerships they're all different and so I think we're going to be able to help them a lot with some insights that you've got, some tips and all that good stuff. So let's introduce the show real quick and we'll be right back. Welcome to Small Business Pivots, a podcast produced for small business owners. I'm your host, michael Morrison, founder and CEO of BOSS, where we make business ownership simplified for success. Our business is helping yours grow. Simplified for success Our business is helping yours grow. Boss offers business loans with business coaching support, apply in minutes and get approved and funded in as little as 24 to 48 hours at businessownershipsimplifiedcom.
Speaker 1:All right, welcome back to Small Business Pivots. We're talking to a second generational business owner and family family. Most family businesses are not pretty, but you said yours was. Can you give us first any insights of how that baton was handed off, because a lot of first generation business owners they don't want to do that and so you must have proved something to them led the company. You know, kind of what was that scenario like for us?
Speaker 2:Well, I have to give most of the credit to my dad. I mean him, him and I have, uh, he kind of raised me just in a, raised me just in a very wonderful way in terms of I never felt that I was competing with my dad. I never he treated me as an equal in the sense of, you know, giving me responsibilities and so forth. So a lot of that I have to. I just have to say, uh, kudos to my dad. Um, he's just one of those rare individuals who, um, just doesn't have a chip on his shoulder. So he was. He was always open to my thoughts and my, my input over the years, which, you know, obviously I was a kid, so it wasn't always good input, you know. But yeah, he was willing to kind of let me try things and fail and put, you know, allow me to put the years in, to kind of learn, and yeah, so in terms of why he felt comfortable, I think it was just when I was growing up. He he told me you know, please, please, don't just be in this business just because it is the family business, don't, don't do it, because you know I've done it. You know, go off, do your thing If this will be here. If you want to be involved, you can be.
Speaker 2:And I actually early on didn't want to be. I thought, you know, I I really didn't want to live in my dad's shadow at the business. I thought that would be kind of what it would be like and I wanted to have my kind of my own success, not like in a, in a, you know, like a selfish, arrogant way or anything, just just wanted to kind of it was for more for me, like I wanted to know, like, hey, I can go out into the world and survive, and that was important to me. And so I went to school for an electrical engineering degree and two years in, a couple things were going on. I was helping my dad with his website, which the dot-com boom was just going crazy. This was 99-2000. And I told my best friend at the time he was going to school for a mechanical engineering degree and I said you know, we're morons if we don't start a web business. We're just complete morons if we don't do this. This is exploding. And because I saw what was going on with my dad's business he was selling phone systems online like crazy, just left and right, I mean, and I was kind of assisting him on the in the on the website side, because I had kind of dabbled in some HTML programming and kind of taught myself how to do that because it looked fun. And uh, so my best friend at the time, uh, and still, you know, still is he's the guy that we started the automotive business together. He said, okay, well, but I have no idea what, what should we do? And I was like I don't know either, but we need to do something. So so we eventually totally separate story but stumbled upon an opportunity. We were car guys and into cars, and so we stumbled across an opportunity there that we thought would be worth pursuing.
Speaker 2:And, and while we were starting to build that business, I just I was fed up with college, just fed up. I just was like this is not for me, it's not what I thought it was going to be. So I dropped out and kind of went full time into starting this business with my buddy and you know, my dad said you know there's plenty of work over here on the website and running the online part of the business. If you want to do that, you won't be a burden to your new business. And I thought that sounded great. So I jumped in to Diverse CTI and was working on the website. I built a website for my other company with my buddy the automotive side and and um, and so that's kind of how it started, that I got I got you know back into diverse CTI full time.
Speaker 2:Um, what I began to realize was that I really love and this is kind of maybe something that, uh, the IT you know part of the business allows me to do. We would constantly be connecting with other business owners because you're making you're making a big decision when you go with a new phone system or a new, whole new network and you know your IT guy and you know all this infrastructure that goes, goes along, goes along with that. So I was interfacing with other business owners and that was so much fun. I would learn their story, just like we're doing right now. I would learn their story. I would get kind of somewhat personally invested in the story because we're installing IT infrastructure equipment and helping them manage it, which is like the foundation of their business, how they interact. And to do that I have to ask questions, like you know how do your employees use their computers and their phones, and when your customers call in, who do they need to talk to and why? And you know, because we're making phone tree menus and programming the phone system to ring different areas in their businesses and so forth.
Speaker 2:So as I did that more and more, I just realized this is awesome, I love this, I really like this portion of it. I'm it's like I'm a partner with these other business owners. I'm a part of their success, watching them grow, and that was a blast to me. So I think as I got into that, I was exposed to other business owners, I was exposed to other entrepreneurs and that was very fulfilling to me and I think my dad saw that spark. Think my dad saw that spark, you know. And so as the opportunities in the company kind of became available, I just kept taking on more responsibility and more responsibility. Until you know, really probably about 2010, I was basically running the whole company except for sales and the you know, sales and marketing. That that's kind of. He just kind of stayed in that side of things.
Speaker 1:What would you say are some traits that your dad had that showed you how to be a good business person.
Speaker 2:I think this is maybe one of the mysteries about being an entrepreneur is just that tenacious drive and sometimes, in the face of everything telling you this is the, you know this, you shouldn't do this, this is the wrong way to go, right, like it's a bad time to start a business, or nobody wants this, or it's a bad time to start a business, or nobody wants this, or and, and. Those are all real questions, and this is like the mystery of being an entrepreneur is like there's this small speck in everybody's story where someone's telling them you know, this is probably not a good idea, you're taking a big risk here. You know you're going to lose everything. You know what are you doing with your life? You know you're even asking yourself that question. You know and some of them sometimes that you really do, you should stop and quit. It's a bad idea, right, but how do you know? Because, like, so this? There's something mysterious there. You know about being an entrepreneur where you just keep going and you, just you just keep banging your head against the wall and eventually there's a hole. You know, and you go through it.
Speaker 2:Um, so, watching my dad do that, um, you know in in the beginning, uh, he has a really interesting story. Um, you know, he was working for Radio Shack selling phone systems way back in the day. If you know Radio Shack at all, yes, wow, and he, at least in the small division of telephone sales, was number one in the nation. He was the number one sales guy. And there was an old TGNY store, if you remember back in the day, tgny, tgny store, if you remember back in the day, tgny kind of like today's Target or maybe not Walmart size I mean Walmart's just a behemoth these days but yeah, a lot of department stores back then and TGNY was one of them. And my dad's beat up brown pickup on a couple sales calls and gave him his national award and also told him that, by the way, they would have to turn down the TGNY deal because Radio Shack's were franchises, because Radio Shacks were franchises and so there's no mechanism to put a trouble ticket in and have it go. And my dad's saying, well, what do you think I've been doing this whole time? I've been calling all the franchisees and getting them in on all this whole deal. I've already arranged the whole thing, and he says no, no, no, we can't do it.
Speaker 2:So that kind of kicked off the thought in my dad of, like, well, what am I doing working for you, for you? You know, if this is, if this was your version, your vision, and um, so anyway, uh, we were poor. I mean we were poor, we were dirt poor. We lived in a mobile home out in Luther, oklahoma, in the sticks, and it was about a 20. He would, he would drive in with enough gas to get into town and not enough gas to get back, and he would go door to door and knock on businesses and meet him and cold call and hope there was something he could get done and get paid for that day to make it home. Um so, uh, you know, if I tell that story too too long, I started to get a little choked up because, uh, you know, that's that's what I watched him do. And and, uh, so, looking back, that tenaciousness and that spirit of just never quitting, uh, really affected me. Um, I think there's more to being an entrepreneur than just that, for sure.
Speaker 1:So, it's always important and encouraging to have a role model, and I know that that story touches a lot of entrepreneurs hearts because, as a business coach, a lot of business owners will say am I the worst business you've ever seen? Am I the only one going through this or that or whatever? And I'm like no, be encouraged, we all go through it. Now, if that makes you happy, probably not, but just know you're not alone, and so sharing that story is important. You started off the show when we were talking about you said second generation versus first generation versus grassroots what's been the difference that you've seen? That could be helpful for our listeners.
Speaker 2:Part of maybe some of the things that I'm seeing would be that when you're starting a business on your own, I think you're very in touch with the things that it takes to start the business, what makes your product attractive to your client, because you're just right on the front lines and you kind of have an idea, maybe in the beginning, of what you want to do, of what you want to do, and maybe you have identified that there's an opportunity there that you can take advantage of and create an opportunity and create value for people. And you're very much tweaking that idea as you go through and molding it, and so you're a lot first gen. You're very in tune with the product and what it means to your clients and the value that it has to your clients. The second generation didn't always necessarily go on that journey with the first generation, and so there's also the added maybe risk of now there's something to lose. In the beginning there was nothing to lose. You had nothing. You can make wild swings or try new ideas, and there's nothing to lose because you don't have anything. But with second generation, now you've got something and if you make the wrong decision or you take it in the wrong direction or you try something too risky. There's skin in the game, there's something at risk. The person who's taking over hasn't necessarily proved anything. They didn't start the business necessarily.
Speaker 2:I'm really kind of a weird in a weird situation in the sense that I may be not second fully, I'm like 1.5, you know, because in many ways I grew up with my dad in the business and he did just such a good job of making me feel like we were together, even though I was just a kid. I would go run cable with him in the ceilings, I would go do stuff in the summers with him, and so in one sense I was part of it. But the piece I miss or missed, was that day-to-day everything's on the line. That part I didn't know that and I shouldn't have Like I was to day all everything's on the line. That part I didn't. I didn't know that and I shouldn't have like I was a kid, right, my dad's not going to, and I'm glad he didn't. You know, I I didn't. We were poor, but I had no idea. I was just happy as a lark. So, um, by the time I got to 12, 13, you know, my dad had had really begun to see, to see some success and probably by the time I was 15, we were building, you know, building a 5,000 square foot house out, you know, out in Luther, and so dad did well and I saw that.
Speaker 2:So second generation, I think, struggles probably a little bit with just of that connection of you know what, the journey that you went through, but now there's something that you can lose and so what's the connection to that and the other funny thing maybe too is just that I wanted, mostly for me, as I was working in the business, I didn't want people to treat me differently because they knew my dad and had a relationship with my dad. I wanted them to interact with me because of me and who I was. I felt like, if they knew that I was related to my dad, that I wouldn't get a good, solid read from them on my relationship with them. Are they treating me so I would not tell them that I was related to my dad.
Speaker 2:We had enough employees at that point where, uh, I would call him when we would go into meetings. I would call him tom, I wouldn't call him dad, and not because I had any kind of disrespect for my dad or whatever. It was. Just. It was just simply for me, like I wanted them to treat me for me, and not know and and and and also maybe tell my dad you know, hey, this Josh guy is a loser, you know he is. I don't know what you're doing. You know, like I just wanted, I wanted my success to be disconnected from my dad's success, so that I knew I had a you know, real feedback about what was going on. In a sense, I wanted to prove myself and know that I was standing on my own two legs. So that was another thing that I kind of struggled with.
Speaker 1:What were some of the pivots you made in your automotive business that you could share with our listeners? So they could have been pivots that were for the good or the bad or the ugly, but some pivots that you made that would be worth sharing.
Speaker 2:In the automotive business. Okay, so automotive upholstery is what we fell into. We had a buddy of ours that's how that business started. Our buddy of ours we were car guys. He took some guys down to Dallas on a trip and one of them burned a hole in his backseat with a cigarette on the way to.
Speaker 2:Dallas. And so he called us and he was like man, somebody burned a hole in my backseat and I don't know what to do. And he, you know his cloth interior and um, he's like you know, I thought of you guys cause your car guys, and you know, and so I had already had the conversation with my buddy, eric, about starting that business, or starting a business, and so we had been going back and forth, like, what are we going to sell? What are we going to sell? So Eric gets on the phone with a local upholstery guy, gets connected, long story short, finds out that this guy can, that there's these manufacturers out there that sew a whole interior kit. They already have the pattern.
Speaker 2:And back in that day it was usually the upholstery guy would do the whole kit. He would pattern it, he would take your cloth off, he would very carefully cut all the take your cloth off, he would very carefully cut all the seams and like and re-sew a kit for your car. So recently this had kind of was a new thing and and so anyway, this guy offered it as a kind of a cheap solution. You know like, hey, I've never done this before, but we could order this pre-sewn kit and you know I'll give you a discount and we'll see what you know if it's any good. So our friend went for it. Eric went down to watch him put it in, because he just thinks that's cool. And while he's watching him put the kit in our buddy's car, he calls me and he's like bro, I've got the idea. You know like we can sell these online. You know they're already pre-sewn, and so I'm like, sweet, you know, that's awesome, you know.
Speaker 2:So anyway, long story short, we kicked that business off and grew it. Just grassroots, we were car guys, we would drive all over the nation to these different car shows and just it was. It was kind of like just fun, it was just a blast, um. But during that time we built a shop that could do some actual sewing. Like there were some cars we couldn't find kits for, but we were like, dude, this is a cool car. I mean we want to do this.
Speaker 2:And so eric um taught himself how to sew and and I was doing website stuff and and so we built some production capacity and we were approached by some various different companies over the years that wanted to see if that production capacity might be applicable to some, to some other things.
Speaker 2:So, uh, for instance, um, there's a, uh, there's a golf manufacturer that wanted, um, this guy makes custom one-off putters that are like five, six grand. And um, yeah, and he's like a master CNC machine guy, right, so he would put these blocks of tungsten in and he would do this AutoCAD, basically this drawing, and it would mill out this just amazing putter head out of tungsten, right, and it's crazy. So he wanted a really cool leather putter head cover that would go over and because of our production capacity, we could make something like that. And so we designed it and made it, and so that's maybe a pivot where we've added in kind of almost like a boutique leather product. You know that that would allow us to. That's not really automotive related at all, but we, we have a, we have the ability to do that, so being adaptable, open to opportunities.
Speaker 1:I know a lot of business owners. We get so stuck in what we do that we're like I don't have time to do that, and that sounds like it served you well to do that. So let's talk about diverse, because cybersecurity is a big thing right now, and it has been. It's as they say. It's stood the test of time and I don't think it's going anywhere soon. It's just getting crazier with AI and everything. So can you share a little bit about that? I don't even really know where to start because it's so many moving parts, but maybe just some tips, insights for business owners. Here's some red flags. Here's why it's serious. Here's some things not to do. Make sure you know whatever those high level things are that you see a lot of in businesses that they can stay away from or at least be alert.
Speaker 2:The crazy thing is, you know, I like some portions of history and it's interesting to go back and study. You know, like the old pirate days, you know, Basically pirates would you know? They'd get in a ship and just go attack anybody they wanted and it was an all-out battle and the oceans were like this free-for-all and in essence, that's the Internet. So the oceans of yesteryear are like the Internet of today, and back in the day, if you wanted to protect your merchant, you wanted to protect your ship, you had guys on the ship with you, had military guys that trained and were ready. So we're back in those days. Crazy enough, it seems. Seems just crazy to think about that. But that's that's really a great, great, you know, really a great comparison to nowadays.
Speaker 2:Everybody's information is on the internet. That's how we do business nowadays. I don't know anybody that doesn't have an email address or a website or some kind of web presence, or take payments credit card payments online. We all do business online. So it used to be that cyber attackers were after your data to lock it up, what we called ransomware. They would install something, some malware, some virus, that would lock all your stuff up. It would encrypt it and then you'd need to pay them in order to get the key, the encryption key, back, and that was the ransomware game that we're all probably pretty familiar with at this point. With the sophistication of AI, and since AI has now come out, there's been a major shift to not just ransomware, an attack. A ransomware attack a business right away, get in, establish a foothold inside the business, a piece of malware that allows remote access and then harvest data, and so I'll give you an example of what that looks like.
Speaker 2:We had a client come to us and they said we've got some really funny things going on with our email. We, like customer of a customer's call, they're getting emails that we didn't send them but they're from us. And so, said well? We said well, someone has hacked. We did a little bit of investigation, someone's hacked in to your email system, and essentially what they did was they used AI to scan through thousands and thousands of emails and build a list of that business's clients, look at the amounts that they were being invoiced. And then what they did was they chose a weekend and they created an invoice that looked exactly like this business's invoice, and they mass emailed it out on a Friday at four o'clock, which is a great time to email emergency emails because everybody walks in. Or maybe over the weekend they realize, oh my goodness, they got this email and the business that got hacked is closed, so there's no one to call. And the invoice was accompanied by the email which basically said hey, this and such and such company, we're so sorry to inform you our bank account has been hacked. We don't want you to remit any payments to the bank account you've been using. Please use our new bank account, which is safe. And then you know here's the invoice account which is safe. And then you know here's the invoice. So over the weekend they they were the hacker was paid about 150 grand to his, to his, to his bank account, to the hacker's bank account. Yeah Right, so it worked extremely well.
Speaker 2:So with the, these attacks are getting sophisticated because with the use of AI, I can just tell it, you know, scan through all this stuff, tell me what the average amount of you know of of these invoices are, and I can whip up a little copy of your invoice. So it's, it's evolved to the point where you need these. You know a little bit more of a sophisticated approach and your average IT guys are probably still back in the old antivirus days where they're just looking for, like the mug shots is kind of what I compare it to. They're looking for the virus and saying, does this match my mug shot? And now we need to look at behaviors. And saying, does this match my mugshot? And now we need to look at behaviors. We have to look at. You know, hey, michael Morrison logged in to his network at 3 am from Bangladesh. That's weird. And then he remoted from his personal machine over to the server and created an admin account. Hmm, that's weird, you know. Oh, by the way, he's changing all the password, you know. Yeah, right, so we need something a little bit more sophisticated.
Speaker 2:I sat down with another client and they said we've never been hacked. And I said well, why are you saying that you've never been hacked? And he said well, no one's ever sent us a ransom demand. I said that doesn't mean anything these days. They could have. They might be on your net If you're supplying them with enough data and information. You're like an oil well, they're just harvesting information from you and you don't know it, because you have nothing on your network that tells you that you've been hacked. You just have an antivirus on there. So that's really the environment that we're in right now. So what can you do? There was really some questions that you asked me earlier. What can a small business do?
Speaker 1:Well, number one you're listening to Small Business Pivots. This podcast is produced by my company boss. Our business is helping yours grow. Boss offers business loans with business coaching support. Apply in minutes and get approved and funded in as little as 24 to 48 hours at business ownership simplified dot com. If you're enjoying this podcast, don't forget to hit the subscribe button and share it as well. Now let's get back to our special guest.
Speaker 2:Now. So what can you do? It was really some questions that you asked me earlier. What can a small business do? Well, number one, multi-factor authentication, is like maybe a huge thing you can just enable and put on right now, especially with your email. So Office 365 or Google Workspace are the two number one, and number one and number two. You can argue which one's which, but that businesses use either Google for their email or Office 365. Either Google for their email or Office 365. And you can go in the admin console and you can begin to turn on multi-factor authentication for all of your users. And that's essentially like, when you log in, the little thing that pops up that says, hey, is this you Did? You log in and you hit yes, you know it's me. Log in and you hit yes, you know it's me. And what that does is it just gives you that second factor of identity verification. So even if your password is exposed, it doesn't matter because they don't have your cell phone.
Speaker 2:The some of the other things that that you can do you do. Number one would be multi-factor authentication, but make sure that you are not an admin user on your network or your Office 365 account or Google account. Make sure you create a separate admin user and then make sure everyone else is just a regular user, including yourself, and that way, what that does is, if you do click on anything, that piece of malware only has access levels that your regular user has. They don't have admin privileges. And a lot of business users do this. They're the ones that set up the Google this, they're the ones that set up the Google account. They're the ones that set up the Office 365. So they're admins.
Speaker 2:Well, that means if you click on any malware, that malware has all the privileges and access that an admin privilege has, right. So even I don't do this at my office. I work in my Josh profile and it has regular locked down privileges. I can't do anything. If I need to do an admin, something administrative, I log out as Josh log in on the admin account, do what I need to get done, then log back out and log back in. It's like cyber hygiene, right. It's like a surgeon washing his hands. So do the stuff you need to do in the admin account, but don't live in that account, don't work in that account, and that's a huge protection against these malwares being able to install themselves and do things.
Speaker 1:I know one of the questions that a lot of business owners ask me is what joy do these people have in doing this? Like why is it so rapid out there? Like just why.
Speaker 2:That's a great question. Um, the association of County commissioners is one of our clients and I gave a, I gave a, actually a presentation on this as and and there's some really well-known hackers out there that have been asked this exact question. One of the most famous one is the catch catch me if you can, guy. You know from the movie with Tom Hanks and and DiCaprio. So that guy was interviewed and, by the way, the book is way better than the movie, if you want. If you read the book, it's like there's so much better stories than in the movie. This guy is just absolutely amazing.
Speaker 2:But it's really about that, the challenge. It's about the challenge of being able to get in. It's like a game and and you could compare it to the same as these guys that go out and mountain climb and, you know, and do the squirrel suit, you know, fly through the air. These, like you know, adrenaline, high stakes type personalities. It's about the challenge. They, they want to see if they can. They can do it. They can get in and trick people and what they'll fall for. They can do it. They can get in and trick people and what they'll fall for, and the other thing I would say that's a big game changer has been Bitcoin Bitcoin.
Speaker 2:You know, if I wanted to steal your data before Bitcoin, I would have had to have you and lock your data up. I would have had to have you send me a check or wire me money or give me cash. That would be a very, very big risk on my part Because you could call the FBI and be watching the drop off location or if it's a wire transfer that goes through all kinds of federally controlled, you know, financial institutions that have all kinds of ability to track money. So it was very difficult for me to steal money from you. But with the invention of Bitcoin, you can now transfer funds completely without anyone ever knowing.
Speaker 2:You know you're anonymous. There's no way to track it. There's ways to guess, and the feds do this. If they see $10,000 got debited over here and 10 grand got credited over here, they can try to make a guess, but that's all it is. It's just a guess. So Bitcoin has changed the game for hackers. It's made it where you can send funds and I can route those completely anonymously. So does that make sense? That's been a massive, massive boon to the hacker community the ability for financial transfers to happen completely anonymously.
Speaker 1:What does a company do with when they have employees. So you can only say so much be cautious about opening this email. If it looks like this, don't open it. But it still happens. I mean, these people are good. I just got one last week that someone had created through Canva and it was a PayPal and it said this in you know kind of like what you're talking about, and back in the day you could look at the domain name and you could see like a number in there or something that wasn't right, just, but it was legit the whole thing. I sent it to Canva and they're like thank you for sending this. We're trying to track these down because they're using these fake PayPal invoices through Canva. So it looks like it came from Canva. But what can you tell your team? Like there's only so much you can tell them and somebody's just going to accidentally click something that looks legit and then boom, your whole company is exposed.
Speaker 2:Yeah, yeah. So you're, you know you're kind of crossing into the territory where you're going to have to have an expert, You're going to have to have a piece of software that that can, that can lock this kind of stuff down. And there's, there's some really great software out there that can create what we call a white list. A blacklist is not so good because the blacklist will say you know, stop this specific thing. That's what a blacklist, right, stop this. A whitelist is the opposite. It's block everything, only allow these things. Right, this is all that can run.
Speaker 2:So we have a software that we load instantly when we come into a client situation. That is a whitelist. It only allows and, and that whitelist includes the launching of the very particular files like executables and word documents, and it, it, it creates that list, it knows what that, what those things should. That should be allowed to run. So that's a. That's a big help because, yes, you're right, You're going to, people are going to click on that stuff.
Speaker 2:And so, having some of these more sophisticated tools, the new version of antivirus or what's replacing antivirus and has for a while now, is called EDR, which is endpoint detection and response. So we want something, like I said earlier, that's watching behaviors of the software. That's watching behaviors of the software. It knows how a software should behave. It knows what directories it normally gets into and saves files to. So if it starts seeing that piece of software misbehave and do something, it can shut that down immediately. And these softwares are not super expensive. When you work with an expert like me or other guys like me because they're bulk buying these, they're bulk buying them right, and that's the whole point is getting with an expert that's got access to this kind of stuff and bringing some of those enterprise-level technologies down to the small to medium-sized business level.
Speaker 1:I meant to ask this earlier and I know is it a risk or reward. But about the two-factor authentication, I know for a lot of business owners they see that like that absorbs so much of my time. Right, but the risk is okay, you don't do it and you're putting your, but is there anything out there that can help them? You know, because if you did that with QuickBooks, you did it with emails, you did it with all these different softwares. You're going to be on your phone all day. Is there a hack that someone knows? That software that says yep, yep, yep? Because that's the biggest complaint I hear from business owners.
Speaker 2:Yeah, yeah, so there's a great technology that's baked into a lot of your more commercial-grade cybersecurity firewalls and some different things. That's called single sign-on. So what you do is you're creating a safe space through API, through secure communication and encryption keys. It's almost like you're pre-logging in to QuickBooks and all the different softwares you need to do, and it's like you pre-log in with these encrypted keys and that safe space has one password and one multi-factor authentication. You know point right. So it's it's kind of like one ring to rule them all.
Speaker 2:If you're a, if you're a Tolkien fan, that's a little helping all the nerds out there. I'm raising my hand as a nerd, so you just called yourself out. Yeah, so it's basically you click on that single sign-on window and inside that we have loaded all of those cloud applications and places that would normally require that. But since we've digitally used keys to kind of pre-sign into that safe space, then there's only the one right Single sign-on. So it takes a little bit of work to set it up, but it's worth it kind of in the long run. Does that kind of make?
Speaker 1:sense. Yeah, no, that's perfect. And then I've got a question. So the ransomware you were talking about, where they take your data for ransom, what is a company to do? Do they? Should they immediately run to you first? Do they call the FBI? I mean, what do they do once their data has been compromised and they can't get it?
Speaker 2:Yeah Well, probably the first thing that I would recommend that companies do if they been hit is to call their insurance company their insurance company. Usually there's a cybersecurity element to that. I hope there is. If there's not, you need to be talking to your insurance company. And if you need a good insurance guy, I've got a couple that are great. We make no money on cybersecurity insurance. It's actually against the law because we're not agents. We're not insurance agents.
Speaker 1:So you're recommending people, if they don't have it or don't know, go get some cybersecurity insurance, go get some.
Speaker 2:Yeah, and the kind you get is a big deal. Because a lot of times in the fine print, these insurance companies are requiring you to do multi-factor authentication. You better have EDR loaded, you better have a whitelist type program, you better have a yearly penetration test done on your network and if you don't, so sorry, we're not going to pay your claim. So this is the other thing we run across is nobody's looking at these policies. So this is the other thing we run across is nobody's looking at these policies. They think that they've got, they're covered, and it turns out they're not covered because they're not doing these things. That the insurance company, yeah, which it makes sense from their side, right, it's like well, otherwise it's just Russian roulette. If you don't do this, it's just a matter of time You're going to get hacked. But if you're not doing those things, you're throwing your money away at the insurance company. So if, if, if you have cybersecurity insurance or you have insurance you call them A lot of the insurance have a cybersecurity response or an incident response team that they've already made. They're going to be. The insurance is going to be paying this claim. The insurance is going to be paying this claim. So they've already engaged a remediation team and an incident response team company to do that. The second call would be to a guy like me. If you don't have one, you can call me. But if you've already got a guy, call him, of course, immediately. What you don't want him to do is go in there and kind of blunder and mess everything up because you need him to. If you do have a remediation team, they're going to want to get in and look at things. And this is where having a solid backup and disaster recovery plan is absolutely. You got to have that.
Speaker 2:So with all my clients, backup is like the flip side of the coin to your cybersecurity. Right, if you get hit, if you've got a solid backup, then you can just restore from that backup and you're good to go. And this is why you need an immutable backup, because hackers know that if they don't get to your backup and corrupt that backup, then they know you're just going to restore from that backup, so they're not stupid. This is the other reason why they don't immediately ransomware your whole network. They're going to try to find your backup and corrupt that and then ransomware you because then you've got nothing to restore from. So an immutable backup is a backup that backs up offsite and then that connection connection is severed and that file that gets written. It can't be written over, it can be read by you but it can't be re, it can't be written to, it's immutable. So, um, it's basically kind of hacker proof.
Speaker 2:And then we always pair that with understanding from the client's perspective. How old can that backup be? Right? Because if it's a backup that, say, you know from last month that may, you've got 30 days maybe of data that you lost and I don't know what it will take you to reenter all that data. Maybe you can, but maybe if it's all in the cloud, you don't have any paper to reenter it from. So a recovery point in time is important to establish and a recovery time objective too right. If you're an architect and you get hit and you've got a bunch of AutoCAD files that are huge and massive, that run on big servers, but your server is ransomwared, it's going to take some time to wipe that server and reload all the stuff on there. So that's. The other thing is how quickly do you need to be back up? What's the recovery time objective? So I've got lots of great little stories that I can tell.
Speaker 1:Yeah, I bet we're unfortunately about out of time, but I do have another question, because another big thing is I heard a business owner not too long ago say I should be fine, all my stuff's in the cloud. So in other words, I think they were saying, all my stuff's on Google Drive Is, in other words, I think they were saying, all my stuff's on Google Drive. Is that just as vulnerable as your computer? Absolutely Okay.
Speaker 2:Yeah, and this is a misconception with a lot of people is they think that Office 365 or Google is backed up. It's not. It's redundant, meaning there's copies of your data that are being replicated, your data that are being replicated. But if I'm a hacker, I can corrupt that data and all Microsoft sees is that the data changed. It changed so they replicated across all their servers. It's not a backup. It's like it's a live copy in case they lose a data center. If your Dallas Microsoft data center goes down, no problem. They've got a Chicago one that they just switch you over to instantaneously. You don't even know and you know your, your live copy of your data is there, but it's because it's. It's been copying back and forth. So, as a hacker, I just need to. I just need to ransomware your OneDrive. There's no backup.
Speaker 1:Wow. Well, I know you've piqued the interest of a lot of listeners. I know you have me, so where's the best place to follow you to learn more?
Speaker 2:Yeah, so I'm on LinkedIn. You can look me up, josh Cochran. Our website is wwwdiversecticom, and that's diverse, just like the word diverse and CTI like computer telephone integration or internet or whatever you want to throw in there. But yeah, diversecticom is a great place to go and, yeah, you can fill out any information there. We're happy to do. We have a free cybersecurity assessment tool. It's absolutely free, it's extremely powerful and I already bought it. I get tons of uses of it. So I love helping entrepreneurs and that's just a free tool. And if you need me, great. If you don't need me, no problem. I'm not interested in trying to sell you something that you don't need. I love being with other entrepreneurs and hearing their story. It's why I'm here with you today. This is a blast. So if you need me, great. If you don't, either way, I'd love to get you an assessment so you know where you're at.
Speaker 1:Well, I want to encourage our listeners to go to your website, because on your blog you've got a very active I mean like every day or two you're putting more content up there. So for people that want to learn more, I encourage them to go to your website and check out your blog as well and follow you on LinkedIn. So I end up with one last question, and so if you're in a room full of entrepreneurs, different businesses, different sizes, seasons of business, what is something applicable for all of them? So it could be a book they need to read, or maybe a tip or a trick or a quote, something you've learned, what's something that would be applicable to all of them?
Speaker 2:Man. My favorite thing to share with people probably takes too long to go into, but there's a small. It's Kenneth Blanchard's One Minute Manager, and I love that. He basically breaks down how to go in and manage anybody for any task and he breaks it down to either you are giving them support or you're giving them direction, or you're giving them both support and direction. And so he's got a great method where you ask very simple questions.
Speaker 2:You're listening to see what stage they're in. Are they in stage one, two, three or four? Stage one is you don't know what you don't know and in that stage you need to give them high direction and low support. In stage two, you now know what you don't know and you need to give them high support and high direction. In stage three, you know what you know. You're kind of consciously competent, so you give them high support but low direction. And the final one is stage four, or style four.
Speaker 2:You manage them. They're like a Jedi master. They're unconsciously competent. They don't know what they know. They've been doing it so long they don't have to think about it, so you'd manage that person low support, low direction. So I find that that right there gives people a framework to come and ask their.
Speaker 2:I tell them I train my people on all of this. When they come to me they'll be like I'm S2. And that tells me they need high support and high direction. Right, because they've already done the work for me. Like they've diagnosed themselves. They know exactly. And here's the problem If you're managing someone and they're an S3, they're consciously competent, they just need more support, you know. Like they don't need to be told how to do it. They just hey, what was the cost of that thing? Again, they don't need to know where to go get it. But if you don't know that and you're managing them with high direction like okay, open your browser, you're going to go to this site they get mad, they get frustrated because you're telling them how to do the job. They already know that. Telling them how to do the job, they already know that. So that is such an awesome framework to to work with people in, because it gets you right what they need and everybody's happy.
Speaker 1:That's sound advice and that has not been shared on our podcast and I know for those people that are aware of that book.
Speaker 2:it's a book, right? Yeah, there's a whole series. It does a lot of different stuff, but yeah.
Speaker 1:Yeah, for those that are aware of it, aware of it, they're probably going a business coach. Never heard of that. Well, there's so much good information out there we can't know it all. That'd be like knowing the entire tax code. It's impossible, so, but that's a new one to me, so I appreciate it. I'll put that in the show notes for people to find. Josh, you've been a blessing to many and a wealth of information. I appreciate your time today and I wish you continued success.
Speaker 2:Thank you. Thank you, Michael. Thanks for having me on.
Speaker 1:I've enjoyed it, my pleasure. Thank you for listening to Small Business Pivots. This podcast is created and produced by my company, boss. Our business is growing yours. Boss offers flexible business loans with business coaching support. Apply in minutes and get approved and funded in as little as 24. To need help growing your business, email me at Michael at Michael D Morrisoncom. We'll see you next time on small business pivots.
