Getting to the Bottom Line: Conversations to help business owners maximize revenue, profit, and cash flow
Whether you're looking to boost your profits or simply gain a clearer understanding what drives business success, "Getting to the Bottom Line" is your ultimate guide to unlocking the strategies and secrets behind sustainable growth and the financial freedom you deserve. Tune in and discover how to turn your business goals into tangible results, one insightful conversation at a time.
Getting to the Bottom Line: Conversations to help business owners maximize revenue, profit, and cash flow
Avoiding Costly Cyber Mistakes in Your Business with Justin Kane
In today’s digital world, cybersecurity isn’t just for big corporations—small businesses are now prime targets for hackers, phishing scams, and data breaches. In this episode of Getting to the Bottom Line, I sit down with Justin Kane, CEO of DoubleChecked, to discuss the most common cybersecurity mistakes business owners make and how to protect your business, data, and reputation.
From multi-factor authentication (MFA) and password management to cyber insurance policies and phishing scams, we break down simple, cost-effective strategies that every business owner can implement to reduce risk and prevent costly cyber attacks. Learn how to spot security threats, safeguard your business from online fraud, and ensure that your cyber insurance policy actually pays out when you need it most.
If you’re a business owner looking to strengthen your cybersecurity without breaking the bank, this episode is packed with practical advice you can implement today. Don’t wait until it’s too late—protect your business now!
Learn more about Justin online: https://doublechecked.com/
We want to hear from you! Send us a message.
---
My name is Stephanie Smith, owner of New Light Financial Solutions, and we help business owners walk the one clear path to generating more cash in their business. To learn more, visit us online at https://newlightfs.com/
Sign up for our newsletter for more great tips on how to keep the cash flowing in your business: https://newlightfs.com/newsletter/
Need help generating more cash in your business? Book a right fit call with us today: https://newlightfs.com/rightfit
Hey everyone, welcome to another episode of Getting to the Bottom Line, where I'm your host, stephanie Smith, owner of New Light Financial Solutions, where we help business owners walk the one clear path to generating more cash in their business, and we do this specifically by looking at 16 drivers of revenue, profit and cash flow. But behind every driver there's a driver of the driver, and those things all impact our bottom line, which is why I have this show, getting to the Bottom Line, to put into perspective the different things that impact your revenue, profit and your cash flow, and I'm excited to have with me today on the show Justin. Justin, can you introduce yourself for everyone?
Speaker 2:Yeah, absolutely Thanks, Stephanie. So Justin Cain, owner and CEO of DoubleCheck Cybersecurity. We're a cybersecurity firm that specializes in supporting the small and medium business market, specifically just trying to keep our customers safe from the ever-evolving, daily changing cybersecurity landscape. So it's a lot of fun.
Speaker 1:That is so important, as we all move online right in this space. So I want to start by asking just how did you get into what you do?
Speaker 2:Oh man, really it was just kind of an evolving thing. I started my career basically at the bottom of the tech totem pole, if you will, you know tier one, just helping people reset their passwords and fixing their computers, and, you know, really worked my way all the way up. For the last 10 years or so I was actually part owner of a IT company what you would call an MSP for about 65 clients across the United States Decided that I didn't for me. I needed to do something else, really wanted to focus on the cybersecurity aspect rather than the IT side of things, which we can talk about a little bit later and decided to start Double Checked. So you know, the world has evolved. Cybersecurity has certainly evolved. It has really evolved more into a cybersecurity side of things, and so my career just kind of went there. You know my path took me there with the evolution of technology.
Speaker 1:That makes complete sense because everything's online these days. I will say that I've worked in many corporate jobs and I've been that person needing help resetting the password, and nowadays it's been a lot of like are we allowed to use AI and what happens to our data when it's out there and has anybody even asked about it? Or should we allowed to use AI? And what happens to our data when it's out there and has anybody even asked about it, or should we just do it anyway? And, of course, they're all questions that are very valid because we want to protect our information and our customers' information and everything. So I'm excited to have this conversation because I'm sure there are impacts to people's bottom line depending on what happens as the outcome of how we use technology these days.
Speaker 1:Absolutely so tell me what is it that you do for your clients?
Speaker 2:Absolutely so. We have a suite of solutions, basically, that we deploy to help protect our clients. Our goal is really to help our clients do something. Okay, and by that I really mean that there's so many businesses out there that are just doing nothing to protect themselves, and that often stems from mostly our clients thinking that they're not a target, mostly our clients thinking that they're not a target right, that they're too small or they don't have any sensitive data or whatever it is. So I'm okay, I'm not going to get hacked, and that's just not.
Speaker 2:Unfortunately, that's not the truth out there, especially today. You know the larger companies, the big corporations, they all have protections in place at this point. They have teams, you know, for cybersecurity to make sure that their systems are protected and their clients data. And unfortunately, you're even still seeing news articles saying that you know, xyz was hacked or you've gotten the email notification from a provider saying, hey, your data may have been leaked or whatever it is. And so if that's happening to the big guys, it's absolutely happening to the small and medium-sized customers, which is who we focus on, providing a cost-effective solution that our clients can actually afford to do something, and that's really what we focus on.
Speaker 2:You know there's unfortunately so many solutions out there and so many vendors. You know cybersecurity providers out there that as soon as you tag the word security or cybersecurity to some sort of solution, they start charging thousands and thousands of dollars a month. And our client base thousands and thousands of dollars a month and our client base maybe they can afford it, but they shouldn't have to. And so we put together a solution that is effective. It's cost effective for them Anywhere from $15 to $30 a month per employee is really where we live. From $15 to $30 a month per employee is really where we live which is super cost effective.
Speaker 2:I would say we're one of the cheaper solutions on the market. But we really wanted them to be able to do something and then, at the end of the day, get them prepared to be, I like to say, properly underwritten, for a cyber insurance policy is what we're also getting them prepared for. You can get a policy today, but all that fine print will say, if you're not doing this or you're not doing that, that you're not actually going to get a payout. So we help them prepare for all of those little fine print details so that, in the event something happens, they actually will get a payout from their policy. So that's where we're at.
Speaker 1:I have gotten many letters in the mail. Fill in the blank company I've never heard of, or I must have done something with my data at some point in time and it's been leaked. So it's definitely more often than it has been in the past. So I'm glad that you're helping people with that, and it's interesting to hear that you help with the insurance policies too, because we have insurance for cybersecurity.
Speaker 1:I guilty haven't read it, but I guess I should write and see all the fine print because if something were to ever happen and here I am putting this out on the internet like I need to get in check with that- but we've seen it too.
Speaker 2:We've seen it too often. You know. Everybody thinks, oh, my policy is fine, they gave me a policy, you know. But unfortunately insurance companies game is to not pay. That's how they make money. So you know, we try to help navigate that and just say look, you know you've got a good policy, but if you don't implement these things and you know they're not going to pay out, so it's a crazy, crazy world.
Speaker 1:So you actually review people's policies and then tell them.
Speaker 2:We can you know now, we're not a cyber, we're not an insurance broker.
Speaker 2:So, you know we can only give unofficial advice, but we do work closely with a couple brokers as well that we can send the policy to just to get a final opinion on. And then obviously we can also help them get a policy if they don't currently have one. You know, and our brokers that we work with know that if we send one of our clients to them, they know that they've gone through our program, they have our solutions in place. So it helps lower premiums, it helps get them again, it gets helped get them underwritten, which is getting harder and harder today as well. So we can absolutely help with all of that.
Speaker 1:That's awesome, yeah. So I have to ask what's one of the biggest mistakes that you see business owners make in this area?
Speaker 2:Oh man, it's it honestly, it's really easy and it's everybody hears it. But if you don't, if you have systems that do not have two factor authentication or multi factor authentication, whatever they decide to call it just turn it on. It doesn't matter what it is. If it supports two factor authentication, turn it on. It doesn't matter what it is If it supports two-factor authentication, turn it on. It's not perfect, there are ways around it, but typically, if you turn it on, it's going to help, right, and that includes social media accounts as well Facebook, snapchat, instagram, whatever. Turn two-factor on, because you know and we can talk about this further but reputation is everything for the small and medium businesses. It's everything. It's how they grow. You know word of mouth, referrals now, where hackers are going after their social media accounts and holding them ransom, saying, hey, we're going to post all these things to you know, derogatory statements and all these things, because we have taken over your social accounts and that can really really hurt the reputation of companies. And so you know, just turn on two-factor authentication. You know there's a lot of people that in my industry they'll be mad for me saying it, but even if it's the text message where you get the six-digit code, just turn it on.
Speaker 2:What we try to do is put as many brick walls in place as possible for our clients so that if someone is coming after them which 99% of attacks are random they're just trying to see can they get in? What? If they can get in, what can they get access to? We're trying to help the 99%. There is a 1% where they're specifically coming after you or specifically coming after your business and you could spend a million dollars today on cybersecurity products or solutions or whatever it is, and if they want in, they're going to get in. But the 99% put the brick walls in place. Multi-factor authentication is a great brick wall. Nine times out of 10, if they hit that multi-factor brick wall, they're going to move on to the next person that doesn't have it in place. So it's a really easy thing to turn on. Most every solution out there supports it now and I would say, if it doesn't support multi-factor authentication.
Speaker 2:Don't use that platform. So that's kind of the simplicity of it. That's one of the biggest mistakes and easiest things that we see to help.
Speaker 1:Oh, and I have to say I'm guilty of hating two-factor authentication. I understand the benefits of it, but, man, it is so annoying.
Speaker 2:Yeah.
Speaker 1:I have some that require you know the authentication app and then if you get logged out of that app or I got a new device it's like all that just disappeared and it just makes it more challenging for me just to log in, no less than anybody else.
Speaker 2:But yeah, absolutely. I will recommend. There's an app called Authy A-U-T-H-Y. If you don't have an app already, use Authy, because if you get a new device, it will actually transfer all of them over to the new device. Some of them out there don't do that and you have to start all over again and it is a real headache. But there's a really good one out there and it's free, so we recommend that for everybody.
Speaker 1:That's good to know, cause I just got a new device and that has happened to me. I've also gotten stuck in the Facebook authentication cause they changed. There's like some code that you had to get within the app. But if you don't have the app and you can't get the code and I know a couple of people that got stuck in that too but regardless, it's very important right. So that's an easy one to do.
Speaker 2:It is. It's really easy, you know. It usually takes two or three minutes to get it set up and again, it's a very effective layer of security.
Speaker 1:I'm surprised you didn't say you know secure passwords.
Speaker 2:So that's an obvious one. But, to be honest with you, you could have the least secure password possible and if you have that multi-factor authentication layer in there, they can't. They can't get past it most of the time. There are ways around it, but most of the time they can't get past it or they're not going to spend the time to get past it, you know. So it's yeah, strong passwords are great. The recommended minimum now is 16 characters long, which is crazy.
Speaker 2:But there are solution, and that's actually part of part of our solution. We provide as well is a password manager, which really really cool. It's really simple to use. It will actually help you generate those ridiculous passwords for you 16 characters, numbers, symbols, all these things to a point where you don't have to remember that password anymore. You don't need the password. It'll help you generate a new one for every single website or system that you use and it's all stored and so you don't have to remember it and it'll help you change your passwords, all that kind of stuff. So it's a really, really nice solution to help you with that problem.
Speaker 1:We have. We use a password manager and it's so nice, yeah, and I don't know what any of my passwords are. That sounds terrible, but it's nice that it's there. It's useful, so I love that. You recommend that too. So I want to know what's the biggest risk that business owners take when not implementing these kind of things?
Speaker 2:Honestly, what we see today is it's the biggest risk, to be honest with you is not the business itself and that's difficult to say, but most businesses can recover from a hack, right, let's say, they get into your email and they do some things and they send out some emails Okay, you can get past that. It's the damage that someone can do to your reputation, damage that someone can do to your reputation, and a lot of times, what we're seeing as well is they may be trying to get into your systems to do damage to the people that you do business with. Okay, so what we're seeing is and the biggest risk is that if someone let's say someone gets into your email system which is the most common thing, it's publicly available. You can sit there most of the time and try and log in over and over and over again, and so if they get into your email system, they have basically unfettered access to anything that they want to get access to, including your customers. They've got your contact list. They can now impersonate you with one of your other customers, try and get money, try and extort one of your other customers, whatever it is. And again, that's where the damage comes in right, because if they can do bad things to your customers, your reputation with that customer base goes down. And if you're dealing with other regulated industries, especially in finance or government, that can do some real damage and really put you behind. And it's an uphill battle really to fight to get that reputation back. You know, and especially in government or regulated industries medicals, another one, obviously with HIPAA it can be really bad and it can be really really hard to recover from financially or just clients not wanting to do business with you anymore, you know, and maybe losing a large contract because of it. So that's the biggest risk that we're seeing, you know, let alone just the financial damage that happens. You know, obviously, your podcast and talking about the bottom line, you know we've seen we've seen people get in and do real damage to the tune of three quarters of a million dollars gone, poof, into thin air, right, you know, and a lot of people have heard. You know wire transactions, you know, are a huge thing to be concerned about. You know we've again we've seen wire transactions that if it happens that money is gone, banks are getting better about it. They're getting better about catching these things and they're putting more solutions in place to be able to reverse some of these transactions before real damage happens, happens a lot.
Speaker 2:You know we have a, not one of our clients, but through the grapevine there was a architectural firm that got into some trouble with a wire transfer. The CEO was out of town and the front office manager got an email from the CEO saying hey, you know, I need to do a transfer for some property that we're buying or whatever it was. And this wasn't uncommon for them, you know, to do these types of transactions. And essentially the front office manager said, okay, no problem, I'll do it, did a wire transfer for $250,000. The bank actually caught it and said, hey, this seems strange. Called the manager and said this just seems a little strange. And she's like well, the CEO, you know, asked me to do it. You know, I verified it. You know I sent him an email back just clarifying and the bank said OK, well, if you want to do this, we actually need you to come down in person and validate the transaction, approve the transaction. And so she did.
Speaker 2:And this was all a fake thing. Someone had gotten into their email system, impersonated the CEO and that money was gone. And $250,000 to a small architectural firm, you know, development company. That's detrimental. I mean, if you want to talk about bottom line, that money is gone and the bank said we're sorry you came down and approved it in person, there's nothing we can do for you. You know now they didn't have cyber insurance and there's some questionable things with cyber insurance that they might not have paid either. But you know, you got to be careful with these things. Pick up the phone. Hey, did you? Do you really want me to do this? I don't care if the CEO is on vacation or not. If you're talking about wire transfers, just ask, just validate the information.
Speaker 1:That is so sad that I want to. I always want to be like don't people have better things to do with their time than to try to do this to people? Because I volunteer at a nonprofit and as a CFO.
Speaker 1:I was a CFO at a time and I'd get those emails that was like, hey, new president wants you to send him money, and here's, and you know, we want you to give us the money. And I actually engaged with one of these people and I was like, sure, why not send me your bank account information? And they sent me their bank account information. Um, and I, I'm a good person, right. I wanted to be like let me go, like pay all my bills with your bank account information.
Speaker 1:But, um, I actually called the bank and I was like this person had you know, is trying to scam me out of money in the bank basically said there's nothing we can do about it so what are you going to do? And it's just having to be so careful and it's hard. I feel like it's hard. You have to be diligent about everything these days. Yeah.
Speaker 2:And that's part of the solutions we put in place, right? So we attach to your email platforms and we look our AI. So we have AI built into our solution that looks at every single email that's going in and out of your systems and we're looking for things like that. We're looking for impersonation. We're looking for things out of the normal for impersonation. We're looking for things out of the normal. You know, everybody's heard today of phishing emails. Right, our system looks for those phishing emails to the point where, if it has a link in the email, our system will actually, in the background, click that link and say what is it doing? Is it trying to get you to log into Google? But that's not a Google domain name, right? Well, that's clearly a phishing email. We're going to strip that out of the mailbox, out of your email box, and you're never going to see it. You're not going to have the chance to click on those bad things and provide your credentials. So we do a lot surrounding email to try and help protect from those types of scenarios where, you know, take the risk away from the employee. Basically, just try not to let it happen. And then we also do security awareness training. We send videos either really really short videos, but it's trying to keep our clients up to date on the new ways that things are happening, the new ways that these hackers are trying to get in, and you know some scenario type solutions to say, hey, like, just be aware, just be aware that these things are happening, and then we also are. We will also send phishing emails to our clients. They're harmless from us, obviously, but we're tracking.
Speaker 2:Did Susie click on the link in the email that we sent? If she did, did she put credentials into that link? And if she did, it's okay. But we're going to send Susie back and assume additional training, saying this is why you shouldn't have done this. But also, we build a risk profile for every employee. So if Susie clicks on it one time, okay, that's all right. But if Susie has clicked on three of the phishing emails we've sent, susie is now a high risk employee and that's no longer a technology conversation. That's a business conversation at that point where we're going to provide reporting back to the business owner or whoever we're dealing with our POC and say, hey, you guys need to sit down with Susie and say you got to learn or you got to go, because Susie could be the one to compromise your organization, and it's as simple as that.
Speaker 1:I love that you include training, because I think a lot of it is you just don't know. You don't know what you don't know and we, I think, as humans, you give people the benefit of the doubt, like you think everything's legitimate. You're not. Not. Everyone's looking at the world through that eye of like everyone's trying out to get me. So I like that and I love that. The risk profiles, because it can be that one person over and over again and they might need some additional support to realize not to do that. And while it's not business related, it just makes me feel so sad for the older generation, right, and they don't, they just don't know at all and they're having the same thing happen to them.
Speaker 2:But you'd be surprised, though it's funny, because when we send out those phishing, we call it a phishing campaign.
Speaker 2:So when we send out those phishing campaigns, nine times out of 10, the person that clicks on the phishing campaign is the person that hired us in.
Speaker 2:And while that's great, you know and it's not just the older generation, you know, I think it's it's not funny and I hate to use the word ingenious, but but it really is the new. The newest way that that these people are tricking people is you're going to get a phishing email and you're going to clearly know it's a phishing email. You know it's going to have all the signs of a phishing email, but they have started including a button in the email that says report phishing email, and that button is the bad link, right? So it tries to get you to sign into your Google account or your Microsoft account or whatever it is, you know, to report this email, when in reality, that that's the bad link and it's they're getting very sophisticated in the way that they're trying to get this done. So it's not just the older generation. You know they're getting smarter generation. You know they're getting smarter. They're using AI, just like we are, if not more, unfortunately, to really get smart and try and trick people into doing these bad things.
Speaker 1:That's crazy. Yeah, that's so crazy. I can see why you would click the link. In general you just hope you think it's a link maybe Google put in place right, Like they're always updating stuff, but it's not. So that's back to like you don't know what you don't know and you need someone to help you navigate this world. So exactly. This has been a great conversation. I would love to know, like if anyone watching or listening wants to get started doing something in this area, what would you recommend how they get started?
Speaker 2:Uh, as far as the business getting started, or somebody yeah.
Speaker 2:Um a contact us, um or or contact someone. Um, you know, the biggest thing is is this is changing this. This is changing by the day Uh, I've told some other people by the hour, but realistically, it's changing by the day. You need someone that is keeping up with the way things are happening, um with with the way that these hack hackers are getting into systems and and really the newest, newest solutions out on the market. Right, it? It's what keeps us busy.
Speaker 2:We are constantly vetting new solutions out there, new ways to protect our customers, you know, and there are thousands of them at this point, you know, and so you really need somebody that is in the day-to-day of what's happening and how to do this properly. Just contact someone with real knowledge. Don't rely on Joe Schmo IT person, who says that they can do it. You need somebody that has experience, and that's why I mentioned earlier, right, we are specifically focused on the cybersecurity aspect. We want to do one thing and we want to do it really well. We have to do it really well. It is, it's our business, right? You know, some IT companies what you would call an MSP are also acting in our space and what we would be called is an MSSP, so a managed security solutions provider where an MSP is a managed solutions provider, which typically focuses on the IT side of things my computer's broken, my mouse doesn't work, I can't get into my email, whatever it is where the MSSPs are focusing only on the cybersecurity side of things. You really need somebody that's focusing on that space In order to keep up, in order to make sure that you're doing the right thing, that you have the right solutions in place.
Speaker 2:You have to have somebody with the experience and the team to really focus on this. So that's my number one advice to really focus on this. So that's my number one advice Just make sure that whoever you're dealing with has the knowledge to support what they're doing. And then the other thing is educate yourself as well. There are a ton of articles out there, there's a ton of really great resources, and then, obviously, you know, with us and our security awareness training, just educate yourself. That is the number one thing I can recommend.
Speaker 2:If you know how to protect your business and what it takes to protect your business, it just helps you all around. So we can definitely help with that, you know, just don't get caught up in all of the hype either. Unfortunately, I think there's a lot of vendors out there that have created solutions to problems that may not have actually existed, which happens to just try and get you to buy products. You know there's a lot of hype out there around. You need this, you need that. It's really why we've built our package and our solutions. The way that we have to cut through some of the what our industry would call vaporware you know those things that don't really do anything for you we put together some really heavy hitting solutions that really make an impact on your business.
Speaker 1:I love all that and I have to say, you know, as a business owner, we all have shiny object syndrome, right? So knowing the right thing to focus on just getting started and educating yourself even the space that I'm in it's a lot of that, right, like you. Just you have to start somewhere. Yeah, turn on your two factor authentication Good place to start, I would say. My one of my biggest takeaways from this conversation has been so good is being cautious about what tools you use if they don't have that second factor authentication. I'm pretty sure I have a ton of software right which ones that I use that don't use that feature and then maybe being cautious about that and being more intentional about how we're engaging with the online world.
Speaker 2:So I think one of the biggest things right now, happening literally today, is this DeepSeek platform, which is the new chat GPT. But it's put out by China and there are so many things that I could tell you about that. But be aware of the platforms that you're using. Be aware of where you're putting your data, especially confidential data, but just any data about your business. Be careful where you're putting it. Be careful what information you're letting leak out on the internet. The dark web is also a real thing. It does exist where people are out there selling and buying information about you, about your business, for pennies, 25 cents, you can go buy someone's password right now on the dark web and we have solutions that monitor that and try to help. But you know, just be careful. Don't put your data into something that you don't know, especially confidential data. But you know, this AI boom is fantastic. It's helping a lot of people. I use it on a daily basis. I've got a window right over here with chat GPT up right now.
Speaker 2:You're putting in it, and know where the platform is coming from is the biggest thing. Know what they and also know what rights they have to the data that you're providing to them. Can they sell it? Can they use it for their own information? Does it belong to someone who owns the data that you're providing as well? We've seen that too often as well. Quickbooks is a big one. You own your data in QuickBooks, but have you tried getting your data out of it or your customer's data out of it? It's very, very hard. You can do some stuff with Excel and export some Excel sheets and P&L and things like that, but just be careful where you're putting your data and who owns it and how easy is it to get it back.
Speaker 1:So many things. So, many things, but I can tell you're super passionate about this.
Speaker 2:I am.
Speaker 1:If someone wanted to work with you or get started getting a solution to help their business with you, where is the best place for them to find you?
Speaker 2:Yeah, our website is the easiest doublecheckedcom. Our contact info is on there. You can always email us at info at doublecheckedcom as well, or give us a call. So we're we're available, our team is ready and we can do a lot for you. So we're available, our team is ready and we can do a lot for you. We can also run a free assessment, a risk assessment, just to see what's out there and are your passwords on the dark web right now. So we can do that for you at no cost and just see what's out there.
Speaker 1:I love that. Everyone needs to go Find you online, connect with you I'm sure you have content out there as well and learn and get started in this space, because it's not going backwards. It is not we're only headed more into this direction.
Speaker 1:So, if you're interested in finding more about me, you can find me online at newlightfscom as well, but I just wanted to say thank you so much for coming on the show with me today and having this conversation. I think it's really important and I think we need more education around this, just in general.
Speaker 2:So of course, no problem, stephanie, I've enjoyed it.
Speaker 1:Awesome. Thank you so much. That's it for this episode of Getting to the Bottom Line. I hope you all join me again next time. Bye, everyone.
