UnHacked

Welcome everybody to episode 11 of unhacked. As always, I'm sitting here with my good friends, Mario and Brian. You guys wanna take a second to introduce yourself? Mario, you wanna start?

Yeah. Mario Zaki, Mastech IT. We are located in the New York, New Jersey area.

Hey, everybody. Bryan Lachapelle with Be4 Networks located in beautiful Ontario, Canada.

And again, I'm Justin Shelly and with, Phoenix IT Advisors, formerly Master Computing. Listen, the point of this podcast is it's it's just kind of personal frustration of mine. I think you guys share it, that it's really hard to get inside information on actual breaches. And that's really how we should be learning, on how to prevent them. We're in the in the business of preventing them.

Although, as we were talking about before, we could probably make more money if we didn't prevent them. Guys, take our advice because if you have to pay us to fix stuff, it's way more expensive. And that's kind of where the title of this came from. You really can't completely fix that. You know, if you really get hit hard, you don't fully come back.

You cannot get unhacked. It's an intentional misnomer, the title of this podcast. So, today, we're gonna shift gears a little bit since it's so hard to find this inside information. We're gonna draw from our own personal experiences. Now this can be dicey.

Right? We we don't like to I mean, this is the whole problem. Right? We don't like to get caught with our pants down. We don't want to admit that on our watch, something bad happened.

And not only that, our clients or, you know, whoever we're consulting with, they don't want people to know about it. This whole thing is kind of a hush-hush. So, we'll redact some information. We'll do this, in a way that protects the innocent as best we can and still gives as much real information so that we can all learn from it. I mean, I think I think that's it.

Why don't we, why don't we just jump right in? Mario, I think I told you I was gonna let you go first today. You you've dealt with in in your history some sort of a breach. You wanna tell us about it?

Yeah. So, about 10 years ago, I had a client, and they, you know, I at the time, it was before the whole ransomware and cryptocurrency really emerged. You know, it was something you kind of heard about, but it wasn't, a daily thing. It wasn't a household name as it is, you know, at least in our kinds of homes. But, you know, we at the time, we thought we were doing everything right.

We had, you know, antivirus on all the computers. You know, the server was protected. We had a, you know, backup on the server. It was backing up to a local, hard drive, and it was, I think, doing about 2 times, 3 times a day, a backup. Now they this was a critical, company.

You know, they, I I don't really wanna say the industry, you know, because I don't want it to be backtracked to anything. But they were, at the time, I think, like, a 12 user office. And, one day, you know, we get a call, and, it was like one of the users can't open up any of their software. You know? They were using QuickBooks and some other software, and they're like, nothing is opening.

We can't even open up, documents out of the network drive. And I wasn't even able to remote into them. So I was like, that's something. That's weird. Alright.

Let me come over. I'll I'll be there in about 20 minutes. So we'll go over there, and I realized that I, you know, go to the server and all the information, all the files on there had an a weird extension at the end of the the file name. And looking around, I realized that the source of the computer, somebody clicked on a a link or opened up an attachment and, essentially encrypted his computer and everything attached to that computer. And on their desktop, there was a file, you know, a, I think it was a notepad that was pretty much saying your data was encrypted.

You know, in order to gain access, you have to go to this site and send, I don't remember how much it was at the time. I think it was something like around, I think $10,000, you know, to, using Bitcoin. And at that time, I didn't even know what Bitcoin was. I'm like, what the, you know, what the hell is this? So I ended up going to the server and I'm like, you know, I ended up telling him, I I think we we're gonna have to format your computer.

I think you downloaded something. And, let me see what I can do on the server to get everybody else. So Ended up going to the server. Same thing. Wasn't able to do anything on there.

There was a message on that screen. I went to look at the backup, and I realized, the software the backup software we were using is called a Kronos at the time. It was a very well known it's still very well known backup solution. It was just saying unable to restore. And then when I went to the external drive that was attached, that was backing everything too, it was completely wiped.

And

Like, not encrypted. It was deleted?

It was deleted. It was there was nothing in there whatsoever. That's where panic, you know, set in for me at that point. It was like, fuck. This is at the time, my sorry.

Am I allowed to curse on this thing?

Oh, absolutely. I swear I'm a sailor. It doesn't matter how hard I try. I can't filter that shit out.

At the time, they were actually, they were my first customer. As a one man shop, they were actually my first customer, and they were one of my bigger ones at that time. And I just, I didn't know what, how to go back and tell them, you know, like, listen, I can't restore. I don't know that there's, I can't open up anything. And it's like, you know, word documents, Excel documents, QuickBooks files, no matter what it was, even pictures on the computer, on, on there, they did have some pictures.

You couldn't open up anything. And, you know, at that point, I, you know, I panicked. And, I think I called, like, a couple people. I call I knew a data recovery company in South Jersey, which was about a 2 hour drive from me. I literally unplugged their hard drive, and I ended up driving down there and it was like walking into the emergency room.

Like, you know, like when you w with a baby or like somebody you're walking in and you're like, I call them ahead. I'm like, I will be there. You know, like, whatever time it was. And I need this fixed. I will pay whatever, it is for you to stop whatever else you're working on to take care of this.

At that time, they actually have that service. It's called, like, express, you know, service. So I walked in with a hard drive. I'm like, please save this because

Can I ask real quick what that cost you as a service provider? What do you remember? And this was 10 years ago, by the way.

This was a at the time, I think it cost me maybe $5,000.

Which, I mean, in today's money, we're talking 20. Right? I mean, things are about 4 times what they were 10 years ago.

Yeah. And So You know what? The thing is you're you're you know? Now this customer, was not only my first and biggest customer at the time, but he was also a really good friend of mine. You know?

This is a guy

Okay.

That, was at my wedding. You know? He, he's, you know, at the time, and since then has referred me a lot of, you know, people. So he was a friend of mine. I didn't want and I knew if I couldn't get this back for him, he would probably have to shut down, and I didn't want that to happen.

So I ended up walking in there. I'm like, fix whatever you can. Like, you know, he's like and, obviously, as you know, like, these guys, like, tell you, like, can't guarantee you, you know, anything will come out of this. So it really is it was like an emergency room. I handed it to him.

And he's like, alright. I'll work on this now. Do you wanna come back or wait? I'm like, I'll wait. I'll be sitting here, you know, in your waiting room.

He did have, like, a, like, couple seats, and I just sat there and waited and waited. Luckily, he was able to recover. Now I don't know at the I don't remember why now, but at the time he told me, he was like, I can't get anything, beyond, like, the within the last 2 weeks. So they did lose 2 works 2 weeks worth of data, but it wasn't everything. So we were able to they were able to recover it, recover everything except for the final 2 weeks.

They they he was able to put everything back on there. Now this was the the Kronos backup. So at that time, he you know, this was the drive. So he was able to restore the backups onto another drive. We ended up I ended up bringing back the drive and, you know, putting into the server, able to restore the server.

Now this whole thing you this whole process so far, you know, bringing everything back and stuff, this has been, like, 2, 3 days now. We were able to get them recovered. I wiped his computer and make sure everybody was was good. He was back he was back up except those last 2 weeks. He calls me 2 days later.

He says the same thing happened again. Oh, shit. Everything was wiped. Now luckily, at that point, the the drive that the the recovery company had gave me was not the drive that I put back in because they gave it to me on, like, a flash drive, where these server we were using full disk. So I had that data, so I was able to restore, and we ended up obviously going into lockdown mode even more, different antiviruses and you know, changing routers and all that stuff.

So we you know, since then, knock on wood, you know, it's been good. But, you know, we it was a cause that we had to pivot. You know? We no longer I think at the time, we were using, like, AVAS free antivirus and stuff like that. Because 10 years ago, we there wasn't That was

what we used.

Yeah. Yeah. It wasn't like how it is now.

So do you know, like, were you able to get good information on how this actually happened, how they got in, how they got in again the second time?

Or do

you just lock everything down and you do really don't know how it happened?

So the first time, I I I'm pretty sure it was through an email that he clicked on because he told me he clicked on something. And after that, it just started flashing, and it it was weird. So it was through an email. The second time, it it's it it it it's still to this day. Sometimes when you restore, certain things, you know, from a backup, if you're not fixing the the initial issue or scanning it afterwards, they're able to get back in.

So

Right.

When we restored the second time, I restored, critical critical folders and files. I didn't restore his whole thing. I because I had a feeling it was I was restoring the same thing, so I just restored, like, his QuickBooks files, you know, you know, documents and stuff like that. And then we ended up I ended up scanning it and and, you know, deleting anything that just did not look like it was right. But at the time I wasn't a 100% sure it was gonna come back and or or the exact cause he or way he can't.

For all I know, he could have clicked the same thing again, you know, 3 days later. But but I wasn't I wasn't positive.

We'll go with that one.

Yeah. Yeah.

So you're, I mean, let's let's just kind of bring that one home. Your your key takeaway, your lesson learned, your fix. What was it? Oh, you know, how do you you you kind of already said you had to get better antivirus in place. That's a given these days.

Was there any other, like, critical thing you learned in that experience that you still use today?

Yeah. And the the biggest thing I I I would say that I would never not do again is not have a cloud backup in addition to a local backup. You know, because, you know, the way we we do servers, you know, backup servers now is we back it up to a local, cache drive, essentially, because if we have to restore it just faster. But in the event, we can't restore from that. We will have the cloud that will take a little longer because you have to download it, but you know that that's safe.

So I no longer have to walk into an emergency room and and hand them a drive. You know? So so that that was the biggest thing for me.

That's just a sickening feeling. I've had to do that a few times where you just, for whatever reason, the data's not there. Broken rate arrays or whatever, you know, and you've gotta go to recovery. Oh, not a good day. Not a good time at all.

No. So No. Okay. Alright, Brian. I think, Mario is not alone in having to sweat it out a little bit.

What do you got?

Not at all. Yeah. It, also, it happened maybe I don't know, I I say between 7 10 years ago. Memory is a little fuzzy on it, but I got a call from a local business, not not a current client, at the time anyway. And, they, same situation.

Must have clicked on an email, must have must have gotten something into their system, and, they had a server, 5 workstations, and the owner, had been the one who must have clicked on something because it came into his computer. And it was also crypto type virus, which is basically where it encrypts all of the, contents of anything it has access to. And, of course, the owner being the big boss had access to everything, and so, the entire server contents were encrypted. His entire drive was encrypted, But what he was most concerned over was his QuickBooks data. In fact, he was panicked about it because that's where everything was.

His invoices, his work orders, who owed the money, who he owed money to. Right? I mean, everything was tracked there. Without it, he had no clue. Unfortunately, didn't have backups.

I don't know why, and, was just complete panic mode. So when I got on-site, back then, I was actually doing service myself. So when I got on-site, you know, we had some conversations. We took a look at the computer. Sure enough, it was encrypted, and, there was no backups.

There was nothing. There was literally nothing we could do, to help them. Once it was encrypted, it was done. So in this particular case, he opted to pay the ransom, which was, if memory serves right, was somewhere around the neighborhood of $1500 through Bitcoin, of course. And luckily, it worked.

We were able to get a recovery key, but not everything was recoverable. So we were able to get his QuickBooks data back, but some of the other contents of a server, for whatever reason was it it wasn't working. I don't have an explanation as to why, but it just didn't. Yeah. That was the situation.

So, you know, they turned out good news in the end, and the fact that he was able to get back some of his data and his QuickBooks data specifically that he was looking for, but this stuff could happen to anybody and very scary. Well, a

positive I'm hearing is that it only cost $1500 to get it back because, criminal have gotten smarter.

Yeah. Another positive thing that's a steal. Yeah. $1500 is a steal. Yeah.

I mean, nowadays, they probably open up your QuickBooks data, find out how much money you got and charge you a ransom based off of the percentage in your bank account. Right? You're like, hey.

You know, I mean, is

that 20, 30, 40, 50 k?

I I think they do. I I can't confirm that. I've heard they do that. I don't know from personal experience. But, the other thing where you're saying they didn't get everything back, I I do believe that even their software has gotten better over time with the restore because and I've said this before on here.

They do want us to get our information back. They do want good customer service because they want repeat customers. Right. And that's how they look at this. It's disgusting from from our perspective, but this is just business for them.

You know?

Yeah. It's like, hey. This guy, he pays, and we got you know, it's easy to encrypt. Let's do that again later. Yeah.

Or he'll tell his friends that, you know, hey. Yeah. It works. They get their data back so that their Right. Friends get encrypted.

You know, they're they're more apt to pay the criminal.

Yeah. Because if it never worked when you paid, we wouldn't pay. Nobody would pay. So okay. So your, your key lesson learned there was

Well, there's a couple of them. I mean, obviously, we've we've been doing backups at that point in time, but it wouldn't have saved, this particular client even if we were responsible for backups, which we weren't. This is a a a client who just called in out of the blue, but, our prospects called in out of the blue. If we were if we were taking care of them, though, back then, a lot of people were just using a hard drive attached to the server, and that's how it was backed up. And they would, you know, maybe rotate drives, but, you know, a lot of the times, it was in the customer's hands to rotate drives, and they wouldn't do it or they would, you know, they would delay or, you know, maybe Mary, who's taking care of the backups, would would be on vacation for a week or 2, and maybe they Or

they're faithfully swapping those drives and nothing's happening.

Right. Right. Yep.

I've seen that before.

From a lessons learned perspective, you know, we we definitely learned the portion about having proper backups. And proper backups means not just having a local backup, but as Mario alluded to, a cloud based backup or an off-site backup. And preferably one that is what I call write once, meaning that we could you know, the the login name and password used by the server to, record the information or send it to the cloud backup can only write, and it cannot erase or overwrite or or anything. It's like sort of like a write once kind of philosophy. And then, of course, on our end, we can go in, and we can, you know, delete, and we can change.

But the the if the criminal got into the system, they would only be able to, essentially write a new backup, which wouldn't help them at all. The others the other piece is just, you know, it could have been prevented by having proper security in place and awareness more more specifically because as much as we can put bars on the windows, guards at the doors, you know, alarm systems all over the place, if somebody goes and opens up the back door, which in this case is what happened, that, you know, a user clicked on a link they weren't supposed to or, you know, did something they weren't supposed to, then, you know, none of that matters. So awareness is is making sure that the employees are are trained to what to look for and are actively, actively looking for it. So gamifying it in some way, to make it so that they're constantly looking for, you know, my emails that are trying to fool them so that while they're looking for mine, they're also looking for other people. So sort of all three of those pieces, backup security and awareness.

Yeah. Okay. Excuse me.

One one thing too I I wanna add is, like you know? And we I see this still to this day, you know, like, especially with QuickBooks, customers will come up and and and ask us, like, we keep getting this message. Should we back up? And I tell them, I'm like, listen, we're backing up your server, but you could never have enough backups. If you you know, especially with QuickBooks, it's very easy.

It just pops up. You click, you know, the backup button. You point to a USB and backup. You're it's not gonna cost you anything, you know, addition. You could never have too many backups.

You know, even if the, you know, QuickBooks now offers their own online backup. You're, you know, you're out what, maybe $99 a year. If you back up again, you're never, you know, we're responsible. We're monitoring it. We're checking it, you know, but it's also peace of mind.

You know, if if you wanna back up again, it's not going to hurt. You know, you can you're not screwing up anything by doing an additional backup.

Yeah. For sure. And one thing that we don't always think of is cloud, like our our cloud files, whether that's SharePoint or Dropbox or whatever. You're the software that you use, you know, like QuickBooks, QuickBooks Online. That's a good example.

I mean, what if they got hacked? You know, we don't we don't always we we assume that these people who are we're paying to protect our data aren't gonna get hacked, but they do. You know, a lot of the breaches we talk about are these great big organizations that are seemingly impervious, but no, they, you know, so find Yeah, we've got to find a way to back up, even the stuff that we don't always think about. Now I'm gonna actually, maybe rain on the parade a little bit as far as backups go because the breach I'm gonna talk about this number 1 was a pivotal moment in my life. And I'm sure I've talked about it here before.

I used to do these live seminars every month. And this was my opening story. It's kind of my battle cry. You know, I didn't get into business to fight crying. I don't have a degree in it.

I don't have training. You know, this isn't what I love. It's not my passion. I like to take shit apart and put it back together and make it work and do cool things. And I like to write programs, and, you know, that's my passion.

And Now you're a crime fighter.

Yeah. And I feel like I'm damn good at that. You know? From the time I was a little kid, I was building computers and breaking them and fixing them and, you know, and then I start my business and I'm so happy. You know, and then I start my business and I'm so happy about it.

I think I'm like running around with a cape, you know, like, look at me, I'm great. And then we got that call on a Friday afternoon. Like you said, Brian, probably 7 to 10 years ago, ransomware was on my radar. We thought we were doing everything we needed to do to protect against it. I mean, it was easy, just have a backup, like you guys have said.

And so the client calls and it's I mean, I remember it vividly because it's maybe late morning, maybe early afternoon on a Friday, and the guy calls up and he's like, hey. You know, we're down. We we remote in or whatever. And we, you know, clearly encrypted. And I'm I'm not even worried.

I'm not even phased. I'm just like, well, listen. Here's the deal. We can come over there right now. We're gonna have to work on it over the weekend.

It'll go run into after hours. There's a cost associated with that, or we can come in Monday morning and restore you from backup on the clock and you're already paying for unlimited service there. So you know, there'll be no charge. I'm like, he said, Yeah, let's do that. I lost no sleep that weekend.

You know, we went home, we did our thing, come back in Monday morning, strapped on my cape, flew down there Superman style, arrived in minutes, walked in, chest puffed out, and we had a solid backup in place. And I hit the button. The backups were intact. They were great. I mean, the it was one of the best backups in the industry, restored within, I think, less than an hour.

They're back up and running. And I'm just like, goddamn. I'm good. You know? We get in our there.

I think I took my best tech with me, maybe a couple. I don't know. I mean, we went in with the full force, get back in our cars. We're patting ourselves on the back. I mean, we're ears you're grinning ear to ear.

And the drive back to the office was just a little less than an hour. And by the time I got there, we had a message from this client saying, hey, we're encrypted again. It's like shit. So go back down, you know, like, all right. Well, clearly what we restored contained the the infected files or their remote access or whatever, right.

And so I restored from backup, but we just, like, use the time machine and we went back. You know, I think the first time around, we restored from Friday morning, because we got the call Friday afternoon or Friday late morning. So we're like, well, let's walk it back to Thursday. And we restored immediately encrypted again. So goddamn, okay, let's go back 2 days.

Still encrypted. I don't remember how far we went back. I think it was 2 or 3 weeks before we finally just thought it's game over, you know, like, we have solid backups, but those backups are infected. At this point, I did get a third party security team involved, and they were able to identify that they had gotten through the firewall. Somehow, they, they were coming from Russia.

So I will frequently talk about Russian hackers fighting Russian crime rings because that's literally what I was doing. And in this restore process, I felt like I was playing a game of chess because we would restore. We'd go on to the server, and I could watch them working. Like, it's moves and counter moves. I can watch them.

They'll create an account. I'll delete an account. You know? We were just it's like hand to hand combat before we finally, you know, the ultimate resolution was we we came in probably a it was a week or 2 later. I don't remember, because it's been on for a while.

And this this company was down. And we came in and we just wiped hard drives and started reinstalling. You know, we'd we'd copy off their profile data, we'd reinstall the OS on every workstation with the server turned off, and we get everything back up. Then we did the same thing with the server reinstall the operating system. But I knew I couldn't just restore the backup.

So I'm moving with all kinds of antivirus programs running. I'm moving file by file or folder by folder. And I did finally get one to get a hit on the antivirus software, which I assume is was their backdoor, as we call it. Right? And for whatever reason, it wasn't finding it until I did this, you know, moving them file at a time.

But I couldn't use the original operating system. And you guys know that means creating a new domain. Right? It's it's everything. I had to rebuild everything from the ground up because they had admin accounts.

They were just when you went in and looked at active directory on the server, you would see dozens of accounts that you don't recognize. And when you go and look a little deeper, they're all full administrator. Right? They had full rights, and you kill 1, but they had 4 or 5 more. And those were getting restored.

These admin, you know, credentials were getting restored as was whatever remote access software they had in in in place. So, this was a case where the backups were solid. We had local backups, we had cloud backups, we had, you know, we were following all the protocols, and it just didn't matter. So, you know, the emotional impact is probably the biggest disaster for this. This was a husband wife team business.

I mean, at least from what they're telling me, it damn near caused the divorce between them. They fired us even, you know, we did get them back, didn't charge him a penny for it, but they fired us, which it hurt because, like, I think we did a good job ultimately. And they got infected, you know, lesson learned, they got infected because they were running out of date Microsoft software. At the time, it was Microsoft Office. You know, we have Microsoft 365.

It's really easy to keep that up to date these days. But back then, getting somebody to shell out 2, $300 per person every couple years to update Office. Why? Office is working fine. It's all backwards compatible.

You know? And so we couldn't get them to take that leap and to buy the next version of Office. But they were running a very out of date version of Office. And that's what we we ended up determining was ultimately the problem. And so I kind of have a hard line with that when clients want to run old software, and they won't.

They won't do this. In fact, I've got a client on the chopping block right now who's running a server that's out of date. It's end of life. And you know, I'm giving them a little bit longer, but I'm probably gonna have to cut them. Because I don't want to go through this again.

This is a nightmare. You know, it's a nightmare for them. It's a nightmare for us. So, yeah, we that that was mine. He backups are our key.

I'll never say they're not. But in this case, what was more important was having up to date software. So that was that was my lesson.

Yeah. The thing is if I could say something like these these security updates that are coming out weekly or daily or monthly, they're coming out for a reason, you know, like, you know, these are vendors, Microsoft, Adobe, you know, Chrome, all these guys they're coming out with these updates and they're saying you need to update because it's it's not like they're putting a shiny new button somewhere. It's because there's

Right.

They found something that they need to fix. And a lot of times these hackers are what looking at the same, you know, feed that we are like, oh, there's a vulnerability with Google Chrome. You know? So they they exploit those vulnerabilities, but that's because somebody else discovered it then used it. And now everybody

else is aware

of it and publishes it.

Right.

So Right. So they're literally getting a red carpet to what these vulnerabilities are. And if if you're running something like, you know, Microsoft Office Word, I'm sorry, Windows and stuff like that, if there's no updates to fix these anymore because they're end of life, you're SOL. You know? Like, if they exploit something, they're going to you you can't do anything about it.

Well and yeah. Exactly. The

we

you I think both of you mentioned clicking a link. I know you did, Mario. Brandon, I don't remember if that's what you said. And and I've got to say this very carefully, because it's not that you can go out and just click whatever link you want. And if as long as your security stack is solid, you'll be okay.

But the odds are significantly worse when you're running these out of date applications because those links and like just like you said, they're designed to go out and look for, the known vulnerabilities running software somewhere where there's a known vulnerability. And if you don't have that, that malicious link you clicked, there's a good chance you're getting off. And we still need training. You know, we gotta keep get people to be more careful there. But they're pretty good with those links.

Like a lot of times, the one time I know I, I got hit with, I clicked a link that I shouldn't have. I was doing a lot of stuff on LinkedIn, and I got an email that said, Hey, so and so wants to connect or wants an appointment, you know, whatever it was, it was a great, great news came into my email, and it fit what I was working on. And I hit the link. And I knew as soon as I hit it, my computer just kind of it just kind of the browser opened and nothing happened. I was like, shit.

I should know better. But I didn't take the time to investigate that link and to look for the, you know, all the the training we do is to get people to just take a break. Before you click that link, find out where the link's going, look at who the email came from. You know, there are ways you can tell if it's legit or not. And I didn't do it because I was so excited, you know, and that's how they get you.

They they play on some emotion. It's either fear. It's excitement. It's, you know, you wanna deal. You're gonna get sued.

Your bank's after whatever. It's some high energy, high emotion right now. Whatever. And they get you. So yeah, it's critical to have all these protections in place.

But we've got to hit it from both angles. Right? You got to hit it from from the human angle and also from the technology angle. They've got to go hand in hand. Cool.

Alright, guys. Well, I think that's about all I've got, at least on my breach. We can kind of summarize here, but we've said it all. So we'll do that pretty quickly. And then we can wrap this thing up.

And Mario, you started talking first, so I guess I'll put Brian on the spot first, Brian. Overall, the 3 thing, 3 breaches we've talked about, Give us your your key takeaways, anything that you maybe will do something just a little bit different today before recording or at a minimum that you do different now before, you know, this stuff happened to you.

I'm gonna play a little bit on what you had said earlier regarding not, not taking no for an answer, with regards to clients who aren't, keeping up to date or refuse to take security seriously. That was something we did about a year ago. We switched from just, you know, sending out, you know, sort of notices and whatnot to outright, and I use the word lightly, like firing clients. You know, not that they're bad people, just that they they if they're not gonna take seriously the, the the security aspect, I don't wanna be the IT provider for them when they when they get hacked. So we had a lot of Break Tech clients, a lot of clients who are just, you know, call as you need, and we shifted, a lot of those, last year.

It came they came through an acquisition just after COVID, and we we kept them how they were. But, throughout the the the that year, we we moved everybody either to an agreement or gently and kindly, ask them to move, onto another provider. And the agreement was mostly just, like, you know, let us take care of security. At least let me do the basics to take care of your your network and your security so that you're not the low hanging fruit for all of these criminals. And I think that's so key.

One of the things that a lot of people don't realize about IT is that it's not a regulated industry. There is no association that guides us or or or or regulates us. We are sort of the Wild West out here. So there are a lot of providers who will just take on a client for the sale, and they will offer services at a discounted price just to get the sale. I mean, that's the equivalent of a doctor, you know, saying, hey.

I'm gonna operate on you without using all of these, you know, antiseptics and all these things just so I can keep the cost really, really low, and and, you know, you don't have to pay a lot. You know, it's just not ethical, and it's just not right, but it happens. So as long as folks are aware of that, then they can start looking at making decisions that are correct. And if I, for 1, don't want to be the reason why a client is is hacked. And so, going off what you said, just no longer taking clients that aren't letting us, at the very least, take care of security for them.

Right.

Okay. Mario?

Yeah. I mean, similar. I I actually had a call, with a client that still has, like, some outdated servers, and we've had the the call, like, okay. We really need to upgrade these. But now I I, you know, I I feel like I have to not only put it in writing like this, you know, here's the set date that we need to put and upgrade these servers to, or just be aware that if something happens, you know, it's not covered.

Like, we will not just do this part of our services. And it's because, you know, if you have a server, that's, like, 2 running 2,008, our tools are not built, you know, on those platforms. So it may not it it may let you install. It may not let you install, like, the the security tools on there, but you don't know if it's really working because it's not tested in a normal on a normal daily basis. So, you know, I I think we need to really start pushing a little more that, you know, we have to cover our asses as well, and we have to cover their asses.

And we, you know, we all talked about you know, like, I I talked about, like, it it took days, you know, for me to get this customer back up, and I really don't wanna ever go through that again. You know? And, and, honestly, it's not go we're not gonna get off lightly like we did, you know, 10 years ago. You know? This time, we're talking

about It's more sophisticated now.

Yeah. It's it's up 1,000 upon 1,000 of dollars. You know? And

they can't

you know? The I I forgot what the statistic is, but I think it's, like, 87% of, like, small businesses get breached, closed down within 2 years after that because they haven't been able, you know, to fully recover. Yeah. You know, don't quote me on the statistics, but I know it's something along those lines. But if if you can't if you don't have a full backup and are able to recover exactly where you were, you're gonna have a hard time.

Yeah.

I mean, statistics are fine. You can go out and find evidence to any position you wanna hold. This is true. I I mean, I actually have a page pulled up. I'm not gonna go over it because there's so many of them, but it's bleak.

Right? It it this is not somewhere that you wanna play. It's if you're not on your a game, it's going to happen to you. And even then there's there's a chance and so you better have a good way to get out of it, you know, a good remediation plan. You know, we've talked about that before the incident response plans and stuff like that, that that need to be in place.

So this was kind of a fun one today, guys. I I've I've learned some things or just kind of solidified some things in my mind that I really didn't expect to in the recording of this. And number 1, I might have been giving myself a little bit of a free pass on backups because I'll say, hey, backups aren't the only answer. But as I'm talking through this, I'm like, not only do we have to still have them, but you know, I said it out loud is that we've got to make sure that our our web apps are being backed up. Right offline off away from their system, their platform, a hardcopy or whatever, you know, I actually did that yesterday, I downloaded the full dataset, whatever you want to call it from one of my vendors.

And I put it on a flash drive and I labeled it and you know, it's not connected to anything. Nobody can get to it. And I've got it hidden. So but I need to do that better. I need to do it not just internally, but I need to do a better job of doing that with my clients.

One thing that I'm moving into is, I think I don't remember which of you mentioned that this is an unregulated industry. Was that you, Brian?

That was 1.

Yeah. And and that's that's kind of scary. But I would push back a little bit and say the regulations are out there. They're not on us. They're actually on our clients depending on their industry.

Correct.

But we can take that information and we can self regulate it. You know, we don't have to wait until the government comes and says do this or else. And so one of the areas that I'm moving into and and getting more serious about, I've been doing it to some extent for a while, is compliance, regulatory compliance. And so I've got the systems that I'm I'm implementing now that will allow me to audit my clients against regulations. But one of the other features of it is we can set our internal standards.

Right? So cloud backup being an example or up to date software. And we create those standards that even those there's best best practices for all industries. Right? So that's pretty easy to pull that.

We don't even have to write them. And I'm gonna be do better at auditing myself and my clients. And just bringing awareness to this, if nothing else, I can go to my client and say, hey, yeah, we've got your server backed up, but we aren't currently backing up, you know, your your HR software or something like that. So that if it happens, they're not coming to me and saying, hey, Justin. I thought you had this under control.

I'm like, no. You didn't. Let's pull the notes from our meeting 6 months ago where I told you this, and you said it wasn't important. Remember that?

Yeah. There's a Hope

you all use a different tone, but, you know, we at least need to have this out in the air. Right? And now these these assessments are very time consuming. These are not free. I don't even sell them.

This is only for my paying clients. I'll shift away from that and talk about, you know, what we do offer for free. It is a very small subset of what I'm talking about. But let's go ahead and and offer that because if, you know, this is just gonna be a standing offer for us. The the most important thing we can do, we've always got t key takeaways, lessons learned.

But the most important thing we can do, in my opinion, is get somebody else's eyes on our work. Like, and I don't care how good you client or us as providers think we have it dialed in. God, get somebody else to look at it and make sure we're not missing something. So, that, I feel like I've been on a full rant. I'm gonna give both of you guys a couple of minutes for any closing arguments, and then we'll wrap up with the website where you can go get that free assessment we're talking about.

Mario, you wanna go first?

Yeah. So I you know, to wrap up, it's you know, you have to you have to trust in your in your IT people. You have to trust that they have, your best interests, in heart at heart and that, you know, they're gonna do what they you know, you need to, you know, to be protected, that they're gonna you know, they're they're not just trying to fatten their pockets. At least we are not, trying to fatten our pockets because

because we could make more money if you guys got breached. I'm telling you. Exactly. We'll get breached, please. Make my day.

You know,

you know, if if if a customer says no, we don't need it, we're like, alright. No problem. But, you know, if it happens, you know, we'll we'll help you, but, you know, the clock is ticking. You know? But we don't want that.

We don't want I I you know? And this is why we went up to manage services because we don't wanna make money when customers are having problems. We wanna make money when they're happy and they wanna stay with us for 10, 20 years.

Right.

Absolutely. You know, you know, take their advice, you know, and get a second opinion. If you're if you have doubt, get a second opinion. Nobody's gonna charge you for a second.

Oh, no. You correct you.

Or not.

Let me correct you. If you don't have doubts, that's when you need a second opinion more than anything. That complacency, god, that's what gets us. Yep.

Yeah. Yeah. I agree. That's it. That's it for me.

Alright, Brian. Final thoughts?

I'll keep it really brief. Plan. Have an incident response plan. Plan for for for the cybersecurity stuff. Make sure that you're not just, sweeping it under the rug and saying move on.

You know, have a plan, and and you'll be further ahead than 90% of the people out there 90% of the companies out there.

Yep. Like you always say, right, don't be part of that low hanging fruit category. That's the best like, that's that's ultimately what we're trying to accomplish. Quick, quick, quick story. When I was I used to work for Loomis armored, packed money around, carried a gun.

It was exciting job, paid shit. But, in in the training, the safety training, that's what they would tell us is, like, you're not going to stop crime. You're not gonna stop people from robbing these armored cars. That's always gonna happen. What you can hope to do is make it happen to somebody else.

Right.

Like that's sick and twisted, but like, guys, that's what we're doing. These criminals are out there. They're coming for money. They're gonna get money. Make it happen to somebody else.

That's that's kind of the sad reality of it. So, step 1 to making that happen to somebody else is not everybody's gonna call us and take advantage of this free assessment, the vulnerability assessment that we're offering. So, do that. Go to unhacked.live, not.com, not.net. Unhacked.live.

And, all of our contact information is there and book that assessment and that assessment and at least get the ball rolling. So alright, guys. That is all I've got. Thanks for being on here today and sharing some, maybe kind of some personal stories. But hopefully, we've all learned something from it.

And, we'll see you guys next week.

Until next week, guys. Have a

good one.