16. A Security-Minded Culture is Your Best Defense in the War on Cyber Crime
Alright. Welcome everybody to episode 16 of UnHacked. Starting today with a few technical difficulties because last week, we didn't stream live. And so I broke all the streaming, and then I tried to connect again, and it didn't work. Damn it.
Justin:Anyways, here we go. Episode 16, guys. So UnHacked is a podcast where we like to empower busy and overwhelmed business owners who may or may not be concerned about, you know, cybersecurity. They need to outsmart all these Russian hackers that are, you know, coming for their bank accounts, their technology, their data. I mean, ideally, we're gonna help you, safeguard your future.
Justin:So that's what we are all about. There's a lot of noise out there in the world of cybersecurity, and so we're gonna help you filter through it all. Boil it down to the nuts and bolts where you're gonna get the best ROI bang for your buck in both time, money, effort, maybe a few less sleepless nights. And, you know, hopefully just instill a sense of hope. Right?
Justin:So, because it can feel hopeless just a little bit. Let's do a quick introduction. Brian, if you'll go first, then Mario, where who are you guys? What are you all about? Where are you from?
Bryan:Sure. Bryan Lachapelle with B4 Networks based out of Ontario, Canada. That's it,
Mario:Mario. That was quick.
Bryan:That was quick. Said quick.
Mario:Yeah. You caught me off guard with that one. Mario, Zachy, owner of Mastech IT. We are located in New Jersey, about 15 minutes away from man well, 15 miles away from Manhattan, probably about 2 hours.
Justin:Yeah.
Mario:Servicing servicing the entire tri state area.
Justin:I'm gonna keep bragging about you, Mario. You just won a national competition for the best IT company, in this group of roughly a 1,000 IT companies. So congrats. And, it really is a privilege to hang out with you guys week after week, and I do feel like I grow smarter. My name is Justin Shelley.
Justin:I am with Phoenix IT Advisors. We do business in both Nevada and Texas. So, today, we're gonna try to change up the format a little bit. We're gonna try to be a little more concise, a little bit less wordy, and hopefully deliver a little bit more value and and maybe get this into, an average commute time rather than rambling for an hour as I continue to ramble. So, jumping right in.
Justin:Today, we're talking about one of the things that is most dear to me in the world of cybersecurity, which is culture. I think if we're going to win this battle, we are fighting major crime rings. This is not as, a game. It's not child's play. This is real stuff.
Justin:And I think the only way we're gonna do it, we can put all the technology in place we want, but it just takes 1, uninformed or well meaning user to click the wrong thing or do the wrong thing and blow up the whole system. Right? So, we're gonna talk a little bit about culture today and, you know, we're each gonna come with our own story, our own take on culture. And what I just really wanna start with is that, this is one of the weirdest things in society where the victims of crime are kind of presented as perpetrators. We get Right.
Justin:Investigated. We get fined. We get sued when we're the victims of crime. This is a problem. As business owners, you know, that's who we're talking to, and I will just for a second talk about myself as a business owner.
Justin:I worry about this. I worry about what's gonna happen if somebody gets into me because it's just you know, I've got my business. Of course, I've got my clients I have to protect, but, like, I it causes me to not sleep at night. And so we're trying to take that burden from you, the other business owners out there, and and give you that sense of hope. So, with that, I'm gonna stop rambling.
Justin:And, Brian, what I'd like you to do is just jump right in with what your take is on company culture as it pertains to cybercrime.
Bryan:Great. So before I do that, I just wanted to touch base on what you just said. If Justin is losing sleep over this stuff and he's an expert in in in cybersecurity and and knowing exactly what it requires to be protected, you should be also losing sleep over this. So I'll I'll leave it at that. Yeah.
Bryan:So I'm gonna start with, my take on company culture with just a little bit of a story. So I want you to imagine you're stepping into a brand new job. Right? You're you're an intern. You're new to an organization, and, obviously, you're eager and you wanna make a great first impression.
Bryan:Now I want you to imagine that your within your 1st week, you received what you pertain as being, like, an urgent email from the CEO. Right? Like, big bad scary CEO, and they're demanding immediate action. Like, they want you to do something right then and there. And, for us, this was the reality for one of, the interns at a well respected construction firm that we deal with, and they're known for their reliability.
Bryan:They're standing in the local community. Well, this firm, although they're small, they got about 10 to 20, office employees. They built a solid reputation over the years. Their commitment to quality was, like, bar none paramount. Right?
Bryan:Yet beneath the service, their lurk lurked a little bit of a glaring oversight. So just jumping into what happened, the intern acting on what she believed was a direct order from the CEO was instructed to, of course, go and buy $5,000 in gift cards. We've heard this one dozens of times. Right? This this is an easy one, guys.
Bryan:Right? Like, they people should know. But under the pressure of being told that, hey, You know, this is super confidential. I need you to do this right away. Do not talk to anybody else in the office, especially, you know, x y z name, and I won't mention the name in case people can put 2 and 2 together.
Bryan:Anyway, it was only after the money was spent that the truth came to light. Right? So this poor intern, she went and bought $5,000 worth of gift cards, and provided it to the criminals. It was an innocent mistake by an unsuspecting, you know, intern. It could have been a lot worse, Right?
Bryan:Maybe they could have said like we need to connect to your computer to do some work or whatever. Right? Maybe pretending they're the IT company. So thankfully, you know, as as far as consequences go, though, the company managed to absorb the financial hit reimbursing her for the $5,000. It did expose a very critical vulnerability in their cybersecurity practice and the lack of training.
Bryan:So it's a very eye opening experience. It led to swift overhaul of all of their security precautions, including mandatory cybersecurity awareness training for all of their staff, which I was very happy about. Strict verification process on any financial transaction. So a simple phone call to verify over the phone, like, hey. With with a number you know, by the way, I should I should add, not just the number they give you.
Bryan:Verifying financial transactions, verbally with somebody you you know personally. And anyway, so the the story just serves as a powerful reminder that just because you've heard it all and you've done it before, it doesn't necessarily mean your employees do. And so the security of your operations, the trust, that your community has put into you as a business owner, and and as your clients have put into you is only as strong as your most vulnerable link. Right? Don't wait until something happens.
Bryan:Don't wait until the crisis finds you before you start making some of these decisions on on training. Assume at every point in time that you are, potentially breached or going to be breached and make sure that your staff are well informed every step of the way.
Justin:Yeah. Yeah. For sure. Mario, you have any thoughts on that?
Mario:I I do. And and, I know we I get this question a lot, and you guys probably get the same question is, how are these people finding these new people that are working there? And it's actually very simple. What these hackers are doing is they're taking advantage of somebody being so proud that they got a new job at your at this company. They're posting it on social media, especially LinkedIn.
Mario:They just got, you know, a either a promotion or they just got, you know, accepted into this company that they wanted, so they're telling the world about it. And hackers are doing the same thing like we do. We're researching constantly. So what they're doing is they see, oh, well, here's, you know, some new fish in the pond. Let's let's see if we could catch it.
Mario:And it works because the person at that point doesn't know, you know, what they're really supposed to do. They get nervous, so they're gonna try to cooperate with what it looks like as the CEO that
Justin:just gave her
Mario:on the job. CEO.
Bryan:Yeah. And and the funny thing is is that criminals are they're using automation to find these people. They're not even, like, manually searching LinkedIn like we do. They're they're scraping, that that with with automation tools. So
Mario:Yeah. Yeah. Their their job has gotten a lot better or a lot easier since the emergence of AI.
Justin:Yeah. Yeah. Sure. Alright. So you're talking about end user training education.
Justin:Right? You've got new people that are coming on board. We're putting a lot of trust in them. We're giving it. We're empowering them.
Justin:You know? And then the the end user education. So my thought on that as you're talking about it is this is my most difficult sell to even to existing clients is to get them to do the the end user education, the training because I mean, I'll just be honest. I don't ever show up at work and think, I wonder what I'm gonna do today with my time. I show up to work with a list of to do tasks, you know, a mile long, and that's just the to do stuff, the noise.
Justin:I've also got quarterly objectives. I've got annual goals I'm trying to hit. I've got people that are pinging I mean, like, I show up so overwhelmed at work that the last thing I'm thinking is, how can I spend 5 more minutes running through a quick security tutorial?
Bryan:Yeah.
Justin:You know? And and I do hope that, you know, whether it's through this podcast or or through culture as we're talking about, somehow we can, you know, just find a way to to tip that scale a little bit just to get people constantly thinking about it. That is point of the training. It's not like in these training modules, we're learning brand new stuff. Most of the time, it's just, hey, guys.
Justin:Let's think about this.
Bryan:They call it awareness.
Justin:For a reason. Awareness. Exactly.
Bryan:Keep it top of mind on everything you do.
Justin:Yeah. Yeah. As far as oh, go ahead.
Mario:And then they're all they're they're doing training. You know, most of these places are doing constant training, you know, for their employees either when they first get hired or just ongoing basis. You know? Mhmm. It is just one extra thing that they have to do.
Justin:So what I would what I would say to that is training for the sake of training becomes noise. And what we really need to do is shift this to a mindset, to a culture where it's not another task. Like, this is who we are as an organization. We are a group that bands together, a, to take care of our customers, clients, patients, whatever we call them, and b, to protect the company, to protect our assets, to protect our identity. That is what we do as a culture, as a society.
Justin:So it's not, you know, the HR director beating people over the head with a stick saying, you gotta do your 5 minute training. It's the CEO coming in and saying, hey. You know what? I was watching that training that we all watch, and here's what I picked up. Do you guys have any thoughts?
Justin:You know? And so, I'm gonna take that and I'm gonna, segue into the and this is a story I've used in countless presentations. I don't generally like to call out specific organizations. I say that and then I always do it. So maybe I do like to call people out.
Bryan:You do.
Justin:You know what? And and
Mario:So I
Bryan:Hey. Watch it.
Justin:It was personal. That hurt. The you know, in in my backyard, the city of Fort Worth back in 2019 got themselves into a little bit of hot water. And, you know, to tell the story, we have to back up 2 years. So in 2017, they went out and they hired, just gonna call him new guy.
Justin:And new guy's job was to oversee data security. He had 20 years of experience. This wasn't a rookie. He knew what he was doing. And he came in, and almost instantly, he discovers that the city is 90% out of compliance
Bryan:Yeah.
Justin:With the industry standards. Like and that's what we talk about week after week is the basics, the standards. I mean, it's it is a lot. Right? But we're not talking about advanced level stuff.
Justin:90% out of compliance with the basics. He discovers that hackers had stolen a half a $1,000,000, just over a half a $1,000,000. And the fun one, he discovered that city employees who had a criminal record had somehow gained access to the FBI's criminal justice information system database. So these are some glaring problems, and, like, you know, new guy goes to his superiors. He's like, hey.
Justin:Don't know if y'all are aware of this, but I found some problems, and here's how we fix them. And his superiors told him to sit down and shut up. This is where, like, culture just hits home for me. Right there, the the proper approach in my opinion is, hey, new guy. Fantastic.
Justin:And we are gonna get our HR person I'm sorry, our our PR person and our attorneys, and we're gonna get in a room, and we're gonna figure out how to present this to the public in a way that shows we're being proactive. But what they said instead was this would require a public disclosure of the deficiencies, so we're not gonna do shit. And don't you say a word, new guy. You get back to your little corner. Right.
Justin:And forget that we hired you to watch out for all this stuff. And he's like, screw that. And he files whatever with the Texas Department of Public Safety becomes a whistleblower. Surprisingly, he gets fired, and then he turns around and sues the city. I mean, so this could have been headed off at the beginning by the the culture, by the people at the top, but instead it turned into a nightmare for everybody involved.
Justin:Now my disclaimer is I don't have any personal information here. I say this over and over. I'm reading news articles, and I'm making my own assessments. There is another side to this. The city has their side.
Justin:They deny most of this. Fine. And I'm not gonna get into anything other than the story and the point it illustrates, which I have seen versions of this over and over in, you know, personally. We have because we are portrayed as the perpetrators when we get hacked, we're the ones who have to face the press. We have to face our clients.
Justin:We have to face the government. We have to face attorneys. Like, for fuck's sakes, we're not the bad guys, but here we are in the hot seat. And so when we find something, it was
Mario:like, shh.
Bryan:Don't tell anybody. Yeah.
Justin:Right? And that that in my mind is the number one problem in cybersecurity.
Bryan:Thoughts? What do
Justin:you guys think?
Bryan:Oh, absolutely. I you have no idea how many times I've I get calls from, from organizations or businesses where, they've been compromised and they're trying to keep it on the down low because they're afraid of, you know, all the ramifications surrounding it. And, you know, there's disclosure rules. Like, there's there's there's laws that surround all this that you have to you have to disclose, and so keeping it hush-hush is worse than the incident occurring in the first place because now you're you're consciously making a decision to break the law. Right?
Bryan:And so Yeah. From my perspective, it it would be for to disclose and and say, yo, hey, we're gonna fix this. In fact, especially if you're you're in any kind of industry, who you gonna trust more? Somebody who went, yeah, yeah, we we found this. We're disclosing it, and we're working to fix it, and it'll never happen again, or we'll do we're putting in these processes to hopefully allow it never to happen again or the company that hides it and then they find out like, the public finds out, you know, months later or weeks later that it was disclo it was found and not disclosed, and they tried to hide it.
Bryan:Like, which one are you gonna believe more in the future? Which organization are you gonna wanna work with in the future? Probably the one that was more open and honest and and disclosed. Right?
Justin:Yeah. Hopefully. I mean, in the end, the bigger problem that we can't fix is that, there is financial and social reasons, motivations to keep this stuff quiet. Like, it's not just embarrassing. It comes with some serious penalties for the victims of crime.
Justin:It's it's a really bad system we have set up, but, you know, give me another option. I don't know what it is because we can't find the bad guys. They're all hiding in Russia. Mario, would you add some thoughts there? Yeah.
Mario:No. I agree. And not knowledge is key. Like, you're you're doing a disservice to your customers if you're keeping things, you know, quiet. Like, you know, like, the the Home Depot that got hacked and, you know, I don't know how many 1000000 credit cards were leaked.
Mario:You know, they owned they owned up to it, and people were aware. Okay. I need to watch my credit card statements. You know? Okay.
Mario:This happened. You know? A lot of people understand the world we live in now, but they they and they'll understand if something happens, but they
Justin:don't get over the fact that you were trying to hide it from a more wide one.
Mario:They they actually cling on to that more than the actual initial issue. Yeah. And, I mean, that initial
Justin:issue. Yeah. And I mean, that it it is a huge problem, and I wanna point out the other problem of, you know, that be I would say that that is the underlying problem, but it creates the real problem of we set up a culture within our organizations of hush. You know, because at the top, top, they're hush-hush. And, like, then throughout, it's
Bryan:it's systemic. Mhmm.
Justin:Instead of saying, congratulations. Thank you for pointing that out. Let's get it fixed. We're, like, shh, don't tell anybody, and it's it's top to bottom a lot of times. And so, Brian, you're coming in to an organization, for example, and you're you're giving them training.
Justin:And in the case you made, they had real reason. They've already got caught with their pants down ish. Right?
Bryan:But it was a it was a it was a
Justin:it was a small.
Bryan:It wasn't actually a breach of security in the sense that, you know, somebody got in their systems.
Justin:Right. But it's hard for organizations who haven't been through something like that to say, hey, you know, to to make that change, we're gonna pivot, and we're gonna go from this toxic culture of shut up, sit down, don't say anything to we're gonna celebrate. We're gonna give you a Starbucks gift card. I don't know. Something.
Justin:When you bring something to my attention that I missed
Bryan:Mhmm.
Justin:Like, we're we're gonna celebrate that. And I will tell you, I I tell my team that in weekly meetings, I had say this. Like, if if you're gonna sit here and tell me what a great job I'm doing, I don't need you. I already know I'm a badass. I don't need you confirming that.
Justin:What I want you doing is showing me where I'm screwing up. Like, that's what I'm paying you for. And I I I don't know. Maybe it's an ego thing, but anyway, so that I really do believe that this is a a huge probably the number one problem we have to solve is is this culture. So, unless you guys have any more thoughts on that, Mario, why don't you go ahead and, give your illustration?
Mario:So for my my it was like, my story was actually a prospect that we sat down with, a couple months ago, and we did a security network assessment for them. And prior to actually running the test, we, you know, we they brought us in. Like, yeah, you know, we're currently working with somebody, and we're trying to reduce our IT costs. And, you know, they're telling me, oh, well, you know, our existing MSP is trying to get us to sign up for, you know, security training. They want us to use the, you know, their firewall.
Mario:They want us to use, you know, 2 factor authentication. And I'm like, okay. They're all good things. You know, I'm like, pause right there. I'm like, listen.
Mario:You know, we can make this meeting much shorter if you want because we're gonna require a lot of those things ourselves. Maybe more. You know? And, you know, they're like, well, we're maybe open to it as long as it doesn't cost us, like, an arm and a leg. You know?
Mario:And I'm like, okay. Alright. You know, let's you know, before we start talking costs, let's see what we're getting ourselves into. We do the assessment. We come back with them, and we're going all over, you know, the cost.
Mario:Then, you know, we keep things very simple. We have, like, one main package. And everything that we're talking about, you know, we're gonna enable 2FA. We're gonna use our firewall. We're gonna use this.
Mario:We're gonna use that, and we have everything itemized. And they wanted to say well, they started saying, well, if we take this out, can we save any money? If we take this out, can we save any money? If we use the the router that's coming from the Internet service provider, can we save some money? I told them no.
Mario:You know, I'm like, no matter if you do this or not, first of all, if you don't do it, we're not gonna service you. If you, you know, if you somehow we do agree not to do it, we're it's gonna be the same price. And the more I started talking to them, the more I realized it was all you know, it was not that they were trying to be cheap, but they just felt like their security was not a priority for them. For them, it was, saving a couple dollars here and there was their priority. And I told them, like, why do you not wanna enable 2 factor authentication?
Mario:Like, well, you know, some of our employees don't wanna use their personal phones. And we were sitting in a in a, like, a glass conference room, and I looked out to my left. I'm like, I see 2 employees right now using their personal cell phones. They're probably even texting each other. I'm like, those same employees that don't wanna use their personal cell phones are the ones using personal cell phones at the moment.
Mario:And the more we started digging into it, it's like we just felt like from the owner down. He didn't want to actually put any of this culture in place. He didn't wanna have security as a focus. He didn't want to have to make sure that their employees are well educated and well prepped. Later, we discovered, like, it was you know, they were sharing, like, serial numb you know, like, software, you know, among each other and stuff like that.
Mario:I think, like, 3 of them were working off their same email address and stuff like that. But, you know, later on, I you know, we told them, like, listen. You know, I I we don't want you know, unless you're willing to change this whole thing, we don't think we can service you. You know? And we you know?
Mario:Because we don't wanna sit there and fight, you know, every week or every month saying, hey. We need to enable 2FA. We need to enable 2FA. We need to update this. We need to purchase this because it's we're not in the we're not trying to fight and argue, you know, with each other.
Mario:So I felt that it was like the culture of them was just not you know, you need to be focused on protecting not only your company, protecting your employees, protecting your customers, and they didn't seem like they're aligned with that.
Bryan:I I I wanted to add in a couple of things, Mario, because I think what you just talked about, about, you know, all the different pieces of of the puzzle that you came up with that you you designed and engineered surrounding protecting your your your clients, has a lot of thought put into it. Right? There's a lot of thought put in every single toolset that you use. And it's like when you go to a restaurant and and and you heard from everybody in town that this restaurant makes the absolutely best cake or dessert or whatever, and you're like, I'm gonna go try that. And you get there, and you're like, hey.
Bryan:Can I talk to the chef before I order this thing? I wanna see what the ingredients are. Right? And then you talk to the chef, and you're like, woah. I didn't realize you guys have flour in there.
Bryan:Can you take that out? Right? Oh, I didn't realize you guys have this piece here. Can you take that out? Right?
Bryan:You're not gonna get the results of what everybody else was talking about. Right? You're not gonna get the result that you were expecting. And so when somebody says, like, I don't want these pieces in there, you're not gonna get the result that we're promising and what our other clients experience because if you don't have the puzzle pieces, you're not gonna have that. You're not gonna have the same the same experience.
Bryan:Not to mention, the way that most of our organizations work is that standardization brings down cost. And if you have something that's slightly off and or different than everybody else, now I have to I have to actually charge more for that, not less, because that requires us to learn and support a different tool that we're not used to. So I just wanted to, like, reinforce that part.
Mario:No. That's true. Yeah. It's true. If you go into a restaurant and tell them, oh, yeah.
Mario:You know, I want you to add caviar to the side of my plate. Yeah. It's gonna cost more. You know? But, yeah, I completely agree.
Justin:I love the recipe analogy, you know, because we do come with a result. That that really is what we should be focusing on. And so many times we get stuck in the weeds of what does this cost? What does that cost? How do we, you know, can we cut this?
Justin:Can we cut that? And still get the same results. So, no, you can't. You know, you've you've got a baseline, and this is why we keep talking about industry standards. Like, there are things that we just know we have to do to get us out of the low hanging fruit category.
Justin:Yeah. Right? But the thing about it is like, we're not talking about a huge cost here. Yes. It costs money.
Justin:But when when a as a business owner, I'm looking at my p and l, cybersecurity isn't at the top. If I just, you know, sort it in a descending order by value, that's not at the top of the list. You know what is? Payroll. Mhmm.
Justin:So we we might be talking about, you know, the cost. Maybe it's 1 or 2% of payroll. Maybe it's 3% of payroll. I don't know. What would it take for you to raise your prices by 1 or 2% or 3%?
Justin:Is a client even gonna know it? You can find that money, but what's the real cost of a breach? You know, the cost of the prevention is pretty minimal when you look at it in comparison to your real expenses, you know, your your your payroll, your building costs, your, you know, all that. This is pretty cheap insurance, but the cost of a breach, I mean, it's game over in most cases.
Bryan:The price is less than than than, between a dollar to $2 per user, per hour. Right? When you think about it, like, it's it's like the salary difference would be, like, so insignificantly minimal, to to protect.
Justin:Right. You could yeah. If if you gave them a raise equivalent to the cost of, you you know, taking them to making them more efficient, it's not noticeable. That's the thing. Yeah.
Justin:That just drives me crazy. So what I would like to do, Mario, in your situation, if somebody's doing all that, I would love to just look them right in the eye and say, mister Bo business owner, what's your resume looking like? You may wanna brush that up because you're gonna be fucked here pretty soon. Go start looking for a job. Good day, sir.
Justin:Yeah. Turn around and walk out. Yeah. Like, that's the stakes we're talking about. This isn't I don't know.
Justin:I'm gonna I'm gonna take a breath, guys, and we're gonna start winding this thing down, because like I said, we're gonna try to keep these shorter. So let's let's run through Brian, Mario, then then me, and we'll just do real quick key takeaways from today as far as culture goes. What what can we learn? What does our business owner who's listening today need to know about creating a culture in their business that will protect them from this ongoing persistent threat of cybercrime.
Bryan:Yeah.
Justin:Brian? I'm gonna wrap
Bryan:it up the same way I wrap up most of the calls, and that is, if we go into everything we do in business, cybersecurity being one of them, with the intent
Justin:that we are going to improve every single
Bryan:day by at least 1%, then we are gonna make a huge significant impact in the overall scheme of things. Right? 37 times better by the end of the year after 365 days. So if we just look at it and say, hey, we're not asking folks to spend 5 hours in a cybersecurity seminar to figure out what what's going wrong and and what are the things they need to look at. Less than 5 minutes a day.
Bryan:In fact, most of our videos are coming in at, like, 3, 4 minutes each, per week. Right? So very insignificant amount of time, and and the idea that builds upon itself over and over again, and we're just keeping that culture of of getting better 1%. And yeah. So get better 1% every single day, and you'll be amazed at the difference that one little change could make.
Justin:Alright. Mario?
Mario:What I I'm what I think is it needs to start from the top down. It needs to, you know, it needs to start from the the owners. I mean, we ourselves you know, I pry myself. I've been doing this for 25 something years now. I have myself enrolled in cybersecurity training or sorry.
Mario:Phishing training. And when I I obviously, you know, I know that they're coming in. I don't know the exact day and time because we randomize it, but I do it myself. I lead my not only my employees, I lead by example, but I lead my customers as an example. Like, what's what you we want you guys to do is what we do for ourselves as well.
Mario:You know? And we're not gonna recommend something to you guys and think we're too good for. You know? And, you know, I every platform that is out there, the owner or the manager is able to see if their employees have clicked or have actually enrolled the in the training, and they need to, like, you know, not yell at them, but, like, listen. You know, we noticed you didn't watch, you know, do any of the training this month.
Mario:You know, it's really important education, you know, that you expand on your education and learn about this stuff. There's some good stuff just like Brian said, making it like a game, like, hey, did you guys see this, the training this week? That was actually pretty interesting. You know, it it has to come from the owner down. Otherwise, you don't expect your employees to actually do it.
Mario:They're gonna they're gonna follow you. They're you're you're their leaders, and you have to lead them in the right direction.
Justin:Yeah. I I would agree with everything you guys have said. My best advice to business owners to create this culture, you know, like you said, Mario, you've got to start at the top. Put it if you're having weekly meetings, put it as a line on your agenda, and come in with what you've learned, ask questions about what they see. You know, what are you guys seeing in the news?
Justin:What am what am I missing as a business owner? Where are my blind spots? You know, where where do you think based on the training you've taken, where do you think we're most likely to get hacked? How can I protect you? How can I protect your job, your information, your money, like I'm trying to protect mine and just make that part of the dialogue all the time?
Justin:I really think that is the best, hope we have at at fighting this because if we aren't doing this, like, I don't I don't really think we have a chance. And again, you better dust off your resume and start looking for another job because you're not gonna survive this. So the formula that yeah. You know, everybody's got their take on it right, but we have to assess. We gotta put the basics in place.
Justin:We have to assess those on an ongoing basis. We have to know where our our weaknesses are and fill those gaps, and then we wrap it up with, cybersecurity insurance policy. Assessments that we offer, and we'll give you that. We'll give you the your assessments that we offer, and we'll give you that. We'll give you the your gap assessment, you know, your road map and tell you how to fix all this stuff, throw some insurance on it, and taking that.
Justin:You know what? Go sleep easy tonight. So that's all I've got. Final words, Brian or Mario?
Mario:No. I you know, everything looks good. I appreciate it.
Justin:Alright. We'll wrap up. We'll see you guys next week. Take care.
Mario:Bye, guys.