UnHacked

Welcome everybody to episode 30 of unhacked. Guys, unhacked is a podcast where we, we talk to and coach business owners who have been severely breached, all their money robbed, their data stolen, and we teach them how to get it all back to the way it was before the breach. Correct?

Yeah. That'd be nice if it was the way it worked.

Oh, if only. I mean, like I said, the title's a little bit of a deliberate misnomer, because the reality of this is with proper procedures, with proper measures in place, we can prevent about 97% of data breaches of lost money, lost time, lost data. But once you've been hit, you cannot get fully unhacked. So, week after week, we sit here. We we break this down.

We discuss. We coach business owners not on how to get unhacked, but how to prevent it from ever happening in the first place because that's the only way that it'll really, that we can really play this game. We've got the formula. We're gonna bring that in at the end of the show here. Let's do some quick introductions.

I am Justin Shelley, CEO of Phoenix IT Advisors. I work with businesses in the Dallas Metro as well as, out west in Nevada, Utah, and Idaho. And I am, as always, sitting here with my good friends and cohosts, Mario Zaki. Mario, tell everybody who you are, what you do, and who you do it for.

Yeah. Mario Zaki, CEO of MasTec IT. We service small businesses, to keep them protected from the dark web and hackers and stuff like that. You know, we service the New York, New Jersey area and been doing it for a long time.

Alright. Brian, what, same question.

Yeah. Brian Lachpiel. Yep. President and CEO of B4 Networks. We're based out of the Niagara region in Ontario, Canada, and we support, just about the entire the entirety of the Southern Ontario region.

And essentially we help businesses streamline their IT services. We provide everything from day to day support and long term cybersecurity strategies. And typically we'll work with greenhouses, professional services firms, manufacturing companies, and things like that to help them keep their systems running smoothly.

Alright. And, guys, today, this is this is kind of a fun title. We are going to answer the burning question that I know all of our listening audience has, which is what in the hell is the dark web anyways?

I'm sure they dream about it.

I'm sure. It's on everybody's mind.

I

overwhelming amount of fan mail asking

us what that is. What is the dark web?

I, I asked Mario before you got on Brian if he he was a fan of the show Letterkenny. I think I've asked you this before and you were not impressed at all. But anyways, don't answer that. We'll say that way. But they have an episode where they talk about the dark web, and every time they say it, they have to say dark web.

They can't they have to whisper it. The dark web is not a good place to hang out. Right? So we're gonna get into what it is, what you can do there, depending on your intentions, and and what it means for us. And then we're going to break down a breach.

Now if you guys heard of the breach, this was actually last year, 23andme. You're familiar with the website, familiar with what they do, and you know they were breached last year. Right? So right now, they're in the middle of actually, trying to get a settlement approved, and so we're gonna talk about that. And then at the end, of course, as always, we're going to wrap it up with our formula for how to protect your businesses from the likes of Boris Grashchenko.

Let's get started. Guys, I have a pop quiz for you. We are recording today at September 26th. And, hey, listen. If you've read the notes, you are well well aware that this question's coming.

Today's September 26th, but I published these, a few days later. They usually come out Tuesday morning. Which will be October 1st? Brian, Mario, what is October? Cyber security awareness month.

Yeah. One of our, one of our other friends is like, hey guys, Should we should I jump on well, Brender, you no secret here because he's gonna be on. Should we should we come up a theme for cybersecurity awareness month? I'm like, Brender, the theme is cybersecurity all the time.

All the time.

So, like, I don't know how to answer your question, but we did come up with a really good answer. Actually, I kinda like it. So we're gonna take the next 4 weeks of of October, and we will release 4 sequential episodes where we go through in detail the steps that you should take to protect your business, the formula that I always talk about. What are the industry standards that we talk about? How do you put them in place?

What, what you do to wrap that up with policies and procedures and then cybersecurity insurance? Listen to those 4 episodes, take notes, and protect your business. So that is what's coming today. Like I said, we're gonna talk a little bit about 23 andMe. We're gonna talk a little bit about the dark web, and I guess it's just time What

if for October, we just don't talk IT at all? We just let's just do sports

for Opposite day. I mean We use metaphors that that can relate back to cybersecurity.

Well, listen. We have our planning meeting tomorrow, Mario. Go ahead and bring all your notes for that, and we'll discuss.

I'll make sure I'll make sure I mention that.

Alright. So guys, we're gonna jump into our breach that we wanna break down. And again, it's old news as far as the breach itself, but we will talk about it just as kind of a refresher, where 23andme was hit and how it was done, what's the impact, how do we make that happen to somebody else. Because like I said before, there's no we're not gonna turn off cybersecurity or or sorry, cybercrime. It's going to happen.

And the best, unfortunately, that we can hope for is to make it happen to somebody else. I hate that, but it's what I learned when I worked for Loomis armored and I was in, you know, gun training. It's like, hey, here's how to not get robbed. You make somebody else get robbed. I'm like, shit.

That sucks. Here's how to not die. You make somebody else die. I was like, goddamn. This is and and I didn't work that job much longer because I don't have the stomach for that.

But here we are. It is still the best we can hope for. So 23andme, now you all are both familiar with this breach. Do you do you recall, and we don't need a lot of details, just what happened? What what are they what do they do?

When were they breached and and what does it mean for people? Go, somebody. Bueller. Bueller. Bueller.

Mario,

go ahead.

Yeah. So they they're an online, mostly online system where you can send, like, samples of, like, your saliva. So they can, send you your DNA and your family history, let you know how much, of a certain, nationality you are and stuff like that. It's it's a DNA online DNA testing system.

Some pretty personal information they send back to you. Right? I mean, they they basically map out exactly who you are, who all your relatives are, where you came from.

Everybody I talked to that did it, somehow, they're always like 3% Cherokee Indian.

Well, hey.

I I

am I have no comment on that. Let's gonna let's just move right along.

I don't

I don't know what went on back then. That's all I'm saying. Anyways so But they, you

know, they they do they do get a lot, you know, very deep into your into your business. So they they they they do have a good amount of information on you.

Yeah. So when they got breached, that's some pretty scary shit. Right? So the financial impact of this, you know, we're we're still determining the settlement. And this is just a settlement.

This doesn't talk about all the other, costs involved. But the settlement we're looking at that they're proposing $30,000,000. Insurance is gonna cover most of that. So they'll they'll get about 5,000,000 out of pocket. We'll come back to

what money. It's still

a lot of money and then they're not done. Right? Because it's just now now the courts are gonna say, hey, you have to pay out, but also you have to do x y z. So Mhmm. Reputational damage.

This is one that is hard to quantify, but I'll tell you right now, I have not and will not, submit my saliva to 23andme or anybody else like that. Brian, Mario,

thoughts on that? Like, for them specifically, see, here's here's the challenge. In most cases, once a business has been hit, in most cases, that's when they start taking cybersecurity seriously. So I would almost trust them today more than I would trust another company who has the same services that have not been hit because they probably are still in the in in in the denial stage. Right?

So but with that said, the only way that I would agree to send anything to a company like that is if it was somehow anonymized. Like, you know Right. Here's my saliva, but, like, I'm not giving you my name or any of my details. Here's just the code that goes with my kit and and when I could log in to the website and look at my code, but you don't know who I am. That I'd be

okay with. I like that idea. I've I've tried to get to the first part of what you said, spoken like a true IT guy. Yeah. And yes, you're right.

And and we'll talk about that because after the fact, after a breach, people usually are very keenly aware of cybersecurity risks and preventive measures, court ordered as in this case. But reputationally, emotionally, the general population doesn't understand that. And even as an IT guy, what I do know is you're right about that. However, I'm not taking that risk with anybody. Not with 23 andMe, not with anybody else.

That kind of that level of personal information is staying right here. So And

and to be honest with you, a lot of these companies, they, you know, they offer a service, but their primary goal is to collect data.

Oh, absolutely. Yeah.

You know, it's it's their database that when they go and try to sell a company or try to get, like, you know, loans and stuff like that, it's because they it's because they have a good amount of data. Like, look how many customers we have. Like, this is when you when they're just when they have a database just of a code and, you know, they'd say, okay. You're 90% Indian and 30% Canadian and whatever. Most people don't care for that.

They wanna know, you know, people. They want they you know, it's like Facebook. Facebook has, like, all this ads or whatever, but their primary goal is they're they're collecting data.

Right.

You know? Yeah. Yeah. So it is a good idea, Brian, but I don't think it'll ever happen.

Right. Because they're primary yeah. They're okay.

But what

we can always count on is, and I know you guys always read the the EULA, end user license agreements when you sign up to a website like that, where it promises, that they won't ever sell your data and, and it's short, concise, easy to understand language, so it's really easy to quickly go through those. And if you can't tell, I'm being wildly sarcastic today. I I haven't seen theirs, but I would imagine, like most of these agreements, there are pages and pages and pages that you just you scroll to the bottom, you say okay, and you effectively give them the right to sell everything that they know about you. Right? That's That

sounds like it sounds like I should submit my saliva but with your name so that way they think I'm you.

Go ahead, I guess. I don't know. I don't know. Alright. So we've probably got some reputational damage.

What about the emotional toll on employees? Could you imagine working for an organization that has been through a breach like this? You're nobody's friend at best. No. Right?

And the the stress level within the company, I mean, that's gotta be a lot. Costs. I mean, what about the emotional toll on the the customers who now know that there's very sensitive information is is out there and so, you know, bought and sold.

Yep. And while, you know, insurance companies aren't allowed or supposed to use, DNA information to, judge whether or not you should, be covered, depending on what level of information is there. I mean, if I was running a business and and my business was covering people for health benefit health benefits, I might be tempted to download that database and and and rule out everybody who has pre existing conditions,

Right? Yeah. Yeah.

It's not to say it doesn't happen just because they're not allowed to do it. It doesn't really won't.

Mhmm.

Right? Well, it's

if, you you know, it's once your information is out there, you know, it's anybody can get it.

Once it's leaked, it can't be un leaked? Yes.

Make a new podcast called Unleaked.

Yeah.

So Brian, you kind of alluded to it, but and and we're gonna tie this in with how we make it happen to somebody else. But, I mean, these poor bastards that get breached like this, a, I will defend them in that. This is we've talked about this a lot, but, like, companies who get hit with this type of criminal activity, we forget that they are the victims of crime, and we crucify them. And we sit here, we talk about, oh, they should've done this, and they should've done that, and fuck them for you know, like, it's their responsibility. But it's interesting when, like, somebody breaks into a home and robs a family blind, nobody goes after the family for not having the right security on their house.

So it's it's kinda hard for me to to go in and talk about this stuff. It's easy to just jump into that armchair quarterback seat, but we do wanna learn from it. And and interestingly, when when the court came back and said, okay, or and I again, this is still being settled, but what they what they should have done is what we talk about week after week. And and anybody wanna guess what the number one the first thing is that they're supposed to do?

Oh, the best practices?

Well, in this case, because I mean, actually, okay, let's, let's pause for a second. We have to talk about the type of attack. I forgot, I forgot to get into the technical details. What, somebody volunteer, what type of attack was this? How does it work, and what does it mean?

I'm assuming you're talking about credential stuffing. Yeah. I got it. Yeah. Okay.

So, very briefly because it's like I mean, we come up with these terms and terminology and and stuff like that all the time, and it drives me bonkers because most people have no idea what they mean. So to really narrow it down, I want you to imagine, you know, a website gets breached, and and and they they collect the usernames and passwords from all of the the people who use that website. Well, the the bad part about that is is a lot of people reuse their passwords in a lot of different places. So essentially what credential stuffing is is, hey. I got this login and password that I found in the breach.

Let me try that login and password on as many different websites as I possibly can and maybe I'll get lucky and some poor SAP use the same password in 2 different places. And that's essentially what, our understanding of what happened in this case. You know, somebody was reusing their passwords and happened to be somebody who had, you know, some sort of access that allowed the breach to occur. Did I get that?

Yep. Yep. Just a

bit? Alright.

Hold on. So

the the number one method for preventing a credential stuffing attack, do you know what it is? Well,

don't you reuse your passwords.

Okay. So that's on the end user side. Correct. 100% correct. If I have a website, what do I need to enable?

So that's that's kinda what I'm getting at there. There's 2 factor authentication that will

kill that.

How often do we how often do we talk about 2FA on here? Or or how often do we talk about it with our clients? How often yeah. What what is

that again?

I've never heard of it. Yeah. And then you've got security questions. I hate those by the way. I hate those with passion.

And Yeah. Because all

of your ideas

I I will admit, I never freaking I always put the same thing for the security questions because, like, I'd never remember what I've used.

Mario, don't even answer the security questions correctly. Don't use real information. Right? Like, you know, what where were you born? Well, I'm not gonna tell you where I'm born.

I'm gonna just put, like, put something else in there because if somebody ever goes, hey, Brian, where were you born? I'm like, oh, yeah. I was born in Welland. Like, boom. They got my my security question.

Right? Like, I'm not gonna I'm not gonna even realize they're asking me security questions if it's just somebody that's, like, off the side. Like, you know, you probably seen those things on Facebook once in a while. It's like, you know, your your, your your your mugger name is the the street you lived on and and your dog's name and and and, you know, and then, you know, obviously, you give that information away for free, but what they're doing is actually trying to find out what your security questions are. Right?

Yeah. Yeah. I always use, like, a combination of something that I'm gonna remember, but not the actual word because I don't remember what city I was born and who's my 1st grades, like, 1st grade gym teacher. Like, what?

Yeah.

And then you see that question, like, 3 years later. Like, I still don't know what the hell

I put in there.

Well, that was gonna be my point. What frustrates me more about those questions is that they're almost never asked later. They ask you when you're signing up, and then you never see them again. When you reset your password, they send you a password reset link, you know. It's just I don't understand the point of those at all.

But it was in this,

it was

in my research, so I put it on here. CAPTCHA is another one. If we're gonna talk about pissing me off fast, throw a CAPTCHA onto a website that I'm trying to sign up

for. Oh my god. Yeah. Find the motorcycle.

Not by Yeah.

Clicking on the motorcycle. I've clicked do I and then that you always have that little piece of the bicycle that's sticking out to another. Do I

select it? Don't I select it?

Oh, God. I hate those. I hate those. So, yeah, from a from an end user standpoint, don't reuse passwords. You know, we say that all the time and the solution to that is a password manager.

Right.

And and we could talk probably for hours on the pros and cons of all this stuff. Nothing is a perfect solution, but that is better than trying to either reuse or remember all of these passwords. So

Yeah. We believe in password managers so much. We, in in most of our service offerings now, we just included as part of the bundle. So they just get it as part of our security services in most cases.

Right. Yep.

Alright. So port 23andme, how do we make it happen to somebody else? According to the court, what they should have done is let me let me instead of trying to remember it, I'm gonna see if I can under the oh, I I gotta bring this up first. They they had to develop a brand new type of dark web monitoring for this breach. Did you guys know that?

Mm-mm. Okay. Don't let me go past this segment without diving back into that. Among other claims, the company failed to properly protect personal information in accordance with its responsibilities, had inadequate data security protocols and very, some other stuff. They were required to implement a long list of security improvements that would not be paid from from the settlement, and it include enhanced password protection, mandating multifactor authentication, conducting annual cybersecurity scans and audits, creating a comprehensive data security program, and data retention policies.

Do we ever talk about that when we're talking about our standards and basics? And so when I say 97% of these breaches could have been prevented with basic security measures, I mean, this is what we're talking about, right? This is, this is a major thing. It's it's not the dollar amount of some of the bigger breaches we've discussed, but the impact for individuals is huge on this one. And and we're

just This is when you're signing up. They want this stuff in there for the end user. But what but No.

These are court ordered protections that are security measures that 23 andMe has to put in place on their side.

For employees? Mhmm. Okay. Oh, wow. So they're employees and have any of this stuff?

I'm listen. I'm I'm reading a document that is somebody else's take on something else. So, I'm I'm not I'm not claiming any expert or insight information here. But as we break these things down week after week, what it comes down if if the court is ordering these things and these things are basic things, all I'm saying is it confirms what we talk about. Just put the goddamn basic measures in place, quit fighting it, do it, spend a few bucks, and prevent most of these breaches.

Right? That's that's kinda was was my takeaway from this. Now back to dark web, this this specific type of dark web monitoring service that the courts order or that they put into place for this. Mario, I think you had the assignment of layman's terms description of the dark web. So let's talk about that first, and then we're gonna talk about how it ties into 23andme.

So the dark web is like the underground, like black market, you know, like site like like parallel Internet. Okay. I'm trying to go very layman terms on this, where it's literally just another Internet where you can find, you know, you can essentially search for different credentials, sign up for different websites that you could only access through the webs through the dark web.

So let's real quick. Let me pause you. Do you how do we access if I'm a bad guy and I want to get some of these things, I wanna buy your credentials, Mario. How would I log in to the dark web? Do I just type in dark web.com or, like, what do I do?

No. So you you you have to, like it's it's almost like a VPN connection where you're downloading a certain program, and then it gives you access to to the portal. Like, you know, the gates just open and you get to walk in and stuff like that. You you know, but it it it to get onto the dark web, you can get through the you know, find ways to do it from the normal web. You know?

You have to do a little digging. I don't think you're gonna find it on YouTube, but you you'll be able to get in there. And then once you get in there, you know, it it it's almost like on on, like, the regular Internet. You can search for some. You can buy, like, guns on there.

You can, you know, you can go and purchase, leaked credentials for somebody and say, okay. I want and they they'll, you know, they'll sell them in like bundles and say, okay, well, you, you know, for whatever the going rate is for Social Security numbers will send, we'll give you a pack of like, you know, an Excel sheet of Social Security numbers, maybe like 100 of them on there for, like, $99. You know? I don't think they collect taxes. I I don't, you know, I don't think so.

They're not filing reports with the, 8

but you can, you know, you can buy guns. I mean, there's, you know, human trafficking website. I was

gonna say you're going easy because you can buy guns at Walmart, but, yeah, you could buy children on the dark web. Like, this is disgusting. This is this is, like, horrible, horrible, the the stuff you can get on the dark web. Yeah. Drugs and stuff like that.

Yeah. This

is literally you know, the stuff that's filtered through our normal Internet is where you go to the dark web to get. You know, like because

there's all of them. It's unregulated.

Stuff is on there. Yeah.

Completely unregulated. Do you guys remember, did did anybody use the what they call them? Tor services or, you know, I guess they're kinda still a thing and then actually it is. That's that's kinda how we get in the dark web now. But do you guys remember services like, Kazaa, k a z a a?

I don't even remember how to pronounce it.

Kazaa, Napster. Do you remember those?

Yeah. Yeah. It started off as ways to download illegal music.

Yeah.

And there was a period of time when those became pretty popular. And and essentially, these are kind of the forerunners to the dark web. And I would get this is just kind of a side note, but I would get, and and god, I gotta put a date on this, probably early, early 2000s, like 2,000, maybe even 99, 98 or, you know, back back in those years. I would have customers bring computers in back when I had a retail shop. They'd bring in their computer and it's just toast.

I mean, it it's you can't boot it. You can't, it it's just hoes. And it was because they would download Kazaa and and stuff like that. And, so I had to teach them like, don't do that. Don't don't don't go here.

Don't get on these services, and whatever they're doing. I don't know if it was the application itself or whatever they did once they got on there that they were downloading. But I I mean, I inadvertently saw some horrible, horrible things when I was working on on that and setting up filters for school districts and stuff like that. I'm I'm not even talking about what I saw, but it it scarred me enough that I still remember the images, you know, almost 30 years later. So just, not a good place to hang out the dark web.

So now we've got with the that is the the environment where the likes of the, you know, the data from 23 andMe lives and is being bought and sold. And so one of the things the court ordered, I'm saying that, and I don't remember if the court ordered it or if they did it of their own free will, but they actually developed a specific type of dark web scan because, I mean, we're all familiar with it. Right? We we have that service for our clients, but we're mostly just looking for username password combinations. So this service is specifically looking for genetic and biological information for sale.

And then if they find it, they will alert the user, and then they have a help desk that, you know, you call in and and they give you advice for remediation. Now I don't know what that looks like because it's not like you can call up the dark web support desk and say, hey, I found my stuff online and I'd like you to please take it down and not sell that anymore. Once it's there, it's there. You know, username and passwords is pretty easy. If it's there, just don't use it anymore.

Change your password. Right?

Mhmm. So

okay. So, weekly cybersecurity tip, we we broke down a breach. We tied it into the title of the episode. What is the dark web? It's a very bad place.

Our tip of the week, get some good dark web scanning services. Right? Yep. And I think we all here offer that. They're they're actually really easy to to come by and super inexpensive and sometimes even free.

So, I feel like we've sufficiently beat that horse up. Do you guys have any final words on dark web or 23 andMe before we move on?

Yes, sir. One thing, as far as the dark web, once your information is there, you can't take it off. You know? It's like

Right.

You once you're hacked, you can't get on hacked. Once your information is on the dark web, you can't take it off, you know? So if we provide you like a dark web report, you know, number 1 question is, well, how do I get clear this out?

You know, you don't. You change the math. All you

have to do is you have to go whatever information is on there has to be now changed. Yeah. You know? So that's, you know, that's the only thing I wanted to add.

One thing that came up in in, you know, as as I was researching this that I thought was interesting is, well, we evangelize the idea of not reusing passwords. Almost always the username is reused because it's an email address, and that is potentially problematic as well. So where possible, if you can use a different username, definitely do that. Some services will give you the option to create a username that isn't an email. I mean, a lot of them require it.

It's gotta be an email address, which makes for easy password resets and stuff like that. But it also facilitates these, credential stuffing attacks like we're talking about here. So Yep. Alright, guys. That for me at least is enough talk about the the evils and the debauchery of the dark web.

Let's talk about something a little bit more positive, our our weekly business tip. Who here by show of hands is familiar with Dan Sullivan?

I am now. No. I've I've heard of him before. Yeah.

Okay. So, Dan Sullivan is a a long time entrepreneurial, coach. He coaches other business owners, other entrepreneurs, and has been in that world in some way, shape, or form for about 50 years. He's he's no spring chicken. I don't know how old he is.

But as I kind of observe his activities right now, it's like he's got a if I had to guess, he's on some sort of a mission to take all the information he's learned over the years and and put it in writing and preserve it. Of course, he's still trying to promote his organization and and other, interests as well. But one of the books that kinda caught my attention is called Who, Not How. And and I found a a short description of what this is about. I'm gonna read that.

To really succeed and reach a higher level of performance, you have to shift from a how mentality to a who mentality. By focusing on who you work with rather than trying to do everything yourself, you'll find your levels of achievement will arise at the same time as you get dramatically more freedom. So this this kind of it intrigues me because, you know, I've been through a lot of changes with my business, a lot of changes in my personal life, and I live in a world of chaos and overwhelm. And one of the things that, you know, as I'm in a position where I'm, doing a fair amount of marketing right now, I also realize that I can't do it all myself. And so I kind of get stuck in this place where I wanna do it myself because I wanna make sure it's done right.

I wanna make sure I understand what's being done, before I hand it off or attempt to hand it off to somebody else. And so one of our marketing methods that we're using right now is, you know, what we call canvassing. So we just make these cute little gift baskets or whatever that we take to local businesses and, try to use that in exchange for an opportunity to talk to them. And I put some of these together myself. I delivered them myself.

I took notes of them myself, and and I got some good information. However, how likely is it that I will be able to scale my business this way? Anybody? That's not gonna go very far. Right?

So, you know, my next step to this is, you know, I I wanna create an army of these people to go out and do this canvassing for me. And then to do that, I'm really gonna need somebody in the middle to to hire and manage and maintain that process. So, that's that's kinda where this took me, but I was curious your thoughts on this concept at large. And then also if either of you have any experience where you've kind of been the bottleneck and then were able to take that and pivot and put somebody else who was better at the job than yourself and see, really good results with that. Brian, I see you kinda shaking your head.

Do you have something there?

Yeah. So a couple of things. 1, I personally lived through, I don't know how many iterations of that. So, you know, used to be the one who does it all, the technical work, the sales, the marketing, the the accounting, the the the managing of the staff. And as time went on, you know, hire somebody to be the manager, hire somebody to do the accounting, hire somebody to do, some of the the the marketing things.

And in each and every single case where I removed myself from the doing, it exponentially grew the business each and every time. Couple that with the fact that the 2 of you know, but maybe the audience doesn't. I coach other managed service providers throughout North America on sales and marketing. And in the cases where somebody bites the bullet and hires somebody to help them with marketing to do the tasks that they either don't have the time to do or don't have the the the energy or the brainpower to do. And each and every single one of those situations, those businesses have grown exponentially.

And in every single one of the situation where the owner insists on continuing to doing it themselves and don't hire staff to help them, they have consistently stayed small and not grown. And so I hope that is what you were looking for.

Yeah.

Absolutely. It is it is a like, it's not one time, not twice, like, it's consistent throughout everything I've I've seen throughout my career.

And, Mario, I'm gonna punt this over to you. Same question, and I'm gonna add to it. And then, Brian, you can feel free to chime in as well. But, not only have you seen this or done this in your own life, in your own business, but have you seen the opposite either personally or you know, I I definitely see clients or I see other people that I know kinda like what you're saying, Brian, who try to do everything themselves. And, like, the business is just a mess because everybody's gotta come to them and they will not let go of control.

You know, I've I've got a specific individual in mind who I've watched struggle for a long time and just, like, let go. Let let somebody else do some of this for you. Mhmm. Mario, your thoughts?

Yeah. I mean, so you you know, you guys kinda know my story. You know, when I first started my company 20 years ago, you know, 1st 15 years, I was just me. You know, I was the one doing the support. I was the one doing sales meetings.

I was the one doing the accountant. You know? And I did it for 15 years and growing very, you know, slowly. And the second I decided to, that I wanted to grow and bring in another technician to handle support, bring in a salesperson to handle, like, sales and stuff like that, you know, we our my company grew from, you know, one just me for 15 years. And then 5 years later, you know, we're at, like, 12 employees.

And, obviously, the, you know, the revenue to go with it. You know? So, like, it it really I do know firsthand how it is to finally let go of that responsibility of doing it myself because I didn't wanna sit there and pay somebody, you know, whatever it was or didn't trust that somebody was gonna do the same job as as me. And you know what? In the beginning, it it won't happen.

It won't be the same as you doing it because you've been doing it, you know, your way so many for so long. But there's so many things that, you know, I've handed off to somebody that you know what? They didn't do the same way I did. They do better. Exactly.

Yes. You

know? And when you're doing it yourself, even if you're just fixing a computer yourself, sometimes you need that extra set of eyes to see it from a different way to realize what's wrong and that, you know, there's better ways to do it. You know? So, you know, there there's still little things that I still do, you know, I you know, the company, but I don't do support. You know, I do a little bit of sales because I enjoy it, but there's a lot of things that I've handed over to somebody else.

And besides that, it's fine. You know, it's getting done and it's I can dedicate my time to more and more things, but I can now spend more time doing things that are not work related, you know, taking a day or 2 off and enjoying it.

Yeah. This this book talks about that as well. The both getting some freedom, you know, getting Yeah. The ability to take some time off. But also, you know, you were all familiar, I'm sure, with the saying, if you want something done done right, you have to do it yourself.

And what a little horseshit that is. And I guess it's true if you want it done exactly the way you would do it. But if you can let go and get the right person to do it for you, not only will it get done, it will get done differently, but probably better.

Right.

So yeah.

I mean, the the the there's sometimes that that the person that you thought was the right person to do it isn't the right person.

Absolutely.

Yep. But, you know, generally, the right person Yeah. Yeah.

The biggest challenge in most cases is that people aren't articulating exactly what their expectations are, and it's not clear what the result they're looking for are. And so the person who's doing the work has to assume or has to guess as to the intentions. So if you can be very clear and very detailed about what you want, exactly what you want, and how you not necessarily how you want it done, but what the end result should look like, then you'll have a much better result. And you have to inspect what you expect. So you can't just delegate and disappear.

You have to delegate and supervise or delegate and check up every so often.

Yeah. I I think it's pretty safe to say that if you have a significant problem in your business or a challenge that you're not able to resolve, probably it's a people problem. Probably you need either somebody who's more equipped or you have somebody dragging you down, but you definitely have to get those right. I who was it? Jim Collins, I guess, from good to great.

You have to get the right people on the bus and in the right seats. And I'm I know I'm slaughtering that. That's not how he

worded it.

But but, I think that's kind of the key issue at least. This is kind of where I'm at in in my life and my business right now is getting

And and sometimes sometimes that that job or like the the canvassing or whatever, sometimes it's a full time job. And, you know, if you pay somebody full time, 8 hours a day, you know, 5 days a week or whatever, you know, where you if you were doing yourself, you could only dedicate a fraction of that time. It's not gonna get done right. Or

Right.

You know, you can get more result better results by doing you know, having somebody doing, you know, for 40 hours a week.

Yeah. Absolutely. Alright, guys. That's kinda what I've got for the week. We are gonna start wrapping things up.

You know, our our formula is always this is I love to end this way because a lot of what we talk about I mean, we've we've been on it for 40 minutes today, and we're just talking about one thing. But it it can feel complicated. It can feel overwhelming. I I mean, I will put some fine print on it. This is not a DIY task as we've said before.

But as business owners, we have to understand it well enough to hold people accountable. To hire the right people, as we just talked about, we have to have the right people in place. And, you know, we we have to know, like, how do you know if you're not a an IT guy, if you're not a cybersecurity expert, how do you go out and hire 1 and interview them and and know what so I really think that, you know, a lot of the value we bring to business owners in this podcast is giving them arming them with that information so at least they can go out and and interview and hire and get the right people doing this job for them. So the formula that we're looking for using best practices, and these are published. I'm not just saying, you know, make it up.

Protect your technology, protect your data, and protect your people. You've got those 3 buckets you really need to focus on and make sure that those three things are taken care of. That gets us to the 97% level. That gets us to not making headline news, not settling $30,000,000 lawsuits, not pissing off our employees and our clients. It it just takes the target off it doesn't take the target off our back, but it

it puts a shield up. Right?

And then, if somebody is determined enough, they will breach anything. And so we have to wrap that up, close that gap with a good insurance policy, and then make sure we're following, proper policies and procedures within the company. So that's the formula. We're going to

have 2, bold guys and somebody that's soon to shave talking about you on their weekly podcast.

Soon to shave. What are you talking about? Oh, Brian. I know.

I'm not shaving.

No. I thought he was saying I had to shave my beard. I'm like, the fuck I am. And you nobody wants to see that. Okay.

Alright, guys. Man, I feel like I've been running my mouth a lot this time. So I'm gonna I'm gonna go to you, Brian, then you, Mario. Say your final thoughts, your last words, and then we're gonna close this thing out. Brian, go ahead.

Okay. So, yeah, dark web sounds sounds like a a a an issue that, are at least my prospects, will probably never dive into themselves. And so I highly encourage everybody to, connect with whoever's handling your IT. If you don't have anybody now or you don't trust them to do it, give us a call. We can give you a second opinion on any of that.

And, as I always say, treat cybersecurity and IT in general and everything you do in your business as a journey and try to get 1% better every single day, and you will be leaps and bounds ahead

of everybody around you. Perfect. I love that. Love it, Brian. Mario, what do you got for us?

So, you know, like we said earlier, you know, knowing what's on the dark web is half the battle, you know, you can't change it. You can't take any of that stuff off. But the best thing to do is know what's out there and to change what's out there instead of trying to remove it. And I know, myself, and I'm sure Brian and and Justin will also, offer it. You know, in in addition to the network security assessments that we will do, we will also offer a free dark web scan for you guys.

So that way, you have a knowledge and education of what is out there, what information, besides Social Security. We we can't we can't do anything about that, but, you know, we you you need to know what information is out there, what's on the dark web that of of your of of your information is out there, and and take action about

it. Yeah. Knowledge really is power here because even if you can't get it removed, even if it's out there and and it you know, that is some level of permanent damage, but being aware of it does allow you to put some, additional layers of, you know, protection around yourself. So good point, Mario. Guys, as always, go to unhacked dot live, and you can book a consult with any of the 3 of us.

These consults are free. We're gonna find out if we're a good fit for you, if we can help you in any way, shape, or form. Worst case scenario, you come away with a, you know, a free assessment and a roadmap of how to how to fill these gaps. So take us up on that offer and be sure to follow us for the next 4 episodes as we get detailed down and dirty on what these standards are that we're always talking about, and how to implement them. That's it, guys.

Brian, Mario, thanks for being here, and take care, everybody.

We'll talk to you guys.

See you next week. Dark web. Dark

web.