UnHacked

Welcome everybody to episode 39 of unhacked. And, yes, Mario, your hair is, is just fine. Pristine, actually.

It's perfect to the group. Right? Minus Brian?

Minus Brian. We're gonna have to kick him out soon enough. But, I'm I'm feeling bad because mine's I know I gotta polish mine. I'm a little bit scruffy. Anyways, alright, guys.

Let's get started here. Quick introductions. I'm Justin Shelley, CEO of Phoenix IT Advisors, and I am here with my regular cohost, Brian and Mario, and then our, you know, show up whenever the hell we want, Barinder. Guys, take

a second. Tell everybody who

you are, what you do, and who you do it for, and, well, let's go in this order. Brian, Mario, Barinder. Brian, take it away.

Alright, everybody. My name is Bryan Lashko with b four Networks. We help business owners in the Niagara Region, Ontario, Canada to solve all the frustrations and headaches that come with dealing with technology.

Alright. Mario Zaki, CEO of Mastech IT, located in, North Jersey, servicing the entire tri state areas for anybody that has computers.

Nice. Beautiful, beautiful, Brinder.

Yeah. Brinder Hans with Red Rhino Networks. We're based out of, Vancouver, BC. And, similar to these guys, we're a managed IT services provider, and, we take care of IT, so so our clients can focus on their business.

Alright. Guys, we all met, you know, we go back, what, every three months or so, four months, every three months. You know, we all got together in this peer group of IT consultants, and we frequently sit around and we shoot the shit and we're, half the time we are, you know, sipping a beer or something. But one of the things at at this most recent convention that was talked about and Mario, I'm actually gonna punt this to you because you brought it up. Go ahead and take this.

What was it that you guys were talking about?

So one of the questions that was asked to, you know, about 300 IT companies in the room was when a business owner, like a prospect, is looking for a new IT company, what is typically the most important things that they choose when selecting an IT company? And everybody in the room voted that they feel the, you know, their respond the the response time of the IT company was the most important thing. The fees, like how much they charge, and the expertise in the industry. Those were the top three in that order that the majority of the thought that these when a prospect is choosing an IT company, this is the three things that they're That's

what they're asking us. Right? They're coming to us saying how fast are you responding, what do you charge, and how good are you?

Yeah. And and when when they asked the same people, well, what are when what do you think they should be asking? What are the top three things that you should be asking? And, overwhelmingly, the the most popular answer was the security. You know?

Number two was the, you know, the response time. Number three, if they were like, you know, how close they are to the to the to the building. But security for for for the for when, you know, asking the prospect or what we you know, based on conversations we've had, it ranked number five in that list where IT people felt like it should have been number one.

Should be number one. And they're coming in with, maybe maybe that's important.

What else what else? And and, Mario, okay. So that's your memory of it. Brian, Brendon, do you

guys have any thoughts on what is it that our prospects are asking when they come to us, and what should they be asking?

Yeah. So I was in the room when and I'm thinking about that question. And one half of me is thinking like a a a technology person and thinking about cybersecurity. That's the primary important, item we think they should be focused on because we understand the risk to their business. But I'm also of the, belief that our client's always right.

If they're focused on growing their business, they have other priorities, which is what we have to think of when we try to get in their minds, in their shoes. They do wanna, address the cost. They do wanna address how fast it is because those are important to their business. And this is the unfortunate part of cybersecurity in my world. Like, a business doesn't gain anything by investing in cybersecurity.

They just prevent themselves from losing something at best. And that is important, but risk is a hard thing to quantify. If you're a very big multibillion dollar business, you have risk analysts to get you a number of what your risk is, and you can make good decisions about it. But your typical hundred person, 15 person, whatever company doesn't have expensive risk analysts working for you. It's not a line item that shows up on your p and l.

And so those are some of the thoughts that were running through my mind as I'm listening to this conversation.

Okay. Brian, what are your thoughts?

So when I was in the room, one of the things that first popped into my head was that, a lot of IT providers don't really have the maturity level that they should. So I would be looking at the maturity level of of the IT provider. And what I mean by that is it might be hard to quantify for most people, but do they have systems? Do they have processes? Look at how they do their marketing and how they do their sales process.

Are they following something that's logically step by step, or are they just kinda winging it and and and, going about it like as if it was the first time they've done it? I have, you know, coached a lot of other IT providers, and a lot of them don't have any systems, any processes. They they don't really know how to, you know, organize their business on a day to day basis. So I would even say, hey. If I were evaluating an IT company, show me show me your playbook.

Show me what you have as far as processes and procedures. Do you have SOPs? Do you have any kind of standardized way to set up a computer and set up your your you know, if there is a cybersecurity incident, show me what you would do. Right? And that would be what I would be looking for because even though fast response is important to me as a business Improving and incrementally improving over time.

And that only comes from somebody who is actively working towards building systems and processes in their business.

Yeah. But will the average prospect or average business owner know to ask those? You know? I mean, yes. You could educate them when you're sitting in there and say, you know, by the way, you should be looking at that.

But the problem is, I think, when they do look at it, I don't know they're gonna know what what it really should be. You know? Like, they don't know what they don't know. You know? Like yeah.

You know? Obviously, you know, comparing a company that has, like, fifteen, twenty technicians have been in has been in business for forty years. They're gonna have process, you know, and and, you know, some structure versus, like, a company that's three years old that has two people and something like that. But, you know, a lot of times, those two people very rarely are in the the the same room or the same running

Right.

For for a type of company. So I I I I I agree with you 200%, but I don't know if the average prospect will know

that. And that, Daniel, is exactly why they should be listening to UnHacked. Yeah. Because we are here to teach them, to educate them, so it to the so they know. I mean, you know, because honestly, they don't, like listen.

If I'm choosing a doctor, for example, I have no idea. I don't even know what I'm looking for. But I know I want the best. I know I don't, you know, my my girl just had to go into she had a torn retina. And, like, a doctor's gotta take a fucking laser and shoot it into her eyeball.

I don't know how to pick that guy. I just hope he knows what he's doing. I I picked this guy. Well, actually, it was a referral, but I I know he's flying us, a citation jet around. His office was busy.

He was full, and and I didn't see a lot of people complaining that they came out blind. But, like, it it is kind of a scary thing as a prospect when they're picking an IT provider that is handling some of the most important assets that they can quantify. We can't you know, some of these, I don't remember which of you mentioned. They can't quantify risk. But we we it is incumbent upon us to teach them and to educate them and help them make these decisions.

Right? That is one of the main things that we do here. Secondarily, maybe it's even on par. But I I say this all the time. I am here to learn.

Right? I'm here to educate. I wanna teach my prospects, but I'm also here to learn. And if you guys remember back to episode 27, we had Joseph Brunsman on the show, and the title was something about making your making sure the insurance company pays out in the event of a breach. That's what's on my mind.

And if somebody had asked, you know, if I'd been there, I I wasn't there this time when this poll or this question was asked. But I would have been talking about, like, our number one concern should be keeping the the Russians out of our bank accounts. Right? That's what we talk about. I've got even got my little, Boris Grashchenko guy that I talk about.

That's who we're fighting. Well, I think I was a little bit blinds blinded by this. Nowhere on the list that you guys have brought up and nowhere on my mindset prior to episode 27 was I talking about the fact that our biggest fear should be that we don't get sued after a breach. Like, it's bad enough. We get we get breached.

They take all our money, and whatever crumbs are left, the attorneys come up behind us and suck that up. Right? It's just like it it's crazy. I was at, I was at an event this morning, and somebody asked me, what do you do? I'm like, well, people call me because stuff breaks, and they want me to fix it.

Right? Response times, everything that we just talked about. And then I said, but behind the scenes, what I really do, what I'm passionate about, what I lose sleep over is making sure that nobody breaks into your bank account and steals your money. And that if that happens, god forbid, the attorneys don't come up and take everything else that's left. So Yeah.

And and this point was even made further when we are all you know, we all jump on this and we're getting ready to record. And, Barinter, what did you say about these lawsuits that happened post breach?

So, yeah. Like, I mean, are we talking about, the the life lives incident where, we're Well, when

I said, hey. We're gonna talk about, these breaches and Oh, yeah. Follow-up lawsuits, and you're like, doesn't apply.

We're Canadian. Yeah. Yeah. We're Canadian. We don't we're not as litigious as as as a US, but I mean, it does happen here.

It's not obviously, not the same level as a US, but it is absolutely a concern, and it is rising. That's that's the other thing.

That's the point.

Is people need to recover costs, whether it's your insurance provider, the the individuals that are affected and protected by the privacy legislation in Canada. There are lawsuits. They're rising. And, and there's actually new legislation on the books that the government is trying to work through. We're just further behind than the EU and The US.

Right. But we will get there. I mean, our legislation on the books is old.

In in our industry, we are not talking about this. And so, you know, one of the things that I I love the podcast. I love everything I learned. But week after week, I I do kind of think we talk about the same stuff over and over a lot of times, because it is it's a it's just a routine. It's it's our lives.

Right? But this is one example where we can actually get ahead of something that is a trend. It's getting worse, and it's not being talked about. And that is why I wanted to, kinda introduce this today. Not introduced because we've talked about it.

We have an episode where there was a $400,000,000 lawsuit on the the heels of a breach. It's not that we haven't talked about it, but the trend is, it's getting worse. So let's go ahead. Guys, let's let's jump into this idea of, you know, the this rising risk. What do we do to get ahead of it?

How do we prepare for it? How do we make sure it doesn't happen to us and to our clients? And, Brenda, I'm gonna punt it back to you because you were the you you went out. You found a case study in record time, that does happen or did happen in Canada. And then, Brian, I think you had one too.

So why don't you guys, talk about that? And then, Mario, you better be studying fast because I'm I'm coming for you next. Brenda, go ahead.

Yeah. Well, the one that affected me personally was LifeLabs had a breach. LifeLabs does, your blood test, your analysis, and such, and this happened just before COVID. Right? And they have this data breach where they lost our blood test records.

They do all your diagnostics, and and I got an email afterwards. Yes. You were on the list of, you know, people whose data was breached. But ultimately, Canada is, unlike The US, our fines are very small. And the fines that, Lifelab, I believe, had to pay was something like $1,300,000.

And that's, a paltry sum of money. And, ultimately, when COVID hit, they got all the contracts to do all the COVID testing, everything, so they made lots of money. But $1,300,000 is nothing to these organizations. It is not a deterrent for them to invest in cybersecurity. So as business owners, because this one helped, impacted me as an individual, and that organization is getting sued.

But as business owners, we need to protect ourselves with cybersecurity insurance because we won't have the same resources that those connections that those companies do, if we get sued. And Right. That's not the that's not that's a small one, but in Desjardins case, they had a $200,000,000 class action lawsuit after an insider, caused a massive loss of private data. And so, you know, there are some big numbers as well.

Okay. Brian, what are your thoughts on this?

Well, it's it's becoming more and more apparent that the legal side is is pushing like, insurance and legal side are pushing the agenda with regard to cybersecurity, like meeting with a prospect, and talking to them about cybersecurity. They a lot of and a lot of times, they're not all that interested. I mean, they want to have security and they want to be secure, but it's not their primary objective. Right? That that's the primary objective of insurance and legal, and that's why the agenda is being pushed because if you want to have cyber insurance, they will say you have to have these things in place to us saying, hey.

We need a b c because my insurance company told me I had to. Not because I want it, but because I'm being told I have to. With that said, a lot more lawsuits are happening in Canada, and, and I know it's it's common practice in The United States. But in Canada, they're starting to become more and more prevalent and, the payouts while Brenda, you laugh at 1,200,000.0 is is nothing to, you know, LifeLabs. It's a huge amount to any small company.

Again, that that's that's Yes. Crippling to an organization. Like, if if I was sued and and it cost me 1,200,000.0, that's more than our insurance by a couple hundred thousand. Right? Because, like, we have maybe I actually think we have $2,000,000 liability now for cyber insurance.

But anyway, I digress. These these amounts are still they're still large for a business. If you don't have insurance, you're kind of you're kind of screwed. And so, having just the basic protections in place is important. And one of the key cast we had with, one of the the members that I can't remember who it was.

But it's basically if you are told by anybody that you have to have these five or six things in place and you dismiss the whole thing out of hand, that email is the cha ching email to lawyers. Right? They're they're looking at that going you knew and you didn't do anything about it. But if you knew and even just started a journey and say, okay. Let's do the first one and then we'll work on the second one and then we'll work on a third one.

And as budgets allow, we'll we'll we'll keep working on different things to implement. Now they're looking at it going, well, they knew they had a problem, but they were working towards resolving the issues. And that will go a long way to reducing any kind of major payouts with any kind of legal

yeah. Joseph Bruntman. That's that's the episode that I mentioned before, and that is the one who kind of Yeah. Put it on my radar. Like I said, we've talked about it a little bit, but that was kind of

a you know, it it went from just

it it's out here somewhere to, like, big old fucking spotlight. Justin, you better pay attention to this right now because, man, I I came away from that episode with a new Exactly. Outlook on this stuff. Mario, what are your thoughts on this?

I I completely agree. It it's just like, Joseph, Brunsman said in our episode 27. It if you're showing that you're putting in the effort, you're you're you're doing the security, you know, like, fortunately, shit happens sometimes. You know? But the problem is and I don't know how it is, with our future fifty first state, you know, right now.

But in The United States, we they and it's been like this for a while. They they have the mentality, you know what? I'm gonna sue this month, you know, sons of bitches. You know? Like, they have the mentality.

They wanna sue right away. And, you know, sometimes, you know, obviously, anybody can create a case. You know? Could they win? Could they lose?

If they show that they, you know, they took all the proper precautions, this is the security we had in place, we did this, we did this, we did this, and should happen, you then you know, the case is is not there's no negligence, you know, in there. You know? And and that's the problem is a lot of these companies will have, like, negligence or somebody, like, I believe, Justin, you mentioned, I think, in one of the cities in, I think, Texas, you know, there was somebody there saying, listen. We need to do this. We need to do this.

We need to do this, and they told them f off. You know? And then that fire where there's a Yeah. Like Yeah.

Thanks for bringing that to our attention. Shut up. And he didn't shut up. I'm like, alright, you're out. Fire them.

Yeah. You know, not a not a great great strategy, especially if the attorneys are sniffing around.

And real quick, I wanna I wanna talk about

the money because, Brian and Brenda, you you guys are absolutely right. The good old United States Of America is very sue happy. And, we don't we don't play around when we do this. We we go for the throat. In fact, I had to do quite a bit of research to find numbers that were even, like, meaningful to our audience because we're we're talking in the hundreds of millions.

The the lawsuit settlements, the cost of the breach, and, you know, and this Equifax. So they're a huge company, and I get it. And these numbers don't really but but I I wanna make the case. After all was said and done, the court mandated security improvements in addition to everything else. Just the improvements they had to make after the fact was a billion dollars with a b.

So it's like, guys, you can you can do security on your own. You can put the plan of action in place. You can have your milestones. You can cover your ass, or you can have the court system do it for you. And, you might not find that to your advantage.

Thoughts?

Well, so so many businesses shut down after I made a major data breach. They just don't they just don't recover. Either they don't get the assets back because they lost the data. It was encrypted, and it was broken. They just or the hackers never released it.

So and that's without even a lawsuit. And then the lawsuits become so crippling. I mean, so many business owners will just say, hey. I'm done. I don't I don't want any part of this.

You know? Had a good run. We're out.

Yeah. Yeah. And the problem is when the the court mandates it, they're gonna mandate it, like, hard. You know?

Like Yes.

A lot like, $1,000,000,000 most likely, you know, there's a lot of overkill there. I I don't know any of the details, but I'm gonna assume there's a lot of overkill. So the problem is now not only are they forcing you to put this stuff in there, but they're forcing you to put stuff in there that you may have never needed to put in there. You know? And at a lower scale, small you know, the smaller businesses, it's still that's still gonna happen.

You know? If a if a CPA's office, you you know, gets breached and, you know, say he's got 200 customers' data that was leaked, They're not gonna mandate them to put a billion dollar worth of security in there, but they're gonna mandate them to do a lot, you know, and a lot of the stuff that maybe haven't may not have been needed on top of the credit monitoring and all that stuff.

No. That's a good point. You you may get the option to make decisions on your own, if you do it in the right time frame, if you do it before you get hit. But Yeah. Yeah.

Once post breach, you you really those options are removed from you, assuming that you survive the the attack. Right? Assuming that the business even survives. Mhmm. You know, because all these costs, what we also don't talk about a lot is the reputational damage.

We're gonna have a guest on here I'm pretty excited for. He's a an attorney or he is a partner in a law firm that does high profile divorce cases.

And I mean, like, professional athletes and Mhmm.

Hollywood, you know, that kind of stuff.

Yeah.

And his there's a competing firm in his area that was breached. So imagine going out and trying to convince, you know, a a movie star or the quarterback of your favorite football team, hey. Let me handle your divorce case. Oh, I mean, don't worry about the fact that we got breached. We fixed it.

You know, it's like the court made us do it, but we did do it, so we're good. You know, like this reputational damage is is also something that isn't you you can't always overcome. Yeah. Yeah.

Yeah. Yeah. Especially in a situation like that where trust is what you're selling. A lot of people Right. Professional services, trust is king.

And isn't that what we're all selling, though? I mean, really, what what's that common phrase that people do business with? The ones that they know, like, and trust. Right? Yeah.

I think I got that right. But trust is the keyword. If if you can't trust the person you're writing a check to, I mean, why are you not writing that check?

Yeah. And one more thing too. It's not only the the that, but the the trust with your clients, or your vendors, people you're working with. You know, a lot of times you'll see you'll just get a random email, you know, from, like, a vendor or something, and it look they're like, oh, click on the SharePoint link that we sent you. And, you know, you know like, we know that it's it's bad.

It's a virus. They got hacked right away. We know. Like, these guys are not legit. You know?

But what could end up happening is you can f in not only infect your selves, but you can infect your customers. So, you know, how long does it take you to get back up and running? Alright? And, well, how long does it take your cost your client to go back get it back and running? You know?

Mhmm. A lot

of times and we see it a lot in the construction agency, you know, the the niche that we're in. You know, like, you could have, like, a three man electrical company that's working with, like, a huge contractor. And if they breach that contractor, well, guess what? You know? Like, that's gonna be a huge problem when you you better bet you better believe that they're not gonna work with you again.

You know? So these guys need to also vet who they're working with and and stuff like that because they don't wanna be, you know, infected and, essentially, within their, you know, ecosystem.

Yeah. And we've seen that happen in Canada. So a lot of, obviously, insurance is pushing down a lot of requirements to, organizations to be to be acceptable to receive insurance from them. But then, a lot of our clients are coming to and say, hey. We just received this big cybersecurity questionnaire from one of our primary vendors or customers, and and we can't sell to them and we want their business until we meet this criteria.

We just need to answer this. And and and so there's a lot of top down enforcement, of a lot of cybersecurity improvements. Otherwise, you just won't get the business, which is healthy, I think, for the for the IT ecosystem.

I agree. Yeah. But when it

comes to insurance, a lot of these lawsuits, sure, the average individual or the the people affected will, will sue you. But a lot of times, the one insurance company sues the insurance company, and and if there's any sort of negligence or a lack of responsibility by the end customer, they're all coming to you to ultimately say, hey. Make us whole.

Coming say that coming to who? The IT company? Is that what you're talking about?

No. No. No. I'm talking about the customer, the end customer. Okay.

Customer gets sued. Yeah.

Yeah. Okay. Yeah.

Yeah. So one So it was a long story.

Yeah. Well, I mean, as I was prepping for this, I'm going through the, case by case, and there's there's a lot of them. Well, point, point a. The what's hard preparing this because our audience, we are not talking to the, you know, Equifax companies of the world. We're talking to our client base, which generally speaking is smaller organizations, you know, a couple hundred employees and lower.

These cases don't make the news. And so then two conclusions could be drawn. One, I'm too small to get hacked. That is a common misconception. And two, guys, if if these great big re organizations with seemingly endless resources are still getting hacked, what hope do I have?

So why does it matter? Like, we just get into this almost a hopeless, apathetic state. And so the point I wanted to make is that while it's not making the news, the damage is real. The numbers are proportionate. So while, you know, I'm talking about a billion dollar enforcement for Equifax, you know, my small company is not gonna get hit with a billion dollar you know, you've gotta do this much cybersecurity infrastructure work, but it's gonna be proportionate in both my number of employees, the the records lost, the data stolen, and the size of my company.

But it's still gonna hurt. It's gonna be a lot worse than if if I had chosen to do this on my own, you know, accord before things got ugly. But, yeah, more and more, the other thing I saw as I was going through these cases is that, you know, the attorneys are and the courts are are mandating not just to make the client whole financially and, you know, with identity threat or identity theft protection, but they're also coming back to the company and and forcing these technical improvements, these cybersecurity improvements. So, man, this is going back to episode 27 with Joseph Brunsman. The simplicity of the solution is really what struck me.

Like, we're not talking about rocket science here. We're not talking about throwing all of our money at the problem. We're just talking about being proactive and having a plan in place and acting on the plan. You have to show that you're acting on it as well. But if that's in place, chances are you're not gonna get breached in the first place.

God forbid you do. Chances are you're not gonna get hit with a lawsuit. And if we go to the absolute worst case scenario, you do get hit with a lawsuit, it's gonna be significantly less than if you were not, proactive and working on these things. So, that was that was kind of my my takeaway from the research and and prepping for today's episode. So, because

the courts frown on people who are neglectful, right? If I

mean, that's all it is. Yeah. Yeah. Negligence. Yeah.

Mhmm.

If you're if you're taking some action and you have a plan and you're enacting that plan, it's a lot different than if you were completely ignoring the issue altogether. Yeah. And the courts recognize that.

I actually think that, most of the the sub 500 companies, the type of companies that we work with, I actually don't think cybersecurity taking care of the fundamentals is that expensive. I actually think it's quite affordable, reasonable, definitely way cheaper than going through a breach. If you take care of the fundamentals, you reduce your risk by, let's say, 90%. And that last 10% might cost you a lot if you really have important intellectual property, important confidential data that you need to preserve and protect. But getting to the 90% mark is actually very affordable and reasonable and pretty straightforward to do as long as you have a good IT company or cybersecurity company working with you.

And there's no reason any business shouldn't be doing it. And if an IT partner isn't capable of doing it, I mean, there's lots of those that exist, find one. But I don't think cybersecurity is that expensive.

No. It really isn't. And, I but we're I mean, we're kind of back full circle. We're we're back to the beginning now as somebody who is not trained and is not this is not their the life they live. Knowing, you know, vetting that IT company does become challenging.

I will I will grant them that. I posed this question, I think, was it? I'm not gonna say a name because I don't remember. We had a guest on here. And and the the pushback was, I mean, you're CEO, you gotta know something.

You know, you gotta do your homework. You can't just and, you know, that's the bottom line. Ignorance is not gonna be an excuse. Not knowing is not going to help you. Not having a plan of action in place, because you you thought everything was okay is not going to help you.

The the courts, the attorneys are just gonna say, well, you're living under a rock. I mean, are are you really not aware of the fact that companies are getting breached day in and day out? We as CEOs, god, we have to know everything. We have to wear all the hats. And if I mean, I don't wanna be too rude, but if if that's not the world you wanna live in, then you probably better find a different gig.

No. Yeah.

I mean, the problem is that it's it's also technically, it's it's optional. You know? And unlike car insurance in at least in New Jersey, you know, it's not optional. You wanna drive, you have to have car insurance. You know?

As an employer, if you have employees, you have to have workman's comp insurance. You know, there's certain things that are meant you know, if you're financing a house, you need to have home insurance. You know, it's not it's not mandatory. It's optional. And unfortunately, when people feel like something is optional and they have that same mentality that you mentioned earlier, well, we're too small, you know, and stuff like that, they're like, I don't need it.

You know? But it really should not be especially, like, there's certain industries that it should be enforced, if not in all of them. You know? Like, if you're dealing with people's Social Security, if you're dealing with people's credit card and stuff like that, this stuff needs to be mandatory.

And everybody is, by the way. Everybody is dealing with we're gathering that information. If you're taking payments, unless you're taking cash, you're dealing with, somewhere you're collecting that information. And while you're right, it's not mandatory in most cases. The gathering of financial data is regulated.

You've got PCI compliance, if nothing else. If you're in health care, you're regulated. If you're in and again, I'm speaking in The United States. I don't really know the the laws in Canada, but some of the stuff is regulated. And then, Mario,

it's great to be in that situation where it's not mandatory until you get, breached and then sued, and then all of

a sudden, guess what? Now it is mandatory by, court order. That's where we don't wanna be. That's what we're trying to prevent. Alright?

Keep it optional, guys. Let's keep it optional. Yeah.

I I I get that it's hard to for a business leader to, assess the risk and make decisions when it comes to their IT and cybersecurity, what are best practices. But I'm pretty sure all of us on this, conversation here today have downloadable IT buyers guide, like a a cheat sheet for any business leaders to be able to make that assessment for themselves. Go download it from, you know, any one of our websites or type in a sentence into any one of the AI apps. Like, what are my cybersecurity fundamentals I need to do based on a company this size? It'll spit it out to you in two minutes flat.

And and there's I I think nowadays with the tools we have, there's no excuse. We have to be proactive as business leaders. And and it's not as hard as it used to be, thankfully, and not as expensive as how it used to be. The tools that we you just have to have good IT companies that know how to use the tools. Buying the tools and legacy on a shelf else isn't a very good idea.

You have to have competent people behind the scenes to be actually, like, use it properly. A lot of the tools actually like Microsoft three sixty five, if you just enable the right settings, it doesn't even cost any money. Just do it.

Well, you know, okay, Mar or, Brenda, you're you're bringing up something that's been in my mind. You've got, you've got this mindset of, maybe correct me if I'm wrong. Have you guys gone to a prospect and said, hey. What are you doing for cybersecurity? Or are you sure you're secure?

And you get this answer. My IT guy has it covered. Have you guys ever heard that?

Oh, yeah.

All the time.

And I've I've I've got an anti and I've got an anti virus.

Right. And

Yeah. That's fine if you know.

How do you know? How do you know? Because you're writing a check? You think that's the right answer? You think you're gonna go to court?

And, like, hey. I've got an IT guy. I wrote a check. Right? Great.

And they may bring the IT company in. It doesn't matter. It's still your responsibility, mister CEO. Mhmm. But I'll I'll tell you the simplest in this I'm going back to Joseph Bronson.

Love that guy. The answer is pretty easy. You know they've got you covered if you're meeting them with them on a regular basis and you're reviewing what it is they're doing to protect you. And they're making recommendations and you have it on a plan. You've got it on a a three year or five year road map.

That's how you know your IT guy has you covered. That's how you know that when you're writing a check, you're getting what you pay for. Yeah. So, guys, final thoughts. We'll move to wrap this up because, pretty soon we'll just start looping, which I love to do, but, nobody loves to listen

to it. So, let let's go ahead and do final thoughts, lessons learned,

key points, and then we'll wrap for the week. And, I go ahead and look forward to our next guest. Mario, why don't you take it first, your key takeaway, Birender, and then Brian, you can bring us home.

I mean, key takeaway is, you know, always, you know, be on the lookout. Always see if you can, you know, improve in something. Always get a second opinion. You know, we always offer, you know, a free security network assessment. You know, we actually offer it all the time.

And I I was sitting with somebody a week ago, and they said those exact same words that you just said, Justin. My IT guy has it covered. I just happened to look over, you know, in the middle of, you know, the I looked over and I saw a computer that was logged in, and their antivirus was Kaspersky.

Oh,

god. And

for anybody for anybody that doesn't know what Kaspersky is, it's a antivirus that is based in Russia. It's the Russians. We always talk about

the Russians are coming. The Russians are coming. They're, protecting the Russians with the Russians. Great.

And, you know, I told them, like, well, does he know that the antivirus that, you know, you're using, that it it's not even sold in The United States anymore? Go ahead and go to their website.

It's it's banned in The US now. Yeah. Yeah.

Yeah. You go right to their website. Right up there, it says this is not available for US res you know, for US residents or companies. I'm like, you know, right if that doesn't and and I told them, like, I'm not even gonna continue with the meeting. If that doesn't show you right now that he doesn't have you covered, then I don't wanna waste your time.

You know? And, you know, it worked. You know? So it's stuff like that. You always have to, you know, even for us, you know, we're always, you know, checking out other things, making sure we're doing things the right way.

You know, there there's no better way to do it. You you always have to get at least get a second opinion, you know, whenever you can.

Alright. Very good.

Next up, Brenner.

Yeah. So before I jump into a couple of, final, parting thoughts, I just wanna share, like, the most preparation for this podcast, the most Canadian example of a cybersecurity breach I could find. So Tim Hortons, which is as Canadian as it gets. Right? It's hockey and Tim Hortons.

I guess they started, tracking user location with the app, without users' consent, and they ultimately settled by offering customers a free coffee and a doughnut.

I got mine. Sign me up.

I know. I I I somehow missed the boat on that. But Yeah. But that's how lax we are about these breaches in Canada, and I think that needs to change. As far as tips for, business leaders, to know if they're being served well and things to watch out for is, does their IT professional know what sensitive data they have?

And do they truly feel that's protected? In every discovery meeting, I always ask, what is the most sensitive data? What can you be sued for? Obviously, there are Social Security SIN numbers, for every business because you have employees. But there's more.

Credit card numbers, intellectual property, there could be a number of things. If somebody hasn't asked you those questions, start looking for some second opinions.

Yeah. Good, Brian.

Okay. Taking it home. Lessons learned. Cybersecurity is not static. Cybercriminals don't look at you and go, you put a firewall in.

I'm gonna move on to somebody else. Dang it. Right? They they are always innovating, and they are always looking for new ways to breach. And so we always have to be innovating.

You, as a as a as a business owner need to be innovating and need to be or have somebody in place that will innovate on your behalf. Cybersecurity is not treat it like a journey. Treat it like you're you're you have a plan and and update that plan, every quarter with what you're gonna do next in order to improve your cybersecurity posture. Don't be static. Don't be that guy or girl or woman.

I mean, you know, I say over and over week after week, we sit here and we break it down. We talk about all the the there's so many recommendations. It's it's I love that we can. Yeah. We can punch it into AI.

We can get some simple answers. But really, it is it's a complex problem. It's, as a business owner, it's easy to get overwhelmed and to not really know what to do, how to take action. You know, and we sit here and I I semi jokingly talk about the Russians are are coming for us. The breaches that I've been involved with were mostly Russian based, which is why I say that.

But we've we've evolved to this point where the the root problem now, it it has this this tag on where, yeah, watch out. The Russians are coming, but, goddamn, it's all the attorneys. That was just something I didn't want to know, but I'm glad I do. And and to to kinda take this point home because I, you know, guys, we talked about at the beginning. We we live this world.

We eat, breathe, and sleep this stuff, and we've got that pull. What what are clients asking or prospect asking us when they come to us? What should they be asking us? And so I love to be able to test my theories because, does do do my passions, does my attention, does it translate to what what they want and what they need? So, my my final thought for the day as I was sitting in front of a prospect just a few weeks ago, and I was explaining this problem.

I'm like, breaches are they're through the roof, and I've been saying that for years. I said, but now it's worse because the attorneys are coming after the fact, and they're suing us. And I I could just see the the anxiety and the stress building in this prospect that I was talking to, and I was like, but don't worry. Like, there's a very simple solution to this problem. We just have to have a plan of action, and we have to have milestones.

Like, that's it. Right. We just have to know what we're doing, have a plan in place, and and be taking these steps. And and I just you know, in in proving the point of the message, I just watched all the anxiety. You could just visibly see it drain off of her face.

And and, you know, the the deal was done. The the plan's being taken care of, and there's one more person being protected from both the Russians and the follow-up attorneys. So, that was that was a great confirmation for me to know that the message is valid. It's working, and and the solution itself is really what we all need to be paying attention to. So those are my final thoughts.

Guys, we're gonna go ahead and sign up. Mario O'Brien, as always, thank you for being here. Brenda, love it when you make a guest appearance. You should do some more often. With that, guys, say goodbye, and and we'll see you next week.

Take care.

Take care, guys. Guys. Have a great

week.