Preview Mode Links will not work in preview mode

The Business of Business Podcast

  1. All Episodes
  2. Cybersecurity, Important Before or After The Ransom? Its Your Choice

Cybersecurity, Important Before or After The Ransom? Its Your Choice

May 25, 2021

Cybersecurity, Important Before or After The Ransom? Its Your Choice with Brian Gill

There has never been a more important time to talk about data recovery and cybersecurity. The recent hack of a major fuel distribution pipeline. The company ended up paying the ransom. If it can happen to a large company like this, it can happen to you? Are you prepared? You know the old Fram saying, "You can pay me now or you can pay me later". It's your choice.

About Brian

Brian holds a B.S. degree in Computer Science from the University of Wisconsin, Madison. He is a software architect and data recovery expert. He is well-versed in the firmware architectures of all the major storage vendors. He is a co-founder of Phoenix Nuclear Labs and served on PNL’s board from inception to when it decided to spin-off SHINE Medical Technologies. He also previously served on the board for the Madison Scouts Drum and Bugle Corps.

Brian co-authored the first edition of the WebLogic Server Bible, published by John Wiley & Sons in 2002. He was named one of Madison’s 40 under 40 by In Business, even though sadly he is 40 now. He and his wife Kara have 3 sons, Charlie, Tanner and Eli. He is an avid but terrible fisherman and has never participated in even a single session of CrossFit. As CEO of Gillware, Inc, Brian oversees and assists all aspects of the business.

www.gillware.com

www.tetradefense.com

www.thebusinessofbusinesspodcast.com

Full Transcript Below

Cybersecurity, Important Before or After The Ransom? Its Your Choice with Brian Gill

Sat, 5/22 1:47PM • 41:00

SUMMARY KEYWORDS

hacked, data, passwords, backup, business, pay, people, bad, email, roy, computer, big, buy, called, service, talk, brian, ransomware, solopreneurs, log

SPEAKERS

Brian, Roy Barker

Roy Barker  00:02

Hello, and welcome to another episode of the business of business podcast. I'm Roy, your host, we are the show that brings you a wide variety of guests that talks about a bunch of diverse topics, you know, trying to help our small, medium solopreneurs entrepreneurs and even large businesses, give them something to think about maybe something new, or at least help them solve some problems that they may be having. Which leads us to our guest today. This is it's such a timely topic that I'm glad I ran across Brian, Brian Gill is the CEO of GillWare, which they are a data recovery service. And then he's also a cybersecurity expert. And, Brian, first off, welcome to the show. Thanks so much for taking time out of your day to be with us.

Brian  00:53

Well, you're the man. Thanks for having me,

Roy Barker  00:55

man. I tell you what, you know, this cyber security and a lot of times, you know, I'm just gonna say even as the smaller guys, we think that's really not for us, or we don't really have a need for that. But I think nowadays with ransomware, and all this stuff going around, I think we have, we probably have as much need as some of the big guys.

Brian  01:17

Yeah, I mean, I think there's a huge amount of bad guys is growing with the market opportunity, which is big, many billions of dollars big. Right. And, you know, every month, American businesses specifically, but also some consumers, but you know, American businesses are paying hundreds of millions of dollars worth of ransoms every month. Yeah, it's pretty crazy.

Roy Barker  01:44

Yeah. You know, and it's been even stranger around here. It's it, you know, and I'm in the North Texas area that we have had a lot of governmental and school agency have that have done that, too. I mean, it's just like they've locked their system up for weeks on end.

Brian  02:00

Yeah, I mean, municipalities are big targets. And it's tough. You know, like, here, I live in Wisconsin. And if you're, you know, the mayor of a small town in northern Wisconsin, you know, you don't have a it defense budget. You don't you don't have you just don't have it exactly. But do you have, you know, the property tax records of all the people of, you know, the 1800 people in your town, and their social security numbers and their credit, and their, you know, a lot of that really sensitive information you do. And they're a target. And they're a target with a lot of valuable data. And very little, helping them to defend themselves. So

Roy Barker  02:42

there are brands that are beautiful. Yeah, and I've even, I've even heard of the, you know, some of the bad guys, there's a way to do the bait and switch where they get your property, put in their name, then go take loans on it. I mean, it's that I think that just reinforces that, you know, anybody that's got a computer that is connected to the outside world in some way. You know, even if you're just a home user, you still need to take some precautions, and

Brian  03:11

you're 100%, right. I mean, so sometimes they're gonna encrypt all your data and hold it hostage. And you could say, well, you know, I don't really have anything I'd pay for, forget it. But here's the problem, what Roy just said is true, they're gonna look for alternative mechanisms to monetize on your, to your detriment, and they will, we've had people hack into their stuff, get their tax records, and they'll file taxes on your behalf. Exactly. And they'll, they'll file it with like a 40 $500 refund. And they're gonna send the change of address to USPS the day before they do that, and that checks gonna go to a peel box in Miami. Exactly. True story. Yeah. You know, it's they'll, they'll change. They'll do whatever they can do with whatever information they have. And, again, if you're an organization that has sensitive data, even if you're like, Man, I've backed everything up, I'm good. Well, you might not be as good as you think. But what can happen is, they'll say, well, Roy, if you don't pay us, we're going to put it all up on the dark web or up on the deep web, right? So even if you're not going to pay us for it, somebody else will. Yeah, yeah. And they'll hold you like ransom kind of inverted. Yeah. You know, yeah, it's terrible. And we hear that term a lot, if you don't mind just explained to the users exactly what that dark web concept is,

Roy Barker  04:36

if you don't mind.

Brian  04:38

Yeah, I mean, to really dump it all the way down. I'm going to get a little tiny bit technical, but I'll try to keep it so we don't start falling asleep. But you know, when we go to google.com, you know, that's gonna go into something called a DNS server. The DNS server is gonna say, oh, You are going to go to this IP address. And it's a bunch of numbers. And that's how it's gonna how that traffic's going to flow. And the dark web is not on DNS, there's special browsers that you use one's called tour. And frankly, a lot of this technology is not evil by nature, I run a Tor Browser. It's a great privacy. It's like an internet browser, like any other, but it's it's a privacy browser. But they don't, it's a it's not a system where the government can shut it down easily. Because there's no central point of failure, like DNS providers, right? Where the government can come in and say, Hey, google.com is now banned. And they just remove it from DNS, and then nobody can get there. Right? It's, it's kind of like, DNS by groupthink. Yeah, it's a little different. But what happened, and again, a lot of the dark web and Deep Web is not evil, most probably 99% of it is just like the normal internet. But, you know, 1% of it, some pretty bad stuff, you know, you can, you know, little marketplaces to buy drugs and buy, illegal, you know, narcotics and weaponry, and you know, and obviously, sell people's information and child crime, photographs, and all kinds of really bad stuff is out there, too.

Roy Barker  06:32

Yeah. And that's what I was gonna mention. Next is I think it's, let's say it's not, it's relatively small, but it's like, you know, if one guy has your information, maybe he's limited. But I think the the other component of this dark web is it's able to spread your information, and you know, they sell it, sometimes it's like, I work on it for a while, if I can't do anything malicious, then I can send it off to somebody else. And all of a sudden, what little piece of information they have on you has been spread all over the world. And now instead of one guy trying to get to you, you know, there may be 1000 people trying to get to you.

Brian  07:10

Yeah, and they sell them as what they call kits. kbit. And, like, the full kit is basically, you know, Roy's name, social security number, whereas bags are, you know, what his driver's license ID is maybe a picture of his driver's license, when they have that full blown kit, maybe because they got it from like, a small municipality in Texas, you know, they'll sell that kit for a lot less than you might think, you know, they might sell a kit for 10 bucks. Yeah. But you know, the guy that that buys it, is going to look to do something about is, like, you kind of almost have to hope all he does is like register a credit card in your name, like, and cause you a little bit of identity theft and a little bit of pain. Yep. Like, that's about the best thing that can happen to you, once one of these guys buys a kit. Yeah, and it can get a whole lot worse.

Roy Barker  08:00

Yeah, and I want to get you to tell us, you know, let's just kind of, you know, we'll start at the beginning thinking about that smaller business out there some things that they can do. One thing I just want to mention is our, you know, our webcams have become a vulnerability. And luckily, you know, mine's got the little cap where I can shed you know, we can shut on when we're not using them. But some of the older computers, you know, that web camera is just always exposing you your background. So the thing of I may sound a little freakish, I'm sure. But you know, I got a little my older computer, I got like a piece of tape and some paper across that just where I can control when it's viewing the, you know, me and the world behind. So just just

Brian  08:45

Mark, Mark Zuckerberg has one. So you know, if Mark Zuckerberg is covering up his camera, I mean, he's the Facebook guy. Yeah, right. Right.

Roy Barker  08:57

Well, let's go ahead. And if you don't mind, you know, let's, wherever you want to take this conversation. I mean, it's so vast, we could talk for hours and hours, but you know, let's just give some actionable items there and talk about some vulnerabilities that, that you have seen, you know, in the smaller, small business, solopreneurs entrepreneur, you know, professionals, we all have data that, you know, we all have, you know, our customers data, we have to think about that. It's not only what I've got on my computer about me, but I've got sensitive information about my clients on my computer as well.

Brian  09:33

Yeah, so if you're in, in the world of b2b, you know, you're selling business to business. You can quickly go out of business when you get hacked, if you if your larger business customers are annoyed with you for letting their data go to the wind, right? It's about the quickest way to lose accounts and to get fired. Right. And if you're the type of business where you got one big client and they terminate you I mean, it could be out of business for you anxiety So there's a lot of really good reasons. And all, by the way, what's happening now, when you are bidding on some of those large enterprise accounts, there is an emerging trend where they are more and more security conscious with their vendors. So they're gonna start asking questions like, how do you protect my stuff? Right? And if you don't have good answers, well, your competitor is going to win that account. And you're going to lose. Okay, so even if you don't, you know, there's a lot of reasons Yeah, to try to tie your stuff down. You know, save yourself a lot of pain. So let's just talk about a few of them. Okay, number one, easy thing, man, if your business is big enough to have insurance, like you have an insurance policy, call up your broker and make sure you have a cyber insurance policy. Just because you're paying 1000 bucks a month for business insurance does not mean you have a cyber insurance balls. In fact, you probably don't. And you need one, the average amount of cryptocurrency or US dollars worth of cryptocurrency that we see on a network penetration and ransomware event is about a couple $100,000. Okay, so these bad guys are not screwing around, they're not gonna send you a ransom note for two grand, add two zeros to that. Yeah. And that's about what they're asking for these days. So if you don't have a ransomware policy, you might be sunk, or a cyber security, cybersecurity insurance policy, you might be sunk. If you do have one, and you have a coverage limit of 10,000, you might as well not have one, we're at risk. So if you're big enough to have insurance, at a cyber insurance policy, it's gonna increase the cost 10%, or whatever, best money you've ever spent.

Roy Barker  11:50

And let's talk about that. There's a two is there two components to that there's not only maybe covering the liability of our client, what they may come back on to us, or maybe having to pay some of that ransomware, but also hiring an expert like yourself to kind of undo the link that whatever they got into our system in order to get it cleaned out where they're not still in there.

Brian  12:14

No, that's right. I mean, when you read these insurance policies, they're, they're complicated. But those are the right questions that you need to ask your broker Are you gonna have, because you're probably gonna need some remediation, you're going to need possibly some new computer equipment, you're going to need to hire general it people to come in, set everything back up again, buy you a new firewall, patch your firewall, figure out how they got in, you know, you're going to need to possibly pay some bad guys, you need to pay some maybe a third party to assist you with the facilitation of paying the bad guys decrypting your data, getting your network back up and running. There's a lot of different costs involved. The one to be very cognizant of and to understand is, what is the ransom limit? Okay, because again, like if you have a cyber insurance policy, and it's got a $10,000 ransom limit, you might as well not have it as a waste of money.

Roy Barker  13:09

Exactly. Okay, great.

Brian  13:12

So that's, that's an easy one. Right? Now, if your business is a micro business, you're just getting started solopreneur, no revenue, yet pre revenue, maybe a little bit of revenue. And you you don't even have any insurance, well, then, again, your insurance costs money. So you know, you need to be making some to spend it Right, right. If you're raising capital, like, if you are an eight, you know, you're running around trying to raise a couple 100 grand of seed capital to start your business. In your business plan. Stick like five or 10 grand of that money to lock down your IT security. savvy investors are not going to be turned off by that they're going to be turned on by that, okay. They're gonna say, Oh, this guy's smart. This gal is smart. Yeah. They're gonna take 1% of what we give them and spend it on IT security. Right? That sounds like a good idea to everybody put it in their budget for I guess the the number one way that people get hacked is failure failures in user authentication, which most of us know is passwords, okay. Passwords suck. And most humans are really terrible at making passwords. They've got one or two passwords, one or two twists. Or sometimes they put an exclamation point at the end. Now it's unhackable. Most, most people have very, very bad passwords. They've got 50 places where they go, and they got two passwords, right? And it's like the name of the house. They grew up on the name of their dog and an ampersand. You know, it's just terrible, right? So easy to hack. And there's so many ways the bad guys can can get that and sometimes you don't even you're not the victim of the initial Attack, Yahoo had like a database of whatever, 200 million plus users, and the bad guys hacked Yahoo, and got all of the passwords for everybody on Yahoo. Right? And this was a long time ago. But you know, it's it's sometimes you have one password for everything. Well, any one of those 50 services can get hacked. And now your passwords in the wind crap for the other 49 services. It's a great bank.

Roy Barker  15:25

Yeah. Yeah, that's a great point. Because they'll just, you know, again, I'm have limited knowledge, but they have these programs that they can load up your username and password. And then when they find out your bank, your credit card, you know, they'll just auto auto run through all those until one of them gets a hit that they there. Yeah,

Brian  15:44

it's called a it's called a dictionary attack. And it's super trivial to set up. So again, what I will say, Okay, what I do, well, you know, again, if you're on if you can see a video feed, I've got a yubikey here. This thing's 40 bucks. You can buy it on Amazon. I'm not affiliated with them. Okay, I'm

Roy Barker  16:01

sorry. Can you spell that Yuba?

Brian  16:03

Yeah, UB keys. So it's why you bi ke y, okay. And there's a bunch of different vendors of similar equipment, okay. But what it does is it replaces all your passwords. It's got a little, it looks like a key, it's got a hole on it for your key chain. Okay, it can get plugged in the USB on your computer. And when you go to login to stuff, you basically push this physical button. So if somebody hacks into your computer, they've got remote access to it, and they're trying to log in as you to stuff. Well, if you're not sitting there pushing that physical button, it doesn't log in.

Roy Barker  16:40

That's awesome. Yeah, I've never even heard of that. So I think

Brian  16:44

technology is common. It talks NFC to my phone. So it doesn't might you know, my iPhone doesn't have a plug for USB, but it syncs right up to my phone. Okay, fine. It's a great little product, gets rid of all your passwords, and actually does password this entry for most of the modern websites. So it's not even a normal password type of handshake. It's a whole different security protocol. Okay. So, again, if you have a crappy bank that doesn't allow for this kind of thing, or if it doesn't allow for two factor authentication, get a new bank.

Roy Barker  17:19

Okay. Now is that simple, just it's something like that gonna be easy for a novice like myself to, you know, to order it and get it set up where to work pretty seamlessly.

Brian  17:30

Yeah, it's not complicated. Okay. Frankly, it's easier than remembering 500 passwords. Exactly, yeah. So you know, and you don't, I mean, again, it's a really, it's a better way to live 99.9% of people, if they bought one of these $40 do hickeys, they would do, you know, dramatically increase their security. So there are some cheap solutions on the way. The other big one is email. Email phishing, and I talked to a lot of people who are very cocky. And they'll say, Yeah, I get I get these Nigerian prince emails. I know, I'm not getting I'm never gonna get fished. Right. And the bad guys, those are out there. And yeah, you're not gonna fall for one of those. But there are incredibly sophisticated bad guys out there. Right. And the level of sophistication will blow most people's minds. Yeah. There's probably people out there that could put this conversation through a computer. Capture enough about my inflection in the way I talk. Use AI, you know, to generate a conversation. Call my company say, Hey, this is Brian can Hey, can you reset my password or the dude into the XYZ system? I'm locked out, I locked myself out. Or hey, can you wire $30,000 over to this other account for this, you know, vehicle we just purchased? You know that and it sounds like me, and they might even like spoof my caller ID I mean, the amount of sophistication is, is high. Yeah. And it sounds like oh, I'm being too paranoid, like you were saying with the with the thumb over here. Camera, but reality is that's about the appropriate amount of paranoia. Yeah, these days. There's, there's not a lot of help out there. You got to defend yourself. Yeah. And there's a service. If you're a little bit bigger of a business, maybe you got a couple dozen employees. There's a really nice service called iron scales. That will plug right into your 365, which is what most people use for email these days. And it's kind of like when I see a phishing email, I can push a button and flag it as a as an end user. I see a suspicious email, I can flag it. And if enough people flag that email address across the United United States, we get a little bit of groupthink happening. Okay? And and the iron scales up in the cloud will say, okay, that's a that's a bad guy. And then it'll just poof and disappear from everybody's inboxes. Yep. Okay. So again, it's not incredibly expensive, but I don't again, I don't really know things like 10 bucks a month per user. But if you're a reasonable sized business, and you know, especially if you're like a higher end white collar business, like an accounting firm or a law firm, right, things like that, this, this kind of service is a no brainer. Yeah. You really need to do it as any kind of business any kind of micro business to take a little bit different tack. Even just a consumer. Yeah. There's no reason not to freeze your credit at all three credit bureaus. There's no reason I've never had anybody convinced me that it's a good idea to allow some third party like Equifax who I never signed up for. I never signed up for Equifax, did you sign up for it? No,

Roy Barker  21:04

I have not for sure. Did you sign

Brian  21:06

up for TransUnion? Do you remember signing up? I didn't sign up. Nobody does. They just they've been sitting there, gathering all our information, selling it our most critical information and they just sell it to whoever wants to buy it. Right. And I can think of no good reason to let them do that. Now. It's also I think, free, because I think they passed a law maybe three or four years ago, correct. After Equifax is big hack, when all that data that they gathered about you went to the wind. You know, they, they made it free to freeze it. So you go to their websites, and you freeze them. And yeah, that once a year, when you need to buy a car that once every other year, when your wife wants to get the target. Credit card, or you want to refi your house? Yes, you need to take about two minutes. Login to TransUnion. Calm saw your credit for two weeks. That's the entirety of the pain now. Yeah, it's there's no reason to let some bad guy who bought a kit off the deep web, go buy a car, in your name. Exactly. Well buy a house in your name? No, there's no reason.

Roy Barker  22:25

Yeah. Yeah. And a lot of people don't realize that that you know, you can pay for services that do that. But you can also go out and do that for free with just I've done it. And so I can't remember if it's a phone call, maybe even an email or fax, but it's very simple to take care of. And, you know, I kind of look at it as two factor authentification. If I'm going to go purchase something, then it takes an extra step on my part just to make sure that goes through without just letting everything go through.

Brian  22:54

Exactly like why what is such a bad idea to have me take two extra minutes. Anytime I'm going to do anything that's going to be many 1000s of dollars, that's basically going to require a credit check. Exactly. It's a good way to live. And you don't need to pay for lifelock. Don't just lock it down. You got kids lock theirs down to Yep. And it's just not. I've never had anybody convinced me that it's worth it. And if somebody does breach your identity, if they do try to go buy stuff in your name with your social security number, it's gonna bounce. Yeah, it's gonna say, well, your credits frozen, they're not gonna know, the code to log in to Equifax to unlock it. Because they didn't lock it. They just bought a kit.

Roy Barker  23:39

Rat, right. You know, a couple things to say about email is that, you know, in our busy day, we get a lot from, you know, I get tons from services that are truly use Amazon, PayPal, you know, if you go up and look at the address that send it to you, it's always some crazy address that, you know, is not even close. But regardless of that, that I think, for me, that's an

Brian  24:03

excellent point. Right? That. So what you're talking about is domain spoofing. It's a type of phishing know, where you get an email from PayPal that, hey, you know, you just paid $37 to x, y and z, right? And you're like, No, I didn't. And you're gonna click that link and go log into PayPal. It's gonna look like PayPal. And you're gonna type in your username and password. And what did you just do ROI?

Roy Barker  24:28

You just gave it all away. You just

Brian  24:32

gave your pay pal? Some numbnuts Right, right. Yeah, what instantly going to log into the real one and and take more than $37 this this little yubikey saying is not fooled by that crap.

Roy Barker  24:47

That's good. Good. You know,

24:49

it's Yeah, it's

Roy Barker  24:50

the other thing I was gonna suggest is that, you know, what I do is if I get something from my bank, Amazon, I just go to sign into that account. I don't use the links. On that email, again, it takes about five more seconds because I have to open up a browser window and type in an address. But I can go into my Amazon account and see that there really was no $37 charge over there. It's somebody, you know, obviously, so I guess my messages, just take the extra time, don't click on any links, go to the, you know, go to where you usually sign in to check that out. And then the other thing is these phishing emails, you know, I, the, the prints that sends me the one all the time or the long lost relative, you know, from Nigeria, you know, I'm on to those, but the other one I get quite frequently that is more. Oh, sorry about that. That was my email that the, the one I'm more tempted to click on is, from somebody that I don't know, that says, hey, I have this awesome business opportunity, you know, please just click on my link, and I'll share all this information. And while I don't, it's, you know, it can be tempting in business, say, oh, that somebody really want to reach out. But my thing is, it would come from a company, even in my business, it would come from a company email, it would come through LinkedIn, they would tell me with so and so company, this is what we're looking for. But, you know, it's it's never that in depth, it's always just just a nugget of information, trying to get you to click on the link. So those are ones I just want to say, Be especially careful for those because they'll get you as well.

Brian  26:29

Well, and to take, again to with email, we could talk about email for hours. Last thing I'll say, okay, is sometimes you get an email from me, you know, and it'll say, Hey, Roy, thanks for having me on the show. You know, here's a link to my Dropbox where I got that document I wanted to share with you. And the problem is they hacked my email. Yeah, so sometimes your email didn't get hacked? Yeah, your friends, your vendors, your suppliers, email got hacked. And you've all probably seen this, where you know, some vendor that you haven't talked to, for three years, send you some email out of the blue talking about some RFP, you've all probably had it happen. Right, exactly. They're like, well, that's weird. And what invoice I haven't done business with that guy in five years. So well, his email got hacked. But what if it was, you know, five days ago, you had this conversation? And you, you know, you're going to be more gold? bolded click on it. Right, right. So yeah, I mean, this is where services like iron scales, modern technology, like yubikeys. Okay, you know, can really help you out of some of these more sophisticated attacks. Right,

Roy Barker  27:44

right. Okay. So what's next on our list there after we get through? Well,

Brian  27:48

and maybe it should have been first but back.

27:50

Okay. Okay.

Brian  27:52

Everybody needs to backup their damn data. It is 2021. Last I checked, and like, probably half the world's data is not backed up anywhere. It's crazy to me, with how phones, and how laptops and how one drive and how Google Drive, and how we have all these automated ways and all these cloud services. And, and yet, half of our stuff is not backed up any wreck. And worse, sometimes we think it is. So we think something we I'm paying for that backup service. When's the last time you logged into it? Yep. When's the last time you looked at your backup service and said, Yep, there's all the documents I created yesterday? Yeah, I'm good. That's a great.

Roy Barker  28:42

I had one that had a link break. And I went for about, you know, a month with no uploads, I thought it was just sitting there working in the background, and it wasn't. So that's an awesome point.

Brian  28:54

You got to audit your backups. And again, if you're a larger organization, where you got a couple dozen employees, and you're paying a managed service provider, you're paying for like a rent and IT guy every month. Make sure you ask them the question. How When's the last time you did a mock restore of my backups? Well, I've never done that for you. It's like, Well, my IT guy is gonna do that for me. So maybe you should do that. Or maybe I need a new IT guy. You know, it's in Yeah, you should pay money for it. They you know, things cost money. And if you're going to have an IT guy, once a quarter, Mark, restore all your backups. Make sure your HR data is there, make sure your architectural designs are there. Make sure your show notes and your audios there, whatever it is that you do and your financials and your HR. It's gonna take that guy for six, eight hours of human time to download all that stuff, spin it all up, go into it and say yep, I've got Roy's QuickBooks file. Yep, it was updated January 15, check, check, check, it's gonna take some time. And you don't have them do it every week. Have them do it twice a year, four times a year, whatever makes sense for your business. But a backup is not a backup if you don't look at it, right? And make sure it because we see all kinds of problems, whether something starts stops working, whether we got some scope creep, maybe you hired three or four new people, and they weren't set up with it. Maybe switched accounting systems, you switched drps, you move this other thing to the cloud. And and that's I guess the last thing is with backup, the cloud isn't a backup. When you say, yeah, you know, all my data is up and X, Y and Z provider. Well, that's the primary. What is the backup of that thing? Right? And if the answer is I don't know. That's isn't that Amazon's problem? Isn't that, you know, Bill Gates is problem. And the answer is no, it's not. I mean, Amazon, or not Amazon. But there was a huge out. It wasn't Amazon, Amazon, there was a huge outage on the East Coast just two days ago. Were like a fourth of the AWS nodes just kind of went poof now. And I don't even know, I haven't even read what all caused it. But these services are more robust than a server that you have set up in your business. But they're not infinitely robust, right? And if you need to have your data in two networks, and you need to test that it's actually there occasionally. Okay. So yeah, but anyways, the other ultimately you should air gap your backups, because the bad guys are super sophisticated. One of the things that my company Gilmore does a lot is we deal with situations where ransomware got on a business's network, they encrypted all the primary wherever it is up in the cloud, on prem. But deadly, encrypt all the data at the primary level, they'll kill any snapshotting, which I won't bother to explain what that is. But they'll also be on the network long enough to understand where the backup mechanism is up. There's a veem server over here pushing data to this little appliance, they will log in, and they will kill those backups dead. And one of the things we do is we will try to resurrect the data from some of these killed off backups. Yeah. So you know, backup your data, ideally, in a perfect world every once in a while, have an air gapped backup that's not plugged into the damn internet. Yeah.

Roy Barker  32:46

Yeah. And that's a it's important, because this is not only malicious, but I was gonna say it's it. The other thing we need to see is how fast can we get our hands on that backup? Because, you know, we, you could have a fire, you got flood, water damage, tornado, you know, there's a lot of things besides mischief that can happen to your equipment. And if some people if you go for days, you know, hours, days, weeks without being able to get your hands on the data and being able to restore it to some usable form. You know, it can put people out of business.

Brian  33:17

Oh, yeah. Or it'll really annoy their insurance company. And that happens. So we again, we run a data recovery lab. And we get hired sometimes in in corporate situations where, well, the good news, is there a backup. And the bad news is, it's been downloading for two days, and it is 3%. Complete, right? Right. And this business is going to be down for 60 days, and the insurance company's on the hook to pay $25,000 a day, every day, they're down. So they'll drag those broken servers into us, we'll fix them because we can do it in four or five days to go save the insurance company but money. So yeah, it's a weird deal. Man backups are only there. And again, that is exactly the kind of thing you would learn in a mock restore. Right? And exactly the type of question when you talk to your IT staff like hey, when's the last time we did a mock restore? Was it complete? And how long did it take?

Roy Barker  34:09

Yeah, exactly. All right, Brian, well, we appreciate you coming on and talking about this, what I'm going to try to get off air here and try to talk really hard to get you to come back to do some small segments for us where we can, you know, break some of these bigger things down and let's do some actionable items. I think that would be great. This is such a sensitive information. Such a sensitive place. And you know, the experts like yourself are few and far between. So I mean, I'm glad that we were able to connect and get you on this episode for sure. But before we go, you've already mentioned a few things maybe but what is the tool that you use in your daily life and it could be professional personal, just something that adds value to your life?

Brian  34:57

Yeah, I mean, if you want to just take a break from this Cyber Security and get into the more business see thing. Okay. One of the software tools that I use that I really enjoy is the LinkedIn Sales Navigator, okay. So it's kind of like LinkedIn God Mode costs about 100 bucks a month, maybe a little more. But it lets me if I if I'm trying to research a certain piece of storage equipment, and I want to find the human that wrote the firmware for that equipment I can get on LinkedIn Sales Navigator, put in a bunch of weird stuff. And bang, like, there's my man, he's in Japan. And he's the guy that wrote the firmware for the XYZ do Hickey interest. And I could be on a chat with him two minutes later, and it did not exist 10 years ago. And that job of finding that resource 10 years ago was to navigate some of these companies with 10,20 50,000 employees to try to get somebody to tell me who did it. Yeah. And it was almost impossible. So LinkedIn Sales Navigator, it's, it's awesome. Okay,

Roy Barker  36:09

awesome. Well, great. Well, Brian, let tell everybody, you know, basically, who's your client, how you can help them and then of course, how they can reach out and get a hold of you.

36:19

Yeah, so I mean, hopefully, you'd never do it from a crash perspective. But if you ever lose data, you find yourself in a data crisis. The remediation company that I run is called Gillware at gillware.com, we've been doing it for about 20 years now. We service over 10,000 clients a year. And we can usually help you out of that jam. If you're a more mid size business with maybe 100 plus employees, and you're kind of wondering how tight your own it is, and you're getting a little bit worried. And you've been reading all this stuff in the paper. And you've seen Jeff Bezos himself got hacked. You know, like when you see if they can hack him, they can hack anybody. Right? Exactly. I mean, it's, you see all this stuff, and you're worried. I also work with and co founded a company called Tetra Defense. And that is a incident response firm. And they also perform risk management and risk assessments. So they will come in and remediate some of those million plus dollar ransoms and help dig out of those specific messes. But they also will help you with monitoring your network and what tools need to get installed, and they'll put your IT department on an action plan, and they'll put them through the old minus 31 step inspection, you know, like they, they really look at everything. And if you haven't figured it out, this stuff's really complicated. There's a lot of it. And the biggest problem with cybersecurity man, is if you got one hole in your game, you could do almost everything right. It just takes one little problem. Yeah, yeah. And it could cause all kinds of problems. So it's, but if you're a big medium to big sized company looking for real help with locking down your security, or just maybe feeling good, because it is you find out it is so good, but I don't think that's ever happened. You know, that's again, that's over at tetradefense.com,

Roy Barker  38:24

okay. Yeah, and the, you know, the other thing we've talked about previously, and I don't want to open up another can hear that we'll have to talk another hour about but you know, it's it's not only our computer equipment or network, things like that. But it's can be as simple as walking around and seeing what people leave on their desk. You know, janitor comes through finds a jump drive sees a thing of, you know, list of your customers list, a password, you know, or, you know, the other thing we talked about too, was if you have these really cool office spaces in an urban environment, where you've got a lot of traffic on the street, and all your monitors are facing this nice open window where anybody can just stand outside your building and take notes. There's, there's a ton to this. And like you said,

Brian  39:08

there's physical components to risk assessments. You know, kind of a funny one that'll make you know, one of the ways if when you when you get paid to hack into people's networks, like one of the tricks is just to take a bunch of USB sticks and just leave them around the parking lot. But those USB sticks are programmed to basically hijack the computer and install a bunch of malware. Remote Access. Yeah. That's a dirty, dirty trick. Because if you find if you find one of these laying in the parking lot, throw it in the trash.

Roy Barker  39:43

Yeah, well, 10 minutes ago, I would have been the knucklehead that picked it up. Okay, we'll do that. All right, Brian. Well, thanks so much again, for coming on. We appreciate all this great advice and it's been a good conversation. Appreciate Y'all can find us of course at www.thebusinessofbusinesspodcast.com course all the social media networks, Facebook, Twitter, Instagram and this will go up live on youtube once the episode is posted as well Also, you can find us on all the major podcast platforms always want to say iTunes but they've changed this apple podcast, Google podcast, Stitcher, Spotify. If we're not one on one on one in which you listen to give me a call, I'd be glad to get added to that. Also, if you're, you know an expert in a field like Brian, please give us a reach out to us. We'd love to get you on an episode future episode here. Y'all reach out to Brian. This is a serious business. It's just getting worse and worse every day. So let's see how Brian can help us before we get ourselves in a jam. Alright, till next time y'all Take care of yourself and take care of each other. Thank you.

 

www.gillware.com

www.tetradefense.com

www.thebusinessofbusinesspodcast.com