November 26, 2024 • 45 mins
How do you REALLY know that your IT company has you properly protected? How do you know you are getting what you pay for? This is one decision where you cannot afford to be wrong.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Justin (00:14):
Welcome everybody to episode 35 of unhacked. Guys, I
said every week, unhacked, it'skind of an intentional misnomer.
We we lead people in thinking,hey. If you if you get hit by
the Russians, just talk to us.We'll fix it all.
We'll put you right back to theway it used to be. Have have you
guys ever seen that happenactually in reality, somebody
(00:37):
truly getting unhacked? No. No.Me neither.
The damage is bad. It's longlasting, and sometimes it's,
terminal. We don't like to talkabout that, but, we are here
really to prevent it. We're hereto make sure people do not get
hacked in the 1st place becausethat's really the only way you
can get unhacked is to just, youknow, never go there. We we
(00:58):
believe in best practices andstandards, and we're gonna talk
a little bit about that today.
We talk about it pretty muchevery week, but, you know, it's
a firm belief that 97% of thebreaches that we hear about,
that we know about, that weinvestigate or deal with in any
way, shape, or form could havebeen prevented almost always.
Bryan (01:13):
Right.
Justin (01:14):
You've got that little bit of a gap, the 3%. There's
always the you know, if ifyou've got a big enough target,
if somebody wants in bad enough,they're going to get through,
and that's where policies,procedures, and insurance come
into play. So, that's what thisapp or what this podcast is all
about week after week. We'rejust here to empower business
owners, because listen, we'reall overworked. We're
overwhelmed.
(01:34):
This is one thing that we don'treally wanna have to deal with,
but I mean, this this can belife or death. So, real quick
funny story. So I've got, I gotmy good friend, Liana, who goes
back and and listens to allthese episodes, and she pulls
clips out. Right? I've told youguys about that.
Bryan (01:51):
We we
Justin (01:51):
push that out to social media. And it's hard because as
an IT guide, like, I don't knowabout you guys, but I get kinda
bored with this stuff because wedo it all day every day. We talk
about it. It's like, this isn'tnew. It's just everybody knows
this stuff.
Well, she starts asking meabout, like, hey. Are you guys
doing or are are we are we doingthis for our clients? Are we
doing that for our clients? I'mlike, yeah. Why why do you ask?
Bryan (02:13):
I don't know. I just learned
Justin (02:14):
it on podcast. I didn't know anything about that. So,
listen. Apparently, there isvalue for the layperson, so
that's good. It was a a littlereassurance that I got from her
this week.
So, you know, we keep doing it,and and hopefully there's
there's benefit in in ourlistening audience. I don't know
about you guys, but there ishuge benefit in it for me
personally. This is a veryselfish endeavor for me.
(02:38):
Alright. Let's do some quickintroductions.
I've been talking a lot, so I'mgonna punt to you, Brian. And
then, Mario, tell us who youare, what you do, and who did
you do it for. Brian.
Bryan (02:47):
Excellent. I'm Brian Lachek with B4 Networks based
out of beautiful Niagara Region,Ontario, Canada. And, we
provide, computer support to,businesses throughout Niagara.
And the way I like to explain isthat, every business tends to
struggle with dealing withtechnology, and there's
headaches that come with havingtechnology. We make those
headaches go
Justin (03:05):
away. Alright. Mario.
Mario (03:08):
Mario Ozaki, CEO of Mastech IT. We are located in
New Jersey right outside, NewYork City. Been in business for
20 years servicing, the tristatearea, and, we help, people do
pretty much similar things. Ifyou have a computer, we'll
protect you and and, give you anoutstanding service while we're
(03:31):
doing it.
Justin (03:32):
And recent winner of better your best nationwide
competition. Mario came outnumber 1. Guys, we are sitting
here in the presence of royalty,Mario.
Bryan (03:41):
Royalty.
Justin (03:42):
Always good to have you here. And Brian as well. Like, I
I can say to you guys closefriends, so I I love being able
to do this. My name, JustinShelley. I'm CEO of Phoenix IT
Advisors, and we do ITconsulting.
We have a a focus on compliancefirst. That's my model. And I'm
gonna talk about why today. SoI'm I'm kind of excited about
(04:04):
today's episode. But, anyways,we do business in the Northern
Texas area, Northern Nevada,Utah, Idaho, with and expanding.
I don't wanna, like, limitmyself, because I do plan to,
like, Pinky and the Brain takeover the world someday.
Bryan (04:19):
Except for except for
Justin (04:20):
our QA area. Except for where Mario and Brian live. You
guys can have your littlecutouts, but everything else is
mine. Goddamn it. Alright.
Guys, we, we had a hell of aweek last or a week, a hell of a
month last month, the month ofOctober, cybersecurity awareness
month, and we went through apretty good series of how to do
(04:41):
this stuff. And and today, Ireally love Mario, kudos to you
for the topic. I wanna pull itall together into if I'm a
business owner, this is not myworld. I don't know anything
about it. How do I really knowI'm protected?
Because while we'll sit here andtell you guys what needs to be
done, do this, this, this, andthis. But by the way, don't do
(05:03):
it yourself. Hire somebodybecause this is not DIY. Right?
We say that all the time.
But if I'm an accountant, forexample, or if I'm an attorney,
how do I actually know that theguy I hire, the company I hired,
the check that I'm writingproperly protects me? So that's
that's what I wanna go in today.Thank you, Mario, for the the
the topic, the actual title ofthe episode, 6 signs your IT
(05:26):
company is leaving you exposed.Take this information, audit
your IT company. Like, make surethat they're really doing what
they tell you they're doing.
Alright. So we are gonna divestraight into this, and, could
be a short episode. We might getlong winded, but we're gonna go
in and we've all, you know,divided it up and we've taken 2
(05:49):
points each that we're gonnadiscuss. And this is, again,
from the perspective, if you'rea business owner, listen closely
because this is what you need tolook for to know that that check
you write every month, which bythe way isn't super cheap. This
is not not a not a Walmartscenario here.
Oh, I'm gonna get sued byWalmart now. Take some notes and
(06:11):
find out, you know, just justuse this as a kind of a
scorecard so you know if you'rebeing properly protected or if
you maybe need to to make achange. So, Mario, you are at
the top of the list. Let's goahead and, kick this off to you.
What should I look for as abusiness owner to know if you're
charging me too much andproviding too little?
Mario (06:33):
Yeah. So the the first my first point was, documentation.
You know? So as an example, likebackup reports, executive
reports, recommendation forimplementation, and doesn't
necessarily need to say mean,you know, it's gonna cost you a
lot more money. You need to buybrand new computers, brand new
servers.
(06:53):
But just that they know that youknow that they are looking over
your your network. You know? Arethey telling you that you're
running a server that's has anoperating system from 2012 or
from, you know, a computer, a PCthat is about 10 years old, that
(07:14):
is not gonna be able to beupgraded to, like, Windows 11,
you know, next year when, youknow, Windows 10 is not going to
be supported anymore. So it it'sstuff like that that it's, you
know, are they actively orproactively checking looking out
for you? You know, it's, notnecessarily something that's
(07:35):
gonna have to cost you money.
You know, most so a lot ofcomputers now, that have Windows
10 can be upgraded to Windows11, and it's a free update right
now. But that's how you know youknow, it it's not it you don't
wanna be with that IT companythat you only call when there's
(07:55):
a problem. You know? Yeah. Inour world, like, no news is good
news, but you have to also letthem know that, listen, this is
what you're paying us for.
This is what we're doing. We,are always gonna give you
recommendations or at least atminimum say, you know, here's a
report letting you know, youknow what? Your shit is, you
(08:16):
know, is is up to par. You know,you're good. You know, there's
if there's anything beyond thisyou want, we can talk about it.
But, you know, we we onboarded aa customer, a few weeks ago, and
they have 3 servers. They're allrunning server 2012. You know,
their, their firewall had, youknow, 3, RDP ports open right
(08:43):
through going right to thedesktops and
Justin (08:46):
So server 2012 is pretty good. Right? Yeah. I mean,
because when I bought this andand again, I'm I'm playing your
business owner that you'retalking to. When I bought my
server, I paid, like, $20,000for it.
It's only been a few years. Soit I mean, are you telling me
that's a problem?
Mario (09:01):
Well, actually, in their situation, their server, their
actual physical server was onlyabout a year old. But what they
kept what they kept doing istaking that virtual servers that
were on there and just transferit over. And they're like, okay.
You're done. Give us $20,000 forthe server.
You know, they didn't actuallykeep up with with that stuff.
(09:23):
Meanwhile, they they the reasonthey came up to us they came to
us is guess what? They got theylost a $150,000 in
Bryan (09:33):
a week.
Mario (09:34):
Oh. And, you know, the IT guys pretty much told them, oh,
no. You're good. I don't it musthave been something you guys
did. We didn't do anythingwrong.
Yikes. You know?
Justin (09:44):
Okay. So two points here. Number 1, business owner
thought they were covered. Theyweren't. They're paying money,
but they don't know what they'regetting for it.
Point number 2, preventable.Right? We talk about this is a
perfect example of somethingthat's completely preventable.
And, Mario, I was trying to Iwas, like, loving you a softball
here, trying to get you to talkabout server 2012. Why is that a
problem?
So I get a report. Right? I'mthe business owner. You send me
(10:06):
a report, server 2012 on theserver that you bought last
year, 20 grand. I'm good.
Mario (10:13):
Yeah. So the reason you're not good is because that
server has been end of life forseveral years now. It's no
longer being supported byMicrosoft. They're not releasing
patches or updates for it. Mostsecurity softwares like, you
know, EDR and the and, you know,like, antiviruses are not
(10:36):
supporting it.
And, even backups backups areare not working great on on
something that is made you know,since 2012, they've came out
with server 2016, which is alsoend of life. They came out with
server 2019, which is gonna beend of life next year, and they
(10:57):
came out with server 2022. Soyou're they're they're, like, 4
or 5 versions back, and it justbeen completely neglected.
Justin (11:06):
Yeah. You
Mario (11:06):
know? So they need to at least, at minimum, tell you,
like, listen. This is whatyou're running. Like, when we
provide executive reports, ittells them right there if
they're running any outdatedoperating systems. You know?
So my point is that they needto, you know like, when we met
with this company, we actuallyasked them, like, where's the
backup reports that you'regetting? Where is any type of
(11:30):
information that they're tellingyou about, you know, you know,
what you need to do? Like, wehaven't received anything in,
you know, x amount of years.
Justin (11:40):
You know? Yeah. I I'm gonna guess that if they're not
getting any reports, they're notgetting the documentation,
they're probably also not havingregular conversations. Is that a
fair fair assumption? Yeah.
Those usually go hand in hand.So okay.
Mario (11:52):
Yeah.
Justin (11:53):
Because and and I'm I'm pressing because trying to put
myself in in the seat of abusiness owner who isn't focused
in technology. I can getdocumentation, but I don't
always know what it means. Andand you're saying it, but I just
wanna emphasize the point thatyou you need to understand this
(12:13):
stuff because I'll be honest, Iget paperwork, and this is a
completely, you know, justunrelated example, from my
insurance company, like healthinsurance. I'll get something in
the mail that says, this is nota bill. Fucking throw it away.
Bryan (12:25):
I you know, like, I
Justin (12:26):
don't know what it says. It's 30 pages of stuff that I
don't understand. So I justthrow it away. I'm I'm they're
gonna duke it out. I don't know.
Right? So
Mario (12:36):
You know what? The thing is and I've had conversations
for years and and and, everyalmost not every time, but a lot
of proposals that we do. Andthey look at, like, what we're
providing and, you know, pricecycle. Oh my god. This is
significantly more than what I'mpaying now.
You know, people sometimes havethat mentality is I'm paying for
(12:58):
help desk. If I can't print, I Iwant to be able to call you.
Okay? Yes. We do do that.
But if it's only we do thatbecause we do all the other
stuff so well that we couldinclude that because we're
confident with what we do. We'rewe know we're gonna do it right.
(13:20):
So you shouldn't have thoseproblems of you can't print, you
can't open this, you you've beenhacked, you know, and stuff like
that. You know, if we do our jobwell, then the help desk part is
very easy. Right.
And they always think that thehelp you know, they're
purchasing a help desk, and helpdesk is trying to sell me a
backup and an antivirus and thatstuff.
Bryan (13:42):
Right. Which
Mario (13:42):
is not what we're selling. We're selling the other
stuff and including the helpdesk.
Bryan (13:47):
Yeah. I always like to say that, if you're calling me
for something that's broken,then it's likely your team is
now taking up their time andeffort, in calling us and having
us resolve the problem.Meanwhile, had we done our jobs
in most cases correctly, we'd beproactively repairing those
(14:09):
things so you don't have to callin the 1st place. And so my sign
of success in in my companyanyway, and I would imagine it's
the same for you guys, is thatthe client hardly ever has to
call anymore. If they hardlyhave to call anymore, then I
know I'm doing my job right.
Justin (14:23):
Yeah. I could honestly, I could go off on this. So
there's a lot of informationhere. We could probably do a
whole up a whole episode onthis. Okay.
So, Mario, documentation,communication, understanding,
just basically knowing what'sgoing on. Right? So, and I think
you had a couple points. Whatelse do I need to look for as a
business owner to know if youare doing your job?
Mario (14:44):
So for my second point is what we say does the back the
back end match the front end.Right? So there's a lot of times
where we are sitting withsomebody for a first time
appointment, and they're tellingus, like, their IT person's
unresponsive. They can't, youknow, they can't reach them or
they can't reach the company, orthey'll open up a ticket and not
(15:06):
hear from anybody at the companyfor a few days. And I wanna say
98% of the time when we hearthat, we realize that the back
end security matches what theyare seeing in the front because
they can't see what's happeningon the back end.
Are they actually doingproactive maintenance? Are they
(15:26):
actually watching the antivirusand, you know, the, stuff like
that? You know? So a lot oftimes, the neglect is also on
the back end. It's not just onthe front end.
You know? They can't keep upwith tickets. If they can't keep
up with tickets, most likelythey can't keep up with the
maintenance and the monitoringand checking the backups and
(15:48):
checking, you know, the updatesand patching this and, you know,
making sure the firewall has thelatest firmware and stuff like
that. You know? And there'stimes where sometimes when we
get busy, we have to kind of,like, shuffle some things around
with some technicians, but, youknow, that usually will happen
for one day.
(16:08):
You know? But, a lot of times wesee the front end and the back
end both matching, and what'sbeing neglected on the front end
is also being neglected on theback end.
Justin (16:21):
So what I'm hearing you say is if, if I don't get fast
response times, which by the wayis the number one reason
somebody will come to me lookingfor new IT service. Right?
That's that's a metric thateverybody knows and understands
and is super obvious. But you'remaking a really solid point
because if that's a problem,there are way that's the tip of
the iceberg. There are waybigger problems that nobody
(16:44):
knows about, which like yousaid, firewall is being updated.
That's like how many times doyou go, evaluate a new
prospective client and theirfirewall's out of date? Like,
almost always. Always. Yeah.Almost always.
Their the firmware's out of dateor it's the subscription's
expired or, you know, like,almost always. Yeah. So, and
(17:04):
it's not just in with outsourcedIT. You look at great big
companies, enterprise, withseemingly endless resources, but
nobody has endless resources.Right?
And so if it's the same thing.If you're working at a large
organization and you don't getgood response times, you don't
get resolution to your problems,There's there's probably,
(17:27):
there's probably other skeletonshiding.
Bryan (17:29):
So Yeah. One one of my favorite, things I've seen in
the past was somebody who wasshowing, you know, the rack in
the server room, and most peopledon't like looking at that. But
it was just like a spaghettidinner. Right? It was just like
cables everywhere.
And, the caption said, if thisis how they treat the things you
can see, what are they doing tothings you can't see?
Mario (17:49):
Exactly.
Bryan (17:50):
Like, this is something that you literally can see
walking in your server room. Isit clean? Is it tidy? Is it
documented? Is it neat andorganized?
And if the answer is no, well,that's what they're doing in
your network as well. That's howthey're treating your servers.
That's how they're treatingsecurity. That's how they're
treating security. That's howthey're treating everything
because if that's what they dowith the things you can see,
what are they doing with thethings you can't?
And, I think there's a bunch ofIT providers who are gonna
(18:11):
listen to this now going, oh,no. I gotta go clean up a whole
lack of service rooms. Exactly.
Justin (18:17):
I'll I'll tell you what I am doing, Brian, and and I
will admit this over and overthat I I primary benefit for me
in doing these podcasts is myown self improvement. And Right.
While I don't have a bunch ofclosets that I feel I need to go
clean up right now, I am gonnaadd this to my internal
standards because we have both,public standards or framework
(18:38):
standards, but then we haveinternal stuff that I do want
this to be inspected on a on aregular basis. So I'm actually
gonna, improve myself 1% as wespeak. So Excellent.
Mario, was that pretty much itfor that one, or did you have
more to, talk? Because I'mdistracted because I'm I'm like
I said, I'm I'm doing my ownshit right now.
Mario (18:56):
No. That's I mean, that's that's about it. Like, you know,
chances are you you it's veryrare. I have never seen, us go
to somebody for the first time,and they say, yeah. Their their
support is excellent.
Every time we talk to them, theyare, picking up right away,
(19:17):
resolving it all within 2minutes, and then their back end
there's no antivirus. There's nobackup, and, you know, stuff is
10 years outdated. They usuallyvery you know, they go hand in
hand. It's very rare wherethey're very good with support,
very good with answeringeverything, very good with
resolving everything, and theneverything shits the bed in the
(19:39):
background. They do that's I'venever seen that.
Usually, it's either they'reboth really good or both really
bad.
Justin (19:47):
It's, it reminds me of our our mutual mentor, Robin
Robins. Mhmm. She frequentlysays, how you do anything is how
you do everything. Exactly. Andthat that's what I'm hearing you
say right now.
Exactly. Yeah. So alright. Goodpoints. These are these are
solid points, Mario.
So Brian, let's go ahead and,pass the ball to you, and let's
(20:09):
see if you can beat Mario's,points in his hand.
Bryan (20:14):
Yeah. I can't say I'm gonna beat them, but I wanna
say, the 2 that I have and
Justin (20:18):
it's competition, but if it were, I'd be winning.
Bryan (20:21):
No. Oh my god.
Justin (20:22):
Well, I
Bryan (20:22):
was gonna say they play off of the ones that Mario Mario
had mentioned. Okay. So whilehe's talked about documentation
and having executive reports andand and backup reports and
things like that, My first oneof what you should do to know
you're absolutely getting whatyou pay for is, take a look at
whether or not you have regularstanding meetings with your IT
(20:44):
provider, either quarterly or orbiannually. The intent is to
have some sort of strategicplanning. Right?
And those type of reportstypically come out during your
strategic planning sessions. Butessentially, if you're doing if
if the MSP is doing it right,then in those sessions, we're
looking at how we can improve 1%better every single day, which,
(21:09):
if you look at it from that way,when I meet with, our clients,
we create a 3 year plan. Here'swhat you've got. This is what
your organization is planning inthe next 3 years. Here's what we
need to do in the next 3 years.
We map it all out, and then wecreate a 1 year, highly detailed
plan and then a 90 day like,what's happening in the next 90
days. And every 90 days, we getback together. We sit down, and
(21:32):
we take a look at what is comingup next. What else do we have to
do to improve? And during thosesessions, that's where you're
starting to talk about thingslike maybe you've gotta put 2
factor authentication in if youdon't already have it.
Maybe we need to upgrade orinstall a new workstation or a
new server. Like, we're alwaystrying to improve and get 1%
better, from the previous month,and that only happens if you
(21:53):
have strategic planningsessions. If you're not having
any kind of strategic planningsessions, how do they know what
your strategic goals are and andhow do they relay their goals as
to what they're going toaccomplish from the IT side with
you if they don't have thosemeetings, those regular
meetings. So, if your MSP offersthose, take them up on it
because that is one of the in myopinion, one of the most
(22:15):
important ways that you canensure that they're doing what
they say they're doing. You canknow you're getting what you pay
for.
Justin (22:21):
And if they don't offer those, you're going to get sued.
Remember Joe Brensman? Mhmm.With the insurance agent. Right?
He talked about this is thesmoking gun. If Yeah. If you get
breached, if, business getsbreached and they don't have a
plan that they're working on,there's likely a class action
lawsuit following on the heelsof that breach. So what you just
described is a get out of jailfree card in the event of an
(22:44):
attack. We don't know.
We're not the terminology, youknow, it gets me. I'm not a
lawyer. Yeah. But if you getattacked and sued, you want to
have that plan in place.
Bryan (22:56):
Right. All the things you have accomplished over the last,
you know, 2, 3 years, and youhave a record of it every 90
days. Here's what our plan was.Here's what we accomplished.
Here's our next 90 day plan.
Here's where we're going for thenext year. You get sued. You can
gather up all that informationand say, we have a plan. We have
a strategic plan. It just takestime to implement all of these
things, and we can't possibly doit all at once.
Justin (23:15):
Yeah. For time and money reasons. Right? We we all have
limited resources. So
Bryan (23:19):
okay. And to touch I guess it kind of relays with
with, a little bit about thesame thing. Like, we talked
about how, if the front enddoesn't match the back end. And
I wanted to add one small thingand that is oftentimes and I've
I've I've met with a lot of ITproviders. I coach a lot of IT
providers.
(23:39):
And in a lot of cases, theirtheir entire team is just
gathered into one big jumbledmess. Right? It's everybody does
everything at all times.
Mario (23:47):
Right.
Bryan (23:47):
So everybody's on the help desk, everybody's doing
on-site support, everybody'sdoing proactive support, which
means that
Justin (23:52):
Nobody is.
Bryan (23:53):
Fires that happen take priority. Yeah. And that means
the proactive falls in thewayside, which leads right up to
what Mario Mario is talkingabout if the front end matches
the back end. If it's donecorrectly, there's segregation
of roles and responsibilities,and maybe somebody's responsible
for the proactive side at theorganization at the MSP, and
maybe somebody's responsible forthe help desk, and and one other
(24:14):
person's responsible forprojects, and so on and so
forth. And so if there'ssegregation of duties and
responsibilities, you're prettycomfortable knowing that the MSP
has, they're a little moremature in the sense that not
everybody is a jack of alltrades.
You've got specializationhappening, and you've got
prioritization happening in eachone of those different roles and
responsibilities. So I justwanted to add that in there.
Justin (24:34):
Yeah. Well, let me play on that as well because there
are cases where, you know, we dohave to wear multiple hats in
Mhmm. That's just life. Right?So if if there can't be
segregation in people like afull in FTA, full time
equivalent employee, and youhave to divide your attention,
(24:55):
then and I and you may havealready mentioned this, but,
like, that's where metrics comeinto play.
I am a huge EOS fan, and you'vegotta have that weekly scorecard
where you're looking at, youknow, as a business owner, you
better know what are the signsthat you're, not safe, not
secure, and have that number infront of you all the time.
Bryan (25:13):
Yeah. I I and when I talk about segregation of roles and
responsibilities, it doesn'tnecessarily mean that that
person only does that. I'll giveyou an example. When I first
started growing my team, I hadpeople working the help desk.
They were doing on-site support,and they were doing deployments,
and it was just like all thesame people doing all 3.
And of course, fires wouldhappen and the deployments never
(25:35):
happened. The on sites wouldhappen because those were
priority. There were fires. Helpdesk people would but, like,
people calling in would gettheir calls answered because
nobody likes a ring phoneringing. But the deployments of
new workstations is, like, wewere weeks behind.
Mhmm. And all I changed was tosay we had, like, 3 or 4 staff
at the time. It says yourprimary responsibility is help
desk. If there's a help deskcall coming in, that's you. Your
(25:59):
primary responsibility is isdesktops and getting the
desktops deployed.
And if there's a deployment tobe done, that's you. And then I
went to the 3rd person, ifthere's an on-site to be had,
that's you. Otherwise, if thereisn't, you can go and help
everybody else. But now you havea priority, and all of a sudden,
boom, deploys were going out,help desk was being answered, on
sites were were taking place,and everybody everything was
(26:19):
running smooth. And it all theonly change was is that I I let
everybody know what theirprimary responsibility was even
if they were they weremultitasking, and that seemed to
have worked really, really well.
Mario (26:29):
I like that.
Justin (26:29):
I mean, in a higher level, what you did is you put a
system in place and you put someaccountability in place, right?
Bryan (26:35):
Correct. Yep. Yeah. If everybody's responsible,
nobody's responsible.
Justin (26:40):
Yeah. And you know, where in the IT world, this is
I've heard it referred to as thereactive spiral of death. If if
all you're doing is fightingfires, then that is literally
all you will ever do or all youever can have the capacity. You
just keep throwing more peopleat it as you grow. But until you
stop and put some systems inplace, some accountability
(27:01):
around it, you're just gonnakeep fighting the same fires,
and the fires get bigger,unfortunately.
So Yep.
Bryan (27:07):
Okay. So beyond that, the the other one I was struggling
between 2 2 of them for mysecond one, and I think I'm
gonna go with, having a thirdparty vulnerability scan. And
and I say that because as muchas you wanna trust the person
who's handling your IT, secondopinion is always a good thing
to have. Now good managedservice providers will have a
(27:31):
third party that they work withthat they will get them to run a
vulnerability scan separate andthen bring that report unchanged
to you. If you don't have that,then you could contract a second
MSP or second IT provider togive you, like, a biannual or a
quarterly, vulnerability scan.
But the idea is have a a thirdparty vulnerability scan in one
way, shape, or form, and thatwill give an unbiased, report as
(27:57):
to where they're at from asecurity point of view. And I I
went with this one because theother one was metrics. But being
that with this security podcast,I felt like the 3rd party
vulnerability scan made moresense to know you're getting
what you're paying for. Havethat second vulnerability scan
done or that third partyvulnerability scan done, at
least quarterly, I'd say. And,it doesn't like I said, you
could use your current ITprovider as long as they're
(28:17):
dealing with a 3rd party, or youcan contract your own third
party to just look over theshoulder.
I like to use the what is thephrase? The not having the fox
wash the hen house. Right? Yeah.So Yeah.
Justin (28:32):
Alright. I guess that, does that put me on deck here?
Bryan (28:37):
Puts you on deck, sir.
Justin (28:38):
Not on deck or at the okay. So again, Mario, I I love
that when you first I've I'vegot to admit, when you first
threw this topic out, I'm like,ah, this just sounds like a
shameless self promotion. Butthen the more I got into this,
the more passionate I becameabout it because here's here's
the reality. Yes, of course, Iwant everybody to do business
(28:59):
with me. In fact, here's here'swhat I was gonna say was, top 6
ways to know your IT company isleaving you, exposed.
Number 1, look at the invoice.Does it say Phoenix IT Advisors?
If not, you're being exposed.But then I like that wouldn't be
very fair to you guys. So, thenI'm like, okay.
Well, I'll just put off somefine print. We can also include
b 4 Networks. We can includeNasdaq. But, okay. So so jokes
(29:24):
aside, in, I mean, and and thisis just straight up me being who
I am.
My my number one company corevalue is we take care of our
own. I have a genuine interestin the people I I associate
with. If if I've got a clientwho gets hit, that's personal to
(29:46):
me. I lose sleep over this. I,like, I have bad dreams about
it.
I wake up in cold sweats. I'mlike, oh, shit. Did this happen?
Did that happen? So it's it'snot just that I want to grow my
business, which I do, but Igenuinely want businesses to be
protected.
I really want this to besomething that you can take, to
(30:09):
your IT company and and staywith them. I don't care. Stay
with them. But make sure thatyou are getting what you pay
for. Make sure that you are areproperly protected.
And for me, a key part of thatis that we are all on the same
page. We have agreed uponstandards because we talk week
after week about these industrystandards, best practices,
whatever. Okay. So with thatbackground, I'm scrolling Reddit
(30:32):
as I love to do in my sparetime, and and I came upon this
post. So I'm gonna I'm gonnaread this word for word.
And this is from an IT provider,an IT company, the owner of a
business. A prospect asked for alist of the, quote, best
practices I would be applying.This got me laughing. Like, the
(30:55):
fuck you're okay. Then thinking.
So this got me laughing, thenthinking, where do I get my best
practices from? What are they?This has been bothering me as I
start with my coffee. 30 plusyears of experience in the
industry, and I doubt my listand your list are the same.
Though they should have overlapif they're truly best practices.
(31:18):
Right? Time to dissect this oneand look at the policies in my
RMM for my own comfort. It'sbeen a while since I compared
these. So many things I wannasay about this, guys. Number 1,
RMM.
Are you shitting me right now?That's where you're getting your
best practices from, your RMM.Are we even talking the same
language here? Brian, what's anRMM?
Bryan (31:40):
Remote monitoring and management system. It's
essentially the tool we use toconnect to your computers,
manage your computers, push outupdates, scripts, but there's no
policies. There's no bestpractice.
Justin (31:50):
Oh, dear.
Bryan (31:51):
No. It's it's whatever we program in.
Justin (31:53):
And maybe that's what he's talking about to check what
he's programming. I don't know.But I'll tell you what, 30 years
in this industry, and he'sscratching his head and he's
like, I don't know what are mystandards. Jesus Christ.
Bryan (32:05):
I'm not entirely surprised, though, Justin,
honestly. Right? Like, you haveto remember, our industry is
unregulated. We don't have, youknow, a fairy, you know, like a
an association ferry that says,here's what you should do, and
here's how you should do it.Right?
Like, accountants are regulated.Plumbers are regulated. Hair
dressing companies areregulated. They like, here's
(32:26):
what you have to do and how youhave to do it. IT, not a chance.
Justin (32:30):
I mean, we're not really that important. We don't impact
national security. We don't keepbusinesses alive. We don't, you
know, we really why would we beregulated? It doesn't Yeah.
It doesn't make sense.
Bryan (32:41):
No. We have we have organizations that put out
standard practices, but there'sno agreed upon standard. And
that's For me that's
Justin (32:49):
the core. To market myself as an IT provider, as a
cybersecurity expert, I don'thave to do anything.
Mario (32:57):
That's true.
Justin (32:58):
I can't do that as a
Bryan (32:59):
as a law. As a business in your local area. Yeah. That's
pretty much it.
Mario (33:04):
The closest to some regulations that I see is stuff
that cybersecurity insurancecompanies are requiring. And
even them, you know, you check 3different ones, they have 3
different things that they'rerequiring. You know? Yeah. But
that's the closest to and theand and the
Justin (33:23):
whole thing regulation.
Mario (33:24):
And it's not regulation. I'm saying this is, like, the
closest Yeah. And that's noteven you know, cybersecurity
insurance is opt technicallyoptional. You know? Like, it's
you don't even need to do any ofthat stuff, but that's the
closest to what I see.
Bryan (33:40):
Mhmm.
Justin (33:40):
So this is horrifying to me if I'm putting myself in the
the shoes of a business owner.If a 30 year veteran IT company
doesn't know what his bestpractices and his security
standards are, how in the helldo I as a as a business owner
vet this guy? Right. So thatthat was terrifying. And then
okay.
(34:00):
So the the very first commentand you guys know how Reddit
works. Right? The top comment isthe one that's been upvoted the
most, and this is in a forum ofIT company owners. And the most
updated or upvoted comment was,are you guys ready for it?
Uh-oh.
You don't tell them inspecifics. That was his advice
(34:22):
because a prospect saying, whatare your standards? And the most
updated upvoted comment from ITcompanies is, don't tell them.
Oh my god. Are you shitting me?
Mario (34:34):
Oh, man.
Justin (34:35):
Guys, this is our industry. This is our industry.
Okay. So number one point for mein how do you know if your IT
company is leaving you exposedis they post on Reddit that they
don't know what the fuck they'redoing. And you'll never know who
it is because it's allanonymous.
But we can at least here, let'slet's do this. Let's make it
(34:57):
easy. We have an agreed upon setof standards. Okay? So this kind
of wraps up what you guys havealready been talking about.
But if I've got propercommunications, if we're having
meetings and we have a plan,that should be based on a
meeting where we start off with,hey, business owner. These are
the standards that we use, andby the way, very transparent.
Here they are. You wanna readthrough them all? We can sit
(35:18):
here for 5 hours.
We'll go through every singleone, and I will tell you what
they all mean and why they'reimportant. I will do that. But
if we don't wanna do that, let'sat least agree on what you want
as a business, you know, whatwhat's your risk aversion, what
what are you regulated? BecauseI'm not as an IT company, but
(35:40):
you might be. So we're gonnawe're gonna set these standards.
We're gonna agree on them in thein the beginning. And then just
like you said, Brian, we'regonna go, quarter by quarter,
and we're gonna start knockingthese out. We can't start. We're
not gonna hit everything all atonce, but we're gonna take the
most important things. Let'slet's make sure that firewall is
updated.
Let's make sure your, server2012 is decommissioned and
(36:02):
upgraded to something that'scurrently being supported.
Mario (36:05):
2 f a.
Justin (36:05):
You know? And then yeah, 2FA. Let's let's just take these
basics, and we'll start withthat in quarter 1. And then
quarter 2, we're gonna sit downand have that conversation too.
This is, by the way, misterbusiness owner, what I recommend
we do for quarter 2.
Does that match with what youwant as a company? And if you're
regulated, we're gonna bring inframeworks into it, which I like
to do anyways. CIS is a greatone. Mhmm. There's a bunch,
(36:29):
NIST, PCI, HIPAA, CMMC.
I mean, there's a lot of overlaphere, but what I really want is
the the biggest bang for thebuck. Right? How do we just get,
know that we have the basics? Wecan report on it. We can run
metrics on it.
We can, hold ourselvesaccountable. And then and then
we just I I mean, Brian, I'mgonna steal from you. Right? We
(36:50):
just get 1% better, and I don'tknow that it's I'd like to think
it's a little bit more than 1%every quarter, but we do what I
call maturity levels. And sowe're gonna start with the
basics, and then each quarter,we're gonna plan, okay, next
step, next step, next step.
So my that was and I've I'vekinda jumbled these up because I
had number 1 was agreed uponstandards, and number 2 was
(37:14):
company goals. So I'm gonna I'mgonna come back to that. And I'm
just gonna say, dear misterbusiness owner or missus
business owner or whateverpronouns you choose to use, if
you and your IT provider do nothave clear communication and
consensus regardingcybersecurity, run, get out
(37:36):
immediately, and and don't wait.So so those are my 2. Have and,
like, guys, I think we could wecould merge a lot of these
together.
We've talked about similarthings with a different spin on
it. But, you know, if I just hadto sum it all up, we've gotta
have good communication. We'vegotta have good meetings. We've
gotta have a plan in place. Andthen do not, do business with
(37:57):
this guy on Reddit who after 30years has no idea what his
standards are, and he's gonna golook at his RMM and see if he
can figure it out.
Jesus Christ. Okay. Okay. I'mgonna I'm gonna try to get my
blood pressure back down overhere. I think I think we've
kinda hit what we need to hittoday.
(38:18):
So we're gonna we're gonna moveto wrap up. Do you guys have any
thoughts on on, my little rantthere?
Mario (38:24):
No. I love
Bryan (38:24):
Yeah. The only thing yeah. The only thing I would
wanna add, Justin, is, when wetalk about 1%, it's not always
about just improving thingsthat, you know, like, I'm not
I'm looking to improve all thetime, of course. But when you
you know you're getting whatyou're paying for, if the MSP or
you're the person you're dealingwith has made an error and they
admit that they made an errorand they work towards correcting
(38:45):
that error, having the the thethe faith in your own ability to
say, you know what? Yeah.
I messed up here. I I I youknow, we could have done better
in this capacity or in thatlike, here's what we're going to
do to improve it and anacknowledgment that things went
awry, but that we can we cancourse correct. That takes a lot
of maturity in an MSP to be ableto admit when you've made a
(39:08):
mistake and just move forwardand and and figure out how
you're gonna make it better fornext time. That in of its own
shows that that MSP has thatgrowth mentality and that
improvement mentality versussomebody who's like, yeah. No.
We didn't do anything wrong. Itwas on your end. You you did
this and you did that. Right?It's a collaborative.
It's a shared experience. It's ashared model. We both have to
figure out how we can get betterat things. So
Justin (39:30):
No. I absolutely love that. That, that's actually our
one of our company core values.I I'm really big on core values
right now because, for forreasons, just stuff I'm working
through, but, only outcome isone of ours. You know, I don't I
don't care.
I don't expect to be perfect,but goddamn it. If if something
goes sideways, let's talk aboutit and work through it so that
it doesn't keep happening.Right. So that that's huge. I
(39:52):
love that.
Mario, I think you were gonnatry to say something. I cut you
off.
Mario (39:54):
No. No. It's fine. What I was saying is to add on to to
that what you guys are sayingtoo. It's like, you know, you're
improving and even if it's 1%better, You still have a you
have to have a decentfoundation.
You know? You you can't bestarting from 0 and then go to
1% and 2%. You you have to have,you know, some of those
foundations in place that willautomatically bring you, you
(40:16):
know, at a higher level. Youneed to automatically start with
2FA. You need to start with areal backup.
You know? Certain things likethat, you need that has to be
the foundation of of everything.You know? If you if the if
you're not currently getting anyof that, then you really have no
foundation and you know, or avery weak foundation. And a weak
(40:39):
foundation, anything is gonnacollapse.
It's a matter of time where itjust collapses. So, you know,
you need to have a solid baseand build upon that. Get 1, 2%
better, you know, you know, inin, you know, improving on this,
adding this, you know, stufflike that. That's that's what
(40:59):
what I think, you know, a a realpartner, you know, not
necessarily a customer or avendor. A a partner needs to
have back and forth anddiscussions about
Justin (41:13):
Alright. Guys, listen. I, I think I've said more than I
needed to already. So, again,dear mister business owner,
missus business owner, this ishugely important, and and it's a
little bit risky because aswe've said and we've, today and
we've said before, the ITworld's unregulated and that's
(41:36):
just a terrible position that itputs a lot of people in. So if
if your gut's telling youhonestly, if you're listening to
this episode with questions orconcerns, that's probably all
you really need to know.
If, if you even have to ask, ifyou even have to question,
(41:57):
probably it's time to make amove. So, guys, let's let's wrap
up. If you have any finalthoughts, key takeaways, or just
a quick sign off, we'll go aheadand do those quick, and then
we're gonna pull the plug andstart prepping feverishly for
next week's episode. Mario, goahead and take it away.
Mario (42:16):
I mean, I I know you're gonna say this anyway, and, you
know, just like every week, weoffer our our assessment, you
know, but I think this week, itfits best, you know, you know,
just like what you said. If youhave any doubts, you know, reach
out to us. You know? We will beable to tell you. Like, you
know, we have our ownchecklists, and we say, this is
(42:39):
what you should be getting.
This is what you have, or thisis what you don't have. You
know? So if you're not sure,reach out to us and, you know,
any of us 3, and we will sitthere and tell you if if this is
what you're, you know, you havethe foundation. Is your
foundation, you know, steady ornot? You know?
(42:59):
Or could it collapse at anytime? You know? Again, no
obligation.
Justin (43:04):
Yep. Brian? Well,
Bryan (43:09):
for me, it is the encouragement of or my my what
I'm trying to accomplish isencourage business owners to
start the journey. If you'redon't currently have anything in
place for cybersecurity and orIT, start the journey, make the
phone call, meet with 1 of us,have us do an assessment, and
we'll give you basically arecipe book on the things that
you can do even if you decidenot to partner with us. Here's
(43:31):
the 4 or 5 things you can doright now to include your or to
improve your posture whereyou're at now. And if you do
wanna work with us, great. We'llstart the journey together.
Where you're at now. And if youdo wanna work with us, great.
We'll start the journeytogether. I will be your guide.
You will be the hero in thestory, and I will make sure that
we get you from point a to pointb as quickly and safely as
possible.
Justin (43:47):
Nice little story brand plug there. Love it. Alright.
Thank you, guys. Always apleasure.
I'm I'm gonna sign off with justone thought, which is, hire,
slow, fire, fast. Right? This iscommon, conventional wisdom in
the HR world. If you even think,if your check engine lights on,
(44:11):
if your spidey senses aretingling, you know something's
off a little bit, start thatprocess now so that you can
slowly work through and vet agood IT company. And then if
things are bad and you knowthey're bad, you've gotta pull
the ripcord and you've gotta getout of there, because if you get
hit, like we've said before, youcannot get unhacked.
So with that, we are gonna signoff, guys. Visit us at
(44:33):
unhacked.live for all of oursocial media links, all of our
episode recordings. You cansubscribe on pot Spotify
Spotify, Apple Podcasts, andwherever the hell else you
listen to podcast. With that,guys, I'm gonna say goodbye.
We'll see you next week.
Brian, Mario, thanks for being
Mario (44:50):
here. Take care, guys. Take care.
Welcome everybody to episode 35 of unhacked. Guys, I
said every week, unhacked, it'skind of an intentional misnomer.
We we lead people in thinking,hey. If you if you get hit by
the Russians, just talk to us.We'll fix it all.
We'll put you right back to theway it used to be. Have have you
guys ever seen that happenactually in reality, somebody
(00:37):
truly getting unhacked? No. No.Me neither.
The damage is bad. It's longlasting, and sometimes it's,
terminal. We don't like to talkabout that, but, we are here
really to prevent it. We're hereto make sure people do not get
hacked in the 1st place becausethat's really the only way you
can get unhacked is to just, youknow, never go there. We we
(00:58):
believe in best practices andstandards, and we're gonna talk
a little bit about that today.
We talk about it pretty muchevery week, but, you know, it's
a firm belief that 97% of thebreaches that we hear about,
that we know about, that weinvestigate or deal with in any
way, shape, or form could havebeen prevented almost always.
Bryan (01:13):
Right.
Justin (01:14):
You've got that little bit of a gap, the 3%. There's
always the you know, if ifyou've got a big enough target,
if somebody wants in bad enough,they're going to get through,
and that's where policies,procedures, and insurance come
into play. So, that's what thisapp or what this podcast is all
about week after week. We'rejust here to empower business
owners, because listen, we'reall overworked. We're
overwhelmed.
(01:34):
This is one thing that we don'treally wanna have to deal with,
but I mean, this this can belife or death. So, real quick
funny story. So I've got, I gotmy good friend, Liana, who goes
back and and listens to allthese episodes, and she pulls
clips out. Right? I've told youguys about that.
Bryan (01:51):
We we
Justin (01:51):
push that out to social media. And it's hard because as
an IT guide, like, I don't knowabout you guys, but I get kinda
bored with this stuff because wedo it all day every day. We talk
about it. It's like, this isn'tnew. It's just everybody knows
this stuff.
Well, she starts asking meabout, like, hey. Are you guys
doing or are are we are we doingthis for our clients? Are we
doing that for our clients? I'mlike, yeah. Why why do you ask?
Bryan (02:13):
I don't know. I just learned
Justin (02:14):
it on podcast. I didn't know anything about that. So,
listen. Apparently, there isvalue for the layperson, so
that's good. It was a a littlereassurance that I got from her
this week.
So, you know, we keep doing it,and and hopefully there's
there's benefit in in ourlistening audience. I don't know
about you guys, but there ishuge benefit in it for me
personally. This is a veryselfish endeavor for me.
(02:38):
Alright. Let's do some quickintroductions.
I've been talking a lot, so I'mgonna punt to you, Brian. And
then, Mario, tell us who youare, what you do, and who did
you do it for. Brian.
Bryan (02:47):
Excellent. I'm Brian Lachek with B4 Networks based
out of beautiful Niagara Region,Ontario, Canada. And, we
provide, computer support to,businesses throughout Niagara.
And the way I like to explain isthat, every business tends to
struggle with dealing withtechnology, and there's
headaches that come with havingtechnology. We make those
headaches go
Justin (03:05):
away. Alright. Mario.
Mario (03:08):
Mario Ozaki, CEO of Mastech IT. We are located in
New Jersey right outside, NewYork City. Been in business for
20 years servicing, the tristatearea, and, we help, people do
pretty much similar things. Ifyou have a computer, we'll
protect you and and, give you anoutstanding service while we're
(03:31):
doing it.
Justin (03:32):
And recent winner of better your best nationwide
competition. Mario came outnumber 1. Guys, we are sitting
here in the presence of royalty,Mario.
Bryan (03:41):
Royalty.
Justin (03:42):
Always good to have you here. And Brian as well. Like, I
I can say to you guys closefriends, so I I love being able
to do this. My name, JustinShelley. I'm CEO of Phoenix IT
Advisors, and we do ITconsulting.
We have a a focus on compliancefirst. That's my model. And I'm
gonna talk about why today. SoI'm I'm kind of excited about
(04:04):
today's episode. But, anyways,we do business in the Northern
Texas area, Northern Nevada,Utah, Idaho, with and expanding.
I don't wanna, like, limitmyself, because I do plan to,
like, Pinky and the Brain takeover the world someday.
Bryan (04:19):
Except for except for
Justin (04:20):
our QA area. Except for where Mario and Brian live. You
guys can have your littlecutouts, but everything else is
mine. Goddamn it. Alright.
Guys, we, we had a hell of aweek last or a week, a hell of a
month last month, the month ofOctober, cybersecurity awareness
month, and we went through apretty good series of how to do
(04:41):
this stuff. And and today, Ireally love Mario, kudos to you
for the topic. I wanna pull itall together into if I'm a
business owner, this is not myworld. I don't know anything
about it. How do I really knowI'm protected?
Because while we'll sit here andtell you guys what needs to be
done, do this, this, this, andthis. But by the way, don't do
(05:03):
it yourself. Hire somebodybecause this is not DIY. Right?
We say that all the time.
But if I'm an accountant, forexample, or if I'm an attorney,
how do I actually know that theguy I hire, the company I hired,
the check that I'm writingproperly protects me? So that's
that's what I wanna go in today.Thank you, Mario, for the the
the topic, the actual title ofthe episode, 6 signs your IT
(05:26):
company is leaving you exposed.Take this information, audit
your IT company. Like, make surethat they're really doing what
they tell you they're doing.
Alright. So we are gonna divestraight into this, and, could
be a short episode. We might getlong winded, but we're gonna go
in and we've all, you know,divided it up and we've taken 2
(05:49):
points each that we're gonnadiscuss. And this is, again,
from the perspective, if you'rea business owner, listen closely
because this is what you need tolook for to know that that check
you write every month, which bythe way isn't super cheap. This
is not not a not a Walmartscenario here.
Oh, I'm gonna get sued byWalmart now. Take some notes and
(06:11):
find out, you know, just justuse this as a kind of a
scorecard so you know if you'rebeing properly protected or if
you maybe need to to make achange. So, Mario, you are at
the top of the list. Let's goahead and, kick this off to you.
What should I look for as abusiness owner to know if you're
charging me too much andproviding too little?
Mario (06:33):
Yeah. So the the first my first point was, documentation.
You know? So as an example, likebackup reports, executive
reports, recommendation forimplementation, and doesn't
necessarily need to say mean,you know, it's gonna cost you a
lot more money. You need to buybrand new computers, brand new
servers.
(06:53):
But just that they know that youknow that they are looking over
your your network. You know? Arethey telling you that you're
running a server that's has anoperating system from 2012 or
from, you know, a computer, a PCthat is about 10 years old, that
(07:14):
is not gonna be able to beupgraded to, like, Windows 11,
you know, next year when, youknow, Windows 10 is not going to
be supported anymore. So it it'sstuff like that that it's, you
know, are they actively orproactively checking looking out
for you? You know, it's, notnecessarily something that's
(07:35):
gonna have to cost you money.
You know, most so a lot ofcomputers now, that have Windows
10 can be upgraded to Windows11, and it's a free update right
now. But that's how you know youknow, it it's not it you don't
wanna be with that IT companythat you only call when there's
(07:55):
a problem. You know? Yeah. Inour world, like, no news is good
news, but you have to also letthem know that, listen, this is
what you're paying us for.
This is what we're doing. We,are always gonna give you
recommendations or at least atminimum say, you know, here's a
report letting you know, youknow what? Your shit is, you
(08:16):
know, is is up to par. You know,you're good. You know, there's
if there's anything beyond thisyou want, we can talk about it.
But, you know, we we onboarded aa customer, a few weeks ago, and
they have 3 servers. They're allrunning server 2012. You know,
their, their firewall had, youknow, 3, RDP ports open right
(08:43):
through going right to thedesktops and
Justin (08:46):
So server 2012 is pretty good. Right? Yeah. I mean,
because when I bought this andand again, I'm I'm playing your
business owner that you'retalking to. When I bought my
server, I paid, like, $20,000for it.
It's only been a few years. Soit I mean, are you telling me
that's a problem?
Mario (09:01):
Well, actually, in their situation, their server, their
actual physical server was onlyabout a year old. But what they
kept what they kept doing istaking that virtual servers that
were on there and just transferit over. And they're like, okay.
You're done. Give us $20,000 forthe server.
You know, they didn't actuallykeep up with with that stuff.
(09:23):
Meanwhile, they they the reasonthey came up to us they came to
us is guess what? They got theylost a $150,000 in
Bryan (09:33):
a week.
Mario (09:34):
Oh. And, you know, the IT guys pretty much told them, oh,
no. You're good. I don't it musthave been something you guys
did. We didn't do anythingwrong.
Yikes. You know?
Justin (09:44):
Okay. So two points here. Number 1, business owner
thought they were covered. Theyweren't. They're paying money,
but they don't know what they'regetting for it.
Point number 2, preventable.Right? We talk about this is a
perfect example of somethingthat's completely preventable.
And, Mario, I was trying to Iwas, like, loving you a softball
here, trying to get you to talkabout server 2012. Why is that a
problem?
So I get a report. Right? I'mthe business owner. You send me
(10:06):
a report, server 2012 on theserver that you bought last
year, 20 grand. I'm good.
Mario (10:13):
Yeah. So the reason you're not good is because that
server has been end of life forseveral years now. It's no
longer being supported byMicrosoft. They're not releasing
patches or updates for it. Mostsecurity softwares like, you
know, EDR and the and, you know,like, antiviruses are not
(10:36):
supporting it.
And, even backups backups areare not working great on on
something that is made you know,since 2012, they've came out
with server 2016, which is alsoend of life. They came out with
server 2019, which is gonna beend of life next year, and they
(10:57):
came out with server 2022. Soyou're they're they're, like, 4
or 5 versions back, and it justbeen completely neglected.
Justin (11:06):
Yeah. You
Mario (11:06):
know? So they need to at least, at minimum, tell you,
like, listen. This is whatyou're running. Like, when we
provide executive reports, ittells them right there if
they're running any outdatedoperating systems. You know?
So my point is that they needto, you know like, when we met
with this company, we actuallyasked them, like, where's the
backup reports that you'regetting? Where is any type of
(11:30):
information that they're tellingyou about, you know, you know,
what you need to do? Like, wehaven't received anything in,
you know, x amount of years.
Justin (11:40):
You know? Yeah. I I'm gonna guess that if they're not
getting any reports, they're notgetting the documentation,
they're probably also not havingregular conversations. Is that a
fair fair assumption? Yeah.
Those usually go hand in hand.So okay.
Mario (11:52):
Yeah.
Justin (11:53):
Because and and I'm I'm pressing because trying to put
myself in in the seat of abusiness owner who isn't focused
in technology. I can getdocumentation, but I don't
always know what it means. Andand you're saying it, but I just
wanna emphasize the point thatyou you need to understand this
(12:13):
stuff because I'll be honest, Iget paperwork, and this is a
completely, you know, justunrelated example, from my
insurance company, like healthinsurance. I'll get something in
the mail that says, this is nota bill. Fucking throw it away.
Bryan (12:25):
I you know, like, I
Justin (12:26):
don't know what it says. It's 30 pages of stuff that I
don't understand. So I justthrow it away. I'm I'm they're
gonna duke it out. I don't know.
Right? So
Mario (12:36):
You know what? The thing is and I've had conversations
for years and and and, everyalmost not every time, but a lot
of proposals that we do. Andthey look at, like, what we're
providing and, you know, pricecycle. Oh my god. This is
significantly more than what I'mpaying now.
You know, people sometimes havethat mentality is I'm paying for
(12:58):
help desk. If I can't print, I Iwant to be able to call you.
Okay? Yes. We do do that.
But if it's only we do thatbecause we do all the other
stuff so well that we couldinclude that because we're
confident with what we do. We'rewe know we're gonna do it right.
(13:20):
So you shouldn't have thoseproblems of you can't print, you
can't open this, you you've beenhacked, you know, and stuff like
that. You know, if we do our jobwell, then the help desk part is
very easy. Right.
And they always think that thehelp you know, they're
purchasing a help desk, and helpdesk is trying to sell me a
backup and an antivirus and thatstuff.
Bryan (13:42):
Right. Which
Mario (13:42):
is not what we're selling. We're selling the other
stuff and including the helpdesk.
Bryan (13:47):
Yeah. I always like to say that, if you're calling me
for something that's broken,then it's likely your team is
now taking up their time andeffort, in calling us and having
us resolve the problem.Meanwhile, had we done our jobs
in most cases correctly, we'd beproactively repairing those
(14:09):
things so you don't have to callin the 1st place. And so my sign
of success in in my companyanyway, and I would imagine it's
the same for you guys, is thatthe client hardly ever has to
call anymore. If they hardlyhave to call anymore, then I
know I'm doing my job right.
Justin (14:23):
Yeah. I could honestly, I could go off on this. So
there's a lot of informationhere. We could probably do a
whole up a whole episode onthis. Okay.
So, Mario, documentation,communication, understanding,
just basically knowing what'sgoing on. Right? So, and I think
you had a couple points. Whatelse do I need to look for as a
business owner to know if youare doing your job?
Mario (14:44):
So for my second point is what we say does the back the
back end match the front end.Right? So there's a lot of times
where we are sitting withsomebody for a first time
appointment, and they're tellingus, like, their IT person's
unresponsive. They can't, youknow, they can't reach them or
they can't reach the company, orthey'll open up a ticket and not
(15:06):
hear from anybody at the companyfor a few days. And I wanna say
98% of the time when we hearthat, we realize that the back
end security matches what theyare seeing in the front because
they can't see what's happeningon the back end.
Are they actually doingproactive maintenance? Are they
(15:26):
actually watching the antivirusand, you know, the, stuff like
that? You know? So a lot oftimes, the neglect is also on
the back end. It's not just onthe front end.
You know? They can't keep upwith tickets. If they can't keep
up with tickets, most likelythey can't keep up with the
maintenance and the monitoringand checking the backups and
(15:48):
checking, you know, the updatesand patching this and, you know,
making sure the firewall has thelatest firmware and stuff like
that. You know? And there'stimes where sometimes when we
get busy, we have to kind of,like, shuffle some things around
with some technicians, but, youknow, that usually will happen
for one day.
(16:08):
You know? But, a lot of times wesee the front end and the back
end both matching, and what'sbeing neglected on the front end
is also being neglected on theback end.
Justin (16:21):
So what I'm hearing you say is if, if I don't get fast
response times, which by the wayis the number one reason
somebody will come to me lookingfor new IT service. Right?
That's that's a metric thateverybody knows and understands
and is super obvious. But you'remaking a really solid point
because if that's a problem,there are way that's the tip of
the iceberg. There are waybigger problems that nobody
(16:44):
knows about, which like yousaid, firewall is being updated.
That's like how many times doyou go, evaluate a new
prospective client and theirfirewall's out of date? Like,
almost always. Always. Yeah.Almost always.
Their the firmware's out of dateor it's the subscription's
expired or, you know, like,almost always. Yeah. So, and
(17:04):
it's not just in with outsourcedIT. You look at great big
companies, enterprise, withseemingly endless resources, but
nobody has endless resources.Right?
And so if it's the same thing.If you're working at a large
organization and you don't getgood response times, you don't
get resolution to your problems,There's there's probably,
(17:27):
there's probably other skeletonshiding.
Bryan (17:29):
So Yeah. One one of my favorite, things I've seen in
the past was somebody who wasshowing, you know, the rack in
the server room, and most peopledon't like looking at that. But
it was just like a spaghettidinner. Right? It was just like
cables everywhere.
And, the caption said, if thisis how they treat the things you
can see, what are they doing tothings you can't see?
Mario (17:49):
Exactly.
Bryan (17:50):
Like, this is something that you literally can see
walking in your server room. Isit clean? Is it tidy? Is it
documented? Is it neat andorganized?
And if the answer is no, well,that's what they're doing in
your network as well. That's howthey're treating your servers.
That's how they're treatingsecurity. That's how they're
treating security. That's howthey're treating everything
because if that's what they dowith the things you can see,
what are they doing with thethings you can't?
And, I think there's a bunch ofIT providers who are gonna
(18:11):
listen to this now going, oh,no. I gotta go clean up a whole
lack of service rooms. Exactly.
Justin (18:17):
I'll I'll tell you what I am doing, Brian, and and I
will admit this over and overthat I I primary benefit for me
in doing these podcasts is myown self improvement. And Right.
While I don't have a bunch ofclosets that I feel I need to go
clean up right now, I am gonnaadd this to my internal
standards because we have both,public standards or framework
(18:38):
standards, but then we haveinternal stuff that I do want
this to be inspected on a on aregular basis. So I'm actually
gonna, improve myself 1% as wespeak. So Excellent.
Mario, was that pretty much itfor that one, or did you have
more to, talk? Because I'mdistracted because I'm I'm like
I said, I'm I'm doing my ownshit right now.
Mario (18:56):
No. That's I mean, that's that's about it. Like, you know,
chances are you you it's veryrare. I have never seen, us go
to somebody for the first time,and they say, yeah. Their their
support is excellent.
Every time we talk to them, theyare, picking up right away,
(19:17):
resolving it all within 2minutes, and then their back end
there's no antivirus. There's nobackup, and, you know, stuff is
10 years outdated. They usuallyvery you know, they go hand in
hand. It's very rare wherethey're very good with support,
very good with answeringeverything, very good with
resolving everything, and theneverything shits the bed in the
(19:39):
background. They do that's I'venever seen that.
Usually, it's either they'reboth really good or both really
bad.
Justin (19:47):
It's, it reminds me of our our mutual mentor, Robin
Robins. Mhmm. She frequentlysays, how you do anything is how
you do everything. Exactly. Andthat that's what I'm hearing you
say right now.
Exactly. Yeah. So alright. Goodpoints. These are these are
solid points, Mario.
So Brian, let's go ahead and,pass the ball to you, and let's
(20:09):
see if you can beat Mario's,points in his hand.
Bryan (20:14):
Yeah. I can't say I'm gonna beat them, but I wanna
say, the 2 that I have and
Justin (20:18):
it's competition, but if it were, I'd be winning.
Bryan (20:21):
No. Oh my god.
Justin (20:22):
Well, I
Bryan (20:22):
was gonna say they play off of the ones that Mario Mario
had mentioned. Okay. So whilehe's talked about documentation
and having executive reports andand and backup reports and
things like that, My first oneof what you should do to know
you're absolutely getting whatyou pay for is, take a look at
whether or not you have regularstanding meetings with your IT
(20:44):
provider, either quarterly or orbiannually. The intent is to
have some sort of strategicplanning. Right?
And those type of reportstypically come out during your
strategic planning sessions. Butessentially, if you're doing if
if the MSP is doing it right,then in those sessions, we're
looking at how we can improve 1%better every single day, which,
(21:09):
if you look at it from that way,when I meet with, our clients,
we create a 3 year plan. Here'swhat you've got. This is what
your organization is planning inthe next 3 years. Here's what we
need to do in the next 3 years.
We map it all out, and then wecreate a 1 year, highly detailed
plan and then a 90 day like,what's happening in the next 90
days. And every 90 days, we getback together. We sit down, and
(21:32):
we take a look at what is comingup next. What else do we have to
do to improve? And during thosesessions, that's where you're
starting to talk about thingslike maybe you've gotta put 2
factor authentication in if youdon't already have it.
Maybe we need to upgrade orinstall a new workstation or a
new server. Like, we're alwaystrying to improve and get 1%
better, from the previous month,and that only happens if you
(21:53):
have strategic planningsessions. If you're not having
any kind of strategic planningsessions, how do they know what
your strategic goals are and andhow do they relay their goals as
to what they're going toaccomplish from the IT side with
you if they don't have thosemeetings, those regular
meetings. So, if your MSP offersthose, take them up on it
because that is one of the in myopinion, one of the most
(22:15):
important ways that you canensure that they're doing what
they say they're doing. You canknow you're getting what you pay
for.
Justin (22:21):
And if they don't offer those, you're going to get sued.
Remember Joe Brensman? Mhmm.With the insurance agent. Right?
He talked about this is thesmoking gun. If Yeah. If you get
breached, if, business getsbreached and they don't have a
plan that they're working on,there's likely a class action
lawsuit following on the heelsof that breach. So what you just
described is a get out of jailfree card in the event of an
(22:44):
attack. We don't know.
We're not the terminology, youknow, it gets me. I'm not a
lawyer. Yeah. But if you getattacked and sued, you want to
have that plan in place.
Bryan (22:56):
Right. All the things you have accomplished over the last,
you know, 2, 3 years, and youhave a record of it every 90
days. Here's what our plan was.Here's what we accomplished.
Here's our next 90 day plan.
Here's where we're going for thenext year. You get sued. You can
gather up all that informationand say, we have a plan. We have
a strategic plan. It just takestime to implement all of these
things, and we can't possibly doit all at once.
Justin (23:15):
Yeah. For time and money reasons. Right? We we all have
limited resources. So
Bryan (23:19):
okay. And to touch I guess it kind of relays with
with, a little bit about thesame thing. Like, we talked
about how, if the front enddoesn't match the back end. And
I wanted to add one small thingand that is oftentimes and I've
I've I've met with a lot of ITproviders. I coach a lot of IT
providers.
(23:39):
And in a lot of cases, theirtheir entire team is just
gathered into one big jumbledmess. Right? It's everybody does
everything at all times.
Mario (23:47):
Right.
Bryan (23:47):
So everybody's on the help desk, everybody's doing
on-site support, everybody'sdoing proactive support, which
means that
Justin (23:52):
Nobody is.
Bryan (23:53):
Fires that happen take priority. Yeah. And that means
the proactive falls in thewayside, which leads right up to
what Mario Mario is talkingabout if the front end matches
the back end. If it's donecorrectly, there's segregation
of roles and responsibilities,and maybe somebody's responsible
for the proactive side at theorganization at the MSP, and
maybe somebody's responsible forthe help desk, and and one other
(24:14):
person's responsible forprojects, and so on and so
forth. And so if there'ssegregation of duties and
responsibilities, you're prettycomfortable knowing that the MSP
has, they're a little moremature in the sense that not
everybody is a jack of alltrades.
You've got specializationhappening, and you've got
prioritization happening in eachone of those different roles and
responsibilities. So I justwanted to add that in there.
Justin (24:34):
Yeah. Well, let me play on that as well because there
are cases where, you know, we dohave to wear multiple hats in
Mhmm. That's just life. Right?So if if there can't be
segregation in people like afull in FTA, full time
equivalent employee, and youhave to divide your attention,
(24:55):
then and I and you may havealready mentioned this, but,
like, that's where metrics comeinto play.
I am a huge EOS fan, and you'vegotta have that weekly scorecard
where you're looking at, youknow, as a business owner, you
better know what are the signsthat you're, not safe, not
secure, and have that number infront of you all the time.
Bryan (25:13):
Yeah. I I and when I talk about segregation of roles and
responsibilities, it doesn'tnecessarily mean that that
person only does that. I'll giveyou an example. When I first
started growing my team, I hadpeople working the help desk.
They were doing on-site support,and they were doing deployments,
and it was just like all thesame people doing all 3.
And of course, fires wouldhappen and the deployments never
(25:35):
happened. The on sites wouldhappen because those were
priority. There were fires. Helpdesk people would but, like,
people calling in would gettheir calls answered because
nobody likes a ring phoneringing. But the deployments of
new workstations is, like, wewere weeks behind.
Mhmm. And all I changed was tosay we had, like, 3 or 4 staff
at the time. It says yourprimary responsibility is help
desk. If there's a help deskcall coming in, that's you. Your
(25:59):
primary responsibility is isdesktops and getting the
desktops deployed.
And if there's a deployment tobe done, that's you. And then I
went to the 3rd person, ifthere's an on-site to be had,
that's you. Otherwise, if thereisn't, you can go and help
everybody else. But now you havea priority, and all of a sudden,
boom, deploys were going out,help desk was being answered, on
sites were were taking place,and everybody everything was
(26:19):
running smooth. And it all theonly change was is that I I let
everybody know what theirprimary responsibility was even
if they were they weremultitasking, and that seemed to
have worked really, really well.
Mario (26:29):
I like that.
Justin (26:29):
I mean, in a higher level, what you did is you put a
system in place and you put someaccountability in place, right?
Bryan (26:35):
Correct. Yep. Yeah. If everybody's responsible,
nobody's responsible.
Justin (26:40):
Yeah. And you know, where in the IT world, this is
I've heard it referred to as thereactive spiral of death. If if
all you're doing is fightingfires, then that is literally
all you will ever do or all youever can have the capacity. You
just keep throwing more peopleat it as you grow. But until you
stop and put some systems inplace, some accountability
(27:01):
around it, you're just gonnakeep fighting the same fires,
and the fires get bigger,unfortunately.
So Yep.
Bryan (27:07):
Okay. So beyond that, the the other one I was struggling
between 2 2 of them for mysecond one, and I think I'm
gonna go with, having a thirdparty vulnerability scan. And
and I say that because as muchas you wanna trust the person
who's handling your IT, secondopinion is always a good thing
to have. Now good managedservice providers will have a
(27:31):
third party that they work withthat they will get them to run a
vulnerability scan separate andthen bring that report unchanged
to you. If you don't have that,then you could contract a second
MSP or second IT provider togive you, like, a biannual or a
quarterly, vulnerability scan.
But the idea is have a a thirdparty vulnerability scan in one
way, shape, or form, and thatwill give an unbiased, report as
(27:57):
to where they're at from asecurity point of view. And I I
went with this one because theother one was metrics. But being
that with this security podcast,I felt like the 3rd party
vulnerability scan made moresense to know you're getting
what you're paying for. Havethat second vulnerability scan
done or that third partyvulnerability scan done, at
least quarterly, I'd say. And,it doesn't like I said, you
could use your current ITprovider as long as they're
(28:17):
dealing with a 3rd party, or youcan contract your own third
party to just look over theshoulder.
I like to use the what is thephrase? The not having the fox
wash the hen house. Right? Yeah.So Yeah.
Justin (28:32):
Alright. I guess that, does that put me on deck here?
Bryan (28:37):
Puts you on deck, sir.
Justin (28:38):
Not on deck or at the okay. So again, Mario, I I love
that when you first I've I'vegot to admit, when you first
threw this topic out, I'm like,ah, this just sounds like a
shameless self promotion. Butthen the more I got into this,
the more passionate I becameabout it because here's here's
the reality. Yes, of course, Iwant everybody to do business
(28:59):
with me. In fact, here's here'swhat I was gonna say was, top 6
ways to know your IT company isleaving you, exposed.
Number 1, look at the invoice.Does it say Phoenix IT Advisors?
If not, you're being exposed.But then I like that wouldn't be
very fair to you guys. So, thenI'm like, okay.
Well, I'll just put off somefine print. We can also include
b 4 Networks. We can includeNasdaq. But, okay. So so jokes
(29:24):
aside, in, I mean, and and thisis just straight up me being who
I am.
My my number one company corevalue is we take care of our
own. I have a genuine interestin the people I I associate
with. If if I've got a clientwho gets hit, that's personal to
(29:46):
me. I lose sleep over this. I,like, I have bad dreams about
it.
I wake up in cold sweats. I'mlike, oh, shit. Did this happen?
Did that happen? So it's it'snot just that I want to grow my
business, which I do, but Igenuinely want businesses to be
protected.
I really want this to besomething that you can take, to
(30:09):
your IT company and and staywith them. I don't care. Stay
with them. But make sure thatyou are getting what you pay
for. Make sure that you are areproperly protected.
And for me, a key part of thatis that we are all on the same
page. We have agreed uponstandards because we talk week
after week about these industrystandards, best practices,
whatever. Okay. So with thatbackground, I'm scrolling Reddit
(30:32):
as I love to do in my sparetime, and and I came upon this
post. So I'm gonna I'm gonnaread this word for word.
And this is from an IT provider,an IT company, the owner of a
business. A prospect asked for alist of the, quote, best
practices I would be applying.This got me laughing. Like, the
(30:55):
fuck you're okay. Then thinking.
So this got me laughing, thenthinking, where do I get my best
practices from? What are they?This has been bothering me as I
start with my coffee. 30 plusyears of experience in the
industry, and I doubt my listand your list are the same.
Though they should have overlapif they're truly best practices.
(31:18):
Right? Time to dissect this oneand look at the policies in my
RMM for my own comfort. It'sbeen a while since I compared
these. So many things I wannasay about this, guys. Number 1,
RMM.
Are you shitting me right now?That's where you're getting your
best practices from, your RMM.Are we even talking the same
language here? Brian, what's anRMM?
Bryan (31:40):
Remote monitoring and management system. It's
essentially the tool we use toconnect to your computers,
manage your computers, push outupdates, scripts, but there's no
policies. There's no bestpractice.
Justin (31:50):
Oh, dear.
Bryan (31:51):
No. It's it's whatever we program in.
Justin (31:53):
And maybe that's what he's talking about to check what
he's programming. I don't know.But I'll tell you what, 30 years
in this industry, and he'sscratching his head and he's
like, I don't know what are mystandards. Jesus Christ.
Bryan (32:05):
I'm not entirely surprised, though, Justin,
honestly. Right? Like, you haveto remember, our industry is
unregulated. We don't have, youknow, a fairy, you know, like a
an association ferry that says,here's what you should do, and
here's how you should do it.Right?
Like, accountants are regulated.Plumbers are regulated. Hair
dressing companies areregulated. They like, here's
(32:26):
what you have to do and how youhave to do it. IT, not a chance.
Justin (32:30):
I mean, we're not really that important. We don't impact
national security. We don't keepbusinesses alive. We don't, you
know, we really why would we beregulated? It doesn't Yeah.
It doesn't make sense.
Bryan (32:41):
No. We have we have organizations that put out
standard practices, but there'sno agreed upon standard. And
that's For me that's
Justin (32:49):
the core. To market myself as an IT provider, as a
cybersecurity expert, I don'thave to do anything.
Mario (32:57):
That's true.
Justin (32:58):
I can't do that as a
Bryan (32:59):
as a law. As a business in your local area. Yeah. That's
pretty much it.
Mario (33:04):
The closest to some regulations that I see is stuff
that cybersecurity insurancecompanies are requiring. And
even them, you know, you check 3different ones, they have 3
different things that they'rerequiring. You know? Yeah. But
that's the closest to and theand and the
Justin (33:23):
whole thing regulation.
Mario (33:24):
And it's not regulation. I'm saying this is, like, the
closest Yeah. And that's noteven you know, cybersecurity
insurance is opt technicallyoptional. You know? Like, it's
you don't even need to do any ofthat stuff, but that's the
closest to what I see.
Bryan (33:40):
Mhmm.
Justin (33:40):
So this is horrifying to me if I'm putting myself in the
the shoes of a business owner.If a 30 year veteran IT company
doesn't know what his bestpractices and his security
standards are, how in the helldo I as a as a business owner
vet this guy? Right. So thatthat was terrifying. And then
okay.
(34:00):
So the the very first commentand you guys know how Reddit
works. Right? The top comment isthe one that's been upvoted the
most, and this is in a forum ofIT company owners. And the most
updated or upvoted comment was,are you guys ready for it?
Uh-oh.
You don't tell them inspecifics. That was his advice
(34:22):
because a prospect saying, whatare your standards? And the most
updated upvoted comment from ITcompanies is, don't tell them.
Oh my god. Are you shitting me?
Mario (34:34):
Oh, man.
Justin (34:35):
Guys, this is our industry. This is our industry.
Okay. So number one point for mein how do you know if your IT
company is leaving you exposedis they post on Reddit that they
don't know what the fuck they'redoing. And you'll never know who
it is because it's allanonymous.
But we can at least here, let'slet's do this. Let's make it
(34:57):
easy. We have an agreed upon setof standards. Okay? So this kind
of wraps up what you guys havealready been talking about.
But if I've got propercommunications, if we're having
meetings and we have a plan,that should be based on a
meeting where we start off with,hey, business owner. These are
the standards that we use, andby the way, very transparent.
Here they are. You wanna readthrough them all? We can sit
(35:18):
here for 5 hours.
We'll go through every singleone, and I will tell you what
they all mean and why they'reimportant. I will do that. But
if we don't wanna do that, let'sat least agree on what you want
as a business, you know, whatwhat's your risk aversion, what
what are you regulated? BecauseI'm not as an IT company, but
(35:40):
you might be. So we're gonnawe're gonna set these standards.
We're gonna agree on them in thein the beginning. And then just
like you said, Brian, we'regonna go, quarter by quarter,
and we're gonna start knockingthese out. We can't start. We're
not gonna hit everything all atonce, but we're gonna take the
most important things. Let'slet's make sure that firewall is
updated.
Let's make sure your, server2012 is decommissioned and
(36:02):
upgraded to something that'scurrently being supported.
Mario (36:05):
2 f a.
Justin (36:05):
You know? And then yeah, 2FA. Let's let's just take these
basics, and we'll start withthat in quarter 1. And then
quarter 2, we're gonna sit downand have that conversation too.
This is, by the way, misterbusiness owner, what I recommend
we do for quarter 2.
Does that match with what youwant as a company? And if you're
regulated, we're gonna bring inframeworks into it, which I like
to do anyways. CIS is a greatone. Mhmm. There's a bunch,
(36:29):
NIST, PCI, HIPAA, CMMC.
I mean, there's a lot of overlaphere, but what I really want is
the the biggest bang for thebuck. Right? How do we just get,
know that we have the basics? Wecan report on it. We can run
metrics on it.
We can, hold ourselvesaccountable. And then and then
we just I I mean, Brian, I'mgonna steal from you. Right? We
(36:50):
just get 1% better, and I don'tknow that it's I'd like to think
it's a little bit more than 1%every quarter, but we do what I
call maturity levels. And sowe're gonna start with the
basics, and then each quarter,we're gonna plan, okay, next
step, next step, next step.
So my that was and I've I'vekinda jumbled these up because I
had number 1 was agreed uponstandards, and number 2 was
(37:14):
company goals. So I'm gonna I'mgonna come back to that. And I'm
just gonna say, dear misterbusiness owner or missus
business owner or whateverpronouns you choose to use, if
you and your IT provider do nothave clear communication and
consensus regardingcybersecurity, run, get out
(37:36):
immediately, and and don't wait.So so those are my 2. Have and,
like, guys, I think we could wecould merge a lot of these
together.
We've talked about similarthings with a different spin on
it. But, you know, if I just hadto sum it all up, we've gotta
have good communication. We'vegotta have good meetings. We've
gotta have a plan in place. Andthen do not, do business with
(37:57):
this guy on Reddit who after 30years has no idea what his
standards are, and he's gonna golook at his RMM and see if he
can figure it out.
Jesus Christ. Okay. Okay. I'mgonna I'm gonna try to get my
blood pressure back down overhere. I think I think we've
kinda hit what we need to hittoday.
(38:18):
So we're gonna we're gonna moveto wrap up. Do you guys have any
thoughts on on, my little rantthere?
Mario (38:24):
No. I love
Bryan (38:24):
Yeah. The only thing yeah. The only thing I would
wanna add, Justin, is, when wetalk about 1%, it's not always
about just improving thingsthat, you know, like, I'm not
I'm looking to improve all thetime, of course. But when you
you know you're getting whatyou're paying for, if the MSP or
you're the person you're dealingwith has made an error and they
admit that they made an errorand they work towards correcting
(38:45):
that error, having the the thethe faith in your own ability to
say, you know what? Yeah.
I messed up here. I I I youknow, we could have done better
in this capacity or in thatlike, here's what we're going to
do to improve it and anacknowledgment that things went
awry, but that we can we cancourse correct. That takes a lot
of maturity in an MSP to be ableto admit when you've made a
(39:08):
mistake and just move forwardand and and figure out how
you're gonna make it better fornext time. That in of its own
shows that that MSP has thatgrowth mentality and that
improvement mentality versussomebody who's like, yeah. No.
We didn't do anything wrong. Itwas on your end. You you did
this and you did that. Right?It's a collaborative.
It's a shared experience. It's ashared model. We both have to
figure out how we can get betterat things. So
Justin (39:30):
No. I absolutely love that. That, that's actually our
one of our company core values.I I'm really big on core values
right now because, for forreasons, just stuff I'm working
through, but, only outcome isone of ours. You know, I don't I
don't care.
I don't expect to be perfect,but goddamn it. If if something
goes sideways, let's talk aboutit and work through it so that
it doesn't keep happening.Right. So that that's huge. I
(39:52):
love that.
Mario, I think you were gonnatry to say something. I cut you
off.
Mario (39:54):
No. No. It's fine. What I was saying is to add on to to
that what you guys are sayingtoo. It's like, you know, you're
improving and even if it's 1%better, You still have a you
have to have a decentfoundation.
You know? You you can't bestarting from 0 and then go to
1% and 2%. You you have to have,you know, some of those
foundations in place that willautomatically bring you, you
(40:16):
know, at a higher level. Youneed to automatically start with
2FA. You need to start with areal backup.
You know? Certain things likethat, you need that has to be
the foundation of of everything.You know? If you if the if
you're not currently getting anyof that, then you really have no
foundation and you know, or avery weak foundation. And a weak
(40:39):
foundation, anything is gonnacollapse.
It's a matter of time where itjust collapses. So, you know,
you need to have a solid baseand build upon that. Get 1, 2%
better, you know, you know, inin, you know, improving on this,
adding this, you know, stufflike that. That's that's what
(40:59):
what I think, you know, a a realpartner, you know, not
necessarily a customer or avendor. A a partner needs to
have back and forth anddiscussions about
Justin (41:13):
Alright. Guys, listen. I, I think I've said more than I
needed to already. So, again,dear mister business owner,
missus business owner, this ishugely important, and and it's a
little bit risky because aswe've said and we've, today and
we've said before, the ITworld's unregulated and that's
(41:36):
just a terrible position that itputs a lot of people in. So if
if your gut's telling youhonestly, if you're listening to
this episode with questions orconcerns, that's probably all
you really need to know.
If, if you even have to ask, ifyou even have to question,
(41:57):
probably it's time to make amove. So, guys, let's let's wrap
up. If you have any finalthoughts, key takeaways, or just
a quick sign off, we'll go aheadand do those quick, and then
we're gonna pull the plug andstart prepping feverishly for
next week's episode. Mario, goahead and take it away.
Mario (42:16):
I mean, I I know you're gonna say this anyway, and, you
know, just like every week, weoffer our our assessment, you
know, but I think this week, itfits best, you know, you know,
just like what you said. If youhave any doubts, you know, reach
out to us. You know? We will beable to tell you. Like, you
know, we have our ownchecklists, and we say, this is
(42:39):
what you should be getting.
This is what you have, or thisis what you don't have. You
know? So if you're not sure,reach out to us and, you know,
any of us 3, and we will sitthere and tell you if if this is
what you're, you know, you havethe foundation. Is your
foundation, you know, steady ornot? You know?
(42:59):
Or could it collapse at anytime? You know? Again, no
obligation.
Justin (43:04):
Yep. Brian? Well,
Bryan (43:09):
for me, it is the encouragement of or my my what
I'm trying to accomplish isencourage business owners to
start the journey. If you'redon't currently have anything in
place for cybersecurity and orIT, start the journey, make the
phone call, meet with 1 of us,have us do an assessment, and
we'll give you basically arecipe book on the things that
you can do even if you decidenot to partner with us. Here's
(43:31):
the 4 or 5 things you can doright now to include your or to
improve your posture whereyou're at now. And if you do
wanna work with us, great. We'llstart the journey together.
Where you're at now. And if youdo wanna work with us, great.
We'll start the journeytogether. I will be your guide.
You will be the hero in thestory, and I will make sure that
we get you from point a to pointb as quickly and safely as
possible.
Justin (43:47):
Nice little story brand plug there. Love it. Alright.
Thank you, guys. Always apleasure.
I'm I'm gonna sign off with justone thought, which is, hire,
slow, fire, fast. Right? This iscommon, conventional wisdom in
the HR world. If you even think,if your check engine lights on,
(44:11):
if your spidey senses aretingling, you know something's
off a little bit, start thatprocess now so that you can
slowly work through and vet agood IT company. And then if
things are bad and you knowthey're bad, you've gotta pull
the ripcord and you've gotta getout of there, because if you get
hit, like we've said before, youcannot get unhacked.
So with that, we are gonna signoff, guys. Visit us at
(44:33):
unhacked.live for all of oursocial media links, all of our
episode recordings. You cansubscribe on pot Spotify
Spotify, Apple Podcasts, andwherever the hell else you
listen to podcast. With that,guys, I'm gonna say goodbye.
We'll see you next week.
Brian, Mario, thanks for being
Mario (44:50):
here. Take care, guys. Take care.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Boysober
Have you ever wondered what life might be like if you stopped worrying about being wanted, and focused on understanding what you actually want? That was the question Hope Woodard asked herself after a string of situationships inspired her to take a break from sex and dating. She went "boysober," a personal concept that sparked a global movement among women looking to prioritize themselves over men. Now, Hope is looking to expand the ways we explore our relationship to relationships. Taking a bold, unfiltered look into modern love, romance, and self-discovery, Boysober will dive into messy stories about dating, sex, love, friendship, and breaking generational patterns—all with humor, vulnerability, and a fresh perspective.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.