Is your business safe from the attacks of cyber criminals? With the rise of sophisticated hacking techniques, ensuring the security of your clients’ information has become more challenging than ever. Fortunately, small business owners have a wide range of options when it comes to preventing potential data breaches.
In episode #81, Elizabeth Larkin and Gene Marks provide valuable advice on how to protect your business from cyber threats.
0:42—Today’s Topic: How Do I Protect My Business from Cyber Criminals?
1:13—Small businesses are the most susceptible to security breaches, yet are often the least protected.
3:14—One way to ensure your protection against hackers is to move to a cloud-based service.
11:07—Business owners can also prevent data breaches by having their IT department teach their employees about cybersecurity.
15:29—Gene discusses the importance of presenting yourself as someone your customers can trust.
Download Our Free eBooks
- Ultimate Guide to Business Credit Cards: The Small Business Owner’s Handbook
- How to Keep Customers Coming Back for More – Customer Retention Strategies
- How to Safeguard Your Small Business from Data Breaches
- 21 Days to Be a More Productive Small Business Owner
- Opportunity Knocks: How to Find—and Pursue—a Business Idea that’s Right for You
- 99 New Small Business Ideas
Submit Your Question
Elizabeth: Welcome back to another episode of the Small Biz Ahead Podcast. Gene?
Elizabeth: Have you ever committed a crime?
Elizabeth: Have you ever had a crime …
Gene: I know that’s actually … No, I have not committed a crime.
Elizabeth: Have you ever had a crime committed against you?
Gene: No, I don’t know.
Elizabeth: That you’re aware of.
Gene: Not that I’m aware of. No.
Elizabeth: Okay, well today’s question is about cyber criminals.
Gene: Interesting. Okay.
Elizabeth: Which is something, I know you think about this all the time.
Gene: I do. I have a lot of thoughts and experience with clients that I’ve had.
Gene: So what’s the question?
Elizabeth: Because Nour, from California, wrote in. He’s a dentist and his question is:
“I’m really concerned about data breaches, especially because I’m responsible for safe guarding sensitive medical records. Would a criminal target my business and how can I protect myself and my patients?”
I’m going to go first.
Elizabeth: Yes. Small businesses are the easiest marks for cyber criminals because like a large company, you have a whole staff that just works on security.
Gene: Right. We know how great large companies are at security.
Elizabeth: They’re terrible.
Gene: They’re just fantastic. Large companies they never get hacked. It never happens.
Elizabeth: Small companies, small businesses have less people working on that. They might, probably don’t even have a dedicated person. They might have a vendor. The second thing is that, I know when I work at The Hartford, every year we have to complete training on cyber security for our business. I don’t think a lot of small business owners train their employees on that. If they do, they don’t train them very well. It’s most likely that your own employees are going to make your business more hackable. There’s an article on that I will link to in the show notes. So Gene, what should Nour be doing? The spelling of the name is N-O-U-R. He is from Solvang, California.
Gene: So Nour, a couple things to make sure, you are subject to hacking. Businesses big and small are subject to it and small businesses in particular easily fall prey to a lot of hackers. People are looking for credit card information, social security numbers, customer data, passwords, things like that.
Elizabeth: What would you do with medical records. Like if he’s got dental records on people.
Gene: I’m not quite sure what you would do with medical records itself. I would just be more concerned with, just again, any private information that could be used or sold for financial reasons, right?
Elizabeth: I always wonder when I go to the dentist or any doctor, they always ask for your social security number.
Gene: Yeah, why are they asking for that?
Elizabeth: I never write it down.
Gene: I know, and I give out my social security number all the time, meanwhile it’s like a major, the recent hack at Equifax big issues where, because financial services people ask for that information. That’s your exposures that your customer data, and your employee data could be hacked. You’re easy pickings if you’re a small business. There’s a few things that you want to do to make sure that you are protected, but the most number one thing is, and it’s incredible I’m saying this but it’s true is you should really move to a cloud-based service, right.
Gene: Because a lot of people will be like, “Gosh that seems like it would be even less secure because you’re trusting your data with somebody else.” Well, for starters you don’t have to change over all of your systems. I’m not saying you have to throw everything away and then sign up for a new cloud-based accounting system, or CRM or whatever. There are plenty of managed server providers, managed server providers that are IT firms, big and small, they rent out space on managed servers that are provided by Amazon, that are provided by Microsoft and Google.
Elizabeth: How would you find that?
Gene: Go ahead and just Google managed server providers. Managed server, right? Or just talk to your IT person, because they will know immediately. If you’re like, you know what? I want to host all my stuff. I want to get rid of my servers and all that internally, and host it with somebody else. Any IT shop that I work with. Either they do it themselves, or they have a resource to do it.
Elizabeth: Why is that? A company like Amazon that has a ton of servers.
Gene: Amazon Web Services.
Elizabeth: They’re invested in constantly keeping out hackers.
Gene: Yes. Of course, nothing is 100% secure, but let’s face it Elizabeth, I mean if you’re going to take your data and your software applications and you put it on Amazon’s servers or again, Microsoft Azure or on Google Cloud, these companies invest countless of millions of dollars in resources, tools and people to make sure that their customers data is as secure as they can possibly be. Again, they’re not perfect, as we see that people get hacked all the time, but they’re certainly a lot more perfect than Nour.
Elizabeth: Your server.
Gene: Nour. Yeah, Nour’s server. No offense, Nour, but your server is in your IT person, God knows the last time you had security updates on it and how secure it really is. It’s much safer when somebody experienced hosts it for you. That’s like the number one thing you can do.
Elizabeth: You know what, the funny thing about that, it’s not funny. It’s actually really sad, but Equifax, how you.
Elizabeth: They I guess were not updating their security patches, which is crazy. I mean a large company like that to not do that. So they’re not doing it. A small business, of course that’s going to slip their minds.
Gene: Absolutely right. Absolutely right. Now Equifax was interesting, not to like completely roast them, but because I wrote about them recently out of anger because it was the worst fear for my small business and medium sized client, what their fears are. I’m trying to convince them to go to the cloud and then this kind of thing happens. The worst was their response. They waited like five weeks before they even disclosed the issue, and then their response was like well go to our site and give us more information about yourselves so we can make sure that your days. It was sort of like indifference. They’ve gotten better, they’ve been apologizing more but now, all my, I was a victim of it. We looked it up. Now every day, I would look at my bank account. I was expecting to be drained of any cash, for all I. Right?
Elizabeth: It’s not funny but.
Gene: Yeah, but if that happens you’re going to have to go through all these headaches to fix that and it is because of Equifax’s lousy, internal security policies. So they’re not a cloud based company though. Microsoft and Amazon and Google and Rackspace and so many others that do this for a living, their policies are way more secure and advanced than a company like Equifax’s is.
Elizabeth: So if Nour is dealing with medical records, I’m assuming he’s using a cloud-based, we don’t know.
Gene: We don’t know. We don’t know.
Elizabeth: I’m assuming there’s some type of medical CRM that those offices use.
Gene: It’s not a medical CRM, but most people that are dealing with medical records ask if it’s HIPAA compliant. HIPAA is the healthcare information practices. It’s like the, you have to make sure that your systems and your managed services, by the way, are HIPAA compliant. There’s certain rules that they need to comply with. So you bring up a really great point. Nour needs to ask that of any potential.
Elizabeth: You need to go out to your vendors basically and ask what questions.
Gene: What you want to do is not necessarily your vendors. You want to go to your IT person and say, “I want to have my systems hosted in the cloud by a managed server provider, can you recommend that person?”
Gene: When you get a couple of managed server providers that are recommended to you, then you want to ask them questions like, of course, how much do you cost, what security do you have over my data, how can people get access to my data, have you ever been hacked before, are you HIPAA compliant in the case of Nour’s situation, how do I get connected to my client and is those connections secure? Is it a remote desktop connection? Is it a web connection? What are you doing every year to make sure that you are continuing to upgrade.
Elizabeth: Or quarterly.
Gene: Yeah or quarterly whatever to make sure that you are staying as current as possible. Where is my data backed up in case something goes wrong? Where are your servers located in case there’s a potential problem and where that is is that an issue to me?
Elizabeth: They’re in the Florida Keys and there’s a huge hurricane coming.
Gene: Right. Exactly. Right. These are all issues you got to ask.
Elizabeth: Most of them I believe are in the Midwest.
Gene: They put their servers all over, one they’re building a huge server for like in the Arctic right now.
Elizabeth: Really? Wow.
Gene: Because it’s just cooler. So there was just, Amazon is investing a ton of money building server barns in the Arctic.
Elizabeth: They’re putting them in different, we’re getting ahead of ourselves, but they’re putting them in different locations in case something happens.
Gene: They do and then also they need the space. They need it to be inexpensively run, so if you put it in, whatever it is, you want to make sure that the cost of the people there are inexpensive enough. You only need a few people to run these server forms.
Elizabeth: You’re not going to put them in Connecticut.
Gene: You’re not going to put them, right. The cost of living. But the other thing to also remember is that the way databases work nowadays is that you want to ask your managed server provider how they distribute your data. Because your data just isn’t in one place. It’s not on a server form in the Midwest. It’s SQL and other databases are connected to each other throughout these server farms all around the world and your data is actually distributed in different places then called together when you’re requesting information. So you want to understand how that works and how that impacts your business.
Also, the other thing is when you negotiate these contracts with managed server providers, who has liability, you know? What is, say something does go wrong, how are you getting your data and what’s your protection. Also, your protection on fees. Because once you host with a managed server provider, they can charge you whatever they’re going to charge you per month, who’s to say that a year from now that it’ll come back and double the fees. All your stuff is with them, you know so what protections do you have about that and what protections do you have to get your data? Say you wanted to just change services and go somewhere else?
Elizabeth: Are you comfortable telling us who you use?
Gene: So I use a company called CloudJumper. CloudJumper is a perfect example of a relatively smaller company. I mean they only have a few hundred employees and they’re even companies smaller than that. They host all of our files and our data that we use internally, and they are, but they use Amazon Web Services. They’re like basically a reseller of Amazon Web Services, so I’m going through them for my service and support, and any questions and whatever, but they’ve carved out some property on Amazon Web Services and that’s where their business is. A lot of Microsoft partners are doing the same thing.
Elizabeth: Sounds good. Alright, so that’s what you want to do with getting your business into the cloud.
Gene: Yeah, but also protecting, this is all about protecting your data. How to protect against a hack attack.
Elizabeth: What then do you do with your employees? Because they’re the ones that they answer the phone, someone asks them what sounds like a pretty innocuous question, and all of a sudden they have an in.
Gene: For the show notes, and remind me, Elizabeth, there’s two really great services that test employees during the year.
Gene: Carbonite is a back-up service and the people, I’m very friendly with the people there. They use this internally for their own employees and it’s inexpensive. What happens is these companies now, they’ll send out fake phishing emails. Phishing with a P-H trying to dupe employees into doing stuff and it’s fake, but the employees don’t know that it’s fake. They track to see what employees fell for it, and then they report back to management, and then management uses that as a training tool to teach. That’s become an interesting.
Elizabeth: Let’s say you want to train your employees. How do you do that? Where do you go?
Gene: Your IT person is where you go. I mean, if you’re working with a good IT firm.
Elizabeth: What if you’re working with a bad IT firm?
Gene: Then you change your IT firm. If you Google or you go, and I use Microsoft because we’re a Microsoft partner so I don’t, it’s a little self-serving. We don’t do these services, but Microsoft has a huge part of their services are security services, and they can recommend Microsoft partners that provide these training and consultations. A lot of the business owners, most of my clients don’t do this, because you’re not thinking about this stuff. It’s kind of like, no offense, it’s kind of like insurance you know. You never think about it until you need it.
Elizabeth: I’m really, really offended.
Gene: Well, you don’t think you need it until you need it, and then when people pay for it, I guess I got to pay for my insurance but okay. People don’t go on a limb to have training done to protect, so their employees know how to protect themselves against hackers.
Elizabeth: You know, once you have a data breach you actually have to spend money. You have to have another company come in.
Gene: You’re hosed. You’re hosed.
Elizabeth: It’s one of those things it’s like you’re better off taking the time up front to save yourself money. The chances are you’re probably going to get hacked at some point.
Gene: Yeah. There is a huge probability that it is, or might get subject to a ransomware attack or a malware attack. You’re really, the amount of business that you lose when you’re down in those attacks is horrible. If you get breached, then your data gets hacked and your customers, your customers will sue you because you didn’t protect their data. That’s really bad stuff so you really want to try and protect yourself. The vast majority of hacks occur because of some employee, usually internally.
Elizabeth: That’s why, it’s that old quote, it’s like why would we, what if we train our employees and they leave. What if we don’t train them and they stay? You really do want to focus on training your employees on this.
Gene: So true. So true.
Elizabeth: Alright, so I’m going to link to, we actually have an eBook about this that was written by our fabulous producer, Mike Kelly, who’s wonderful voice you hear.
Gene: Mike is the man.
Elizabeth: He’s the man, at the beginning and the end of the podcast. He wrote a data breach eBook guide that’s specifically for a small business owner. So let’s say you don’t know anything at all about data breaches or hacking, you can read this eBook and you’ll walk away, like I didn’t know anything until I read this eBook and it’s a quick read but it’s very thorough. He goes through every possible thing you could be doing wrong in the first chapter. The first couple chapters of the book so you feel like a complete moron, but then in the second half, he goes over all of these actually pretty easy ways that you can protect yourself. I’m going to link to that in the show notes. It’s called, well let’s just call it our data breach eBook. It’s how to figure out, how to protect your business from being hacked.
I will link to that in the show notes. Thank you to Mike for writing that awesome resource. We’ll be right back with Gene’s Word of Brilliance.
This podcast is brought to you by The Hartford. When the unexpected strikes, The Hartford strikes back for over 1 million small business customers with property, liability and worker’s compensation insurance, check out The Hartford’s small business insurance at TheHartford.com.
WORD OF BRILLIANCE: Mister Rogers
Elizabeth: We’re back with Gene’s Word of Brilliance.
Gene: Two words this time. It’s often not just one word.
Elizabeth: Alright, it’s your phrase of brilliance.
Gene: I apologize. Mister Rogers.
Elizabeth: You know what, we talked about Mister Rogers before.
Gene: Different Mister Rogers story I have for you this time because we did talk about Mister Rogers before but I’m going to bring him up again. You know what’s really weird Elizabeth, I didn’t really watch him that much when I was a kid.
Elizabeth: Kids didn’t watch him either.
Gene: No. I totally get why he’s, people love him, I just growing up I was never drawn to his show as much and I don’t know if that was before your time. Like I’m dating you.
Elizabeth: No, it was totally in my time. My brother and I watched every day. I feel like we’re much more empathetic people because we watched him.
Gene: Oh well, I’m glad you brought that up. I recently wrote about this elsewhere about Mister Rogers. Mister Rogers people were revisiting, I’m not quite sure why, but back in the day in 1969. Oh it was because of the budget debate that has been going on in Washington and potentially cutting off funding for PBS and all of that.
Elizabeth: That’s been going on for.
Gene: It’s been going on for generations. Okay. As a matter of fact it was going on in 1969 when the congress was cutting funding for PBS. Mister Rogers, the executives at PBS went in front of the senate finance committee to argue on their behalf, 20 million dollars they were looking for.
Elizabeth: Which is nothing in the federal government.
Gene: It’s equivalent to 140 million dollars today.
Elizabeth: Still not a lot of money in the federal government’s budget.
Gene: Nothing. Federal government obviously spends trillions so this is, it’s just nothing. That was the equivalent, so the executives in 1969 decided to pull out their secret weapon, and that secret weapon was Fred Rogers.
Gene: He gave a seven minute testimony, and at the beginning of the testimony the finance committee chairman didn’t even know who he was. Had never heard of his show.
Gene: He was asking him, “Do you narrate the show? How long is the show?” Never heard, it was 1969, the show had been on at that point for like six years and on local televisions. Different locals to Pittsburgh and a few other stations. Hadn’t been on that long relatively and it wasn’t national. It was just low, so these guys didn’t even know who he was. Fred Rogers got up and in seven minutes they gave him the 20 million dollars equivalent to 140 million.
Elizabeth: Really. What did he say?
Gene: What did he say? What is it about Mister Rogers. He’s in front of a panel of people that had never heard of him before and he raised 140 million dollar equivalent today. He was Fred Rogers and his pitch, because as business owners we’re salespeople. We’re always pitching. He gave the perfect seven minute pitch, and what he did was he spoke emphatically, and empathetically. He was quiet, but he was firm. He was familiar, very familiar with his materials. He worked off of very few notes. He asked for permission to speak. He asked for permission to respond. He gave examples, in fact he actually iterated the words from one song about being angry that he likes to teach to children as well. He didn’t sing it, but he gave a demonstration, basically, of his product.
Also, ,he connected to his customers because he made his product children and education. Not only affect them and their children, but made them feel like how they were when they were children as well. The same things that would connect. He connected to his customers that way.
Elizabeth: Now if he had gone on Shark Tank, do you think he would’ve gotten the money?
Gene: Yes. 100%, because in the end, when you watch, by the way you can watch his 1969 testimony on YouTube. You watch it, and you watch it a couple of times because it’s so compelling, and spellbinding, because he is a man committed, and loving, and determined.
Elizabeth: Did you cry watching it?
Gene: Did not cry watching it, but I was blown away by his ability to sell himself.
Elizabeth: Okay, so what is the takeaway for a small business owner.
Gene: The takeaway for a small business owner is this: You are not selling a product, you are not selling a company, you’re not selling a service. You are asking somebody to give money and put their faith in you. In the end, it’s you. So Fred Rogers was not selling PBS. He was not selling Mister Rogers’ Neighborhood. He was telling the senators trust me with that 20 million dollars because I’m the best use of your money. I will take care of that money and make sure that it’s a good investment for you. In just seven minutes he proved just that. That’s your goal when you’re trying to sell a customer.
Elizabeth: He did that through empathy?
Gene: He did it through empathy and genuineness.
Elizabeth: That’s one of the hardest things to learn is empathy. I feel like you need to be brought up with that.
Gene: You used the example of Shark Tank but you know these people in Shark … 2017 has anything changed? These people in Shark Tank get in there with the glitz and they’re throwing things around, and it’s a big show where they’re joking around and they’re doing this and they’re doing that. You see time and time again people that get turned down in Shark Tank because they don’t know their numbers of they don’t know their products, or their market, or they can’t answer certain questions, or they’re just not polite. That’s not the real reason why. In the end, the people that are on that Shark Tank panel, they’re investing in the people. In the person.
It has nothing to do with the product or the company itself. It’s like do I, is this guy going to succeed? I’ve always believed, I’ve made jokes about blacksmiths. You can be a blacksmith in 2017 and be successful if you’re really good at what you do and really believe and are passionate at what you do. Fred Rogers is really good at what he does. And he’s passionate, and he showed that in that seven minute testimony. Those people didn’t give money, they gave money to him. That’s what they invested in.
Elizabeth: Great. We’re going to link to that in the show notes.
Gene: Yeah, it’s cool to watch.
Elizabeth: People can watch it a couple times. Gene, what do we want from our listeners this week? Reviews.
Gene: Oh yes. We do want people leaving reviews and also asking questions as well so we can discuss.
Elizabeth: Leave us a review. Ask us a question. You can contact us at firstname.lastname@example.org. You can find us on smallbizahead.com. Just click on the podcast tab and all of the shows will pop up with the show notes. You can comment after them or you could leave us a review on iTunes, which we would definitely like and we read all of them, and ask us a question in the iTunes review.
Gene: I agree.
Elizabeth: You can also give us five stars on the iTunes, which we would very much like.
Gene: That would be very nice.
Elizabeth: Alright, so we’ll talk to you in a couple days. Thanks for tuning in.