Woman Covering Her Head to Protect Herself From Fire

Campfire 365 Podcast – Episode 1: Is Your Organization Ready for the Next Major Catastrophe

Woman Covering Her Head to Protect Herself From Fire

Table of Content

    Podcast Details:

    Tue, 8/9 2:01PM • 52:45

    SUMMARY KEYWORDS
    organization, business, people, server, security, clients, data, hit, distraction, ransomware attack, threats, disaster, ransomware, technology, human element, big, employee, talking, cloud, lost

    SPEAKERS
    Carolyn Norton, Rich Fowler, Daryl Moll, Amy McKie, Jason Wietharn


    Carolyn Norton  00:12

    Welcome to our first ever episode of the campfire 365 Podcast, where industry experts discuss current technology trends, business challenges, and more. I’m your host, Carolyn Norton. In our debut season, we’re going to talk about the big disaster events so cataclysmic that they can shake your organization to its very foundations and transform the way the world conduct business. Throughout our four part series, we’re gonna explore the ins and outs of disaster preparedness and recovery will cast a light on the threats to your business, explore how to deal with the aftermath, and pass on the experiences and guidance of our panel of expert guests. Today’s episode is titled, is your organization ready for the next major catastrophe? like to introduce our panel of guests today, Amy?

     

    Amy McKie  01:05

    Hi, this is Amy MckKie, and I am the Director of Client sales. So I’ve been working with our Dynamics clients or with Dynamics clients for about 25 years.

     

    Daryl Moll  01:17

    Hello, my name is Daryl Moll and the principal cloud architect at Velosio. been with the organization for 15 years, been in it for over 20. And really enjoy, you know, educating people and talking about technology and what they need to do to keep their businesses running.

     

    Jason Wietharn  01:34

    Thanks, Carolyn. This is Jason Wietharn. I am responsible for the CRM practice here at Velosio. And then been in the Microsoft ecosystem for about 25 years.

     

    Rich Fowler  01:46

    My name is Rich Fowler, I am part of the Stratos Cloud Alliance here, and I work with our over 400 partners to help them help their clients.

     

    Carolyn Norton  01:57

    Thank you everyone. As I’ve said in our intro, today’s topic is the big disaster. There are many threats in today’s world from ransomware attacks, war, recessions, Mother Nature, and even our own employees. Organizations have a hard time keeping up with the day to day threats. But why is that even happening to begin with? Are organizations simply unprepared, negligent? Or do they just not know how to react when a big disaster impacts them?

     

    Rich Fowler  02:29

    I think one of the easy why’s is damn, look at the world COVID changed the way that almost the whole world does business. So now everybody’s moved to—not everybody—but a good percentage of the world has moved to their home, from the home office. They’re not going to the office. So there’s a completely different set of challenges from a security standpoint, for people who are working from home versus the having that tech person or that tech team in your office. I think that’s one of the big why’s,

     

    Carolyn Norton  03:00

    What are you trying to say, I’m working from home and I’m a risk now? Is that what you’re saying? Yes, you are.

     

    Rich Fowler  03:05

    We all are? And I think we know that. And then we have as soon as we realize that, then then we’re better in better shape.

     

    Daryl Moll  03:12

    Yeah, I think the big thing is, is change. You know, I mean, if you look at you look at businesses, they get used to, you know, aiming at a single target. But with technology and the advent of technology and the evolution of technology, it’s always changing what it can do, how you can do things, where things are, are operating from. And, you know, people change that that side of their technology usage, but they don’t change what they’re looking for on the risk side of things. They’re still looking for the old risks of what they used to the last time they got hit with something; they’re not ready for those threats. They’re not ready to accommodate those threats and looking at all those threat vectors.

     

    Carolyn Norton  03:53

    When I was working in the office, was it not just as risky?

     

    Rich Fowler  04:00

    It is less risky, because you’ve got an IT team in the office that takes care of everybody’s tools, they make sure that everybody’s computers and laptops and whatever are on the right network, and they have the right security, and you’re not going in and diving into apps and other things that you may or may not want to or should. However, it’s completely different. When you’re at your home, you know you’re on your own Wi-Fi you may or may not be on as as secure a network as you might have been at the office. And it’s that distributed workforce thing to everybody’s out and about there. It is a different set of technology and a different set of technology challenges. And I’m also going to say that this is not necessarily new, it’s more prevalent, but we’ve had ransomware and and hackers around for decades. But we’re

     

    Amy McKie  04:49

    seeing probably one to two a week as far as ransomware come within our you know, come across our client base where they’ve been hacked, you know, they’ve got ransomware or something like that. And it’s both I’m seeing it mostly Carolyn on our clients that have on premise servers. So I don’t know if people have just kind of said, Oh, it’s our on premise servers. So we’re really not going to take a look at it as much. Or we think it’s more secure by being inside our four walls.

     

    Carolyn Norton  05:17

    Do you think that the on premise aspect is a threat, like if I’m a company, and I’m used to having servers in a closet, that is, in itself a threat, today, I’m more at risk, because I’m doing that.

     

    Daryl Moll  05:34

    I don’t know that you’re necessarily more at risk. As long as you’re taking the appropriate steps, the thing that moves, the migration to the cloud enables is really giving people and organizations more access to more tool sets at a more cost effective price, you can certainly, you know, bring all those technologies and everything down into your into your on premise world, but you’re going to pay for those and you’re going to pay for those at scale of you’re doing the whole implementation yourself, where in the cloud, you know, some of those skills are spread across hundreds 1000s of different customers, and they come at a more cost effective price than doing it individually.

     

    Amy McKie  06:17

    And that might be part of it, that you know, just thinking about, you know, hey, I’m sitting in my house, you know, I’m safe, or hey, it’s sitting in the office, it’s safe, rather than making sure they’ve got all those, you know, security factors, and all of that put in place.

     

    Carolyn Norton  06:30

    Oh, so you think there’s some sort of false sense of security? Because it’s in a person’s mind? Hey, it’s in one location. I know that location, I have a sense of that location, nothing’s gonna happen to it. Is that what you’re thinking?

     

    Amy McKie  06:45

    We’re seeing that, you know, we’ve got, you know, hey, our CEO wants to be able to walk down the hall and touch the server.

     

    Daryl Moll  06:52

    You have that end and the fact that you know, you know, when it’s sitting there in your, you know, is somebody really watching that? 24/7? Is somebody doing their due diligence? Is it staying patched? Is it staying monitored? Are they really looking at what’s going on?

     

    Carolyn Norton  07:07

    Guys, this reminds me of the old days where the biggest concern is to make sure that your server room had a lock on it. Like there used to be stories about disgruntled workers that walk into the server room and pull out servers and networking devices. And now it’s just so it’s so much more than that. It’s just ridiculous. There’s there’s hurricanes, as well. Oh, yes, then and someone from Florida would know this. As I’m sitting in

     

    Amy McKie  07:37

    Florida, you know, you know, there’s been times we’ve had to the clients thought, again, servers are sitting in the server room, you know, hey, let me go just move the server to another location. They didn’t have a backup plan, a backup business plan for when these hurricanes or these, you know, natural disasters started rolling in. Correct. I

     

    Daryl Moll  07:57

    mean, I’ve, I’ve dealt with, you know, what, with when Carolyn mentioned, you know, people taking stuff I’ve dealt with organizations that came in on Monday morning and found out that, you know, a disgruntled IT person walked into their server room and pulled out every single hard drive and left the left the facility with no, you know, no hard drives and all their data, including their backups. I’ve also had other organizations that what you’re saying, Amy with the with the hurricanes came in and found their data center where, you know, their their server location, their server room was, you know, four and a half feet underwater.

     

    Carolyn Norton  08:29

    Oh, my goodness. Yeah. So there was I remember a New York company that had that happen. I forget what storm it was where they were in the Lower East Side. And all of their servers were in the basement. And I think they were evacuated. So they couldn’t even get into the building itself.

     

    Amy McKie  08:46

    Well, we were in I was living in Houston at the time when her Tropical Storm Allison came through and the servers were on each levels of the building, you know, each different company. Well, it just so happened that the bottom four floors were flooded. So every time the elevator went up, it was dumping water. So it ruined even the higher levels, not just the basement.

     

    Rich Fowler  09:07

    Wow. Yeah, we talked about security. And sometimes we have to think about both sides of security, the physical security of the building, and the the non physical side of the software. I remember I won’t mention the partners name, but I worked with a partner and we’re in their offices multiple times, where they had a larger warehouse type building, and there are servers and they’re more secure. They were an IP company. They had chicken wire strung around the gym, basically a giant cage and they had chicken wire strung through the ceiling and through the walls and things to to boost the security of people getting in yet they’re completely susceptible to somebody getting in through a backdoor electronically, and trying to get them to understand that sometimes people do You mentioned that the CEO that wants to touch the server, and I had somebody explained it to me once that the difference between all of the security in Azure, and you can think about Fort Knox, versus the security that most folks have in their on prem is the padlock that you use at your gym, there’s a huge difference.

     

    Jason Wietharn  10:20

    I think the common theme that I’ve been seeing is really how almost human nature, they’re not we’re, we’re seeing clients not prepared. We’re seeing, and in some ways, almost stepping backwards, right? And so instead of trying to figure out and look at the people side of that, too, right, how that kind of changes what we need to do to, you know, get get to people to in a secure way do the work, right, or, you know, facilitate interacting with our customers.

     

    Carolyn Norton  10:54

    It kind of reminds and encourages everyone to take action and know right, Jason?

     

    Rich Fowler  11:01

    Word, sometimes she sometimes you get prodded into taking action. I share? Yeah. What is it, they say that you, the only reasons people do something is either for the heart or for the wallet. So they want to because they love it, or they have to because it’s going to cost them money. And now you can put government regulation in there too. But we’re not going to get into that. I’ve, I’ve mentioned to some of you as we prep for this, you know, I we have a partner, still working with this partner. That’s, that’s fantastic. But just to set the stage a little bit, there are 30, they’ve been in business 30 years, they are both a CPA firm, as well as a Microsoft and dynamic shop, they got hit just before Christmas time with a ransomware attack. And these are people that advise other people on how to manage their businesses, they got hit with a ransomware attack. And I don’t need to go into the details to some of the bottom line is they needed to come up with a little over $200,000 in order to get their 30 years of business data back, it wiped everything out, they base spent Christmas break, going through and going through each of the consultants, emails and calendars, trying to recreate invoices that never got sent, they lost about a month’s worth of billing, they lost incredible amounts of confidence from their customer base, it was it was painful. The good part about that, though, is that they came to us and they said, hey, now it’s time to we eat our, I don’t like to eat your own dog food thing like they we drink our own champagne. Let’s go to the let’s go to the cloud, let’s see how we do this. And in less than 30 days, the team at Stratos was able to help them get up in the cloud on a Dynamics platform. They had some backups in place for some data, but they lost money. They never did pay the ransomware. But they lost money and they lost business credibility. And that was probably more valuable to them than money.

     

    Carolyn Norton  13:06

    Boy, I would have been very unhappy as an employee having to work over the holidays to boot.

     

    Amy McKie  13:12

    What I’ve seen also is people might have a disaster plan as far as it goes. But also where we’ve helped, you know, in a lot of our clients is coming up with that business continuity plan is how are they going to actually continue business during you know, if they do have, you know, something happened, whether it’s, you know, a natural disaster, whether it’s ransomware, you know, anything like that is they don’t have the business continuity plan in place, either.

     

    Carolyn Norton  13:40

    Which leads to another question. So we talked about natural disasters, Mother Nature is who she is, but what about what else is going on in the world? Why isn’t that radar going up and, and telling them, Hey, maybe I need to think about how to protect my business, not just let things happen.

     

    Jason Wietharn  13:59

    You know, depending upon where you’re at, it’s amazing how fast these kind of events are coming up, and it’s still catching people off guard. I think, you know, you got these these disasters happening, but within those, all these distractions, right, and I think businesses are just fighting hard to keep up with it. And, and as Amy pointed out that continuity plan, right, there’s, there was another consulting company that, you know, based out of, you know, Ukraine, and I mean, their business severely affected, right, because, you know, all the men were being asked to go to war. How do you come out of that, right? I mean, it’s that those are two different degrees, pretty difficult, but having that plan in place, having an ecosystem a community around you, to support you as well, I think is something that businesses are also trying to figure out that man if I have that, that can also really helped me too.

     

    Rich Fowler  15:00

    I’ll take that a step further. And you’ve got to have the ecosystem as part of that ecosystem. And I see this as we work with partners. Now there are there are various types of partners out there some big some small, some great, some not great, you know, we get that. But they’re, they’re doing their thing in the business, and they’re not working on the business. And then when someone a curveball comes, they can’t hit it. It’s just it comes in too hot and too hard. They can’t hit the curveball. I will. It’s those partners that are looking for the curveball and have leadership out there saying, Yes, we’re working on the business, and we’re anticipating the curveballs. So when they do come, we can hit them and not be knocked out of business by something like a COVID, or a war or whatever the next curveball is,

     

    Carolyn Norton  15:46

    right, some sort of safety net that they’ve they’ve they’ve taken some thought and and precautions as much as one can write, no one’s ever going to be 100% prepared, but having something in place or having those thoughts, and thought leaders spending time on that aspect is definitely going to help if it happens when it happens.

     

    Amy McKie  16:08

    So every employee is being affected by this as well. So it’s keeping a pulse on, you know, your team members that are working beside you, as you know, employees of the company, because we’ve got all these disasters that affect businesses, but all of these are rolling down into personal lives of our team members. So it’s, you know, inflation, you know, do I have an employee that’s worried about, you know, daycare, you know, where the next meal is coming from, you know, I’m trying to pay attention to that, as well as you know, what’s going on the business, trying to make things better, and making sure we’re secure, but also making sure that the team members are okay. And living through all of these have team members that have, you know, family members in other countries, you know, that are hit by high gas prices, that kind of stuff. So I think it goes to business, but it also goes to people.

     

    Carolyn Norton  16:59

    That’s a valid point. And I love when Jason mentioned distractions, that that word really resonated with me, because, you know, all too often we hear these stories, and I mean, it’s such a prevalent issue. We know it’s going on other organizations have heard it from others, we’ve seen headlines out there. And I know one question that always comes across my mind is why isn’t every organization taking a moment or two to make sure that they’re set up for success? Right. And I think it is that there’s so many distractions going on more so now than ever, you make a valid point, Amy, there’s a lot of stuff going on in our personal lives as employees as human beings, you have organizations that are trying to, you know, survive, keep up, you know, ebb and flow with all these different things that are happening in the world today. And in their business sector. The very last thing on their mind, not that they don’t care is, you know, hey, you know, how do I also make sure I’m safer for these other threads right now, they’re just trying to, you know, multitask, all these different things that are going on, plus these last minute things that are hitting them. And that’s the perfect scenario for a malicious, you know, actor to be like, Haha, I think I found an organization that has too much going on, let me target them and hope for the best I, I love that idea of distraction, there’s so much going on. And it’s, it’s causing organizations to, you know, not necessarily take the time or the opportunity to set them selves up with some good processes, some good tool sets to protect them for these possible disasters.

     

    Rich Fowler  18:43

    I think it’s the distraction and it’s the speed of the distraction. You know, we’re, we’re a global economy. Now. If you’ve ever thought you’re just dealing with the people down the street, and you’re using cash to do it, look around. It’s not the case, we’re a global economy, which means you’ve got a global economy of bad actors, and I’m just gonna call them morons, because I, yeah, I don’t have

     

    Carolyn Norton  19:05

    morons. Or

     

    Rich Fowler  19:07

    hackers make me a bad, bad actor. Blackhat hackers make me so angry. It’s just that there’s us that use that for good, you know, figure out a way to use that talent for good, but it’s the speed and now it’s not just the bad actor from around the corner. It’s the bad actor from every corner of the globe. And all they need your email address or some way to get in or, you know, a data breach where they can grab two pieces of information, you know, and and now they’ve got access to something of yours and they start to worm in so it’s the distraction, but it’s the speed and the magnitude of the distraction.

     

    Jason Wietharn  19:44

    That’s a great point Rich, and I heard earlier. We talk just about the idea of, you know, all the security and what we can do around that to you know, help think more proactive. To flee. And there was a story around specifically, we’re talking about how they were losing customers. And so I just want to hit on that. Just a real quick point. You know, on the flip side, while we’re talking about the security, and what you can do there, and there’s a lot of things that, you know, we’ve seen clients be reactive as opposed to proactive, right? But it’s also protecting your customer base. And this is a moment, right? When you think about disasters, it’s a moment, not only to think, on the one side around what you can do from a security, but also, how do you make yourself invaluable to your clients. So when you do have something that hits you, right, and you’re in that world of trying to get that resolved, you’ve also made yourself you know, so valuable to your clients that you’re trying to serve, that that’s a piece that you don’t have to really, you know, you don’t have to react to it, right, it’s just this natural cycle that you can at least count on. Right. And that’s a piece where I think a lot of customers are at risk, and really have a op, or great opportunity, in some ways to reinvent themselves.

     

    Carolyn Norton  21:17

    You make a good point, Jason, I just think about organizations when they have to publicly announced that, you know, there’s been a data leak, or they’ve been hit, Hey, watch out, we’ve been compromised. Please watch out. If you’ve gotten anything odd, or a CEO is asking you to buy gift cards, it’s my favorite one that comes across all the time. Asking for gift cards, it just it just, it hurts the way the organization looks, not through direct fault of their own. Again, I’m hoping it’s the distractions, that is why they haven’t been able to take precautions, but it’s just not a fun thing to have to put a press release out there, hey, you know, we’ve been compromised, you know, watch out, we’re gonna do what we need to do, you don’t ever want to be put into that situation. So to be an organization that’s set up for success, and to your point to have that trust and, and that security in place with your with the people that you communicate with? It goes a long way it helps out ultimately. But let me ask this question, because I just thought about another fun scenario, that’s still a big disaster. But it’s the human element, because we’ve been talking about these, these, these fictitious people that don’t exist, the I’ll say, jerks rich, that are out there. That are they’re looking to try to sneak their way in. But I’m reminded of a scenario where an organization had a technical person, they had all the information, they knew the ins and outs of how everything was set up for this business. And, you know, like many that many organizations that dealt with the great resignation, they decided to move on to another opportunity. Not a lot of documentation, nobody kind of knew where all the keys to the kingdoms were, they didn’t know how to handle XYZ. And as that new person started to transition into that role, boom, they got hit. So not only do you not know, the lay of the land, you don’t know how everything’s set up how the backups are, how this is, and that is happening. But now as a new person stepping in, I got to figure out how to recover an organization that I just stepped into in my in my second week of the job. Wow, like, crazy stuff. And there are many stories like that where many, many folks have left the organization for whatever reason. And now you have this massive gap in in your, in your team? How do you how do you you compensate for that data, that information that that human person has, and protect the organization in that scenario, so that when if an event does happen, you have something to recover from?

     

    Rich Fowler  24:16

    I think you’ve hit you already answered your own question or the first part of that because you mentioned documentation. And we’re already talking about the other part, which is if there is a system in place and you lose somebody that’s dealing with your Azure stuff, all you lost was the person, you didn’t lose the technology, you didn’t lose the security, you didn’t lose anything other than the person. If your processes are documented and everybody left on good terms, then there shouldn’t be that much of an issue. Now, we’re going to throw a different term out there. I went with moron you went with jerk and we’re gonna throw third one out there. The third one being criminal. And if they if they stole information, if they stole things from the company that’s that knocks the company down. That’s criminal activity. So and you got to prepare for that, too.

     

    Carolyn Norton  25:04

    Yeah, so that’s a big one. That’s a big one. Your again, these are these are, you know, I’m gonna err on the side of trustee. These are human beings that were interesting to handle their role. But in that trust, there’s levels of security and access that each individual has. So yes, there might be it even as simple as an address book of names and accounts vendors, is important data, any kind of data is is useful, especially for the I’ll still stick with jerks, but criminals are good to where they can take that information and dissect it and do whatever they want with it. So that’s a good point, rich, there is also a risk and a concern on how do you protect that data at EA every piece of data that’s in the organization? How do you make sure it stays, but it doesn’t go elsewhere. It doesn’t get inadvertently modified. And it’s not right data anymore, which also causes issues. protecting against that is also an important aspect to consider. That’s that’s very much a threat.

     

    Rich Fowler  26:15

    As long as we’re talking about it, would you while we’re thinking about it, would you just send me a picture of your corporate credit card, front and back? Absolutely. Problem, that’s how easy and I’ve seen that I have seen that somebody’s on their phone, they’ve got a picture of the boss’s corporate credit card, and they’re putting in and they were doing it legitimately because the trust factor was there. But they were placing an online order. And that’s how they had the credit card information. You know that that’s not a technical breach. That’s a procedure for each,

     

    Carolyn Norton  26:45

    It’s the human element. It’s it is a human element that you have to educate and just say no, you don’t want to take a picture of it’s like, it’s like sending a picture of your social security card, or your passport. Yeah, or your certificate. That’s all important stuff. I will quote the office identity theft is not a joke. You’ve really got to be careful with the information that you’re putting out there. You know, the internet’s awesome. I love technology, right? We’re all connected, we get to talk to each other, whether we like it or not. But it also means there are other people that are watching what you’re transacting, right, what you’re communicating what you’re sending. And like, like you mentioned, a credit card sounds about right. Nice, right now I could I could buy a few things if I really wanted to be a criminal. Let’s not. I won’t, I won’t. I won’t. But that’s the kind of stuff that that’s the kind of stuff that keeps going on. And again, that’s where these these emails and text messages of, hey, I need you to go buy the gift cards, or, Hey, I’m in a pinch, can you send me your credit card? Because I need to buy something even that is is the human element that’s very, like, reactive, okay, yeah, no problem. I’ll send that along. You’re in a pinch, I need to help you out. Reminds me of what was it in the 90s? A Nigerian prince?

     

    Rich Fowler  28:23

    You’ve been bequeathed money. Send me your account number.

     

    Carolyn Norton  28:25

    Yeah, still going on to the new modern way?

     

    Amy McKie  28:29

    Yeah, and the account management team on our side is I mean, we’re constantly working with clients that are, you know, hey, we need to put this credit card process in place, because we’ve been taking them writing them on a piece of paper, you know, and putting them next to somebody’s desk until we type mint. We’re like, Okay, we need to help you get PCI compliant or anything else is spin. You know, that’s what the account managers are there, hey, we’ve got, you know, data that’s HIPAA compliant and all that other stuff. So it’s, it’s really taking a look at how companies are doing again, business, you know, and their processes that go along with it to keep everything secure.

     

    Daryl Moll  29:02

    I was just gonna say, and I think, you know, we’ve been talking about a lot of different things and a lot of different, you know, areas and, and facets of what these threats could mean and or what they where they can come from, I think the biggest thing is, you know, if you go back and ask somebody that just had, you know, something happened to them, they’re going to be like, Yeah, I wish I would have known or I wish I would have done that, you know, done that. The thing to do is be proactive on thinking with wide open, you know, field of view on all the different pieces that can happen. What happens if a delivery truck hits the light post out in front of your building, and takes down the electricity to it so that you can’t ship any more product out? Or you know, all sorts of different things. But, you know, it’s not a matter of it’s a matter of looking at everything with wide open eyes, but then also constantly in re evaluating it or on a regular basis re evaluating it because that landscape is going to change and it’s going to be different the next time you look at it Daryl.
     

    Amy McKie  30:01

    That’s what we’re asking our questions every time we kind of get on the phone with them is what’s changed in your business? One, what changed during COVID? You know, how did you had to have to change your hats? But what is changing what worries you? What keeps you up at night? You know, those are conversations that we’re, we’re proactively having to try to get to, you know, okay, we’ve got a hole, we’ve got a gap, you know, you need to plan for this kind of thing.

     

    Carolyn Norton  30:23

    You know what, though? I agree with you, but I will tell you, oftentimes, even the most simplistic things will recommend to an organization and they’ll say, Thanks, but no thanks. That like, yeah, I appreciate that that tidbit, I hear you, but no, thank you. I’m just not interested right now. Not sure what it is that that’s causing them to not move forward with the recommendation, right. But I have experienced organizations not necessarily taking our insights, guidance on various topics, and just proceeding with the status quo. What do you guys feel about that?

     

    Amy McKie  31:06

    I haven’t we have it happen all the time. But we try to, you know, ask the questions, talk about cloud, hey, what’s your, you know, what are you doing with with your infrastructure or, you know, employees, what are you doing business, and, you know, it’s, Hey, we’re fine. We’re just gonna stay where we are right now. And then all of a sudden, five years later comes by and, you know, one they’re so far behind in technology, or that next phone call we get is, you know, what, we should have had the conversation because we were just hacked.

     

    Daryl Moll  31:36

    Yeah, I mean, I, I have a example of a client that we had, that we were always talking to them about moving to the cloud, and some of the benefits of the cloud of, you know, even instant size, flexibility and, you know, admin flowing with their business and the size of their machines and stuff like that, but also the, you know, the, the recoverability and the protections that it involves, and, you know, they were like, Oh, we’re good, we’re good, we’re good. We have all this investment here. They got hit with ransomware. And, you know, they’re like, Okay, so we started having a conversation again, and we said, hey, you know, there’s a lot more protections, and here’s things that we can do. And we could have had you up and running in a, in a much faster basis, took them several weeks to get back up and running. They got back up and running, we started having the conversations for the third time, they said, Okay, well, we’ll do a quick POC, and you know, you can show us what you’re talking about, we were in the middle of the POC, when they got hit with ransomware, yet again, it was decided that we were going to take this quick POC environment that we were doing proof of concept that we were doing with the client and get them up and running, because they couldn’t stand to be out of business again for several weeks, within the span of a month and a half. And we had them up and running within 72 hours, had their you know, everything back up and running and functioning for them without any issues. And you know, a lot more a lot more insight into what’s going on with their business and what you know, what, what hardware is running on them. So, yes, I mean, it happens all the time. We hear it all the time, you should do this, no, I’m interested or No, I’m not interested, or I’m good. I don’t need to do that. And, you know, we say it and we do it, we make these recommendations, because we’ve seen it across to all of the experience we have with all the vast amount of customers and industries that we deal with.

     

    Carolyn Norton  33:23

    It’s that it’s that ain’t broke, don’t fix mentality, which is not a good way to look at things.

     

    Jason Wietharn  33:29

    Do you think part of that is they don’t understand the cost of being down?

     

    Daryl Moll  33:34

    It’s funny, because you talk to people that have been there, done that and lived through it. And they place the appropriate value on what this does to you know, how long it How long are we down for the impact it has what it takes to recover from that they’re there the image in their clients eyes, you know, their reputation, it has a problem after that, even if it’s just, you know, hey, nothing, nothing by my fault, but I was down because of X, Y or Z that still damages the reputation. And if you don’t have that in an effects, you’re your customers and your clients, you know, and if they don’t have that experience, they don’t recognize what that’s actually going to do and how hard it’s going to be to overcome.

     

    Amy McKie  34:15

    We had a customer go down not too long ago that was it had nothing to do with being hacked, it was more or less the server went down. And then they thought I’m not going to move to the cloud. I’m just going to wait for a new server, even just due to supply chain and procurement took them forever to get back up and running where I’m like we could have had you in you know, going within you know, 7248 72 hours, but they wanted to wait, you know, four weeks.

     

    Carolyn Norton  34:41

    That’s insane four weeks of being down they’re okay with that?

     

    Amy McKie  34:46

    I think you know, finally they started realizing okay, we made the wrong choice, but we’ve already purchased this other server so we’re just going to wait for it now. Well, what it just cost them in business just made up for that

     

    Carolyn Norton  34:59

    And all the employees sitting there having a free vacation.

     

    Amy McKie  35:04

    And then now hey, you know, having to do all this, you know, catch up when they, when they finally got the server up and running.

     

    Rich Fowler  35:12

    One of the things that that I was going to bring out, as you say that you’re, you’re having your team proactively ask these questions, I think that’s something that the partners need to do a little more of, because the I talked about difference in partners, the partners that are out there asking those proactive questions and being the thought leaders and providing the Darrell mentioned the hundreds of customers and experiences where we’ve seen this kind of thing. That’s invaluable. And the old saying, if you’re, you could never live long enough to learn everything by your own experience. But you’re better off to learn it by somebody else’s experience, that that kind of stuff coming from the partner to the customer can make that partner, head and shoulders above the rest of the world. And I also think that we fall down and partners fall down in a couple of places, and one being tooting our own horn, as Carolyn mentioned, press release and having to put out a press release that says yeah, you know, we got hacked, or even worse, having to put out a press release to your customer base that says, yeah, one of our customers was the victim of XYZ, whatever. That’s a terrible place to be. But the flip side of that, what if we were able to say, in a press release, and push it through our marketing team and shout it from the rooftops, customers who’ve taken our advice, have not had a negative instance, whatever this is, have not had a hacker have not had something, since you know, 1976, or whatever the, you know, five years, do the whole safety thing from the factory, you know, five years without an accident. I love that five years without without a, without a breach of our customers who’ve taken our advice, because you can’t fix stupid. I mean, there are going to be people who, whether it’s arrogance, or laziness or fear, you know, there’s the fear factor of the IT guy says, No, I don’t want to talk to you about Azure, because he’s afraid he’s going to lose his job. And understand that he’s not going to lose his job, his job is going to get even busier. But he’s going to be doing more important things. But again, it’s working in the business, not on the business. One of those things is causing them but but think of the power of that press release could have customers that take our advice haven’t been host that carries volumes.

     

    Carolyn Norton  37:38

    You know, something that also I was thinking about is how do you how does Oregon how do organizations deal with legacy applications, right? Hey, I had a local mom and pop shop, write something up for us were, it was great for us when we were small, we’re growing. But that person and that group doesn’t exist anymore. That to me is also a threat, right? A lot of organizations love to hang on to, I haven’t seen anyone hold on to their phone. And please do not send me pictures of an old mo Motorola. I haven’t seen anyone in our current state keep a phone longer than maybe three years max. And maybe I’m being generous there. Why do organizations keep these old antiquated applications when they see the benefits in their daily lives with technology, especially again, using a cell phone? Every time there’s a new version of an iPhone or a galaxy? Everyone wants to get some version of that? Why aren’t they doing that with their applications? Don’t they realize that that application is old and may need a revamp what’s going on there?

     

    Amy McKie  38:47

    We see this every single day when we are working with our clients, you know that they’ve got somebody wrote this, or hey, you know, my brother in law wrote this application and it really works well back in an old Access database. And we’re just gonna keep it here for a while, you know, I’m like, Well, what happens when something you know, when this program just goes to kaput? New you can’t access anything in there anymore. So we come across that every single day. And we’re trying to those are the questions that we’re asking what changed in the business, you know, how are you doing business today? How are you going to keep up with technology?

     

    Carolyn Norton  39:24

    I almost wonder how do we get the personal technology mindset to the business technology, technology mindset, right? I have an awesome Smart TV. I have a cool latest and greatest cell phone I’m sure there’s other gadgets, Alexa, this that and whatever, all things that I didn’t think I needed, but I bought and invested in and it’s made my life better. That’s why I have it. Why aren’t they doing that with the business? What is this mentality that that works fine. Again, I harken back to if it ain’t broke don’t fix, but why don’t they translate? You know, the stuff that we do in our personal lives to their business life, because it’s there. If my phone dies, I don’t know, I don’t know that I would be very happy. And I think I wouldn’t be very functional either.

     

    Amy McKie  40:13

    You know, but I think part of its budget, you know, with costs on the rise everywhere inflation, you know, people are nervous about investing in one technology that costs a lot, but it’s also helping the clients maybe evaluate that there’s a lower cost option of doing something a better way. And I think it’s really just, it’s having conversations, because you can do, Darryl, I think you deal with this with a lot of our clients all the time, you’re kind of the right hand for my team is, you know, we’re helping evaluate going, okay, maybe you’ve got an Office license, and maybe that you know, or maybe you’ve got this piece of M 365, where you could have power platform, and all of a sudden, your recordings a lot better, you know, and that just made somebody’s life a lot easier, rather than going and digging through a file cabinet or, you know, through tons of spreadsheets. In order to grab data,

     

    Daryl Moll  41:03

    you have two words that we’ve already mentioned here. Comfort, and distractions. They’re comfortable in the way things are working, and they’re working. And they have so many other distractions, that that’s why they’re not evaluating what these things are, they’ve been using for years, you know, think of the large, I mean, I’m always amazed at some of the size of huge organizations that run their huge key ponent key components of their business on Excel spread, you know, and multiple Excel spreadsheets and interacting between them in different different things like that, when there’s, you know, a lot more modern technology that’s a lot more secure with a lot, you know, what better ways to control the data flows and stuff like that, you know, that they don’t even look at because there’s again, they’re comfortable because it’s working. And there’s so many other distractions that they don’t want to deal with that at

     

    Rich Fowler  41:49

    this time. Go back to the three that we’ve mentioned earlier. It’s their wallet, their heart or their attorney, if one of those three things doesn’t kick them, they’re not moving.

     

    Daryl Moll  41:59

    I was confused. I thought you were going to the morons, jerks and

     

    Carolyn Norton  42:03

    criminals. Let’s not forget the criminals.

     

    Rich Fowler  42:07

    jerks and criminals and wallets, hearts and attorneys. Those might be Yeah, I’m not gonna go there. You might have correlation there, but I’ll leave it alone.

     

    Carolyn Norton  42:16

    So we got comfort, we got distractions, we got a wide array of morons, jerks and criminals.

     

    Daryl Moll  42:26

    I think a big question is again, you know, Amy, you, you mentioned what’s changed, and what’s different in your business? You know, probably another thing to ask is What hasn’t changed? And what have you been using in your business for a long time? And is there is when’s the last time it was evaluated as to, you know, is this still secure? Is this still the most efficient way to do it? Can I be making my employees lives better and more efficient and speeding up, you know, the way we do business by, you know, refreshing technology or a process, you know, because a lot of times, like you said, they’re comfortable, and they don’t want to change it because of all the other distractions.

     

    Carolyn Norton  43:04

    So let’s talk about the smart people, organizations that have listened, maybe they have gone through the event, maybe they’ve listened to our podcast, and they’ve taken steps to secure their organization, what how have organizations taken steps to secure themselves,

     

    Daryl Moll  43:25

    I mean, I’ll throw I mean, organizations have taken looks at all of the different ways that their business can be affected, both from a technical logical standpoint, and, and completely taking out technology. But you know, from the technology standpoint, they’ve evaluated and said, hey, you know, our data used to be on a single server that was in our office building that was locked in our office building on our, in our facility. Now, our, you know, employees are accessing data from home, they’re accessing it from hotels, wherever they’re at all over the place. There aren’t any walls anymore. They’ve, they’ve, they’ve pushed out the data. And now they’re starting to realize, hey, that makes it more or less secure, and more ripe for the picking from the bad actors.

     

    Amy McKie  44:07

    Well, and then by them doing that, you know, and I’ll say our organization’s awesome at this, but then taking all those precautions, and putting all the systems and all the security in place, it allows their team members where, you know, we’ve had a lot of people that have gone to a fully virtual workforce, just like us, you know, whereas team members are happy. I find that you know, team members are just if not more productive when working from home. And then it that creates happier employees, which creates retention, which creates that you know, that person that’s knows everything is going to be there. But also then you can like go hire the best of the best all throughout the country when you’ve done this and not just have everybody going into a brick and mortar office. So I think just it also just goes down into the employees and the team and then the technology is all wrapped around that.

     

    Rich Fowler  45:02

    And I’ll put a I’ll put a personal point on that. We’re working with a customer. And they were the folks who were just talking about they were, if I remember correctly, they were on multiple spreadsheets for everything from procurement. Actually, I do remember this, they had 12 different systems all on prem, completely insecure, and it was costing and it one of the reasons that they they came looking for help was the fact that the accounting person was threatening to quit, because she was working 50 and 60 hours a week trying to tie all the information together, and put it where it needed to be, and blah, blah, blah. So we we got through the process, we got them up on what they needed to be on. And when we showed the proof of concept, I can still see your face, I’m stuttering a little bit, we showed the proof of concept and let her play in it. She started to cry, because she could now go to her grandson’s baseball games. And that’s the personal side of it. She could go to her kids, her grandkids games, because she’s not working 50 and 60 hours a week now, that’s where the technology turns it into what personnel plus?

     

    Carolyn Norton  46:14

    Yes, yes, because most people want to do their very best at their job, right? They want to be efficient, they don’t want to be stuck doing, you know, some mundane process over and over again, that takes three hours, everyone welcomes efficiency, I feel that that’s an amazing story rich, and that reminds me of a personal note on my side of man, I cringe thinking about it, let me take a moment, no teasing. When when COVID happened. And we all had to transition from to work from home, I was going into the office and I you know, had to pivot, I have two children. Here I am having to try to work from home, there’s two children in the house, I have to be a remote teacher. Now what. And that’s not my role. And I just remember the fact that we were set up in such a great way where AI can work efficiently from home, we’re leveraging technology I have more going on than I ever have, again, distractions. We talked about it earlier. But I’m able to do my job safely and securely from wherever, whether it’s an issued device from the organization, or my personal devices, we were set up in such a way where we were able to still do what we needed to do work, have that work life balance and adjust to, you know, the change that happened, you know, globally for everyone. So it was just such a great experience. That human element actually worked out and saved me from my sanity, although I almost lost it a few times. But that was because of the children.

     

    Rich Fowler  47:55

    That’s a self inflicted wound. Yeah.

     

    Carolyn Norton  47:59

    So closing thoughts, guys, we talked about is your organization ready? Right. And we talked about a multitude of things. So if you can each person can you give me we talked about a lot? What are your closing thoughts? We’ve discussed a lot. What’s what’s the takeaway here? I

     

    Daryl Moll  48:18

    mean, my takeaway is, you know, overall, you need to on a regular basis, whether that be annual, biannual, you know, quarterly, whatever the case may be, you need to be asking yourself questions, like Amy said, what’s changed in your, in how you do business? And also ask What hasn’t changed in maybe you shouldn’t change? And then just evaluate with wide open eyes? What what could affect your business and try to expand out and don’t ask the same questions. Every time, make sure you’re adding at least one or two different varieties of a question. Every time you’re going through that reevaluation because that’s going to expand your boundaries and open up your thoughts to different things that you need to account for.

     

    Amy McKie  49:00

    Well, and what’s changed is, you know, also I’m, I’m big on people, you know, clients and people is, you know, what I love to do, and it’s really, you know, taking a look at the lives of the employees and of the clients and what’s changed and how can we make that better and, and in more secure, you know, by being secured by having the technology at the end of the day allows, you know, a mom to go or a dad to go to baseball, soccer practice or not miss a dance recital or something like that. So I think I think it all flows together, security technology flows down to employees and business continuity and all of it, it’s all wrapped up in one.

     

    Jason Wietharn  49:37

    I agree. I mean, the idea that you bring me together, the people and the technology into one. And Darrell, as you mentioned, just the idea of you know, that reevaluation right, regardless of what that cadence is, you know, with the distractions that are going on it, you know, you have to have those self reflective moments. on, you know, where those gaps are, what can I improve? How do I reach out from a community from a partnership to help help me understand what that next is, so I can fill that in and, and at the end of the day, if I can make it better for the people, as you pride out, Amy, I mean, it just ends up being a big win for

     

    Rich Fowler  50:22

    everybody. I guess my mind would be to take barrels thought just one step further, and I look at it from both sides, I look at it both from the customer side, and from the partner side from a customer side. Well, you got to can’t be stupid. So don’t be stupid. And from a partner side, don’t let your customers be stupid be giving them those things be offering be suggesting the questioning. And if we can help them not be stupid and push them to not be stupid, then we never have to issue that press release that says, hey, you got hosed. And I really do want somebody to write that press release that says haven’t had a host customer in so many days, months years. I think that’s valuable.

     

    Carolyn Norton  51:03

    That’s amazing in my takeaway is it’s it is the human element. I liken this to going to the gym and eating healthy. We all know we’re supposed to do it. As human beings are supposed to have our veggies, we need to wait work out. What is it self care, but we get distracted, we get distracted, we get complacent. We know what we’re supposed to be doing. We recognize the value of what we’re supposed to be doing. Sometimes we don’t listen. But for whatever reason, it just, it doesn’t take precedence. And you have so much going on that the distraction and the comfort kind of wins, ultimately in the end and it and it seems to be the case in the business sector today. It doesn’t matter whether you’re a small or big organization, any organization can fall victim to the big disaster. Sometimes the threats are too fast and plentiful for an organization to react quickly enough. But what if there’s a way to prevent the big disaster from happening in the first place? Join us next month for our next episode, the anatomy of a big disaster and understand how business decisions impact disaster preparedness.


    Contributors

    Carolyn Norton

    Amy McKie

    Jason Wietharn

    Daryl Moll

    Rich Fowler

    X