In this episode
Marc Pickard from CBTech Support warns that all small businesses are at risk from cybercriminals for two key reasons. First, they're low hanging fruit and easy targets. Most don't have the technical and procedural protections in place to make getting hacked difficult. Second, they're stepping stones to larger, juicer targets which could be a client or supplier. Small business owners often don't have any idea of where to start to protect themselves from attack and find the whole topic overwhelming. Marc shares data that the average ransomware payment for businesses between 2 and 100 employees is $75,000 and this excludes the cost of clean-up, restoration, notification efforts and reputation damage. Marc provides some clear guidance on what a small business should do to minimize the risk of getting nailed by a cyber attack.
A glimpse of what you'll hear
01:46 Small business owners are at risk of getting hacked for 2 big reasons
02:53 There's no place to hide. Hackers will find you.
03:44 Making yourself unattractive to cybercriminals requires both technical and human solutions
05:43 Using cloud based solutions doesn't necessarily protect you from cyber attacks
07:13 Dealing with staff that "bring their own devices" to work
08:23 How your business benefits from safeguarding your data and IT infrastructure
11:20 What does a small business need to do to protect them from a cyber attack
13:55 Learn about Marc. Email Marc at firstname.lastname@example.org
(Note: this was transcribed using transcription software and may not reflect the exact words used in the podcast.)
Centricity Introduction 0:04
Welcome to the Best Kept Secret videocast and podcast from Centricity. If you're a B2B service professional, use our five step process to go from the grind of chasing every sale. to keeping your pipeline full with prospects knocking on your door to buy from you. We give you the freedom of time and a life outside of your business. Each episode features an executive from a B2B services company sharing their provocative perspective on an opportunity that many of their clients are missing out on. It's how we teach our clients to get executive decision makers to buy without being salesy or spammy. Here's our host, the co founder and CEO of Centricity, Jay Kingley.
Jay Kingley 0:43
I'm Jay Kingley, co founder and CEO of Centricity. Welcome to another episode of our Best Kept Secret show, where I'm happy to welcome Marc Picard, co founder and CEO of CB Tech Support. CB tech support works with small businesses to monitor and manage the technology they used to run their business, from computers to software, and everything in between. Marc is based in New Providence, New Jersey. Welcome to the show, MarC.
Marc Pickard 1:14
Thanks for having me, Jay.
Jay Kingley 1:15
Marc, one of the things that I am blessed in my role is I talk to a lot of small business owners. And in the course of the discussions I have, oftentimes, technology becomes part of what we talk about, and I ask business owners to talk to me about the technology they're using what works, what doesn't work, what they worry about. And one thing that I hear to a surprising degree, is the number of business owners who say to me, thank goodness, I don't have to worry about getting hacked in ransomware. Because I am too small, those guys are going after the bigger fish in the pond. You know, you read about these attacks, whether it be on the large enterprises, or government or other major types of businesses, but they leave us small guys alone. And I'm wondering, Mark, how true is that?
Marc Pickard 2:21
Well, that's an excellent question, Jay. I would say that's absolutely not true. And there's two reasons for that. One is low hanging fruit. And the other is stepping stones. Low hanging fruit, mainly because small businesses generally don't spend the time or money to invest into their cybersecurity. And for stepping stones, it's because they're usually the way into a larger target like one of their clients, and therefore a larger payday for the cybercriminals. And that's kind of a doubly bad day for them if they're the way into the one of their clients networks. Because how do you think that client is going to feel? Once they find out that you were the way in to their network?
Jay Kingley 3:00
Marc How they going to know that? How are they going to find me? I mean, there's millions 10s of millions of small businesses out there aren't the odds, like, you know, they're going to hit someone else? And also, how do they know who my clients are, even identify that I would be that stepping stone?
Marc Pickard 3:21
Well, you'd be surprised at how sophisticated these guys are, they do their research. So if they're looking for a way into a large company, generally a smaller company is not going to have the resources or the defenses in place. And that's going to be their way in. So they're pretty good at doing the research to figure that out.
Jay Kingley 3:37
Marc, what should a small business be doing when it comes to taking care of their cybersecurity and making sure that shall we say their fruit is at the top of the tree, not easily plucked from the bottom?
Marc Pickard 3:52
Well, it's it's both a technical and a process issue. Technical in that you have to have certain technology in place things like a commercial grade firewall, Norton, or McAfee, an email filters and process in that since there's a human element in everybody using technology, you have to have certain policies in place that kind of describe how you do things and what people should and should not do in the business.
Jay Kingley 4:20
When you have worked with these small businesses. And you talk about, you know, needing to think like that. What are the points of resistance? Where do you see pushback, or do you find most small business owners once you lay it out? They're like, Absolutely. Let's get this done.
Marc Pickard 4:39
Well, I would say most business owners have no idea where to start. So that's, that's the main reason that a lot of people don't do this. It's kind of overwhelming. There's a lot of stuff out there. There's a lot to do. And when it's left up to the business owner to do it, most are okay just pushing it off because they don't really know where to begin.
Jay Kingley 4:59
Is there a prioritization Marc between the more technical systems type solutions versus the more process and procedure oriented approaches?
Marc Pickard 5:12
Sure, I would say it's probably best to get some technology in place first, and then work on the processes and policies after that. But it's it's also a good idea to do them in tandem, to have the technology in place as you're building the process. It's a little bit of both
Jay Kingley 5:33
And when we're talking about technology. I mean, a lot of times we think about our computer systems or network, you know, firewalls and other things like that. And I think I have really two questions for you. One is, if I'm using a cloud provider, you know, for In other words, rather than having servers that are mine, on my premises, I'm using a third party, whether it's small business, maybe it's Google, maybe depending on my business, I'm doing AWS, or some email provider, that's a cloud based email provider, can I relax and say, you know, they are going to take care of the security around their component, I really need just to worry about the equipment and infrastructure that I own.
Marc Pickard 6:28
That's a common misconception. Granted, those companies do put a lot of money and effort into their own security to protect their infrastructure. But the portion of the system that you're using generally doesn't have that benefit. You are responsible for protecting and securing and accurately configuring that piece that you're using to make sure that it's secure.
Jay Kingley 6:53
And my last question before we move forward, is what about my end user? So I mean, we're in an environment where remote work seems to be an something that's going to stay with us for at least as long as I can see. And clearly when I have, you know, servers at all on my premises, as a business owner, I get it, I got to protect it. But what do I do about my users? And what do I do when some of my staff brings their own devices in to work? There aren't even devices that I'm providing for them? How should I be thinking about that?
Marc Pickard 7:33
Well, that's an excellent question. And a very tricky situation really depends on what the small business is doing, and what type of information whether it's sensitive, whether it's things like health information, or personally identifiable information, how that's treated, handled and what the workflow is, as to whether or not you really should be allowing personal devices in the first place. And if you can, how you're how you're dealing with that.
Jay Kingley 8:01
And I'm getting the sense Marc, that the old saw that ignorance is bliss, perhaps is not the right way that we should be thinking about this topic. And as people start to get small business owners start to get more cognizant about the issues and their responsibilities and their risk, doing that putting the things in place that you're talking about, both from a technology point of view, process and procedure point of view, if I'm that business owner, how is it that putting those things in place is going to benefit me.
Marc Pickard 8:40
So if you have those, both the technology and the process in place, things are going to be a lot better for you in terms of moving forward in technology. Once you have all that stuff in place, first of all, your data is going to be secure, because you have an idea of where it is who's handling it, who's allowed to have access to it, things like that. And then from a technology standpoint, you're going to be better protected, because you're going to have the things in place. Just for example, firewalls, an email security filters that will cut down on a cybercriminals ability to to affect you and get into your network and thereby get into somebody else's network.
Jay Kingley 9:24
And I'm guessing you might sleep a little bit better at night, without thinking that your entire business is going to crater.
Marc Pickard 9:30
I would agree. Yes, you you would I mean, can you imagine that your business that you've poured your heart and soul into that, you know, maybe you're leaving to your kids or you're hoping your kids are going to take over for you probably going to fund your retirement as well. Can you imagine if that just shut down because you had a cyber incident?
Jay Kingley 9:48
Yeah, that would be a true nightmare to have to live through. But let's move on from the business owner talk a little bit about the business itself. Putting in and investing in because you know, this isn't investments unnecessarily all free to get your security and your protections where it needs to be, you know, what's the impact on the business itself?
Marc Pickard 10:15
It's definitely an expense, it's not going to be cheap. And like you said, it's an investment, right? For businesses with somewhere between two and 100 employees, The Economist did a little research and found that the median ransomware request, just the request was $75,000. Right. And that's, that's not counting the cost of cleaning up after that any reputational damage that you might suffer any lost revenue due to not being able to service your clients at the time that the incidents happening. So that's, that's a pretty big cost there. So the investment to offset that is going to be a significant investment, it might not be exactly the same, but you're going to have to put in that that cost upfront to do that. Additionally, businesses that get hit about 60% of them close, after six months.
Jay Kingley 11:07
There goes that retirement fund that you had, not to mention your legacy. Alright Marc, so you made a compelling case here. It's not something that about business owners can adopt what I call the ostrich strategy, which is we're just going to bury our head in the sand, and just hope nothing bad happens. This is something that we need to be proactive about. So let's talk tactics here for a moment, what would be the key action items that a business owner ought to do in order to address the issues that you're talking about?
Marc Pickard 11:45
So the best place to start? Is it with multiple layers of security, because obviously, one isn't, nothing's perfect, so one isn't going to really do much for you. You need things like commercial grade firewalls, DNS layer security, endpoint security, email, security, filters, emails, machine learning to help you spot compromised email accounts, Dark Web scanning, to make sure that you know, you're aware of information that's out there on the dark web relating to your company. And you also want to be able to test your employees and make sure that their knowledge is up to date. So you want some sort of automated email testing capacity as well.
Jay Kingley 12:23
Do you go after that thing that everybody hates, which is telling all your staff that you are actually going to have to change your passwords on a regular basis?
Marc Pickard 12:35
That's probably one of the biggest ones.
Jay Kingley 12:37
Yeah, low cost, even if everyone's going to, you know, grimace and give you the dirty look. To do so. Marc, I love it. I think you've given all of us a great primer on how we need to be thinking about this critical, ongoing, it's not going away anytime soon. Subject of cyber security. Now we're gonna take a quick break. And when we come back, we're going to learn a bit more about Marc.
Centricity Introduction 13:10
Wondering how much longer you have to grind and chase after every lead conversation and client, would you like clients to knock on your door so you no longer have to pitch follow up and spam decision makers. Well Centricity's The Tipping Point program uses a proven five step process that will help you get in front of the decision makers you need by spending less time on doing all of the things you hate. It's not cold, calling cold email, cold outreach on LinkedIn or any other social media platform, or spending money on ads. But it has a 35 times higher ROI than any of those things, leveraging your expertise and insights that your prospects and network value. The best part even though you'll see results in 90 days, you get to work with the Centricity team for an entire year to make sure you have all the pieces in place and working. So you can start having freedom of time and a life outside of your business. So email time@Centricityb2b.com to schedule an 18 minute call to learn more.
Jay Kingley 14:09
Welcome back. I'm with Marc Pickard, co founder and CEO of CB Tech Support. Marc, I want to find out a bit more about you and your business. Let's start with the basics. Talk to us about the pain points that CB Tech Support solves for its clients and why they need you to get rid of that pain.
Marc Pickard 14:34
So the the two biggest pain points that we solve the first being your technology not working for you now. You know, people tend to bang their head against the wall when they have technology that doesn't work for them. So we try to keep that head banging to a minimum. And then second is sleepless nights due To worrying about your technology needs as your business grows. So we also solve those as well.
Jay Kingley 14:59
You You and I have talked about how there at times feels like there's billions of companies that offer what they would claim to be similar services. As to yourself. I know that creates sometimes lots of confusion and bewilderment among clients who are trying to figure out who is the right person to work with? I think that the the answer, if I'm on the buying side, is to say, Who do you think is the best at doing this type of work? Who is great at what they do? Because that's always who we want to work with who want to work with the best. So let me ask you pretty directly, what makes CB Tech Support great at what they do.
Marc Pickard 15:45
The thing that makes us great at what we do is we have a unique tool that has over 400 questions. And those questions are made up from a variety of industry frameworks and standards plus our own experience, that allows us to evaluate our clients environments, without needing to interrupt the business owner. And we can take that information and use it to eliminate the issues now, and also plan for the issues in the future.
Jay Kingley 16:10
I encourage everybody to go on to LinkedIn. Look up Marc Pickard. Markc, they'll see the career in your experience, and all the things that you have done. But I want to ask you a slightly different question. I'd like to understand what has happened, whether it's in your personal life, your professional life, that would really explain why you are sitting here today, running a very successful business in CB Tech Support.
Marc Pickard 16:44
Two reasons really. One is I like helping people and figuring things out for them. And two is I worked for a company that did something similar. And I learned how not to treat people and what not to do. And I really started this with my business partner, because we felt we could do things a lot better and really help people.
Jay Kingley 17:03
Marc, I am sure that we've got listeners out there that are now getting a little nervous that maybe they're not as buttoned up as they thought they were that this is a subject area that they have to take a little bit more seriously than they have been doing. So how is it that they can reach out to you to continue the conversation?
Marc Pickard 17:25
Sure, the easiest way to reach me is by email at marc.pickarda@CBtech.support.
Jay Kingley 17:33
All right, and we will put Marc's email in addition to his LinkedIn address in the show notes in both the video and the podcast. Marc, I want to thank you you've been a terrific guest really have enlightened us on this important topic to our audience. Let's continue to crush it out there. Until next time.