Steve Ferman | eTegrity
Once More Unto The Breach
Steve ferman original headshot.jpg
email icon.png
LinkedIn t.png

With over 40 years in Technology, we help small business owners manage their IT cost, Strategy, and overall IT management. We know that even the best-intentioned IT professionals do not always deliver what they promise or possess the expertise to do so, leaving you left holding the bag having to manage them.

We Provide technical advice and IT oversight of your vendors, staff, and overall environment to ensure you get the right products and services for the right price. , We manage the entire process so you can do what you do best, run your business.

In this episode

“You need to mandate end point protection for all remote users if you are going to protect yourself from being hacked”, recommends Steve Ferman of Etegrity.  In 2018, the odds of suffering a data breach were 1 out of 4 and 80% of companies aren’t prepared.  Using a multilevel approach to security for your core IT infrastructure isn’t enough if a hacker can get access via your remote workers because they don’t have end point protection in place.

Steve also observes that most hackers aren’t targeting your business specifically but they are scanning a long list of IP addresses to see where it is easy to get in. It doesn’t matter whether you have 5 or 5,000 employees, you’re just a random IP address.

 

Simple, preventative measures can save you hundreds of thousands of dollars and keep your company from ruin. Steps that Steve recommends include MFA or multi factor authentication and MDM or mobile device management.  When it comes to passwords, Steve suggests a 3 step approach: require strong passwords, use applications like LastPass, or Keeper to secure your passwords and help you remember them, and force your users to change their passwords every 30 to 45 days.

A glimpse of what you'll hear

01:36 End point protection for remote users helps prevent data breaches

02:56 Who's vulnerable to hacking and data breaches

04:06 What you need to do to protect your business from hackers and bad actors

04:55 The cost you'll pay if you don't protect your IT infrastructure

07:15 What steps a small business needs to take to adequately protect themselves from hackers

09:55 Learn about Steve. Email Steve at steve.ferman@etegrity.net or call him at +1.973.698.3511

Episode Transcript

Centricity Introduction  0:04  

 

Welcome to the Best Kept Secret videocast and podcast from Centricity. If you're a B2B service professional, use our five step process to go from the grind of chasing every sale. to keeping your pipeline full with prospects knocking on your door to buy from you. We give you the freedom of time and a life outside of your business. Each episode features an executive from a B2B services company sharing their provocative perspective on an opportunity that many of their clients are missing out on. It's how we teach our clients to get executive decision makers to buy without being salesy or spammy. Here's our host, the co founder and CEO of Centricity, Jay Kingley.

 

Jay Kingley  0:42  

 

I am super pleased today, to welcome to the podcast, Steve Ferman. Steve is a fractional CIO, based in Madison, New Jersey. He's the founder and CEO of eTegrity. And he focuses on serving the CEOs and CFOs of Lower Mid market and small businesses. And that would be anyone for with 250 employees or less, and about $50 million in revenue and below. So Steve, welcome. I want to get straight to it. You have an incredible wealth of expertise in the IT arena, working with these small to lower mid market companies, in your experience, what's the thing that they are missing out on?

 

Steve Ferman  1:31  

 

Thanks for having me, I appreciate it. And I'd say probably the biggest thing is companies don't mandate or even consider endpoint protection on their remote users, especially in this pandemic world. But no, people are thinking about data breach statistics from like, 2018, that show 2.5 billion accounts were hacked. In that year alone. odds of you being hacked are one in four. And I'm not here to scare you, I'm just reading some statistics. The goal, the global cost of data breach is expected to reach $6 trillion this year. 80% of companies are not prepared, they get hacked, they get breached, they go out of business within three months. So it's really that endpoint protection. And not just that there's different layers on we'll talk about a little bit later. But it's definitely important.

 

Jay Kingley  2:18  

 

Steve, one of the things I read recently, that really shocked me was I always had this point of view that the companies that these hackers were going after and ransomware folks with a large, obvious targets. And I was a bit stunned to find out that the median was actually within that small business category in terms of size, which your sense of vulnerability in your target market in terms of the small business to lower the mid market, how much of an issue is this really, for companies in that space?

 

Steve Ferman  2:55  

 

You know, it's ironically sad, but they don't even know who you are, they actually scan what's called IP addresses where every machine has its own internal address that makes it unique. So you can talk from one to another. And they basically have software or robots or bots, they're called that go out and scan the net, the internet. And they find blocks or ranges of these addresses. And they just start seeing what they can get into what they stop trying to poke holes. When they find something they can poke a hole into, they report that back to another server. And then they'll go in and they'll start scanning deeper. So unless they're actively looking to take over your company, or they're, they're actively looking to hack you in particular, which is 99% of the time, not the case, they have no idea who you even are.  The size your company can be one person or you can be 5000 employees.

 

Jay Kingley  3:43  

 

So you've got the same shot at being hacked, as, say, a salesforce.com, which is, you know, fortune 500 company that ought to give everybody pause. So Steve, given how important this issue is, how should small businesses Lower Mid market companies be thinking about what they need to be doing?

 

Steve Ferman  4:03  

 

You know, minimizing your chance of getting hacked is really easier than anyone would think. It's simply a layered approach is really the answer. On all servers, you have firewalls, anti virus web protection, but you're leaving the endpoints open your laptops, iPads, desktops, cell phones, mobile devices, they all need the same protections. And especially because they're in the hands of the user. No, you don't really have control in that. There are ways to do that. But you really need to think about all those little baby tiny touch points that get in everything's connected today. Your thermostats? You name it, everything's connected, right.

 

Jay Kingley  4:40  

 

Excellent point. Now, if I did this multi level protection that you're talking about, what kind of benefits as someone running a small business or a low or mid market company? What kind of benefits can I expect from making this change?

 

Steve Ferman  4:55  

 

The global average cost of the data breach has grown by 12% in the last five years. to $3.92 million in 2020. Given by a multi year financial impact of breaches increased by regulation and difficult processes in resolving these cyber attacks. The reality is, you really got to change your thinking about, you know, how people access your data, your information, where is it stored? Who has access to it? How is that protected? It's got to change your mindset 

 

Jay Kingley  5:24  

 

I couldn't imagine how horrible would be forget the dollar cost. And maybe you have some insurance, maybe not, that's like an entirely different conversation. But even if you had some insurance, having to contact all your clients, and tell them, This is what's happened to your information, or if they've ransomware to me, I can't provide my service to you, because I am totally shut down and offline. And how stressful and strenuous that would be on the executive leadership team of a company talk a little bit about sort of the the emotional impact when you're in the midst of trying to remedy this type of situation.

 

Talk about backup and restoration and RTO recovery time objective and RPO recovery point objective at what point can you afford to be down from but just simple, preventative proactive measures can not only save you hundreds of 1000s of dollars, but keep your company from ruin. Think about what it costs you per hour per employee to be sitting around doing nothing now multiply that by a week or month. It devastating devastating to a company's end. It's just such a simple proactive approach goes such a long way in protecting your your most valuable asset. And your products and services. 

 

Steve, I think you've made, I think a very compelling case as to what big issues is, and no longer can we all keep our put our heads in the sands and take the ostrich approach to data breaches and ransomware. So you've made that case. So tell me as a business owner, if I want to do address this, what are the concrete steps I need to take in order to protect myself.

Steve Ferman  7:15  

 

So there's a number of them. One of the biggest ones and it's getting a better adoption these days is MFA or multi factor authentication, whereby you log into a software over a network or one connection and a code is said to verify your identity over another. So two different paths. Because if someone's monitoring this one highway, then they're gonna see both its data come through. But if you switch it up to your cell phone, you get a text or you using an authenticator application, then it's a little bit more, it's a lot more secure. MDM, mobile device management people don't even know what that is. But that's where an IT professional or a managed service provider can monitor your devices in the field, they can make corporate data only elite personal data on it, they can lock that device out if it becomes compromised. Installing antivirus protection on all mobile devices and mandating it such a simple thing to do that people will just assume all they got their own laptop, they're going to login remotely to my cloud where it's secure. Well, now they've got a connection. So anything that's on their local machine can now be transported into the cloud. Use strong passwords that have a minimum of eight characters and have letters numbers. And some sorts of punctuation in exclamation ampersand period with you know, maybe it's for whatever. Use applications like LastPass, or keeper to secure your passwords and help you remember them. But it keeps them safe and secure and encrypts them. And it also will do generation of good passwords. And I love this one because for 38 plus years, I've been in the industry, nobody wants to do this, for sure users to change their passwords every 30 to 45 days. It's a pain in the rear end, I'd be the first one to admit it. But that's just another amazing layer that you can add that's really simple. And question nothing to do.

 

Jay Kingley  9:04  

 

Relative to the potential cost. Might be worth saying to your users, suck it up, buttercup, right? Get with the program. Steve, you've touched upon, I think such a critical issue. You laid out a compelling case, gave our listeners a very clear set of things that they could do that would really mitigate a lot of this risk. So what I like to do now is I'm sure many of our listeners are saying, so who is this Steve Ferman? And tell me a little bit more about them. So Steve, let's start with you know, I mentioned you were a fractional or part time CIO for clients in your target market. But what are the range of issues beyond just data security do you tend to deal with in your business in eTegrity?

 

Steve Ferman  9:56

Everything from getting the my clients the right products, the right services for the right price. To making sure that they actually have a vision goal that they're trying to achieve that they're going to align their technology with. Everything from creating RFPs to vetting vendors to, you know being that to me the area looking out as a team member for that company. I'm like an employee, I get an email address at the company. I'm their advocate. I'm 100% unbiased. I don't sell any it. I don't fix anything. But I help you strategize and get the right products and services for the right price that will help you 

 

Jay Kingley  10:30

Super. One of the things that we always talk to the participants in Centricity's program about is people don't buy what you do. They buy how good you are at doing it. And, Steve, you've heard that more times than you'd probably like to admit. So why don't you share. Share with our listeners, if you will what is it that makes you really great at what it is you do?

 

Steve Ferman  10:55  

 

I actually started in technology in 1979, the United States Marine Corps. So I've been doing it honestly a very long time. Been an innovator in a lot of things, from my idea to backup in 2003. To taking everyone to what we do today, the cloud in 2007, complete remote, it wasn't called the cloud enters the data center, but remote computing. And what really sets me apart is I am first and foremost a business owner, and an entrepreneur I have built and or sold six different companies over the years. And my IT company that I own for 32 years before accident 2017. And where I really can shine is I look at things with a business owners mindset and a technological brain because I am certified as an engineer as well. And that really makes me more of a I hate to use the word unicorn. But that absolutely sets me apart. I think about your business as a business owner. First and technology. 

 

Jay Kingley  11:49  

 

Right. That's fabulous. Now, I encourage everybody to connect with Steve on LinkedIn. Look at his experience, it is very impressive. But I want to get what's beneath all of that, Steve. So what were some of the personal and professional milestones that have happened to you that are really responsible for you taking the career path you did, and getting you to your own firm in eTegrity.

 

Steve Ferman  12:16  

 

After my exit, my company in 2017, I had a nice long non compete non solicitation, but I believe in technology, or that's what I'm really good at. And I love helping people my why my Simon Sinek why I get up every day is I want to help at least one person, if not more every single day. If I get paid for it, that's great. But my mission is to be helpful. And since I know technology, I decided in January of 2020 wait for the pandemic that you know it's time to do non compete non solicitation is kind of going away soon. But I don't really want to go back and being an IT provider. I really want to help people with my experience. And and what I've learned and what I've experienced over the years, look, I've made good decisions, I've made some bad. I built sold a bunch of companies, one of them I had to shut down and it cost me half a million dollars less to learn, I can help someone else avoid that. So that's kind of what really led me to doing this is that I wanted to work in the industry, and not have to be the guy to get the three o'clock call in the morning. But I wanted to do the strategy in the proactiveness and help people understand what I've learned over the years.

 

Jay Kingley  13:20  

 

But I think they've done a great job today at taking us through one of the critical issues for small business and lower mid market companies when it comes to their data and network security. And I think we now have this sense of the perspective you bring to that type of an issue so that your solutions and your help can be incredibly pragmatic. So how is it that our listeners Steve can reach out to you you get in touch,

 

Steve Ferman  13:49  

 

You go to our website, www.eTegrity.net. That's e t e g r i t y.net you can simply get my digital business card by texting the word tech t e c h to the number 2100. You can always email me. 

 

Jay Kingley  14:06  

 

Great, we'll put all that in the show notes to make it easy for people to refer back to. Well, Steve, you might think we're done. But there's something I like to do. And I apologize if it's gonna be a little bit of surprise, but I really value our listeners. I got their backs. So I squeeze all our guests to be able to offer them a little bit of a gift as their appreciation for your appreciation for them tuning into you. So Steve, what can you do for them

 

Steve Ferman  14:38  

 

Great surprise. So no, I'm offering a one-hour free consultation and review of your technology, invoices bills as well as if there's enough time in it. I'll do my best to look at your agreements and make sure you're getting the proper service level agreement that they've promised you and they're responding within those terms that they've agreed to as well. So a free one-hour consultation.

 

Jay Kingley  14:59  

 

Super, well. Steve, I think that kind and generous offers are consistent with why you get up every day and do what you do, which is to be helpful for people. So I want to thank you so much for sharing your expertise and your point of view. I encourage all of our listeners to reach out to Steve take him up on his offer. Not only is it exceedingly generous on his part, but you are also going to get an incredible return on your hour that you invest with Steve. All right, Steve, thanks. And we'll see you when we see you. Bye-bye.

 

Centricity Sponsorship 15:37  
Wondering how much longer you have to grind and chase after every lead conversation and client. Would you like clients to knock on your door so you no longer have to pitch follow-up and spam decision makers? Well Centricity's that tipping point program uses a proven five step process that will help you get in front of the decision makers you need by spending less time on doing all of the things you hate. It's not cold calling cold email, cold outreach on LinkedIn or any other social media platform, or spending money on ads. But it has a 35 times higher ROI than any of those things, leveraging your expertise and insights that your prospects and network value. The best part even though you'll see results in 90 days, you get to work with the Centricity team for an entire year to make sure you have all the pieces in place and working so you can start having freedom of time and a life outside of your business. So email time@Centricityb2b.com to schedule an 18 minute call to learn more.