.jpg)
Nerds On Tap
Welcome to "Nerds on Tap," the podcast where tech industry leaders, entrepreneurs, and enthusiasts gather to explore the exciting intersection of technology, business, and innovation. Join Tim and his co-host as they dive into lively discussions, valuable insights, and thought-provoking conversations with a diverse range of guests.
From the latest trends in technology to the world of startups and entrepreneurship, "Nerds on Tap" covers it all. Each week, Tim shares candid conversations with industry experts, seasoned entrepreneurs, and rising stars, uncovering success stories, lessons learned, and emerging ideas shaping the future.
Grab a cold one, pull up a stool, and join the conversation. Whether you're an aspiring entrepreneur seeking advice, a tech executive keeping up with industry developments, or simply a curious listener who loves exploring new ideas, "Nerds on Tap" is your go-to podcast. Tune in, subscribe, and join the community of nerds who love to tap into the fascinating world of tech and business. Cheers!
Nerds On Tap
Data Protection and Brew Selection with James Todd
Grab a pint and pull up a chair as we toast to the ever-evolving world of cybersecurity with Digital Boardwalk's very own CTO, James. His 14-year saga at the forefront of IT innovation isn't just a thrilling tale of technology triumphs, it's a roadmap for businesses navigating the treacherous terrain of cyber threats. We share a beer and swap stories, from James's tech-tinged childhood to the professional pivot that positioned him as a captain of industry, all the while unpacking the dense and crucial subject of cybersecurity for small and medium-sized enterprises.
Settle in and savor the wisdom as we dissect the intricacies of crafting custom IT strategies that shield businesses from digital dangers. James takes us behind the scenes of Digital Boardwalk's proactive stance against cybercrime, spotlighting the unsung heroes: their engineers. With the landscape of threats transforming from simple viruses to complex ransomware, we stress the indispensability of multi-layered security measures—think of it as a fortress safeguarding your digital dominion. This discussion isn't just theoretical; it's a vital blueprint for fortifying your enterprise against the next wave of cyber onslaughts.
Our conversation wouldn't be complete without a deep dive into the future of cybersecurity, where the murky waters of AI intersect with our defenses against cybercrime syndicates. Delving into how AI is both an ally and adversary, we underscore the significance of zero-trust policies, cloud computing's role in security, and the importance of verifying the efficacy of protective measures. James illuminates the path forward, inviting you to stay vigilant and informed, ensuring that your business remains an impenetrable fortress in the digital age.
Sponsor of this episode: Digital Boardwalk
Digital Boardwalk is one of the top 10 Managed IT Service Providers in the United States. If you are seeking to outsource your IT Management, or if your IT Team could use some help with projects or asset management, give Digital Boardwalk a call today! They offer a FREE IT Maturity Assessment on their website. If you want to see how your business's IT scores against industry standards, go to GoModernOffice.com now.
Thanks for listening!
Visit us online at www.thenerdsontap.com
Subscribe to our YouTube Channel
Follow us on Instagram
Like us on Facebook
Hey everyone, welcome to another episode of Nerds On Tap, where we get nerdy for about an hour with some great, great guests. Today we are going to tackle cybersecurity and data protection. The name of today's episode is Data Protection and Brew Selection, but, as you can see those of you that are watching on video we only have one beer to drink. Today. We are not going to be sampling four different brews. James is visiting us from Houston, texas, and, interesting fact, my kids just went to a Rockets game last night and they loved it. So let me let's get into James and learn a little bit about James before we get started with today's great nerdy podcast Nerds On Tap.
Tim Shoop:So James is the CTO, chief Technology Officer, at Digital Boardwalk. His responsibilities include planning IT infrastructures, discovering and testing new technologies and training James parents, an electrical engineer and a software programmer, helped them get into technology. At a very young age, james developed a strong passion for technology, which led him into the IT field. The passion compelled him to pursue a degree from the University of South Florida in Tampa, bachelor of Science in Information Technology. James was recruited to Digital Boardwalk over 13 years ago and I am going to talk about that interview process. So we're going to get into that in a minute and you can. James is smiling right now because he knows exactly what went down. So anyway, 13 years ago, after the company's inception, james was brought on. His passion and knowledge helped to build Digital Boardwalk into a strong IT services company in an ever-changing industry. In his free time, james enjoys researching and learning new technology.
Tim Shoop:A close second for James is photography, a hobby he acquired in college, photographing cityscapes and landscapes. James, we go way back. We go back 13,. Has it been Almost 14.? Almost 14 years. We go back pretty far. I consider James a very good friend. We hang out sometimes outside of work. I'm actually going to be flying into Texas Saturday and I hope you picked a good Tex-Mex place. That's a little better than Florida that we can go. Go get some good services.
James Todd:Absolutely. I found a Taco Bell right next to the airport.
Tim Shoop:Alright, so yeah, the last time I I don't even want to talk about that. I haven't been to a Taco Bell in years, but hope they're not listening. So before we get into today's podcast, I want to tell you we're going to be talking about three segments implementing technology for business operations. We're going to get into cybersecurity, cmmc and insurance, and then we're going to wrap it up with some technology trends that are happening right now in our space. Before we do that, let's get into the beers that James is drinking and what I'm drinking today. Let's talk about what James is drinking first, and after the first segment, we'll talk about what I'm drinking. Take it away suds. Ladies and gentlemen, welcome to Nerds on Tach. I'm your Tim Shoop, and I couldn't be more excited to embark on this nerdy adventure with all of you. So grab your favorite brew, because things are about to get exciting.
Tim Schaffer:Three, two, one go. Alright. James is drinking the Warsteiner Dunkel from Warstein, germany. It's a rich, dark amber beer with full flavored, smooth taste, nicely extened, with satisfying notes of roasted malt and subtle bottom fermenting yeast tones.
Tim Shoop:Oh, that sounds sexy.
James Todd:It does. I've always been a big fan of German beers, the Dunkel. You know it's like you take a great taste. You malt the hops. It gives it a little bit more interesting flavor, but it still goes down easy. I really like it.
Tim Shoop:Yeah, I've had the. I've had the Dunkel. I like the Dunkel as well. It's a slower drink for me because I in my old age I tend to gravitate towards pillsners and loggers and things like that. I'm not drinking IPAs as much anymore, but did have a couple last night and woke up with a headache. That's why I don't drink IPAs a whole lot anymore, but we do taste them on the show and we have had a couple really good IPAs on this show. So let's get into you, james. Let's talk about your 14 year journey in the field of business IT, and I want to start off with that amazing interview process. Fourteen years ago it was a remote interview process and this is back before the internet was as long as it is with video conferencing. So we actually did all this over the phone and email. Why don't you fill in our audience about that fun process?
James Todd:Thank you, tim. I would love to give my side of the story.
Tim Shoop:Maybe we should mute them and tell my side of the story.
James Todd:Suds Don't do that. Alright. So Brian, who is Tim's partner, getting things off the ground, he and I went to high school together down in central Florida. We were good friends and he was down for Christmas I guess the Christmas of 2009, and this is at the end of the recession of 2008. I had been applying to jobs everywhere. Nobody was calling me back. If I had an interview, never got a call back, and it was pretty tough and I remember telling them hey, if you hear about anything opening up, let me know. And it was a number of weeks later. He said hey, it looks like we're going to have a position opening up here for the IT side, but we also need some help with the website of things. I had been going to school, I could create web servers, things like that, but I hadn't done a lot with web development specifically, and at the time we were using, I think, jumla CMS.
Tim Shoop:Yep, it was.
James Todd:JUMLA.
Tim Shoop:Back in the day.
James Todd:Yeah, I had to go figure out how all that works. So in order to do so, I spun up a web server on a virtual machine on my computer and I got it up and running. And it's like when you get JUMLA set up, it takes you through like an out-of-box experience wizard, just so you can name the site and stuff, so it has something to put in there to get it off the ground. And I mean, I'm 21 at the time and the only thing that I could think of for a site name was iHeartBeer. And I got it up and I sent a screenshot to Brian just to show him. Hey, I got this thing figured out, I think I can do this. And so it wasn't long after I get a call from Tim Shue, who I had not met before, and he started you and you were inundated on that call James I was.
James Todd:You know it's like I wasn't expecting it. We're doing an impromptu interview. I've not had a lot of recent luck with interviews so I was nervous and I just remember going through it. You're asking me questions trying to figure out what I knew. I knew some things. I know I didn't know everything, but you know I was a pretty excitable person at the time. I love technology and getting into it. And then I just remember at the very end you're like hey, what's this about iHeartBeer and dead air? I know that's not the most professional thing that someone could have and I wasn't expecting that to cross your desk, so I was ill prepared for that.
Tim Shoop:So you do realize I asked, I pointed that out to catch you off guard right to see how you handled yourself. And you're still here today.
James Todd:So we must have been pretty desperate then. Huh, you had to troubleshoot.
Tim Shoop:The moment you're like, oh god, that's right, let me go into troubleshooting mode. But the funny thing is I put you on the spot. We brought you up, we hit it off right away. We had shortly after that it was just me, you and Brian. I think we might have had one or two texts working with us. This is once we moved downtown. We were still in startup mode, and I remember we had a disc assessment done. What does that stand for? Do you remember what disc stands for?
James Todd:I couldn't tell you. I can look it up.
Tim Shoop:Anyway, it is a personality assessment to see how individuals jive together and work together and what kind of outcomes you can have with those personality types. And my personality type described me as a results driven individual. I don't care about the nuts and bolts, I don't care about how we're going to get there, I just know what we need to do. You are a nuts and bolts guy and Brian is a to improve guy, so so I would come up with the ideas. I knew the vision, brian would improve upon that vision with how we were going to get there, and then you would fill in all the cross-septis and dot the eyes with the technology. Anyway, the the girl Gretchen that did our assessment 13, 14 years ago. She came to me and pulled me aside one day and she said can I talk to you? And I said what's going on? She goes. I just want to. I want to know how you met these guys.
Tim Shoop:Well you know, outside of explaining to her that you hearted beer. I joke. But I said why do you ask that question? That's an it's kind of a unique question. And she said because I do thousands of these and I have never come across a startup where the three individuals, the three key players, had a perfect puzzle fit. A perfect puzzle fit. Usually you'll get two to improve types or all nuts and bolts types, but never what we have built our foundation on, which is me, you and Brian, and look where we are today.
Tim Shoop:I'm fast forward. At the time it was just three of us. We have 33 employees. We're, you know we're. We've got a pretty aggressive stance right now to move to 133 employees within the next three years. So I'm very excited about that, absolutely love having you here, james, and James is our chief technology officer. James does a lot for us, but you don't want to hear it from me, folks. We're going to want to hear that from James. So now that we know how well you interview, let's talk. Let's get into some insights into how technology can aid businesses in streamlining their operations. I want to talk about what, what you and what we do at digital boardwalk, specifically, your role and how you help customers, uh, assist in that, how, how digital boardwalk does it as a whole. And then let's dive into your role and the importance of that role.
James Todd:So for digital boardwalk, often, we're very fortunate that most of the time we're meeting customers, it's because they have a need, um there's something that's not driving the way that they wanted to. They've got, maybe, a provider that isn't delivering where they need to, um, and so when they approach us and they're looking for help, they have a problem that we need to solve. And one of the things that I think makes us special is we're not a one size fits all shop where we're just making everybody adopt the same type of technologies across the board. We understand the issues that they're having, uh, despite how it's described to us, and we come up with a custom plan for them on how we're going to achieve that. And this is, uh. The reason I think that's so important is because we work with companies in all sorts of verticals, um, although it'd be very easy if we were just in one, like medical or legal, um. The fact that we've got to span all these means that we've got to be creative and how we go about it, but it also benefits us because, at the same time, we're getting the experience in all these verticals, we're getting a taste and exposure to things that otherwise we wouldn't have had access to, and that makes us even more robust when we're coming up with solutions for our customers.
James Todd:Um, you know, back in the day, a lot of businesses, you know they were providing a service or making a thing, like there was something tangible that they had to offer and that's how they were getting paid. But in this day and age, everything's based on computers. Data is the most important part of what they have, and protecting them, protecting that data, learning from that data, helping the data get to the right people more efficiently, can save businesses literally thousands. Um, and that's where we can come in Now.
James Todd:One of the things that's challenging for us is because we're not the developers, we're not the manufacturers, we're not creating the technology. Sometimes we do feel like our hands are tied because we're, you know, only able to use what's available to us, but we're always trying to figure out, you know, what can we do to solve this problem, and that's one of the bigger roles for me at digital boardwalk is what other solutions are out there. You know, sometimes we have something that's worked really well for a number of years, but now it's just fallen a little short. So we go out there, meet the competition. See, is what we're using up to snuff, our other changes happening and then that's something we can take to our customers and help improve some of those inefficiencies.
Tim Shoop:You know it's interesting.
Tim Shoop:You mentioned um that we don't do a niche. We're we're SMBs um across the board. I actually was on a call um with a uh, let's just uh with somebody yesterday um where they asked me that specific question. They said they were talking to another MSP that felt that you know, if you were working with an MSP, it's always good to have an MSP that's uh niche driven. And he asked why? And he said because you can scale the company faster because you're only doing one thing.
Tim Shoop:Now the problem I see there is, you know, I know companies that have that are niche driven um other MSPs that are niche driven and the problem is that one of them shoot in the hospitality industry. When COVID hit, they shrink by half to two thirds. And the problem with that is the other businesses they're dealing with are now suffering because all the resources there that they were used to having all the brains, all the talent, most of it was gone because they had to scale down. Um. Me personally, I think that driving across the entire SMB space is great A for the talent to be able to drive their skill set uh higher and be more marketable. So we actually help our talent get smarter.
Tim Shoop:Um, but we help our businesses because by dealing with so many SMBs, when you're dealing with a small business and you've already encountered these same issues with another small business, maybe in that same vertical let's say it's an insurance company and you're dealing with a line of uh uh, business application or something specific to that industry we already know it. Um, so, yes, as a niche, you would already know it. But, uh, we already know it. But we already know it, but we're going to think outside of the box of just that, hey, we're going to, we're going to fit you into one box, sort of thing. Is that along the lines of what you're saying, james?
James Todd:Absolutely, and I mean don't mean to be critical, but in Pensacola you have limited reach if you pick a particular vertical as well.
Tim Shoop:I agree too, yeah, um, and we had to. We had to be able to scale to get the talent, and if you don't have the talent, you're just another IT company. Any company is about the talent that's on board, but specifically in our space, you want very, very smart engineers, um, and we're able to get them because of where we have scaled to. So let's talk about that. Let's get into what we do. Let's talk about the importance of data protection in the digital age. I mean cybersecurity.
Tim Shoop:When we when digital boardwalk was created, it was all about helping companies by being proactive and dealing, delivering proactive solutions to the small business so we could keep them working in the first place. Then hackers got smarter. The bad actors started playing, you know, in with all kinds of new tools that became handy. So our goal has been to build out an entire cybersecurity department to be able to protect our small businesses, that small to medium sized businesses that we work with, to stay one step ahead of those bad actors so they never have to deal with a ransomware event. Talk to me about that, james. Talk to me about how digital boardwalk implements those strategies. Talk about the multiple layers and and what that means to our audience that may not know anything about cybersecurity, but they may be an entrepreneur listening out there and if you are, you'll want to hear this, because this is super important and we're not just making these things up. This is what we do for small businesses Go, thank you.
James Todd:So I think it's important here to start off with some backstory. Simple fact is, when we started this project 13 years ago, most of the threats that we're facing businesses were viruses or worms, things that were nuisance, but they weren't really costing the business thousands or more of dollars. You know, maybe an employee's computer was going to be down for a little bit it wasn't the whole organization, and so a simple antivirus programs and things like that really were satisfactory. But the catalyst that changed all of that was these bad actors figured out how to monetize their efforts and so, through ransomware and phishing attacks, they weren't just annoying you, they were holding your data hostage until you paid them to get it back, or they were able to intercept emails and change you know wiring addresses, things like that. So they were directly getting paid, and so this took. You know, this took off in such a way that businesses actually formed in these overseas countries for them to just go after businesses to make as much money as possible. And it's almost comical when you look at they have business structures and you know they have a chain of command and it looks just like a traditional business. But it's all about committing crime. But now that we have that to face with. You know, things that could have been exploited. But we're really that risky Now. We're always being exploited because, like you mentioned, they've got the nifty tools. They're automating things just as we are, and so we do have to stay a step ahead, and, unfortunately for us and unfortunately for everyone, there isn't an end all be all to cybersecurity.
James Todd:We can't just roll out a program, call today and then, you know, pat ourselves on the back, and so that's where the layers come in. It's all about creating multiple layers of safety nets for you. So if one component misses an attack or doesn't block it, you've got something else there to back it up. Two key components of this are going to be our DNS security tool and our email threat protection tool. Our email threat protection tool is very good at looking at emails and determining what's the content of this. Okay, it appears that it's from Microsoft. Where did it come from? Ooh, it did not come from Microsoft. We're going to go ahead and quarantine this. We'll let the user know that it came across, but we're not going to give them the email.
James Todd:But if somebody is trying to do a phishing email from, let's say, one of your vendors or one of your customers. The email filter is not going to be able to tell that as they are. There's not going to be able to tell that as easily. For example, your customer vendor may not have the necessary definitions out there that say, hey, these are our trusted mail servers. And so the spam filter looks at it and says, okay, this link isn't on any known bad list. You know the content in here looks, you know, innocent enough. We're going to let it through, because that is the delicate balance that these email filters have. They can't just hold all email, because then you can't get any work done, but they can't just let everything through. So at some point it's got to make a decision. And it's not 100%, although it is getting better. But so let's say you get that email, you get the link and you click on it.
James Todd:We had an issue a couple of years ago where an attorney in town got compromised and was sending these phishing emails to their contact list, a few of which were our customers. The email filter didn't catch it because it was coming from a known, trusted place, from the server that it knows these emails to come from. But when one of our users clicked the link, our DNS security tool blocked it, and that's why these layers are so important. Beyond that, we do have end point security software on every computer, every server, so it's watching all the files, scanning things periodically to try to detect malware. And also, if you download attachments files or add flash drives to the machine, we've got a ransomware detection tool that's monitoring the system for the ways that ransomware runs, so it can detect it early, shut down the computer so it can't continue to run.
James Todd:Probably the most entertaining one that we roll out is a phishing simulation testing. This is where we will send everybody in a company a bogus phishing email once a month and we report on how they handle it. Are they, you know, deleting the email? Are they opening it up and not clicking the link? Do they open it up and click the link? And if they do those things, you know we can provide a report to our customer and it says here's everybody who did it the right way, here's everybody who needs some help. And that way we can, you know, work with those users specifically to help get them stronger In a lot of cases, it's the decision maker too.
Tim Shoop:Clicking on that email.
James Todd:I will give Brian's, the one in our company who usually puts those together. He must be clear of why and or something, because every so often he'll get send just the right thing, like a Kelly Blue Book thing, right after someone's been in an accident, and they click on and they're like no.
Tim Shoop:Yeah, yeah. So let's, before you get into the rest of it, it's some some interesting things that you brought up, and one of them was the layers how wide layering is so important. Now, we talked about layers. You explained it in geek speak. Let's let's kind of let's take, take it a step back and let's kind of compare it to something. Maybe everyone in our audience is familiar with the security in their own house. Right Now. We can only do this to a certain degree, but it does give them an idea of what we're doing with layering, right. So if you have an intruder, you know, or if you have a potential intruder approaching your house, right, maybe the privacy fence is the first layer of defense. So they've got to get over that. It's not too hard, they get over it. That might be what James the firewall.
James Todd:Privacy fence. Let's call that the email threat protection. Okay.
Tim Shoop:So email threat protection. So let's talk about it Now. The second part to my analogy is the inconveniences of these things. They do pose a slight inconvenience and humans do not like change. Right, Change is is just something that humans have to adapt to. It's important to change as you evolve, but we just don't like it. It's not in our, you know, general human nature.
Tim Shoop:You know multi-factor authentication, MFA if you will which is where you, you know you might have an authenticator on your phone and you've, you've, you get sent a code and you've got to go to your authenticator. Or when you access your bank account, they send you a pin, maybe by texting it to you, or whatever things like that. It's an inconvenience. It's an extra step or two that you've got to take to get to your, to your bank account. Same thing with email threat protection.
Tim Shoop:I mean, I review tons of spam every morning and that's basically spam email that I get every morning. I get multiple because I'm in multiple email boxes, so I have to review, I think, seven different spam filtered emails and basically it's a list of all these emails that are trapped on a third party server before it reaches our network and before I've clicked on any of those attachments. That's a shout out, by the way, to someone in one of our skits. And Mr Devin Brown, he's our service manager and he, if he watches this episode, I'll know what I talk about. He likes to click on attachments. That's a joke, by the way, ladies and gentlemen. He really doesn't, but he'll get this if he listens. So there are inconveniences involved, right, James, but it's a necessary evil, correct it is?
James Todd:The more roadblocks we create for ourselves are the more roadblocks we're creating for the attackers, and it just adds to the security. It's like having multiple doors with different types of locks on your house, but these inconveniences don't have to be inconveniences.
Tim Shoop:If you look at it like what would be the real inconveniences if I was attacked and that bad actor said, no, you're going to pay me $1 million or 200, doesn't matter what it is, it's still money off your bottom line and it can put a lot of small businesses out of business. You know and you hear about it all the time with big businesses, but the SMBs are the number one attack space or the number one attack demographic out there. Now, because you know these people and we did a PowerPoint presentation a while back called Bad Bob, give us a little bit of a little bit called Bad Bob, get to know Bad Bob and who Bad Bob is. We created this character, this fictitious character, but he was based on what we knew from facts, not just from what we learned within our industry at conferences, but also in the media.
Tim Shoop:These guys have families. They go to work just like you and me. They catch the local metro, they stop at their coffee shop, they clock in. They're actually going into a call center, clocking in, sitting down at a cubicle. But once they sit down, their job is what James Attacking American businesses. Attacking American businesses, that's what they spend all their time doing. And once they plant the seed in your network, they're going to come back Once they collect data and they have, they could be in your network for weeks. Now tell our audience how we get in the way of their impedance.
James Todd:Fortunately, as you know, we have a way that everybody uses a system and then we find out how people are exploiting it. Then the industry responds by coming up with a way to thwart that, and so there is a lot of back and forth, but the industry is moving to more sophisticated meetings for adding these protections and where this comes from, like multi-factor authentication. We also have conditional access rules and things like that. What I mean by conditional access rules is we can basically define a set of parameters that are required in order for a successful login to happen, and what this really means is that if you are a trusted person with trusted information, untrusted devices, you don't have to jump through all the same hoops that somebody who's outside your network that doesn't have the same information would need to go through.
James Todd:Now, a lot of these do require preliminary work to be done to allow these things to be trusted, so it does create some more work for your IT company, but for the end users and for the people in the business that are making it work, it becomes a lot more simple for them, and I will say I think the thing I'm most excited about is the passwordless future, where they were all working towards. This isn't something that's 100% yet, but it's definitely getting closer. But using things like hardware, tokens and biometrics, we can eventually get rid of the need for passwords. We can still have a zero trust set up for all of our IT needs, so we have the maximum protection in place but the least amount of hurdles for employees.
Tim Shoop:So it makes it a little easier for the employees to a lot easier for the employees to access their desktop right and their data and their data. And that takes me back again because we didn't really finish our analogy as far as layering. So layering from a digital standpoint, from an IT standpoint we've got firewall, we've got endpoint, we've got email threat protection, dns protection. Go on, james, come on.
James Todd:Windows patching.
Tim Shoop:Windows patching, windows hardening Windows hardening.
James Todd:Fishing simulation testing Fishing simulation testing. So there's security where training?
Tim Shoop:Training Eight, and there's, there's more. I think we're up too close to a dozen layers. So, to put that in a perspective with your house we talked about, maybe email threat protection equals your privacy fence. So they get over the privacy fence, they approach your house. Now they're going to look for an open door window. That might be maybe a hole in the in the router, right, maybe they've got, maybe maybe they've got something forwarded, you know, like maybe they're connected to a third party data source or third party software application, so they had to punch a hole in the router through port forwarding. Well, that's like opening a window in your house. Because now what that bad actor in that cubicle in China or Russia or Romania is going to do? He's going to run scanning tools and those scanning tools are going to find that open window. And actually, more so than that, he's going to, he's going to leverage a bot net, right?
Tim Shoop:Absolutely All that is automated Explain to our audience how they cluster machines and create a bot network and how much more powerful that is than just running a scanning tool directly on your network. I mean to find the initial opening right. Yeah, so Not to put you on the spot. I know we didn't discuss this, but go ahead.
James Todd:Botnet serve multiple advantages for attackers. Number one it's multiple devices working together, which is the same as having one really big machine, but we're spreading the load across multiple Instead of one box trying to scan everything. We can give each box a little portion of that to scan. What we're also doing is we're doing the work in much less time because each part's doing one piece of the pie, but when you put all the parts together, you're getting the whole pie in the same amount of time. It would take just that fraction to be accomplished. The other benefit of it is, as technology evolves, we get smarter firewalls, intrusion detection devices and intrusion prevention devices.
James Todd:Ibs and IPS devices are becoming much more common. These are able to look at the traffic that's hitting the firewall and it's just applying a yes or no rule to that traffic. It's able to say, hey, this was traffic I sent, that's coming back and going to allow it through. It can also look and be like this is coming from an unknown area, I'm going to start discarding this. It can also say, hey, this looks like it's trying to do an attack on me. I'm just going to block all this traffic. But when you use a botnet, it's not just one connection coming in doing something mischievous. It's lots of small connections coming from all over. It also makes it harder for these IPS and IPS devices to detect it and block all of it. So point being is, by leveraging the botnet, they're getting the work done more quickly. It's harder to detect and it's harder to stop.
Tim Shoop:So instead of just having one soldier approach you, you've got a multitude of robots behind that soldier where he's leveraging AI to basically come after you. So in the physical world you would have a thousand and your chances of survival or less than having that one soldier. Absolutely Just trying to throw some weird analogies out here and get a reaction from you.
James Todd:They're very creative and I enjoy it.
Tim Shoop:Good. So with that Suds, why don't you tell our audience about what I'm drinking today before we dive into the importance of cybersecurity? We're going to take a deeper dive into cybersecurity by talking about CMMC and the importance of insurance for the small to medium sized business. Go.
Tim Schaffer:All right, tim is drinking a beer from the unbranded brewing company in Hylia, florida. Hylia Light is a golden lager brewed with Pilsner malt and CTS hops. It's as unfiltered, with a crispy, bitter finish.
Tim Shoop:That is a tasty boat beer right there. I could drink a few of those cruising around on a boat.
Tim Schaffer:That bell will get you in trouble If you ring it too much.
Tim Shoop:Yeah, well, I may have to ring it in a minute because I'm almost out in my mug here, so we may have to talk Suds, but I appreciate that, I appreciate bringing that beer to me today Suds, because I'm actually quite enjoying it. So let's dive in to CMMC and insurance James. Let's talk about that Now. I know digital boardwalk really got heavy into CMMC back when it was still coined as NIST and we got involved with some Florida wide organizations and we had a government contract customer. That really pushed us hard and we leverage. We like that.
Tim Shoop:We like when customers use us because we learn from one another and then we grow together and it allows us to deploy better technology and and and better things to all of our you know, our customer landscapes. So let's take a deep dive into it. Let's talk about the critical, critical topic of cybersecurity and its significance for business before we dive in to CMMC. Now you already talked about layering, but start by telling the small to medium sized business owner out there why it is critical, why it is so critical for them to listen to this and not just blow it off because they think they won't be attacked.
James Todd:Yeah, there's a few areas that we can go with this. But you know, I think a lot of the SMBs that I meet with now are thinking, oh, all of my stuff's in the cloud, I don't have anything to worry about. But from our side, unfortunately, we've seen this real hand. Cloud is such an ambiguous term because all it really means is your server is being managed by someone else and you're trusting that they're taking care of that and the backup, saying the cybersecurity. And the fact is they may not be, especially, I mean, a lot of these businesses.
James Todd:There's a lot of cost behind a data center. They need to get this to market ASAP, you know, because the money is kind of run out and cybersecurity unfortunately tends to come after functionality for a lot of these businesses. So bottom line there being in the cloud isn't a guarantee that your data is safe. Now the second part of this is I mentioned earlier, our businesses are all data driven today. We still may be manufacturing things, we still may be performing services, but our AR, our AP, our client information is all managed on computers. And if all that goes away, if you couldn't look up a report on who you owe money to or who owes you money. You know how do you keep the business operational Right.
Tim Shoop:And it's such a hot topic right now too. I mean, cybersecurity should be front and center for every SMB out there, right? Because you know, I mean everybody's focused on what they do. Whether you're an insurance company, whether you're selling tacos like our last guest in here, Gio, what a great guest that episode's coming out this week or whether you're a law firm or a healthcare organization or a retail candy shop, it doesn't matter. You are vulnerable to these attacks and I've seen them. I've seen them happen firsthand. They are not fun to go through. Why don't we?
Tim Shoop:Before we get into CMMC, let's talk about an event. Let's talk about a ransomware event. If someone were to have a ransomware event, okay, let's talk about who you report that to and what the process is. Now from digital boardwalks point of view. We have an obligation to an SMB if they were to be attacked. Now, we haven't had. We haven't had to deal with it in a long time because of how. You know how layered we are and how how much we protect our business. We protect our customers. But I've heard it from other MSPs at conferences hey, my customer got attacked, blah, blah, blah. Take me down that path, tell our audience what happened. So I've been attacked. I've been attacked. I have a ransomware event. The hacker wants I don't know, let's, let's use a small amount, let's say 280,000. He only wants $280,000. Do I pay him? No, no, so why do I not pay him? What does that do? When I pay him, what? What chain of events does that set off?
James Todd:The reason ransomware is so rampant these days is because they're getting paid. And if we like a great example, early days of ransomware would just hit and start running to affect as many files as it could as quickly as possible. Then later generations watched and learned the network and tried to find the backups first. Then it would encrypt the backups and then the rest of your files. So you couldn't, you know, delete the data and recover from your backups. These people know that if they can go after you and get your data hostage, however that's, you know, possible that you were going to pay for it, Otherwise you will have to shut down the business. And so we've got to make sure we have the backups. We try to keep these guys out, Otherwise it's a grim, if I'm being honest.
Tim Shoop:So the backups? Every company backs up their data. I hope, I would hope, by now that every company's backing up their data and every MSP says, hey, we back up your data. Not a big deal, we back up your data. But I know firsthand that a lot of MSPs rely on automation. To you know, take care of that backup. But automation breaks, doesn't it, Jacks?
James Todd:Absolutely. Automation is also dependent on a few assumptions. They're assuming that this data store is online, or that this data store is accessible, or that the process executing the automation has permissions to access the data that you want protected.
Tim Shoop:Yeah, but you know, what does digital boardwalk do differently? Digital boardwalk has humans, right, humans sitting behind that automation to make sure that if something breaks I mean even the data, the automated data protection that we deploy it still could break it's technology. Technology breaks, ladies and gentlemen, believe it or not, otherwise we wouldn't have jobs. So we actually have human eyes. We'll have a ticket generated if something breaks and our human eyes are constantly auditing those tickets to make sure and going through and making sure that that the automation is working as intended and the data is landing in the right places as intended. Isn't that correct?
James Todd:Yeah, so we actually approach this in two ways.
James Todd:Number one, we configure all of our systems to run in an automated fashion and we do have a connection between our backup systems and our ticketing system that, if anything ever happens, it notifies, creates a ticket and, like you said, an engineer gets that ticket and responds to it right away.
James Todd:But the second part to this is we have monthly audits for every single customer on one of our backup solutions and every type of backup solution, because we do have multiple ones and we just take a look at the backups. We log in manually. It does not matter if a automated report has been created or not. We will log in. We make sure what are we backing up so that we know what we're backing up, is what we think we're backing up. We make sure that it's running and we do a test restore to make sure that what's being backed up is readable and not corrupted. And our goal here is to just never be in a situation where we need the backups but only now finding out that we need them, that something is going to lie. So we tested monthly.
Tim Shoop:It's so important. It's so important to have. I mean, we rely a lot on technology these days, but it's really important to merge that technology with the human element and create kind of a two fold approach to it, using humans and automation, instead of just relying solely on automation Absolutely, and that's so true for everything. So that takes us to CMMC. So and I'm sorry, I, while you were talking, I'm used to drinking out of these little flights. I was drinking out of my mug and I missed my mouth.
James Todd:So you've developed a drinking problem.
Tim Shoop:Yeah, yeah, one mouth and in two hands, so anyway. So let's talk about CMMC. Let's talk about it's, the cybersecurity maturity model, certification and it's impact on organizations. Talk to us about the importance of following CMMC framework and why it's important that digital boardwalk takes that framework. Where does that front? First of all, where does that framework come from? Who developed that framework? The government. So if the government's protecting America, right, using that CMMC framework within the government, it's, it's, it's best in class, right.
James Todd:This is a part of it. So the NIST 800-171 rule that CMMC applies to isn't for classified data, but it is for controlled unclassified data, which is sensitive data that we want protected. But it's not so sensitive it's categorized as classified.
Tim Shoop:Okay, keep going so.
James Todd:I guess the way that this all came about.
James Todd:Nist has been doing their thing for a long time I couldn't tell you how long and they've come up with different rules on how the government should be doing things, and all the branches from government reference these rules on how they are allowed to operate. Now the DOD is taking this a step further and saying, hey, our supply chain also has to follow these rules. Now, conveniently, the DOD told all the suppliers that you have to follow this and miraculously, all the suppliers testified that they were all already following it and everything was good and the DOD didn't need to worry about anything. But there is obvious evidence that the enemy is getting this information that the DOD is trying to protect and they know that the self attestation process that has been in place is not working. Now, one thing that it's important to know the DOD what they know that a company is violating their contract. And if the contract specifically requires you follow NIST 800-171 and you don't, they will sue for damages. There are some years that they recover over $10 billion from their billion.
Tim Shoop:That's a lot of money.
James Todd:Yeah. So you definitely don't want to be found in breach of contract. You should be following this. But to make it better, the DOD has formed the cyber AB, which their job is to implement. Cmmc, which is a rule that the DOD has made and is working its way through the government approval process now. But essentially, nist is the rule that everybody has to follow and CMMC is how that rule will be assessed and certified so that businesses can continue to offer services to the Department of Defense. Now this isn't official yet, but it does look like other branches of government are going to want to tap into the CMMC process for their contractors as well. So right now it is very much the defense industrial base, but we do expect this to expand in the future.
Tim Shoop:Ladies and gentlemen, if you want to learn more about CMMC and cyber AB, go to our website at digitalboardwalkcom. That's digitalboardwalkcom or gomodernofficecom. When you get to the website, the top menu will be split and there will be a CMMC option. When you select that, it'll take you down and you can learn a lot more about cyber AB and CMMC. Take the time to do it, read about it, contact digitalboardwalk if you want to learn more and appreciate that. So that takes us into insurance. So why is it important? Let's explore the role of insurance in mitigating those cybersecurity risks. Now we carry I think it's a two or three million dollar policy that backs us up from any kind of negligence. If one of our people does something yada, yada yada, if we have a cyber event, for instance, it's going to back us up. But our customers we like them to also have cybersecurity insurance. Why is that important? Why is it important for our audience to carry cybersecurity insurance and how does that mitigate cyber risks?
James Todd:It is so important for companies today to carry cybersecurity insurance simply because when a threat happens that could keep your business afloat Whether you're losing revenue because you can't bill or things like that, or if you need the money just to rebuild the infrastructure that you had in place it can literally save your business after an event.
Tim Shoop:So keep going, sorry, all right.
James Todd:Cybersecurity insurance right now is a lot like the wild wild West. Carriers know that companies need this protection, but they don't have enough data to really have consistent plans, costs, fee schedules, things like that, and so they are underwriting a lot of these policies, but they don't know if that's enough to even cover the payout or if it's good enough for what they need. When cybersecurity first was coming out, they had a list of requirements of everything you needed to be covered by that particular carrier and, I'll be honest, 90% of our customers wouldn't have met it at that time and those premiums, those premiums, james, are increasing year over year over year.
Tim Shoop:Suds can attest to that, and it's because of all the events. It's not just the events that SMBs are facing, but the events that MSPs are facing from their SMBs that they enforce Now digital boardwalk. We're not one of those guys because we go over the top with cybersecurity with all of our customers, but not everybody does.
James Todd:Well, and you know, you mentioned that we have cybersecurity insurance, which we absolutely need, but the reason we need our customers to also have it is our insurance only covers negligence on our team. Yeah, most of the time that a customer is affected, it's because one of their employees clicked a link that they weren't supposed to do, like the attachment, so like a, like a, like a Daven. Exactly, and so our insurance can't, won't, won't step in and for that protection, and that's where your own protection helps.
Tim Shoop:So how? How can businesses prepare for CMMC compliance? How do they prepare for this? I mean, we can talk about it till we're blue in the face. What do they need to do?
James Todd:They need to either have somebody on staff or they need to find somebody who has gone through all of the controls, understands what is required to meet the NIST 800-171 rule and help them implement it. Now I will tell you, on the digital boardwalk side, we help out with a lot of controls, but we don't help out with all of them. Many of the controls that are in there are operational pieces for that company staff. That digital boardwalk cannot satisfy for you. That you have to satisfy in-house. And so our best relationships are with customers that have a champion internally and a champion on our side, that work together to cover all the controls. And we'll even create what's called a shared responsibility matrix to say, hey, these are the controls we're responsible for, these are the controls you're responsible for, and that way we've got a clear division of responsibility.
Tim Shoop:Yeah, it's so important in today's day and age. Ladies and gentlemen, I mean you'll, you'll notice all of our shows are sponsored by digital boardwalk and SmarterWeb. Both companies own BIOS, obviously, so they are funding this operation. But I will tell you that cybersecurity, of all the things that we do, is one of the most important and, following CMMC framework and being part of the cyber A B, taking care of small businesses, it is a. I mean, we are obligated, in my opinion, and not all IT companies think the same way but we are obligated to protect you. We are obligated. It is our reputation at stake first and foremost, but our obligation is to protect you and all of these bad actors. They're not some kid wearing a hoodie in a basement like you see in the movies. These are foreign employees of foreign businesses where their sole goal is to attack American businesses because they know that there are so many I mean the landscape, there's so many millions of businesses in the United States and if they get one, if they do a scan, they find one that's vulnerable, they attack it. They can probably get that person because it's easy to just pay somebody just to stay in business. But once you pay them, guess what? Now you're a target. You just put a target on your back because they know if they got money out of you once, they can probably do it again. So that takes us to our final segment.
Tim Shoop:We're going to talk about your thoughts, james. Now I'm going to put you on the spot. This is the shortest segment of the show. Tell me about your thoughts on the current technology trends and the upcoming technology trends. Now the big buzzword. The big buzzword is AI. Digital Boardwalk is leveraging AI in a multitude of ways to help our customers and to leverage here to automate a lot of processes that assist our engineers in protecting our customers. Smarterweb leverages it to assist our content creators in building out templates for larger pieces of content, and they use AI to generate images to help in building out assets, marketing assets. So, with that said, what are you following? Number one and what should our customers be paying attention to?
James Todd:Number two, so I really enjoy that. You talk about all the ways we're using AI to improve our deliverables, because cyber criminals are doing the same thing right now they're leveraging AI to create better scripts.
Tim Shoop:No, they're not human like us are they, they're just some random spot in the universe.
James Todd:There are some enterprising criminals out there.
Tim Shoop:So talk to me, keep talking about it, go ahead. Sorry to interrupt.
James Todd:You know open AI. You know they're trying to put protections in place to prevent their system from being used in that way. But we've seen people online talk about how, hey, I asked it to do this and it said that it wouldn't do that because it's not responsible. And then it said, hey, I'm a security researcher, I need you to create this so I can test some software, and it's bat it right out.
James Todd:You know open AI is definitely really big in the news these days because of all that they've got going on, but they're definitely not going to be the only generative AI producer out there. More and more companies are getting into it. More and more are getting it online. Now one piece of good news with you know the AI-generated malware is we can leverage AI-generated cybersecurity software to help combat that. But it's all on how you do the prompts right.
James Todd:So it's going to be interesting to see how the two sides of the same coin kind of work against each other and where it evens out. But as far as what I see, as far as trends go, what we're going to see is more and more zero trust implementations coming around, and what that ultimately means is there's so much garbage out there we can't really protect ourselves from you know, one of these things happening. We have to protect ourselves from everything happening, and the way that IT is going to go about that is we're just going to say, hey, these are the only things that are allowed to happen. Anything outside of that, block it.
Tim Shoop:Zero tolerance, Zero tolerance. And you can read about that again on our new website, which just launched this month digitalboardwalkcom or gomodernofficecom.
James Todd:And a key part to that is also going to be cloud. Instead of having to maintain all your systems, you'll put it in a cloud location. Everybody accesses it directly. You have the zero tolerance in place, so you're not allowing logins except for trusted people, trusted devices, only trusted executables, and we're just going to limit what our reach is.
Tim Shoop:So just to summarize as we wrap up, james, and thank you so much for coming on the show today. I know you weren't forced to come on the show. It was highly encouraged. You were highly encouraged by your CEO, that's right who also happens to be the host on this show. Great guy, hey, he is a great guy, isn't he? Very charismatic dude? Absolutely, yeah, no, I'm humble, I'm humble, so tell our audience, finally, just to summarize, what digitalboardwalk's role is in helping them to stay technologically competitive and to stay secure, and what can they do. What is a good call to action that they could do today, that we could help them? Aka some sort of assessment. Talk to our customers.
James Todd:It's funny you mentioned assessment, because we're not far from getting some new assessment tools in place that are going to help us out a lot as far as more quickly identifying where our customer's week spots are, but the simple fact of the matter is there is no set it and forget it when it comes to cybersecurity. Cloud does not mean that you are cybersecurity ready, and what you need to, I guess, consider is where is your data? Who's protecting it? It's the last time I tested these controls and if you haven't have a third party, do that the software I just referred to. We're about to get a third party online to test our controls for our customers, to prove that, hey, we're not just talking a big game. Here's the evidence that shows we're doing it. And as much as it may seem like a hassle now, tim, like you mentioned earlier, being breached, losing data that is the real hassle. Taking a quick scan, making sure that the things you think are in place are in place, is easy.
Tim Shoop:So, ladies and gentlemen, if you already employ a managed services provider to handle your IT or if you're handling an in-house, you can easily get a second opinion on what they're doing, not necessarily to hire digital boardwalk, but to at least get that insurance that they're doing the right thing and double checking their work. Digital boardwalk can do a thorough assessment on your business to let you know that, hey, your team's doing a great job or hey, your team can bolster in these areas. Talk to your team about it. Or you can hire digital boardwalk and just fight through all the you know all the noise. Again, check them out at digitalboardwalkcom or gomodernofficecom brand new website that just launched this month. That can explain everything that James talked to about CMMC framework and CyberAB, as well as the SMB space and what a managed IT provider can do for you.
Tim Shoop:James, thank you so much for coming on the show, thanks for volunteering to offer your expertise to our audience and, man, I appreciate you. You need to grab a beer when I fly to Texas and I would. I'd like to toast you coming on the show, but I'm out. I'm going to ring my bell. Where's Suds? Suds is? He's slacking. He's sitting back there producing the show and drinking beer, but he's really my beer's empty. I'm the host, I should have beer.
James Todd:It's a high level gamer maze right there.
Tim Shoop:Suds. Do you have anything to say for yourself? Why don't you go on camera and at least try to defend yourself? To close out the show.
Tim Schaffer:I don't have anything to say.
James Todd:Pleading the fifth. I like it.
Tim Shoop:All right, just turn the camera back to us. Let's talk a little bit of crap about Suds.
Tim Schaffer:Oh man, I'd say, if you ring that bell too much, your wife will hit you.
Tim Shoop:You guys have a great day. Thanks for getting nerdy with us on Nerds on Tap and enjoying having James Todd, our chief technology officer, come on today. Great wealth of information Again. Digitalboardwalkcom or gomodernofficecom Go, check them out. Once you get there, you can get on with James. If you want to get some one-on-one time with them to dive deeper into cybersecurity for your business, or if you just have an IT project that you need to get around, give James a call, thank you. Thank you, good day, cheers my fellow Nerds and Beer lovers. Stay tuned for more Nerds on Tap. Oh, and one more thing Help us spread the nerdy love and the love for Great Brews by sharing this podcast with your friends, colleagues and fellow beer enthusiasts. Let's build a community that embraces curiosity, innovation and the enjoyment of a cold one.
