How Outdated Technology Can Slow Down Your Business - Webinar
Mike Bazar: How's everybody doing? I'm going to
share my screen here. We're bouncing things around here and trying to make
sure I have all the right windows in the right places. So today we want to
talk as everybody kind of is trickling in here about how outdated technology
can slow down your business. I think sometimes as we talk about these
things, people think that we're just trying to sell them stuff, know, everybody
needs a new computer or whatever. That's certainly not the case. And
we just want to kind of talk through the ups and downs and what it means to
your business to have older, slower technology and why it's important to look
at it by way of intros. My name is Mike Bazar. I'm the CTO and one of
the partners here at Vector Choice Technologies.
Mike Bazar: That's a whole lot of stuff up there that basically says I'm a lifelong nerd. So I went to the Colorado School of Mines, got a degree in mechanical engineering, and then decided I wanted to tinker with computers and kind of started doing it around in August 2003 and then really made it into what I wanted to do in a company. And about 2009 grew that worked for a couple of other companies before I'd started this. And then just this year, Will and I merged our companies together, and so we merged my company, Bizarre Solutions, with Vector Choice. So now we're 50 partners in this new Vector Choice and moving forward, just looking to keep growing and helping as many small businesses along the way as we go.
Mike Bazar: So one of the things, fun fact about me is I would love to go touch every ocean and be on every continent. And so far I'm missing Antarctica and Australia. Almost got the Arctic Ocean a couple of weeks ago, but missed it by about 50 miles. Just didn't make it all the way to the Arctic Ocean, but we'll remedy that soon. So I've also got on the call with me, John Depero, who, John will probably do a bad job introducing you, but he's the wizard and the ninja of all things compliance. So he's our chief compliance officer. He absolutely knows, like, CMMC and other compliance. He's a member of the American Bar Association. He was in counterintelligence in the army. He has retired, but knows all kinds of things.
Mike Bazar: And occasionally we'll be having conversations and I'll say something I think, know, what about this? And he'll be like, I know how to do that from the background. And it's always interesting to know what Special Agent DePerro retired.
Jon DePerro: Retired, retired.
Mike Bazar: You can make the case.
Jon DePerro: I'm not doing retired very well, but I am anyway.
Mike Bazar: So John is an expert at looking through, like, contracts and other things and really looking at what do we need to do on a compliance perspective? And I have to say it's a very special role in terms of there's a lot of people out there who can look in an agreement and he can really help kind of boil it down to, as he likes to say, informed risk decisions, right?
Mike Bazar: Not that you have to do and spend and always go and figure out, but you need to know what the risk is, what the impact to your business is, what it's going to mean down the road in terms of compliance, maybe with your insurance policies, compliance with FTC safeguards, compliance with CMMC, if you're in defense industry, PCI, HIPAA there's all these different things, and a lot of the time, businesses just don't know that they don't need to be compliant or that they aren't compliant. So John certainly helps us sort through that with customers as we go through that. And then Bo Dickey is on as well. Bo is our chief security officer. So he's got over 20 years in security operations, law enforcement.
Mike Bazar: And so Bo fits into the same thing, where I'll say something and then he comes back and says, you got to think of it from these seven things from a security perspective or the back end or kind of the criminal mindset, maybe, of this is what they might be doing. So this is why you don't want to do that, or we need to do this. And so Bo is over our sock and helps make sure that we do everything the way we should and filter everything through that security lens, which becomes a big deal. And again, the reason why as we go through this, you might be thinking why do we have the security and the compliance guy if we're talking about technology and how old computers can impact that.
Mike Bazar: And really we're going to talk about that and more as we kind of go through those. So you can connect the dots and understand that a lot of the time we say, hey, let's upgrade or replace this computer, this server, this software. It's not just because we want to sell you something, it's because we want to help you stay compliant, secure, prepared for the future, those kinds of things. So a little bit of quick about us and I kind of breeze through this, but I just think it's important to kind of who we are. So you know that we're talking from a point of totally blanking on words here, but a point of authority in the subject and what it know. So Vector Choice been around for a bunch of years. Like I said, we've recently merged on the executive team.
Mike Bazar: We've got Will is the CEO who's not on the slide for some reason. And then we've got myself as the CTO, sarah is our COO. John, as I said earlier, is our compliance officer and Bo is security officer. And then we've got the rest of our management team. Jake is over business strategy, troy is our VP of marketing, john is VP of Technical operations, gabby's over finance and emma and Sarah in marketing. As you know, the point is we're building, growing, constantly evolving this thing. I think we have a really good set of expertise that we put together that we try to then use to bring to all of our customers, which is reflected in some of the awards and other things that we've won. Right?
Mike Bazar: So we've been on the MSP 501 list, ink 5000 list, atlanta's Best and brightest, some Ink regional list. So again, it's not necessarily toot our horn as much as we know what we're talking about. We've been growing and doing great things in what we're doing, I think, and authority in the space. We have locations all over the place. I basically use this to highlight Mississippi and say if anybody needs help in Mississippi, we got to cover that white square up as we keep kind of moving for USA dominance here. But we've got several offices spread across. We've served clients in over 23 states, plus worked internationally with people. So again, I think we've got a pretty good authority when we come into it. A little bit of what we do cybersecurity services, managed It consulting, we do security and risk assessments.
Mike Bazar: We have cloud consulting services, kind of day to day support services, really a lot of compliance. And it boils down to that last bubble there is as a service, there's a lot of things we can do either as a project or as a service. And these days as a service becomes more and more important because with compliance, with security, with It's an ongoing thing. It isn't just, hey, I bought a new computer and the process is done. There's a whole lot that continues to go on. And so that's a lot of what we do in focus is how do we help keep pushing people forward in this cloud connected as a service kind of world and everything else. Our process, if you want to work with us, we basically do a lot of meetings, initial meeting to uncover your needs.
Mike Bazar: We'll do a network assessment to really decide what that need is. Part of reason I put this up here even, is if you're shopping for an It provider, aren't sure about your It provider or talking about It. If they don't have a good solid process, that can be a problem. So we'll really do those network assessments to figure out what that is. Then we'll look at what is it going to take to do that initial work, do our onboarding implementation install, and then we kind of go back through a lot of this again, right? We'll go back and uncover more needs and redo network assessments and do this constant process improvement as we continue to go through, you know, just a shout out here a little bit. We will recently has the compliance formula.
Mike Bazar: You can scan that QR code and get it on Amazon. But if you've thought about how to do compliance and other things. Want some background and a little bit of insight. That's a great book to go kind of get you down that road. I think the moral of the story is if you read it, you'll probably go, this is a whole lot of things. I need help. And that's what we're here to do, is to help you through that process. So getting into the meat and potatoes of this and why everybody actually signed up for the Webinar was less to hear about us and more to hear about how technology and your business all impact each other. And like I said earlier, a lot of the time people think it's just, well, you're selling computers or yeah, we can't get it too old.
Mike Bazar: Well, let's wait till it's really slow. They've done some different studies and they update this all the time. But the last big one I saw is intel did a study that said if you replace your computer every three to four years, but in that kind of three ish mark, the performance gains that you get out of that will increase productivity enough that you'll usually pay for the computer cost in the next year of productivity gains. So if you look at something, you say, hey, how do I make my people more productive? How do we continue to push and do more if they're waiting on applications to open? And as they get more and more complex, they get slower and slower on those PCs. That's the kind of stuff we're looking at.
Mike Bazar: So old technology often is slow and outdated and it makes it hard for people to do their job. You'll have happier employees if they have better and faster computers, right? We deal with that a lot and we see that as we go in and replace computers for people that were maybe five, six, eight we've seen ten and 13 year old PCs that people love getting a new computer. It makes a lot faster. It can actually improve morale in the company if you have a good plan to constantly kind of replace computers and keep them up to date. The other thing we see a lot of, again, the second bullet is lost productivity frustrated people. That's the big thing, replacing them. And then newer software and hardware.
Mike Bazar: You can run into compatibility issues, especially when you start talking about Windows Ten and Windows Eleven and how does software work with those? You don't want people to lose productivity because their computers are slow. That is a problem. And as we look at remote work, as we look more at people working in different areas, this becomes a big deal. And Bo, you've probably seen some of this as well, is a lot of time we'll see we'll take over a customer, we'll roll out our new security software and the computers come crawling to a halt because they can't handle that new software. And so Bo, I don't know if you have any thoughts on that.
Mike Bazar: But that's one of those things that as this stuff goes on and this is the next slide, we'll talk about security risks, but you get that new software and it's doing more stuff than the old security software used to do.
Beau Dickie: Yeah, you run into issues where there's not enough Ram because the system can't be upgraded more or the processor is being bogged down because it's an older processor that doesn't match the new architecture. I mean, at the end of the day, if a system isn't running as optimally as it should when you add a larger workload to it that's running in the background, you don't see what's causing the issues. And sometimes it's because the hardware is old. The other aspect of it is that older hardware you can't get the security tools on there. In some cases it's old software that doesn't support the new requirements for some of the back end dependencies of software.
Beau Dickie: But all of those things are essentially a security risk because if you don't have the tools that are actively monitoring and providing the protection and security standards, then that system is now a vulnerability. It's a place for an attacker to go and hide without worry of being detected, to do whatever kind of damage they want to do, whether that's stealing your information, ransoming your systems, or impersonating your employees to force you to channel money out through ACH transfers.
Mike Bazar: Yeah, and one of the things I've seen in a couple of places is a lot of people go well, all my data is in the cloud. I don't need to worry about my local PCs or security or those kinds of things. And what I always say is that risk is still yours. Because if I can get on your PC as a hacker, I can do keystroke logging, I can capture data as you enter it or pull it out of your system if I can get access as you so just because your stuff is in the cloud and you feel like I can use older, slower computers because everything's in the cloud. There can be a real problem with that.
Mike Bazar: And one of the ones that we see with that specifically to hardware is Windows Eleven requires there's a chip set now, it's called TPM trusted Platform module, has to do with disk encryption and a bunch of these other kind of back end things that Windows does. That TPM chip has to be of a certain newness, a certain recent age or Windows Eleven won't run, it just can't. And that's what we see a lot of is it's not that a processor or the Ram can't handle Windows Eleven, it's that the TPM chips and those things are old. And then you start running into compliance issues because you can't encrypt data because you don't have the right TPM chip and HIPAA or PCI or whatever these other things. I don't you probably got something there to chip in know, I bring it.
Jon DePerro: Way down from Bo and Mike level. No one cares what a TPM chip is. Your insurance carrier said you got to encrypt your data. You just can't do it.
Mike Bazar: Right?
Jon DePerro: You just can't. It's not possible. Don't worry about chips and TPM and file vault versus BitLocker. Like, who cares, right? You made a business decision to manage risk, and one of the strategies for mitigating risk, financial risk, was insurance. Well, if the insurance is never going to get paid, why have the policy at all? That's how I come at it. Right, right. So everything Mike and Bo said is 100% true. I'm not discounting the technical validity of your statements, but the business function as a small business owner, what is the business function you're trying to achieve? Well, if my secretary dumps coffee in the file server, if a Russian hacker rans, whatever happens, insurance was a tool you selected. We're just telling you're not going to get paid because you said you'd have encryption and it's not possible.
Jon DePerro: And what I ask people to do is map these business functions to the technology. It's either going to support it or it's going to prohibit it. This is an example when technology is prohibiting you from achieving a business function. So let's have that discussion. Where are you trying to be six months from now, two years from now, right. And don't get caught with what I call operational surprise. Bo and I were on with a client. I'll make this real quick. Just this week, they're trying to pursue a government contract. That government contract, the qualifying packet says, are you using any end of life software or hardware? Well, they have a workload that's in a database that is multiple years out of date, but it works.
Mike Bazar: Right.
Jon DePerro: Going to that business owner, it still does what they needed to do, so they've never replaced it. But now they're sitting on multimillion dollar contract that they've been deemed not technically qualified to bid for because that database that actually doesn't have anything to do with the contract, but forces them to say on paper, yes, we use end of life software and servers. Yeah.
Mike Bazar: And I think that's the thing a lot of other side of this too, is we tend to talk about people think software, hardware, but even this can be networking stuff, right. The increased risk of data breaches if you have really old switches, they may not support virtual networking where we could do they're called VLANs, but again, basically, you're virtually separating traffic. One of the biggest heists that has ever happened in Vegas was because a hacker got into their network through thermostat control for a fish tank in the lobby. And so what we look at when we go in a lot of these things is we want to take old switches and get rid of them. Not because I'm trying to sell you stuff, but because we want to isolate the IoT devices, your thermostat, your cameras, your NVRs.
Mike Bazar: We don't want those touch the data on the network, the rest of it. So now we can separate those things, right. Same sort of stuff will happen with wireless. If you still use old types of encryption, that's really easy to hack now. And so you need something with WiFi Six and WPA Three and all these technical terms you don't really care about, but it's so that you can be more secure and keep your data secure. And it's getting to the point with a lot of this that it really is almost a selling point to customers. Right. There's a little bit of where people are numb to losing their data, and there's also some of it where they're just friggin tired of it. And so it is becoming more and more that you have to do it.
Mike Bazar: We're seeing different things like the FTC safeguards that came down just this year that impacts a lot of auto dealerships and legal firms and depends on how you deal with taxes and other things. In terms of CPAs, there's twelve categories or 15 categories, I forget, of businesses. But the point being there's this larger group now that normally didn't have any compliance standards other than PCI if they accepted credit cards or something like that now have to have these sets of safeguards. And some of that is data encryption and other things. And if you have really old technology, you can't do it. And that becomes a real problem. And we're seeing a lot of privacy laws come down as well. Like I know in Texas, it's the one I always cite because it's just easy.
Mike Bazar: And I'm in Texas, but if 250 Texans so it doesn't matter where your business is, 250 Texans are in your database and they have their data stolen. You're supposed to report that to the Attorney General's office, to the State of Texas. Well, what comes out of that could be an investigation. There could be other things they could find. You negligent in the way you're handling data. There's a lot of this stuff that comes out of it, and what we want to try to do is make sure you have the right technology to have the right standards in place that you can not worry about these things. And that's where a lot of people get hung up in this, is they just keep the old stuff and it still works back to that database, right? It works. It does what it's supposed to.
Mike Bazar: But at a certain point, it becomes a risk to your business and that becomes the real problem that you want to make sure you're addressing in a.
Jon DePerro: Reasonable and timely you know, I'm a car guy. You know me like anyone's met me in I'll start talking about cars within the first you know, Mike, as a business owner, you bought company vehicles, right? You have a regular maintenance schedule, you know about how long, based on depreciation and functionality, you had a goal for how long that car that you bought for the business would last. And then that car has tires. And we know those tires, they're supposed to last 50,000 miles, and we're probably not going to wait till we blow it out, probably at 45,000. Right. But we do that in business with stuff all the time.
Jon DePerro: The problem with it is we buy a tire that has a 50,000 miles rating, and then six months later, our state regulators come back and say, no tire can be used for over 20,000 miles. And they're like, well, why? Already bought the 50,000 miles tire? It is such a moving target right now with security, with compliance with all these standards. That's why it's so critical to at least have a map. If you've never defined how long you expect an It resource to last, how do you know if you've hit it or not? Part is just having a good partner, having a good account manager, someone to sit down with you and map out, when do we expect to start looking at replacing stuff and then have someone watching changes in your business to alert you to changes like the Texas law. Right.
Jon DePerro: Hey, bad news, Mike. We cannot with our current technology support this change. I see it all with insurance. Everything's good. We get your insurance good. You meet all the terms and conditions. Eleven months go by, you get a new insurance questionnaire, and there's five or six things that you no longer can click yes to. Yeah.
Mike Bazar: And that's one thing I would say, and I know that this is almost a compliance thing, but it falls into this, is if you have cyber insurance and you haven't looked at that policy recently, you should call your insurance agent when you're done with this call and see what the requirements are. Because that has changed a lot in the last six to twelve months because they all lost their shirts to cyber policies. They absolutely got cream because people had bad security in place, and they got just cream because people were using old technology, old cyber products. They weren't looking at the new stuff and adopting new methodologies around that. And that became a real problem and they just lost their shirts on it.
Jon DePerro: So two years ago they lost their shirts. So last year they raised rates and they made these questionnaires go from five questions to five pages of questions, right?
Mike Bazar: Yep.
Jon DePerro: I was reading a great article just two weeks ago out of England, but that cybersecurity payments have dropped for the first month ever payments fight. And the reason for that is not because there's less attacks. It's because those five page documents are being used to not pay premium, not pay claims. Right. They don't have to pay you because you said they asked an all question and you said well, we mostly do it. So you clicked yes, then you had a claim and they came back and said no. The question was all not 99%, not 90%, 100%. And so we're just not going to pay to claim.
Mike Bazar: Yeah. And to kind of keep on the technology side of this. That's one of the reasons we use a product that tracks governance and everything else is we're doing compliance pieces for people. And that falls into like two years ago, nobody was cared about the compliance standards per se. They didn't care. Well, John has always cared about them.
Jon DePerro: But I still don't care.
Mike Bazar: They weren't tracking like it wasn't things that it provider we're talking about now. We are because of all these things that are coming up where we have to start tracking it to prove that you're doing what you're doing. So again, it falls into this outdated technology. You have to track these things and look at them. We've got some other stuff we'll hit up here in a little bit, but to keep moving forward, just a couple of specific examples because everybody likes that. So in 2017, Equifax had a data breach. Over 143,000,000 people had their data exposed. And it came because there was outdated software that wasn't patched and there was a known vulnerability. Same thing happened in 2019 when there was a Marriott chain breach and then the Colonial pipeline, they had a ransomware attack and it was the same.
Mike Bazar: They were using outdated software. It wasn't patched. There was an old user that wasn't patched. They weren't using newer technology around sock and monitoring these logins and other things that would look for these systems to say, hey, this person hasn't logged in for six months and all of a sudden they just logged into the system. That might be a problem, right? And all these other technologies that are coming out around the security side, that's why we adopt a lot of those and keep pushing forward. Because all these hacks as they happen, almost all of them are happening because there's known vulnerabilities. There was the big one that happened that isn't even on here. There was a few years back where I forget which worm it was, but the WannaCry.
Mike Bazar: And it went across all Europe and it shut down like the health and the hospital systems in the UK and everything else. And it all attacked a known Microsoft vulnerability that wasn't patched on a whole bunch of computers. And so they had outdated technology, outdated patching, and that brought an entire country's hospital system to its knees because they didn't do the right patching, because they didn't keep the technology up to date. And so that's where all these things really start to come together. And you realize that not only do you need the right hardware, you need the right software, you need the right updates, you need all these pieces to be up to date or you end up losing out and oftentimes back to the first slide.
Mike Bazar: We just think of it as lost productivity or it's slow or maybe it crashes once or extra. But all of this stuff is starting to come together in a big spider web of you just can't have outdated technology anymore. Right? So a few things on how to mitigate security risks of using it, right, you have to keep track of your software and your hardware vendors and know what their security bulletins are. So you can either go sign up a lot of them have support type emails they'll send out with security bulletins and other things you need to apply security patches when they're released, which is great, but in itself sometimes can cause issues like print nightmare. When it happened, Microsoft released a patch to solve a printer security problem and it caused more printer problems in the way they did that.
Mike Bazar: So then they released another patch to update it and other things. Make sure you're using a firewall. And this is the one we see a lot of the time where people have a firewall but they haven't updated it in a long time. We had a customer who had a firewall, we kept telling them to update, it was a comanaged thing. So we kept telling their in house people, update your firewall. There's a known vulnerability, there's an own vulnerability, there's a known vulnerability. Do you want us to do it? And they kept saying no, we'll do it. And then our security software alerted that somebody across the internet was trying to mount shares on their server and steal all their data and they had to go pull their internet connection and shut everything down. And it was all through this known vulnerability.
Mike Bazar: And so they'd updated it never would have happened. We caught it, no damage happened. Which is good. But why have the fire drill for an hour and a half, 2 hours? Their whole system was down. They couldn't sell, they couldn't transact, they couldn't do what they needed to do because they had to just go pull the internet, then go back and update the firmware, make sure everything was right, make sure there wasn't a security problem. All this happened because they didn't update the technology the way they were supposed to. Make sure you're using strong passwords. But on top of that, multifactor is a big thing. And that's again, newer types of technology. Multifactor has been around for a while, but it's being pushed more and more. People tend to be resistant because they feel like it's a pain in the butt.
Mike Bazar: But that's one of those things that will stop a huge amount of these hacks is just having multi factor and that's where you get code in your email or ideally you're using like Google Authenticator or AUTHI, microsoft Authenticator getting a text to your cell phone. But it's where you either have to put in an extra six digit code or. Click a link to verify in your email that you are who you say you are. When you go to log in, educate your employees about cybersecurity best practices. Again, we do a lot of cybersecurity training. There's some products out there you can do it with. But two years ago, three years ago, weren't having these conversations.
Mike Bazar: Just the other day we had a customer that gave away their password to somebody and then that guy logged into their email and we found it and we fixed it before bad happened. But it was because they didn't have two factor turned on because they weren't doing education right. All these things can happen because you aren't using the newest of this security technologies and other things that are out there. And the thing I would say about that last bullet point of hire a trusted provider, an It provider is a lot of those other things are hard to do, they just are right? And a lot of companies either. You can't hire a jack of all trades that can do everything well.
Mike Bazar: They do parts of it well, and I'm not knocking any of this, but we see it a lot in companies that are maybe 5100, 200 users will have one in house It person and they're so busy doing all the day to day, they can't do these other things. And so we do a lot of kind of co managed things where we can help with the security and the compliance, help augment, we can take it all over whatever works for your business. The point being to do all of these is hard and difficult. And if you don't have a good It provider that's doing it, you're opening yourself to risk. And that's the other conversation you would have is if your It provider is not talking to you about these things, not having somebody come have different conversations with you, that can be a problem.
Mike Bazar: And that in itself might be a reason that you want to look. And at a minimum, you should have the conversations with your It provider. And if they don't give you answers that you like, might be an option to go start shopping and saying, hey, you're not talking to me about how you patch and how you keep everything up to date and how we're educating people and how we're doing MFA, all those things. And I want to know because this is my business and my baby and the thing that I've built. And so don't let these things kind of age and get old and not do something about it. Make sure you're having these conversations as well.
Jon DePerro: Yeah, concrete, tangible example. That's what Mike said earlier. Windows is announced. Microsoft announced Windows ten hits end of life in 2025. There's a myriad of reasons it's all security based, but there's reasons that means end of life. No new patches, no new they don't care what happens to it. So if you're a business owner, you should know exactly how many Windows Ten machines you have, and you should have a date on a calendar that you've decided they will all be replaced by then and replaced doesn't mean I put in the order on Amazon hoping that it's shipping. Right. That is replaced. Up running users files are transferred, like everything. Right.
Mike Bazar: And the thing is, that doesn't have to be painful. A lot of the time. What usually happens is you don't think about it. Keeping technology up to date is not important. The end of life comes up and now you've got 30 days to replace 40 computers. And that's painful. But if you start now, hey, let's replace a couple a month, go for the old ones, let's replace those and just escalate through. And we can work it in with budgets, we can work it in with need, we can work it in all these different things. But if you wait until it's 90 days till end of life, and you have to be HIPAA compliant, PCI compliant, CMMC compliant, all those things that say, how do you patch? And now your answer is, I can't, because they don't release security updates.
Mike Bazar: You instantly have this problem that can cause a lot of problems down the road. And so you need to stay ahead of that.
Jon DePerro: You don't have the problem. Every procrastinator in the world has that problem. How many companies are going to wait till the last minute to replace their Windows Eleven devices?
Mike Bazar: I'm glad you asked COVID supply chain all over again.
Beau Dickie: Yeah, it's good that you asked that question because it's happening right now. Server 2012 is end of life in October. Server 2008 went end of life last year. Server 2016 is next on the chopping block. And it's all mostly because of security issues. Some of it is feature sets. They've got new features that are available that aren't backwards compatible. But those servers, you can do a quick scan of the Internet and look and see. And there's still over 180,000 in the US alone of Windows Server 2012 online talking to the Internet right now.
Jon DePerro: Yeah.
Mike Bazar: Which means there's more that are behind that we can't see. Right? Right.
Beau Dickie: That's just the ones that we can see with a free open security scan of the open Internet without breaking any laws.
Mike Bazar: And we'll talk a little bit more about end of life here in the next slide. But one of the things, and we've kind of gone back and forth as we've weaved through this, because they're all very closely related, but the big thing on this slide is steps to mitigate compliance risk. Right. So one of the things is you have to know what it is.
Jon DePerro: Right.
Mike Bazar: So you got to stay up to date on the latest regulations, what impacts your industry. PCI is getting major updates that are all rolling out. And if you accept credit cards, you need to know what that is, and a lot of what this does is it makes it and this is john is always good with this, right. So if you accept credit cards and the ODS of you getting sued or failed out of a PCI, audit are usually lower than most people worry about, which is why people generally go, what's PCI compliance? I don't care. The problem becomes when somebody abuses your account, right, your terminal and your credit card machine, whatever it is, they hack into your computer, they make all these fraudulent transactions, and you go back and say, I don't want to be responsible for those.
Mike Bazar: As these new agreements come out, as these new compliance requirements come out, those credit card vendors are coming back and saying, you didn't comply with the agreement, you're liable for that. So where before normally you'd be able to say, hey, that $50,000 in fraud, that's their problem. It now becomes your problem depending on what agreement you signed, what your contracts say, and what the regulations are talking about. Yeah.
Jon DePerro: Landry's restaurant chain, bunch of restaurants, probably 1100 locations. Now, understand that's a big enterprise, and I hate giving huge examples to people because most of the people on this call are SMB. Right. But legal precedence usually comes from big enterprise. Right. So Landry Seafood had an issue. There were Bazillion visa that got compromised. A Bazillion Visa transactions were found to be fraudulent. Visa went around doing audits at restaurants. It wound up being $30 million for them to send the forensics teams to go do all the audits. Landry's was found to not have been in violation of anything. They weren't they were generally within the terms and conditions. So Visa hands them a bill for $30 million and say, what was the cost of making sure you are compliant? And Landry says, well, wait, we didn't do anything wrong. Right.
Jon DePerro: They said, you're right, but the contract you signed said, if there is a breach, you'll bear the cost of the investigation. And it went to court and Landry's lost. That was the deal you signed. And I will argue, Mike, I'm going to put you on the spot as the business owner. Will you raise your hand and swear you've read every page of every contract you've ever signed with every vendor?
Mike Bazar: No, I mean, that's it. We haven't looked at all of them. We generally look at it. We run some of them through.
Jon DePerro: Sure. Yeah. I'm obviously putting them on.
Mike Bazar: That's it. There are parts in there, right. And that need to go back and be reviewed or changed. That's one of the things I would say we do, especially with John. Right. We go back and look at it. And so as those contracts come up, we're reviewing those better than we ever have before, because we're adapting to the new technology and regulation. And that is one of the things that we do with customers. Hey, part of Onboarding, let's meet with your insurance agent. Let's look at your PCI agreements. Let's look and see what these are. Because if we can find the gotchas, you can either buy insurance to mitigate it, you can accept the risk, you could throw cash in the bank somewhere, or you can tell that credit card company, I don't want this agreement anymore.
Mike Bazar: And we're going to go find a different agreement from a different provider that has more favorable terms back to and.
Jon DePerro: You can tell, like, I'm sick of a Mike because he's got my favorite phrases informed risk decisions. That's the goal. No one's saying don't take credit cards. All I'm saying is there's a reason why one costs three and a half points per charge and one costs five points. Right. Whatever industry you're in, you can tell your prospects why you cost more or less than other vendors. Their Kia doesn't cost what a Lamborghini costs. And that's okay, right, with the It stuff, most of our clients that I see mike that we support, they truly don't understand the It ramifications of why one credit card vendor is three and a half points and another one's five points. Or why one insurance policy is $8,000 a year and the other one's $6,000 a year.
Jon DePerro: Because they just see, well, they're both a million in coverage, so I'll go with the cheaper one. Let us take a look at why those sneaky hidden terms that you're agreeing to.
Mike Bazar: Yeah, for sure. So anyways, running down the list of this, right? You've got to make sure you know the regulations. You got to review your technology to make sure it's up to date and compliant. Like, we'll talk in a minute. We've already kind of talked end of life, end of support. Those kinds of things become really they matter. Have a plan in place to respond to the data breach or security incidents. That's a big piece of that. And then educate your employees about best practices. Again, number four is probably one of the easier ones to do, and a lot of people don't do it. It's just a matter of having a service that sends out education, makes sure people are trained, tests them on that, looks for the weak spots.
Mike Bazar: And then you find out that Susie in accounting clicks on every single phishing email. Well, let's go educate Susie, and let's go find ways that we can maybe mitigate risk around Susie. Have we limited her access to things? Can we monitor it? Can we turn on a different service? There's things we can do to help mitigate those risks, but if we don't know where they live because we haven't adopted the newer technologies, then you just kind of are walking around with your pants on. So getting into and we've already kind of talked about this end of life and end of support, right? A lot of people don't think about this, and they just think, I have a switch. I'll run it till it dies. I have a PC, I'll run it till it dies.
Mike Bazar: I have a server, let's run it till it dies, then I get it. Because we want to, as business owners, get everything we can out of the investment that we've made and that isn't a bad thing until it hits an issue and you can't do the security that you want, you can't do the compliance that you want, it becomes an actual performance problem. We've seen a lot where we'll take people that have databases. Server is good, everything is good. It's running on old traditional spinny hard drives. And if it's a big database and we can move that to solid state hard drives, it's ten times faster than it was. That is a huge increase in performance. Which means every query every person in your company makes off that database is quicker and faster. That means they're more productive. That's a benefit.
Mike Bazar: But that's because in new technology and so a lot of the time we might look at it and go hey, your server is good. This is going to be supported for another few years. But why don't we replace these hard drives? Why don't we upgrade this piece of it? Why don't we add a component? When you put this server in, you put in X amount of Ram, which is short term memory and the stuff you're using could take advantage of more. Let's upgrade it because we can do these things. So again, kind of bringing this back, sometimes the technology just needs the upgrade for the speed, for the process, not because of security and compliance for other things.
Mike Bazar: But a lot of the time when you get to end of life and end of support, what that really means is nobody's going to support it anymore. So when a hacker finds a way in, nobody's patching it, nobody's going to go back and make sure that they can't. Nobody's shutting the door on that vulnerability. And if we don't shut the door on the vulnerability, you're just constantly exposing yourself to more and more risk. And then from a compliance perspective, from some of these other things, like again, back to the government contract, if part of that says how do you patch, how do you do this? Make sure that you have capable security and you can't, you can move yourself out of compliance and now you can lose contracts. You could lose potential to do business, right?
Mike Bazar: Your credit card company may come back and go hey, we're going to charge you x thousands of dollars a month because you're out of compliance and you can't update that software or that hardware like you're supposed to. And so there's a lot of these things where it really starts to matter and you need to make sure you pay attention and know what is end of life, what is end of support. Again, hopefully you've got a good trusted It provider that's doing that for you. Having those conversations that we're going out and looking at it because that's what Bo and his team, they spend a lot of time doing is tracking that through our systems and making sure that we know what's end of life that we communicate with our account managers who are communicating with our customers.
Mike Bazar: And so they're coming back and saying, hey, did you know Windows Ten is going to be end of life in 2025? And we want to have a conversation about how we need to do it because again, if you got three computers you could probably buy those tomorrow and it's not going to kill you but you've got 30 or 300. We need to really start planning this because if you have a lot and you're in that bigger range, if you've got let's say 500 days, I don't know what the days are until it is. And you've got 300 computers that's replacing a computer every couple of days to make sure that you're up there. That's a lot of work if everything's Windows Ten.
Mike Bazar: So that's where we want to make sure we're really looking at these things, building plans and not letting stuff get to end of life and end of support because it's just an unnecessary risk that you don't need to take as a business. And so one of the ways you can do that right, end of life, they support technology issues, right? If you're waiting that long, it's probably just mean if you're waiting to replace servers until they're end of life or end of support, maybe slow, you're going to lose a lot of productivity. Again, back to that stat of intel saying if you replace desktops every three years, that fourth year it'll pay for itself and increase productivity gains.
Mike Bazar: And we see that a lot where people have really old servers and we put in new and they're like wow, this is fast, or we move it to the cloud or do something that it looks at. And what that really adds up to is and you hate to say this because I don't always want it to seem like it's a headcount thing, but if you have ten people and they're all 10% slower, you probably, if you kept your technology and things up to date, could run that same business with nine people instead of ten people. That becomes productivity gains. And maybe it's not that I want to get rid of the 10th person, but now I can grow and not hire eleven, right? How do I continue to grow and be more profitable and do more things with what I have?
Mike Bazar: And a lot of the time that comes back to having the right technology in place to make you more productive, to lower your security risks, to move you further along that productivity chain because there's a big labor crunch that has happened and COVID masked some of it. But if you talk to a lot of economists and other stuff they're basically saying with Boomers retiring and big other people coming into the workplace and as the economy is growing, we might face a labor shortage for the next several years. So having effective technology that makes you more productive becomes an actual need now, more so than people look at it, because we just need to try to do the same job with less people because we have to.
Mike Bazar: There's going to be less people that are going to fill some of these job roles and other things as we go forward or they're going to be changing jobs and other things as we go. So newer applications also become less and less compatible with older aging tech. And then overall, your performance starts to drop, so it takes longer to do things. Here's a list of stuff. End of service dates. This is just for Microsoft, but we use this as an example, right? If you have Windows Seven one 2023, it was out of support. So you're Hooped. You have Windows 8.1. Same Server, 28, same Windows Defender. If you have old software, you start running down this list and you start looking at, oh, I'm using Office 2013, that's not supported anymore.
Mike Bazar: So now they aren't going to fix problems with macros and other things that might cause security risks because that's a real vector for people to attack. So that becomes a risk. You start looking at Excel 2019 and for Mac and some of these other things and those are out real soon, right? PowerPoint Office 2019, that's all going to be out real soon. So are you talking about how do I replace Office to the newest version so that I'm not out of compliance with that? Right, so there's these things that you're going to start getting end of support dates and stuff creeping up. And if you're not paying attention, it becomes a real problem and a real expense. And so you want to go do that. So there's a website out there called endoflife Software we use that.
Mike Bazar: You can go look at it, look at your software and other things, but it's a searchable database of over 100,000 products and pulls up news articles and other things, but also end of life and end of support. And so a lot of these things are the big important things that we have is making sure that you're not end of life. Productivity gains. How do you comply with security and compliance requirements for legal contracts, cyber insurance, some of these other things that a lot of the time when we say compliance, people think it's a regulated industry. But a lot of the time. It's just being compliant with the contracts you signed with your vendors, compliant with the industries that you're in, like HIPA and other things. Compliant with the states that you operate and their privacy laws.
Jon DePerro: I'll tell you Mike, what we stay busier with is if you will out the term compliance requirements from people's customers saying, hey, we're doing vendor due diligence. And that used to just be financial, right? If I'm going to go with Mike's ball bearing company as my preferred ball bearing vendor because I need them in my factory, it used to be very financial, right. If I sent you a big order, can you actually process it? Do you have enough cash reserves? If I make you my guy, will you be there when I need you? Well, that's 100 year old process and they've got that down. What they've realized now is the thing more likely to knock Mike's ball bearing out and therefore put my lawnmower factory out of commission, right? Is cyber, right?
Jon DePerro: How resilient is Mike and his ball bearing factory to a cyber attack? Do I have to get a bad phone call from Mike saying I can't ship you ball bearings for two weeks because my end of life server wasn't patched and now it's been ransomware. Know it's going to take us like two weeks to be shipping again, right? And we're seeing that not just in manufacturing. Bo and I were on a call today that was clerical office support staff. Six months ago, you wouldn't have seen that. But here it is. It's more than just HIPAA. I get HIPAA, right. And the HIPAA police are not coming for you. The world is going to ask you, are you doing the bare minimums, and can you prove it now?
Jon DePerro: Where do you look for your list of bare minimums that we can help you navigate that could be your client, could be your state government.
Mike Bazar: Well, and some of this just to try to keep it to how's old technology, right? I mean, the point of the webinar is what we get back is these conversations happen. Old technology makes it harder to comply, makes your people less productive, makes it so you can't track things, makes it so you might not be able to comply or have the security that you need. And again, a lot of what we want to go back and talk about and if you guys have questions, by all means chuck them in the chat. But what we really wanted to make sure we're covering in this isn't just because if we do a webinar, it says old stuff makes you not productive. That's like 35 seconds and people get it.
Mike Bazar: But where they miss it a lot is the security, the compliance, these other pieces that come in. And so I don't want to feel like it's running off in one of the direction or the other and you're thinking, I wanted to figure out how old technology matters. To me, that's where it matters now. More and more, the risk that you create by having old technology becomes the problem over just susie's computer is eight years old and kind of slow and we're going to replace it whenever we feel like it because Susie doesn't do a whole lot or whatever that case is, right? And now we want to start looking at how do we make your people more productive, how do we make sure we maximize labor efficiency?
Mike Bazar: How do we make sure we maximize the people that you have, how do we make sure you're compliant and don't lose business and opportunity because you weren't compliant, because you had to stop and do these things because you got hacked and it brought you down because you didn't want to update stuff, right? Something as simple as that TPM chip were talking about before. The reason why that even matters is you lose a laptop and it's encrypted and you can prove it. You have some level of safe harbor around that in terms of data breach, but if it isn't encrypted or you think it is, but you can't prove it now becomes a reportable incident. And that's a whole different thing because somebody accidentally misplaced a laptop for four days.
Mike Bazar: Well, your insurance or compliance might say, you have to report that within 24 hours of knowing. Well, if they just misplaced it for a few days and they're pretty positive, it can get stolen. And you can do all the other stuff for safe harbor, you might have a window there where you can say, let's go find it before I have to go reported.
Jon DePerro: How many times has an employee checked a laptop in a suitcase that didn't show up for two days or three, right?
Mike Bazar: Now, if you can't prove it was encrypted, that's a reportable incident. Then it shows up, and you're like, well, crap, we just said we had a data breach. But you didn't really have a data breach. You just had to report it because you knew it was missing.
Jon DePerro: That's right.
Mike Bazar: It wasn't supposed to be. And you can't prove it was encrypted because you had old technology, right? That's where all this starts to come full circle of becoming a real problem, and you just don't want to have to go back and report it. And again, maybe you say, Well, I don't have any of that. Regulation 250 Texans data is on that, not to mention other states. You do have to report it, right? Because that's what the law says, and you have to go comply with that.
Jon DePerro: The two calls Bo and I had this week, I mean, this week not like six months ago. We had it happen once, twice. This week we're on with clients who it's their customers saying, we can't do business with you if you don't do it. Now they're under the gun. They're trying to sign a contract. They're being asked, do you do this?
Mike Bazar: Yes.
Jon DePerro: No. And the answer today is actually no, you don't do that. Right. So how do we get now we're in this fire drill to get them to quick? Yes. If we would roll this back to those strategy meetings and say, are there any contracts you want to pursue in 24 that you currently don't do, like government contracts or state education. Like education. Mike, if you do education, call Mike, talk to Mike and his team. There's stuff coming down the road for you. Be prepared for it. If you want to sell into education. There are compliance issues, so it's not just about it. Well, I got to send email, so I guess I need it. It's about what business goal do you have?
Jon DePerro: If your goal is to sell to schools, it can either prohibit you from doing it or enable you and end of life back to this thing. One of the biggest thing is unmanaged software and devices. And the biggest reason we can't manage software and devices is because they're old.
Mike Bazar: Yeah, well, for sure. So kind of wrapping up here. I don't know if Bo, you have any closing thoughts or not just because you've been quieter, but if you guys need anything, you can email us info at vector Choice. There's a phone number you can email myself, Bo or John. Those are our emails. We watch them, we monitor them. We're happy to respond to people if you have questions, concerns or thoughts. But the big point of all this, if you aren't sure a lot of the time, the next good step is say, hey, can we do an audit? Can we have a conversation? Let's talk about this, because I don't know where we're at and I don't want to get caught unexpectedly having to upgrade a bunch of computers or do something or whatever the case is.
Mike Bazar: So shoot us an email, ask for help. We're always happy to help with that. But Bo, you have any kind of closing?
Beau Dickie: I would my big thing is I would say that if you are already if you're unsure, it's cheaper to pay me to do an assessment than it is to pay me to do incident response. And I'm happy to do it. Even if you're not worried about whether or not you're doing some of the things. If you just want an idea of what a threat actor is looking for and how they're going to find a way in, give me a call, pick the number, shoot me an email. We can get something on the schedule because that's something else we can do for you as well. To show you where the gaps are at.
Mike Bazar: We can do some fairly affordable kind of audits, even if you have an It provider, just to keep them honest. Right. We get audited by our we have a third party audit us to make sure we're doing what we say we're doing because we want to be able to check boxes and say were doing them and that somebody else said were doing them. It wasn't just us. And so a lot of the time we'll find that where somebody has a third party It company and they just aren't sure what we can do. An audit. And if they're good, great. You know, they're doing what they said they were doing. And if they aren't, that's a different conversation.
Jon DePerro: Or your in house guy, you may have an in house It guy. And the client that Bo and I were talking today, all their stuff was end of life. He's actually really smart. He's getting more done for his time and budget than any human on the planet. But he has a time. I mean, there's only so many hours in a day. He only has a budget that he has. He has to put the fingers in the dam. Right. He can't plug them all. He actually loved having us come in and show his boss this is all the stuff one man's not able to keep up with, and he just got an assistant hired. So even if you are an It guy at a company, let us make you look good.
Jon DePerro: Let us help you get bigger budget right, and show this is not something one person can do on their own.
Mike Bazar: Yeah, no, for sure. All right. Well, with that, I don't have any other slides on that. I think it was good. Again, if you guys have any questions or anything else, by all means, shoot over an email. Again, that was the firstname.lastname@example.org. Or give us a shout. You can just check out the email@example.com. But we appreciate everybody hanging out with us today, and we'll see everybody next time, next go round.
Beau Dickie: Absolutely. Thanks, everybody.