Jun 30 2020 31 mins
Episode 5 of Stupid or Irresponsible with Justin Shelley, CEO of Master Computing and Joe, CTO here at Master Computing.
Subscribe to Stupid or Irresponsible Podcast
Spotify | Apple Podcasts | Google Podcasts
Resources:
Please to take a second and go to: www.master-computing.com/discovery and book a 10-Minute Call with me, Justin Shelley, and we will make sure that you guys are properly protected. We’ll make sure you have a plan in place. And that you will be able to sleep at night knowing that your company is safe, your data is safe, and your people are safe.
Show Notes:
In previous episodes, we’ve broken down some dumb things we see people do. We’ve talked about dumb things we’ve done ourselves, we’re not immune to that. But this episode is a little different. Today we are going to talk about working from home environments. (1:30) We’re going to break down the ramifications of this massive migration to a work from home environment
Here we are. Today as we record this it is June 30th, 2020 and it has been a hell of a year, am I wrong?
- "Initially when the COVID lock down hit everybody just did this mad dash to work from home… Our clients all wanted to work from home immediately, and many of them are still doing it." (1:40)
- "Nobody saw this coming – so it’s not that we couldn’t have done a better job at pushing people into the home, working environment. It’s that there wasn’t TIME. And a lot of time there wasn’t resources – cameras for example you still can’t buy a webcam – not a good one." (2:33)
- " We’re going to break down the ramifications of this massive migration to a work from home environment" (3:10)
[3:20] - Talking about how they were attacked this morning
- We are a security company! It’s we eat, breath, and sleep this stuff. We’re always talking about it. We record podcasts on it, and listen… When we do this, we’re taking our own notes, improving our own security every day. At least every week we’re meeting about it, talking about it.
BUT we’re still potential victims to it… Even Master Computing, Managed Service Provider for many Medical Facilities.
[6:35] - Step 1: What are the events that led up to this thing, what happened when it did Blue Screen, and is that something that we need to patch fix, repair?
- Port Scanning – looking for holes and exploit vulnerabilities.
- Geo-blocking: We generally Geo-block meaning we can block separate countries with our firewall, we have an enterprise grade firewall that can block stuff from Russia, block stuff from the known perpetrators. [9:02]
- So, I just wanted to point that out. And I wanted to publicly thank you, for taking this seriously and digging in and protecting, not only our network and our business but the work you do behind the scenes for our clients. So that, people can rest at night knowing that this has been taken care of" (11:00)
[12:04] - DDoS: Stands for Distributed Denial-of-Services
- DDoS: When you have a large collection of computers (very large – that’s what makes it a DDoS vs just a DoS) a large number of computers that just try to ask your server or network questions – they just ask billion and billions of questions until your computer can not handle any more. There are vulnerabilities when something is at MAX capacities.
- Botnet Attack: a large collection of computers that are trying to just, you know, bug us. And trying to slam our systems.
[14:30] – Vulnerabilities in your networks:
- Turns out there WAS a vulnerability – call a “zero-day patch” – meaning it’s exploitable today, it’s known, and it’s out in the wild in production. This very well could be going on with Office 365. Any of your normal day-to-day applications.
- "Any of your normal day-to-day applications. They could just throw a new update out on the web, expecting you to look at it. But, if you don’t and have no idea about it then you now become the most vulnerable target in the world just because of that. " (16:30)
- You can definitely imagine that a freeware version – maybe Google Chrome, Firefox, any of those kinds of things. Keep your eyes open!
[17:00] – The point is: We are an IT / Security Company. This is what we do night and day. And STILL here we are, victims of at least an ATTEMPTED attack. Did they get through, steal any information, did they breach our network? NO… WHY? Because Joe is a badass.
[17:27] – Why you should invest in IT services:
Justin: I’m just going to make this point really quick. I know technology to some extent, I own the company, I started off as a technician, I’ve got the background. I still don’t do my own IT work because I don’t have time.
- I cannot put the time, energy and focus into doing what you do Joe, because of all the distractions I have.
- When I’m out talking to business owners who tell me they do their own IT… Guys THAT is stupid.
- (17:50) - "You do not have the time, the ability, the experience, the day-to-day, in the trenches, knowledge. To be able to do this on your own. You just don’t!
[18:05] – Example of an Attorney and why you CAN'T mess around when it comes to Security. The guy is $400/hr is his billing rate and he does his own IT work. That’s stupid. I’m sorry, that’s just flat stupid.
- (18:05) "What’s smart: hire us, hire somebody (like Joe!) who is always in the trenches, sleeves rolled up, preventing this kind of attack.
- This could’ve been bad had it gotten through. It could’ve been life ending for the business if it weren't for Joe.
[18:55] - We wanted to talk about this mad rush to work from home and the additional security challenges that were introduced to it.
[19:30] –Today we’re leaning on an article that we read that supports this theory that is was not really the best move to push everybody to the work from home environment so quickly even though there wasn’t much of an option. But there was a company that did this and they were hit.. Financial management company
COVID hits, like everybody, there’s this massive rush to tell everybody to take your work home with you.
(21:05) – What happened to this comp...