Cyber Security and IT Support: How to Prevent a Catastrophe

Cyber Security and IT Support: How to Prevent a Catastrophe—with Yiddy Lemmer

Our guest is Yiddy Lemmer. He is the Founder and CEO of CompuConnect. It’s a managed service provider that provides small to mid-sized companies in New York City and surrounding areas with the technology and cybersecurity needs. This episode is a little different. With the rise of cybersecurity threats and the importance that IT plays in every successful company, we figured it is time to bring on an IT professional.

In our interview, Yiddy and I discussed why now, what changed and how you need to be prepared for it. We also spoke about the importance of the mindset of a business owner when it comes to it. More importantly, we went through some practical advice you could share with your team to be on the lookout for any threats that could come your way. Without further ado, here is my interview.

—

Yiddy, thank you so much for joining me on the show.

Thanks for having me.

Our readers are used to bringing all kinds of different speakers, experts, and thought leaders. A lot of it is focused on building businesses, culture, and everything you need to know to grow your business. I always say that when you work on your business, you have to make sure that you focus on every cylinder a business has. What’s happened in the last couple of years more than in the past is that IT plays a huge role in the success of a company for two reasons.

One is we rely on IT to be able to serve our customers. More importantly, if that goes down, we can have issues on different fronts of our business by not having a reliable IT infrastructure. We have worked in the past together. I figured that you are an expert in this space, therefore, I want to bring something different to our audience. We want to dive in a lot in the IT infrastructure.

What are the issues and threats out there? How could you proactively work on your infrastructure to make sure that you are paying attention to it? It reminds me of a story before we’ve got into the episode. I spoke to a CEO a couple of years ago and was like, “What is the biggest challenge in your company?” In your role that you have?

Once upon a time, a CEO in a company was usually the person that grew from the mailman, and then ultimately to the operations supervisor and 5 or 10 years later, the CEO. Basically, they knew everything in the company. They’ve got into the CEO role knowing everything about the company. CEOs now are making multimillion-dollar decisions related to IT, software, technology that they have never studied or learned. They have to trust their own team or the IT professionals about it, which sometimes they have to make sure that the network is secured and everything is in sync.

For our readers, even if you have a small company, understand what type of role IT plays and the ramifications of what’s out there, therefore, we bring you this amazing interview. Hopefully, you will pay attention to it. To get started, bring us a little bit back to your journey. I know you live in IT and love it. I have seen posts on LinkedIn. I get emails about it. Tell us how you’ve got into this space.

I’ve got an early start in IT. I was exposed to it at around the age of 9 or 10. I have a childhood neighbor on the block that had an IT company. He was running it out of his basement. I used to hang out there a lot. I started by organizing the shelves, cleaning up the space, and asking millions of questions, probably being annoying. “What’s this and that? What’s this and that for?” The new shipments would come in. I would unpack those shipments, put them on the shelf and familiarize myself with different hardware, which then went on to set up new computers. People would come in and drop off the computers that had a virus.

The computers are already messed up. It can’t get that much worse, so why not have a crack at it first? I used to mess around. If I was successful, it was great. If I wasn’t, it’s no harm, no-fail. Slowly, we get into bigger and bigger tasks. I would go out to jobs. Before I had a driver’s license, I would be sent down to clients. I was a little kid but I would go and serve clients. I had the first private business that I served at the age of fourteen. It was balancing school. Whenever I had a job, I would go for the job. Whenever I didn’t have work, I would show up in school.

I know the teachers had conversations with my parents that I had to choose my route. By sixteen years old, I had my first full-time job. I was hired as an IT administrator in a watch company here locally in Brooklyn. I’m very thankful for that opportunity. I was there for many years. That was a huge part of my development. My boss, at that time, did a huge gamble, and it paid off for me. I would like to say that it paid off for him as well. I launched my company in 2017, an MSP, Managed Service Provider, and here we are.

First of all, this is a fascinating story. I have spoken to you many times but I have never heard this part of the story. That’s why I asked about your journey. How much would you say your passion in the early part of your career when you started developing a passion towards this space has helped you to where you’ve got now?

LTB 98 | Cybersecurity
Cybersecurity: You need to have that drive and passion to pursue something. God knows that being a business owner today is very difficult.

It was very rough. I was on my own for the biggest part of it. I was self-driven and self-motivated. I didn’t have cheerleaders on the side pushing me to grow and get better and better. A lot of it was self-motivated. I needed to have that. If I didn’t have that drive and passion, there’s no way I could have gotten this far and continued doing what I’m still doing. God knows that being a business owner now is very difficult.

You mentioned before you launched in 2017 as a managed service provider. IT in the earlier years, I remember when we started our company was who sells computers, and that’s about it. When you need to install Windows, that was the next call or maybe my computer is slow. I need to replace it, add memory, and stuff like that. The landscape of IT changed dramatically. Give us a little bit of a glimpse of how much stuff changed, and let’s get into the why.

Technology is evolving like crazy in every area, not just computers and networking. When I launched my company, I didn’t go in with the mindset that says, “I’m doing IT for somebody else now. Let me do it for myself. I can make more money. I’m doing all the work anyway. Let me open my own company.” That wasn’t the mindset. When I opened my own company, I had a vision of what I wanted it to look like, the type of clients I wanted to serve, and the service I wanted to deliver. It was going down this path of being a managed service provider to a certain type of IT company. I did as much research as I could before launching to try to learn from other people’s mistakes so I don’t have to recreate the wheel.

There’s not much you can do to prepare before launching the company. You can do all the reading and watch as many interviews as you want. You can’t fully prepare for it but I did have a very good sense of what direction I want to take in the company. That still holds true now. There is not much change on that front but as far as technology as a whole, technology is evolving like crazy. The main focus is cybersecurity. It’s getting worse and worse. The threats are getting more and more real, and coming down lower and lower to the smaller businesses every day and week, increasingly often.

When you say cybersecurity for the average small business owner, I understand enterprise or business. We hear data breaches of large corporations. You get those emails, “Your email or password might be exposed. Please go ahead and change it. Financial data was breached,” and stuff like that. For the average small business owner, what is cybersecurity? What is the threat? Why did you say technology is getting worse? Let’s discuss a little bit more proactive what people need to do.

For a small company, they have their QuickBooks, emails, and inventory software. All that stuff is at risk of getting hit. If you get hit by a threat, you risk losing all that information. QuickBooks is the lifeblood for many companies. If they lose their QuickBooks, forget about the financial data or their inventory systems. Everybody has one of those. Some of them took a step, and they went cloud-based. Cloud is not immune to a cyber threat, which is a big myth. Every business needs to have a financial package, some type of inventory or a tool that they use to serve their clients. If you get hit by a cyberattack, you risk losing all that information.

What are the proactive approaches that a business owner reading this needs to know or be aware of to be able to know that their infrastructure is secured?

The very first step is the mindset. A lot of people are not bad or arrogant. They are just not informed. They don’t know better. They know their trade and what they are good at, and they guess about everything else. A big misconception is that, “I set up security. I’m good and safe.” The thing is that security is constantly evolving. Just like the threats are getting worse and worse and more sophisticated, your security needs to keep up with that pace. If not, at least stay 1 or 2 steps ahead. That’s one big thing. It’s a mindset thing. There’s no such thing as setting it and forgetting it when it comes to IT or cybersecurity.

The things that you can do on your own to better protect yourself, the very first thing you want to make sure of is you have proper backups. Those backups need to get tested at least once a month. If something bad happens, it’s going to be there for you in case you need it. You can either do a full restore or if you want to go in there and grab your QuickBooks and confirm that it’s working so you can have peace of mind but backups are definitely a critical thing you must have in place.

There is something that I read online, which is, “Most of the threats come in from the weakest link in your team.” It means that the people that you expect the least. Share with us a little bit what that means.

You can implement a lot of those great cybersecurity practices and have a lot of different layers of security. Ultimately, the weakest link of security is the human factor. The employee is the weakest link in the chain of cybersecurity. I’m not sure if the article meant that one specific employee but in general, the human factor is the weakest link in the cybersecurity stack. That’s where education comes in.

[bctt tweet=”Craft a vision of a service you want to deliver to your clients or customers.” username=””]

What type of activity will the readers do to get an understanding of where those threats are coming from and how they are entering their data with your systems?

The most common thing can be a phishing email or phone call even. They go on a phishing expedition. We can put all different layers of security in place. If a certain email comes in and there are no suspicious links or no bad attachment, it’s playing on simple texts like asking you to go out there and buy gift cards. There are no links in there sending you to bad websites and no attachments with viruses. It’s asking you to do a certain activity.

The user needs to be smart and educated. The user needs to know the common behaviors of the CEO or even look at them from address to match things up. Those types of emails can sometimes slip through all the different layers of security, make it to your inbox, and you can still fall for it. You still spend the money and become a victim of cyber fraud.

I had a story where at a certain time, there was a CEO fraud where someone got into my email. They were monitoring stuff and saw, based on my calendar, a certain day or two, and I’m going to be out of the office. They communicated with one of my bookkeepers about making a wire transfer. It was a $17,000 wire transfer. They created filters and stuff that I shouldn’t see back and forth. At one point, I was getting back to the office, and I saw a letter from Chase that a wire was initiated.

I didn’t recognize the name. I came in and went to the bookkeeper and asked her about it. She says, “What do you mean? You told me to do it. You told me it’s about this and this client. We right away saw it. It was a very difficult situation because it was initiated manually. It wasn’t like a fraud but luckily, I was able to get back the money from Chase. At that time, I sent out an email to my Let’s Talk Business community, knowing that this exists. I’ve got over 40 people responding that had similar situations.

To top it off, the one that stood out was somebody who said, “I was able to save it at the last minute.” He asked me why. It’s because the email started with, “Kindly wire.” My manager never says, “Kindly wire.” On your point, it’s a very valid point. If you see anything out of the ordinary with communication, rather proceed with caution and verify it saying, “Maybe they used a different language or they misspelled my name.”

Language is a big thing. You mentioned the “kindly” part. I had a very similar situation with a client. The email says, “I’m in a meeting. Please text me.” The guy never texts. He hates texts. He never responds to texts. It’s knowing the personality, the person, and seeing these social cues that are off.

Let’s say people are starting a new company, what is it that you are advising? Does everybody have to have an IT professional creating, having managed solutions or at certain points, if there’s somebody coming in the get-go setting it up? You mentioned before to not set up and forget it. What advice do you give? What are the signals the person needs to know that at least once a year or every few months to update it? What are the criteria that you would advise readers?

For brand new startup companies, they are trying to save every dollar. Hiring an IT company, a managed service provider is probably not going to be a great thing. Any established managed service provider has its minimum monthly spends, and it may not be very feasible. You can probably have advising and consulting time to get you on your feet and make sure that you are set up properly.

At least your initial accounts are set up and created. I believe it makes more sense for companies that have above five employees. Things are moving, and they are relying on technology. You are growing, turning over money, and things are making more sense for that. It becomes more affordable to hire a managed service provider.

There are some basic things that you can do on your own without the help of an IT professional. You can make sure that all of your accounts start from bank accounts all the way down to simpler accounts, you want to enable two-factor authentication. Two-factor is set up. You want to use a password manager to help you keep track of your passwords and generate those passwords.

LTB 98 | Cybersecurity
Cybersecurity: Every business needs to have a financial package. Businesses need to have inventory or tools that they use to serve their clients. But if you’re going to be hit by a cyber-attack, then you risk losing all that information.

Instead of reusing the same 2 or 3 passwords with some slight variations everywhere you go and every single website, you want to get used to using a password manager that will generate those passwords for you, and then save them for you, so you don’t have to remember them. It will pop it in for you whenever you visit the site. You can have a mobile app, so you will have it on your cell phone as well. You can have it with you wherever you go.

It reminds me also of a story. I had this client that got an email that their computer got hacked. The hacker gained access to the webcam and was able to watch the activity that they were doing on the computer. To gain credibility and make the person believe them, he shared the user’s password with them. That email became valid, “This is a real email. The guy knows what he’s talking about. I better pay him so he doesn’t extort me and send me emails to my whole contact list.” The reality is he did not hack your computer. The way he got that password, which was your real password, was from the dark web.

Your credentials, sometimes credit card information, personal identities, many things ended up on the dark web but the way these things end up on the dark web is because people reuse their passwords everywhere. Big websites get hacked all the time. These hackers get this huge cache of this huge database full of usernames and passwords. They dump it on the dark web, and that’s made available to all the criminals and whatnot.

They can do whatever they want with it. In most cases, your email address is your username, and that password will unlock many doors because it’s being reused everywhere. That’s how they get the password but it’s bad practice. Once they gain access to that combination, the username, and password, they can unlock many doors. They will start with your email, bank account, and the more important things.

Another thing that I could mention for our readers. A lot of times, you have freelancers or somebody that will be a part-time employee. All of a sudden, immediately, you have to share with them a bunch of passwords. A lot of softwares are now online and cloud-based. I needed to focus. That’s also vulnerability because now you are releasing your passwords. Maybe you are working remotely using a password manager or sometimes you give them access to the password manager, and you can lock them out. As soon as they are done with their work, nothing works. They don’t even see the actual password.

There are two ways to handle working with freelancers. Number one is using a password manager. You can share the password with them without giving them the ability to see the password. They have the password, can log into the different resources but can never see the actual password. You can do that only with a password manager. The second thing you want to do for freelancers is that many systems and cloud-based systems will give you the ability to adjust permissions. Instead of giving them access to anything, and they can do whatever they want, you can limit those permissions and get more granular, so they don’t have all the keys.

Let’s talk about another part, which is ransomware. We read about it and see it a lot. People say that the whole Bitcoin and space were created for those people. There’s no track of what they are requesting. Tell us a little bit more about what are those different trends that you see happening. How should people deal with it if they encounter something like that and maybe they do not have the proper security in place?

Ransomware definitely is the number one threat. The statistics are crazy. I tell people that ransomware is like a motorcycle driver. There are two types of drivers. One that fell and one who is going to fall. That’s the same thing with the cyber threats. People see that you’ve got hacked and learn from it or you are going to get hacked. It’s inevitable. The best defense for getting hit with a ransom is having solid backups. Backups don’t mean that you see it on your credit card statement.

That doesn’t mean that you have backups. Backups mean that somebody is watching it, and you are testing those backups. Backups are the number one defense for ransomware but the thing is that ransomware is no longer only about holding you ransom. Sometimes it depends on what you’ve got hit by but sometimes they will copy your information and then threaten to publish and release it. That is a far bigger threat.

You can restore from a backup and call it a day. If they threatened to release all that information, it could be confidential information from clients, vendors or your books. It can mean a lot of different things, depending on your industry, those are serious threats. You need to hire cybersecurity professionals that can come in here and secure your network. They can scan your network for vulnerabilities. There are different things that you can implement. I’m going to do a little shameless plug over here, and this is exactly what we do.

When we get involved in your network, we install software on all the machines and computers on the servers. We monitor every computer, the servers, and the network. We implemented the backups and watched those backups. With the proper monitoring software and toolset, you can see any hacking attempts and stop them on their tracks. You can make sure that the firewall is configured correctly and there’s no public access to the outside.

[bctt tweet=”Cyber security is just getting worse and worse. Threats are getting more and more real.” username=””]

When you have a single vendor that you work with, a single IT company, and any changes to the environment, go through them. You don’t have a bunch of cooks in the kitchen. You don’t have one guy doing one thing and leaving the door open. The other guy is doing another thing. You have one vendor following a set of rules and making sure that you are never exposed.

The most important part that you shared is where you started, which is the mindset. People think, “Everything is okay.” Unfortunately, by the time something happens at that point, looking back and you say, “In retrospect, I should have done this and that.” For our readers, if you run a company, it’s important to ask the questions, “What do we have for backup? What do we have for cybersecurity? What do we have to alert us for those emails that come in?” It might be getting information out of our people and so on. The mindset is the most important part.

You don’t have to get into developing the technicals but rely on professionals, for somebody like you, to do the job. Ultimately, the most important part is knowing that how important it is. People sometimes ask, “Why should I pay for it?” It’s almost like insurance. You would have fire insurance only for that 1%, 5% or 10% chance you might have a fire but you still know that you need to have it. To a certain degree, this could bring down your company on all these levels that we discussed.

Sixty percent of companies that get hit by a cyberattack close their door. If they don’t have proper things in place, they can’t recover and end up closing their doors within a year. That’s not my statistic. I didn’t make that up.

I want to speak about a very specific topic. You are running a company that has all the different cylinders in marketing, building a team, hiring and so on. I want to speak a little bit about something that I feel you could shed some light on, so to speak for our readers, which is, of the day you are in the IT space. There is proactiveness but also reactiveness, which is, “Something happened. I’ve got to come in and have to fix it.”

Work-life balance is something that business owners are constantly speaking of. I create my boundaries around when I work, how I work and what I do. In your case, you need to be available. How do you build yourself a long-term scalable model when at the core of the product and the service is, we’ve got to be available?

The nature of my business is that a lot of work needs to get done after business hours because we can’t disrupt the company and take them down. I pride myself on this a little bit. From when I launched my company until now, and we have grown rapidly. The growth is beautiful, it’s that I’m home every day no later than 7:30, and so are all my technicians. It’s not that, “I’m the boss. I get to go home.”

Our business hours are 8:30 AM to 6:00 PM, and very rarely do we need to stay later. The business owners understand that we have a life, too. It’s a little bit of a give and take. If we need to restart a server, we can ask the businesses if we can do this may be at 5:30, and get a little bit of an early start. To answer your question is that I’m home every day no later than 7:30, and I’m very proud of that.

What are the different pieces that you are doing to be able to attract the proper people? Hiring is now in the mindset of every business owner. Companies are hiring. What are you doing in your vetting process to make sure that that person is the right fit for somebody in your company?

That process also evolved over time. To attract proper people has been a journey for me, too. It has been a learning experience for me, too, because being an employer was new to me. It still is new to me. I’m still learning new things every single day but I am focusing a lot on attitude and personality. Make sure that their heart and mind are in the right place because skills can be taught.

Personality rarely can be changed, especially in adults. It’s finding somebody with the passion, drive, and reason behind it for what he’s doing and why he’s doing it. Make sure that those things are in the right place. Also, they require some skills. Doctors and law firms need lawyers but you don’t need the best lawyers and doctors. Those things can grow over time.

LTB 98 | Cybersecurity
Cybersecurity: The very first thing you want to make sure is you have backups and those backups need to get tested at least once a month. If something bad happens, it’s going to be there for you in case you need it.

When I launched my company, I launched it with a very mature mindset from day one. I’m in my infancy. It’s a brand-new company. When I launched it, there were no WhatsApp, text messaging or cell phone numbers. I had an office number right away. Still now, very few of my clients have my cell phone number, and the ones that have my cell phone number know not to use it. If they do, I cannot guarantee my response time. I may or may not forget about the request because it’s not in my ticketing system.

When I launched my company, nobody had my cell phone number. Everything was going through a proper ticketing system, which is essential for IT companies. Everything was going through my office phone number, which we guarantee is always answered live during business hours. When the phones go off at 5:00 or 6:00, that’s it. The day is over.

My clients know and respect that. If there’s an emergency, we have an emergency number. We are available because we are an IT company. We can’t disappear and, “I will see you tomorrow morning.” It’s because I put that structure in place, the clients respect it. They see it, and that’s why I’m able to go home at 7:30 every night.

There are certain expectations but mainly, you create the rules and the expectations. For instance, I can’t remember how many times people will tell me when I tell them to call me. They will say, “But you never pick up the phone.” I would say, “Do I call you back?” When I met with you, did they see me picking up phones from somebody else? When we meet, I have to give you full attention. There are people that if I called them twice and didn’t pick up the phone, I’m calling 911 because something happened because they always picked up the phone. They are doing it to everybody.

While they are speaking to you, they are also picking up the phone. If you set up your company that way, maybe you will pick up, and that’s how you want to do business. If you are customer service, you better pick up phones. If you start up a company, I’m building my ticketing system like this. We could see our response time and if we took care of it.

How many times would somebody call ten times, checking on the status of a ticket because there is no ticketing system? There’s only calling on the cell phone, “I will get to it sooner or later.” You are creating the rules. You have to create your services. Sometimes people will say, “My service needs to be different.”

You can make a decision. Do you want that person as a client? Eighty percent, I would say, will adapt to the way you operate as long as you explained to them that you are doing it to their advantage. They want to play by your rules but you need to be able to explain that you are doing it for their advantage. We want to run a good company and have great mindsets. We know what we are doing, how the process is, what’s next or the priority. Everything is a crying wolf. Everything is important. We can’t prioritize it, then the most important thing gets forgotten or left on the list.

That’s an important point when you speak to business owners. I remember one of the services we do is we have this latest one where we teach business owners how to work on the business versus in the business. I could say 70% of people when I spoke to them about the latest one, the first question is, “Why don’t you do it on the weekend? I cannot see myself taking a day of my week to come for this.” Eighty percent of the people who come say the first best step in this process is they were able to schedule a day out of the office to work on the business. Why should you work on the weekend to work on your business? If you are doing customer service, you’ve got to be available.

If you have 5, 6, 7, 8, 10, 15 people in your company, the business ownerships should not be able to take a day off to work on the business. I’m not even speaking about vacation. That’s a separate conversation. To work on the business, you are doing something wrong. A lot of it is structures. I appreciate you mentioning it because it’s important for business owners to hear, and a business owner reading this and cannot do it, start with a few hours of the day.

Maybe you can’t do it from the start. You can’t just hit the reset but maybe create yourself zones, some time out in your calendar, time blocks, and start there. See how effective it is, and then you start building out of it. This has been great. We have been chatting for quite some time. Let me ask you a final question. What is the most rewarding part of your job?

My compensation is working out. That’s good. I did design and build my company that I am able to step away for a day. I went to Florida for a day out. I was able to disappear for a day and a half, and the company continued running the way it should. That’s definitely rewarding but it’s not for everybody. Not everybody gets to enjoy that. It depends on what type of groundwork you put down there. For me, that’s it. I’m very serious and committed to my company. I feel guilty goofing off in the middle of the day but that’s me. Other business owners may have the freedom of schedule and do whatever they want. That’s not personal for me.

Where could people find out more about you?

[bctt tweet=”Educating users is critical in avoiding cyber-attacks.” username=””]

You can find me on Google. We are on page 1 of Google. If you type in IT support Brooklyn, NYC, we will be there on the first page organically.

If people want to reach out to you directly, are you active on LinkedIn?

We are active on LinkedIn. Our website, CompuConnect.it. I do want to finish one last thing. I will make an offer to the readers. We usually charge upwards of $1,000 for this but I will make an offer to the readers that you can get a free cybersecurity penetration test of your network. This penetration test doesn’t mean that we are going to sit here and try to hack your network. This is a scan that we can run inside of your network that will tell you and show you your exact security posture. Given the current systems and security you have in place, and paying for or not paying for, this, we will show you exactly, whether or not we were able to defeat that or download a virus or whatnot.

Whatever we uncover during the scan is protected by a Nondisclosure Agreement, NDA. It won’t go public. We are sworn to privacy. We are happy to share the results with you. You can take it back to your IT vendor, so they can go and fix them. We usually almost all the time find something or you can give us an opportunity to earn your business. The link is CompuConnect.it/cyber-threat-assessment.

This is very thoughtful and appreciated. It’s always good. If you have a mindset of understanding why you need to focus on this and why it’s important, there is always anything you could do to enhance that. I advise the readers to take advantage of this. Let’s close with a few rapid-fire questions. Number one, a book that changed your life?

It’s Traction.

We had Gino Wickman on the show. He is a phenomenal guest. I encourage everybody to read that episode. Number two, a piece of advice you’ve got that you never forget.

Everybody in the company is essential, not just the Operations Manager, the CEO or the receptionist. Every single person in the company is important. The analogy he gave me was, what’s more important, the engine in the car or the nuts that hold the tire on the vehicle? They are both equally important because the car cannot move anywhere if you don’t have those lug nuts. With the lug nuts, there’s no engine, you can’t move. That’s every person on the team is essential. Everybody has their role, and it changes the way you look at everybody, not a low-level employee or high-level employee. Every employee is essential.

The analogy that I use is, have you seen a kid create a puzzle, and one piece is missing? They don’t care where that piece is missing. They are going to go bonkers because every piece is important. Number three, anything you wish you could go back and do differently for your company?

LTB 98 | Cybersecurity
Cybersecurity: The user needs to be smart and educated. With split through all the different layers of security, you can make it to your inbox and you can still fall for it.

I have no regrets.

Fifty percent of our guests say no, so you passed the 50% mark. The final question is, what’s still on your bucket list to achieve?

I have some aggressive growth, some revenue, and business goals that I want to achieve.

Yiddy, thank you so much for joining us. I know your time is valuable. That is why in the name of our readers, we will forever be grateful for sharing some of your time with us.

Thank you for having me.

It’s my pleasure.