Visit Page
Skip to content

Episode 60: Edafio shares IT and Cyber Security lessons to help you deal with Covid-19

Spread the Ozark love

Transcript: IANWA 60 Edafio Shares IT and Cyber Security Lessons To Help You Deal With Covid-19 Full

Duration: 53:22

It's time for another episode of I am Northwest Arkansas. The podcast covering the intersection of business, culture, entrepreneurship, and life in general here in the Ozarks. Whether you were considering a move to this area or trying to learn more about the place you call home, we've got something special for you. Without further ado, here's our fearless host, Randy Wilburn.

Randy Wilburn [0:44] Hey folks, and welcome back to a special episode of I am Northwest Arkansas. I'm your host Randy Wilburn. And you know it's special when I bring somebody back for a second discussion, but unfortunately, I wish it were under better conditions as we are all currently dealing with the specter of the coronavirus looming over, not just the United States but it has blanketed the world and so many people are, you know, up in arms and really, honestly fearful about what's going on and what's happening. And I have actually reached out to a lot of different professionals in Northwest Arkansas that provide all kinds of services to see how can we, as consumers as this small business owners, as medium-sized business owners, as large business owners, how can we protect ourselves in light of everything else that's going on? And so, I actually asked the folks from Edafio Technology Partners. I don't know if you remember Kenny Kinley, who is the CEO and president of Edafio. Kenny came on the episode a little while back here on I am Northwest Arkansas and really shared the vision of the company, and you know they are not just a technology service provider; they do quite a bit in the area of IT specifically. But then they cover everything with regard to cybersecurity, they deal with the cloud as a whole and just having a better understanding of how businesses and individuals can use the cloud. But I spoke to these guys the other day, and I said, you know, we should probably do an episode where we talk about just where things are right now. The state of affairs and, you know, they came up with some really good ideas in terms of ways that businesses can help protect themselves and their customers and their employees for that matter. And also, you know, how are we going to deal with things from a social distancing perspective, everybody's got to be six feet away from each other. So, it's kind of hard to go into certain office environments and work, you know, shoulder to shoulder with your colleagues. And so these folks at Edafio have been doing this for years and have quite a bit of experience under their belt and so I asked, Will Smothers I asked Angel Button and I also asked Sam Grubb before you think it or ask he's no relation to the Grubs Restaurant Empire. I already asked him about that. But that's just a joke. But seriously, I asked these guys to come on and just share with us just a little bit about what they're experiencing on the front lines of Information Technology and Network Operations and Cybersecurity and everything that's going on. And I just appreciate you guys coming on. I know it's a long-winded intro, but how are you guys doing? Great.

Guests [3:29] Yeah, good. Hey, awesome. Awesome. That's great. Okay,

Randy Wilburn [3:33] Well, we are going to kind of move it around and rotate around and just kind of share with the audience. But we had, you know, lately, I know that I shared some information that your team shared with me, Melissa Swan, who's your Director of Marketing, shared some information about how you know this whole Covid-19 outbreak has really created a large demand for infinite service, AT&T, Comcast, so many others they're actually removing data caps, temporarily at least. And they're increasing speeds and some are even offering free service. So, I'd love for you, first of all, just to speak about that, because that speaks specifically to access and what people need, especially businesses. I don't know, Wil if you want to start with that.

Will Smothers[4:18] Sure, I'd be happy to. So, you know, obviously during the Covid-19 and the social distancing, and all the new regulations that have been put into place, as well as a lot of the curfews and things of that nature. It has not only put a strain on businesses, but it's also putting strain on families and specifically families in rural areas such as Arkansas, that may or may not have access to good internet or maybe don't have the internet at all. So, there's a number of companies out there that are providing for the next 60 days or so, free to low-cost Internet service. They're offering free Wi-Fi services at all their hotspots across the nation. And a lot of those are offering especially if you have students, whether they be in public schools, private schools or in colleges. Consumer Reports has got a great website that has a list of all of these service providers. Obviously, not every single one of them, but a large number of the major national chain folks who are offering this. So, I would recommend just doing a quick Google search for consumer reports, ISP Corona Pandemic and it should come up right away and scroll down about halfway through the page and you'll start seeing the list of all the providers who are offering free and low-cost services and what those are and what they're doing.

Additionally, on top of service providers, there are also things like utilities that are suspending claims right there. They're suspending late fees. They're not going to cancel service if you're unable to pay during these time periods, because so many people work for hourly wages, things of that nature. So, it seems that a lot of the businesses throughout the country are really coming together to help alleviate some of the problems that the common Americans are going to be dealing with throughout the next couple of months.

Randy Wilburn [6:26] Yeah. And, and so and I know I got a list of them. And we will put a list of all of this in the show notes because I think people will want to know where to go. And I think that information is valuable. So, what are you guys hearing? I mean, you guys are on the front line so you're hearing from firms that are saying, Oh, my God, you know, we now have to send everybody home. Did you guys kind of create a punch list that firms need to have before they start sending their people home so that they can remote work because not everybody does remote work, right. In some verticals, that's like heresy. Nowadays it's like, okay, it's just the status quo, right? Everybody wants to.. like before it was like well, I don't think I want to homeschool my kids now everybody wants to homeschool their kids and the same thing with working. It wasn't I don't want to work from home was I can't work from home. Now businesses are forcing you to work from home in a lot of instances. So what are your recommendations for companies that are now that are finally faced with this and it's almost like they're being arm twisted by, you know, rules and laws that the government is now placing on us and saying that, hey, you know, you're going to have some shelter in place? I have a family member that's out in the Bay Area. They can't go anywhere for like three or four weeks. I mean, outside of just normal runs. So, what are your thoughts about that or what would your recommendations be?

Will Smothers [7:51] I mean, I think that's a great thing to start talking about. Obviously, working from home or working remotely has been around for 15 years. But even today, only about 30% of all employees can or have the capability of working from home actually do it. Now that maybe because of pressure from their company and maybe for other reasons, you know, laptops we talked about a moment ago laughter, broadband internet, things of that nature. However, today, we're really being forced to do that and people just don't know how to do it. I have been very fortunate and several other folks on the call as well. I've been very fortunate to work for some very large companies who embraced remote connectivity and remote working. And the folks that I have seen who have either worked with me or for me, who have been really, really successful in this take working from home just like they do, working in the office, right.

So, they get up in the morning, they take a shower, they get dressed, and they commute from their shower or their bedroom to their home office, wherever that may be. It's a dedicated space; maybe it's a corner of your kitchen. Maybe it is an actual home office, but they commute there, they close the door or they put up Do Not Disturb sign. And they work. And that's what they do all day. They work all day on whatever their project may be, whatever their tasks maybe, that is their job. And they treat it just like they would if they're in the office.

The biggest drawback in the early days, and we kind of overcome a lot of these hurdles was feeling isolated. You know, I'm here all day by myself working by myself, I get home or the rest of my family gets home and they want to socially interact, and I'm just writing I don't, I don't want to do it. So obviously, we have lots of tools available to us today to do that, video conferencing and video calling. Those are all massive new tools that allow folks to be able to feel more connected. Reach out to someone say hey, I'm having a problem, can you take a look at this with me and collaborate on a document or whatever they may be able to be working on. We at Edafio, we have a number of those tools in our toolkit to help companies with that. But we really like teams and it's a nice utility that has a lot of hooks and ties into the other standard office productivity suites that everyone is used to the Word, PowerPoint, Excel, Outlook. It ties in with all of those, makes it really easy to use. And you don't necessarily have to be an Office 365 subscriber to use them.

There is a free version of teams that is very, very useful that Microsoft is basically giving everyone access to, especially during this time away. If you use Microsoft utilities, it's a very intuitive tool. So that's a great kind of, I don't want to say punch list, but kind of some guidelines to be successful working from home. Obviously, you're going to have some distractions, kids, dog's spouse, significant other, whatever the case may be. And so, having that space to yourself that you can kind of close yourself there helps isolate you from some of that distraction.

Many of the companies we work with, and many companies that are out there today already have the infrastructure in place to allow their employees to work remotely. The problem is, most of them have not done it at scale. So, they maybe are set up to allow one or two of their employees to work remotely. But now we're talking about taking 90% of their workforce and sending them home, 90% plus. So, they're not set for that they're not scaled for it. Obviously, Edafio, that's kind of right in our wheelhouse. That's what we can help them do. We can help them get ready for that, or if they're already in the midst of it, we can help make them more efficient, make your things work a little bit better. And it's not necessarily just leveraging things, traditional things like virtual private networks or VPNs, right? It's taking a look at how your business works and trying to get you the best solution as quickly as possible to keep you up and running and efficient. What I mean by that is, you may be using traditional file shares inside of your business, right? Everybody connects to a server and pulls the file off and works on it. Well, you may not be able to do that very efficiently when you're working remotely at scale. You may have to leverage software as a service technology like SharePoint or Microsoft OneDrive, or Dropbox, or you know, any of the other number of file sharing solutions that are out there. So, we don't try to take a one size fits all approach. We're going to help you understand what can we do quickly, and what is the right thing for you and your business to make sure we keep your people working and keep you productive, and we keep you being profitable.

Randy Wilburn [13:05] So I think the key that I heard and everything that you said. You really laid it out nicely is that if you don't take a cookie-cutter approach to address this problem, so one business owner down the street with 30 employees, and another business owner up the street, they're both friends, he might have 50 employees, they might have totally different needs when it comes to VPN when it comes to software as a service and so, you are able to quickly look at that and make some recommendations about the easiest way for them to get things set up.

Will Smothers [13:39] Sure, and that I think that's a capsule, it's very nicely (inaudible 13:43). You know, to your point, you may have two businesses side by side, they're the same size but you know, one's a doctor's office and the other one is a Kwik E-Mart; two totally different needs. One has to deal with (inaudible 13:55) it, but the other one has to deal with credit cards PCI compliant and (inaudible 13:59). You're absolutely right.

Randy Wilburn [14:01] Yeah. And I'm glad you brought up doctors offices, because I know that's actually one of the niches that you serve; that's a big market. When you came up here from Central Arkansas, to Rogers, you had done a lot of work with accountants and other firms, and then you had done a lot of work in the healthcare space. How is what's happening with Covad-19 going to impact you guys, in terms of, you know, the solutions that you're going to need to provide for your clients, given everything that's going on? I'm just imagining that the system is only going to be overrun with just a lot of new people. Right. I mean, you know, you got to drive through clinics now and everything. So how are you guys able to address that?

Will Smothers [14:39] Yeah, that's a great question, and it really brings up and brings into light the whole issue of working remotely. I mean, in reality, because you do have to drive through clinics that have to deal with HIPAA compliance. And so, you've got to be able to give them a secure solution for that where the patient feels like their privacy matters. But you're giving them the folks who are working with the ability to get the information they need to help that patient adequately. And so we will definitely need to take a look at those types of situations and help them figure out hey, do you need to be using a software as a service electronic medical records or, how can we get you access in that remote location to your electronic medical records that sit in your doctor's office as opposed to up in the cloud. Maybe that maybe VPN is the right solution. Maybe accessing it through some type of web interface is more efficient. But the big thing for us is making sure that those healthcare professionals have what they need to get their job done, because right now, having served military for 11 years, they're on the front lines, right. They're kind of the infantry right now. Those are the guys and girls who are dealing with the brunt of this problem and those folks can't work from home. They don't have the luxury that the rest of us do. They are dealing with it every day, they're exposed to it every day, and they can't necessarily take time off to help them. So, our goal is to make them efficient, keep them productive and healthy, so that they can continue to help the rest of us out.

Sam Grubb [16:28] And if I can jump in here, this is Sam, just want to add in there, you know, Wil mentions to the compliance piece of it, the HIPAA and part of what we also want to make sure is that when they are implementing these solutions, or they move to you know, there's a lot of telehealth, if you will, where, you know, I know that University of Arkansas medical system is offering screenings via online sessions so making sure that those answer any of those compliance questions that they might have. We have security and healthcare consultants that can answer those questions really quickly so that if they have a question about you know, how does OCR which regulates all this stuff, how are they dealing with this? How are they going to look at this? What do they want you to do for these sorts of things? We can quickly answer those.

Randy Wilburn [17:29] Yeah, I listened to that this morning. I was listening to something and then I kind of pushed out that information because UAMS was putting that information out there. And then on top of that childrens also put out a call-in telehealth line if you suspect that your child may have the coronavirus and I think it's just important that people know that. I will be sure to put that information in the show notes because I have a sneaking suspicion that the website and those phone numbers are going to be in use 24-7 for several days and weeks ahead, so I will definitely share that out. Absolutely.

So and just to give Will a little bit of a break because he's been talking a lot, then certainly why don't we have Sam and Angel jump in a little bit, and I know Sam, you and I talked and Angel too. We talked a little bit about another issue that's come up with this whole pandemic is that people are going to be taken advantage of. And we talked about phishing and the importance of that and I would love for you guys because you deal with cyberattacks on a regular basis. And I sometimes think if it doesn't happen to us, it's kind of out of sight out of mind. But cyberattack is a real thing and businesses need to protect themselves from cyberattacks. They can be financial loss because of a cyberattack, and they can also be lawsuits because of cyberattacks. So absolutely, there are a multitude of issues there and I would love for you just to kind of speak about that from both from the business perspective, and then we will end and we'll get to the individuals and how they may be able to protect themselves.

Sam Grubb [19:17] Sure, absolutely. So yeah, just what you were saying there's a lot of exploitation that goes on with any sort of major event like this whether it be you know, a cybersecurity attack or somebody selling toilet paper for $50 a pop on Facebook marketplace, I mean, a wide Gambit there. But I think the big thing is that from a business perspective, what we see here is that there's a normal level of vulnerability that any business has to social engineering attacks. And when we say social engineering, mainly we're talking about phishing, which is when somebody sends you an email, they're trying to get you to click a link, enter information, they're pretending to be somebody you know, your CEO or co-worker or somebody you do business with. They're just trying to get information or access to your credentials, get you to download malware so that they can further exploit you. And that's a normal everyday vulnerability you're going to be dealing with that all the time.

But when we have something like this epidemic, the issue is that there is so much thought process, emotional energy, that your employees will have around that event, that a phishing email becomes even more dangerous. You know, with a good phishing email, I have to do some research- I had to figure out what your business is who I'm sending it to, the old adage which whenever I bring up, I used to do cybersecurity teaching, and whenever I would bring up phishing, inevitably, someone would be like, Oh yeah, the Nigerian prince scam. We all know that. You know the old I'm a Nigerian prince, I've a million dollars, just send me a bank account number, I will give you the money. And that's really not what phishing is anymore. Those sorts of things don't work, because everyone knows about them.

And so, they have to do research, they have to really personalize it, and they will take the time to do that; attackers will take the time to do that. But with something like this, they don't have to do that. They can use the common knowledge, the stuff that's going on in the world that they know everyone knows about, and use that as their attack point. So, we've been seeing all sorts of examples of Covid related emails that are going out. One of the big ones is CDC, and World Health Organization bulletins. So, you'll get an email and it looks like it's a bulletin from the CDC or World Health Organization that says, hey, we have some new updates about the Coronavirus, click here to find out about them. Really easy, you know, people are interested in this, they want to know they have some panic behind it some anxiety behind it and so they'll click without even thinking, why is the CDC directly emailing me? That seems a little weird, right?

We also see a lot of things that are exploiting people's financial situation, insurance companies, or fake insurance coverage, an email saying, hey, you know, in order to be covered for any Corona related expenses, you need to click here and enter your information right and they'll grab information that way or get you to click a link to download malware. Looking at things like college students receiving emails about closings or other things you know, there are emails talking about company policy and this could really especially hit people who are, you know, I'm losing my words here, but wage earners, you know, work an hourly salary; that's what I was thinking of. Because you know, they may receive an email to their personal account that says, hey, if you are a wage earner click here, this is a government program to, you know, give you some relief. [and they're already desperate for cash as it is. Exactly right]

You know, these attackers, they don't care. They're despicable in my mind. And we're not seeing this just in email; we're seeing this across all sorts of different things, android apps, I'm not sure if we've seen we've seen Android apps. I'm not sure if we specifically have seen iPhone apps, but it's a very real possibility of virus tracking. So, you want to see you know what, how the infection is affecting your city, maybe even down to the neighborhood, right? And I'm using that loosely because these don't do anything; they're just exploiting your system.

We've also seen malware kits that are used to create web pages, and they look really good. I mean, they've got a nice map of the world. There are all these little red circles; it looks like something out of a movie like contagion or something like that. But they are using known exploits and things like Java to download malware onto your system when you go to that website. And organizations, cybercriminals that started selling these kits for $200 to $700. So not a high price point to create your own sort of Corona malware kit that you can then use to try to exploit people.

And the thing that we really worry about is again, hitting those people that are really desperate, especially things for you know, diapers, formula, baby food. I have a toddler right now who drinks a gallon of milk a day, it seems. And so, if I'm seeing something that comes in that says something about milk coupons or milk shortage or something like that, I'm more likely to click. So, you know, that's kind of getting from high level, you know, you're gonna have things coming into your business, about insurance about time off, about policy and going down to the more personal things about money for yourself and supplies and these sorts of things.

Randy Wilburn [25:26] Yeah. And so, you know, to add to this, what would you say to, I'm a small business owner, I've got a bunch of employees, what would you say to our team if we brought you in to say, hi, what can we do to protect ourselves from it, outside of just being very cautious to read and re-read and triple read the information that's coming through. Because a lot of times, it's just the little things like misspellings and things that should be capitalized aren't and, you know, most businesses that put any kind of information out to their customer or client base takes pains, great pains to put things out without a lot of clerical errors. And that's probably like the first sign, but what would you say?

Sam Grubb [26:07] To your point, yes, that's true. But even now, you know, clerical errors, apparently these hackers have gone to school and read some grammar books because they're doing really well at spelling things correctly and that sort of stuff. So, the real thing is to protect yourself technically, as well as you know, just in the way that you do business. Thus, the big thing is making sure that you have strong passwords that you're putting in place, never share your password. Never enter any credential unless you absolutely trust where you're entering it into. And honestly, the biggest thing for us when it comes to this phishing stuff is enabling multifactor authentication. Yeah, if you can, and you know, it is something that is an extra feature that may cost additional money but there's a lot of places to where you can get multifactor where you can, you know, it's not necessarily a pain point in terms of prices, you might think. And it really, really, really helps when it comes to these phishing attacks because it's so much more difficult for them to get access to that second factor of authentication than it is for them to get a password.

Randy Wilburn [27:26] Can you just for the audience, just give them in layman's terms, the best understanding of multifactor so they get it. Because I totally hear what you're saying, everything I do is multifactor, but it's a pain, but I just want people to have a better understanding of it.

Sam Grubb [27:40] Yeah, absolutely. So, multifactor is where usually you have your password, username, password. So, let's take Microsoft 365 for example since it's a product a lot of people are familiar with. You type in your username; you type in your password, you hit enter. At that point, it's going to ask you if you want to use your multifactor if you want to get a verification code usually by phone number or email. So that's your second factor, that's the multifactor part. So, it will text a code to your phone or send an email with a code in there and you have to enter that code in order to get access right. So, it's again very hard for the hacker to get access to both your phone and your password at the same time in order to get that code.

Now it's not impossible, not going to say that this will solve all your problems but your most basic level of attacks that are going out there are going to be thoroughly mitigated by this. So, and then, you want for a small business like this, you want to make sure that you have your antivirus installed, right? That you have that up to date, you have all your patches and stuff, especially if you're taking your device home for these long periods of time, so you want to make sure that you're still routinely checking and updating those definitions and those patches. And then from the IT, you know, this is more for a mid to large tier organization, but on the IT side, you want to emphasize checking login activity a lot more than you might normally, especially these remote sessions. And geolocation is going to be critical here as well. Nobody is going to be logging in from China or any other country; we're not moving. So, we should all be logging in from a very distinct small location so if you're seeing logins that are coming from areas outside of where you know your employees are, then that's obviously a big red flag that there's some sort of compromise. So, these sorts of things will really keep you safe. And then on keeping your awareness side anything that has Covad in it is immediately suspicious, anything at all. Even if it comes from your CEO, even if it comes from your cube mate who's your best friend that you've known for ten years, it should all be suspicious. You just need to make sure when you're checking these emails, the first thing you can do is you can hover over the name and see where the email actually came from. Sometimes there is a name that pops up like Sam Grubb, and you're like, oh, that's Sam Grubb, but then the email address is, you know IT at whatever, whatever, weird hacker domain.com, right. And so, checking those things, making sure that it's actually coming from an email that you recognize and that sort of stuff. Angels or other things you want to add,

Angel Button [30:49] And I probably would add in there for mid to large size companies that we should also look at strengthening, and we'll probably stick to that more 40365. But you need like an email firewall that is doing your frontline analysis on the attachments, sandboxing it, evaluating it. You're phishing the links are part of a threat feed already finish showing that it's malicious so that kind of intelligence beforehand where it's blocking or quarantine again is important as well.

Randy Wilburn [31:24] And it sounds like I mean, between what you guys are talking about, one of the easiest points of entry for a hacker, for somebody, phishing is through email because that information gets in there. And then, unfortunately, if somebody clicks, what happens then? What do we do if somebody has clicked on something and then realize, oh, my gosh? Whatever I clicked into is Pandora's box, how do you deal with it then? Are we screwed at that point, or is there still hope for us?

Angel Button [31:56] Sam, if you want, I'll do the personal aspect part of that, and then you could do what you do if you're part of the business?

So, for personal, I mean, if you believe you've entered your credentials from a suspicious link, it's important to immediately change your password using a strong password; there's not a variation in any way shape or form with any part of your old password. So, if your old password was Angel button one, which please don't ever do that, it should never be Angel Button two. If you have to open up a book, you know, in random page and look up some part of the words there and pick that for your password, that's fine, that's random, but don't you change the Button one. And then, of course, implement multifactor authentication. If it's not enabled for personal accounts, I have not run across an account where I couldn't enable that for free. So, it's worth doing a little bit of research to find out how to do it. If you've downloaded a suspicious attachment from an email, it's always recommended to disconnect your device from the internet and take it to a professional to have it checked for malware. You can also change your email password using another device and if you're using that password for any other account, which we definitely don't recommend, but if you are, change your password on all the accounts as well. And then I would implement a password manager go ahead and find one there's LastPass; there's a whole list of different choices you can get them installed on your phone and use that to store all your passwords in the future.

Randy Wilburn [33:40] Yeah, I use LastPass personally, and I love it because the passwords that it creates, I'm like there's like nobody that would figure this out ever; and I can't even remember it. So, I mean it's just I mean there's definitely a level of security there and I have not been thankful, knock on wood, have not been attacked because I have that I've been very careful about that. But multifactor authentication is, to me the way to go. And I think even if people have just been loathed to use it because it is an extra step. Trust me when I say this as a victim of identity theft, that extra step is well worth it.

Angel Button [34:18] Absolutely. There are some password managers and LastPass, I haven't played around with like recently, but I wonder if it doesn't have it, where it's also monitoring you on the dark web to see if you're coming up in any of the breaches; if your password combination is and it notifies you as well.

Randy Wilburn [34:38] Yeah, I've noticed that with some companies that provide credit monitoring and actually the company that I use and I think LastPass has a portion of that that does keep track of my information because I have been notified a few times. But since my last big identity theft experience, I have not had anything nearly as bad as some of the stuff I hear from other people so, I just think there is nothing wrong with being cautious and making sure that you definitely put some systems in place. And even if you have to spend a little bit of money, the amount of sanity that that provides and just security is well worth it.

Sam Grubb [35:24] I know that a lot of the password managers also have family features. So if you are hesitant to use it on your personal account, because you know that you have a grandparent or wife who may be using a service like Netflix or something like that, there's a family feature where you can share those passwords out so that they will have access to them as well.

Randy Wilburn [35:45] When I was putting our will together, I actually put a password key that you can create, in case something happens to somebody in the family because I know people's fear is, oh, I create this password then if something to me, my spouse or whomever, they don't have access to get any of that. So, you can pretty much do that nowadays with all of these services, even with Facebook, if something were to happen to you and you want somebody to, because of your social media profile, all that other stuff exists out there. So, you want to give people access to it if they need to either close those things down or close them up in a proper way. And so, it's certainly want to try to take advantage of that and understand that a lot of these safeguards have been put in place to address issues that you know, you hope they would never come up, but if they do, you can deal with.

Sam Grubb [36:37] Yeah, absolutely. From a business perspective about clicking a link, the big thing is that we want to limit what sort of activity that person whoever access that account is able to do. So, again, changing the password on the account if you hear from a user that they've clicked the link, changing that password checking the login activity. But then also making sure to check across multiple users likely that if one person received the email more than one person received it, doing some message tracing in order to see who received that email and looking to see if there's any other additional activity from the user that click the account. So, did they set up inbox rules, is a big one. Did they, you know, set up any sort of account allocation, allowing other people to access their account. These sorts of things that attackers will use in order to try to remain persistent in the account. And then, you know, again enabling multifactor is always good after something like this has happened. Yeah, Angel, you want to add some stuff,

Angel Button [38:07] (Inaudible 38:07) are good for a role, as mentioned. Any kind of forwards going to be deleted, any kind of forwards going to your RSS feed was another little trick that they do. They also will start replying to emails as they've sent out an email from your account; thats another thing they will start doing, another phishing campaign, and they'll start replying back to tell people to open it. If they question it, you have to look for that kind of activity. I'm trying to think there was something else that they do that we kind of watch for. That just slipped my mind that comes back to me; I will let you know.

Randy Wilburn [38:48] And then I guess one of the big things is that if this does happen to you, and I work at a firm, I need to report this to somebody. Who should I report this to? Because I might be embarrassed that this happened to me, but it happens to a lot of people. So how do we encourage people to step up and say, hey, let somebody know right away? Because not only will it impact you, but it can start to impact everybody else on your team?

Angel Button [39:13] Absolutely. The issue with that (inaudible 39:18) to community and credentials, so they're going to log into your account, and they tend to sleep on it for a while and stay within your account, and they start collecting information. Then they will send out an email and start a lateral movement, right? So, it will start from your account, and they will send out emails legitimately to other people within the company and outside of the company, coming from a legitimate account, which is yourself. And then they're going to enter those credentials. So, if you're concerned that you've entered your credentials, and it's suspicious, definitely talk to anyone in your IT department if you don't have a security department and let them know. And they can research it further for you.

Randy Wilburn [39:57] Yeah. Now with Edafio, do you guys have it set up where a client would just have their people just contact you directly? Or is there kind of like a layer before they actually get to you?

Sam Grubb [40:14] That really just depends on how the client interacts with us and what services we provide. So, we offer incident response services. So, if you have your own internal IT department, and you know, there is an incident and you're looking at it, and you're thinking, we really don't know where to go. Even if you understand, you know, from a technical aspect, what's going on, there's a lot of things about management, communication, you know, additional threats, compliance, these sorts of things that you might have to deal with. And we're experts in that so we can handle a lot of these management processes in report writing and all this other stuff, to really get a handle on that incident and then, of course, you know so that you can contact us directly. And then, you know, we also offer as an MSP, we have, you know, Help Desk support services that we provide. And in that case, you know, those Help Desk support services also pass things along to us, that we, you know, look at to see if there's any sort of security incident that needs to be investigated.

Randy Wilburn [41:25] Okay, and then you guys

Angel Button [41:26] There is one quote that I had found on Edafios site or a document that I'd read recently that kind of hit it. It hit for me what Edafio does for small and large businesses, since a wise person once said, you do not drown in by falling in the water you drown by staying there. So, our job is to be the lifeguards when our clients fall into the water. So, I thought that was a really good quote to kind of establish what we at Edafio do for our clients.

Randy Wilburn [42:00] I love that, and people are going to fall into the water. I mean, these issues are going to come up, phishing is going to happen, it's not going to go away as long as people are out there looking to take advantage of other people. And then on top of everything else, there's always going to be, whether it's the coronavirus or Covid-19 right now, or something else in the future, there's always going to be something that is going to technically threaten the backbone and infrastructure of the technology that you need to run your business. And you're always going to need somebody like Edafio to help you out in that case, just so that you can weather the storm. And also, just sometimes it's just good to have somebody to tell you that hey, everything's gonna be okay. We got you and we will fix it. So, you know, I'm sure that's a relief when that comes out of your mouths, Will or Angel or Sam. I'm sure that folks really, really like that, so.

Sam Grubb [43:03] The big thing is that you know, when we look at something like this, we try to figure out what is not only how to find the incident, contain the incident, but then what is best for the business, you know? How are we going to help you in order to still meet whatever objectives you need to meet, still have the best for your employees and that sort of stuff; you know, we consider these things. It's not just, okay, well, we're, you know, we're just looking at this one small thing; we look at the whole picture.

Randy Wilburn [43:57] All right. Well, I appreciate that. We have run quite a bit here; there is a lot of really great information that I can't wait to share with our audience. And I have a lot of small business owners that are listeners of I am Northwest Arkansas and others, but just to finally closeout. Angel, Will Sam, do you have any final last words and Angel, I will let you go first. Since we didn't let you go first before, I will let you go first. Now I apologize about that.

Angel Button [44:30] That's fine. I guess the biggest lesson or the thing I can say as you know, in our lifetime, we're going to click that link, we're going to download that attachment. And instead of trying to hide that, please share that information as quickly as possible so that people that are experienced in this can go and fix it. It is very hard to figure out if it's a legitimate email or a phishing email these days; they're just they're really good at it. But you just make sure that you share, and you don't try to hide it and understand that 95% of breaches come from phishing emails. So, we're aware of that. Thank you.

Randy Wilburn [45:15] Yeah. Thank you, Sam!

Sam Grubb [45:20] Yeah, I would just say that you know, be thinking about this sort of stuff and be thinking about the risks and threats that you as a company have, especially when we have all of the events that are happening, as we talked about. This is not something that you could just put off as a company, no matter how big your organization is, no matter what your organization does. You need to have people thinking about this. And the big thing too is that it's everyone's job. It's not just an IT person's job. It's not just if you have a chief of information security, it's not their job. It's everyone from the CEO down to the intern. Everyone's job is security and everyone needs to be thinking about threats at their level. So..

Randy Wilburn [46:17] Yeah, I like that. I like that. Okay. And last but not least, Will, you have something to add?

Will Smothers [46:26] I think Angel and Sam covered it pretty well. Just remember, you know, no matter what size business you are, if you're concerned, if you're worried, if you've got a problem, feel free to reach out to us even if you're not our customer. We will do our best to help you however we can and try to allay your fears and get you guys in a good spot to be able to continue your business and make sure that in these trying times, you don't become a statistic. You're able to continue to doing business well after April, May (inaudible 47:00).

Randy Wilburn [47:02] And that's part of the reason why I'm doing these (inaudible 47:05) just to get on top of, you know, people's fear factor if you will. I appreciate you guys coming on such short notice just to kind of provide some expertise and really get into the weeds of what it is that you guys do on a regular basis that so many of us look at and say, oh my god that's just so beyond my understanding that I don't know what to do, I'm just gonna stick my head in the ground. And so, you guys are there to kind of help people through these situations and these tough times. And so, I really appreciate you sharing your experience and understanding and certainly anybody listening to this if IT doesn't stand for Information Technology in your book, then you need to give Edafio a call. You need to understand what it is all about. If you run a small business and you've kind of have a patchwork of computers connected together and you don't know what a VPN is, you need to contact these guys because I'm sure they can help you to even have a couple of small things that will put you on the straight and narrow path to protecting your organization, protecting your company and even protecting your clients. So, I certainly want to encourage you to do that. And I really appreciate you guys just sharing some personal items that can help the average individual and I'm gonna kind of parse these out and share some of this information anecdotally because I think it would be very helpful for anyone, anybody listening to it, whether you're in Northwest Arkansas, or beyond, we could all stand to protect ourselves a little better from a cybersecurity perspective.

So, thank you guys all so much, Will, Sam, Angel. I really appreciate it. And a big shout out to Melissa Swan, the Marketing Director at Edafio for pulling this all together. And that's pretty much all I have. I hope you guys have a great day.

48:55

Thank you. Thanks for having me. I really appreciate it.

Randy Wilburn [48:58] No problem. Well, folks there you have it another episode of I am Northwest Arkansas. I'm your host, Randy Wilburn. And as I said, I don't know whether you're listening to this sometimes, right after it was recorded, or if you even listen to the six months from now, we will have gone through a very difficult and serious time. And it's good to have friends. It's good to know people and to be able to get good quality information. And that's what we're trying to provide here at I am Northwest Arkansas. So, again, I really appreciate the folks from Edafio coming on such short notice to share their expertise and understanding of things that can honestly be a little bit scary. And we'll get through this folks; we're all as I'd like to say I could create a little moniker the other day NWA strong. So that's going to be our new moniker. I mean, every part of the country has to find something to attach to. And I'm just saying that because of the resiliency of the people of the Ozarks and how we figure out a way to come together and unite will be better because of this situation. And not weaker because of it. So that's all I have for today. I will see you with a new episode very soon. Take care.

IANWA Close

50:10

We hope you enjoyed this episode of I am Northwest Arkansas. Check us out each and every week available anywhere that great podcasts can be found for show notes for more information on becoming against visit I am Northwest arkansas.com. We'll see you next week on I am Northwest Arkansas

About the Show:

Back in episode 52 of I am Northwest Arkansas we sat down with CEO and President Kenny Kinley with Edafio Technology Partners.  Edafio, a Greek word meaning ‘passage” or “pathway,” was founded in 2001.

This time we had a few of the other experts at Edafio join us to help with the Coronavirus/Covid-19 Pandemic. Will Smothers, Angeline Button, and Sam Grubb walk us through the IT challenges that businesses can face during the pandemic, how to make sure that you are immune to Phishing Attacks, and how to keep your IT sanity on a personal and professional level.  

You don’t want to miss this episode and definitely check out all of the cool free reference links below.  

Listen to this podcast and read the transcript (Coming Soon) to learn more.

If this podcast episode resonates with you please let us know by commenting below or by dropping us an email. We appreciate each and every listener of this podcast. 

 All of this and more on this episode of I am Northwest Arkansas.   

Important Links and Mentions on the Show*:

*Note: some of the resources mentioned may be affiliate links. This means we get paid a commission (at no extra cost to you) if you use that link to make a purchase.

This episode is sponsored by:

Email info@iamnorthwestarkansas.com to learn more about sponsorship opportunities.

Connect more with I am Northwest Arkansas:

Thank you for listening to this episode of the I am Northwest Arkansas podcast. We showcase businesses, culture, entrepreneurship, and the lives of everyday people making Northwest Arkansas what it is today. Please consider making a one-time donation to our production team through PayPal to help with the expenses of keeping this podcast running smoothly https://www.paypal.me/encouragebuildgrow