icon-folder-black Security Services Agencies CyberSecurity

Raffi Jamgotchian - Triadanet, Security Essentials

icon-calendar 2021-10-28 | icon-microphone 1h 7m 4s Listening Time | icon-user Joseph Ianni
prop-wrapper
Resource-map

378,491+ Stores Are Selling Big With
Debutify. What About Yours?

Debutify takes guessing out of the equation. Build a
high-converting store with confidence.

INCREASE MY SALES NOW

Today's episode with Raffi Jamgotchian of Triadanet delves into security, a new topic for us on the program but don't let that stop you from considering it's importance. If you value something, you protect it, it's hard to think of an example where that's not the case. We talk about the varying degrees by which companies both big and small can be attacked, what are some absolute musts in terms of your own security an what you can do today to be careful, hint, it involves your password.

As the son of a mainframe programmer, Raffi Jamgotchian has been around computers since the age of seven. In the fall of 2008, Raffi founded Triada Networks with his wife Aline to help independent financial services firms deal with cybersecurity, compliance, and technology. Raffi is a member of the US Secret Service Cyberfraud Task Force, the NY chapter of the FBI’s Infragard, VP of the Cybersecurity Community and a member of the CompTIA ISAO subject matter expert.

⭐️YOUR SMALL BUSINESS NEEDS DEPENDABLE SECURITY AND IT SERVICES!

πŸ‘‰TRIADA NETWORKS

Struggling with conversions, or building a new store? Explode your sales tonight, with Debutify — the highest-converting FREE theme.

βœ… Blazing fast       

βœ… Sales add-ons  

βœ… 24/7 Support

βœ… Start Free 14-day Trial πŸ‘‰ https://bit.ly/2Rcz0hF

βœ… Subscribe to Debutify on YouTube πŸ‘‰ https://bit.ly/2DO7YKI

βœ… Listen to Debutify Podcast on Youtube πŸ‘‰https://bit.ly/3CPVew2

πŸ’Έ FREE MENTORING GROUP

Get answers to all your e-commerce questions from Ricky Hayes, 8-figure entrepreneur!

βœ… Join Ecom Dropshipping Masterminds here πŸ‘‰ https://bit.ly/32dHCLC

πŸ“© FOLLOW DEBUTIFY ON SOCIAL MEDIA

πŸ”Ά Instagram: https://bit.ly/2Zn9WJn

πŸ”Ά Pinterest: https://bit.ly/32cLso4

πŸ”Ά Facebook: https://bit.ly/3jT4dmy

πŸ”Ά LinkedIn: https://bit.ly/3m0Vfpj

πŸ”Ά TikTok: https://bit.ly/2R6Edb1

πŸ”Ά YouTube: https://bit.ly/2DO7YKI

πŸ’Ή FREE CONTENT: GROW YOUR SALES

⭐ Free 14-day Trial: https://bit.ly/3bNgru3

⭐ Read the Debutify blog: https://bit.ly/2FgGRIC

πŸ—£SEND US YOUR FEEDBACK

πŸ‘‰ https://feedback.debutify.com/

🀝 JOIN THE DEBUTIFY TEAM

πŸ‘‰ https://debutify.com/career

β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬

πŸŽ™οΈ Want To Be A Guest On Debutify Youtube Channel Or Podcast?

If you wish to be part of our channel, we are looking for influencers, known figures, to interview. If this is you, please apply here πŸ‘‰ https://go.oncehub.com/DebutifyPodcast

β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬

DISCLAIMER: Any advice I give is solely based on my own experience and research. There is no guarantee as there are many variables that will impact your success. Everything stated should be taken as opinion.

DISCLAIMER: Links included in this description might be affiliate links. If you purchase a product or service with the links provided there may be affiliate links. Thanks for supporting the Debutify channel and company, DEBUTIFY CORP.

β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬β–¬

Tags: #Debutify #triadanet #raffijamgotchian #cybersecurity #security #IT

[00:00:00] Raffi Jamgotchian: From a consumer of those services, I wouldn't say the best we can do, we have to start being open to asking questions before we just pull out our checkbooks or credit cards and start buying services. Whether that's your domain provider and say, hey, how are you protecting my information? Ask that question.

What is it that they're doing? Are they, have they been audited by a third party?

[00:00:27] Joseph: Today's episode with Raffi Jamgotchian of Triada Net, delves into security. A new topic for us on the program, but don't let that stop you from considering it's importance. If you value something, you protect it. That's human nature. It's hard to think of an example where that's not the case. We talk about the varying degrees, by which companies both big and small can be compromised, what are some absolute musts in terms of your own security and what you can do today to be more careful, and it's gonna involve your password. 

Raffi Jamgotchian, it is good to have it here in Ecomonics. How are you doing today? How are you? 

Great. Thank you for having me, Joseph. Appreciate it. 

I'm happy to have you here. Uh, you have, uh, you have a pretty beautiful setting I have to say. Um, I'm, I'm a big fan of a mahogany is definitely one. I call it, I would want to pay my background and okay. I had to get that out of my system. I apologize. I'm happy to have you here today because we're going to cover some stuff that we don't get to cover too often on the show.

And so this is a great opportunity for us to learn more about something that, and I'm sure you would support me on this is, arguably an essential component to running a healthy online business. And it's going to be about security. Before we, we dive in and we, and we explore this space, uh, as much as we can in the next hour, first thing we gotta do is tell us what you do and what you're up to these days. 

[00:01:43] Raffi Jamgotchian: Yeah. So Triada Networks is our, is our company. We started it in 2008. We help small businesses, uh, with their IT needs, but more importantly, how to reduce risks around cybersecurity and other, uh, other things so that their businesses can be more resilient to events that take place and they will take place.

It's not a matter ofif but when. 

[00:02:07] Joseph: And you've seen your fair share of wins I imagine. 

[00:02:09] Raffi Jamgotchian: I've seen fair shares of my wins. Yeah, certainly. Uh, it's probably one of the reasons why I have so many gray hairs. 

[00:02:16] Joseph: Well, uh, speaking as someone I'm not keeping track or anything, but the 11 that I have so far are that they've got to account for something.

And I haven't, I haven't had my win yet, so there's plenty of reasons why they happen. Uh, so it started in 2008, so, you've definitely been in this for, uh, for a fair amount of time. And the way I like to ask the question about, you know, agencies and services, uh, such as triada networks is when it was starting what problem were you identifying in specific that was going unsolved? I'm imagining that there are other businesses in this space in that time.

[00:02:54] Raffi Jamgotchian: Yeah, certainly. I mean, you're, we're, we're based right outside New York city and you can shake a stick and you'll hit another IT or cybersecurity firm here. So, uh, there's definitely plenty of people doing what we're doing, uh, at various levels.

So, uh, prior to 2008, I was working at an investment firm in, uh, cybersecurity and, uh, And the downfall of the, uh, financial crisis, uh, in the middle of that in 2008, a number of folks started breaking off of these large institutions and starting their own investment funds. And, uh, many of them were folks that I had been working with and they came out to us and say, Hey, we're starting our own fund.

We have no clue what to do when it comes to protecting ourselves and making sure our businesses are compliant with regulations. Uh, and that's how we started. That was the birth of, of Triada. It was to really fulfill that need of initially those investment firms. Uh, and then we expanded from there. I mean, we focused primarily on financial services companies, but we're not exclusive to that.

Um, we have a number of companies that are both in retail and, and, uh, and the B2B, uh, e-commerce space. So ends up becoming a kind of a holistic view of really helping small companies that don't have the staff, don't have the expertise to really, uh, put things in place to make their risks go down.

[00:04:17] Joseph: I've been trying my, my way as an entrepreneur for, for quite some time in, in different respects.

Um, you know, at the very, very, very beginning when I would try to do stuff online, it was, uh, in, in, in arts trying to set up my own web comic. And I, and I would use GoDaddy, uh, both for the domain and the web hosting. And I, I still use them for some services to this day, but I've expanded outwards and, and there was something that stuck out to me cause they would do their, their routine phone calls every, I don't know, six months or something like that, just to check in and see how we're doing, see what upgrades we need.

And one of the, these conversations, the one that stuck out the most is when they were saying that I had to pay for security upgrade. And it was the first time that they had to told me about this. And I, and I remember thinking, well, hold on a second. I wasn't paying for this before. And then all of a sudden, this is added cost now.

And, and this says, well, you know, times are changing things, a lot of things are going online. So this is becoming a larger expense. And I, and I walked away from that wondering, and I'm still wondering to this day, which brings me to the question that I have for you is so, you know, we have our domain providers, you have the, um, service providers say like Shopify, for instance, with, and this is Shopify country is from your perspective, how much, um, responsibility are these service providers supposed to be taking and providing security for the customers compared to how much responsibility the user such as myself should be taking?

[00:05:40] Raffi Jamgotchian: That's an awesome question. If anything, the past couple of weeks, or even the last few months have taught us, is that nobody in our supply chains are at you know, immune to getting breached whether that's a provider like Shopify or go daddy or, or what have you.

And, um, although most of the breaches are due to somebody, uh, effectively, uh, letting the bad actor in. It's not exclusive to that. So, you know, let's take, you know, the most recent one was only a week ago with, uh, with a company called Kaseya. So, uh, with Kaseya they are a provider of software that is used by internal it teams, as well as, uh, companies like ourselves.

And, uh, they weren't necessarily breached, but a flaw in the software allowed an attacker in, um, one of the effects of that was you know, in Europe, there was a, uh, point of sale vendor that was using that, that tool and result of that 800 stores, uh, were shut down. So is it the fault of the it provider?

Is it the fault of the software vendor? Is it the fault of it? It's, it's really nobody. These are all victims of the same, the same problem. Um, we all can do things that improve ourselves. So from a, from a consumer of those services, I wouldn't say the best we can do, we have to start being open to asking questions before we just pull out our checkbooks or our credit cards and start buying a services, whether that's a, your domain provider.

Um, and say, Hey, how are you protecting my information? Ask that question. What is it that they're doing? Are they, have they been audited by a third party? Um, you know, when was the last time you had a security flaw and what, how fast did you patch it? Um, these are all legitimate questions. You're going to be spending your hard-earned money, uh, on the services.

They should be giving you those, uh, that information. So that's at least the first place to start then from your own ability to work with those threes companies. You have a log-in with GoDaddy. GoDaddy does a decent job about, uh, protecting your identity and your, your, your logging information through support pins and things like that.

Um, but they all can do better, uh, turn on multifactor, wherever you can, which means when you log in, you get a token code either, um, uh, pop-up on your phone or a text message was it's not as good, but you know, it's better than nothing this way. If somebody does get a copy of your password, uh, that they, uh, you at least will see if somebody is trying to get in from another location and prevent that.

So these are all little bits that we can start doing to not only protect ourselves, um, uh, but as well, uh, protect, uh, our clients and our clients. 

[00:08:44] Joseph: Yeah. And I think a lot of it also has to do with getting into good habit routines, uh, not to dissembler too, you know, uh, brushing your teeth and flossing and using mouthwash.

I, so I think over time, people have to be conditioned to, um, take more of these precautions. So not too long ago, um, there was, uh, there was credit card fraud on my account and I noticed it because, you know, my eyes glued to the phone most throughout most of the day. So, so I looked at my phone, I was like, wait a minute.

I didn't buy anything at Walmart lately. So I, and I, and I try to deal with it right away and, and it's canceled. And the silver lining in it is that it was a great way to like cancel a bunch of subscriptions. Like the ones that I actually wanted to continue. I moved on to the new credit card and not a bunch of other ones like, Hey, we ever heard from you in a while, don't you want your next electric toothbrush?

I'm like, actually, no, I still have six in storage so I'm actually pretty good. So, so that would actually worked out pretty well for me, but I still don't want to deal with it again. And when I started doing. You know, I was thinking, okay, where do they get me? Maybe they got me online through putting in my information.

So I really need to think about, you know, where, where I make these purchases, which I guess ties into some of the issues that customers have is that they want to go onto a smaller businesses. They want to go on the Shopify stores and they want to make these purchases, but they don't have that, that same peace of mind.

And I think that there's this at least as a minimum requirement for it to say, you know, trust is security and compliance and all of that, but we see that basically every time. Uh, and so the other thing I tried to do physically was like, every time I pull up my credit cards to make a purchase in person, I would hide it.

Like I would keep it close to my chest just to, in case somebody was happening to get the visual of it. And I, and I, and I do that to this day. Unfortunately, it was like a too late situation, you know, the habits had to come after the fact. So there there's a bunch of challenges here. And so the first one that I want to, uh, get to, uh, above all else is how you've been able to, you know, get people into these good conditions into these good habits before they've had to learn the hard way.

[00:10:39] Raffi Jamgotchian: Yeah. That's a tricky one. Uh, you know, alarm sales go up after our house break-ins, right? Uh, it's either, it's either your house or at your neighbor's house. And that's sometimes hard, you know, unfortunately you have to have a hard lesson sometimes. Um, and it, but you know, each one of these things is a lesson.

You may be, you may think you're doing everything correct. Uh, and then you, something else happens and you find another piece of your armor that you need to patch up a little bit and, and every time you do this, it's a learning. It's having the things in place to be able to identify that you had an issue, um, and then put the process in place and how to recover from that issue.

All those things are, are as equally important as an equally important as preventing from the issue from happening to begin with. I had the same issue as you did. Uh, I think I traced it back to a gas station that, uh, that card, uh, then try to, uh, spend money on, uh, uh, things at Walmart. And then we were able. 

 

Cause they can go in and out real quickly.

They do a quick charge. If it goes through, if it works, then they, they, they try something bigger, like a TV. That's usually the pattern. Um, liquor stores. Is there another one? Uh, that seems to at least occur to my, um, when my cards get thing, uh, most recently it happened to my wife. We were on a vacation at the time.

Uh, all of a sudden we get a call from capital one saying, Hey, your credit, we need some more information to pour putting up your credit card. My wife was not applying to prep a loan for a credit card. Uh, then we got home and there was a, uh, uh, a, uh, a debit card from a credit union sitting in our house.

So somebody had opened up a bank account, actually put money in my wife's name, uh, so that they could do whatever it happens and it's very easy to happen. And we, we, we forget all the different times that we lose track of when we submit something, a piece of paper of form in a store, it seems to happen more often than the physical world than the online word, honestly.

But, you know, obviously the online world is getting, uh, um, is as easy to, to commit fraud. Um, the fraud part is the, uh, it, you know, you know, we, so in the, in the networking world, we, what we do is we segment, uh, processes and we segment, uh, things from so that they don't affect each other. And what we did in our own business, for example, uh, when it came to credit cards is we started splitting the credit cards out.

So we had multiple credit cards. Uh, we use some things for our monthly. I wouldn't have had the same experience you did. Unfortunately. Uh, we separated our monthly expenses from our, uh, our incidentals this way. If our incidental car, which was out in the wild gets dinged, we didn't have to go through every vendor and have to reset a reset what accounts were being used. We'd do the same thing in the online world. Uh, we still do the, we do the same thing from, it comes to cybersecurity. We, we, uh, we compartmentalize so that it doesn't affect the rest of the, uh, uh, the rest of the business. When a submarine has a leak, they're able to close the doors around that leak so that the submarine can still be viable.

And the businesses, the same idea this way. Uh, the name of the game is really resilience. Uh, not necessarily complete another prevention, cause that's not a, that's not possible. 

[00:14:12] Joseph: Yeah. It seems like it's an arms race and that no matter how, what security protocols can be in place, the, the, the bad actors, which just find some other way to subvert it and then it, and then it goes on indefinitely.

Yeah. From outside. Yeah. So one method there that you mentioned, uh, expenses versus incidentals is I think a great takeaway, um, because my conventional wisdom even going into this conversation is to, you know, you have one car separate for business expenses, and then you have another card for personal expenses.

But I, it never really occurred to me that a lot of these subscriptions can be done on a single card. And that card never has to leave the house. It just stays in a drawer. It's doing its job, no problem. And then something else I, a little, a little, a little closer to, if I may, a little closer to a burner card, something that okay.

It, like you said, if it does get lost and somebody else takes it, somebody gets a photo of it. Uh, someone was a little too close to me behind me when I'm ordering coffee. Okay. All of a sudden it goes, and then all of a sudden we don't have all of these, uh, all this other mess that we have to pick up. I also have to say there's a bit of a, of a, of a reality check there because, you know, hearing from your perspective and the, uh, incidents that have affected you and affected your wife.

No, one's really immune from this. I mean, you are in security around it. 

[00:15:31] Raffi Jamgotchian: That's exactly my point. Um, you know, we can do a lot of things and there'll be a lot of software and tools and monitoring and what have you, but at the end of the day, um, we still have to connect to the rest of the world, uh, with these things, uh, you know, whether it's credit cards, bank information, et cetera, you know, keeping tabs on your credit statements, keeping tabs on your, uh, your own account, uh, information, uh, you know, we recommend everybody should lock their credit reports with, uh, with the, with the credit bureaus, um, to, uh, to ensure that less, um, you know, and again, so here was a, here is a mistake on our end, right?

I had done that for my own, uh, from my own account, but we hadn't done that for my wife. And so, uh, and that was that that's where the, uh, the flaw was in our, in our, uh, in our armaments, so to speak. Um, and so you, you, you learn from that and you, you make adjustments and you move forward. 

[00:16:31] Joseph: We covered some of these expenses versus incidentals multifactor authentication is you said, um, with the, with the credit bureau.

Um, and, and that was, uh, all tying into one of the questions I wanted to make sure I asked, which is at least basics, you know, guidelines, advice that we recommend, um, I'm in service to my audience, to the average Shopify seller with the business owners should have, should be doing. Um, but I think also too, you know, the online user as well, um, should also be bearing in mind and I, and you don't have to retread the ones that you said, but I also want them to make sure that we covered any other important ones to. 

[00:17:08] Raffi Jamgotchian: Yeah, no. And, and, you know, my, uh, you know, my son has a, a, an online shop as well. Uh, so, you know, we talk about this a lot. Um, the, the, you need to make, you know, a couple things, uh, if you're, if you're connecting into sensitive accounts, like your bank and, you know, don't do it in the public, it's not just so shoulder surfing, uh, somebody looking over your shoulder, looking at what you're doing.

Um, you could be in a coffee shop and, uh, and somebody could be snooping on your, on your traffic or, or tricking you to, to go into another, uh, another, you know, wireless access point that, that they stood up and not the one that you expect to connect to. So, you know, do those things from home, uh, use a VPN.

I use the VPN wherever I am, including in my own office. Um, my internet service provider doesn't need to know, uh, what websites I'm going to, uh, you know, they obviously want to monetize that aspect of it. That's how they keep their costs down. Um, but, uh, there's no reason for them to, to, uh, to need to know all those connections.

So I, I, you know, use a reputable of VPN provider. Um, certainly, uh, use different passwords for your, your accounts. Uh, your bank account should not be your LinkedIn account should not be your Shopify account. Um, make those passwords different and make them long and very hard to guess. And if it's hard to remember for you, that's good.

Don't write it down, put it in a password manager, put in a password wall. Uh, and, uh, you know, that, that way that's, uh, you don't even have to think about what the password is and you leak it out somewhere, reuse it. Um, password stuffing is one of the major ways that, uh, e-commerce sites, uh, get broken into other than security flaws.

Um, make sure your, if you're running your own, you know, if you're not using a service provider like Shopify and you're running your own Magento site or WordPress site or something like that, you gotta keep it up to date. So that's on you. You have to make sure that all the patches are installed, that all the updates are, and you're following the best practices when it comes to managing a server.

And if you can't, if you don't have the skill set to do that, and can't afford to hire someone. It's a lot cheaper to go to a service provider like Shopify and have that stood up for yourself rather than dealing with yourself. So that's, that's my, uh, my 2 cents there. And then, uh, and then we talked about multifactor authentication update, you know, put that in everywhere you can, your bank, your, your online accounts, your email, uh, again, your email is one of these things where like, oh, I don't have any information.

That's important in my email, but you know, when you go to a website, you need to reset your password. Where does that reset? Um, most of the time it goes to your email. So if somebody gets a hold of your email account, chances are, they're going to be able to get into your other accounts too. So it's very important to make sure you protect your, your email account as well.

Uh, and then have an alternative form. If a, if you're doing big ticket transactions and people are sending wiring money around and, and you're talking to your suppliers, uh, make sure that. And somebody asking you to wire to a different bank account than you normally do. Um, we see this all the time, this, uh, these, uh, wire fraud, uh, uh, unfortunately, and it's not a technical thing.

It's somebody sends an email or it gets them somehow looks themselves into the email conversation. And next thing you know, uh, you either wired money to the wrong bank account or your client wired money to, uh, uh, to the wrong bank account. And now you're out thousands of dollars. So, uh, those, uh, all the different things, telltale things to, uh, to watch.

[00:20:50] Joseph: Yeah, one thing you mentioned is making passwords, um, uh, difficult to, uh, even for us to remember, uh, I do, uh, once in a while, we'll get those random passwords generated where it's just a random sequence of, uh, of numbers and letters. I'm like, I'm going to use that one. Password stuffing. I hadn't heard, heard of this before.

If I, if I had to refer to guess, not that I have to, but I'm going to anyways, which is that they have a, an AI AI, and that does it just starts randomly trying as many passwords as it can. And it's doing hundreds of thousands of calculations so much so that maybe in a day or two. It'll crack the code. Is that how, how, how close was I?

[00:21:29] Raffi Jamgotchian: Yeah, so that's more like actually cracking a password. If they have a, you know, say you have a, you've gotten a password database and it's encrypted and you're trying to break it. Uh, that's a lot harder to do, but typically what is done is that a malicious actor will, will get a database of passwords from a breach, a public breach.

Uh, unfortunately, easy to obtain, uh, and get, uh, and then, uh, they either buy or free, uh, and then they will use that against other sites. So, uh, which is why you don't want to reuse your password. So they'll, they'll get your downloads, you know, let's say, you know, LinkedIn was breached a couple of years ago, and so there was millions of records on LinkedIn, uh, and very common with people use the LinkedIn passwords also to their office email. And now, uh, now they have access to your office email as well. So that's, that's what I mean by password stuffing or credential stuffing. Um, so that, that's the, uh, the process of, of doing that cracking passwords is a longer and harder process.

And, um, most, most, uh, malicious actors are, are going to take the easiest way, easiest way in, um, and you know, uh, passer cracking is easy when it's short. So that's why you try to make it as pass passwords as long as possible.

[00:23:02] Joseph: So for my audience, I don't bring up my other projects very often, but it's actually relevant in this case. But, um, in a it's like a hobby podcast that I, that I do once in a blue moon. And I spoke to somebody who he works in IT, he was speaking anonymously, so he didn't want to say what company he works for.

But he had said that, you know, one day he gets a phone call from his boss and they're in their company was hacked. Whole thing was shut down. And the sales staff had to keep the business going, uh, manually, um, so much so that I think they brought back the old credit card machines where you have to swipe it.

And I mean, that, that happens. That wasn't the shocking part. The shocking part was when he described the hackers. I think for a lot of people, when they think hacker is they think somebody is just, you know, sitting there in their basement and they got the matrix background going on and, you know, they're wearing the blue light, uh, glasses because they do care about their health.

And I suppose that's true. But the scope of it was shocking to me that he had said that they actually called the, the hackers on the phone and they had a customer service agent pick up and it's like a whole agency and they're picking up all of these different uh, people that, yeah, it's a big business and it took place, I believe in Russia.

And he had also mentioned that like, you know, there was another, uh, another agency that was just recently raided by the mob and they all got gunned down. So there was a lot that goes on here and I bring this up because I would love to know if you can add to this picture in any way, if there's any thing, um, along these lines that has crossed your radar in regards to just the, the magnitude of what these bad actors are up to? 

[00:24:39] Raffi Jamgotchian: They look like legitimate organizations from the outside.

They have, uh, company outings. They do so social skills with each other. Uh, they have different departments, customer services, actually that the big thing, you know, particular with these ransomware actors, uh there's they have great customer service because they want them to get paid.

Uh, they want to help you separate, uh, you from your money. So they want to make it as easy as possible. So they're there to help you. Sometimes they'll even turn around and say, Hey, by the way, you know, now that we got paid, here's some words of advice on how to prevent this from happening again. So they'll actually give you some, uh, some security tips at the, at the end of it.

But yeah, they're, they're, they're, uh, it's big business. Um, and many of them run around in, uh, countries that do not extradite to the west. Uh, and our, uh, the local governments are turn a blind eye because they don't attack their own, uh, our own folks. In fact, many of the, you know, using the Russian, uh, gang example, uh, our evil has been one of the ones that has been in the news a lot lately.

Uh, they were responsible for the, a hack we talked about earlier. They're with the colonial pipeline hack that happened a few months back. Um, it's an affiliate program just like on online services, right. They're not actually doing the hacking. They provide the software, the affiliate actually breaks into the company.

They deploy the are evil software, are able to collect the money and then pays the affiliate a percentage of, uh, for, for as like a finders. Uh, and that's how they all all make money. Um, so they have a robust, uh, Uh, system of, uh, moving money around and, and getting, and then, and then now with this, uh, affiliate business, a way to really expand without necessarily having to, uh, to do, uh, that much more sales.

So. So that's a, that's a, uh, they, they follow the same business practices that many of us do. Uh, they also have the same, sometimes the same flaws that we do, you know, for example, in the colonial pipeline, the affiliate in that case, uh, was a little bit less, uh, mature. And as a result of that, they were able to nab the money back that was, uh, taken by the affiliate, but not from the initial, our evil gang.

Uh, they got their, they got their payday from that, from that one. So there's a lot of that. Uh, and, and the one thing that they do is that if you deploy their malware on a company that has a Russian keyboard, it's not going to run because they see, okay, this is, this is potentially someone in my home country.

If I start hitting on my own, uh, folks, then that's when the police will start knocking on the door. And they're a little bit less nice than, than, uh, than we are when it comes to, uh, those kinds of bad actors when they're caught. 

[00:27:45] Joseph: Before you even go to that question chambered, I think one thing that surprises a lot of people was when they hear that a pipeline was hacked.

Um, just because usually when we think of things that are hacked, we think computers, we think technology and I couldn't even just, I couldn't even guess like how exactly a pipeline gets hacked. And so, uh, as much as I'd love to hear about that, what in specific, I think in a, in a broader perspective, I'm really fascinated by what are things that people don't expect to be hacked that end up getting hacked.

[00:28:16] Raffi Jamgotchian: Yeah. Great question. Uh, when it comes to, uh, you know, anything that anything with a computer or anything that's on the internet, or may have connected to something that was also on the internet, any of those things are open game. So, you know, just to, not to make this, uh, too long. In the case of the colonial pipeline, their actual business systems were hacked, not the actual pipeline, the pipeline shut down because, uh, they couldn't build, uh, so if they couldn't bill for the oil that they were selling, they weren't delivering the oil, they shut the oil down.

However, in the case of the water treatment plant in Tampa, uh, that was the computer that a computer that was hacked that controlled, uh, different chemicals that went into the water. Um, we've had similar things when it came to power systems, the Russians, uh, broke into the power systems and, uh, you, the Ukraine, uh, to shut down a lot of the power grid.

All these things are controlled by computers. And in many cases they're connected online either directly or indirectly, um, our own, you know, um, our own, uh, government uses the same way to break into, uh, you know, other, uh, other farms as well as Stuxnet years ago, um, was here's a, here's a nuclear, uh, enrichment plant in Iran, uh, that was not connected at all to the outside world in any way. Uh, how has that hacked, uh, dropping USB sticks. So somebody grabbed a USB stick, plugged into a computer and inside that network, they call it air gap network because it's not physically connected to something else. And now things, uh, things go bad. Uh, those things can happen to us too.

When you're walking around your next trade show and you're picking up USB sticks, you gotta be careful what's on there. So you never know what, and it may not be the fault of the company. That's distributing them. It could be the, you know, the backend provider that's selling the chotsky or whatever. So there's lots of ways that, uh, folks can do these things and not to make everybody, I want to make everyone a little bit more paranoid, not crazy paranoid, um, just to make sure that they follow, but that's how they get into any, anything with a computing device, you know?

So in that case of that, point of sale system point of sale systems get broken into all the time, whether they're a computer or just have some sort of processing on it. Um, that's a, that's, that's a common, uh, common attack factor now because they're usually smaller computers. They have less power. They're less powerful.

You can't run robust security products on it, even if you want it to. And frequently they're put out in the field and, and never updated medical devices are notorious, uh, for, uh, having problems because of that, because you buy this million dollar machine. It's running software from 10 years ago. You're not going to spend another million dollars just to upgrade the upgrade the version.

[00:31:14] Joseph: Yeah. I think a lot of businesses, they struggle with this because I guess they don't factor it into their business model. You know, it's hard enough that you have overhead, you have product, you have your, your, your, your staff, you have, uh, incidentals, which, um, recency bias and full effect is a term that I'm now using.

Um, and, and so, you know, factoring, I security into this. Is there, I mean, I've wanted, think that it's like case by case or industry by industry. Um, but seeing saw everyone's a target. I don't know how true that is, but what is percentage wise, the ideal budget that accompany is putting into and I'll, I'll put it together. IT and security. If that helps. 

[00:31:56] Raffi Jamgotchian: Yeah. So if you're looking at, uh, of course the consultant answer is it depends. It doesn't depend on, uh, two, I would say mostly two factors. Uh, one is size of the firm and in terms of revenue, uh, as well as, um, as well as the industry and why the size matters in that year, you can think that all right, well, size percentage will take care of the size.

Right? Larger firms can spend a little bit less on security to get the same kind of benefits. But again, also industry also matters a lot to the financial world because we have most experience in there. It tends to be higher. Um, mostly because the numbers that they're dealing with are much, much larger.

It's easier to justify to spend $5 to protect a $50 item versus, uh, uh, you know, spent, um, $70 to protect the $10 item. So you, you, you have to be a little bit pragmatic about, uh, about what your, your approach is there, but, um, the, uh, industry norm right now, and it might be going up, uh, after this past a year or so tends to be between four and 7% of gross revenue, uh, is about where, uh, security should be.

So if. Uh, you know, a million dollar company, uh, you should be thinking about, you know, about $70,000, uh, in, uh, in total it and security as well. Um, so that's kind of the, uh, that's a rough place to start at least. Uh, and then from that, uh, you have to decide what to spend on, right? So, uh, it's, it's, it's, it's good to have a number in your head, um, but it's also important to, you know, be pragmatic about where you invest, um, in your security, in where you need to invest in your security and your IT stack, uh, as well.

[00:33:52] Joseph: This next question that I had this, no psych psych psychology based. Um, and you have to forgive me. I don't know really how fair of a question it is, but I'm just gonna give it a try anyways. Um, because we're speaking about the fact that some of these companies have even a company culture. I just, I lost it as soon as they said that they do company outings and they do team building and the, like, they have probably having an HR department versus the us.

So we've actually getting some harassment reports from music, harassment in these, in these industry. Uh, and I, I, I'm wondering if you've picked up any insights in regards to the psychology of what these bad actors get up to, because there are bad actors and I have no problem saying that. Um, and yet what we've described is are many things that we consider normal that you know, many, many companies do.

So is there, is there anything that we've, we've learned about what is their lot in life, why they're driven into this and why, why they can't get into textiles? 

[00:34:49] Raffi Jamgotchian: Yeah, it's interesting. And I didn't dive into this too much in my, in my, uh, learnings about it, but I've done a decent amount of reading about it.

And most of the time it's it's, and obviously you can see where, um, you know, where in the world, these, uh, these things, uh, shape and, you know, we had, um, for a long time, we had these Nigerian prince scams, right? Somebody sending an email, trying to get, you know, Hey, my uncle died and he, I need to get money out and that kind of thing.

So there was the differences. There is the Nigerian government, uh, really cracked down heavily on that. That actually become one of the, uh, uh, examples of how you can, uh, how you. Um, police your own, uh, your own backyard, whereas in many parts of the Eastern block, uh, that hasn't been the case, whether it's, and it's any country, Russia, Ukraine, Romania, uh, you know, et cetera.

So there's a, it, it comes a little lower, but not everywhere. You know, you have a company like a country, like, uh, uh, like Astonia, um, massive, very small. Um, same came from the same lot in life that all these other company, uh, countries did, but they pushed forward from a country and industry to really push their technology forward.

And they became a very technology. Um, almost a technical powerhouse for the size of the, uh, the country that they are. Uh, these folks don't have a lot of opportunities. And so, uh, whether they were gonna do this or some other criminal, uh, activity, uh, it's hard to say. Um, but it's, it's easy pickings. Um, they have, you know, they have the immunity from their local governments, their local police.

Um, and so then kind of that opening. You know, good people do bad things. Uh, when, uh, when there are no limits, uh, to their imaginations and there are no limits to, uh, to what, uh, to what people will bear on them. And so, as a result of that, they do these things. Um, and, and there we are. Now we deal with that across the board.

I would think that probably in some of these, uh, some of these gangs, many, many of the people that work there are, you know, they're like, well, I'm not doing any, it's a faceless enemy, right? It's, it's those people over there that have, um, Uh, that have money, uh, or, you know, and their, their view of the, uh, of, of us is very, very skewed.

And as a result of that, uh, so why not get a piece of that, you know, um, not understanding necessarily what the damage that they do, and maybe it's very possible that many of the people in the company don't even know that they're doing bad things, that they're just, Hey, they just worked for this company that they go to work every day and, um, they answer phone calls and help people do things.

And what have you, same thing with these, uh, these, uh, scammers that call, uh, you know, I think they know what, that, that, that they're doing. Things are bad because they hang up on me when I play games with them. Um, but you know, you get these calls and saying, I'm calling from the FBI, it's a thick accent.

And they, you know, they're saying, we're going to come arrest you and, and what have you, and they want your social security number over the phone. Um, and, uh, that there, those folks typically, you know, they, they know it, but that's what their lot in life is. You know, they're paying, you're getting paid, you know, 50 cents an hour or whatever to do this because they can't get a different, a different job.

[00:38:21] Joseph: And I guess one thing to add on to it. Um, and I, and I'm not trying to, uh, you know, uh, criticize the us, uh, even though here in Canada, I consider Canada is basically the United States except, you know, wearing a helmet. So, you know, we're in this together. And I think what, what they see is in the west is I think they see a lot of decadence and I think it actually gets to the point where they feel like we deserve to be punished.

And so what they do, what they're doing is causing us harm and they actually feel like it's justified to that extent. 

[00:38:50] Raffi Jamgotchian: I think that, I mean, that's probably a little bit to that. Uh, but if then if you look at some of the, particularly the, the ownership or the, the, the upper echelon of these gangs, these are the folks that are running, uh, you know, driving gold Bugattis and, uh, and have tigers as pets and stuff.

So I'm not sure if the decadence, you know, the decadence kind of goes both ways. And in many cases. 

[00:39:15] Joseph: That's valid. I appreciate your take on that.

Now that Shopify has upgraded to version 2.0, we needed to make sure we were up to speed. So we've released version 4.0 to ensure that we're 100% equipped to take advantage of the 2.0 revolution. If you haven't upgraded your store, head on over. And if you haven't gotten started, now is as good time as any.

We're going to back to the relationship between it and security. And we've definitely been exploring this thread throughout it. And, and I just wanted to make sure that we hammer this home just to make sure that there's any key points that we have to, we have to do that. We do it. So when people think, um, security, they think protecting from threats and when they think it, me even, I'm having a hard time thinking of an equivalent way to simplify the amount of, it's not exactly, um, a fair.

Um, so when, when we talk about the relationship between the two, how much is, uh, IT supporting the security of a company? 

[00:40:17] Raffi Jamgotchian: Yeah, that's a, it's a great question. So, uh, IT and security is really kind of a, a Venn diagram. There's a little bit of overlap in the beat in the middle where they, where they meet.

Um, you know, we, we actually look at it a little bit differently in the sense that, uh, it tends to be a part of the company that provides the business a way to be more efficient, move forward, et cetera. Um, whereas security is really there to reduce risks, uh, ensure things are done in the right way.

And so then, um, parts of, uh, as a result of that, because there's a technology, uh, overlap there, there usually is a, uh, there's some issue with that. In a smaller organization. It's very common to see these two functions together, um, in a larger organization. Uh, in fact, it's mostly recommended that these are independent, um, and even the biggest company.

Uh, chief information security officer will report to the chief information officer. So, you know, take that for, you know, for what it's worth. So what ends up happening in a common scenario, like for example, our company, like we, we, we support companies that have their own IT, or they have another company that is handling their it.

Um, and then we hand we'd become kind of almost a check and balance to the, uh, and then if we see something that we need, that we need, uh, ultimately get fixed, uh, we provide that information for the it staff to actually operationalize it. So you can think about it being the operational arm of security in some ways.

Um, if you're looking at it from that point of view, for us, uh, you know, we, it's a little bit of office and a little bit of defense in the same, in the same team. Um, when, uh, the way we go about it, because we're, there are companies that say, look, I'm pure security. We're not touching it. We're going to work with IT companies and what have you and we played in that game. Um, but we're not exclusive to that because most of our companies or the companies that we work with, there are so small that having two completely different organizations, uh, running they're running this aspect of it doesn't. My colleagues would say I'm wrong here.

So, um, there are so there's different ways to skin that if you do it the right way, what happens is that 10, 10, that if you look at the, if you look at the lowest, I don't want to say lowest being the, like, uh, from a pejorative point of view. But if you look at the, let's say entry-level wrong, uh, positions in both locations, right?

One on the it side, it might be the help desk on the, on the security side, it will be a security analyst. So if you look at these two positions, what's the purpose of a help desk person, help desk person is to help the employee or the person that needs help to do what they need to do to get their work done.

That's that's their job. So whatever, what's the barrier to that stopping you. Open up that barrier security analyst almost has the opposite position. You're trying to get your thing done and something stopping you. There's a reason why that's something is stopping you and having that conversation.

They're like where, what what's going on is this really legitimate things like that? The first question isn't yeah, let me do this for you. Or let me help you out. The first question is, you know, what's going on here? What do we, so, uh, having that personnel, there's a little bit of a personality conflict from a individual personnel point of view.

Um, but ultimately, uh, you know, they're working to do the same thing. Uh, the company can't move forward if they don't have security, company can't move forward if they don't have the proper IT in place. So as a company, we like working in the, uh, it being able to engage. So that security also becomes a little bit of a neighbor and say, look, let's do this.

Let's keep you secure, keep your risks down, but let's do it in a pragmatic way. And allow you to still move forward with your, your business and get to your goals. 

[00:44:32] Joseph: Do you in your line of work, do you experience the equivalent of, of an emergency? Uh, I, I, I get the sense that you do. Like, there are situations where someone is calling you and they're, and they're in a panic and you have to deal with things right away.

Have you, do you encounter that or are you largely successful in your preventative measures? 

[00:44:49] Raffi Jamgotchian: I be afraid to say that we've been largely successful and on preventative measures, because as soon as I say that something else is going to happen, I'm going to say we do a fair amount to try to prevent things from the cost of recovery is much higher than the cost of prevention.

So we try to expand as much as we humanly can, uh, to, uh, for preventative and detective. So those are two different things. One is stopping in and tracks. The other one is identifying something happening when it's actually in the process of happening. So we, we do spend a fair amount of resources and, and those two, and we have been knock on wood successful in that sense.

Uh, however, there is going to be a bleeding neck. Uh, there is going to be hair on fire, uh, and those things happen, whether it's coming in from somebody that currently isn't under our protective dome, uh, or it's some thing, uh, that has fallen outside of our protective dome, you know, somebody who was doing work on their personal computer and, uh, lost.

Didn't have the right protections in place, or for some reason, something got missed. We're all human things happen. Uh, things get missed and, uh, and, and somebody, you know, somebody gets thing. How do you contain that? And how do you, how do you, um, uh, respond to that? Those are the key parts of, uh, of doing that.

And what we do is we actually, uh, we socialize that a lot. We, we, we, uh, we sit down as a team we talk about, okay, what are the, what are some of the threats we've seen out in the wild? Um, what are the things that our clients are talking about? Um, what potentially can we think about in the future that could happen and what would we do if this happens?

And then we document it because what I w what you don't want to do in a panic is trying to figure out what you'd want to do, what you have to do. Um, that's the last thing. You want to be able to have a process that you can follow, uh, with, you know, some leeway obviously, cause every event is a little bit different, but at least if you have a process to follow you, can you, you don't have to panic to try to think about what that process is because the last thing you can think clearly is in a stressful situation. 

[00:47:05] Joseph: And, uh, it just to draw, um, a, a layman as equivalent to that, it's the same thing as fire drills, as you know, knowing what to do in a fire and knowing what to do where the fire extinguisher is, where the exits are, stuff along those. 

[00:47:17] Raffi Jamgotchian: It's why we do fire drills. Right? It's the same idea. This is why we do disaster recovery tests, you know, making sure our backups are in place and that we test our backups is why we do these tabletop exercises. Like, Hey, if this system was breached today or, and we do it for our own internal stuff, if, uh, you know, if the same thing had happened to a Kaseya clients this past week happened to us, uh, with the systems that we use, what would we do?

And so we have that conversation, uh, and then we, we document it in this way. It's like, all right. So where are the gaps in our, on our current processes? Does it make fiscal and business sense to, to plug up that hole. Um, you can't, you know, cars come with a spare tire, they come with one spare tire. They're not really meant to have a two, two tire blowout.

Right. So the, what w so you, you make those decisions to make a, uh, to, to do the pragmatic things, to protect yourself for the greatest amount of risks as you can. 

[00:48:15] Joseph: So you mentioned data and backing things up. And that's, I think that that's another bit that, uh, even, uh, uh, sellers just starting out, uh, might not take into account.

And so, uh, real quick, um, uh, are there any, um, services or websites, um, you know, uh, entry level that people can go to, to, uh, understand how to back things up? Or is it as straightforward as getting the, the, the data downloading and saving it onto an external hard drive and just hanging onto it? Then we can upload it later if we have to? 

[00:48:46] Raffi Jamgotchian: When it comes to data, uh, our match, this is like, this is now like a 25 year thing. So this isn't anything new, but it's a, and it's not, definitely not my idea. It's something that I've heard and I've used it as kind of a, my, our own guideline is that the data doesn't exist in three places that doesn't exist.

And that's three different places. That's your, the data that you're using. So on your computer or whatever, that, the backup of that data that could be next to you, it could be USB drive. And then the third place caught another copy of that data, not in your location, uh, that could be in a physical vault someplace else.

And the old days we used to spend to, you know, this is my, my gray hair kicks in. We used to back up the tape and we take those tapes and put it in a locked box and ship them off site to another location. These days and you just ship it to the cloud. So there's a reason why we have those three. Why not just pack up to the cloud?

Well, it might be faster to recover if you have a local copy of that. Um, but if you just have a local copy of that, uh, and you have a USB drive that's connected to your machine all the time, your backup is going to get dinged too. Uh, they, the, uh, the actors are smart enough that they're, they're not only going to destroy your local machine, but they're going to destroy your backups to double if they can.

So having a disconnected backup is, is critical. Uh, there are very, if you're just starting out and your data's on your, you know, like my son and he's got one computer, he has his, uh, his drawings, his art, whatever that he's, uh, that he's put together for his designs. Um, he has a copy on his computer. He has a copy on a, on a cloud drive thing, like a Dropbox kind of thing. Uh, and then he has a secondary backup that's offside using something like, uh, it could be something as simple as a crash plan or a, uh, a Carbonite or whatever. And you can use any of them that any of those are just fine for a beginner for starting out.

If you have a bigger operation, you may want to, uh, uh, do, uh, uh, bigger, uh, processes. But look at the, the key, there are two key metrics that you need to look at. Um, how much data can I lose? You know, how I, how much data can I afford to lose in time? And then the second one is how long will it take for me to recover?

So these are the two questions that we ask every client. They want to say, they start with, you want all the data one second, and we want it available right away. And that's doable. That costs a lot of money to do. So what we do in that sense is that we then now we say, all right, so let's now pull out the wallet and say, that's going to cost probably a lot higher than the data that you're protecting or that you're willing to spend, but let's take a what's what's a realistic, well, if I lose four hours of, of work and it takes a day, or it takes 12 hours, or it takes eight hours to recover, um, then you know, that's a reasonable amount.

Okay. So now we have something to work with in terms of figuring out budget for that. Some people are like, yeah, my data is like, if I lose a day's worth of work and it takes a week to run. Then, you know, taking USB drive that you copy, you throw in a safe, or you take it off site. That might be fun. Um, but I would think that there's probably, most people are probably somewhere in between and once they figure that out, they can decide how much they can spend on doing that backup.

But that's a critical piece, you know, if you're, if you're looking at anything, if you're not doing, uh, the, you know, the bare minimum, backup your data, uh, even though the, you know, in terms of ransomware, just recovering, the data is not necessarily, uh, enough nowadays. They're extorting us. Now they're saying, Hey, we have your data.

We're going to release it. And if it's not something that is sensitive, that you have to pay the rents to prevent that from happening. Not that I'm saying that you should pay the ransom or not, that's between you and your attorney, your insurance company. Um, but the, uh, at the very least you have your information to get back up and running quicker.

[00:53:03] Joseph: And, and one thing that's been sticking out. So to me, I, as we're describing this, cause we were also talking about. Um, all companies and employees working remotely. And I think one thing that's really made a big difference in the last year is the prevalence of, of working remote, you know, full disclosure.

I work remote. And from your point of view, I'm guessing that it's made the situation a lot harder because now you have everybody in their own home and there was not a standard operating procedure across everybody's devices. And have you encountered this issue personally with the, with, with when we were working with? 

[00:53:38] Raffi Jamgotchian: Absolutely. I mean, when the pandemic first hit and, you know, we had, you know, most of our clients were, uh, ready to be able to work from home. Um, you know, some, some were not because of just the way they were structured, but you know, many word that that was very common for someone to, you know, take computer home and work from it or connect from a different location.

Um, what was, uh, what was new? Was everybody doing it at the same? Uh, and so now that that's one aspect of it. The other aspect of it is now dealing with, uh, for me purely from a, not only a security point of view and technology point of view, um, everybody's own bandwidth issues, right? Uh, you have kids in your building that are connecting into school at the same time that you're trying to wear the same time as somebody else.

Uh, you know, kids playing X-Box while they're at school. Uh, my own kids, for example. Um, so that's, uh, that's, uh, those are the things that you were having to deal with. Um, and it became an education aspect for us, for our clients. Now we weren't going to be able to get into every house segment, their network.

So their business was separate from their, uh, from their, uh, personal environment that wasn't doable. So we did the best we can to, um, make sure that their work-related activity was as segmented away from their personal activity as possible. Um, we recommended not using personal devices to connect them to the office wherever we could, uh, that in the beginning, that was tricky because it was very hard to get equipment.

Uh, companies didn't have laptops and laptop orders were, were, were rare. So we had to do our best again again, around. The problem ends up being is that as the pandemic raced on and we were able to resolve these quick questions quickly, many did not many did not, uh, say, yeah, things are fine the way they are or they're working.

And this is more of the it mindset. Things are working. I'll leave it alone, uh, versus going back and rethinking about all right. So now, now that I have time now that the rushes out the door that I got everybody up and running, because that was the job. Number one is the business has to run job. Number two is right now, how do we reduce the risks associated with that business and say, all right, here's some areas that we need to clean up with.

And that was trickier to do, uh, over, over the course of this past year. But I think it put us and our clients in a better state because of that. So it's, it's, it's a, it's okay. Sometimes to, uh, open the door a little bit in order to do get your job done. Um, but sometimes you have to rethink. Uh, and that's not always easy to do, but you have to remind yourself like, all right, do I still need this open?

Is there something that we can do, um, to, uh, protect ourselves? Um, but yet there, and there's always, you know, pragmatic things you can do to help yourself. VPN is a clear one. Um, there are other. Uh, products or buzzwords that are out there that, uh, that kind of mimic the, uh, kind of a newer way of doing VPNs for, uh, for folks to get access to, um, information.

Um, most of our companies, a lot of them are, uh, either all in, all in cloud or having cloud. So, you know, you're not VPN back into the office now anymore to get your information, your, I still accessing it the same way you did when you were in the office. It's, it's all online. So how do, now that you're not in the protection of the company bubble anymore, you're kind of out here.

Uh, how do we protect now that now that there's new tools and ways to do that? So as a result of that, we're constantly evaluating, um, the tactics and the frameworks that we use to. Help roll things out. So we follow a framework, um, that framework is ever evolving and we reevaluate that framework against all our customers every quarter to see if there's anything that we need to adjust along the way. 

[00:57:39] Joseph: We're getting close to, to our, our mark.

Um, we're, uh, just a, just a few minutes away and I've jotted down a lot of notes today, by the way. I think there's a lot of really great practical information here. And, um, and, and as I, uh, said at the beginning of the episode, I'll, I'll, I'll say again to, you know, to, to start tying this up is it's, it's so important.

And yet, if you just, even if we just look at the ratio of how many times we have this kind of conversation, versus how many times I have conversations with Shopify sellers, I think that this is the kind of thing that we really do need to know more about. I have one more, well, not counting the wrap-up question, but the last question that I wanted to ask you is purely speculative, and I'm really asking you more for the fun of it, but do you see an end game between the arms race between insecurity and the bad actors?

Is this an eternal struggle, uh, like the battle between light and dark, or is it possible that, you know, the bad actors could be a thought worded once and for all? 

[00:58:35] Raffi Jamgotchian: I mean, we have to make it, uh, as hard as possible, right? There's no way in, in the hearts of men, uh, doing, uh, bad things for their own personal gain.

I don't think that's, you know, that started from the Dawn of time. I don't know if that's going to, that's not going to stop in any, uh, in any way, uh, that I can see. So I'm not going to speculate on that, that eventuality. Um, however, there are some structural things that we can make it extremely difficult, uh, to do, um, both.

From a technical point of view. Um, but also potentially from a, a policy and a governmental point of view. Um, I'm not a massive believer in regulation and things like that. I think sometimes it hinders our businesses, uh, from moving forward at the, at the, um, uh, expense of, uh, trying to protect us from, from certain things.

But there's a lot of things that we, uh, that we can do. One is, you know, unlike many other countries because of the structure of the US, you know, as a federal system, uh, every state does their own thing. Um, that's not necessarily a bad thing, but when it comes to something like e-commerce or privacy online privacy.

I think there needs to be some standards that are there around the, uh, around the country for one, it's actually better for business because now you don't have to, you know, especially in e-commerce company, think about an, uh, you have a store and you're selling the 50 states. Now you have to deal with 50 different privacy, uh, rules, that's nuts.

Uh, those are the things that need to, uh, need to be fixed from that point of view. I'm glad to finally hear that. The, from a, uh, at least from the, um, the white house that we're bringing down to bare to, uh, on some of our adversarial, uh, tendencies, I think unfortunately it's pointed in one direction a little bit too much.

Um, you know, there are definitely some other aspects of, for example, the corporate espionage that takes place on behalf of, uh, uh, for China that we need to also be concerned about as well there. So the, uh, if, if the, uh, if the Russian bear it, you know, You know, they, they run into a China shop and they break things.

Uh, uh, the Chinese Panda, uh, is a little bit sneaker about it and it doesn't make as much noise. And so that's, that's those, uh, those are, I think from a governmental point of view that we can all, uh, do a little bit better, um, from a, uh, from our personal business point of view, uh, we all have to be aware and, and raise our games.

Um, ultimately, uh, the tools are going to be getting are getting better. Um, we're able to, they're getting not only getting better, but they're getting cheaper and ultimately that's going to help us, but it's not just technology. It's people. Uh, the peop people have to be engaged in, in their own solution, uh, and, and your provider and your, um, uh, your software is not going to care more about your business.

[01:01:47] Joseph: Uh, that, that makes, that makes total sense. Especially the, the, the bigger they get, you know, a company like Shopify, you got a lot of other people. I mean, there, there there's some high-profile people they've kicked off their platform. So clearly they, uh, there's some concerns that they don't share with me.

So, and, you know, it was funny too. I didn't even, I didn't even mention like a digital, digital rights management, you know, coming from the game background, you know, there's this whole, there's a whole other can of worms about how, you know, users who do obey the rules and obey the law actually tend to be far more inconvenienced in the interest of protecting them as a whole other whole other thing.

I just wanted to give that a brief bit of oxygen. So, um, so door door's definitely open. Um, it, it was great to meet you today and I'd be more than happy to have you back and carry on this conversation. Terrific. Well, our wrap up question is the, uh, Ecomonics tradition is if you have any parting words of wisdom, not that we haven't spent the last hour sharing wisdom, but you know, Chinese Proverbs, stuff like that, anything you enjoy sharing, you're welcome to, and then let the audience know how they can reach you.

And I especially want them to check out your blog. Um, because I, I went through it and there was a lot of great takeaways that we didn't even get into today. 

[01:02:54] Raffi Jamgotchian: Yeah. I mean, Especially if you're, you know, especially if you're a very, you know, very small business, uh, you know, uh, I would guess that most of the companies, there are many of the companies, like anything they're dealing with, uh, with Shopify, or probably a fairly small, uh, although there's some large retailers that use it as well.

Um, but there's, uh, uh, you know, if you're a very small, you start, start from the basics, uh, look at the basics. Uh, you talked about, uh, hygiene, there's a cyber hygiene. Um, you know, we talked about keeping your computer up to date, making sure you're smart about the passwords that you use use to a multifactor authentication, backup your data.

Uh, unfortunately we see a lot of companies take risks, uh, with their own and their client's data and thinking that's gonna cost too much to protect themselves. And we need to, the truth is that there's ways that you can do that. Um, Whether it's a, you know, tie in and most con most companies can just start with talking to their local it company resource to say, Hey, I want to do better about protecting myself.

What am I doing wrong? Giving me an outside, look, uh, get an assessment done. Uh, it could be something as it doesn't have to be a full on penetration test. You're not going to penetrate Tet, do a penetration test against Shopify. They they'd kick you off. Um, but you know, let's have a conversation about my business operations to see, you know, poke some holes into it, have another set of eyes.

Um, that's always, uh, uh, going to, uh, to help you out. And then finally, um, you know, it's, you know, it's not how you defend, uh, uh, your attacks successfully. There's no way you're going to defend every attack. It's, you know, respond and recover from that, uh, that will determine if your businesses can survive.

Something that happens or be part of the statistic that 60% of small businesses fail after a, uh, a successful breach. 

[01:04:51] Joseph: Wow. That's a, that's a sobering stat, but it's really important to keep in mind. Um, and so with that, uh, so just to reiterate, um, work in the audience, uh, discover more about what you do and what you're up to.

[01:05:02] Raffi Jamgotchian: Sure. Uh, you can find me on, uh, on Facebook and LinkedIn, uh, on LinkedIn, Raffi Jamgotchian and business is triadanet.com,and the blog is there as well. So we write about security issues, security news, and, and things like that. 

[01:05:20] Joseph: Yeah. And then, and like I said, uh um, I had the, the privilege to go through it and prep for this, and there was a lot of really great information in there.

So, uh, well worth the read and with that, Raffi it was great to, uh, have, uh, have you on the program today. I learned a lot. I think this is a really important episode and I hope everyone has their notepads out. I'll put that in my intro. All right. With that to my audience as always thank you for being a part of this.

It is an honor and a privilege to collect this information and provide it to all of you. Take care. We will check in soon.

Thanks for listening. You might've found this show on many number of platforms, apple podcasts, Spotify, Google play, Stitcher, or right here on Debutify. Whatever the case, if you enjoy this content and want to help us thrive, please take a few moments to leave a review on apple podcasts or wherever you think is best.

We also want to hear from you. So whether you think you'd be a good guest or want to weigh in on anything related to our show, you can email podcast@debutify.com or connect with us on Facebook, Twitter, Instagram, and Tiktok. 

Finally, this podcast is created by the passionate team at Debutify. If you're ready to take the plunge into e-commerce or are looking to up your game, head over to debutify.com and see how it can change your life and the lives of many through what you do next.

Written by

Joseph Ianni

378,491+ Are Reading The Debutify Newsletter.

graph-mail

Get bite-sized lessons from leading experts in the world of e-commerce. Improve your business in 5 minutes a week. Subscribe today:

Be A Guest On Debutify
Podcast & YouTube Channel

We're on a mission to help ecommerce owners start, scale and succeed in business. Have valuable lessons to share? Apply and become a guest on our channel today.

podcast-apply