00;00;05;14 – 00;00;30;01
Speaker 3
Hello and welcome to the Mobile Matters podcast, powered by the Mobile Chamber, where we dive into the big topics shaping Mobile’s thriving business community. I’m your host, Bradley Byrne, president and CEO of the Mobile Chamber. A special thank you to our podcast sponsor, mobile, for making today’s episode possible. They’re offering prizes for local businesses who offer referral for a conference to come to mobile.

00;00;30;04 – 00;00;53;15
Speaker 3
Find out how you can win big with the Bring Your Home campaign on the business for you.com. Today we’re really excited to welcome two great friends a book called Harper with Harper Technologies. One of the areas most trusted experts and managed data infrastructure, network services and cybersecurity. And Carl, welcome.

00;00;53;18 – 00;00;54;29
Speaker 1
Thank you. Thank you for having us.

00;00;55;02 – 00;01;05;15
Speaker 3
Now we’re delighted to have you. So I’d like to start by hearing more about how Harper Technologies and how you guys got started in the art space in mobile.

00;01;05;18 – 00;01;25;12
Speaker 4
Well, so that is a question that is rooted in hobby and passion. So we started at a young age, back in our adolescence years. We had always talked about Harper Technologies, even talked about Harper Technologies as the older brother and had made construction paper cards that said Harper take on them. There were blue and neon green.

00;01;25;13 – 00;01;27;18
Speaker 1
They were atrocious. Yeah.

00;01;27;20 – 00;01;48;02
Speaker 4
And, we had a grandfather that was, that had experience being an electrical engineer. We had a father that had mechanical experience. And you take those two things and put them together at about the time that computers are becoming popularized in the home, and you get the monster that it created, so to speak. So, we took that and took interest in computers, started disassembling and putting them back together.

00;01;48;02 – 00;02;04;17
Speaker 4
And, fast forward to 2002. Abe was in college at the time and had done a year and a half of college and decided that that track was not for him at the time. And, called me up and said, hey, you ready to start the business that we had always talked about as kids? So, yeah, let’s do it.

00;02;04;18 – 00;02;24;28
Speaker 4
So I was 13. He was 19 at the time. Didn’t have much to lose. Called it naive, call it ambitious, but, we hit the ground running. Had some some space, office space that we borrowed from a friend and started it and and grew from the seedling to what it is now today and have been extremely blessed and fortunate to call, mobile our headquarters in our home.

00;02;25;00 – 00;02;35;08
Speaker 3
Well, we love having you here. So, remember, we’re late, people. So talk in terms for somebody like me can understand, but what services do you provide and who do you typically work with?

00;02;35;11 – 00;03;01;02
Speaker 1
So our average client is going to be a small business to medium business. We have we have a swath of business that’s enterprise as well. But it’s kind of I won’t say niche, but we focus on managed service infrastructure and data service or cyber services. Managed service looks like you have a network of devices that need to be protected or some way mitigated for, for, failure or routinely inspected.

00;03;01;09 – 00;03;23;17
Speaker 1
So you entrust us with that service? And that includes your antivirus, your anti, malware, your on site protection, your offsite protection, your backups. It’s kind of a comprehensive wrap around, if you will, for business owners peace of mind with it. With regard to infrastructure services, that’s the hot topic. That was really kind of brought to the forefront pre pandemic and mostly through Covid.

00;03;23;19 – 00;03;51;27
Speaker 1
That’s the delivery of fiber, copper and wireless. The connection systems that allow or the connections that allow systems to coexist. So you think cat5 installation on a building wireless infrastructure installation or fiber optics across the site that’s owned by the client? Excuse me. So the third service, that data services, that’s offsite backup, that’s, data recovery data analysis and a specialty subset of security services that we provide there as well.

00;03;51;29 – 00;03;55;17
Speaker 1
So, we keep it protected, connect it, and integrate it.

00;03;55;22 – 00;04;01;03
Speaker 3
There you go. That’s quite the way you’ve made it. Simple like that. That’s it. People like me can understand.

00;04;01;06 – 00;04;07;00
Speaker 4
I always like to wrap it up by saying we are. We are the outsource it for companies that do not have internal I.T departments.

00;04;07;06 – 00;04;15;12
Speaker 3
Right. A lot of small, medium sized businesses, they don’t have the financial wherewithal to have somebody in. That’s correct. Right. They have to have somebody like you to help them out.

00;04;15;13 – 00;04;16;06
Speaker 4
Absolutely.

00;04;16;08 – 00;04;23;17
Speaker 3
So what are some of the biggest misconceptions small or medium sized businesses have about, safety?

00;04;23;19 – 00;04;25;02
Speaker 1
Think that is.

00;04;25;04 – 00;04;46;06
Speaker 4
I would say that it’s probably a set it and forget it style solution. You have to be actively engaged in it at all times. When protecting your net and your network, protecting your data in your infrastructure, that includes making sure that your employees are trained in security awareness. They know what threats to look for, what vulnerabilities to avoid, what emails not to click on, things of that such.

00;04;46;08 – 00;05;06;00
Speaker 4
I’d say a lot of misconception revolves around the fact that people think that once a firewall is in place, or once an antivirus is in place, they’re impenetrable. Which unfortunately is not the case, because if you give a bad actor the key into your computer, so to speak, then they still can get in and wreak havoc. So you have to have the end users on the other side of the keyboard.

00;05;06;07 – 00;05;15;11
Speaker 4
We just as knowledgeable, if not more knowledgeable at times then the bad actors to know what to avoid and what not to click on and what not to fall prey to.

00;05;15;13 – 00;05;23;28
Speaker 3
Well, you know, it’s getting to be more and more common that we’re being told if you don’t recognize something that’s coming to you, for God sakes, don’t click on.

00;05;24;01 – 00;05;24;18
Speaker 4
Absolutely.

00;05;24;25 – 00;05;27;04
Speaker 1
And even if you do recognize it, be careful. Yeah.

00;05;27;05 – 00;05;28;26
Speaker 3
Because that’s something that could be a felony.

00;05;29;01 – 00;05;29;11
Speaker 1
That’s right.

00;05;29;12 – 00;05;31;03
Speaker 4
Question and always verify.

00;05;31;05 – 00;05;51;08
Speaker 3
Yeah. Well is it scary to those those that don’t have your expertise because we know the threats out there. And we depend upon people like you to tell us what we need to do to avoid it. So I don’t know about other people out there, but I overdo it. And, you know, if I’m not absolutely certain about something, I just eliminate it.

00;05;51;08 – 00;05;56;02
Speaker 3
I delete it out of my system. Yep. And sometimes I get in trouble, too.

00;05;56;04 – 00;05;58;27
Speaker 4
As you are the type of end user that we admire.

00;05;59;00 – 00;05;59;11
Speaker 3
That really

00;05;59;17 – 00;06;08;21
Speaker 3
doesn’t make that mistake. Exactly. Click on something I’m not going to click on. Exactly. So what emerging threats should business leaders be aware of in 2025?

00;06;08;24 – 00;06;34;08
Speaker 1
You know we talk a lot about cybersecurity viruses threat actors in our world. And Carl alluded to it. But the landscape is ever changing as fast as we innovate technology. The threat actors are innovating ways to break it or infiltrate it. You know, at that. I’d be remiss if I didn’t talk about the event horizon that everybody’s experiencing right now in the forms of AI and quantum computing, right.

00;06;34;10 – 00;06;54;20
Speaker 1
What we know in terms of the standard threat topography as it emerges is going to become much more, accelerated because of the mechanisms that allow it access, but also because of the systems that have to be designed to integrate them. AI is probably one of those things that people don’t really understand the exposure risk of it.

00;06;54;20 – 00;07;16;26
Speaker 1
And I’m not talking as much about cyber compromise and data access, but the exposure of information. Right. These systems, as you input data into them, they don’t unlearn that information. If it’s a shared access system somewhere globally, that information is stored and still accessible by someone else. That’s probably and again, Carl nailed it. It’s it’s it’s the interface.

00;07;16;26 – 00;07;36;01
Speaker 1
It’s the human side of the equation, not the technical or the computer side. So an awareness or a, education component of what we try and make people aware of is, hey, know where your data is going, know where your data is residing, know how your data is being managed, know how it’s being handled and stewarded. Knowledge is power, right?

00;07;36;01 – 00;08;00;05
Speaker 1
And then any business convention. So when you think about someone having access to your business data, they also may be aware of your vulnerabilities. Because of that data, they may have access to your systems, but they also may know how to break those systems. So I think, you know, Carl, you chime in here too. But I think the biggest event horizon threat right now really is quantum in AI for a lot of reasons.

00;08;00;07 – 00;08;22;08
Speaker 4
I would agree. I would agree because it’s evolving threats faster, more quickly than they ever have been before. So you’re seeing a lot of the same across the, the event horizon, but you’re seeing it more rapidly. You’re seeing it spread more rapidly and reach more people more quickly. Just because of that AI that is, that is fueling it, as the engine essentially.

00;08;22;08 – 00;08;22;12
Speaker 3
And

00;08;22;12 – 00;08;39;11
Speaker 1
I had someone share a story with me in Birmingham. At a conference a couple days ago that they had their their mother had been impacted by a auto caller on AI that mimicked their voice.

00;08;39;14 – 00;08;41;01
Speaker 3
Well.

00;08;41;03 – 00;09;03;25
Speaker 1
And it knew what questions to ask. It knew how to get her to comfortably share information about her accounts with them. And, it led to a full on data remediation and an investigation. So, as first, I had heard of a such such of a level of, of an incident, but, you know, the the technology is there already.

00;09;03;25 – 00;09;12;08
Speaker 1
And unfortunately, if we as users aren’t aware of it, that’s really the biggest threat. It’s kind of creating that awareness and creating that, that knowledge base to build those walls, securely.

00;09;12;13 – 00;09;32;04
Speaker 3
It’s amazing how realistic it is. I was reading an article and they had an actual video, went there to introduce you to this new actress. And it was this woman, and she started talking and gave her name and everything and stopped and said, and that’s a completely digital person, right? That’s not a real person. I was like, blown away with how realistic it was.

00;09;32;06 – 00;09;41;18
Speaker 3
Yeah. So is the what that technology can do. It’s really scary. I know for many small businesses, spam can be a big problem. And how do they handle spam? What’s the best way to handle that?

00;09;41;23 – 00;09;46;05
Speaker 1
Carl’s got that one. Go ahead, girl, delete it.

00;09;46;07 – 00;09;47;15
Speaker 3
It’s that simple,

00;09;47;18 – 00;10;06;28
Speaker 4
Not all the time. Not all the time. So, you know, there’s there’s what’s known as traditional spam, and then there’s phishing. Spam. Yeah. Traditional spam is is typically just junk mail is the equivalent of getting a solicitation in the mail in your mailbox at home. A phishing scam or phishing spam would be similar to someone sending you a message saying you have an overdue bill.

00;10;06;29 – 00;10;10;03
Speaker 4
You need to pay this immediately. Call this phone number.

00;10;10;06 – 00;10;11;09
Speaker 3
Or put it up.

00;10;11;12 – 00;10;32;14
Speaker 4
Right, right, right click this link we need you to resolve it immediately is always a call of urgency to it. So knowing how to identify those, knowing what the red flags are, which are typically call to urgency typos, a email address that doesn’t quite resonate. You know, it may say from Microsoft, but be from someone at gmail.com.

00;10;32;14 – 00;10;54;02
Speaker 4
Things of that such it’s knowing those flags to look for and then safely deleting it. Or if you’re not, if you don’t recognize it or you’re not expecting it, delete it anyway. Throw it into the junk mail. Wait for it to be verified. If you can’t, call anyone to verify that it’s actually a legitimate piece of mail that you were supposed to receive is safer, just delete it and wait for it to resurface if it is something legitimate.

00;10;54;08 – 00;10;58;19
Speaker 3
Yeah, I’d rather find out later that I shouldn’t have deleted that thing. And not.

00;10;58;22 – 00;10;59;22
Speaker 4
Exactly.

00;10;59;24 – 00;11;00;25
Speaker 3
I wish I had deleted.

00;11;00;25 – 00;11;01;10
Speaker 4
That, and

00;11;01;10 – 00;11;04;06
Speaker 4
to give away your credit card number or your social information.

00;11;04;08 – 00;11;05;13
Speaker 3
Right.

00;11;05;16 – 00;11;26;25
Speaker 1
And that I’d be remiss if I didn’t mention to their systems that we can offer in terms of user awareness training and, email mitigation that help to filter out some of those. There’s a whole industry segment that falls under our data cyber services component, where we’re able to offer engagement services, where we can help to minimize that.

00;11;26;27 – 00;11;49;24
Speaker 1
We’ll never say eliminate it, right. That’s again, that’s the topography evolves. So do the threat actors. But there’s tools that exist that allow the filtration of said spam coming in to be caught at an automation level first. And let’s say, what, a 75 to 80% accuracy. Yeah, it’s it’s a lot better than what the you think of a spam filter back in the 2010 era.

00;11;49;24 – 00;12;00;27
Speaker 1
And it was like, you know, you couldn’t get anything through it. You get everything through it. They’ve gotten they’ve evolved quite a bit more now. So there’s some tools too that can be applied to help lower them. If a business is extremely plagued with them too.

00;12;01;04 – 00;12;02;09
Speaker 1
That’s right.

00;12;02;11 – 00;12;15;02
Speaker 3
Well, it’s, we’re going to come back to all this in a minute here. It’s time for our commercial break. And when we return again, call Hopper. We’ll have more practical advice on how to protect your business from cyber attacks. We’ll be right back.

00;12;15;05 – 00;12;35;16
Speaker 1
Meetings and events bring hundreds of millions of dollars to our local economy. Visit people wants to partner with chamber members to keep that momentum going. Know of a meeting or conference that could be a good fit for mobile? Contact David Clark at DClark@Mobile.org. Share your lead. Just the meeting name and you’re entered into a raffle.

00;12;35;22 – 00;12;44;16
Speaker 1
Every qualified lead will win. Some include prizes such as cruises, luxury hotel stays and restaurant gift cards. Let’s grow Mobile together.

00;12;44;18 – 00;13;03;20
Speaker 1
We’re back with a band called Harper from Harper Technologies. We’ve all heard about cyber attacks in the headlines, but it could still feel like something that happens to other people. Can you share a real world example of how a cyber incident impacted the business, and what could have been done to prevent it?

00;13;03;22 – 00;13;26;04
Speaker 2
I’ll kind of jump in, obviously, for, data privacy and, and protections. We don’t ever disclose where and when, but, I can kind of share scenarios and I can assure you that they’re not a it happens to them and not me scenario. You know, cyber attacks are generally, as Carl mentioned earlier, a byproduct of the human factor.

00;13;26;07 – 00;13;49;15
Speaker 2
So what you’ll generally see is someone from the outside create a breach in the system by creating a confidence with someone on the inside that’s either through an email, through access to a system. We routinely hear of businesses and individuals where someone has reached out to them. They saw an email, saw an attachment, thought it was legitimate.

00;13;49;17 – 00;14;08;02
Speaker 2
I can think of at least four in the last week, perhaps, that we’ve they’ve come across our desk, they click the attachment and immediately the threat actors go into action. They install their attachment software onto the back end of that computer. They mitigate their way down through that computer’s file system. They do what’s called lateral movement across the topography.

00;14;08;02 – 00;14;25;19
Speaker 2
They find out what other collateral damage is. It’s very much like warfare, right? When you go in, you’re assessing your target of value, but also while you’re figuring out how to extract that target a value, how do you move laterally across the battlefield? What other what other, gains can you make in the territory while you’re there?

00;14;25;21 – 00;14;48;15
Speaker 2
And then finally we hear about ransomware and that’s, you know, when you hear ransomware, most people think it’s the attack. It’s actually not it’s a byproduct usually of the of the system infiltration or someone coming across the system, and then they’re wanting to kind of cover their tracks or add a layer of embellishment so that they can gain, financial gain on the back end in addition to the entry they’ve cost.

00;14;48;17 – 00;14;48;25
Speaker 2
So.

00;14;48;25 – 00;14;51;14
Speaker 1
Prevention, what’s the best way to prevent all that?

00;14;51;16 – 00;15;14;12
Speaker 2
It’s kind of a trifold thing. I’ll share a specific scenario. We had a client that onboarded with us some years ago. As they onboarded, they came to us as a by product. They actually didn’t onboard as a client, but they they came to us as a byproduct of an attack. And they effectively had someone sent an email into one of their representatives inside of their organization that person trusted the email enough to click on.

00;15;14;12 – 00;15;43;14
Speaker 2
And this email had basically been intercepted as a set of wire instructions. Yes. For a specific incident, I was trying to think, as I talked through, that one of the best wants to share, well, what the threat actors did, they took the fact that they took the email that had been intercepted that was meant for a vendor and had wire information in it, and then changed the wiring instructions to a bank that was not the bank that it was to go to.

00;15;43;17 – 00;15;53;21
Speaker 2
The threat actor then proceeded to urgently, as Carl mentioned, rush, the client, to submit that wire three times over the course of two days. That wire was in excess of $400,000. Oh my.

00;15;53;21 – 00;15;54;22
Speaker 1
Gosh.

00;15;54;25 – 00;16;13;27
Speaker 2
So about a $1.2 million impact to this business because it was a foreign trade entity, and they wired it three times because they thought that they were wiring the money to their vendor when the invoice had been intercepted. Well, so that’s your question on the best way to mitigate or prevent it. You know, you nailed it earlier.

00;16;13;27 – 00;16;37;17
Speaker 2
If you see something and you don’t recognize it, delete it. But if you think you do recognize it when it’s dealing with security of data, the welfare of people or an organization or finances, always pick up the phone and call. There’s there’s nothing better than using a phone number that you know you’ve got and in possession and a voice on the other end of that phone and trusting that you’re getting the right person and they’ll tell you, yes, I sent that.

00;16;37;17 – 00;16;52;17
Speaker 2
And no, I didn’t in that. And you can then go back and delete it or act accordingly. And once you’ve identified it for the better good of the community, it’s good. If you’ve got a resource or partner like Harper protect that. You can report it to and say, hey, this came across because we’re gonna we’re gonna nerd out over that.

00;16;52;18 – 00;17;10;21
Speaker 2
Honestly, right. We’re going to geek out a little bit. We’re going to try to figure out, okay, how are these threat actors using this level of technology and sophistication to get to you that it seems so realistic that you had to call us and ask that question? And then for the, the, the, the good side of the cyber community is a good side and a bad side that allows us to then begin spreading the word.

00;17;10;22 – 00;17;30;29
Speaker 2
Hey, this threat is emerging. This information is out there. These actors are using these tactics. You know, you think back to, I was a major think back to Independence Day, right when the space ships all settled over the Earth and they blocked the signals and nobody could get calls out around the world. And they jumped on Morse code and started transmitting how to bring them down across the across the world.

00;17;31;01 – 00;17;42;22
Speaker 2
It’s kind of the same way it works in cybersecurity. Once we know the threat actors are using some nuance tactic that may be under the surface, we want to get the word out in the community. You know, in a way, it so that people don’t fall victim to that.

00;17;42;25 – 00;17;52;06
Speaker 1
We say more and more state sponsored cyber attacks in the U.S.. Why is important for businesses in mobile to prioritize cybersecurity?

00;17;52;09 – 00;18;10;14
Speaker 3
I think because threat actors don’t pick just large targets. And that probably goes back to the misconception piece that we talked about earlier as well, because that would be another common misconception is that, oh, I’m just a smaller company. I’m a small business. No one’s looking at my company. They think only fortune 500 companies are being targeted at fortune 100 companies.

00;18;10;16 – 00;18;39;06
Speaker 3
And this is not the truth. Big and small companies are targeted just like, So just as you’re having state sponsored, cyber attacks, local cyber attacks are still very much a real thing. Ransomware is still very much a real thing. Wire fraud still very much a real thing. So having having the proper protections in place for prevention to protect you against that, both on your perimeter network, on your local computer and then having an educated end user to help protect against that as well.

00;18;39;09 – 00;18;44;07
Speaker 3
Those three components really, really help, in mitigating those types of attacks.

00;18;44;10 – 00;18;56;04
Speaker 1
Well, you’re touching on this, but let me get sort of directly into it. So how can investing in cybersecurity strengthen not just individual businesses, but the larger business community here in mobile?

00;18;56;07 – 00;19;14;08
Speaker 2
So we talked earlier about lateral movement of the threat actors. One of the things that I can personally attest to, and I think we all agree with, is that mobile, even though it’s a metropolitan, is a fairly small community, right? We’re tight knit. You at any given time, your email address and your contact is in someone’s contact book.

00;19;14;08 – 00;19;38;06
Speaker 2
So less than two connections away here, Right. So when you think about the industry that we have, the exposure that we have as a, as a coastal community, our port, you know, the the international effect of things coming here, even though the Khalil’s point, we’ve got all these smaller cluster segments around those industries, the threat actors find a vulnerability.

00;19;38;12 – 00;19;59;18
Speaker 2
And in that vulnerability, one of the byproducts that they can harvest is your contacts. And once they’ve harvested your contacts, doesn’t matter how small you are, if you’ve got a, a two person company over here that’s doing a subcontract for, you know, X, y, Z company over here, and that address book gets harvested. Now that XYZ company becomes a part of that lateral movement target.

00;19;59;18 – 00;20;16;20
Speaker 2
Yeah. So the investment really goes to protect the greater good of the community, because what you’re effectively doing is you’re you’re investing and making sure your information and your data are secure in a way that doesn’t allow it to get leaked out to someone else. That could inadvertently hurt someone that you may be connected with, even on a friendship level.

00;20;16;20 – 00;20;35;18
Speaker 2
You know, it’s the phone book. You know the old saying, what’s the old adage, my network is my net worth? And that that is especially applicable when a cyber attack occurs, because, you know, the first thing that you’ll see is in a good remediation of a cyber attack, the team will tell you, hey, what do you have in your address book?

00;20;35;18 – 00;20;59;01
Speaker 2
Because we need to let everybody on your address book know that you may have been breached so that you can then have an awareness of the case. They see something suspicious or malicious come through. And that’s how the threat actors jump from target to target. So the investment really is, strengthening the business community’s overall. Integrity and continuity, but making sure that the next person in line doesn’t get hit.

00;20;59;01 – 00;21;22;06
Speaker 2
Right, because you work because you were the weak link. I’ll pay you back and say, second of that, there’s a growing, industry in the cyber insurance world. And as that as the insurance world sees cyber threats more unmitigated, the rates and premiums go up. And as the rates and premiums go up, we know in one area of insurance you can see it probably across all.

00;21;22;09 – 00;21;26;03
Speaker 2
Yeah. Right. So the threat then becomes very real to them and the risk becomes real too.

00;21;26;05 – 00;21;41;07
Speaker 1
It’s almost I know this is very simplistic, but it’s almost like making sure that you have adequate fire protection. If my building doesn’t catch on fire, then it’s not going to jump over and catch your building on fire. Exactly. So we kind of have a mutual obligation on one another to make sure we do defensively what we can to protect ourselves.

00;21;41;07 – 00;21;42;21
Speaker 2
That’s right. That’s right.

00;21;42;23 – 00;21;49;09
Speaker 1
So early you mentioned that the principle of least privilege. Does that mean how you might it apply in your business.

00;21;49;11 – 00;21;53;15
Speaker 2
Zero trust. Go girl I was zero trust before zero trust was cool.

00;21;53;15 – 00;22;13;03
Speaker 3
That’s right. So the principle of least privilege is a security policy that states an end user should only have the level of access needed to do their core competency of their job duties on a daily basis. So that’s taking out all the additional permissions, all the additional fluff do things that aren’t solely that their job duties don’t solely rely on.

00;22;13;03 – 00;22;18;23
Speaker 3
Excuse me. So things like changing your background, downloading programs, installing programs

00;22;18;23 – 00;22;23;21
Speaker 4
without permission. All of those are removed in the principle of least privilege, and you’re only.

00;22;23;21 – 00;22;38;26
Speaker 2
Allowed to access the parts of your computer and the parts of your software that are needed to do your core competencies for your job duties. Now, that part. That principle is part of a larger component called the Zero Trust policy or the Zero Trust.

00;22;38;28 – 00;22;42;02
Speaker 3
Set work network. Thank you.

00;22;42;05 – 00;23;06;08
Speaker 2
And you know, the full component of zero trust is basically deny until verified. Always trust. Never trust. Always verify deny till verified. And then once verified, it can be approved. But it’s not just an open free world. It’s not the typical computer that you would sit down in and just be able to do anything you would like to be able to do on it.

00;23;06;09 – 00;23;25;15
Speaker 2
You have restrictions that are in place that keep you limited to what actions are able to take, and due to that, the threat of you actually downloading something that may be malicious to your computer or that may be malicious to the network, or that may cause damage to brand reputation, damage to data is significantly decreased.

00;23;25;17 – 00;23;30;28
Speaker 2
So if I’m a small and medium sized business, I don’t have an in-house IT function.

00;23;31;00 – 00;23;51;01
Speaker 2
I come to somebody like you and you go through user by user. What does this person really need to have on your system? That’s right. You decide what not to put on there so that I don’t inadvertently have something to do, something that could hurt the entire system. That’s correct. Okay, good. Well, you heard that. Don’t try to figure this out yourself.

00;23;51;03 – 00;24;07;28
Speaker 2
I assure you, I’m not going to try to figure this out by myself, because I don’t think I could. So we only have a few moments left. But what are a few warning signs that your business. That your business may be vulnerable to sovereign professor attacks. What should I be looking for? To understand my vulnerability?

00;24;08;00 – 00;24;30;13
Speaker 3
Well, I’ll start by saying that every business is vulnerable because it’s the person that’s vulnerable. If you’re not doing security awareness training with your team on a structure advocating model, you’re vulnerable. That’s that’s the first hallmark that your people, once they’re educated, then know how they should respond or what to delete and what not to do. We second vulnerability.

00;24;30;14 – 00;24;54;29
Speaker 3
You know, you’re really looking at how are you managing your update cycles, how are you doing your hardware refreshes, what are your antivirus? And that gets a little more into the Grace squishy area where you want a professional to come in and look at it. You want someone that’s that’s seen it before to know what the pinholes could be, can bring to the table, or can come in and do a cyber analysis or penetration test of some sort.

00;24;55;01 – 00;25;02;00
Speaker 3
But effectively, you always start with the people, because people are what make the business work and people are what the business depends on.

00;25;02;03 – 00;25;09;21
Speaker 2
You know, in my law firm, they they’ll send us something to test us. It’s scary to because you can’t tell that they’re testing you.

00;25;09;23 – 00;25;11;11
Speaker 3
When you get to the office. If you click on.

00;25;11;12 – 00;25;24;01
Speaker 2
That’s right. I’ve gotten in trouble once, and I’m telling you, I don’t get in trouble. Yeah, but, I mean, that’s what it takes to to inform me, to get me disciplined to the point where I know. Okay, you need to be more careful than that.

00;25;24;01 – 00;25;37;27
Speaker 3
That’s correct. It’s like an exercise routine, right? You get up every day and you exercise and you work out that, and you and you build that, that muscle memory so that when the actual threat comes, you respond accordingly. And it’s a very, very effective method.

00;25;37;29 – 00;25;40;06
Speaker 2
And that’s known as security awareness training.

00;25;40;06 – 00;25;40;27
Speaker 3
That’s right. And that’s the.

00;25;40;27 – 00;25;43;16
Speaker 2
Component that we offer as well as a service to our clients.

00;25;43;16 – 00;26;04;05
Speaker 3
But that’s that is a training component, that one it gauges and gives us a baseline of how your end users are responding inside of your organization. So once you get that email, that email is tracked to your inbox and then told exactly what happens once it hits your inbox. So for the person that administered that simulation to you, they’re able to see, okay, Bradley received this.

00;26;04;07 – 00;26;19;04
Speaker 3
Did he click it and did he click it. Did he go to. Did he keep it open right. Did he go to the link that was on the page. Did he put in credentials. Did he hit submit. And then once you hit submit, if you go all the way through it, more than likely you receive an infographic page that comes up and says something to the effect of.

00;26;19;05 – 00;26;36;08
Speaker 3
Gotcha. Yeah. Even books you fell victim to a fishing scam, and then that result is sent back over and it tells us, okay. He is he is utilizing unsafe practices on his computer because he’s clicking things that he’s unaware of that he thought was legitimate. And if this had been a real scenario, you would have given away your information to someone.

00;26;36;08 – 00;27;06;20
Speaker 3
And at that time, you then issued a security awareness training video or some type of of learning webinar that you have to go through is usually 3 to 5 minutes long. But there’s there’s recurrent training that comes along that teaches you then what to look for and the next time that it comes across. Because now that you know, you’ve been caught and more than likely it’s been addressed to you by someone, that you have been caught by it, you are more suspicious of things that come across, and you’re more vigilant when it comes across the good thing, you know, it raises your awareness immediately to the security threats that are out there.

00;27;06;21 – 00;27;24;00
Speaker 3
Even though they look legitimate. And more and more, they’re becoming more convincing every day. So nobody wants to be embarrassed. Exactly. Yeah. That’s right. It’s kind of I don’t mind the 3 to 5 minute video. It’s that first thing they tell you. You messed up. That’s the catch. The old adage people, people don’t have a fear of failure.

00;27;24;00 – 00;27;53;05
Speaker 3
They have a fear of public image. Yeah, it’s really that and it unfortunately it it it’s very effective when you’re dealing with cybersecurity Carl and and the team at the office, they dig a lot more into it than I do on a daily basis. And I mean, they are absolute wizards at setting up a structured program that creates a good environment for testing, that creates a healthy feedback for the client, and that’s what it takes to get people across the finish line to make sure that their business stays operational and running smooth.

00;27;53;08 – 00;28;12;26
Speaker 3
So this is an investment that is well worth everybody’s while, because if you don’t invest in it and you get hit, it’s a lot more expensive to fix it than it is to prevent it. Absolutely. I always say, you know what the cost is to educate people and train until you’ve had an attack and had to mitigate it.

00;28;12;26 – 00;28;32;17
Speaker 3
You don’t know what that cost is. Yeah. And let’s not find out. Let’s let Boyd that all together. We’ll call and thank you both for sharing your time and expertise today. I know cybersecurity can feel overwhelming for many small and medium sized businesses, but conversations like this remind us how critical it is to stay informed and to be proactive.

00;28;32;22 – 00;28;53;10
Speaker 3
If you’d like to learn more about Harper Technologies and how they can support your business, you can visit them online or connect with them through the Mobile Chamber of Business directory from the heart of the mobile business community. This is another episode of Mobile Matters, powered by the Mobile Chamber with a special thank you to our sponsor. Visit mobile.

00;28;53;13 – 00;29;05;06
Speaker 3
Be sure to subscribe whenever you listen to podcasts so you don’t miss future conversations about the people, ideas, and innovations shaping mobile business community. We’ll see you next time.