Douglas Karr:	Get ready, we're about to start today's show. We're going to be talking about IT security, both for your business and personal. Stay tuned.
Nathan Barnett:	Listen to Indy based entrepreneurs and business people, their experience and expertise. Have some laughs and learn along the way on this episode of Off The Circle. Off The Circle, the Indianapolis business scene like you've never heard it before. Your hosts are Douglas Karr and Ryan Grimes.
Douglas Karr:	Welcome everybody to an inaugural version, it's not really the inaugural version, of Off The Circle. The reason why is because we did a couple episode last year and we were were going to start it, but then we stopped and now we're getting it off the ground again, with peer pressure, with my co-host, Ryan Grimes. Right, Ryan?
Ryan Grimes:	Yes. When are we doing this? I'm going to be at your office Thursday, right? Okay, I guess we're doing this podcast then, let's do it.
Douglas Karr:	We're doing a podcast and we have also with us, we have Adam Small from Agent Sauce.
Adam Small:	How are you doing today Doug?
Douglas Karr:	I'm doing fantastic. I'm on your podcast too.
Adam Small:	Right, the real estate marketing one podcast.
Douglas Karr:	Then we have two quiet interns in the room that aren't on the microphone, but they're here.
Adam Small:	If you here a weird voice, it's definitely one of them.
Douglas Karr:	We have Nathan Baritone, he's listening in and Nathan is doing all of our mixing now and everything. He's an intern with us, I should say an apprentice, not an intern with us. He's learned how to ... I shouldn't say, you're not learning how to podcast, you know how to podcast, but you're getting some experience. Yeah, he's nodding yes.
Adam Small:	He's not speaking though.
Douglas Karr:	Yes, no. He's not near the mic. You're going to hear him on the intros and outros though. That's our voiceover for the intros and outros.
Adam Small:	Nice, okay.
Douglas Karr:	Yeah, there you go. Today-
Adam Small:	Wait, wait, wait, wait. We've got Austin Day as well, Agent Sauce intern.
Douglas Karr:	I'm sorry. Yeah, he's away from [crosstalk 00:02:05]
Adam Small:	You introduce one but not the other, you know, he's going to end up nodding as well. You want to say hi Austin?
Douglas Karr:	His mic's off.
Adam Small:	There you go.
Douglas Karr:	This is the kind of show that it's going to be. We're going to have some fun. We're going to do this biweekly. We're bringing back and old thing that we used to do way back in the day, Adam remembers back at DK New Media we used to have an open house podcast.
Adam Small:	Yeah, Friday afternoons, three o'clock we would get in there and a whole group of people would show up and talk about [crosstalk 00:02:40]
Douglas Karr:	Yeah, people would randomly show up and everything. If you're in Indianapolis and you're downtown, we are going to do this at four o'clock every single, every other Thursday I should say. We might go to every week if it turns out good. One of the things that we really wanted to do with this podcast was, outside of having some fun with friends and getting them on the podcast, we also wanted to do a little bit of education for small businesses and medium sized businesses. We wanted to promote businesses that maybe aren't getting in the spotlight, maybe they're not on IBJ and Inside Indiana Business, who do a fantastic job but they have to focus on the big players in the market. We want to talk about some of the small players in the market too.
Adam Small:	Cool. [Douglas 00:00:47] [Ryan 00:26:47] [Adam 00:00:??][inaudible 00:03:37]
Douglas Karr:	So without further ado, we decided that today we were going to talk about security and we were going to talk about your personal security online as well as some of the things to think about with your business as well. Our expert is sitting here
Ryan Grimes:	Patiently awaiting to jump all over this topic.
Douglas Karr:	Yeah, Ryan's here. Ryan owns a business, My IT Indy. He does remote administration and correction and hardware repair and networking.
Ryan Grimes:	IT services for small to medium businesses. Everything from network infrastructure to VoIP phone systems, end-point management, mobile device management. We're basically like your technological therapist.
Douglas Karr:	That's awesome. How many people do you talk down a day?
Ryan Grimes:	Friends, family ... Wait, no, they're probably listening. Nevermind. It's definitely, when your business relies upon technology and the technology seems to be failing you at times, it's really a high stress environment.
Douglas Karr:	Yeah.
Ryan Grimes:	We really to be like the Xanax to those situations. They do pop up and by implementing good technology, that does seem to take a lot of these stress off of business owners. A lot of business owners, especially ones that have done it themselves for years and years and years, they may not have put the money in the appropriate places for their technology. They feel those ramifications sooner than had they done good technology to begin with. We really advise them on purchases and we help them plan and consult. It really helps them grow their companies, really, because they don't have to worry about the technology.
Douglas Karr:	I'll throw a first story. We're going to talk about horror stories today. I'll talk about the first horror story. Ryan takes care of our network and our Macs. The first horror story was me finding out that I had a employee that was with me for several years who never ever, ever, ever, ever did an update.
Ryan Grimes:	Not a single one.
Douglas Karr:	Not a single one. So all these majors updates and critical updates on all of these malware.
Ryan Grimes:	Security flaws.
Douglas Karr:	Yeah, security, everything else. None of them were getting applied. Ryan did his magic and put on a remote software that basically did that every time they logged out.
Ryan Grimes:	Exactly.
Douglas Karr:	It applied everything that needed applied, so I didn't have to worry about it any more.
Ryan Grimes:	People ask what the biggest tip we have for anybody using technology is, and that's the number one thing, you just update your software.
Douglas Karr:	I think people are still under this bad assumption of, "Well, I'll wait for the patch to be out a week before I put it out there."
Ryan Grimes:	Because the patch might break something else, right?
Douglas Karr:	Right, and I think nowadays that's a really bad assumption. A lot of times these patches are fixing something that is going crazy right now, some malware that's spreading right now. The faster you can get the patch on your phone or on your laptop or servers or whatever, the better.
Ryan Grimes:	Yeah those days are dead, in terms of holding back on releases. Technology and software's gotten so good at this point. We don't see ... Granted, we may see it sometimes. I'm not saying we never see it, but the majority of the cases people run their updates and there's no issues really. They just don't see those things anymore. One of the things we do for our clients is we do take control of that narrative, so they don't. I think it prompts them three times and then basically says, "Sorry, tough luck. You should have done this, we're rebooting your computer and doing all the updates."
Douglas Karr:	Good.
Adam Small:	All that work you just lost, it's your fault, it's your fault.
Ryan Grimes:	We do try to err on the side ... and most of our clients are fine. We usually do try to call them because do get notified, "Hey, Doug has not done ... "
Douglas Karr:	No, it's not Doug.
Adam Small:	Doug's got ADD on patches.
Douglas Karr:	Yeah.
Adam Small:	If I see that something needs updated, I'm like, "Ugh."
Douglas Karr:	Right now.
Ryan Grimes:	OCD, not ADD.
Adam Small:	Yeah, there you go. I'm ADD about being OCD.
Douglas Karr:	Exactly. Anyway, the huge Wannacry malware outbreak that happened, they're measuring the damage in hundreds of dollars in productivity, loss, downtime. It could have been remedied by a six month old patch on Windows that people just weren't applying for one reason or another.
Adam Small:	Perfect example.
Douglas Karr:	Exactly. The Windows world is more susceptible to that than the Mac world because they traditionally have had major issues with software updates, and, "Oh look, this broke something. You can't print, sorry, we'll fix that in two weeks." They're really hesitant to apply those updates. Well, those days are long gone and Windows 10 is for the most part a reliable operating system that you can patch as it says to. Microsoft is even rolling out a product by the end of the year called Microsoft 365, that is Office 365 plus management.
	So you can literally buy a computer, and Apple's done this for years, you can buy a computer, sign in on your account and your Office 365 account then will manage your entire computer. It will install Office automatically, it'll do a lot of things that are manual right now. That takes away a lot of the stress of, "Hey, is this thing patched? Where are the vulnerabilities?" If the answer is, "There aren't any," well, there always are but there are less, that really negates the chance of something bad happening to your systems.
Adam Small:	Nice. So that, the first tip of everybody out there is, don't wait. Install your patches and updates and makes sure that they're there.
Douglas Karr:	App Store on iOS devices, I routinely see, "Oh look, you've got 37 app updates." Let's get those patched.
Ryan Grimes:	Yeah, absolutely. The next one that I wanted to talk about was passwords.
Adam Small:	I've got a horror story for passwords.
Ryan Grimes:	Let's hear it.
Adam Small:	Yeah. I used to be Chief Information Officer for a $50 million a year company. One day, the owners come to me and they say, "Hey, we're missing about $200,000 from our bank accounts." They're trying to figure out what happened. Turned out that it was wire fraud, it was wire transfers. I was like, "Well you know, we've got stuff in place to help protect against that within the network, phishing and all that stuff." Turns out that the account was actually from home, logging in into the bank account for the company and doing administrative stuff there. She got phished at home. They grabbed the password.
Douglas Karr:	Keystroke recording?
Adam Small:	Keystroke recording, grabbed the password. The funny part to me was that they were transferring $30,000 [inaudible 00:10:29] out over a two months period and nobody picked up on this. The CFO, nobody else picked up on it. It was a password issue because it was a phishing scam, but how do you go two months without noticing that there are $30,000 withdrawals that don't quite look right.
Douglas Karr:	I imagine this sweaty room in Nigeria, where each time they process the 30 ...
Ryan Grimes:	They high five each other, jump up and down.
Douglas Karr:	It worked again, oh my God.
Adam Small:	Yeah, exactly.
Ryan Grimes:	How long do you think we can keep it up?
Douglas Karr:	Phishing is one of those things that people continue to get [crosstalk 00:11:11]
Adam Small:	All the time, all the time.
Douglas Karr:	Podesta got nailed up. That was the whole Clinton thing, was he got [crosstalk 00:11:17]
Adam Small:	Right, the Clinton emails were because of phishing. It looks like an official email or whatever it is, so you click on the link and you enter your password, and you're screwed.
Douglas Karr:	I found out there's an interesting thing, that's why Facebook actually initiated doing previews of sites. Did you know that? And Twitter followed suite. The reason why Twitter and Facebook auto preview sites was because of phishing scams on social media at first, where people were putting a bum Bitly link or whatever that was hiding their stuff. So they started showing previews of the page and everything to try to stop that, which was kind of interesting. It seems like mail needs to follow suite and do the same thing.
Ryan Grimes:	We've even seen it with as simple as a popup window. "Oh look, it looks just like my Office 365 login, I'd better type in my user name and password." We had the CEO of one of our clients get phished in China. It was 70,000 emails later, they were like, "Well, how did this happen?" I was like, "Well, he just typed in his password into a popup window." There's literally nothing I can do to fix that problem other than educate.
Douglas Karr:	A lot of them, I've seen google.com.something.ch, you know.
Adam Small:	Yeah, it looks official because it's got the domain name up early, but they use countries and sub domains, yeah, yeah, yeah.
Douglas Karr:	Yeah. With phishing the only thing is the stupidity ... No, I'm not going to say stupidity because then I'm going to make someone feel stupid out there. 
Adam Small:	Do I?
Douglas Karr:	Look, if you see a link in a email and it looks too good to be true, then look at where's that link actually going. You can typically look at the bottom of your status bar on the bottom of the screen and see where it's going to. Make sure that it's going to the appropriate place.
Adam Small:	For me, one of the things I do and I used to have to tell my mom this, don't click on the link. If eBay's telling you that you've got to update your credit card password, just open up the browser and go to eBay yourself, they're going to tell you.
Ryan Grimes:	Exactly, yeah. Great advice.
Adam Small:	If they've got a problem they're going to tell you. The same goes for any other site, just open up the browser and go there yourself. They're going to have an alert that you're actually in the right place.
Douglas Karr:	I do like too that a lot of companies, a lot of the Software as a Service companies are putting enterprise flexibility in, where you can add users. So the accountant that you had mentioned, or you had mentioned Adam, the accountant could have had their own login and password that might have been a read only, where they couldn't transfer money or do anything like that. It seems like a lot more Software as a Service companies are getting savvy at that.
Adam Small:	And two factor authentication's playing in there as well. It is a shame because this was just before two factor authentication became really big, started to really catch on. If there had been a two factor authentication with another token or something that changed according to time, then they may have been able to avoid that altogether. FBI came in, took her computer from home, as well as her work computer. They couldn't do anything, they never got the money back. Yeah, they just had to eat 200 grand.
Douglas Karr:	Oh my God. I noticed, Lifeline Data Centers is a client of mine and they talk about this. They did a presentation at Taft Law one day, they were talking about this kind of situation. The fascinating thing is that businesses now are getting insurance to cover against that.
Adam Small:	Against that [crosstalk 00:14:56]
Douglas Karr:	But you know what? Almost no payout, because the terms of the insurance are that all patches are up to date, all hardware is up to date, everything is up to date in your company.
Adam Small:	Not just that computer but across the board.
Douglas Karr:	Exactly, so what happens is let's say your business gets taken for $200,000 dollars, the first thing the insurance company does is come in and do an audit. They find one phone that's not patched and they say, "Sorry, you're not in compliance with the insurance policy. We're not paying for it." These companies think that they have protection but unless they're up on their security and actually maintaining security, they're almost never going to get that money back.
Ryan Grimes:	Exactly. That's one of the ... when we engage with a client and have a contract with them, we have minimum levels for OS on any device that they have in there. If you're going to use Windows XP, I'm sorry, that device needs ... Unless it's running some super expensive router that cuts signs, that it would be like $80,000 to replace, we'll just put that on its own separate little network and not let it on the internet.
Douglas Karr:	Isolate [crosstalk 00:16:09]
Ryan Grimes:	We ensure that that stuff is taking place and we have had situations like that where yeah, all they're system are up to date. Here's the report on all their systems, and they did get their money back.
Douglas Karr:	Nice, perfect.
Ryan Grimes:	We are insured for stuff like that, so that if anything happens-
Adam Small:	Because you know that if the customer ends up not getting the insurance money they're coming after you, right?
Ryan Grimes:	Exactly. Errors and omissions.
Adam Small:	Yeah, yeah, yeah.
Ryan Grimes:	It's worth its weight in gold. But yeah, it's really worth even let's say you're a large enough company, you need to have a full time person doing this. What we see a lot of is they start doing this and then they get busy with other stuff. Or like, "Hey, you know, there's nothing disastrous going on today. Why don't you go work on marketing or something like that? Or, work on this policy or procedure." Then they've taken their eyes off the prize and then something bad happens, and then you've got to back trace. Well yeah, I haven't working on that for two months, since I've been this other project. If somebody specific doesn't own it then nobody owns it.
Douglas Karr:	I'll even mention even with WordPress updates and stuff, so website updates. I would rather apply the patch and break the site and fix it, than not apply the patch.
Adam Small:	Than not apply the patch, yeah absolutely.
Douglas Karr:	That's another one that I see often out there.
Adam Small:	Especially with something like WordPress, because the more popular the software is, the more people are probing it. That's why Microsoft insofar as viruses and stuff has such a vulnerability, because it's on so many computers, it's the easy one to pick and [crosstalk 00:17:36]
Douglas Karr:	A lot of times servers are on the share environment.
Adam Small:	Exactly.
Douglas Karr:	Where once something gets in the root, it spreads to every single site.
Nathan Barnett:	Off The Circle is brought to you by My IT Indy. If you're a small to medium size business and need assistance with networking, security and other IT services, contact Ryan at info@myitindy.com.
Douglas Karr:	You had mentioned two factor authentication.
Ryan Grimes:	Right.
Douglas Karr:	I am a huge believer in two factor authentication. I think that everybody should be applying that. You can have it on Twitter, you can have it on Facebook, you can have it on everything.
Ryan Grimes:	A lot of bank accounts, everything.
Douglas Karr:	Bank accounts, yeah. For anybody who doesn't know what two factor authentication is, basically you have to log into two different places to make anything work. You log into your Chase account and then it's going to text you and say, "Here's a code that you put in for the next level of authentication." Or it might be Google Authenticator, an application that you open to get a code, or Facebook has one.
	I'm telling you, I'm telling everybody, do it, just do it. You'll get used to it. One of the nice things that I noticed even on iPhone is, now when you get a message, when you get a text message, it pops over the screen and so it's great for two factor authentication because you might be on a LinkedIn and it asks for your code, and you have your code, you don't have to memorize the six digit code [crosstalk 00:19:17]
Ryan Grimes:	Pop back and forth between the apps on your iPhone.
Douglas Karr:	Yeah, go back and forth. I almost think that they did that on purpose, that now you get text messages over the screen and so you can keep typing and everything. I would highly recommend that to everybody because I notice, I have an account logmein.com. They send me alerts probably once a month that somebody tried to log in from China, tried to log in from Pakistan. They're getting beat up left and right.
Ryan Grimes:	Have you ever run a security plugin on WordPress?
Douglas Karr:	Yeah.
Ryan Grimes:	They've got a thing where if somebody tries to log in they can email you.
Douglas Karr:	You're going to turn it off.
Ryan Grimes:	Yeah. Yeah, you do because what I end up with is every site hits me. At least once a day I get hit with an email saying somebody's trying to login from Russia, India, Pakistan, United States even. But then I've got one site in particular that must be a target, because I'll get, once or twice a week I'll get where somebody's trying to log in and it's hundreds of times, thousands of times in a very short period. I have to go ban the IP addresses. Then I have to play this game where I spend about 20 minutes because they switched the IP addresses up.
Douglas Karr:	Nice.
Ryan Grimes:	So I ban one IP address and I wait for it to come again, and then I ban that one. Then after about 20 minutes they stop. They either got in or they moved on.
Douglas Karr:	For people listening, it's just brute force, right?
Ryan Grimes:	Exactly.
Douglas Karr:	They have a database of passwords or they have an algorithm that they're repeating, and they're just hitting your Chase account over and over, or they're hitting your Facebook account over and over. They're trying to get the right password. If you have two factor authentication, they will never get in, period.
Ryan Grimes:	Because they'll never have that second piece.
Douglas Karr:	They'll never have it, yeah.
Ryan Grimes:	Because that second piece, I don't know if you explained it earlier or not, but that second piece actually changes based on time, date, that sort of thing. It regularly changes so that it's very hard to duplicate what that second pieces is.
Douglas Karr:	And two factor authentication, I think every major service now offers it. WordPress has it, Facebook has it, Twitter has it, LinkedIn has it. Go into your security settings and turn on two factor authentication and just get used to having your phone next to you whenever you log in somewhere.
Adam Small:	Yeah, Apple does it by default when you set up any iOS device or even any computer now.
Douglas Karr:	That's right.
Adam Small:	As soon as you type in your iCloud information it all goes ding, ding, ding, ding. Your watch is beeping, your headphones are beeping, your TV is beeping, your phone is beeping, your tablet's beeping. Oh my God.
Douglas Karr:	Some of it's kind of cool, like Google Chrome, you can actually tie your Chrome login with your bookmarks and history and everything.
Adam Small:	They'll sync it across devices, which is a nice feature.
Douglas Karr:	Yeah, which is kind of cool. I think Safari does that.
Ryan Grimes:	Yeah, it does [inaudible 00:22:19] through iCloud.
Douglas Karr:	Yeah.´´∆
Ryan Grimes:	Same thing with pictures and stuff, you can have them on all your devices so you don't have to, "Cut, I got to text myself those pictures now."
Douglas Karr:	So then, we talked about that, let's talk about passwords themselves. I'm a huge fan of Dashlane. I know there's 1Password that's out there too, which is basically my password repository. I have a different password basically for everything. No two passwords are the same. Then I control it all with Dashlane, which has a master password, so if somebody got my Dashlane I'm done.
Ryan Grimes:	So you have a single point of failure [crosstalk 00:22:59]
Douglas Karr:	I do have two two factor authentication on Dashlane. But the thing that I love about that again is, a lot of people like 1Password, and then they use the password over and over again.
Ryan Grimes:	Over and over again, which is why if it gets hacked on one site you're opening yourself up across the board.
Douglas Karr:	Yeah, absolutely. Say that again.
Ryan Grimes:	Which is why if you get hacked on one site you're opening yourself up across the board.
Douglas Karr:	Yeah, absolutely. I've seen some people do cool tricks with that. Maybe it's if the domain is google.com, they take LE, the last two letters before the dot and they start their password with that or something. You know what I mean?
Adam Small:	No, I've never heard of that trick.
Douglas Karr:	Yeah, so no matter what site-
Adam Small:	Now I'll never use it.
Ryan Grimes:	You just gave away the [crosttalk 00:23:49]
Douglas Karr:	The idea is even if you just want to create one password and use it everywhere, you have some kind of clue as far as doing that.
Adam Small:	Why not just use your birthday, I mean come on.
Ryan Grimes:	[crosstalk 00:24:02] have used a birthday, a kid's name.
Adam Small:	Yeah, yeah. I've seen true lives movie where they're trying to crack a password and the guy says, "Oh, it could take us months to do this." They start to walk away, it's done. it was the birthday and kid's name or something like that.
Douglas Karr:	Algorithms that these hackers have are great. Once they get a set of information, they just keep trying and trying and trying. Yeah, it's terrible, but password repositories are really coming along I think and getting good. I think 1Password did get hacked at one time, a long time ago. I don't want to ... But I figure those guys, the only thing they have to do is not get hacked. That's about their only job.
Ryan Grimes:	[crosstalk 00:24:50] one job.
Adam Small:	Yeah, they've got one job.
Ryan Grimes:	That's a big job.
Douglas Karr:	It is, yeah.
Adam Small:	Especially when you become a target, because the larger the password business is, the larger a target they're going to become because of the simple fact that their passwords are in there.
Douglas Karr:	Absolutely. If you guys ever want to check to see whether your account has been compromised, there's a great site. It's haveibeenpwned. It's H-A-V-E-I-B-E-E-N-P-W-N-E-D dot com. What these guys do is they basically everything someone's breached and that data is put public on the dark web or anything, they add it to their database. So you can just look up your username or email address on I have been pwned and see. I'm not going to say see if, I'm going to say see where your account has been compromised. You're going to find it on there.
	So check that out if you get a chance. The great thing is you're going to be able to see, they have 230 breaches across four billion accounts. You're going to be able to check across 230 different breaches, whether your email address or username has ever been compromised. I'd highly recommend that you use the site and check, and then go to those sites, turn on two factor authentication. I wouldn't just change my password, I would turn on two factor authentication and then that's it. You had a horror story.
Ryan Grimes:	Yeah, which one? The Dropbox one?
Douglas Karr:	Yeah, the Dropbox one. Listen to this guys, this is scary.
Ryan Grimes:	One of the things we deal with, this I Ryan again by the way, we deal with is disaster recovery. Our main offering is called business continuity disaster recovery, because when something bad happens, how do we get you back up to where you need to be? That's really one of major offerings and what you're paying for because as a business you can't be down.
	Basically, everyone loves Dropbox, everyone thinks Dropbox is the greatest thing on Earth, but here's a use case where it will be your worst nightmare. Let's say there's a username, Doug, that likes to click on everything. He doesn't have two factor authentication, click, click, click, on every email attachment he gets. Well, Doug has mysteriously encrypted his entire hard drive with malware, with ransomware.
	Ransomware is a tool that people use to extort money from you. Basically they say, "Hey, if you want your data back and your hard drive unencrypted, send three Bitcoins to this address and we'll give you the key to unlock your data." If you don't have backups, there is really no way you're ever going to unencrypt that hard drive. So Doug, click, click, click, click, click and encrypts his entire hard drive, which happens to house his Dropbox data for his entire company of 300 people on it, because they all like Dropbox.
	What happens is that Dropbox says, "Oh cool, all these files have changed. So all the files that were on there before have now been deleted, so we're going to delete them from everyone else's computers." The new files that Doug so courteously put on here for everybody else are being uploaded to the cloud. What happens then is that everybody gets those encrypted files, including the encrypter. Adam over here is like, "Man, what's this thing from Doug. This is great, I love this stuff." Click, click, click, click, click, "Wait, my computer now has the lock screen on it." It's like this cascading waterfall of terror.
	The thing is, it doesn't take days, it doesn't take weeks. It's going to happen in like five minutes across an entire company, especially if you utilize these file syncing solutions that anybody can be working anywhere on any files, you can be anywhere the world and all of a sudden your entire computer is encrypted. Again, some of the encryption deals with not patching your computers, but people click on a lot of stuff they shouldn't be clicking on. That is a direct action and I don't care what software you run, if you click on things enough you will have terrible things happening to you.
	Yes, this is real life story that happened to one of our clients. We were able to get their stuff back but it was ... one of the things our contracts don't cover is recovery from ransomware [crosstalk 00:29:25] did it yourself. That was a very expensive project for them. It's one of the costs of doing business and it sucks. By the way, a new statistic says that 40% of all ransomware cases where the ransom is paid do not get their data back, because what they do is they disable the email accounts on the remote servers, because they're never in the United States, they're in Russia or some place like that. They just disable the email accounts so they're never able to respond and get you your keys back.
Douglas Karr:	Wait, you're telling me dishonest thieves don't have the decency?
Ryan Grimes:	I know, right. We're laughing about this but there was a sheriff's office in northern Indiana lost eight years of evidence for trials
Douglas Karr:	Oh my God.
Adam Small:	A lot of criminals went free.
Ryan Grimes:	Yeah, I was like, "How do you come back from that?" A business, you're just done. If your stuff is encrypted, all your intellectual property is done. How do you continue on? But a police department that's legally responsible for protecting these documents.
Adam Small:	One of the things I would say is probably a good backup strategy is a fallback on that. Again, as a Chief Information Officer I was paranoid about losing that data because so much of what we did was data driven anyway. It was backed up a couple of times a day and then off site and all that stuff
Douglas Karr:	But you know what winds up happening though, you wind up getting so much data that all of a sudden the backup stop working and then ...
Adam Small:	That was something that again you should regularly check. The problem with this is that small businesses, most of them just don't have the resources for that sort of thing.
Ryan Grimes:	It's not cheap either.
Adam Small:	No, it's not.
Ryan Grimes:	We have devices we sell that literally take 15 minute snapshots of any Windows Server you have. Theoretically, somebody goes postal, takes a .45 and shoots the server. We could have you back and running in half an hour on a virtualized version of that server, but still that's a monthly fee that a lot of people are like, "That's just too much."
Adam Small:	Right, it comes then to the resources. Whether it be physical resources, financial resources, manpower resources [crosstalk 00:31:41]
Ryan Grimes:	I cheat on some of that stuff. I have my client drive on Google Drive, which is basically kind of a Dropbox. My client data I know is both backed up in the cloud and on Google Drive.
Douglas Karr:	There you go.
Ryan Grimes:	I have it in two different places.
Douglas Karr:	The issue we see with that is the time to restore.
Ryan Grimes:	Yeah, absolutely.
Douglas Karr:	That's down time. We had immaculate backups of a client's server and it still took us a week to get them back up and running because we had to get them reinstall Windows [crosstalk 00:32:12]
Ryan Grimes:	That's a whole process. Yeah, that's a whole process.
Douglas Karr:	They're just sitting there, staring at us, going, "We're losing money." I said, "Yes I know." We end up putting one of those appliances in there now. Their server could explode and we'd have them back up and running in under half an hour.
Ryan Grimes:	It brings up an other good thing. This is, I'm going to go, my business of course is on the marketing side, but site hosting. We had a client say to us, it was last week, we wanted to put them on Flywheel, which is a host that we use for WordPress. They said, they literally said, "How do I explain to my board why I need to increase my hosting costs 465%?" I said to them, and they were hosted on a cheap host basically, I said, "Well," I said, "you're getting about $1,000 a month in development done on your website and you don't have any backups and you don't have a staging area. When the developer slips up, accidentally deletes a core template ... "
Adam Small:	And there's no if on that.
Ryan Grimes:	Yeah.
Adam Small:	It's a when.
Ryan Grimes:	It's a when, yeah.
Adam Small:	Developers are human.
Douglas Karr:	Yeah [crosstalk 00:33:23] Yeah, and I said, "When that happens, how much is that worth?" If you have $1,000 a month and your site's three years old, you've got $36,000 that's invested into your website, and you're literally for $20 a month putting all of that at risk.
Adam Small:	But if you're investing $1,000 a month in development on your website it's worth so much more than that, because you're generating revenue and income based off of that.
Douglas Karr:	You're absolutely right.
Adam Small:	So yeah, way more than that.
Douglas Karr:	But it's just that thinking, it's like your service Ryan is an insurance policy. That's what it is. You're saying, "Hey, yes, you're doing all of this stuff, but to provide a level of insurance for your business, spend this much money so that we can make sure things are restored and things can come back."
	I always tell people that, that there's a peace of mind there that I know every single night their site is backed up, I know that I have a staging area and a production area. I know that those are done off site. I know that, so I don't mind paying that money. I pay it for all of my sites. When you lose your site for the first time that's when you figure out how petrified it is. It's terrible.
Ryan Grimes:	What do you mean all my data's gone?
Douglas Karr:	Yeah. Yeah, what do you mean the 3,000 blog posts that we had for the last 10 years have disappeared? Sorry.
Ryan Grimes:	That even applies to home users and stuff. The cloud is there more, you've got your iTunes music and your photos online and all that stuff, but the videos and things you have, videos of your ... We've had to tell multiple [crosstalk 00:35:04] "I'm sorry, the video of your child being born is gone because you didn't take the time to do backups." People assume the cloud is backed up, like no it's not. It's not backed up. It's one of the biggest misnomers out there for technology.
Douglas Karr:	Yeah. In fact we had it happen before we hired your services. We had someone that had what's a Time Machine setup. Well, one day the Time Machine didn't connect or whatever, it threw an error. The user just clicked the error, never restarted it, never troubleshot it, never anything. That was the day that her backup stopped on her computer. When she lost something I was like, "Oh, well let's open up Time Machine and get it back. Oh, Time Machine hasn't run in six months. You're done. Sorry."
Ryan Grimes:	Yeah. With the evolution of technology, we don't ... for business users, backing up the end points is okay. We do that for executives simply because they tend to have more personal stuff on their computers, but it's really the cloud that we back up now, even Office 365 or Google Apps, they say they back up and archive but recovery is a logistical nightmare. So we employ third party utilities that do log in and make sure that your backups are hosted somewhere other than on their services. Your geo-located somewhere else.
Douglas Karr:	I back my Google up to Google.
Ryan Grimes:	Yeah, exactly. How is that working out for you? But it's just one more layer of security, because what happens if one of their employee says, "You know what, I'm out. Select all, delete." There's your email, we're like, "Oh that's cute, you're locked out." Everything's restored and now boss is notified that you did and you're fired, you didn't quit your job you're fired.
Nathan Barnett:	Off The Circle is brought to you by DK New Media. DK New Media is a marketing consultancy working with some of the world's largest brands on their digital marketing and media strategies. Contact doug@dknewmedia.com.
Douglas Karr:	You just said something that was important and I want to chime in on that.
Ryan Grimes:	Who, me?
Douglas Karr:	That's your password recovery email. Your password recovery email, if you're on Gmail probably shouldn't be your email.
Ryan Grimes:	Probably not. Yes, yes, yes.
Douglas Karr:	A lot of those services again have where you can put it two different email addresses for password recovery. A recommendation there is have some weirdo, have a, I don't care, Hotmail or whatever. Have some other strange email address that's your password recovery email address. Use that with everything too, because we've seen that as well, people's email gets wiped out, hacked or whatever, and it's the only one they have for all of their accounts. They can't get to their bank account anymore. Passwords are changing.
	It happened to my daughter. My daughter has one email address and someone hacked her Facebook account. The first thing they did was go change the email address on her Facebook account. Of course I was literally ... I have no idea who this person was, or what side of the earth they were on, but I was running at the same speed that they were. Thank God I got her mobile authentication turned on and I was able to catch it and change everything back, but it's a scary thing. I found a infographic online, this is pretty good, seven steps to protect your online security. Creating strong passwords, of course. I've read some stuff on that that the word thing doesn't really work as well as people thought.
Ryan Grimes:	Like the sentence or phrase?
Douglas Karr:	Yeah, yeah. Neither does the asterisk, star, blah blah blah blah blah. The algorithms now are actually testing.
Adam Small:	They've only been recommended that sort of password for 10 years or more, right?
Douglas Karr:	Yeah, exactly. So have a password recovery email dedicated is a good idea. Make sure if you're on Google that your password recovery email is not on Google.
Ryan Grimes:	What could go wrong?
Douglas Karr:	I agree, yeah exactly. I found a infographic online and I want to talk this one through. It had some steps, create strong passwords, rethink your answer to security questions. Security questions is kind of a old technology and now all of our information is online, so your kids, your dog's name, everything else. People can look up your security answers pretty easy. Opt in for two factors authentication. If you've never done it before, just try, just go try. Go look it up on Facebook and turn it on. You'll see how it works. It's pretty easy. Protect your WiFi with a password.
	Story there. My parents, my dad had Verizon put in the house down in Florida, which pretty cool. Verizon's services are pretty amazing now there. I said, "Dad, what's your WiFi password?" He says, "I don't have any WiFi. I have everything wired."
Ryan Grimes:	That will never catch on.
Douglas Karr:	My dad was a big security [crosstalk 00:40:27]
Adam Small:	Yeah, I don't know why you'd need more than, what was it, 512K [crosstalk 00:40:32] 640.
Douglas Karr:	No, my dad was all about security. He didn't want a WiFi, he didn't want [inaudible 00:40:39] I said, "No, I think you have a WiFi network." He argued with me and argued with me. I went into his office and picked up the router, and sure enough the default WiFi with the default admin login for the router was there. Now think about this for a second, Verizon was the only carrier in their neighborhood.
	So Verizon was installing WiFi at all of his neighbors' houses, using the default login and password. I told him, I said, "Anybody could have been in your network." Anybody, because all I did was I Googled the router model number and logged into his router. I had total control over his network. So change your WiFi, change your network. You can even hide your network name if you want to. It doesn't really matter, right?
Ryan Grimes:	No, it doesn't matter at all.
Douglas Karr:	People can detect it even when it's hidden. But definitely change your login and password for your router and for your WiFi.
Adam Small:	For residential people we even recommend setting three SSIDs. One for family, so you and your kids and your dog, and have WiFi. Setup a utilities WiFi network for Nest thermostats or your refrigerators that are WiFi or any of those devices now. That way if you change the family one for any reason, you don't change the utilities one. Then have a guest network that anyone can get on.
	Then do a bandwidth limiter on it so that people aren't going to come, your kids are going to come over and hop on and stream Netflix, and all of a sudden your Netflix doesn't work because it's all about me and my Netflix. What you have to do is you have to get rid of that piece of junk router they give you. Disable the WiFi, get a good wireless network.
Douglas Karr:	Got get a Nighthawk, right?
Adam Small:	Nighthawks are great if you have a bigger house. We've done some cloud based ones, Open Mesh. We've done Ubiquiti house setups. You administer it through a web page and you can have them all sync the same SSIDs and passwords. As houses get bigger and more brick and steel refrigerators and stuff, those all affect WiFi signal and it really makes more sense to do that. It makes your life easier.
Douglas Karr:	Yeah. Change the name of your router, the site says, and it's for a good reason, it's because when people see the default naming of your SSID, they know that you haven't changed any of the settings.
Ryan Grimes:	Linksys was the world's biggest ISP at one point because the default was to be an open WiFi network. I remember driving to [inaudible 00:43:19], "Do you want to join Linksys? Do you want to join Linksys? Do you want to join Linksys?" No, stop. That was before you could disable that on iPhones.
Douglas Karr:	I like the guys that name [inaudible 00:43:28] like FBI Van and stuff. On your router, again, change the preset password on your router. Again, that's not your WiFi password, that's [crosstalk 00:43:40]
Adam Small:	Right, that's the device password itself.
Douglas Karr:	Yeah, and take a look at the security options on your router. Typically they're pretty good. A lot of times they have some stuff that stops it. You just said it, create a guest account, so do that. And then some of the firewalls on routers are pretty good because they will actually block some malware and some viruses.
Ryan Grimes:	If they're made by Netgear they may actually help spread it too. They had a few little security holes in their firmware.
Douglas Karr:	Oops.
Ryan Grimes:	Yeah, oops. People, especially on metered connection, like, "Why am I going through three terabytes of data a month [crosstalk 00:44:15]?" Your router's been pwned. 
Douglas Karr:	Your router is selling pills on the internet.
Ryan Grimes:	Exactly. Well you know, some of these cloud based services, they automatically update your firmware, or at least email you when there's an update and you just do it.
Douglas Karr:	You would think that Dropbox would have a virus and malware checker at the corporate level, wouldn't you?
Ryan Grimes:	You would think that. You would think that, it's just a matter of catching it in time. Some people are bound to determine
Douglas Karr:	[crosstalk 00:44:41] data that they have. They want speed, so they don't want to have to crawl your data before, but it seems to me like that would be a no brainer.
Ryan Grimes:	They may have improved it since then, this was about six or eight months ago. I know they've made improvements in this area, I don't specifically know what they've done.
Douglas Karr:	Any other advice you think for folks?
Adam Small:	Just don't get on the internet.
Ryan Grimes:	Yeah, the only safe place on the internet is in the backwoods with no cellphone.
Douglas Karr:	That's another one that I joke with my dad about. My dad was ... I was like, "You know, I could send you the money, do you have online banking or whatever?" "I don't do that online banking." I had to explain to him, "No, you don't access your online banking but your on online." Everything's online. Just because you don't ever log into the account doesn't mean that it doesn't exist.
Ryan Grimes:	Exactly, exactly.
Douglas Karr:	Awesome, this was a good conversation. Ryan, for folks, let folks know how to get a ahold of you because this is your business, this is what you do for them.
Ryan Grimes:	Our website is myitindy.com. Our Facebook page is Facebook.com/myitindy. You can email us as info@myitindy.com, or even friend me on Facebook if you're cool enough.
Douglas Karr:	Fantastic. But if you're interested in coming down, being on the show, you are more than welcome to come down and spend Thursday afternoon with us. Thanks everybody and thank you guys for coming for this inaugural kind of edition of Off The Circle.
Adam Small:	Enjoyed it.
Ryan Grimes:	It was absolutely a blast.
Nathan Barnett:	If you're an Indianapolis business and would like to be on Off The Circle, contact us at offthecircle.com. Off The Circle was recorded at DK New Media's state of the art studio, The Speak Easy in downtown Indianapolis.Douglas Karr:	Get ready, we're about to start today's show. We're going to be talking about IT security, both for your business and personal. Stay tuned.
Nathan Barnett:	Listen to Indy based entrepreneurs and business people, their experience and expertise. Have some laughs and learn along the way on this episode of Off The Circle. Off The Circle, the Indianapolis business scene like you've never heard it before. Your hosts are Douglas Karr and Ryan Grimes.
Douglas Karr:	Welcome everybody to an inaugural version, it's not really the inaugural version, of Off The Circle. The reason why is because we did a couple episode last year and we were were going to start it, but then we stopped and now we're getting it off the ground again, with peer pressure, with my co-host, Ryan Grimes. Right, Ryan?
Ryan Grimes:	Yes. When are we doing this? I'm going to be at your office Thursday, right? Okay, I guess we're doing this podcast then, let's do it.
Douglas Karr:	We're doing a podcast and we have also with us, we have Adam Small from Agent Sauce.
Adam Small:	How are you doing today Doug?
Douglas Karr:	I'm doing fantastic. I'm on your podcast too.
Adam Small:	Right, the real estate marketing one podcast.
Douglas Karr:	Then we have two quiet interns in the room that aren't on the microphone, but they're here.
Adam Small:	If you here a weird voice, it's definitely one of them.
Douglas Karr:	We have Nathan Baritone, he's listening in and Nathan is doing all of our mixing now and everything. He's an intern with us, I should say an apprentice, not an intern with us. He's learned how to ... I shouldn't say, you're not learning how to podcast, you know how to podcast, but you're getting some experience. Yeah, he's nodding yes.
Adam Small:	He's not speaking though.
Douglas Karr:	Yes, no. He's not near the mic. You're going to hear him on the intros and outros though. That's our voiceover for the intros and outros.
Adam Small:	Nice, okay.
Douglas Karr:	Yeah, there you go. Today-
Adam Small:	Wait, wait, wait, wait. We've got Austin Day as well, Agent Sauce intern.
Douglas Karr:	I'm sorry. Yeah, he's away from [crosstalk 00:02:05]
Adam Small:	You introduce one but not the other, you know, he's going to end up nodding as well. You want to say hi Austin?
Douglas Karr:	His mic's off.
Adam Small:	There you go.
Douglas Karr:	This is the kind of show that it's going to be. We're going to have some fun. We're going to do this biweekly. We're bringing back and old thing that we used to do way back in the day, Adam remembers back at DK New Media we used to have an open house podcast.
Adam Small:	Yeah, Friday afternoons, three o'clock we would get in there and a whole group of people would show up and talk about [crosstalk 00:02:40]
Douglas Karr:	Yeah, people would randomly show up and everything. If you're in Indianapolis and you're downtown, we are going to do this at four o'clock every single, every other Thursday I should say. We might go to every week if it turns out good. One of the things that we really wanted to do with this podcast was, outside of having some fun with friends and getting them on the podcast, we also wanted to do a little bit of education for small businesses and medium sized businesses. We wanted to promote businesses that maybe aren't getting in the spotlight, maybe they're not on IBJ and Inside Indiana Business, who do a fantastic job but they have to focus on the big players in the market. We want to talk about some of the small players in the market too.
Adam Small:	Cool. [Douglas 00:00:47] [Ryan 00:26:47] [Adam 00:00:??][inaudible 00:03:37]
Douglas Karr:	So without further ado, we decided that today we were going to talk about security and we were going to talk about your personal security online as well as some of the things to think about with your business as well. Our expert is sitting here
Ryan Grimes:	Patiently awaiting to jump all over this topic.
Douglas Karr:	Yeah, Ryan's here. Ryan owns a business, My IT Indy. He does remote administration and correction and hardware repair and networking.
Ryan Grimes:	IT services for small to medium businesses. Everything from network infrastructure to VoIP phone systems, end-point management, mobile device management. We're basically like your technological therapist.
Douglas Karr:	That's awesome. How many people do you talk down a day?
Ryan Grimes:	Friends, family ... Wait, no, they're probably listening. Nevermind. It's definitely, when your business relies upon technology and the technology seems to be failing you at times, it's really a high stress environment.
Douglas Karr:	Yeah.
Ryan Grimes:	We really to be like the Xanax to those situations. They do pop up and by implementing good technology, that does seem to take a lot of these stress off of business owners. A lot of business owners, especially ones that have done it themselves for years and years and years, they may not have put the money in the appropriate places for their technology. They feel those ramifications sooner than had they done good technology to begin with. We really advise them on purchases and we help them plan and consult. It really helps them grow their companies, really, because they don't have to worry about the technology.
Douglas Karr:	I'll throw a first story. We're going to talk about horror stories today. I'll talk about the first horror story. Ryan takes care of our network and our Macs. The first horror story was me finding out that I had a employee that was with me for several years who never ever, ever, ever, ever did an update.
Ryan Grimes:	Not a single one.
Douglas Karr:	Not a single one. So all these majors updates and critical updates on all of these malware.
Ryan Grimes:	Security flaws.
Douglas Karr:	Yeah, security, everything else. None of them were getting applied. Ryan did his magic and put on a remote software that basically did that every time they logged out.
Ryan Grimes:	Exactly.
Douglas Karr:	It applied everything that needed applied, so I didn't have to worry about it any more.
Ryan Grimes:	People ask what the biggest tip we have for anybody using technology is, and that's the number one thing, you just update your software.
Douglas Karr:	I think people are still under this bad assumption of, "Well, I'll wait for the patch to be out a week before I put it out there."
Ryan Grimes:	Because the patch might break something else, right?
Douglas Karr:	Right, and I think nowadays that's a really bad assumption. A lot of times these patches are fixing something that is going crazy right now, some malware that's spreading right now. The faster you can get the patch on your phone or on your laptop or servers or whatever, the better.
Ryan Grimes:	Yeah those days are dead, in terms of holding back on releases. Technology and software's gotten so good at this point. We don't see ... Granted, we may see it sometimes. I'm not saying we never see it, but the majority of the cases people run their updates and there's no issues really. They just don't see those things anymore. One of the things we do for our clients is we do take control of that narrative, so they don't. I think it prompts them three times and then basically says, "Sorry, tough luck. You should have done this, we're rebooting your computer and doing all the updates."
Douglas Karr:	Good.
Adam Small:	All that work you just lost, it's your fault, it's your fault.
Ryan Grimes:	We do try to err on the side ... and most of our clients are fine. We usually do try to call them because do get notified, "Hey, Doug has not done ... "
Douglas Karr:	No, it's not Doug.
Adam Small:	Doug's got ADD on patches.
Douglas Karr:	Yeah.
Adam Small:	If I see that something needs updated, I'm like, "Ugh."
Douglas Karr:	Right now.
Ryan Grimes:	OCD, not ADD.
Adam Small:	Yeah, there you go. I'm ADD about being OCD.
Douglas Karr:	Exactly. Anyway, the huge Wannacry malware outbreak that happened, they're measuring the damage in hundreds of dollars in productivity, loss, downtime. It could have been remedied by a six month old patch on Windows that people just weren't applying for one reason or another.
Adam Small:	Perfect example.
Douglas Karr:	Exactly. The Windows world is more susceptible to that than the Mac world because they traditionally have had major issues with software updates, and, "Oh look, this broke something. You can't print, sorry, we'll fix that in two weeks." They're really hesitant to apply those updates. Well, those days are long gone and Windows 10 is for the most part a reliable operating system that you can patch as it says to. Microsoft is even rolling out a product by the end of the year called Microsoft 365, that is Office 365 plus management.
	So you can literally buy a computer, and Apple's done this for years, you can buy a computer, sign in on your account and your Office 365 account then will manage your entire computer. It will install Office automatically, it'll do a lot of things that are manual right now. That takes away a lot of the stress of, "Hey, is this thing patched? Where are the vulnerabilities?" If the answer is, "There aren't any," well, there always are but there are less, that really negates the chance of something bad happening to your systems.
Adam Small:	Nice. So that, the first tip of everybody out there is, don't wait. Install your patches and updates and makes sure that they're there.
Douglas Karr:	App Store on iOS devices, I routinely see, "Oh look, you've got 37 app updates." Let's get those patched.
Ryan Grimes:	Yeah, absolutely. The next one that I wanted to talk about was passwords.
Adam Small:	I've got a horror story for passwords.
Ryan Grimes:	Let's hear it.
Adam Small:	Yeah. I used to be Chief Information Officer for a $50 million a year company. One day, the owners come to me and they say, "Hey, we're missing about $200,000 from our bank accounts." They're trying to figure out what happened. Turned out that it was wire fraud, it was wire transfers. I was like, "Well you know, we've got stuff in place to help protect against that within the network, phishing and all that stuff." Turns out that the account was actually from home, logging in into the bank account for the company and doing administrative stuff there. She got phished at home. They grabbed the password.
Douglas Karr:	Keystroke recording?
Adam Small:	Keystroke recording, grabbed the password. The funny part to me was that they were transferring $30,000 [inaudible 00:10:29] out over a two months period and nobody picked up on this. The CFO, nobody else picked up on it. It was a password issue because it was a phishing scam, but how do you go two months without noticing that there are $30,000 withdrawals that don't quite look right.
Douglas Karr:	I imagine this sweaty room in Nigeria, where each time they process the 30 ...
Ryan Grimes:	They high five each other, jump up and down.
Douglas Karr:	It worked again, oh my God.
Adam Small:	Yeah, exactly.
Ryan Grimes:	How long do you think we can keep it up?
Douglas Karr:	Phishing is one of those things that people continue to get [crosstalk 00:11:11]
Adam Small:	All the time, all the time.
Douglas Karr:	Podesta got nailed up. That was the whole Clinton thing, was he got [crosstalk 00:11:17]
Adam Small:	Right, the Clinton emails were because of phishing. It looks like an official email or whatever it is, so you click on the link and you enter your password, and you're screwed.
Douglas Karr:	I found out there's an interesting thing, that's why Facebook actually initiated doing previews of sites. Did you know that? And Twitter followed suite. The reason why Twitter and Facebook auto preview sites was because of phishing scams on social media at first, where people were putting a bum Bitly link or whatever that was hiding their stuff. So they started showing previews of the page and everything to try to stop that, which was kind of interesting. It seems like mail needs to follow suite and do the same thing.
Ryan Grimes:	We've even seen it with as simple as a popup window. "Oh look, it looks just like my Office 365 login, I'd better type in my user name and password." We had the CEO of one of our clients get phished in China. It was 70,000 emails later, they were like, "Well, how did this happen?" I was like, "Well, he just typed in his password into a popup window." There's literally nothing I can do to fix that problem other than educate.
Douglas Karr:	A lot of them, I've seen google.com.something.ch, you know.
Adam Small:	Yeah, it looks official because it's got the domain name up early, but they use countries and sub domains, yeah, yeah, yeah.
Douglas Karr:	Yeah. With phishing the only thing is the stupidity ... No, I'm not going to say stupidity because then I'm going to make someone feel stupid out there. 
Adam Small:	Do I?
Douglas Karr:	Look, if you see a link in a email and it looks too good to be true, then look at where's that link actually going. You can typically look at the bottom of your status bar on the bottom of the screen and see where it's going to. Make sure that it's going to the appropriate place.
Adam Small:	For me, one of the things I do and I used to have to tell my mom this, don't click on the link. If eBay's telling you that you've got to update your credit card password, just open up the browser and go to eBay yourself, they're going to tell you.
Ryan Grimes:	Exactly, yeah. Great advice.
Adam Small:	If they've got a problem they're going to tell you. The same goes for any other site, just open up the browser and go there yourself. They're going to have an alert that you're actually in the right place.
Douglas Karr:	I do like too that a lot of companies, a lot of the Software as a Service companies are putting enterprise flexibility in, where you can add users. So the accountant that you had mentioned, or you had mentioned Adam, the accountant could have had their own login and password that might have been a read only, where they couldn't transfer money or do anything like that. It seems like a lot more Software as a Service companies are getting savvy at that.
Adam Small:	And two factor authentication's playing in there as well. It is a shame because this was just before two factor authentication became really big, started to really catch on. If there had been a two factor authentication with another token or something that changed according to time, then they may have been able to avoid that altogether. FBI came in, took her computer from home, as well as her work computer. They couldn't do anything, they never got the money back. Yeah, they just had to eat 200 grand.
Douglas Karr:	Oh my God. I noticed, Lifeline Data Centers is a client of mine and they talk about this. They did a presentation at Taft Law one day, they were talking about this kind of situation. The fascinating thing is that businesses now are getting insurance to cover against that.
Adam Small:	Against that [crosstalk 00:14:56]
Douglas Karr:	But you know what? Almost no payout, because the terms of the insurance are that all patches are up to date, all hardware is up to date, everything is up to date in your company.
Adam Small:	Not just that computer but across the board.
Douglas Karr:	Exactly, so what happens is let's say your business gets taken for $200,000 dollars, the first thing the insurance company does is come in and do an audit. They find one phone that's not patched and they say, "Sorry, you're not in compliance with the insurance policy. We're not paying for it." These companies think that they have protection but unless they're up on their security and actually maintaining security, they're almost never going to get that money back.
Ryan Grimes:	Exactly. That's one of the ... when we engage with a client and have a contract with them, we have minimum levels for OS on any device that they have in there. If you're going to use Windows XP, I'm sorry, that device needs ... Unless it's running some super expensive router that cuts signs, that it would be like $80,000 to replace, we'll just put that on its own separate little network and not let it on the internet.
Douglas Karr:	Isolate [crosstalk 00:16:09]
Ryan Grimes:	We ensure that that stuff is taking place and we have had situations like that where yeah, all they're system are up to date. Here's the report on all their systems, and they did get their money back.
Douglas Karr:	Nice, perfect.
Ryan Grimes:	We are insured for stuff like that, so that if anything happens-
Adam Small:	Because you know that if the customer ends up not getting the insurance money they're coming after you, right?
Ryan Grimes:	Exactly. Errors and omissions.
Adam Small:	Yeah, yeah, yeah.
Ryan Grimes:	It's worth its weight in gold. But yeah, it's really worth even let's say you're a large enough company, you need to have a full time person doing this. What we see a lot of is they start doing this and then they get busy with other stuff. Or like, "Hey, you know, there's nothing disastrous going on today. Why don't you go work on marketing or something like that? Or, work on this policy or procedure." Then they've taken their eyes off the prize and then something bad happens, and then you've got to back trace. Well yeah, I haven't working on that for two months, since I've been this other project. If somebody specific doesn't own it then nobody owns it.
Douglas Karr:	I'll even mention even with WordPress updates and stuff, so website updates. I would rather apply the patch and break the site and fix it, than not apply the patch.
Adam Small:	Than not apply the patch, yeah absolutely.
Douglas Karr:	That's another one that I see often out there.
Adam Small:	Especially with something like WordPress, because the more popular the software is, the more people are probing it. That's why Microsoft insofar as viruses and stuff has such a vulnerability, because it's on so many computers, it's the easy one to pick and [crosstalk 00:17:36]
Douglas Karr:	A lot of times servers are on the share environment.
Adam Small:	Exactly.
Douglas Karr:	Where once something gets in the root, it spreads to every single site.
Nathan Barnett:	Off The Circle is brought to you by My IT Indy. If you're a small to medium size business and need assistance with networking, security and other IT services, contact Ryan at info@myitindy.com.
Douglas Karr:	You had mentioned two factor authentication.
Ryan Grimes:	Right.
Douglas Karr:	I am a huge believer in two factor authentication. I think that everybody should be applying that. You can have it on Twitter, you can have it on Facebook, you can have it on everything.
Ryan Grimes:	A lot of bank accounts, everything.
Douglas Karr:	Bank accounts, yeah. For anybody who doesn't know what two factor authentication is, basically you have to log into two different places to make anything work. You log into your Chase account and then it's going to text you and say, "Here's a code that you put in for the next level of authentication." Or it might be Google Authenticator, an application that you open to get a code, or Facebook has one.
	I'm telling you, I'm telling everybody, do it, just do it. You'll get used to it. One of the nice things that I noticed even on iPhone is, now when you get a message, when you get a text message, it pops over the screen and so it's great for two factor authentication because you might be on a LinkedIn and it asks for your code, and you have your code, you don't have to memorize the six digit code [crosstalk 00:19:17]
Ryan Grimes:	Pop back and forth between the apps on your iPhone.
Douglas Karr:	Yeah, go back and forth. I almost think that they did that on purpose, that now you get text messages over the screen and so you can keep typing and everything. I would highly recommend that to everybody because I notice, I have an account logmein.com. They send me alerts probably once a month that somebody tried to log in from China, tried to log in from Pakistan. They're getting beat up left and right.
Ryan Grimes:	Have you ever run a security plugin on WordPress?
Douglas Karr:	Yeah.
Ryan Grimes:	They've got a thing where if somebody tries to log in they can email you.
Douglas Karr:	You're going to turn it off.
Ryan Grimes:	Yeah. Yeah, you do because what I end up with is every site hits me. At least once a day I get hit with an email saying somebody's trying to login from Russia, India, Pakistan, United States even. But then I've got one site in particular that must be a target, because I'll get, once or twice a week I'll get where somebody's trying to log in and it's hundreds of times, thousands of times in a very short period. I have to go ban the IP addresses. Then I have to play this game where I spend about 20 minutes because they switched the IP addresses up.
Douglas Karr:	Nice.
Ryan Grimes:	So I ban one IP address and I wait for it to come again, and then I ban that one. Then after about 20 minutes they stop. They either got in or they moved on.
Douglas Karr:	For people listening, it's just brute force, right?
Ryan Grimes:	Exactly.
Douglas Karr:	They have a database of passwords or they have an algorithm that they're repeating, and they're just hitting your Chase account over and over, or they're hitting your Facebook account over and over. They're trying to get the right password. If you have two factor authentication, they will never get in, period.
Ryan Grimes:	Because they'll never have that second piece.
Douglas Karr:	They'll never have it, yeah.
Ryan Grimes:	Because that second piece, I don't know if you explained it earlier or not, but that second piece actually changes based on time, date, that sort of thing. It regularly changes so that it's very hard to duplicate what that second pieces is.
Douglas Karr:	And two factor authentication, I think every major service now offers it. WordPress has it, Facebook has it, Twitter has it, LinkedIn has it. Go into your security settings and turn on two factor authentication and just get used to having your phone next to you whenever you log in somewhere.
Adam Small:	Yeah, Apple does it by default when you set up any iOS device or even any computer now.
Douglas Karr:	That's right.
Adam Small:	As soon as you type in your iCloud information it all goes ding, ding, ding, ding. Your watch is beeping, your headphones are beeping, your TV is beeping, your phone is beeping, your tablet's beeping. Oh my God.
Douglas Karr:	Some of it's kind of cool, like Google Chrome, you can actually tie your Chrome login with your bookmarks and history and everything.
Adam Small:	They'll sync it across devices, which is a nice feature.
Douglas Karr:	Yeah, which is kind of cool. I think Safari does that.
Ryan Grimes:	Yeah, it does [inaudible 00:22:19] through iCloud.
Douglas Karr:	Yeah.´´∆
Ryan Grimes:	Same thing with pictures and stuff, you can have them on all your devices so you don't have to, "Cut, I got to text myself those pictures now."
Douglas Karr:	So then, we talked about that, let's talk about passwords themselves. I'm a huge fan of Dashlane. I know there's 1Password that's out there too, which is basically my password repository. I have a different password basically for everything. No two passwords are the same. Then I control it all with Dashlane, which has a master password, so if somebody got my Dashlane I'm done.
Ryan Grimes:	So you have a single point of failure [crosstalk 00:22:59]
Douglas Karr:	I do have two two factor authentication on Dashlane. But the thing that I love about that again is, a lot of people like 1Password, and then they use the password over and over again.
Ryan Grimes:	Over and over again, which is why if it gets hacked on one site you're opening yourself up across the board.
Douglas Karr:	Yeah, absolutely. Say that again.
Ryan Grimes:	Which is why if you get hacked on one site you're opening yourself up across the board.
Douglas Karr:	Yeah, absolutely. I've seen some people do cool tricks with that. Maybe it's if the domain is google.com, they take LE, the last two letters before the dot and they start their password with that or something. You know what I mean?
Adam Small:	No, I've never heard of that trick.
Douglas Karr:	Yeah, so no matter what site-
Adam Small:	Now I'll never use it.
Ryan Grimes:	You just gave away the [crosttalk 00:23:49]
Douglas Karr:	The idea is even if you just want to create one password and use it everywhere, you have some kind of clue as far as doing that.
Adam Small:	Why not just use your birthday, I mean come on.
Ryan Grimes:	[crosstalk 00:24:02] have used a birthday, a kid's name.
Adam Small:	Yeah, yeah. I've seen true lives movie where they're trying to crack a password and the guy says, "Oh, it could take us months to do this." They start to walk away, it's done. it was the birthday and kid's name or something like that.
Douglas Karr:	Algorithms that these hackers have are great. Once they get a set of information, they just keep trying and trying and trying. Yeah, it's terrible, but password repositories are really coming along I think and getting good. I think 1Password did get hacked at one time, a long time ago. I don't want to ... But I figure those guys, the only thing they have to do is not get hacked. That's about their only job.
Ryan Grimes:	[crosstalk 00:24:50] one job.
Adam Small:	Yeah, they've got one job.
Ryan Grimes:	That's a big job.
Douglas Karr:	It is, yeah.
Adam Small:	Especially when you become a target, because the larger the password business is, the larger a target they're going to become because of the simple fact that their passwords are in there.
Douglas Karr:	Absolutely. If you guys ever want to check to see whether your account has been compromised, there's a great site. It's haveibeenpwned. It's H-A-V-E-I-B-E-E-N-P-W-N-E-D dot com. What these guys do is they basically everything someone's breached and that data is put public on the dark web or anything, they add it to their database. So you can just look up your username or email address on I have been pwned and see. I'm not going to say see if, I'm going to say see where your account has been compromised. You're going to find it on there.
	So check that out if you get a chance. The great thing is you're going to be able to see, they have 230 breaches across four billion accounts. You're going to be able to check across 230 different breaches, whether your email address or username has ever been compromised. I'd highly recommend that you use the site and check, and then go to those sites, turn on two factor authentication. I wouldn't just change my password, I would turn on two factor authentication and then that's it. You had a horror story.
Ryan Grimes:	Yeah, which one? The Dropbox one?
Douglas Karr:	Yeah, the Dropbox one. Listen to this guys, this is scary.
Ryan Grimes:	One of the things we deal with, this I Ryan again by the way, we deal with is disaster recovery. Our main offering is called business continuity disaster recovery, because when something bad happens, how do we get you back up to where you need to be? That's really one of major offerings and what you're paying for because as a business you can't be down.
	Basically, everyone loves Dropbox, everyone thinks Dropbox is the greatest thing on Earth, but here's a use case where it will be your worst nightmare. Let's say there's a username, Doug, that likes to click on everything. He doesn't have two factor authentication, click, click, click, on every email attachment he gets. Well, Doug has mysteriously encrypted his entire hard drive with malware, with ransomware.
	Ransomware is a tool that people use to extort money from you. Basically they say, "Hey, if you want your data back and your hard drive unencrypted, send three Bitcoins to this address and we'll give you the key to unlock your data." If you don't have backups, there is really no way you're ever going to unencrypt that hard drive. So Doug, click, click, click, click, click and encrypts his entire hard drive, which happens to house his Dropbox data for his entire company of 300 people on it, because they all like Dropbox.
	What happens is that Dropbox says, "Oh cool, all these files have changed. So all the files that were on there before have now been deleted, so we're going to delete them from everyone else's computers." The new files that Doug so courteously put on here for everybody else are being uploaded to the cloud. What happens then is that everybody gets those encrypted files, including the encrypter. Adam over here is like, "Man, what's this thing from Doug. This is great, I love this stuff." Click, click, click, click, click, "Wait, my computer now has the lock screen on it." It's like this cascading waterfall of terror.
	The thing is, it doesn't take days, it doesn't take weeks. It's going to happen in like five minutes across an entire company, especially if you utilize these file syncing solutions that anybody can be working anywhere on any files, you can be anywhere the world and all of a sudden your entire computer is encrypted. Again, some of the encryption deals with not patching your computers, but people click on a lot of stuff they shouldn't be clicking on. That is a direct action and I don't care what software you run, if you click on things enough you will have terrible things happening to you.
	Yes, this is real life story that happened to one of our clients. We were able to get their stuff back but it was ... one of the things our contracts don't cover is recovery from ransomware [crosstalk 00:29:25] did it yourself. That was a very expensive project for them. It's one of the costs of doing business and it sucks. By the way, a new statistic says that 40% of all ransomware cases where the ransom is paid do not get their data back, because what they do is they disable the email accounts on the remote servers, because they're never in the United States, they're in Russia or some place like that. They just disable the email accounts so they're never able to respond and get you your keys back.
Douglas Karr:	Wait, you're telling me dishonest thieves don't have the decency?
Ryan Grimes:	I know, right. We're laughing about this but there was a sheriff's office in northern Indiana lost eight years of evidence for trials
Douglas Karr:	Oh my God.
Adam Small:	A lot of criminals went free.
Ryan Grimes:	Yeah, I was like, "How do you come back from that?" A business, you're just done. If your stuff is encrypted, all your intellectual property is done. How do you continue on? But a police department that's legally responsible for protecting these documents.
Adam Small:	One of the things I would say is probably a good backup strategy is a fallback on that. Again, as a Chief Information Officer I was paranoid about losing that data because so much of what we did was data driven anyway. It was backed up a couple of times a day and then off site and all that stuff
Douglas Karr:	But you know what winds up happening though, you wind up getting so much data that all of a sudden the backup stop working and then ...
Adam Small:	That was something that again you should regularly check. The problem with this is that small businesses, most of them just don't have the resources for that sort of thing.
Ryan Grimes:	It's not cheap either.
Adam Small:	No, it's not.
Ryan Grimes:	We have devices we sell that literally take 15 minute snapshots of any Windows Server you have. Theoretically, somebody goes postal, takes a .45 and shoots the server. We could have you back and running in half an hour on a virtualized version of that server, but still that's a monthly fee that a lot of people are like, "That's just too much."
Adam Small:	Right, it comes then to the resources. Whether it be physical resources, financial resources, manpower resources [crosstalk 00:31:41]
Ryan Grimes:	I cheat on some of that stuff. I have my client drive on Google Drive, which is basically kind of a Dropbox. My client data I know is both backed up in the cloud and on Google Drive.
Douglas Karr:	There you go.
Ryan Grimes:	I have it in two different places.
Douglas Karr:	The issue we see with that is the time to restore.
Ryan Grimes:	Yeah, absolutely.
Douglas Karr:	That's down time. We had immaculate backups of a client's server and it still took us a week to get them back up and running because we had to get them reinstall Windows [crosstalk 00:32:12]
Ryan Grimes:	That's a whole process. Yeah, that's a whole process.
Douglas Karr:	They're just sitting there, staring at us, going, "We're losing money." I said, "Yes I know." We end up putting one of those appliances in there now. Their server could explode and we'd have them back up and running in under half an hour.
Ryan Grimes:	It brings up an other good thing. This is, I'm going to go, my business of course is on the marketing side, but site hosting. We had a client say to us, it was last week, we wanted to put them on Flywheel, which is a host that we use for WordPress. They said, they literally said, "How do I explain to my board why I need to increase my hosting costs 465%?" I said to them, and they were hosted on a cheap host basically, I said, "Well," I said, "you're getting about $1,000 a month in development done on your website and you don't have any backups and you don't have a staging area. When the developer slips up, accidentally deletes a core template ... "
Adam Small:	And there's no if on that.
Ryan Grimes:	Yeah.
Adam Small:	It's a when.
Ryan Grimes:	It's a when, yeah.
Adam Small:	Developers are human.
Douglas Karr:	Yeah [crosstalk 00:33:23] Yeah, and I said, "When that happens, how much is that worth?" If you have $1,000 a month and your site's three years old, you've got $36,000 that's invested into your website, and you're literally for $20 a month putting all of that at risk.
Adam Small:	But if you're investing $1,000 a month in development on your website it's worth so much more than that, because you're generating revenue and income based off of that.
Douglas Karr:	You're absolutely right.
Adam Small:	So yeah, way more than that.
Douglas Karr:	But it's just that thinking, it's like your service Ryan is an insurance policy. That's what it is. You're saying, "Hey, yes, you're doing all of this stuff, but to provide a level of insurance for your business, spend this much money so that we can make sure things are restored and things can come back."
	I always tell people that, that there's a peace of mind there that I know every single night their site is backed up, I know that I have a staging area and a production area. I know that those are done off site. I know that, so I don't mind paying that money. I pay it for all of my sites. When you lose your site for the first time that's when you figure out how petrified it is. It's terrible.
Ryan Grimes:	What do you mean all my data's gone?
Douglas Karr:	Yeah. Yeah, what do you mean the 3,000 blog posts that we had for the last 10 years have disappeared? Sorry.
Ryan Grimes:	That even applies to home users and stuff. The cloud is there more, you've got your iTunes music and your photos online and all that stuff, but the videos and things you have, videos of your ... We've had to tell multiple [crosstalk 00:35:04] "I'm sorry, the video of your child being born is gone because you didn't take the time to do backups." People assume the cloud is backed up, like no it's not. It's not backed up. It's one of the biggest misnomers out there for technology.
Douglas Karr:	Yeah. In fact we had it happen before we hired your services. We had someone that had what's a Time Machine setup. Well, one day the Time Machine didn't connect or whatever, it threw an error. The user just clicked the error, never restarted it, never troubleshot it, never anything. That was the day that her backup stopped on her computer. When she lost something I was like, "Oh, well let's open up Time Machine and get it back. Oh, Time Machine hasn't run in six months. You're done. Sorry."
Ryan Grimes:	Yeah. With the evolution of technology, we don't ... for business users, backing up the end points is okay. We do that for executives simply because they tend to have more personal stuff on their computers, but it's really the cloud that we back up now, even Office 365 or Google Apps, they say they back up and archive but recovery is a logistical nightmare. So we employ third party utilities that do log in and make sure that your backups are hosted somewhere other than on their services. Your geo-located somewhere else.
Douglas Karr:	I back my Google up to Google.
Ryan Grimes:	Yeah, exactly. How is that working out for you? But it's just one more layer of security, because what happens if one of their employee says, "You know what, I'm out. Select all, delete." There's your email, we're like, "Oh that's cute, you're locked out." Everything's restored and now boss is notified that you did and you're fired, you didn't quit your job you're fired.
Nathan Barnett:	Off The Circle is brought to you by DK New Media. DK New Media is a marketing consultancy working with some of the world's largest brands on their digital marketing and media strategies. Contact doug@dknewmedia.com.
Douglas Karr:	You just said something that was important and I want to chime in on that.
Ryan Grimes:	Who, me?
Douglas Karr:	That's your password recovery email. Your password recovery email, if you're on Gmail probably shouldn't be your email.
Ryan Grimes:	Probably not. Yes, yes, yes.
Douglas Karr:	A lot of those services again have where you can put it two different email addresses for password recovery. A recommendation there is have some weirdo, have a, I don't care, Hotmail or whatever. Have some other strange email address that's your password recovery email address. Use that with everything too, because we've seen that as well, people's email gets wiped out, hacked or whatever, and it's the only one they have for all of their accounts. They can't get to their bank account anymore. Passwords are changing.
	It happened to my daughter. My daughter has one email address and someone hacked her Facebook account. The first thing they did was go change the email address on her Facebook account. Of course I was literally ... I have no idea who this person was, or what side of the earth they were on, but I was running at the same speed that they were. Thank God I got her mobile authentication turned on and I was able to catch it and change everything back, but it's a scary thing. I found a infographic online, this is pretty good, seven steps to protect your online security. Creating strong passwords, of course. I've read some stuff on that that the word thing doesn't really work as well as people thought.
Ryan Grimes:	Like the sentence or phrase?
Douglas Karr:	Yeah, yeah. Neither does the asterisk, star, blah blah blah blah blah. The algorithms now are actually testing.
Adam Small:	They've only been recommended that sort of password for 10 years or more, right?
Douglas Karr:	Yeah, exactly. So have a password recovery email dedicated is a good idea. Make sure if you're on Google that your password recovery email is not on Google.
Ryan Grimes:	What could go wrong?
Douglas Karr:	I agree, yeah exactly. I found a infographic online and I want to talk this one through. It had some steps, create strong passwords, rethink your answer to security questions. Security questions is kind of a old technology and now all of our information is online, so your kids, your dog's name, everything else. People can look up your security answers pretty easy. Opt in for two factors authentication. If you've never done it before, just try, just go try. Go look it up on Facebook and turn it on. You'll see how it works. It's pretty easy. Protect your WiFi with a password.
	Story there. My parents, my dad had Verizon put in the house down in Florida, which pretty cool. Verizon's services are pretty amazing now there. I said, "Dad, what's your WiFi password?" He says, "I don't have any WiFi. I have everything wired."
Ryan Grimes:	That will never catch on.
Douglas Karr:	My dad was a big security [crosstalk 00:40:27]
Adam Small:	Yeah, I don't know why you'd need more than, what was it, 512K [crosstalk 00:40:32] 640.
Douglas Karr:	No, my dad was all about security. He didn't want a WiFi, he didn't want [inaudible 00:40:39] I said, "No, I think you have a WiFi network." He argued with me and argued with me. I went into his office and picked up the router, and sure enough the default WiFi with the default admin login for the router was there. Now think about this for a second, Verizon was the only carrier in their neighborhood.
	So Verizon was installing WiFi at all of his neighbors' houses, using the default login and password. I told him, I said, "Anybody could have been in your network." Anybody, because all I did was I Googled the router model number and logged into his router. I had total control over his network. So change your WiFi, change your network. You can even hide your network name if you want to. It doesn't really matter, right?
Ryan Grimes:	No, it doesn't matter at all.
Douglas Karr:	People can detect it even when it's hidden. But definitely change your login and password for your router and for your WiFi.
Adam Small:	For residential people we even recommend setting three SSIDs. One for family, so you and your kids and your dog, and have WiFi. Setup a utilities WiFi network for Nest thermostats or your refrigerators that are WiFi or any of those devices now. That way if you change the family one for any reason, you don't change the utilities one. Then have a guest network that anyone can get on.
	Then do a bandwidth limiter on it so that people aren't going to come, your kids are going to come over and hop on and stream Netflix, and all of a sudden your Netflix doesn't work because it's all about me and my Netflix. What you have to do is you have to get rid of that piece of junk router they give you. Disable the WiFi, get a good wireless network.
Douglas Karr:	Got get a Nighthawk, right?
Adam Small:	Nighthawks are great if you have a bigger house. We've done some cloud based ones, Open Mesh. We've done Ubiquiti house setups. You administer it through a web page and you can have them all sync the same SSIDs and passwords. As houses get bigger and more brick and steel refrigerators and stuff, those all affect WiFi signal and it really makes more sense to do that. It makes your life easier.
Douglas Karr:	Yeah. Change the name of your router, the site says, and it's for a good reason, it's because when people see the default naming of your SSID, they know that you haven't changed any of the settings.
Ryan Grimes:	Linksys was the world's biggest ISP at one point because the default was to be an open WiFi network. I remember driving to [inaudible 00:43:19], "Do you want to join Linksys? Do you want to join Linksys? Do you want to join Linksys?" No, stop. That was before you could disable that on iPhones.
Douglas Karr:	I like the guys that name [inaudible 00:43:28] like FBI Van and stuff. On your router, again, change the preset password on your router. Again, that's not your WiFi password, that's [crosstalk 00:43:40]
Adam Small:	Right, that's the device password itself.
Douglas Karr:	Yeah, and take a look at the security options on your router. Typically they're pretty good. A lot of times they have some stuff that stops it. You just said it, create a guest account, so do that. And then some of the firewalls on routers are pretty good because they will actually block some malware and some viruses.
Ryan Grimes:	If they're made by Netgear they may actually help spread it too. They had a few little security holes in their firmware.
Douglas Karr:	Oops.
Ryan Grimes:	Yeah, oops. People, especially on metered connection, like, "Why am I going through three terabytes of data a month [crosstalk 00:44:15]?" Your router's been pwned. 
Douglas Karr:	Your router is selling pills on the internet.
Ryan Grimes:	Exactly. Well you know, some of these cloud based services, they automatically update your firmware, or at least email you when there's an update and you just do it.
Douglas Karr:	You would think that Dropbox would have a virus and malware checker at the corporate level, wouldn't you?
Ryan Grimes:	You would think that. You would think that, it's just a matter of catching it in time. Some people are bound to determine
Douglas Karr:	[crosstalk 00:44:41] data that they have. They want speed, so they don't want to have to crawl your data before, but it seems to me like that would be a no brainer.
Ryan Grimes:	They may have improved it since then, this was about six or eight months ago. I know they've made improvements in this area, I don't specifically know what they've done.
Douglas Karr:	Any other advice you think for folks?
Adam Small:	Just don't get on the internet.
Ryan Grimes:	Yeah, the only safe place on the internet is in the backwoods with no cellphone.
Douglas Karr:	That's another one that I joke with my dad about. My dad was ... I was like, "You know, I could send you the money, do you have online banking or whatever?" "I don't do that online banking." I had to explain to him, "No, you don't access your online banking but your on online." Everything's online. Just because you don't ever log into the account doesn't mean that it doesn't exist.
Ryan Grimes:	Exactly, exactly.
Douglas Karr:	Awesome, this was a good conversation. Ryan, for folks, let folks know how to get a ahold of you because this is your business, this is what you do for them.
Ryan Grimes:	Our website is myitindy.com. Our Facebook page is Facebook.com/myitindy. You can email us as info@myitindy.com, or even friend me on Facebook if you're cool enough.
Douglas Karr:	Fantastic. But if you're interested in coming down, being on the show, you are more than welcome to come down and spend Thursday afternoon with us. Thanks everybody and thank you guys for coming for this inaugural kind of edition of Off The Circle.
Adam Small:	Enjoyed it.
Ryan Grimes:	It was absolutely a blast.
Nathan Barnett:	If you're an Indianapolis business and would like to be on Off The Circle, contact us at offthecircle.com. Off The Circle was recorded at DK New Media's state of the art studio, The Speak Easy in downtown Indianapolis.