 Welcome back to the Cyber Underground. I know it's been a while, but we're here. We're back. We're talking about local tech support here in the islands. And you might think that tech support, no big deal. You can get it anywhere, right? Well, no. The island community has its own flavors, own community, its own sense of morals and justice and the way of doing things and its own lifestyle and its own timeline. So you've got to get used to things. And the people that we depend on are right here in front of us. With us now is the CTO of Hawaii Tech Support, Timothy Ames. How you doing, brother? Hey, thanks for having me. It's a super-fine. Well, come in, man. Tell us what's going on in your world. How do you support our local community? What's new? What's not new? Yeah, so yeah, there are some new things. This year, actually over the last two years, I think we've seen a lot of people moving to cloud technology. So basically what we do, we're a managed service provider. We're the folks you would call if you're a small business and you want assistance. You might not be able to afford a full IT staff or even a full-time IT person. But you still want to take advantage of those tools and technologies that are available in the IT world or in the marketplace. Some of those tools can get pretty complicated to implement. The interdependencies between the different tools are expensive to maintain. So we'll jump in there. You can kind of use us piecemeal or sign on for your continuous support. We're like a fractional cost of having a full-time person. So it's effective for small businesses, medium businesses, enterprise. That's what's old. That's what hasn't changed. I think what's changed in the last year or two is security is becoming a real forefront in people's minds. Huge. And a lot more people in Hawaii are getting hit this year alone. This isn't the way we like to bring on new clients. But we are bringing on new clients this year because they're getting hit with ransomware. They're getting $200,000 ransoms to restore their money. One click away from the end of your world. And it is, man. It is. If you don't have a good backup procedure in place or you don't have some tools to just prevent this stuff, honestly, we've had companies that have been out of business for three weeks, not able to, no income, no revenue, not able to pay people, not able to do accounts payable. So it's just a stop of business. But the fines that come afterwards. So if you get fined by the credit card people, if someone takes away all your credit card numbers in an X fill and they take the data away, you get fined by the credit card vendors. And the average loss is in the millions of dollars. You're small business. You're out of business. You're out of business. That's it. And hardly anybody's carrying cyber insurance. Insurance is another thing. If you've got insurance and you get breached, insurance rates go up, which can also drive you out of business. And they're going to say, hey, some of those insurance writers come with what were you doing to protect yourself? Oh, due diligence. Yeah, where you're not going to get a claim from your homeowner's insurance if you have a fire pit in the middle of your living room. Right, and I didn't. It was a horrible thing. I shouldn't have done it. Yeah, so I think that's the biggest thing that we've been seeing is people have been at least more attentive because they're hearing their neighbors or their friends, their colleagues. It's not just home Depot and Target anymore. It's just little vendors. Small businesses have a lot of data. Everything we do is on computers, whether that's your QuickBooks, accounting, if it's your homegrown application that just keeps track of your vendors and your clients. Your Excel spreadsheet. Your Excel spreadsheet. With all your passwords. And what we've been seeing, too, is the people that are getting hit when we go there and we start doing forensic investigation and we start to look at, OK, what was the framework of the attack? What did the attack look like from start to finish? What we're finding is that generally the attack started a few months before that ransomware hits. You're doing open source intelligence at that point. You're preparing to do the attack. They're not only preparing to do the attack, but what they're doing is they're gathering all the financial data that they can. They're in the network and they're just gathering stuff. We don't know what they're gathering at that point because they destroy the evidence. They destroy the chain of evidence. Oh, this sounds like Equifax. There were two breaches. The first one they didn't report because no data was taken. But that was the time between the first and the second data breach they were looking around. They were doing reconnaissance. Yeah, they were gathering the information. And then when they're ready to exfiltrate, they exfiltrate and then throw a grenade back behind them and bam, there goes all the data. No evidence. Yeah, no evidence. Wow, so the ransomware is a huge one now. And backups, like you're saying, are immensely important and a backup rotation policy as well. So you don't have your backups all in one place. A lot of people think because they have a backup, you would be connected to external hard drive that that's a good enough backup. But as you know, ransomware, once it takes effect, goes where? It goes to every drive that's attached. Including your backup drive. Some are even targeting. So Windows, most corporate organizations are running some kind of Windows server or desktop. And some of the ransomware specifically attacks the built-in shadow copy that Windows holds. So by default, if you delete or not by default, but if you have shadow copy on, it's a little protection. If you accidentally delete a file, not in the recycle bin, but if you accidentally change a file, you can go back to previous versions. Well, ransomware is getting smart. It's attacking that now. It's attacking backup solutions now. So the only real way to have a good backup is to have some kind of enterprise-grade backup solution where it's backing up locally and hopefully backing up off-site, probably somewhere in the cloud, inside of an isolated data center that you can recover from. And you guys offer this? We offer this, yeah. This is one of our services. And it's a big seller for the folks that do get hit. This is one of the big sellers that are big recommendation. Yeah, you want to have a firewall. You want to have your antivirus in place. But once that stuff fails, you've got to be able to recover the data. Because no one's immune from a zero day. Right. Nobody's immune from a attack that hasn't been registered inside of some database somewhere that is given a signature for your antivirus to recognize it. But there are advanced software. And there's websites where you can buy zero days. Absolutely, yeah. I mean, they're very valuable because there's no defense against them. It's not even zero days that are really the bigger problem either. It's just people not patching their systems. That's a huge problem, right? So that's another how a managed service provider can support clients and customers is that we'll take over your patch management policy. So that's something that's very overlooked. But I don't know if you remember, like, well, I know you remember. But I don't know if some of your viewers remember a couple of years ago that NSAA had some tools that were leaked. Oh, yeah, yeah. Mariahs is still out there. Right, he's still out there. And the funny thing is, pretty much the entire industry, Microsoft got together. They were even releasing patches for operating systems they didn't support anymore. Oh, so they did that. Microsoft did that for the Windows 7 in the Great Riddings. And Windows XP for WannaCry. Right, for the WannaCry. So they were saying, this is so important. We're going to release a patch for operating system that we technically don't even support anymore. Just to get it, just download it and apply it. People didn't apply it. And so there was a lot more, it had a much bigger footprint than it should have. So we take over the patching. Any managed service provider is going to do very similar stuff. We do it better now. I believe you're close to your local and you're here. We're at a local here. And people in Hawaii tend to trust people that are here. Yeah, I get out, because you want to reach out and touch someone. And I get that. I get that. I understand that. And it's good to have somebody to just be able to drive over and work with you. And a lot of it. Virtual One Eagle so far. It can do 90%. It can do maybe 80, 90%. And it's that extra 10%. And that's what we look for here in the islands, that special touch. If you can go have to peer with somebody at Murphy's. It means a lot to us, instead of contracting with a mainline company where companies might just be a number and a huge block of numbers. So if I went out and said, sorry, I'm going to back on RSA for a minute. But this huge company, I go out to Symantec. Hey, I need this kind of service from them. I'm just one of a million customers. But out here, I'm a lot more special, because you guys are highly focused. You deal with the local community. When you're working with a local company, too, I think it helps, because you can build that relationship. Every company in Hawaii is interconnected in some way. We all know. Yeah, it all comes in some way. And so we're interconnected. We build relationships. We understand the business that our customers are in. We may not understand, we're not their operations officers, but we understand their business enough to become their CIOs, their information officers, their technology officers. So we can fill that gap for them, because we understand their business. We understand their business environment a little better than some remote folks would, where you're just a number would be able to do. You said something really important in the beginning. When you first introduced your business model for your company is, as businesses grow, they adopt new technologies. Sometimes the older ones don't go away. So the interconnection of those two, that little mashups that you have to do, that becomes an important part of your regiment, what you offer, because they can't get rid of some of their legacy systems. They can't just keep converting and converting every year. They've got to keep adding new stuff for new services, but keep their old data around, so you have to support all that. We do. And I'll tell you, though, for a lot of the legacy systems, we'll say, if it's very apparent that this is just a non-starter for the business, that they're going to keep it, and they're not going to get off of it ever, we'll take that and we'll drive on with it, because at the end of the day, we're supporting that business. We'll also be the biggest champion for getting off the legacy systems and trying to get to more robust systems. But we're not just going to say, hey, you got to do this. We're going to present certain courses of action, and hopefully we can convince the lines of business that this is the way to go to. Well, at some point, it becomes not only essential, but a managed risk, and it's affordable. So you just keep giving them options until it's something that they'd say, yeah, we can do this now. Exactly, yeah. You might not be able to do it up front, which can move on. Another thing you talked about was patch management. I don't think a lot of people understand out there that it's not just about your Windows system or your server or your desktop. It's about your mobile devices. It's about your IoT devices. Your routers, your switches, your hubs. Whatever you've got out there that's got firmware, your Apple TV. Yeah, you need an upgrade of the Apple Watch. You've got to come out with it every time. And then, oh, I hate this. You've got to buy a new Apple Watch because the new OS doesn't work anymore. And now your device is not secure. Yeah, some of the bigger overlooked devices on the network that have been used to what's called Pivot and Attack From have been voice over IP phones, printers. Well, that's a big one because the voice system might be connected to the actual network. Nine times out of 10, it is. So you take over the voice over IP server and use that as a pivot point and attack the rest of the network. Yeah, that's a big one. What do you do to overcome this? Do you isolate that usually? Or do you suggest that? Yeah, so that's the difference between going in. A lot of this technology can just be plugged in to whatever router or switch that serve pack or a spectrum or a white telecom provides. You plug it in, it works. You're like, sweet, it works. That doesn't bring in any kind of security posture, though. So what we do is we start to bring in managed switches and routers and firewalls that actually segment the networks into different logical networks so that if there is ever an attack on your phone because the patches were behind or whatever, that the traffic can't traverse into the production network, the workstations, the servers. So that's one way of doing it. Network certification takes a lot of work for someone who's an amateur and for someone who, it's not their daily business. So it's important to bring in the expert who charges a reasonable price to get it done so that person can go off and sell tires, run their farm, open their 7-Eleven or ABC store. That's important. And I think a lot of people try to do it all. They do try and do it all. And what I see is it becomes there's like a fatigue that happens when you start to get into. If I started to try and become an auto mechanic, I would be lost on the first day. Yeah, I could probably struggle by and I can get stuff done. I'd open up the manuals and maybe be able to get my way through it very slowly and probably very inaccurately. But when people take on that kind of responsibility on themselves and their business grows and it just gets out of hand, and now that it's out of hand and it may not have had a solid foundation, but you kept building on top of it, it's more work to redo. And that's when the big risk comes in. Yeah, that's when the big risk comes in, because now you have a weak foundation, everything's built on top of it. We're going to take a short break. We're going to pay some bills. We'll come right back. Everybody come right back in one minute after these commercials, until then, stay safe. Aloha, I'm Marcia Joyner, inviting you to join us on Wednesdays at one o'clock for Cannabis Chronicles, a 10,000 year odyssey where we take a look at cannabis as food, cannabis as medicine, cannabis and religion, cannabis and dear old Uncle Sam. So please join us to learn all about cannabis. Again, Wednesdays at one o'clock. Thank you. Hi guys, I'm your host, Lillian Cumick from Lillian's Vegan World. I come to you live every second Friday from 3 p.m. And this is the show where I talk about the plant-based lifestyle and veganism. So we go through recipes, some upcoming events, information about health, regarding your health and just some ideas on how you can have a better lifestyle, eat healthier and have fun at the same time. So do join me. I look forward to seeing you and Aloha. Welcome back, hope you missed us. We're back now to talk with Timothy Ames, CTO of Hawaii Tech Support, about local tech support options here in the islands. And one of the things we're going to cover right now, very important, virtualizing things like MS Office. Everybody uses Microsoft Office. We use Word, Excel, lots of us use PowerPoint. That'd help us all because I could die at a PowerPoint presentation. But it's become enormously expensive to get the old CDs and install it everybody on all their workstations and license every copy and keep that in a little folder in your desk and then patch everybody's workstation individually. But now Microsoft has come out with Office 365. Yeah, so it's a subscription-based service which a lot of IT software is going towards, whether it's Adobe, Microsoft. The reason why they want to go subscription-based is because I guess it's just a continuous stream of revenue, but it also makes sense for the customer because you're paying a small monthly subscription rather than a big outlay every three or five years. This has to do with scale. So a lot of companies ramp up during the holidays, for instance, and then ramp back down after the holidays. And if that happens, they can scale their business with the subscription and then the very next month, scale it on back. Yeah, one of the bigger things with Office 365 too is yeah, it gives you your desktop apps. You don't necessarily, you know, your Word, Excel, PowerPoint, all that access. You don't have to have those Office products though because everybody, I think one of the biggest force multipliers for a business is email communication, right? So you may have a user that needs or one of your staff that needs email, but doesn't necessarily need the Office products. Business essentials. Yeah, business essentials. And if, you know, even for your frontline workers, there's something cheaper than business essential, which is the F1 for frontline workers, where all they need is email. It's never gonna be very much email. You just need to be able to email them every day, a schedule or something like that. Very inexpensive. You're talking like $4 a month per email. Yeah, and even the business essentials, I think is only five bucks a month. Yeah, exactly. Yeah, they're all cheap. That comes with Teams, right? Which is the old Skype. They made Teams now. Teams is very robust. Teams can be your phone system now. And that's not something a lot of people don't know about Office 365. It is a voice over IP system as well. We've been replacing phones for customers that are on PBX system, you know, old style telephone switches in their office. Huge to maintain. Again, we gotta worry about security patching, all that kind of stuff. If I do the network, it needs to be patched. The voice over IP phones are coming straight from Microsoft and they're just add-ons to, if you already have an Office 365 enterprise account, well, it's just an add-on to get a phone service. It could tie right into Teams. You get a headset. You don't have to have a desk phone. You can have a desk phone, but I think a lot of people are adopting just having a headset or a Bluetooth earpiece connected to their computer. There you go. You got your phone system. It comes with just an enormous amount of benefits, including the more you scale up that subscription service to Office 365, the more security features you get. You do, yeah. So it starts, you have the business line, which is the business essentials, business premium. Then you have the enterprise line. So the E1 is like the enterprise one. It comes with all of the online versions of Office. Three comes with the online and offline versions of Office and it adds things like email encryption. You can also add all that stuff out of the cart. So it's very cost-effective for companies that they might not need everything that's in the E5, which is their flagship subscription, which comes with advanced threat protection for email. It comes with anti-fishing. It comes with all that encryption. It comes with just tons of stuff. Now that's why I call you as a small business. This is my outlet. This is what I need. Tell me what subscription I should be going to and how you can effectively, give me up to that point without breaking my bank. I don't think people understand how cost-effective this is. The price for enterprise three level, it's only 20 bucks a month per user. Yeah, 20 bucks includes a lot of stuff. That's tons of things and the E5 is just over the top. So the E3 can replace things like WebEx, Cisco WebEx or the GoToMeeting or Zoom. It can replace that because you have the teams. A team's call can support up to 250 users. At the same time. At the same time. Out of the box. Right. So that's amazing. Also, a lot of people are worried about moving to Office 365. They're worried about the cost to get their email over there. And so I gotta tell everybody now that it's very, we have it down as far as migrating from Gmail or from an old exchange server that's on-prem and rotten away, getting ready to collapse on you. That's the kind of stuff that we do. One of the backbones, the course of our mission is to do migrations up to Office 365. Just for the people at Cheap Seats, you're talking about I have Gmail, I've been using it for 10 years. I wanna go from the G Suite stuff to Office 365 but I'm worried. I got a lot of email. I don't wanna lose that. Not just your email. So people aren't really worried about the email. They're pretty confident that we can get that over. What they're usually worried about is their calendars, their contacts, their notes. You know, companies live and die by some of those shared calendars. I mean, that is like, that's the orchestrator of everything. I live and die by my mind. Yeah, but yeah, to be it ease everybody, rest assured that all that comes over and there's no problems with it. There's certain steps you take, a little bit at a time, and then you do a cutover. And at the cutover, everything's already migrated and everyone knows and you inform them. This takes several weeks and everyone's, you don't panic anybody. Like the old days, oh yeah, but Monday when you come back in, everything will be right. Yeah, number one. Yeah, and the thing is, yeah, people on Gmail, most people on other email services are already using Outlook on their desktop. A lot of people, they don't use the web version. They use the Outlook and a lot of customers won't even notice that on the back end, anything's changed to all the calendars. Because you need the domain over. So really the client only thinks you're changing the password. Yeah, they'll come in and they'll have to log in. They'll get a prompt to change. Can you re-enter your password and that'll be it. Let's talk about email for a minute. We were talking before the show about some email features you can set up for security. Yes. To do anti-spam, anti-fishing. Yeah, so there's a couple features called SPF, DKIM and DMARC. I won't go into the acronyms, but if we have a slide, can you pull up the first slide? So the one on the left is the SPF. What is it? The middle is the DKIM and then the DMARC. So basically what it is is there are ways of identifying who you are when you're sending an email. Can you go to the next slide? Oh, can you zoom out on that? We can't get the whole slide on the screen. Well, what you're doing is in the envelope, all the pieces of the email when you send it a little package, there are certain fields in there that you need to match to verify who's sending the emails. Actually, it's actually from that domain, it's from that user, it's from that authorized server. Yeah, so SPF and DKIM will look at to see where the email is coming from. If it's coming from the IP address of a server that you own. Okay, so if it has your domain name attached to it, like davidstevens.com and it's not coming from the davidstevens.com server, then the receiving server will likely reject it. Not only that, where DMARC comes into play is your DMARC will tell you from other servers, other servers will report to you, hey, I'm getting emails from not you. And these are where they're coming from. So you can do some investigation and say, oh, it's a spam server or whatever. So you're protecting not only your servers, so you're protecting your servers from emails coming in, not that don't have these signatures coming from appropriate, what happens now is people get phishing emails from their own CEO, okay? It looks like it's coming from their CEO. The CEO is emailing the CFO or the finance, the accounting guy. We need this bank transfer right here. We need this done, yeah, we need it done now. Don't have time to talk about it. Just do it, all right? And you look at the email and it looks like it's coming from the CEO. It's a business email compromise. DKIM and SPF prevent that from happening. So that only. DKIM's interesting, right? DKIM uses a public private key. Domain key, yeah. So it's a domain key versus, so that's the DK and there's domain key identified mail. And yeah, so it uses public private keys and it won't be spoofed. So you can be rest assured. Now the DMARC though protects, you're not only protecting your own organization, but you're protecting the reputation of your organization to other people so that if an email supposedly gets sent from you to a vendor saying, hey, for payment on your account this month, send it to this bank account. We changed our accounts receivables, send it to this account instead of this account. Thanks. So if you have DMARC set up, you'll never see that email. Though your vendor will never see that email. If you've got your spam setting set up, right. Right, yeah, and that's where it comes in where it's better to hire somebody to go through it. Even if it's just a one-time engagement, make sure it's set up correctly at the beginning because that's what matters the most. I think there's a couple of settings. So you can set this up for nothing. So you can monitor your own stuff. You can send it to quarantine or spam it, or you can just simply reject it, which is you'll never see it. It'll just get sent back to you. I don't know, what's your recommendation? Would you spam it so you can at least see these things coming in? If you don't have anybody monitoring it, I would just say reject it. If you have somebody monitoring and you actually want to track that type of behavior to see if there's any kind of trends, it can be valid information to see. Good forensic data. Yeah, good forensic data to identify if there's any attack trends. Like we're over a series of time that you'll see more attacks versus less attacks. But if you don't have a full-time security team and you just don't want to confuse the system, just reject it, don't give people a chance to pull it out of quarantine. I think we fixed the slide. We can put it back up here and there it is. Okay, yeah, so that's an example. People sending from not a non-allowed domain are just blocked and that's kind of, look, you can either reject it to the junk folder or you can just reject it completely and don't even allow people to see it. But that's the basic idea. And then the next slide, if it comes up the right size, there we go. So that's an example of an effective, how it looks coming from your mail server versus other mail servers and why it's important is that those third-party newsletter service provider gets a SPF failure going to your partner. So that protects your reputation or your customer because if somebody's using your email address to fish one of your customers, it's important that you're protecting them as well. So would you recommend, you could set these, I think the DMARC and the DKIM, you can both say that it's okay for MailChimp to send on our behalf. You have to set that up, yeah. So if you're using any kind of mail platform or, yeah, so MailChimp is a good example, SurveyMonkey, any of these third-party services that you're using, yeah, you do have to set them up. So if you don't keep that in mind, if you don't know all your dependencies, you'll break your own tools. Again, go to the expert. Go to the expert. Go to the expert because it's really easy to fix. Do you do MailChimp? Do you do SurveyMonkey? And if they say, yes, okay, well, we need to add these settings here. Your ears are so magnificent. You sit down and you listen to a customer and through the words that they say, you're picking out the keywords and the services that you can help them with. Yeah, and we do a lot of discovery, too. We'll pick up a keyword, we'll say, whoa, whoa, whoa, can we go back to that for a second? We'll go down a whole other path, yeah. Let's dig down. You also offer something that I think is extraordinarily valuable and we don't have a whole lot of it here in the islands, especially for small and medium business, instead of response. That's something where you go in and you forensically examine a company during an incident of some kind ransomware or email phishing or whatever, but that kind of team has to be ready to go and on the job in a couple of hours, and not a lot of people can have those kind of resources sitting around, yet you do. Yeah, and we're able, through our own local staff plus our partnership with a security operations center in the Mainland US, I say US, I call out specifically, everybody knows what Mainland is, but I call it specifically because we deal with financial, we deal with financial organizations and we deal with government organizations where that type of operation has to be managed from within the US, so within US borders. Continuous US. Yeah, so because we use US partners, we're also able to work with financial organizations. But yeah, we have an incident response team, an incident response plan where this is worst case scenario happens, backups are gone, or even if you have the backup, you want to figure out, hey, how did that attacker get in? So get in again. What did they have access to while they were in, what did they do while they were in there, and it's really important to call somebody in the beginning, and then we'll go through the same steps that you would go through, notify the FBI, and they do anything, I don't know, but it's good for them to have these numbers, it's good for them to have input. And samples of the malware. And if there's any bit coin wallets attached to like, if it's a ransomware, they can track that, and there's been a lot of cases where people have gotten caught just by the bad guys who've gotten caught via Interpol, via the FBI. You're not anonymous on Bitcoin. You're not, it's a number. Yeah, it's a number, and you see the transfers going back and forth. I think. You're more anonymous, but it's harder, more difficult to track, but it's, all those transactions are public, so. You know, last couple of seconds. Yeah. Give us a promo for Hawaii Tech Support. All right. Tell us what you're about and why we should call you. You know, we're focused on simplifying IT. At the core, that's what we are. We simplify IT so you can focus on your business, and I think that's what makes us, that's what makes us a partner. That's an essential service. It's an essential service. Take over IT so I can do my business. And simplify it, you know, make it simple. That's great. Okay, thanks for being here. Yeah, thanks. Thank you very much. Cynthia Ames from Hawaii Tech Support. Thanks for joining us here for local tech support on the Cyber Underground. We will be back in about two weeks with another topic. It's gonna interest you and please you. And I'll bring my clever and pithy dialogue with, maybe a great guest as well. Until then, everybody, stay safe.