Tech Stamps

You’re only as good as your weakest link

Chili Cheese Charlie

Our inner circles talk all the time about who got hacked, who’s been breached, and what the latest ransomware is. What often goes unmentioned is why this continues to happen.

Is the technology not there to protect businesses from these sorts of things?

Is there a lack of technical acumen within our industry to implement secure environments?

Are we over utilized and under resourced?

The simple answer isn’t the same for everybody. However, what is a simple answer is look for the lowest hanging fruit and start there. Find the things that are easy to remediate and work to resolve those issues.

“But why the long intro Reno Ray?”

Our inner circles also interface with a lot of MSPs, CIOs, and small business owners. The one thing that comes up is “Hey! I saw this new thing on my forums!” – many times, these things end up being beautiful marketing material with absolutely no meat on the bones.

Take for instance “The Cloud” – beautifully marketed and a phenomenal powerhouse of recurring revenue for Amazon, Google, and Microsoft. Why invest $40k in your small business today (that will only last 5-7 years) when you could migrate to Azure and only pay pennies per hour… On the surface, a VM for $750 per year seems easy. Until you realize that you may need more than 1 VM. Or permanent storage. Or worse, a database needing compute, storage, and all the other fun stuff… Let’s say you have a total of 10 servers in that cloud environment – we’ll say we have 4 that are basic, 4 that are a little more powered, and 2 that are big SQL servers. Your yearly cost easily balloons over $32,000 per year; and that’s before you consider long-term file storage or backup solutions or firewalls or people to manage it appropriately… Not a knock on “The Cloud” – but in this instance, it is clearly marketed very well to get the most money in to the hands of the owners of those technologies…

Another more concerning instance is surrounding “new” technologies for the prevention of SPAM and Phishing attacks on the O365 platform. A buddy’s MSP client was discussing his “new” partnership with a firm from Europe. Further investigation shows this firm has bought up failing SEG/MTA products and branded them in to their portfolio. On top of that, they make really pretty reports as to what is going through their M365 tenants; but they aren’t nearly as effective at catching those threats as they are reporting them.

The last instance is in the MSP realm. With Kaseya taking a liver punch recently, MSPs are searching for where to spend their money. One such MSP claimed on a Reddit board that they had found the holy grail. They had found a grade 5 Wagyu brisket for $1.99/lb. They claim all sorts of great things about this product… a few minutes of Dr. Google or Mr. Bing shows that the product they are excited over is nothing new; it is full of security holes, built on legacy equipment, and really shouldn’t be installed on a production environment.

The point here is do your work. Review the product. Review your team. Review your holes. Pick the low hanging fruit and work towards staying off those lists and news articles. Don’t buy in to the new shiny things – they may cost you money, reputation, or your business…