Since October is Cyber Security Awareness Month, I invited Erik Knight the founder and CEO of SimpleWan to discuss some of the various data breaches that have occurred and how it has affected their businesses. He warns companies not to take their Cyber Security lightly —- those days are seriously over. Businesses must get a solid grip on their IT department because it might be the one unit that puts you out of business.
The average company is both unaware and unprepared for attacks that occur more than 10 thousand times each day, and the number of these attacks are growing. When a data breach does occur, it can almost guarantee that they are a target for a cyber threat. These attacks are increasing not only in volume but also in complexity and sophistication. Businesses are now being held responsible for protecting their customers and employees privacy by various organizations and governments agencies.
Currently, in the US there are 10 thousand attempted intrusions on small and medium businesses every day and the most common time of the attack is at 3 AM on Sundays as well as on Holidays. Over 169 Million personal records were exposed by hackers in 2015 each confidential and sensitive data record costing $154. The healthcare industry was the industry with the highest record loss, at $363 per record. The number of breaches rose 38% from 2014 to 2015, and we are on pace for another huge increase this year.
Erik Knight is the founder and CEO of SimpleWan. Current IT Chair & Board member of the Arizona Science Center. Prior to SimpleWan he started COMVOICE, an early to market hosted VoIP company, and also an IT company; both successfully sold and rolled up by other companies. He also developed DirtSearch.org, which is a free background search site. Erik currently has 6 patent pending; all involving development and inventing new technologies. His specializations & experience include: Oracle DB; MYSQL/PHP; Cisco CCNA; Microsoft; Windows/Servers; and FreeBSD/Centos/Linux/Solaris. Summed up Several Database, Networking and Operating System Certifications.
With programing experience in over eight computer languages. Erik’s technologies and security experience has been reviewed by and used by fortune 500 companies and government organizations. He is a strong believer in investing back into the community. His philanthropy includes: Operation Home Front, St Joseph Hospital, Toys for Tots, Christmas Angel Program, ChildHelp USA, Make a Wish Foundation, Team Lizzy Bell, The Cade Purdue Foundation, CRS (Children’s Rehabilitation Services), and many more.
SimpleWan is a subscription and hardware based firewall designed for small, medium and enterprise-level businesses that allow them to improve overall connectivity. That means improvements to overall traffic speed, VoIP call quality, security and general IT cost and maintenance. SimpleWan is a wholesale product for service providers that deploys network equipment of any kind on their customer’s premises. Our goal is to provide reliability and the tools to troubleshoot broadband technology quickly in real-time when services go down. We have many unique add-on services that lower the cost to manage hosted subscribers. Our mission is to bring all these tools and services at a wholesale level to content and service providers and lower their overall customer churn.
Below is a rush transcript of this segment, it might contain errors.
Airing Date: October 22, 2016
Craig Peterson: Welcome back to Tech Talk with Craig Peterson. Security, always an issue, and when you’re in the small, medium business space, you’re kinda stuck in between here. There’s a lot of fancy systems out there. There’s some simple ones that aren’t very good. Many businesses, especially the small ones, just go to the big box retail store and buy whatever they might have there on the shelves. Obviously, that can be a real big problem. We’re gonna talk right now about what that problem is. Are small businesses really under attack? Why would anyone want my information? Try and break into my business. We’re gonna answer that question and a whole lot more with the CEO of SimpleWan. That’s where you’ll find them online. SimpleWan, as in W-A-N.com. And we’ll find out a little bit more about what small businesses can do to keep their offices safe but also some of the workers who are working from home more and more nowadays. Erik Knight, welcome.
Erik Wan: Hi. Thank you for having me.
Craig: So let’s talk a little bit about this. SimpleWan, of course, you’re in the security business. But let’s start with the basics here. What kind of risk is really out there for the small-medium business space?
Erik: Well, they’re just as much at risk as big businesses. Except big businesses now are allocating millions of dollars in budget to go out and combat and fight these kinds of things. So they’re looking less and less attractive and so the hackers and you know, the state that are doing corporate espionage, they’re moving downstream to the smaller organizations.
Craig: And how small are we talking about? Does a one man accounting shop have to worry about this?
Erik: If it’s easy to get in, absolutely. And that’s what hackers are looking for. The easiest target. Craig: Alright. So let’s define easy when it comes to targets here. I mentioned, I can’t tell you how many times I’ve been to businesses and all they have is the latest, cheapest thing from Linksys and at that point they think they’re all set. They’ve got the firewall right? They’ve got everything they need right there at that edge device. And I’m shocked, Erik, because sometimes they are buying the internet from a service provider who says they’re all set and yet all they have is this little edge, frankly, a little edge router.
Erik: And that’s what’s scary. And that’s what gives hackers power and tools is if you go to a big box retailer and just buy whatever’s off the shelves and just clip it in and say you’re good to go, they know and they can identify what that device is and that means they can find out what these all passwords are. What these all configurations are? What progs are out there for it that they can use to break in? In fact there’s a massive list that contain those kind of items, then you’re just making it easy for them because you’re giving them a whole roadmap to get into your business.
Craig: Well, that’s a good point. The black arts guys and gals, they’re sharing this information. And there’s more and more state-sponsored attacks too.
Erik: And absolutely. And that’s it in fact, you know, just because you don’t see it, you know, oh it doesn’t happen. But even as a small business or medium sized business realm. What we see is that there’s about 10,000 accepted intrusions a day per internet connection. And people are just looking for those easy targets. And if you don’t see it, you know, of course it’s not happening. But it really is and it’s really scary.
Craig: Alright. Let’s nail this down here. Obviously there’s some risk and in some cases it could be a huge risk. We could be talking about massive fines under HIPAA violations and frankly, every business nowadays has HIPAA information which is personal identifiable information dealing with your healthcare. So if you have health insurance for your employees, you’ve got that so can face fines. If you have credit cards, the payment card industry requires you to have certain levels of security. If you don’t then you can face huge fines as well. That list kinda goes on and on. So even if you think you’re not in a regulated industry, in fact, you can have some serious repercussions because you do have exposure. And when we’re talking about these types of intrusions, these are happening thousands of times a day. And I don’t mean across the internet. Erik, you and I, we’ve both seen thousands of attacks and power against small businesses.
Erik: Absolutely. And it’s happening. And it’s actually, it’s getting busier. And the things that we see out there. Their goal is to not be detected. So the busiest time on top of that, it goes up from there, is Christmas and holidays and when people aren’t paying attention. And when you come back, the first thing you do is oh let me check to make sure all my files are secure. Nobody does that. And so they’re counting on those kinds of things, especially overseas. And you know, the best hack in the world is not being detected. So you may be hacked and not even know it.
Craig: Well, when do these hacks occur? Is this something that’s happening during every business day? Waking hour? Or the more common, you know, at night? Or evenings. Or Christmas Day?
Erik: Well yeah. So they’re happening all the time, first of all. But they increase the severity and frequency when, you know, it’s nighttime here. Because they know nobody’s staying at home, especially small business owners paying attention to hey, am I getting hacked right now? Or you know, what is my risk right now? No, they’re all with their families and kids and doing something else and nobody’s at the office paying attention. That is the time to get in. So at night is by far greater than during the day. Sunday night is the extreme because they know nobody’s paying attention. Nobody’s thinking about work. And then, you know the holidays. Christmas is just through the roof. Especially during that time period because when people do get back to work after taking a vacation, it’s not on they’re mind. They’re trying to just get caught back up. Let alone the security aspect.
Craig: Well that makes a whole lot of sense. Now, let’s say they’ve hacked me. They view some of the bugs that are in that router that I haven’t updated. The firmware in ever, right? So now they’re into my network, how do I know? What are the signs and symptoms that someone’s broken in?
Erik: Well so the average hack is not detected for at least 6 months. And that makes it scary. And normally it’s somebody else calling you up saying hey. My credit card has been used and we’re just taking it back to you. Or your credit card process is saying hey, we’re seeing some fraud based on all the cards that you’ve charged in the last 6 months. Or some of your records were released. So it’s scary because it’s somebody else reporting to you and then that’s when the crisis begins.
Craig: And when we’re talking about crisis we mean major crisis. Has anyone gone out of business because of this?
Erik: They do. You just may not see it in the headlines and especially with the credit card stuff. We talk about that a lot. Is the compliance. Every business that takes a credit card is regulated by something called the PCI compliance and those rules got really tough a year ago. And they’re starting to enforce them. And the severity is for every credit card number that you lose out of your network or that gets stolen from your business for your consumers, it’s a $250 fine. So even if you’re a small business and you only run a thousand credit cards, that’s a $250,000 fine. Most businesses can’t survive this, especially small.
Craig: So what do you do? You got at the bottom line here. We’ve got devices that are sitting there on the network that may not have ever been patched up. And frankly Erik, they may not be smart enough to deal with the current threats.
Erik: What we say is again the hackers are looking for the easiest targets. So do something. If you think, oh well I bought this device 3 years ago and I’m good. I haven’t had a problem, that doesn’t mean you didn’t or that doesn’t mean you’re not going to. So the best thing we can say is have a real IT person. Don’t try to do it yourself because there’s so many security things, what we call zero day analysis and stuff like that. It’s happening all the time and unless you’re in that industry, it’s hard to follow. So, definitely bring in an expert that’s gonna bring in something and some kind of security, you know, peace of mind to you. And you’re already that much more less likely to have a problem because you’re that much harder to get into than the business next door.
Craig: So when you say have a professional IT person this is one of those full time jobs right? Because this is constantly changing, how can a small business afford to have that kind of expertise available?
Erik: Well, if you’re a small business, don’t hire on a full time IT person. But there are plenty of companies out there that manage service providers. And for a monthly fee which is not out there, they will manage everything. And they will work updates with you. And they’ll make sure your firewall is up to date and they will make sure your computers are running the right software. And they’ll give you a report every month that says here’s what we recommend. Here’s what you have to do, and here’s what we’ve been… and you know, it’s very manageable especially since it’s not a huge dollar amount up front for doing those kind of things anymore. But you’ve got to do it. The most expensive part of starting a business today and in the future is going to be your security and safeguarding your customers’ records or they won’t trust you.
Craig: Yeah. And in that frankly could put you out of business too. Everywhere you turn there’s a lot to know. There’s a whole lot to understand. You mentioned, someone to manage it for you Erik. We’re speaking with Erik Knight. He’s the CEO over at SimpleWan.com. And there are now what are called managed security providers that will not only take care of that network edge but will go all the way inside and do these patches you were talking about even for your Windows computers, servers, Macintoshes, etcetera.
Erik: Absolutely. And they are on list. They getting list from government agencies. There’s a lot of FBI partnerships and things like that as far as you’re getting fed all these information. And they’re on the know. And you know, it’s their core business. They don’t do anything else but that. So, you know, we provide tools for those kind of people to automate some of those processes because it’s intense, it’s time consuming. So a lot of that stuff has to be automated and so they can do it for a fixed cost because a lot of their, you know, type of management is automated now. But they also still have to stay up on what’s current and the news and it’s a full time education.
Craig: Yeah. And something that you really can afford for most small-medium businesses. Now, you mentioned what you’re doing here and for those people who maybe are a little bit bigger who are providing some of these services. Why don’t you tell us about SimpleWan?
Erik: So, what we are, think of it as an alarm system. You know, we talk to a lot of businesses and say well, do you have an alarm system? And everybody says, oh yeah, of course we have an alarm system. And then we ask them, well, do you have it monitored? And next question is always will yeah, of course. If we don’t then the police won’t come. And then we talk to them about their firewall and some of their other services that they have. Well, do you have a firewall? And they always say yes. But then we’re like, do you have it monitored? Is anybody watching it and paying attention? And the look across their face dumbfounded is like, oh. When you think about you got ten thousand people a day throwing rocks to your biggest window, which is your internet connection, and you’re not monitoring it, it just sounds kinda insane.
Craig: Yeah, doesn’t it though? Having what you have is called the single pane of glass. So in other words it’s one screen people can go to to keep an eye on the network. So if I’m a bit of a bigger business, I may have a few different offices, I may have people working at home. This is the type of thing that can be deployed in order to make your life simpler and a whole lot safer. And I don’t want people to get by here just thinking, Erik, that having this type of security in the main office is good enough. So many of us are working from home. So many people are using VPNs and that’s extending their office network to their house or their coffee shop etcetera. Now you have potential problems of piggybacking and a whole lot more. So is this something SImpleWan can help to monitor as well?
Erik: Absolutely. So most of our customers are branched so they’re multi-location because they don’t have an IT person on site and a lot of them have home workers as well because some IT person somewhere whether it’s within the organization or an external party, needs to monitor it and be alerted when there’s actual issues and that’s the key. It’s just having knowledge, hey, something is out of whack here. Let’s take a look at it. Somebody needs to pay attention to this and right now, most of the technologies that are out there that you buy off the shelf or, you know, even order online, they don’t do that. You put it in and you forget about it. And the problem is the hackers count on you forgetting about it.
Craig: Yeah. They really do. And not doing the upgrades and, you know, this branch off is… you just haven’t paid attention to because the wheel hasn’t been squeaking. So having it all again in a single pane just makes so much more sense. It’s absolutely incredible. So you mentioned, SimpleWan is really kinda aimed at the slightly larger businesses here, with maybe a couple of branch offices or is this also good for managed security providers or maybe just someone that has a business, that has a few customers where they’re trying to provide them with IT services?
Erik: Absolutely. And so our focus is of course, we do a lot of branch sites. But our actual customers are those managed security and service providers that are doing that for multiple small businesses. So the bottom line is to provide a cost-effective service to multiple businesses and not live out there. You have to do things like these so that you can actually give them a good service but not have a ridiculous cost. And so we provide this tool for a lot of managed service and security providers so that they don’t have to run out to the office and build people to do that and things like that and do it all remotely and can be completely on the know of what’s going on.
Craig: Yeah, that’s really good. That’s very, very important here. Now I wanna go out, Erik, talking about one more thing. People are still going to kinda think they’re invincible. Maybe they don’t wanna stir up the card here because things have been working. I don’t wanna open up this whole IT can of worms here for everyone. It could be absolutely crazy. But the bottom line is everyone has breaches. We just saw the NSA apparently got hacked. Tools were apparently stolen and put up for auction online. FBI’s been hacked. Everyone gets hacked. And the lack of attention to some of the details and the confusion in a larger organization where you don’t have the single pane. You don’t have one throat to choke coz I like to put it, seems to really be a contributing factor.
Erik: Well, bottom line, I mean certainly there’s a part of these hacks, you know hackers looking for particular businesses and organization types. But online you have an address. It’s called an IP address. And you look just like your neighbor and them and the next person after that. And so the hacker’s not saying oh, well I wanna get Bob’s Dry Cleaning. I’m gonna go after them it’s a small business. They’re not looking for that. They’re saying Bob’s Dry Cleaning is really easy to get into and they’re not specifically targeting Bob’s Dry Cleaning. They’re going after it coz it’s easy and it looks like a general address on the internet. It’s like driving down the street in a neighborhood and looking for the easiest house to break into. That’s what’s going on right now.
Craig: Alright. It’s a big problem. It’s a problem that has to be addressed. We have to address it. We can’t rely on anyone else. We, as small business people, have amazing, amazing amount of liability that most people just don’t recognize. You gotta get the security in place. You gotta keep a close look at it. You need to get someone who manages security for you. If you’re a larger organization, you really need to get that single pane of glass. You should have a look at SimpleWan.com. They’ve got tools. There you could see what they’re doing. What they’re providing. And they can help you with some of the costs because some of the bigger names with the bigger systems might just be priced out of your price range. I’ve seen that many times as well. Erik, thanks for being with us. Anything else you’d like to add?
Erik: The big thing is we tell all business owners to don’t assume that what’s there is ok. If you do something, you’re doing more than your neighbor and you’re that much safer.
Craig: That’s a really good point, right. If you lock your front door, it provides just enough safety here for you. So let’s do it. Let’s be better than our neighbors and continue to improve. Erik Knight has been our guest. CEO over at SimpleWan. He’s been involved for two decades now in the security side and IT as well. Lots of great information there. Thanks for being with us today.
Erik: Thank you for having me.