What would happen if your business got hacked tomorrow, would you be ready? In this episode of the Vital Wealth Strategies Podcast, host Patrick Lonergan, a high-level tax strategist and entrepreneur, sits down with Steven Saehrig, founder of Descent IT and a cybersecurity veteran with over 20 years of experience protecting small businesses. Together, they dive into the hidden risks entrepreneurs face in today’s digital world, from phishing emails and ransomware to employee access and outdated hardware. This is a must-listen for any business owner who wants to safeguard their operations, protect sensitive data, and avoid the massive financial and reputational costs of a cyberattack.
More than just fear-based warnings, this episode offers a roadmap for taking proactive steps, without needing to be “techy.” Steven breaks down exactly how to start thinking about cybersecurity and IT as a foundation for business continuity and growth. Plus, Patrick ties it all back to his core mission: helping entrepreneurs not just protect what they’ve built, but scale it with intention. Whether you are the IT department or have your own internal team, this conversation will leave you with practical tools, fresh perspective, and a clear next step forward.
Key takeaways from this episode:
- Why small businesses are now a top target for cybercriminals
- How a single click can lead to devastating data loss and how to prevent it
- The importance of password managers, MFA, and backup strategies
- What a “defense-in-depth” cybersecurity strategy looks like
- Why reactive IT support is costing you more than you think
- How cybersecurity connects to overall business growth and peace of mind
Learn More About Steven:
Company Website: Descent IT
Contact: steven@descentit.com
Resources:
Visit www.vitalstrategies.com to download FREE resources
Listen to the podcast on your favorite app: https://link.chtbl.com/vitalstrategies
Follow on Instagram at https://www.instagram.com/vital.strategies
Follow on Facebook at https://www.facebook.com/VitalStrategiesPodcast
Follow on LinkedIn at https://www.linkedin.com/in/patricklonergan/
Credits:
Sponsored by Vital Wealth
Music by Cephas
Art work by Two Tone Creative
Audio, video, research and copywriting by Victoria O’Brien
Patrick: [00:00:00] If your business got hacked today, would you know what to do? Would your client data be safe? Could you keep running? Or would everything grind to a halt? Welcome back to another episode of the Vital Wealth Strategies Podcast. I’m your host, Patrick Lonergan, and today we’re diving into a conversation that every entrepreneur needs to hear, especially if you’re still the IT department for your own company.
I’m joined by Steven Seig, founder of Descent It, and someone with over two decades of experience helping small businesses like mine secure their operations, safeguard their client data, and stay ahead of cyber threats. Steven’s not the kind of guy who’s going to overwhelm me with technical jargon and instead breaks things down in a way that’s clear, actionable, and immediately useful.
In our conversation, we talk about the real risks business owners are facing today. While cyber criminals are targeting small businesses more than ever, what it actually looks like to [00:01:00] build a proactive, modern IT and cybersecurity strategy. And here’s the thing, this isn’t just about avoiding disaster.
It’s about creating the kind of peace of mind and operational efficiency that allows you to focus on what really matters. Growing your business. And speaking of being proactive, don’t just protect what you’ve built. Let’s help you build more. If you’re ready to start making smarter tax moves and creating a strategy that supports your long-term growth, head over to vital strategies.com/tax.
That’s where you’ll find resources to help you stop playing defense with your finances and start building with intention. Stick around this episode could save you thousands and help you sleep better at night. Let’s get into it. I am excited about our conversation today. We’ve got Steven Seig, who is, I’m gonna call him our it, and he’s hesitant to let me call him a cybersecurity expert, and we’ll get into why we’ve got him on the, the show because there’s, uh, so much that’s happening out there in the [00:02:00] technology space and the threats that are coming at, uh, businesses, not, not just big corporations anymore, but really the, the small businesses are being attacked as well.
And so I think we need to have our safeguards in place and. Steven’s going to guide us through that process. So Steven, thank you so much for, for joining us here today.
Steven: Thank you for having me. Really looking forward to this.
Patrick: Yeah, so I’m thinking about the entrepreneur and really we’ve got a, a stack of problems that they have.
First, I think cybersecurity threats are becoming more sophisticated than ever. Entrepreneurs are facing ransomware attacks, phishing, uh, data breaches that can just absolutely cripple operations. And then they also feel uncertain and vulnerable. Like, I don’t know where to go. I don’t know if my security stacks enough.
How do I like, have somebody take a look at this and make sure that, uh, you know, I’m not gonna wake up some morning and find out that I’ve been, uh, digitally hijacked. And then lastly, you know, entrepreneurs build this thing, right? They, they build this business, this empire, and they don’t wanna lose it to some invisible, far [00:03:00] off enemy that, uh, you know, has taken their wealth and their legacy.
So. I’m excited to get into how we’re gonna resolve some of these things, but, uh, can you give us a little bit of your background just in regards to, I’ll say it, and, and how you got involved in this space and, um, what your current endeavor is now?
Steven: Uh, ironically, my, my journey into it, I didn’t actually start out in it, been in the space for about 23 years now.
24, something like that. Um, funny story is my intro into computers was that in college I was accused of hacking the school network. Um, which at that point in my life I knew nothing about computers. I had one, I used it. Mm-hmm. And somebody hacked me. Uh, and that’s how I got kind of intro to computers. And then I met a guy who was doing consulting and it, he is like, you’re pretty smart, you should do this thing.
So I went to school. Uh, started out in healthcare it where it was really focused around security and mm-hmm compliance. And I had a great, great mentors who fueled my, [00:04:00] uh, I could never be fulfilled by how much I could learn, how quickly I could learn. So they just let me do whatever I wanted to do. And so I’ve started out in that, in healthcare.
It moved into the consulting space about 15, 16 years ago and have been doing small business consulting. For companies from one employee to 500 employees, um, in all areas of it, right? Like you can imagine having 20, 30, 50 clients that all just have various technology requirements and cybersecurity requirements.
And that’s been my last 15 years and it’s been a
Patrick: lot of
Steven: fun.
Patrick: I love it. I I love the, uh, the fact that you got introduced into, you know it by Yeah. Being accused of hacking the school network. That’s, uh,
Steven: fascinating. So it was a very wild thing that the guy did not believe me. Um, but we, I eventually convinced him that it was not me.
’cause I didn’t even barely knew how to turn the computer on and off at that point in my life. Yeah. But that’s,
Patrick: that’s good. So, um, I, I think one [00:05:00] interesting topic we were talking about that I think is worth exploring is, is just thinking about. IT solution. Okay. Mm-hmm. Like I could go hire an internal IT person, but unless I’m, I don’t know, traded on some stock exchange somewhere, that probably doesn’t make a lot of sense because it would, it would cost me way too much to bring all of the expertise I need in-house to manage all my stuff versus doing it on a more, I’ll call it fractional basis by, by hiring, uh, an outsource firm like descent.
So can you talk to us a little bit about like. Uh, maybe some of the different challenges that, uh, businesses face and all of the different hats that their, their IT team would probably need to wear to be able to, uh, effectively, I dunno, just make sure their, it is running effectively and also protecting themselves against some of those threats out there.
Steven: I mean, technology has come a long way and, and the technology use by business has come a long way, especially in the last 20 years. Um, combining the fact that we’re in the cloud. And [00:06:00] utilizing cloud services and software as a service solutions plus, um, internet of things, devices that are now in our networks and incorporated into our businesses.
Video conferencing, web, you know, podcasts, like everything that we do in a business nowadays requires technology, and especially post COVID work from home has become a huge thing, which just changed the entire landscape of how we do things in a business. And so it these days can’t really effectively keep up with that and, and businesses can’t keep up with what it takes to staff.
Something like that. You need cybersecurity consultants through, well, cybersecurity person on your team. You need a help desk. You need technicians that are going on helping their end users. You need si server people. You need virtualization people, you need cloud people. You need so many different roles in the organization that depend on different technology expertise.
You just can’t hire all those people. And most businesses [00:07:00] see IT as a expense. Mm-hmm. And they don’t really invest in that part of their business as far as they should, which leaves them vulnerable to many different things. Nevermind cybersecurity, that’s one component of it. The just overall running of their business technology requirements has expanded greatly and that’s why the business of having outsourced IT consultants has grown so much in the last 20 years is because.
We as consultants can bring in the people needed to fill all those roles and provide just that fraction of service mm-hmm. To the clients that need them. And it’s just, it’s a, it’s rewarding for the people that are in this field because they get to learn and grow at a rapid paces, which is what they want.
Yeah. And, uh, and the businesses get to benefit by not paying for services that they don’t need all the time.
Patrick: Yeah. Yeah. No, I think this is great. And I, I think the, the trick is most entrepreneurs start off and they’re the IT department, right? Oh yeah. I go to, you know, I order my computer off of Dell and that’s like, you know, uh, then I’m figuring [00:08:00] everything out.
Then your team starts to grow a little bit, you know, and I’m just, I’m just gonna speak of my situation personally. We were all essentially located in one spot that that made it a little easier. You know, if somebody’s computer broke, they could bring it to me, who was the IT department and I could fix it.
Now we’re spread all over the United States, and it’s like that. That doesn’t work. I can’t. Help them triage ’cause I barely know anything anyway, uh, about it. And then I just think about like the efficiencies of like technology, like you’re talking about,
Steven: you know,
Patrick: making sure all of my stuff is running efficiently and effectively.
Like I’ve been on a machine that has had some problems and it’s taken me forever to make anything happen and it just killing my productivity. I’m like. I don’t know what this is costing me, but it’s real dollars at the end of the day. And so then our evolution was like, okay, we’re gonna, we’re gonna pay this firm to basically troubleshoot whatever pops up.
They’re gonna just bill us on a, an hourly rate to like, fix whatever problem that somebody’s having. My Bluetooth [00:09:00] headphones won’t connect to my computer, like, fix it. You know, my keyboard stopped working, um, you know, help me resolve this. So. Things like that. And that’s, that was sort of the place we settled for a little while.
And then I’m like, man, I’m just seeing all of these, uh, it seems like cybersecurity started working its way down. Like these huge organizations were being attacked, uh, hospitals. Then we started seeing like, uh, banks, smaller banks, smaller financial institutions, and I’m like, holy cow. We’re not very far from.
This, and we’ve got a lot of sensitive data. And so it’s, it’s now time to grow up and I’ll say, bring a firm like descent it into the mix and go, all right, we need to, to assess where we’re at, what problems we have, install the, the proper protocols to make all these things work. So can we just talk a little bit about what I’ll say next steps look like for an entrepreneur if they’re like, okay, uh, I need real help with my IT and [00:10:00] cybersecurity.
Where do we start in this process?
Steven: I mean it’s, uh, oftentimes it’s just by starting to ask that question and think the way you just laid it out, right? Mm-hmm. Is it’s wondering, it’s always questioning whether you are protected or not. And if it, in the model you talked about going from, you know, we’ve all been the entrepreneur that is the IT department.
I’m in the IT department and I am the IT department, right? For my business and for my family. And I think. When we get from the, I’m doing it on my own ’cause that’s all I can afford to do, to now I’m, I’m paying somebody else to help me when I need them, which is a very reactive approach and it’s really costing you more money than you think it’s costing you because you’re waiting for the problem to happen before you fix it.
And then you’re waiting to fix it. Uh, and then you move into a more of a proactive model and a secure model where you have people, you have a team around your business that is melding. Technology with your business goals. Mm-hmm. And cybersecurity that is the right blend of protection, but not impeding your [00:11:00] ability to do your job and to be productive as a business and for your employees.
And I think that’s where descent it really comes together is we’ve taken the last 20 or 30 years of experience that we have and said. What’s the defense in depth approach that we’re gonna take to protect our clients from cybersecurity risks? What are the tools in place that we need to have to maintain and manage their devices so they don’t have problems and they don’t need to call us?
And then what are the people and processes that we’re gonna play put in place that have a proactive approach to. Solving problems before they become a big one that really mm-hmm. Take out your day,
Patrick: basically. Yeah.
Steven: Right. Yeah. Um, and so that’s, that’s where we came in and that’s how we handle things. We’ve got a great package for our clients of blending, of between protection and maintenance and prevention that really causes them to not have to call for problems.
Um, not as much as little as possible. Anyways,
Patrick: this is great. So you touched on [00:12:00] something and I, and I want to sort of run down this rabbit trail for a second. I, I think my, my mo with hardware has been use it till it dies and then I get a new machine and I’m like, why did I wait so long? You know? Um, and so can you talk a little bit about how, what is a good proactive strategy with our hardware to just make sure that we’re.
Uh, ’cause downtime’s super expensive. Mm-hmm. I’m fortunate. I’ve got, I dunno, I like working off a desktop computer. Uh, I’ve got a bunch of monitors and mm-hmm. So it just seems like it keeps up nicely, but I also have a backup. Uh, I’ve got a computer at home and then I’ve got a laptop, so it’s like I can find another place to work.
And like you talked about the cloud.
Steven: Mm-hmm.
Patrick: Uh, it’s a beautiful thing, right? Yeah. I get done with working on a document at the office. I go home to. Finish some work after the kids go to bed and it’s all, it’s all there and, uh, ready to go. But what, what is a good rhythm for, I’ll say, updating my, my hardware that, uh, I should be keeping in mind.
Steven: So for, for most organizations it’s about a [00:13:00] five-year lifecycle on equipment, uh, for, especially for end user hardware, but that is driven based on the use and the business that you are. So, uh, a nursing or, um, at home nursing facility probably is not gonna get. Five years out of laptop, they may only get three, a manufacturing environment where they’ve got equipment in rooms that is machining, equip, you know, machining metal.
Mm-hmm. Or liquids, right? They’re gonna get two years outta their equipment. So every dev, every company has to have a life cycle strategy that they work out with, with their IT team to say, what’s the right thing for my business, on average three to five years for computers, but. It really plays into the environmental mix of how you wanna use a computer and the cost of business, right?
If you mentioned stock trading before, right? Mm-hmm. Their computer’s much shorter, lifecycle speeds much more mm-hmm. Into, you know, it’s a different, it’s a different lifecycle there, but I, I see like laptops and even it two to three years.
Patrick: Mm-hmm. [00:14:00] Yep. Yeah. And, and I think that that makes sense. I just look at the pace at which, uh, computers and technology evolves.
It, uh, it seems like. Yeah, what used to be the top end computers. Now, you know, we can look back, you know, almost comically back into the seventies when these machines were, you know, the size of entire rooms and they had less computing power than our cell phones now. Oh yeah. Um, so, um, yeah, remember those days.
And one thing that I really just appreciate is, uh, the convenience of, uh, calling up your team. Going, Steven, I, I’ve got a new hire. I need a machine sent out to him that’s got all the stuff on it. Right. And like the fact that, you know, they basically open it up and are ready for business, for lack of a better term versus like when I was the IT department, I would get a computer and it would take me an entire day to.
Put all the software on it, get all logged in, get everything transferred over. It was, uh, a total pain [00:15:00] in the neck. So I just appreciate, I, I don’t know what that is worth, but it’s worth many thousands of dollars to me. The fact that it doesn’t take a, a day of somebody’s productivity out of the equation to keep business running.
So,
Steven: yeah, I appreciate that. And, and we work very hard on making that a reality for our clients. Um mm-hmm. Because time is money for all businesses. Right. And, and the automation and collaboration that we like. Uh, let’s use you as an example, right? An employee gets a new computer. There’s a list of things that would take you a day to set up.
Well, we can in it, be effective and efficient and streamline most of that, or automate most of that. So that way we spend an hour or two doing that and your team gets to get hit the ground running by just logging into their laptop and everything being available. Yeah, it’s a, it’s hugely valuable. It takes some time to set up in the beginning, but.
Yeah, I just, everybody
Patrick: really appreciates it. Yeah, absolutely. Um, and, and I think that’s the name of the game. Uh, [00:16:00] I, I just think about the efficiency and the, like, we get to stay in our lane and focus on the things we’re really good at and let’s like hand the things off that are gonna distract us and slow us down from, from doing our work.
And, uh, you guys do a great job of that.
Steven: Appreciate
Patrick: it. I also think about some security measures that have come into the equation that have been really good for us, and they’re very simple things, but I think it’s worth highlighting. Um, I had a friend of mine, he owns a manufacturing, uh, business. He got an email, uh, no, no, excuse me.
His CFO, his internal like, uh, staff accountant got an email from, they thought it was Craig, uh, the owner of the business. Yeah. And um, it was not from Craig. And it said, wire money to this place and she did it. Um, and the reason I bring that up is I get a little notification on my, uh, emails now that I used, didn’t used to get before.
I don’t know what magic you did to make this happen, but, uh, um, [00:17:00] it, it highlights that it’s an external sender, you know? Mm-hmm. It, it’s coming from outside of my organization, not, not somebody inside my organization. And like, if that would’ve been in place for them, a very simple thing, it probably would’ve saved them.
Five figures in money that they wired out someplace that they’re never getting back. And um, so how do things like that come to be like? ’cause I, I think those simple little like notifications, little tools. How do you, how do you get those pieces sort of rolling and installed in somebody’s business to make sure that, uh, you know, they’re protected from attacks like that?
Steven: So we, we employ a defense in depth strategy. I talked a little bit about that before, where we are not just looking at the computer, like the old way of it was, I bought antivirus for my computer and now I’m safe. That doesn’t exist anymore, especially with everybody moving to Office 365 or Google, uh, workspace, right?
We have to protect you where your information is. And part of that is through some of the built in, like the external tag is a great [00:18:00] example of something that is natively built into Office 365, but disabled by default. Um, and so we just have a checklist. We’ve developed a checklist of all those required, we, what we believe is required for our clients to be secure.
And one of those things is the external tag. Mm-hmm. There are other components of the cloud security that are behind the scenes that you probably haven’t even noticed that are. Way more powerful than that. Um, something like, um, I dunno if you’ve run into it yet, but smart banners. So, uh, the systems that we have filtering email, look at the content and say, this is a person trying to get you to send them money.
And it’ll add a banner saying this is an external email and yeah, they’re asking for payment. This, it might be of beware, or there’s an invoice in this attachment, or something along those lines. Um, and it. We try to filter out as much as that, but mm-hmm. You know, cyber attackers, this is a business for them and they’re ever evolving and continuously pushing the [00:19:00] methodologies that they use to hack into us.
Um, and or get into us, send emails through. Yeah. And so we’ve looked at a few other components of that, which is having a security operation center team actually monitoring the behavior of what’s going on in your environment at the same time. So there’s a whole team of people, cybersecurity professionals.
That are watching the activity of, of where your logins are happening from. Mm-hmm. Is this an anomalous behavior? Are they extracting data out of my environment? Uh, a whole number of things that are happening behind the scenes. Yeah. That, uh, if you, uh, did click on that link are gonna protect you.
Patrick: Yeah.
Yeah. This is great. So I, I want to go through and unpack a few pieces there, ’cause I think this is, is really good stuff. So. One of the things you said, like being a virtual team, you know, we’ve got people from coast to coast, uh, north and south, and then so we’re, we’re logging in from all over the place, but you’re like, Hey, you’re not in, is, you know, someplace in Europe, right.
Uh, and we see a [00:20:00] login over there. And so, um, so what happens, like, let’s say there’s, there’s something that’s weird. Mm-hmm. Is that, um, do you default to going, okay, we’re gonna like. Sort of put the pause on letting them log in until we verify that this is correct or Yes. What, what happens when something like that flags?
Steven: So there’s different ways to do it, and it’s based on the business as, uh, as an IT business and protecting the type of business you are. We would default to the, the, the rule is default to secure, right? We, I would rather apologize for inconveniencing your appointment, your employee, than have a cybersecurity event happen for you.
Right? Uh, and so. The cybersecurity team would see that ano anomalous behavior and they would immediately create an event and block the login, and then they would contact us. So we can contact you to verify is Pat in Europe? Yep. Um, what’s he doing? Um, right. And so we would then verify, and that’s happened.
I actually once had a, an had a client that plugged in a laptop he hadn’t used in over a year, and the [00:21:00] cybersecurity team blocked him out and said, this device successfully logged in from a computer that hasn’t been used in over a year. We locked him out. Can you verify? And I called him, he is like, yeah, I took it outta the drawer and I used it.
Was I not supposed to do that? No, you can do that, but just, you know, let us know next time. Um, because that kind of stuff happens. And if you think about the cloud, it’s available globally, right? They do not need to be here to attack your business. They don’t even have to know who you are. They just have to find a user account on the dark web that has a password and try to get it.
There’s entire teams being paid to just do that out there in the world.
Patrick: Yep. And, and I think this highlights a good point, and this is, this is something I mentioned in the intro that we’ll circle back to, is you were like, I don’t know if I want you to call me a cybersecurity expert. Yeah. Because the, the cyber crime out there is so advanced, right?
To stay on top of that, you’re almost always behind. Right. They’re gonna find a, a way to exploit something and then you’re playing the [00:22:00] catch up game to make sure that you’re sort of closing those gaps. Um. Yeah, that’s worth acknowledging is like, you know, the criminals out there, there’s a lot of financial incentive to, to go out there and find a new way to exploit, uh, technology and, you know, human behavior to, to take advantage of.
So I’m just trying to think through, I’m thinking through a number of different businesses, right? Yeah. It’s shocking how much of, I’ll call it non-public information businesses have, even if we’re, you know. As soon as I take your payment information. Yeah. You know, and I have that, uh, on file, which most businesses, or I don’t wanna say on file, I don’t think you can technically keep credit card information on file, which is probably good.
But if I have, you know, payment data somewhere somehow in my system and that gets hacked, that’s, that’s a bad day. ’cause now all of my, uh, client’s data and it’s like, just about every business has got that. Um, I, I’m just thinking through like. Let’s say I’m a couple person business, I’m thinking of med spas, right?
Like, you know, [00:23:00] it seems like med spas are, you know, becoming more and more popular. And it’s like, okay, they, they’re bringing in some pretty decent revenue. They’ve got a pretty affluent client base. They probably have some medical information that, you know, uh, could be awfully important to keep safe. And I, I put that cate that, that business owner in the category of like, I’m just figuring it out and sort of on the go, you know, I’m itt.
I think like dissent is a perfect example of, um, an IT shop that can get those people set up and their data protected and it’s an ounce of prevention that creates a worth a pound of cure on the, on the backside. You know,
Steven: let’s talk about that scenario for a second. ’cause I think if it’s an interesting problem that, that’s out there is that a lot of businesses like, like that think that.
I pay for an electronic medical record system that’s stored in the cloud. So, and they have security. So I’m all set. You’re, you’re only as secure as your weakest link. And your weakest link is usually [00:24:00] your, you or your employee. Yeah. And sometimes your computer. Right. It’s ’cause as an attacker, all I need to do is gain access to your computer and I can collect your password, your username, take recordings of everything you’re doing, and then go back and attack that system off your network later on.
And it doesn’t take but one click. To get wrong, one wrong click to get into your computer. Mm-hmm. There are, um, there have been companies that I’ve known that have had, have been attacked, but not through their primary business. It was through their bank account. It was by knowing the answers to their security questions with the bank, and all of a sudden their money’s transferred and they didn’t hack anything.
They just social engineered you and got your questions right. So as, as a person like that or a company like that, you really wanna be protected, you wanna protect the entry points, and you want to have access to people that can provide you expert advice quickly. Mm-hmm. [00:25:00] Because you don’t know what you don’t know.
And sometimes, a lot of times in those scenarios in action is worse than action. Mm-hmm. You know, pre I can remember it was not that long ago, year, few years ago. I would get yelled at if I locked somebody outta their email for maybe being compromised. Mm-hmm. And now with the, the how prevalent cyber attacks are and how much they’re out there, owners are like, no, kick them out.
Don’t, don’t let them work. Right. I’d rather them not work than, than be not be secure. And I think we all have to have that mindset of like, act before the event happens and be prepared. Um, so that, that you minimize your risk. You minimize and you bring back your speed of recovery. Mm-hmm. And it’s every single company out there.
Yeah. Every single company. There’s nobody here that does not need cybersecurity. Yeah. Nobody in this business. Nobody in any business doesn’t need [00:26:00] some level of cybersecurity.
Patrick: Right. I wanna challenge anybody listening to this episode. I guarantee you’ve received an email that has an attachment that. It looks, suspect, you know, it might come from something, you know, it’ll be like an invoice or fax or, you know.
Mm-hmm. I don’t know. Something that gets into your inbox and I’m like, I know that’s trouble. I’m gonna delete that whole email. I’m not touching that thing. But like, those are all threats. And like you said, it’s one wrong click. Right. I click on that thing now it, I don’t know, running some program on my computer or kicks off some, you know?
Yep. Um. Some issue that now a problem.
Steven: I’ll give you an example that I literally, before we started this interview, had that exact email in my inbox saying, Hey, here’s your sales report. Yeah, I don’t get any sales reports, right? Uh, and all I have to do is open that attachment or click on that attachment and it could dump all the passwords outta my browser.
That’s why I don’t [00:27:00] keep passwords in browsers. If you keep passwords in Chrome or Firefox or Edge, don’t do that because with yes, within seconds they can be compromised. Yes. Um, and you wouldn’t even know it. Um, yeah. So the thought process around this, this cybersecurity is like, it, everybody feels like nobody’s coming after me or mm-hmm.
I’m, I’m okay. ’cause nobody knows me. There’s no nothing about, it’s not about you, it’s about the bus, the money they can make off you as your business and how easy it is to happen. Mm-hmm. Because you’re the least suspecting person.
Patrick: Why would they come
Steven: after me?
Patrick: And it is almost a numbers game, right? It is a numbers game.
I can throw email, emails out there for days. I can put ’em in just about everybody’s inbox. Um, and I just need one tiny little percentage of those people to click on it. And now I’ve got one. Right now I’m, I’m generating revenue. And in
Steven: fact, when you talk about that [00:28:00] email, the fact that you’re getting those emails only, and if you mark it red.
You open it accidentally. They know you opened it. You may not have clicked the link to execute the payload, but they know you opened it and they’re gonna send you more. And if anything ever did happen to your business, you are, you are, I don’t even remember how many times it was, but somebody said, I think you’re like five to seven times more likely to be attacked again after an event actually did happen.
Right. So
Patrick: fascinating.
Steven: It’s crazy. And there’s a lot of reports that come out with a lot of data. That’s why I try not to. Try not to dispute too many numbers because in 10 minutes there’ll be a new report from some company that talks about the number of attacks. But Verizon does an annual report and there’s billions of attacks and a lot of them are successful from the most simplest thing that you’d never suspect.
Um, and, and I’m gonna say this, some of them, a lot of them happen to in-house IT people, SIT, people that have administrative access. Interesting.[00:29:00]
Patrick: If this episode has you thinking about protecting your business from threats, you can’t see cyber attacks, data loss, downtime, then it’s time to start thinking the same way about your money, because let’s be real, taxes can be just as much of a threat to your business as cyber criminals if you don’t have a smart, intentional strategy in place.
That’s why we created vital strategies.com/tax to help entrepreneurs like you. Go from reactive to proactive when it comes to your tax planning, we’re talking about real strategies, real savings, and real clarity so you can keep more of what you earn and use it to grow. Whether you’re just getting started or you’ve been in business for years, this is where you begin building a tax plan that works for you, not against you.
So don’t wait for the IRS to come knocking or April to sneak up on you. Head over to vital strategies.com/tax and let’s start building a plan together.
You touched on [00:30:00] passwords. Yeah. I think this is, especially in the, I’ll say the remote environments we’re, we’re in, it’s so easy to just be like, I’m just gonna share this password with somebody, and now you’ve got, you know, a million people or you just simplify all your passwords and they’re, they get you into everything.
Uh, we utilize LastPass. We think it’s a great tool. I couldn’t tell you any of my passwords. Mm-hmm. I don’t have any of them memorized because the, the tool does it for me. So are absolutely a Let me ask you the question. Is that a good place to start? Is there a better tool? Um, yeah. Is there, and maybe it’s, there’s better, but is it sufficient?
Um, yeah. I’d like to just know your thoughts on passwords and how we should go about keeping those
Steven: passwords. Uh, so I’m gonna say what? No, don’t do, do not create a spreadsheet with passwords. And and do not think that by locking the spreadsheet with a password that they’re secure ’cause they’re not. Okay.
Yeah. Don’t store them in browsers. Absolutely. Use a product like LastPass Keeper, [00:31:00] OnePass. There’s a ton of them out there. Pick a reputable one. And use as a business, it’s very valuable to store all those passwords in there and share them securely in a manner that you can revoke access also. ’cause you, you’re using product like LastPass, you share it with me, you can remote, you can revoke access for me when I’m no longer an employee.
Yeah. Um. The other part that, that using a password manager brings to you is the ability to use things like pass keys instead of passwords. And that’s probably the next evolution of security is, is really looking at past keys, which are digital tokens that are stored in your password manager or on your phone.
And I’m sure everybody with an io, you know, on iPhone or an Android is seen past key saving. Those are even more secure and there’s no way you’re gonna remember them. So having tools in place, um, really helped in fact. I use a password manager with my entire family. Mm-hmm. If they want the access to Netflix, it’s in the password manager.
Go get it. Yeah. So, um, it’s, it’s very [00:32:00] valuable. We use it in our business with all of our employees to securely share, not only share audit, who’s using it, when they accessed it, when it was updated, who’s seen it, did they copy it? You get a lot of information.
Patrick: Yeah, I, I love that. And one of the things that we do with LastPass is I can share a password without sharing the password.
Yep. And if they have LastPass installed now, LastPass will automatically fill it in without sharing that password with the individual. So if somebody decides to leave, okay, cool. With one click, I can remove them from LastPass will let me force log them out, and then it removes their access. So, uh, they.
Can’t get back in, which I think is a, an awfully valuable thing. Just again, and you know, you get somebody that’s, it’s struggled in some, some capacity, like man, that’s dangerous. So, oh yeah. Yep.
Steven: Yeah. And you can integrate them with different tool, different, like Office 365 and other login methods so that, you know, onboarding an employee for offboarding, an employee [00:33:00] can fully activate or deprovision them from all the systems in that are related to your business without having to think about setting them up.
So. Um, it’s, it’s very powerful, but you, you really only get that knowledge by working with professionals that are doing it every day.
Patrick: Mm-hmm.
Steven: Yeah. Um, so
Patrick: yeah, this is, this is so good. So I’m, I’m thinking through, we’ve talked about a lot of different things. Is there anything else out there that is low hanging fruit that people should be like, bare minimum, like, I love all the monitoring and everything that descents doing for us.
Like, like that, that’s, that’s higher level. Is there like a step one, Hey, if you don’t have this, go do it today before you call descent and get sort of, uh, things rolled out that, uh, people should really be considering. We’ve talked about passwords. I didn’t know if there was anything else that’s like, um, multifactor
Steven: authentication, and you’d be surprised how many people are against doing it and how many people hate the prompt on their phone, but it is the frontline [00:34:00] defense for protecting your mm-hmm.
Information. If you do not have m ffa, you have to set it up. Do not be the company that does not have m ffa. Because it, and I’m gonna say this without, I’m like, I’m not an insurance expert. I’m not a lawyer. Mm-hmm. If you don’t have MFA and you get attacked and successfully compromised, your insurance company may not cover you because you didn’t do the bare minimum to protect yourself.
Patrick: Right. So if you don’t have, you’re talking about Go ahead. Cybersecurity coverage. Right. If I got any coverage cybers. Okay. I, I’m just wondering ’cause we have like cybersecurity coverage, right? Yeah. And if I’ve got cybersecurity coverage, uh, through all of my, you know, insurances I have out there, but I don’t have M ffa, uh, turned on.
They’re gonna be, they have
Steven: a questionnaire. They, they give you a questionnaire to make sure that they’re managing your risk, their risk by asking you questions. Right. And one of the first questions on there is, do you have MFA on your email? Mm-hmm. If you said yes to that, and it’s actually no. They’re not covering you, right?
Like, or it’d be a real struggle. [00:35:00] I don’t know that for sure. ’cause I mean, I’ve never had somebody say that, do that, do that. But MFA I’ve, I’ve run into way too many companies that have global administrative rights for the owner that doesn’t have MFA on their account. And they are the biggest risk to their business just by being set up like that.
Right. You, you can’t. You’re leaving the king keys to the kingdom just on your desk and saying, don’t take my keys, you know? Yeah. Um, it’s MFA for everything you have in your business, MFA on your cell phone. If, like, personally, just thinking about life in general mm-hmm. If you have Verizon or at t or any of those companies have multifactor authentication on your, uh, accounts.
Mm-hmm. I, I once had, uh, a friend. Their bank account got hacked because the company, the attackers hacked his Verizon account, I think it was Verizon. Don’t quote me on that. Yeah. They hacked his phone, his cell phone. They redirected his cell phone number. [00:36:00] And when the bank called them to verify his identity, they called their cell phone, not his.
And he had no idea because he didn’t have MFA on his cell phone account. So like, this stuff really protects you as a, as a person. Mm-hmm. And, and it’s insurance is not good enough. Mm-hmm. You gotta, you gotta be prepared.
Patrick: It’s interesting, you, you bring that example up. I, uh, I had somebody steal, uh, my chase points.
Your Chase points, my chase points, um, on for my Chase credit card. And what they did was in the middle of the night, I, I turned my phone off so it’s not mm-hmm. You know, beeping, buzzing, whatever. Um, they were, they somehow like called Chase and. I don’t know if somehow social engineered, uh, they got the chase person to change the phone number on file.
Steven: Yeah.
Patrick: Now they gave me all my, like, credit card points packed, but, uh, this person transferred out, I don’t know, a million chase [00:37:00] points. Wow. Um, and it’s like that, that’s worth real money. Mm-hmm. And um, it was all because they like got chased to change the phone number, which was the two factor authentication.
I don’t know how they did it, but, uh, it was the only thing they could get out was my points and they, they were able to, to hack into those and so,
Steven: mm-hmm.
Patrick: Um, but, uh,
Steven: yeah, that’s, that it happens too frequently. Um, and so it’s really important, like this, this is the, like when we think about the business of, of attackers that they have on this right there.
Why would they spend a ton of time attacking a major enterprise that has millions of dollars invested in cybersecurity when they could just pretend to be pat? Yeah. Right. They’re just gonna come after your points. Like they, they’re, they’re gonna make money any way they can, least administrative effort.
They’re attacking the easy thing and it’s the person that’s not like, why would they come after me? I’m not anybody important. Because they can,
Patrick: you made it easy for them, [00:38:00] right? Yep. Very good. Steven, this has been great. Is there, is there any last pieces we should talk about before we get to, I’ll say next steps in this process?
Steven: Yeah, yeah. No, I think we, I mean, we talked about MFA, we talked about the critical components of it, like just don’t make it easy for attackers, please. I’m begging you like Yeah, just, you know, I know it’s an inconvenience, but do it, um, as a, as a. No,
Patrick: I
Steven: think
Patrick: that’s
Steven: it.
Patrick: Okay. Wonderful. So Steven, I think this has been fantastic.
I think about what people should do for next steps. We’ve talked about don’t have your password saved in your browser. Uh, utilize a LastPass, get multifactor authentication set up even though it’s a little bit of a hassle, like again, that little bit of hassle’s, way less hassle than your business being shut down.
So those, [00:39:00] those factors are, are important, but I think good Next steps. I think about the things that you, you help us with from monitoring, just putting all of the safeguards in place on the backend for us to make sure that we’re protected and our client data is protected. Uh, the best way to get ahold of you is steven@descentit.com.
We’ll have that in the show notes. Uh, that’s Stephen with a v. Um, and, uh. Because I, I think people should really take this seriously. And I, to be honest, I think about, you know, the pricing and what it costs for us to put these safeguards in place. It feels almost free, uh, just very inexpensive to make sure that all of our data’s protected, especially considering all the money we spend on, um, all the rest of our business is just, seems like a, uh, a great safeguard.
I think about my insurances that I, mm-hmm. I spend tens of thousands of dollars on, you know, for e and o and all these other things, and I’m like. This is a, this is probably, I’m more likely to get hacked than I am, file a claim on those other insurances and [00:40:00] like the cost is, uh, a fraction of that. So I think that’s, um, that’s good stuff.
Um, yeah, I think this episode has been fantastic. I think it’s so informative for people. ’cause I think we walk around un uneducated, unaware of what’s going on out there in sort of the darker parts of the web. And the only time we become aware is when something bad happens. And uh, yeah. So I think we should protect ourselves against that.
I think at the very least, it’s worth a conversation with, uh, with dissent and, and you guys are built for working with the small business owner, right? Yeah. You guys, you know, uh, one to 50 employees is probably the range. If I’m off on that, let me know. But you guys aren’t like, designed for taking care of healthcare organizations or government entities or anything along those lines.
Just like, Hey, let’s connect with the. The entrepreneur make sure that they’re protected. So we were, yeah. Do you wanna expand on that?
Steven: Yeah, I was just gonna say, we were founded to help the, the one to 25, uh, is the space that we were founded to help because it’s [00:41:00] the segment of small businesses that has the least access to qualified cybersecurity professionals out there.
Um, and, and two support services that like what we do for, for just your everyday help desk needs. There’s a lot of companies out there that say they do it. We, we have purpose built it to be for one to 25. ’cause that’s the area where it just seems to be nobody wants to do it. So, yeah.
Patrick: I love it. And, and I know you and your team have, uh, experience doing, I’ll say really complex planning and I love that you’re bringing that down to the, uh, the everyday entrepreneur and just making sure that their cybersecurity plan and IT plan and all those pieces are taken care of.
Uh, I, it feels really good to have somebody that’s, um. I’m gonna say over equipped on my team to handle our level. If I tried to hire you, I, I couldn’t do it. Uh, couldn’t make it work in the budget, uh, uh, just to have you on the team. So to take it from a fractional perspective is, is great. So I think
Steven: it has a lot of value.
I mean, what you just said, uh, is really [00:42:00] important for a lot of small businesses because it’s something that’s frequently overlooked is the quality of the IT team and the engagement they have. I love working with you guys and, and with you and your team and the mindset of like, get. What you need. Get just spend, spend the time and spend the money.
It’s not that expensive, but it drives a lot of value for you and your business and a lot of safety. Um, I think it’s, it’s something that just people underestimate.
Patrick: Absolutely. And I think about our business and I, I think about the business of our clients. We’re all in the trust business and, uh, a breach could mean not just a loss of, of money like that, that almost certainly is going to happen, but.
There’s loss of trust, damaged reputation, potentially lawsuits, sleepless nights. Like it sounds terrible to me. So it’s like, you know, not taking care of these things is, is bad. And I think about what success looks like, you know, on the IT cybersecurity side, and it’s just, it’s peace of mind. Business continuity, I guess.
Stay focused on the things that, uh, really matter, driving revenue and [00:43:00] providing value to our clients. And so, uh, allows us to scale without this fear of something like, you know, coming in, uh. From under the bed and, uh, shutting us down. So appreciate you say it better than I say it. Appreciate
Steven: I love this.
This is fantastic.
Patrick: Very good. Yeah, we, we, you could just put this on your website. That’s it. Exactly. Let it roll. This has been good stuff. So, uh, Steve and I appreciate you. I appreciate what you do for, uh, us and our clients and, uh, just. Being willing to come on and share this information. ’cause I think this is, this is important.
Thank you for the
Steven: opportunity. I really appreciate it.
Patrick: Thank you so much for tuning into this episode of the Vital Wealth Strategies Podcast. I hope you found real value in today’s conversation, and then it gave you some clear, actionable steps to better protect your business and your future. If you did find this helpful, would you do me a favor?
Share this episode with someone who needs to hear it. A fellow entrepreneur, a business partner or friend who’s trying to figure all this out on their own. This kind of information can make a massive difference and you never know who needs it. And if you’re ready to take the next [00:44:00] step in building a smarter tax strategy that supports your long-term.
Make sure to visit vital strategies.com/tax. We’ve got resources waiting to help you minimize your taxes, increase your savings, and give you more control over your wealth. And remember, you’re a vital entrepreneur. You’re vital because you’re the backbone of our economy, creating opportunities, driving growth, and making an impact.
You’re vital to your family building abundance in every area of life. You’re vital to me because you’re committed to growing your wealth, leading with purpose, and creating something truly great. Thank you for being a part of this incredible community of vital entrepreneurs. I appreciate you. I can’t wait to have you back here next time on the Vital Wealth Strategies Podcast, where we help entrepreneurs minimize their taxes, master wealth, and optimize their lives.
Until then, take care and keep building.
