00:05:48 Derek Gabriel: Happy Friyay! :D
00:10:03 Jared Belcher: We use a teams channel for that too for those random thoughts.
00:13:09 Brooke Smith: We have a mail box we can send ideas to and we review it weekly!
00:13:46 art meyer: Standards Committee Agenda 1. Define Roles by SDA (Standard Delivery Area) and why we are here a. Roles i. Tony ii. Caitlin iii. Cody iv. Ryan 2. Define Standards a. b. c. d. 3. Expectations a. b. c. d. 4. Review Technology Success and TAM Training Manual a. Define Predictable Results b. Explore Elements of a Standard c. Assess the Business Impact d. Industry Standards
00:15:30 David Wallach: HIPAA Pentests and Gap Analysis required? Annually?
00:15:30 Craig Anderson, PCM: "accidentally"
00:15:52 art meyer: the a-d in sections 2 and 3 are designed to get input from each of the team members.
00:16:36 Rob Danser: https://www.youtube.com/watch?v=KHrVo3eO9xs
00:16:44 Rob Danser: https://www.youtube.com/watch?v=ScA-gvA5jSE
00:18:59 Brooke Smith: We have New York State Shield Act to help us "open" this door into WHEN not IF -- proactive is the SynchroNet Way and this falls under that umbrella too!
00:19:47 Derek Gabriel: Which two people answered the poll? ;)
00:20:44 Derek Gabriel: I use every big newsworthy hack to have a conversation with our customers to explain them, how they can protect themselves, and how we are protecting them from those types of attacks
00:21:45 Derek Gabriel: And we're in the process of building a new service based on "assume breach"
00:23:37 Derek Gabriel: also the misconception that "smaller" businesses are not targets
00:23:57 Craig Anderson, PCM: you can hire a personal trainer and still have a heart attack
00:24:13 Derek Gabriel: tesla jokes, or too soon?
00:24:31 Neil Murray: I have tended to take the approach of "nothing will ever be 100%" using examples of big news breaches from companies with massive security budgets. While this says it could happen, it doesn't take the same in-you-face approach of the assumed breach discussion.
00:24:58 Don Rogers: We made Cybersecurity Awareness Training part of our "Chocolate Cake" An educated user will be a safer user.
00:29:20 Odin Fuhrman: show us the box
00:29:26 Odin Fuhrman: what's in the box! haha
00:30:26 Odin Fuhrman: I like!
00:32:43 Derek Gabriel: In the boxes we do a laminated card with our emergency hotline, and the important numbers which are identified for the specific clients. We also include the password for a "break glass" Azure AD account specific to the client's environment. (https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access)
00:33:01 Marc Pickard - CBTech Support: Pretty cool
00:33:33 Joe Giltner: Craig, are you at liberty to share that Hold Harmless template?
00:34:26 Derek Gabriel: my understanding is that it also applies to businesses with CLIENTS in NY... If your business holds the personal or private information of any New York residents (even if it's based outside of New York), you must take steps to comply with the SHIELD Act.
00:35:01 Hank Wiley: gotta run, thanks y'all - enjoy the weekend!
00:35:08 Odin Fuhrman: that's correct @Derek
00:35:12 Rob Danser: by hank!
00:36:32 Craig Anderson, PCM: "I [say your name] choose not to implement these recommendations."
00:37:19 Warren Ksiez: TX is making their own as well.
00:37:20 Brooke Smith: @derek correct
00:37:27 Derek Gabriel: The emergency boxes we use, it's great for holding an emergency password or physical keys, BC you can easily audit that it hasn't been used, it's why we started using them in the beginning, it was just for their global credentials: https://www.keysure.net/
00:38:57 Derek Gabriel: And Californians are rushing to TX...
00:39:02 Neil Syx: So I worked as a vCIO at an MSP for 6 years before going to become the Director of IT for one of my really good medical clients for 3 years, and took them through HITRUST certification. Now I'm back working at an epic MSP firm, using that insider knowledge to help educate & drive my clients to the proper compliance posture :)
00:39:31 Derek Gabriel: Repeat the question Rob... I was reading and can't listen and read at the same time ...
00:40:08 Warren Ksiez: fire Bob!
00:40:12 Rob Danser: Is this helping anyone who answered no to the poll
00:40:36 Derek Gabriel: Paaaarrrty!
00:42:14 Derek Gabriel: We require cyber insurance in our contracts - and the problem we're trying to solve for is, when it's necessary, how do you use it?
00:42:40 Jorge Viveros: I would like to buy your rock.
00:44:39 Warren Ksiez: we are beginning to use a tool from our MSSP to simulate a breach/ransomware attack on their systems. Specifically how easily it can spread.
00:44:46 Derek Gabriel: Did you send that employee some nice gift cards? ;)
00:45:03 Alex Tuñón: From Amazon
00:45:09 Derek Gabriel: It's not FUD, it's education
00:45:43 Derek Gabriel: replace hand waving and generalities with specifics, this is what WILL happen, this is HOW we will respond.
00:47:12 Marc Pickard - CBTech Support: The house analogy that David Powell uses a lot is great too
00:47:14 Odin Fuhrman: I have an expensive phone with an otter box and insurance!
00:49:36 Derek Gabriel: We're trying to keep your house of cards from falling over!
00:49:44 Don Rogers: Jorge is spot on!
00:49:52 Craig Anderson, PCM: you don't have to run faster than the bear.... :)
00:50:25 Craig Anderson, PCM: also, you might be small but you might have big customers, or ther reasons
00:50:47 David Wallach: Verizon’s 2019 Data Breach Investigations Report
00:50:51 Derek Gabriel: if clients understood it easily, I would just show them a few shodan queries...
00:51:30 David Wallach: 43% of breaches in 2019 involved small businesses.
00:51:52 Rob Danser: @david that's a great/terrifying stat
00:51:58 David Wallach: The average cost of a security breach affecting small to midsize businesses increased by 61% from $229k in 2018 to $369k in 2019
00:52:18 Andrew Millington: That makes perfect sense right? How many people try to take down Fort Knox vs. your local liquor store
00:52:45 Craig Anderson, PCM: FREEZE YOUR CREDIT :)
00:53:26 Brooke Smith: We also try to stress PUBLIC IMAGE will be tarnished...
00:53:49 Andrew Millington: Perception/reputation is everything
00:54:36 Derek Gabriel: this is why we have a PR firm involved in IR planning, to explain crisis communication
00:56:00 Joe Giltner: Because...Liquor!
00:56:08 Brooke Smith: hahha Joe
00:56:26 Odin Fuhrman: it's Friday! time to drink! where's that liquor?
00:56:33 Craig Anderson, PCM: hmm hacking veterinarians to find out people's pet names aka passwords?
00:56:41 Derek Gabriel: Here is our declination of service/limitation of liability boilerplate, you're welcome … https://ignitesg.sharepoint.com/:w:/g/EXeqb7LOFEJKiOv150y161wB1YbZqxGEUgjcwDGOYJXPGw?e=vvf7XJ
00:57:47 Odin Fuhrman: I might have to borrow that, we had one also but have not used it
00:58:09 Marc Pickard - CBTech Support: Thanks Derek!
00:58:13 Bart Bushong: just saying as someone from Kentucky we would rather you not go after our liquor (bourbon) stores or Fort Knox :)
00:58:14 Derek Gabriel: disclaimer: I am not a lawyer, and not providing legal advice, please consult a lawyer for your needs. :)
00:58:25 Craig Anderson, PCM: #notlegaladvice
00:58:35 David Wallach: @Craig, Yes, know anyone who uses old pets as basis for PW? Fido123!
00:59:19 Craig Anderson, PCM: i wish i could say i didn't, but i'm sure i do
00:59:33 Neil Murray: Great discussion today!
00:59:33 art meyer: he must have had an accounting background Brooke
00:59:38 Don Rogers: Also ask how comfortable they are speaking to the press. That will be part of the aftermath as well
00:59:41 Brooke Smith: HE DOES@ LOL
00:59:49 Odin Fuhrman: That's a pretty good password it has a capital letter numbers special character
00:59:53 Derek Gabriel: 🙌🙌🙌🙌🙌🙌🙌
00:59:55 Odin Fuhrman: good night!