LISTEN ON SPOTIFY: https://open.spotify.com/episode/0PWLN7tIONF387CLwnmMsf
Justin Lam 0:05
You want to find your tribe of raving fans. I'm gonna help you do it. This is the digging deep podcast with Three Sixty Media where we help you do better business.
Hey everybody, this is Justin Lam and you're watching Episode Five of digging deeper. We help business owners build better businesses. Today I'm joined here by a certified geek and rightly named on his own. He's been a competitive rower, a member of the Shriners and is a proud supporter of nonprofit organizations. I went to all to meet Jeremy Cole from CPG systems. Jeremy, how's it going?
Jeremy Colwell 0:44
I'm doing great, Justin. Thanks. How are you? Oh, good. So
Justin Lam 0:48
what's it like? It's pandemonium in the world? What's it like in your world?
Jeremy Colwell 0:53
very much the same. It's been pretty hectic getting people and companies able to work remotely. And trying to help promote social isolation.
Justin Lam 1:06
Yeah. So, I mean, in a couple episodes previous I talked to a person about cyber security and remote work, what? From your point of view? You're an IT company CBG systems.ca. And you guys specialize as an IT department outsource it department. Is that correct?
Jeremy Colwell 1:25
That is correct. Yep.
Justin Lam 1:26
Amazing. And can you tell me what's the value of having an IT department externally versus say internal maybe?
Jeremy Colwell 1:33
Well, there's there's a number of advantages. The first of which is the cost factor, we can actually show the math which, which supports that it's more cost effective to outsource A lot of it set it functions until you hit about 90 or 110 people somewhere in that range. So if you've got a company larger than that, then it makes sense to have somebody in house. If you've got anything smaller than that, then it usually makes more financial sense to outsource it. Of course, the other consideration is better coverage, better exposure to or less exposure to risks because we have a broader base of experience. And you've got things you don't have to worry about, like vacation coverage, you know, if you've got 25 people in one of them's your IT person. What happens when he goes on vacation, and then the website crashes. So we've got a broader range of experience than one person working in house what the costs are completely different. And, you know, we've always got somebody to cover it for you. If somebody goes on vacation
Justin Lam 2:56
it's funny that you mentioned that I have a friend who works is one of the lead it people in a very prominent manufacturing company. And it doesn't matter where he is when he's on vacation. If the phone rings his vacation ends promptly no matter where he is in the world. So yeah, sucks for him. But I guess that's the way some companies have to operate. So in terms of like your, your clients now, with Cova, 19 being such a major sort of bump in the road for all these businesses, you know, how does how does remote working work for those people who maybe don't understand what remote work loop any means?
Jeremy Colwell 3:40
Well, there's a couple ways that it can work. And it really depends on the needs of the organization. Not every organization is the same. Not every organization's needs are going to be the same. On the one hand, you can look at it in terms of being able to use remote tools to get to your regular workstation. So if you're sitting at home, you're on your own personal computer at home, you put in a username, you put in a password, you put in the two factor authentication code. And then all of a sudden you can see your own workstation, you've got the ability to log into your office computer, just like you were sitting in front of that. So that's one way. Another way that works for some companies is they're using remote file sharing tools. So something I don't want to say like Dropbox because I've got strong opinions about that particular product. But we'll say tools of that class, but actual business, business focused products, where you can have granular permissions you can say okay, this group has access to this folder. And this other group has access to this other folder. But there's no crossover and having the ability to work on those files simultaneously to people editing, Word documents and Excel spreadsheets at the same time, and independent of physical location. So one person could be at home on the North Shore, another person could be at home on the south shore, and they're both accessing the file, somebody could be stuck in a different province, you're all accessing the same file. It really depends on the situation as to what's the best approach. The important part is that these approaches don't have to cost a ton of money. A lot of them are free or very close to it. And there's a solution out there that meets your organization's unique needs.
Justin Lam 6:00
That's interesting. So I'm gonna back that up a little bit. And you mentioned you have a, an issue, interesting issue with Dropbox. And I think Dropbox is such a common thing, especially in the entrepreneur space and small businesses. Maybe you can, you know, without going to the deep and dirty unless somebody sets in the comments below that they want to know a little bit more, in which case they'll can connect with you. But give me a general overview of why Dropbox might not be the best solution or a very kind of interesting thing in your world and why you might advise against it.
Jeremy Colwell 6:39
Well, there's a couple reasons. The first being that Dropbox was designed as a consumer product, it was never designed as a business class product so it doesn't have a lot of the business class features. Another problem is that with Dropbox, if you have A 50 gigs worth of Dropbox storage. That's not a whole lot in comparison to some of the others that are out there, you can look at teams and teams gives you one terabyte per team. So if you've got five teams, you've got five terabytes of storage. So that that's, that's not even apples to oranges. That's kind of like apples to scissors. I mean, it's not even the same class. And, of course, then there's the fact that Dropbox takes space on your local computer. So what however big your Dropbox repository is, if you're sinking those files to your computer, then it's taking space on your computer.
Justin Lam 7:47
And that's an interesting point. And so what I don't think a lot of people realize is especially because everybody works on laptops nowadays and particularly the Apple products are very small in harddrive space. And people often wonder, why am I running out of space? And it's because they're dumping so much stuff on Dropbox. But it adds some some level of cache on on the hard drive where it eats up your hard drive space. We know only because we deal with such massive files that we had to move off of Dropbox for that very reason. And, you know, we moved to Google Drive. And then I mean, in addition to the NA systems that we have here, you know, we we had to move off of Dropbox, because I mean, after a terabyte worth of data, it just clogs up the entire system.
Jeremy Colwell 8:34
Absolutely. There is the actual file storage itself, there is a cache. And if you look at a program like teams, there is a bit of a cache, but on on Windows computers, it will automatically clear itself up in seven days. So you don't run into the same sort of problem. I've got probably about 2.2 terabytes worth of data and I take it with me everywhere. I've got access to it on all my devices, including my mobile. And the files are just downloaded on demand. The other big challenge with Dropbox is that over the years, it's been hacked so many times that there's kind of like a hacker Boy Scout badge. For, hey, I dropped, I hacked Dropbox to a and and it's just it's, it's, it's not even funny anymore.
Justin Lam 9:30
As when you talk about it like that,
Jeremy Colwell 9:33
maybe I don't know. I've got my boy scout badge. The reality is, is it's such a big target and like it or not, the common prevalence for people is that they've got one email address and one password that they use in 20 different locations. So when the bad guys are going after Dropbox, they don't care about your data. They don't want to know what's in your files. What they're going after is your username and password. Because they know that chances are you're using that same username and password someplace else. So if they hack Dropbox, they get into the dropbox user database. They've got access to a whole bunch of different things that you're doing on the internet. Mm hmm.
Justin Lam 10:22
That's an interesting conundrum. I think, from a consumer standpoint, and most entrepreneurs when they're bootstrapping, they basically go after consumer products. You know, and I think part of it is an assumption that commercial great products have a have a higher price tag associated with it. Now. Part of that cost has to be involved with, you know, the protection level that they offer versus a consumer product. Can you maybe talk about a little bit about that kind of difference, you know, by going for something as consumer oriented as Dropbox and maybe another platform that is maybe more commercially orange
Jeremy Colwell 11:01
You know, teams, the one that I mentioned earlier is a great example of that. And right now with the cobit, 19 outbreak that's happening in the social distancing, Microsoft has actually made that product free. So teams is now free for the foreseeable future. And one of the big differentiators is two factor authentication, plain and simple. If you're looking at other applications that do have a little bit more of a commercial focus, you know, even if you're looking at the G Suite, it's possible to turn on two factor authentication.
Justin Lam 11:50
It is we do that here at the studio. It's annoying some days but we do it because of the security reasons.
Jeremy Colwell 11:54
And that's why a lot of people choose not to especially if they're If they're in the startup bootstrap stage, is because they're so busy trying to get things done, that security comes as an afterthought. If you look at a product like LastPass, the the free Password Manager LastPass lets you have two factor authentication. So when you're signing into LastPass, you have to have your mobile phone. And for those companies that are maybe a little bit more established, or that have more of a security focused mindset, it is possible to enforce passwords and two factors with LastPass or dashlane, or some of the other password products out there. So it's possible and then you've also got the central management, which makes life nice and easy. So there's, there are a lot of options that are out there so that you don't have to compromise. You can still be safe. And realistically, it's not gonna cost you a bomb, it's not gonna cost you a fortune to get into these things. It's just it's simply a state of mind.
Justin Lam 13:13
Yeah, I could totally undergrad understand. I mean, when, when I was first introduced to LastPass, I was, I enjoyed it, but I didn't realize how critical it would be as we expanded our teams and to remote places where I had to give them access and using LastPass allows me to change passwords when I need to, but then not be able to not having to affect the the ability for the people overseas or, you know, in different locations to be able to access that and not having to give up my passwords anywhere because I just don't know if everybody else is as well protected or as I guess, protective of the data that they have here.
Jeremy Colwell 13:57
Justin Lam 13:58
So then Another question that I have is, when working remote, we talked about being able to log into Remote Desktop. And then of course, being able to then file share. I think remote desktops are kind of a trending thing where I think people realize that, you know, you could indeed do that and using, you know, software, like, see what's a good one that's out there, that's fairly TeamViewer TeamViewer log that definitely logged in. So what is the difference between those and something like a VPN where you have another layer, sort of separating a person getting into their data, like, you know, using a VPN system versus just on my Wi Fi, you know, product like LogMeIn or TeamViewer.
Jeremy Colwell 14:56
So with LogMeIn or TeamViewer, then again You're looking at a subscription based product, so it's something that you have to pay for. And they can be secured with two factor authentication, which is always the preference. If you're going to have a weak password, then honestly you might as well just take a picture of your sin number and put that up on your Facebook page. Seriously. It's that if you're if you're not even gonna try with the passwords then then just don't bother just go home. Log me in versus TeamViewer it's kind of a bit of a wash. The The main difference, functionally speaking, has to do with price TeamViewer is a bit more expensive. Log me in you can get into LogMeIn subscriptions that are not obscenely expensive and then sometimes through service providers like us, we have access to custom LogMeIn tools, which we can resell on a month to month basis or on a per computer basis. Your IT company can probably help you with something like that it's a little different as opposed to using a VPN, and then standard Windows Remote, remote desktop. The standard Windows Remote Desktop is a good tool. It's a valuable tool, just don't expose it to the naked internet. So don't punch a hole through your firewall. So that you can access Remote Desktop from the outside and if you do that I I will bet you dinner when the restaurants open that I can show you that your computer is being attacked regularly.
Justin Lam 17:04
Okay. And so I think for the people who are watching or viewing this might not understand when you talk about punching a hole through, what are some things that people would have done, or commonly do that would expose that.
Jeremy Colwell 17:18
So very often, it's called port forwarding or application forwarding on your on your home firewall, or your home router. You know, if you've got a TELUS connection or a shock connection, you can go in and you can set up different rules that say, allow this application to go through. So if you're allowing traffic from the outside to come inside, then if it's remote desktop, even if you're changing the numbers, then you know the bad actors honestly, they're just using sweet Tools, automatic sweep tools that are just going out there searching the whole internet going, Hey, let's find me some open holes in somebody's firewall in somebody's router. And they don't care. They'll they'll just they'll start hammering everybody until they find a hole. Hmm. The takeaway is that if you're trying to open up holes in a security device, whether that's a router, whether that's a firewall, if you're trying to open holes from the outside in to allow something through, then that's generally a vulnerability. What you want to do instead is you want to have a way to have a secure connection from the outside to the gateway device itself.
Justin Lam 18:47
Hmm. So I'm going to guess if somebody has questions or doesn't really understand if they're compromised at this point, that they could reach out to you and CPG systems SCA.
Jeremy Colwell 18:56
Justin Lam 18:57
Awesome. So you know, for those who are watching Or people listening here on Spotify. You know, feel free to reach out to Jeremy, if you have questions about that, because I think that's really important for a organization like mine who runs through terabytes worth of data and some of that stuff is not privy to other eyes. I mean, even when we're finished the product, we have to delete them off our systems, it's imperative that we really try our best to protect it as as well as we can. So it is something that I think people need to look into. So the other thing I think people are going into well, while they're working remote is using stuff on their phone and an accessing their files and stuff while they're out and about or we're using their mobile devices, you know, at home because they're just too lazy to sit on a laptop. You know, what type of security do they need to look out for or have on their phones in order to protect themselves?
Jeremy Colwell 19:54
Well, there's two main things that you can do. The first is I only get applications from your platforms App Store. So if you're using an Apple phone or an iPad, then only get applications from from iTunes. If you're on Android, then only get things from Google Play, do not go directly to the application developers website and install applications from that location that's inherently unsafe. The other thing that we would recommend is you can actually get antivirus for your mobile device. It does matter it does make a difference, and it can really save your bacon. Most of them are free. It's
Justin Lam 20:51
really interesting because I don't think many people, myself included really don't really know about what antivirus software Looks like on an iPhone. So you know, do you have a couple of names maybe from either platform that you kind of toss out there for people to kind of look into?
Jeremy Colwell 21:10
Yeah, there's there's a few so you can look at I believe bitdefender still has a free mobile application. I believe Webroot does as well web route, which is known for being very fast and very light. If you want to get into some of the some of the more robust programs, there can sometimes be costs associated with it, but also for larger organizations. The flip side to that is that you're also wrapping in mobile device management. So as an employer, if you're handing out a bunch of cell phones to your employees, there are quick and relatively easy ways to go out and control the application. ones that are installed, control the behavior of the phone and do things like enforce security policies for your staff. So it's it's that you can look at it from both sides. The best antivirus on the phone is the one that you never see that you'd never notice. And that you forget it, you kind of forget is there.
Justin Lam 22:19
So that's interesting that you say that because I think traditionally for me, especially, you know, growing up through the the age of Norton and McAfee, I always found that that type of software really bloats or slows down the system hasn't changed at all in the last maybe five, six years.
Jeremy Colwell 22:42
It has. But the other thing to keep in mind is that you're we're now at the leading edge of a quantum shift in how antivirus works in the first place. And so the idea of definition based antiva Iris is really kind of going the way of the dodo. It's definition based antivirus at this point, borders on slightly less than useless, simply because by the time the definition comes in the there's so many zero day exploits out there. And even if you're updating your computer three, four or five times a day, the definitions report on what they see happening. So that means if if a bad actor downloads some ransomware onto your machine, somehow or another, you know, you visit a bad website or you open a Word document and go, whoops. The antivirus reacts based on what it sees happening so you've already clicked something you've already given it permission to run. And the antivirus is react. It's reacting at that point to what has already happened on your machine. And then it goes, Oh, yes, I recognize this behavior, and then it shuts it down. Hmm. In the meantime, the payload is already executed.
Justin Lam 24:24
Jeremy Colwell 24:26
So the definition type. antivirus is, is really, it's on its way out. It really is. And you're starting to look at a lot of programs that have the letters EDR, behind the witches enhanced detection and response. So that's where you're starting to get into actual AI. You're getting into actual machine learning. And you're starting to get into some some real Top and very functional antivirus products. And they're not even called antivirus anymore. They're now called Endpoint Protection. There's, there's even some out there right now this is, this is really cool. Let's say that you get some ransomware on your computer, the antivirus will or the endpoint protection will recognize the behavior. If the endpoint protection and the firewall are the same manufacturer, what it will do is it will the endpoint will actually self report to the firewall. The firewall will then isolate that endpoint, so that it cannot call out. It cannot travel laterally, that one endpoint will be completely out. isolated from the rest of the network automatically. And then the endpoint protection software will roll back the changes made by the ransomware. And then it will it will clean the infection. It will develop for you an intrusion report to show you exactly what happened step by step by step by step. These are the things that happened that led to the compromise in the first place. And then it will whitelist itself in the firewall will go Okay, you can pass traffic again.
Justin Lam 26:39
Oh, that's amazing. It's sort of like vaccines. Yeah, to bet they don't have it for kovat 19. I know.
Jeremy Colwell 26:46
wouldn't make everybody's life so much easier. I know.
Justin Lam 26:49
So then one of the other things that is happening, I guess is that because people are working remote I think there's a lot of fear about, like how the office is using their phone number and the people are using their own personal phone numbers. And phone and data plans to kind of manage the work at at the office and or their business. For those people who are in that scenario, whether yours it's a its owner talking to staff or you know, a person who might be a staff member working for a business and organization, you know, are there ways around it, where we can still, you know, use phones and not have like three or four of them in our hands, but still be able to access that and keep our own personal stuff. Aside from it?
Jeremy Colwell 27:30
Absolutely. There are applications, there's different products out there. Most of them are based around Voice over IP, where you can customize the caller ID you can customize the call display. And and, of course, I've got to be a little cautious in divulging too much about this because this is one of the tools that some of the phone scammers will use. They'll use platforms like this as well, but they can be used for good. It doesn't always have to be about the scammers and the people from the people claiming to be from CRA, you will be arrested tomorrow, unless you press nine. There There are tools that you can do, which you can use again, they're not stupidly expensive. You can get you can place phone calls from your computer you can you can get an extra application which runs on your mobile. You know, I've got I've got my regular dialer on my phone. And then I've also got another program which I use which is a completely different dialer and so I can make Business calls with my business number off my regular cell phone. And it all ties in to the company phone system. So from an optic perspective, I'm not giving up my cell phone number if I don't want to, I'm not giving out my home phone number. And from a marketing perspective, I'm still promoting the same caller ID the same call display that I would previously.
Justin Lam 29:33
Interesting. Cool. And so I think one of the other questions that I have now is that nonprofits is something that I kind of briefly mentioned that you're a proud supporter of, and you know, they suffer with IT issues and I think even more so they have a lot of people who are very transient in and out of their organization. How does say CPG Systems help those people and more so in the way that they can help their teams work more efficiently and more remote, and be able to still move the needle in a time like this.
Jeremy Colwell 30:12
Right. So and that's, that's a very big question. With I mean, we could do a whole separate discussion on tools that are available for nonprofits
because we're just gonna have to do another podcast later. And yeah, we may have to, we may have to. The reality is that I myself have been on the board of directors of charities, I've been a volunteer for charities and done it work for them. I've been on governance boards, I've been on working boards. I've been the chair of a board and and so I see it from both sides of the coin. From a charity perspective, you know, there's a lot of ways that you can change the mouth. And executive directors and fundraising people know exactly what I mean when I say there are ways to change the program allocations. Hmm. And, and for charities that's big. The other thing that we do is that we actively promote for our charity customers taking advantage of programs that are available for charities and nonprofits. Many IT companies are like, No, no, no, you have to use our software you have to use our brands, you have to use our vendors. And we've done things a little differently where we have certain products that we know are available through charity programs. And we promote those. So you can get best of breed, you can get operational excellence, and you can still get the charity pricing that you really crave.
Justin Lam 32:15
Oh, that's really great. I think a lot of people would be really interested in that. So hopefully, somebody out there listening who is part of an NGO or NPO will find that a very interesting topic and maybe connect with you about that. Finally, what I really want to try to leave listeners with is a resource. It could be anything either related to your your industry or a book or whatever it is, what would be a resource that you would recommend somebody look at or pursue should they have the time seeing that they're all locked down at home now anyways?
Jeremy Colwell 32:56
Hmm, well for charities, of course, we strongly recommend taking a good long cruise through the TechSoup website. There are a lot of there's a lot of educational material buried in the background of TechSoup that a lot of a lot of organizations don't see. In terms of general business, the big thing that I would be cautious about right now is if if you're looking for something that you want to read up on, then I would start reading up on cybersecurity different websites like Krebs, that's kr, E, Bs, Krebs on security as a good one. There's the cybersecurity Alliance is another one. As much as ransomware has become almost a bit of a catchphrase over the past year, so year, six months to a year, I think you're really going to see a lot more activity. So business owners need to start thinking differently when it comes to cybersecurity, simply because the bad actors and when I say bad actor, I don't mean William Shatner. The bad actor is the technical term used in the cybersecurity realm for the bad guys, the hackers, the spammers, the bad actors have realized that they can effectively monetize their efforts. And with that knowledge comes a redoubled determination on their part, to get to your data. And the number of robots that out there right now trying to do exactly that is truly frightening.
Justin Lam 35:05
That's really scary stuff. So,
Jeremy Colwell 35:09
so I'd read up on on cybersecurity if you're if you're a small business, small midsize business, if you're a charity, I look at the resources, the educational stuff on Tech Soup. And if you're still trying to scale of course, the book Scaling Up is still our Bible.
Justin Lam 35:28
Fantastic. Well, thanks so much for taking the time to chat with me today. I've got x share, we try to keep it brief because I don't want to bore people are talking about geek stuff all the time. But they do want to thank you and I'm sure if we have the opportunity, we're gonna come back to another podcast and maybe dive down the NGO MPO kind of realm and if you are an MPO, or NGO, executive, perhaps listening to this podcast if you have comments or questions and you want to know more, feel free to reach out Follow our comment and allow us to reach out to Jeremy again for some of his precious time. For the time being if you guys found value in this podcast and video, please feel free to give us a like and even better, subscribe, follow us so we can bring you more content for the time being. Thank you very much Jeremy and just hold on for a little bit. We'll just connect with you after here.
Jeremy Colwell 36:27
Thanks very much for your time, Justin. Awesome.