Cybersecurity basics for solopreneurs, with Don Sesler
[00:00:00] Tyler: Well, uh, a while back, my dad actually almost fell victim to one of those scams where, you know, someone calls on the phone and says something like I'm from Microsoft and I need to help you fix something on your computer or something.
And, you know, uh, fortunately he hung up and turned off his computer before it got too far. But as you know, the millennial child of a parent, I was having heart attacks the entire time I was listening to him tell the story and he was really, like, really scared, like he actually, he like unplugged his computer, you know, basically threw it away, Ron Swanson style.
Um, what, you know, which was, which was good. I mean, it didn't get that far, but, but that, I mean, it could have, right. Could have gotten locked out of his computer. Could have given them access to see his screen, all that good stuff. So
[00:00:47] Don: Oh yeah, the second they give that permission to view the screen or take control of the computer, that's the moment that they're in. And it's interesting [00:01:00] because your dad's situation is very, very similar. to the latest one that we had of a client of ours who, they're not officially, officially a client, but they were in a very similar situation.
They, they got a phone call. It sounded legit. It, it all kind of lined up and they gave the person access and then just that little bug went off in their head of, this isn't quite right. And so fortunately, In that moment, he decided to send us a text and say, Is this right? And then the sequence of events isn't exactly what you said.
We disconnected, we unplugged, we did all the stuff, and we're able to save it. But had that not happened, Chances are very good. Number one, the data would have been compromised, whatever the data was. And see, now this was a painter, [00:02:00] so probably not a lot of super valuable information there, although they keep all their client info on a spreadsheet, so they would have had that.
But then, beyond that, there's the possibility of having their, their one computer that runs the whole business, in the solopreneur's case, have that one computer locked up for ransomware. And then there you go.
[00:02:29] Tyler: yeah, it's terrifying.
[00:02:37] Steve: Hello there. Dear listener. I am Steve.
[00:02:40] Tyler: And I'm Tyler and welcome to another episode of It's Not About The Money, the podcast where we help you gain the clarity you need to run a successful small business.
[00:02:48] Steve: Tyler has a financial coaching practice. I run a tax business and we are both small business owners like you. This podcast is our exploration of entrepreneurship one episode at a time.
Introducing Don Sesler
---
[00:03:00]
[00:03:00] Steve: And today we're welcoming you back to another episode in our series of interviews, called the, the many hats of an entrepreneur, covering the, kind of the, the different aspects of running a business.
That you may or may not be well versed on. And we're speaking to experts in each of those fields to give you an idea of things that you, you know, just kind of plant ideas, give you ideas of, uh, you know, maybe who you might need to hire or what you could look into to learn yourself, all that kind of stuff. And I'm really excited to welcome today, Don Sesler.
Don Sesler is the owner of SagePlan Technology Consulting, which serves as the IT department for small businesses in a lot of different fields, uh, construction, architecture, accounting, law, healthcare.
Uh, his mission is to help business owners get IT out of their way so they can focus on their core business and build it to meet their wildest dreams. Welcome, Don.
[00:03:59] Don: [00:04:00] Yeah, thanks. Thanks for having me. This is, uh, this is pretty exciting. A lot of fun.
[00:04:04] Tyler: You know, I, it's interesting when we first started talking about this series, my brain immediately went to what I considered like kind of the core functions of business, like accounting, HR, production, that kind of stuff. But I'm so glad that we're talking about IT security. Uh, in my day job, I work for a large intellectual property firm, and this is a huge topic for us.
But I admit, as a solopreneur, as a small business owner, it's maybe not the right word. Something that's always top of mind.
[00:04:30] Don: I, and I don't think it is for most solopreneurs, right? It's one of those topics, uh, and, and the idea of wearing many hats. I'm a, I don't consider myself a solopreneur anymore. And I've, I graduated to small business owner, but I spent quite a bit of time as a solopreneur and even as a small business owner now, we have to wear a lot of different hats and deciding which hat to put on, even though we [00:05:00] probably all have that cyber security hat laying around that we for listening to the Should put on from time to time.
It's, it's just not the top, the top hat on any given day, uh, for, for most of us.
[00:05:13] Tyler: Until something goes horribly wrong, I guess. Or hopefully before then, I should say.
Cyberattacks and business continuity risk
---
[00:05:18] Steve: right, Don, could you talk about why a solopreneur should care about cybersecurity? Whether the hat's lying around and they've acknowledged it or not.
[00:05:29] Don: yeah, yeah, yeah. So, you know, I always think about, I've been seeing the, uh, some version of, it's usually on the Nature Channel. There's, there's that scene out on the Serengeti or wherever it is, where, where the, Caribou are crossing the Nile, right? And in the Nile, there's, an alligator waiting to grab one.
Y'all seen that? Seen that right? Yeah, yeah, we, we, we've all seen it, right? We, as solopreneurs, I gotta tell you, we're definitely not [00:06:00] the caribou, nor are we the crocodile. We are like the insect hitching a ride on the poor caribou that gets nabbed by the crocodile. That's how I think about it. For us, cybercriminals don't really care about us.
At the end of the day, that's, it's not their target. They are big game hunters. Their, their target is to get to a big medical practice or a government agency or a big accounting firm. They're looking for a company that they can extract tens of millions of dollars from, right? But we are out there as solopreneurs doing our thing on a daily basis, and if we're not careful, we can get caught up in their game.
And when we do, if they accidentally hack us, [00:07:00] they're not going to say, oh, we'll just let you go, right? They're just going to say, well, okay, well, we know you're not a huge company, right? But how much would it be worth for you to get your information back? And so that's, that's the scenario where we get caught up.
So while we're not the primary target, we do still have to protect ourself at some level because we just may get caught up in the crossfire.
[00:07:28] Steve: That's a good point. Uh, the, the business continuity risk of, of a cyber attack could be quite costly, uh, let alone the, the data. Like for example, in my tax business, I have a whole lot of personally identifiable information. Social security numbers, birthdays, children's names, like all income level, all of that stuff is in the software that I use.
And that, uh, you know, that, um, whether it damages my business for the loss of it, it, we can consider that separately, but like the, the damage to my [00:08:00] clients, if I am negligent with their information can be catastrophic.
[00:08:04] Don: Yeah, that's, that's the perfect example, right? Where you have essentially all the information and That a large accounting firm, a large financial services firm would have. It's the same information, it's just on a much smaller scale. So, because of that, let's just take the scenario, how cyber criminals actually work.
And I should say at some point along the way that, you know, we're talking about cyber security and that sort of thing, but there's, uh, This, this scenario, I think it's helpful to think about it more from the perspective of just waking up one morning and not having access to your systems for whatever reason, right?
It could be a cyber attack. That's the one that we think about. And that's the one that sensationalized in the news. But also it could be [00:09:00] if you're, you know, working from the boat one day and the laptop falls into the lake and all of a sudden everything's gone, right? It's the same kind of. But for the cyber attack situation, the reason you might get caught up in it is because when a cyber criminal decides they're going to target an industry, they may not be super clear on how big your organization is.
But when they go do their searches, They see that, hey, you're out there, uh, you know, Daybreak Tax, oh, I don't know who they are. Let me just add them to the list of companies that I want to target and see if I can, get into. So when, when, when that happens, you're, you're on the list and now you're just another.
potential victim [00:10:00] for the cyber criminal.
[00:10:03] Tyler: So you mentioned not only cyber criminal activity, but also accidents, or, you know, maybe corrupt hard drives, something like that. Is that maybe more relevant to a small solopreneur than maybe having like a robust cybersecurity thing in place? I mean, or what's the crossover between just like having a good setup so that you don't lose data yourself versus, you know, protecting yourself from external threats?
[00:10:28] Don: Yeah, 100%. The, the risk of having systems fall apart because of some sort of hardware or software failure is way more common than the cyber attack. The cyber attack is, is the one that is easy to sensationalize. Makes for good television, makes for good news, uh, whereas, you know, the fact that, uh, a more common scenario like there's [00:11:00] a flood or there's a fire or, or your laptop does fall over the side of your, canoe or what, wherever you were working from that day.
Those are, those are the more common scenarios, so a lot of the things that we do in, uh, preparation for a potential cyber attack, the, the ability to recover from that quickly, if it ever does happen, uh, is, is something that is, it's the same thing. toolkit that we use to recover from a hardware failure or software failure or some online service that you're using just all of a sudden going dark someday.
Vetting your cloud software vendors
---
[00:11:41] Don: I mean, for those of you using cloud systems, the scenario of if I try to log in and they're just gone. What do I do, is, is a question that a lot of people don't think about, just like they don't think about driving up to their, their little office and have it be [00:12:00] on fire or underwater.
[00:12:01] Steve: That's something I wanted to ask you specifically about, because I think I, and I believe Tyler also primarily use cloud based software for running my business, including even the tax preparation, uh, for me. And so what kind of recommendations do you have around backups or disaster recovery or, uh, that kind of thing?
If, if that's your primary software stack.
[00:12:25] Don: Yeah, well, people, people don't, usually like the answer to this one, but it starts out with make sure you're not cheaping out, right? And, and this is where it can get a little bit tricky, uh, and. As a business owner, you have to think about the value of the service that you're picking. And looking at this resiliency question is really what we're talking about, of the service that you're picking to, uh, to run the service [00:13:00] that you need, whether you're an accountant or you're a medical service provider or something like that, using some online tool.
If If the tool is from a larger company, and I'm thinking of like Microsoft, Google, Amazon Web Services, there are several large companies out there that support the medical industry, they support the financial services industries, accountants, architects, that sort of thing. If you use one of the top tier services, they are going to have very resilient systems that are hardened against cyber attacks, and they have very robust disaster recovery plans in place that Microsoft gets hacked all the time.
Right? I mean, even Microsoft, they are, they are constantly being probed and occasionally the bad guys win. But because their recovery plans are so [00:14:00] strong, most of the time you don't even notice it. You know, if you're using one of their services, uh, as a lot of us do on a, on a daily basis. Now, when we are shopping for a cloud based service, And we find some new service that looks like it does everything that the big one does, but it's half the cost.
It can be really tempting to say, wow, this does everything that I need and it's half the price. Uh, but it's important to ask, okay, well, where is the cost cutting coming in? Is the cost cutting simply about their profits? I'm fine with that. I don't want to pay anybody more than I have to. So, you know, they're just coming in cheaper than the other service.
Great. But then it's important to say, well, what are some of the other things that they might be cutting? And one of those might be Their resiliency against cyberattacks, it could be how good their backups are, it could be how quickly they're [00:15:00] going to get back online if, if a hacker does break in.
So, for brand new solopreneurs just getting started, a lot of times we just don't know what we don't know. Right? And so my advice in that situation is to start with the expensive, well established service that is mainstream in your industry because they are more likely than not going to be the one that is well protected and is going to be something that you can rely on day in, day out.
Uh, if it If you've been around for a while or you're just in a situation where you have to use a service that maybe is not quite as robust, then you have to start asking yourself questions of, well, okay, what am I going to do if I wake up one morning and try to log into this system and it's [00:16:00] just gone?
Do I have a backup available to me that I can access quickly? And if the answer to that is no, get on the phone with the service and ask them that question. You know, hey, if I can't log into you, how am I going to get my data? And just, just learn to ask good questions around it.
[00:16:20] Steve: Okay. That's great advice. Kind of understanding the vendors and, What your risks are, depending on the way they run their operations .
[00:16:29] Don: Yeah.
Picking the right DIY hardware and software
---
[00:16:31] Tyler: So if you're just getting started as a new entrepreneur, solopreneur, small business, and you're not ready yet to hire or outsource an IT department, um, where could you start?
[00:16:44] Don: Yeah, right. And so, Tyler, you're right. In some parts of it, the cloud based, vetting a cloud service, obviously, that's part of it. But not everybody uses cloud services. Cloud [00:17:00] services are great. They have their purpose. But for most solopreneurs or somebody who is starting out a small business, they still may need either a physical office to go into, or they've got, they've got staff.
So. When we come in and look, I'm a small business owner too. Uh, and anytime what we're really talking about doing is thinking about, do I want to put one of these hats on the, the IT hat on myself, uh, or do I want to to hire this out. And as a small business owner, I don't like to, I don't like spend money.
I don't like to pay anybody. I want all the money myself, right? So I'm, I'm, I can really sympathize with this. Anytime I'm thinking about hiring a service, uh, to take care of somebody, first thing I want to do is Google and figure out, can I do it myself? And on our website, [00:18:00] sageplan. com, we have DIY articles specifically designed to help people do this stuff themselves. And in those articles, we talk about building out your own IT system. So from a, both from a cyber security standpoint and more just as building a system that's going to stand the test of time, there are a couple of points that I want to hit on. From, you know, first is hardware. And y'all got to tell you, I love the cheap discounted computers and laptops and routers and that sort of thing, but there are significant advantages to going up to business class tools when you are investing in your equipment.
First, let's just talk about the PCs, the computers, [00:19:00] whether you're working with a Mac. Some people I know are in that space. The majority still is using some version of a Windows computer, but those business class systems They have better hard drives, they have better monitors, they're just more robust, and they also have an extra layer of cybersecurity built into them.
They can be things like biometrics, all sorts of different things that really make them much less likely to be attacked. Uh, in the, in the cyberspace and much less likely to fail on you anytime soon. Same thing for looking at antivirus software. Uh, we use products from, Trend Micro and Bitdefender are the, the two companies that we tend to work with.
There are a lot of good options out [00:20:00] there. Just make sure you have something. in place from, uh, from that perspective, and then also.
Google Drive and OneDrive are not a backup solution
---
[00:20:09] Don: If you are storing data on your computers in the office, make sure you've got some sort of backup in place. And this, y'all, I gotta tell you, having your data synced to Google Drive or Microsoft OneDrive does not count.
And here's, here's why, uh, if, if that is the only place that you have that information stored and you're thinking of it as your backup, specifically in a, in the account of a, of a cyber attack, the way that usually works is if they gain access to your system, uh, they're going to go in, they're going to lock you out of your computer, and then they're just going to empty your OneDrive.
Or your, or your Google Drive, and so if you do get back to it, it's all going to be [00:21:00] gone. Now, Microsoft and Google have done a pretty good job of making it so that you can get all that back, they are backing things up, but You're still talking about a lot of time, right? First you have to get a hold of somebody at Microsoft or Google.
I don't know if you've ever tried to do that, but you know, that could
[00:21:21] Tyler: Actually, yes. And it was not fun. It's not a good
[00:21:26] Don: right? It's not fun for anybody, but there are tools out there. We, we use products from companies. There's a company called iDrive. It's very good. There's another one called Acronis. Third one, Synology. Those, those are three tools that, that we work with all the time that will essentially take a copy of all of your computers and just copy the entire drive in a way that if the worst happens, you, a [00:22:00] cybercriminal attacks or your office gets hit by a meteor, hoping that happens at night so you're not there, but whatever the situation, you can.
Recover that in a way that In a matter of literally a matter of hours, you can have everything back up and running instead of having to rebuild your computer from scratch.
The last line of defense against social engineering
---
[00:22:24] Don: We've got some articles on how to do this. There are tons of resources out on YouTube and the internet on how to do it, but getting the right.
Hardware in place, the right software in place, getting a good backup, those are the places to start. And then the last piece is the, is the training comportion, portion. We were talking earlier, about situations where somebody Got a call, from, someone who's saying that they're the banker or the insurance or the FedEx person and asking if they can access your computer real quick to fix some little [00:23:00] thing.
And that is the most common way now that people are gaining access. It's either by sending you a, uh, a link that looks like your bank or it looks like your insurance agent or Posting a phone number, asking you to call, and when they get in, they can just take everything over. So doing a little bit of training, if you're a solopreneur, spending a little bit of time thinking through those scenarios so that you're better prepared to spot those fake words.
Emails or fake phone numbers. And if you are working with a small team, make sure your staff is prepared to spot those as well. Because right now in today's age, those are the most common. And I should mention on the software side, one of the best defenses against that is also a tool that I hate. But it's a necessary evil in today's world is that [00:24:00] two factor authentication thing.
That every piece of software asks you to do. I mean, who likes that? Nobody likes that. It's, it's, it's a pain. But right now, it is one of the most effective tools of keeping the bad guys, um, out of your information.
[00:24:18] Tyler: Yeah, I'm so glad you brought up training. I, I think, uh, you know, I've heard the term be a human firewall, and I just know that so many of these compromises come through like social engineering, right? And, and kind of like the human element of it more than the technology piece of it. So that seems extra important.
[00:24:37] Don: Oh yeah, for sure. Look, anybody, Any IT professional that promises you that the software that they put in place or the systems that they put in place or the fancy firewalls that they put in place is going to protect you and your business from a cyber attack, they either are [00:25:00] completely incompetent or a total liar, because it's just not possible.
It's just not. You can't, you can't go there. The We know, I do this all day every day for a living, and, and I just know that my clients, my business, my clients are still vulnerable regardless of how good a system I put in, uh, into place to a potential cyber attack, and the most common way, uh, is through social engineering, whether it is a, uh, very sophisticated A piece of email that comes through or a phone call or something like that.
So we, as the humans, we are the last line of defense. And right now, still at this moment, we are the weakest link, uh, in, in any businesses, uh, cybersecurity and, uh, plan.
[00:25:54] Tyler: Yeah. Yeah. Um, are, are, are there resources that you would [00:26:00] recommend for people to get educated about those aspects of cybersecurity and, or does your company provide those kinds of trainings?
[00:26:08] Don: We, we actually do work with our, our clients, uh, on. Spotting those. But I got it. And again, there's plenty of resources. We're happy to work with somebody on it. But I got it. I got to tell you at the end of the day for especially for the solopreneur small business, there's not much about it. That's not that falls into the category of rocket science, right?
I mean, it's it's looking at the email that comes through. And in asking yourself the question, is this legit? You know, getting the phone call coming in. And if you do have a question about it, don't talk to the person that called you on the phone. Don't fill out the form, you know, that somebody asked you to [00:27:00] take, take a minute to go to your vendor, your supplier, your banker, your insurance person directly and say, Hey, Is this you?
And for us as small business owners, as solopreneurs, that is usually good enough. Like I said, there's plenty of resources. We're happy to go beyond that. But what we're looking at here is trapping out The vast majority, because as I said before, we're not the primary targets of these sorts of scams. So with just a little bit of knowledge, we can really go a long way towards keeping it from happening to us.
And then having the right backups in place, if we do make a mistake, so that we can get ourselves back up and running quickly is the second piece that we want to have in our toolkit.
[00:27:56] Steve: That's great. This is really good information, Don. Thanks. Uh, and a lot of it falls [00:28:00] into the category of like, maybe you don't know that you don't know these things, uh, you know, training, that kind of stuff. And so having somebody like you, you know, just plant the little seeds of like, Hey, you know, be thinking about this.
Or if you notice this kind of a thing that might be suspicious, that's really helpful.
[00:28:17] Don: Yeah, and it's hard for us as solopreneurs, right? Because we have made the decision to be the know it all, right? I mean, we, we, we, we've made that choice and it's probably because we think we do know it all. Uh, and, and we like, we like being living out on the edge. And, and for me personally, I like to think of myself as knowing a little bit about the world.
All aspects of the business. And so maybe I don't call Steve as often as I should to get a little bit of help on my, uh, on my books. And I certainly don't call my marketing person as often as I should, or my HR person, because I had this built in thing. My whole [00:29:00] family has the same problem. We just, we think we can do it on our own.
And for the most part we can, but it, we just have to be aware that that also exposes us to some risks because we can't know it all.
[00:29:13] Steve: true. Yeah.
[00:29:14] Don: Right.
When should you hire fractional IT?
---
[00:29:17] Steve: So Don, you've told us a lot of Tips for somebody who wants to do it themselves, uh, or wants to learn about these things. And I want to give you an opportunity to talk about what your company does beyond that level, and, and maybe mention at what point would an entrepreneur or a small business owner want to hire a company like yours to come in?
[00:29:40] Don: Yeah. I'm going to, I'm going to take my, my tech guy hat off, to, to answer this and really try to answer it from the perspective of the business owner. I, like I said, I'm, I am one, And, and that's the way that, that I [00:30:00] think about this question. Fractional services is really what we're, what we're talking about as, as a business owner, at some point, uh, my business gets successful enough that. I start to struggle with when I wake up in the morning, okay, I've got 10 things that I need to get done as one human being. I really realistically know that I can only get five of them done. So am I just going to do those five and call it a day or is my business successful enough now that I can start asking for help?
Right. And when I was at that stage and I still am, uh, where I, I'm in this weird position where I'm not really ready to hire a full time person to come in and help with my marketing or my accounting or my sales or my tech services, if you're somebody else, but I know that I need help [00:31:00] And it's no longer a good use of my time to spend my day on YouTube learning how to be a better
[00:31:05] Steve: Mm
[00:31:05] Don: right?
Or whatever it is that I,
[00:31:08] Steve: Uh
[00:31:11] Don: I recognize, okay, I'm just going to hire somebody out for that. So when somebody looks at That moment where, okay, I know that I need the tech help. There's, there's a couple of different ways to go. One is, and there's plenty of people out there willing to help with your, with your tech.
A lot of them, kind of the typical model, is a service that you can call up and, they'll do the things that we do, they'll set up a cybersecurity system, they'll set up the backups, all the things that we've been talking about, and then you'll have some mechanism, by which you can call a phone number or enter a question in a portal or something like that and get help. [00:32:00] And, and that's, that's the basic model, right? You, you hire out You pay a service for this instead of hiring some part time IT person or something like that. That's, that's essentially what we do, but we focus, we made the decision when we started this business, you know, years gone by now to, to do it a little bit differently than a lot of companies.
All of our clients that we work with are, In the Austin area, if we are providing ongoing service. And, and the reason that we made that decision is because we want to be able to send a human being to that business, have them be there in 15 or 20 minutes, because there are just some things in our experience that can't be done remotely.
You know, we can't solve the [00:33:00] problem remotely and we need to get to know the people, if we're really building a resilient system, especially in professional services. And that is the approach that we decided to take. We're a tiny little shop. , you know, we, we, we don't have a lot of clients. I would like to have more, but also not in a rush to do that because we enjoy building the relationship and helping other business owners, build a business by taking that one thing off their plate, right?
That's our area of expertise. We can do the tech stuff. We can take care of your phone systems. We can take care of your computers. If, if somebody on your, if you've got a new person coming on, we can get them all set up, right? We can do all those things. So that's one less thing for you as the business owner to, to worry about.
, we can just, we can just take care of that and then you don't have to, to learn it. , I think. as you mentioned in the beginning, most of, most of our clients, he says, they're [00:34:00] accountants, architects, lawyers, construction, medical services, we, a lot of, lots of dentists, but we also have some non profits, you know, painters, we, we had one that was a, um,
they, they ran like a dude ranch kind of thing. Or, you know, when, so we, we don't exclude them just mostly because they're interested. Michael says, Hey, I got a dude ranch. Can you help with the tech? Absolutely. You know, who doesn't want to get involved in that? But, um, but most of them are the professional services people where the business owner knew enough to get the, get things started and is smart enough to say, okay, now I've gotten to the point where I need to start.
Offloading some of this so I can get my time back, right? Cause at the end of the day, that should be all of our goals as business owners is get the business running at a point where I can start handing off the [00:35:00] tasks that I have been having to do off to somebody else so I can spend my day doing what I, whatever the heck I want to be doing.
[00:35:08] Tyler: That's awesome. And yeah, the dude ranch gig sounds fun. Hopefully you get to go out there, you know,
[00:35:15] Don: Yeah, yeah, yeah, yeah, it was, it was.
[00:35:18] Tyler: That's great.
[00:35:19] Don: Wear the right shoes.
[00:35:20] Tyler: Yeah. I assume was what?
[00:35:24] Don: Yeah.
boot boots. Yeah, yeah, yeah. Something that can be easily hosed
[00:35:29] Tyler: There you go.
[00:35:30] Don: with that.
Choosing the right office suite
---
[00:35:32] Steve: Well, Don, is there anything else that you wish we had asked you that we didn't, that you'd like to talk about?
[00:35:40] Don: Um, I think, I guess the one thing that we, I'll circle back to it on the, on the cloud service conversation. Just a little sidebar, that It's one of the things that we end up helping solopreneurs [00:36:00] as they start to make that transition to small business owner.
You know, a lot of times getting started, one of the first things a solopreneur will do is pick, make a decision on which, , business office suite, They, they want to use, and most of the time, that decision falls between, do I want to use, Microsoft in their office suite, or Excel, that sort of thing, or do I want to go with Google Suites, and use their, their docs and Google Sheets.
That sort of thing. There are other systems out there. You'll see people that choose others, but 90 percent of the people will pick one of those two. The one thing that I'll say about that to the solopreneur, especially somebody just getting started, uh, is, is think through What your business actually needs, [00:37:00] especially if you are in some sort of data compliance situation, thinking specifically accountants, medical service providers, anybody that needs is thinking about doing business with the government.
Take the time to ask the question of, Is this service going to be compliant to whatever security requirements I'm going to need when I have a team of 10, as opposed to just getting my business started? And if you pick the right one in the beginning, it can save you yourself a real headache and a pretty hefty bill on making the transition from the service that sounded right in the beginning to the one that really makes sense in the, in the long road.
We've, we've transitioned a lot of people as an example, that work with the Department of Defense. They are going through, kind of an upgrade in their cyber security [00:38:00] compliance right now, which for small business owners makes it pretty difficult to meet all the requirements. If you are not. Connected to, the Microsoft system.
I'm not saying that Google can't work. It can, but it's way easier with, the Microsoft tools that are in place. And we've migrated about three companies, in that direction. And that's just one example. It could, it can go the other way, as well. But thinking that through at the beginning and just asking yourself the question, is, is worth putting a little more thought in than just which one's cheaper and which one can I sign up with the easiest?
Written disaster recovery plan (on paper!)
---
[00:38:42] Tyler: Yeah, that's great. Um, can I ask you, uh, I don't, can I ask you a question about my setup? Well, you can like rate it like zero to 10 or something. I don't know. I, I've been curious specifically about the concept of backups. I do use a cloud service, like [00:39:00] a Google drive for my business to, has a lot of my documents in it.
Uh, and so what I've recently tried to do is I have those documents, whatever stored in there, synced down to the hard drive on my computer. And then I have the hard drive of my computer backing up to an offsite, you know, a cloud backup solution. And my thinking there was like, well, I don't, I mean, I don't know what scenario would cause me to lose access to my Google drive or whatever, but it makes me feel a little bit better to at least have it multiple places.
[00:39:34] Don: Yeah, I think that's an excellent place to start for a solopreneur, small business owner. If that, if that synced hard drive, the one thing, and I'll try to stay just from diving completely into the geek weeds on this, but I may not make it. So if I, if I fail, I'm apologizing in
advance. But there's, there's this, there's this thing, [00:40:00] uh, in the, in the tech world, the difference between saving all of your data and saving something called an image drive.
And, and it's, it's kind of, it's a geek thing, but, uh, for anybody that's thinking about looking at, at backups, this term may come up and it's, it's handy to know what they're actually talking about. So an image drive is, What that, what they're talking about there is like getting an exact snapshot of your hard drive in such a way that if you threw your computer out the window and brought a new computer in you could download a copy of this image drive thing onto the new computer and it would look just like your current system, um, As soon as you got it loaded up, all of your programs would be there.
Everything's organized the same way. Everything's good to go, ready to go. And those are the [00:41:00] systems that we use because we can get somebody back up in line in an hour, right? Um, and. To change, to compare that to like a data backup service, typically what they're doing is they're just backing up all of the files, but they may or may not be backing up the, the software and the configuration that you've got loaded on your computer, right?
So if you're just backing up your data, as opposed to the image, and I feel like I just fell in the weeds. But if you, if you're just backing up your data, what that means is when you're having to rebuild it, you're going to have to reload all those software programs, you're going to have to get everything reconnected again, and that could easily be a project that ends up taking days or longer to get yourself back up and running.
So, solopreneurs out there, just do that,
[00:41:55] Tyler: It definitely, in my case, it's just data backup. It's not an image backup. [00:42:00] Um, fortunately for my use case, I feel okay with that because I don't, you know, have much going on by way of software and things like that. So it works out, but, uh, but that's interesting. Yeah. That, that makes a lot of sense.
[00:42:14] Don: Yeah, and I'm really glad you asked the question because it did lead to one thought that, and I'll make this super brief, the, uh, making sure, regardless of what that backup system is, that you've taken the time before things happen to you. Write through, to write a disaster recovery plan. These are the steps that I need to take.
And then print it out, put it on a piece of paper. For those of y'all that aren't familiar, it's a, it's an ancient recording device that still has some popularity, uh, and has value. In that, if you do have a problem, uh, you can go back to this piece of paper. And just, uh, and follow your own instructions in the [00:43:00] moment that you're having to get everything back and you're probably freaking out.
Um, you know, but if you've, if you've written yourself a note, it'll be much easier to follow
[00:43:09] Steve: That's good advice.
[00:43:10] Tyler: That's great advice. I could definitely see myself writing on a piece of paper, scanning it, putting it on my hard drive and then throwing the piece of paper,
[00:43:19] Steve: And then you have, you no longer have access to it because the computer is hosed.
[00:43:22] Tyler: yeah,
[00:43:23] Steve: Yeah.
[00:43:24] Don: Yeah.
[00:43:24] Tyler: no, that's, that's great advice. Thank you. Yeah.
[00:43:28] Steve: Well, thank you, Don, for joining us today on It's Not About The Money. Don's company is Sageplan Technology Consulting, and he serves small businesses in the Austin, Texas area. Uh, and we will put links to, uh, a bunch of the articles that you mentioned on your website in our show notes here so that folks can follow those. And that's it for today.
[00:43:50] Don: Perfect. Thanks, guys. Yeah. Thank you. It's been a pleasure.
[00:43:54] Steve: We'll see you listeners again on another episode of It's Not About The [00:44:00] Money.