Episode 32

full
Published on:

29th Apr 2025

Cybersecurity in the AI Era: Why Small Businesses Can’t Afford to Ignore IT Risks

Is your business truly prepared for the cybersecurity threats of the AI era?

In this episode of the Las Vegas IT Podcast, Leo shares powerful insights from his 30-year journey through IT and cybersecurity, diving deep into how artificial intelligence is changing the game—for both hackers and businesses.

What to Expect in This Episode:

🧠 Cybersecurity Then vs. Now

Trace the evolution of IT security and learn how today’s AI-driven environment has raised the stakes for businesses of all sizes.

⚠️ AI in the Wrong Hands

Understand how cybercriminals are weaponizing artificial intelligence—and what you can do to outpace them.

🏠 Securing the Remote Workforce

Get practical tips on managing the unique security risks that come with hybrid and remote teams.

📋 The Importance of Compliance

Discover why PCI compliance is non-negotiable and how neglecting it can expose your company to serious financial and legal consequences.

🤝 MSPs: More Than Just Tech Support

Leo reveals the strategic role Managed Service Providers play in building trust, protecting data, and preparing businesses for the future.

This conversation also debunks the myth that small businesses aren’t targets for cyberattacks Leo explains why they’re often the most vulnerable. With real-world examples and expert guidance, this episode is a must-listen for any leader serious about digital security in today’s AI-driven world.

Disclaimer: The views expressed in this episode are those of the guest and do not necessarily reflect the official policy or position of the Las Vegas IT Podcast, K&B Communications, or affiliated organizations.

Stay Ahead with K&B Communications

If this episode sparked new ideas or concerns about your company’s security posture, don’t stop here.

🔒 Let’s talk about your cybersecurity strategy.

Whether you need structured cabling, robust security systems, or expert IT support, K&B Communications is here to help.

📲 Follow us for insights and updates: Facebook Instagram LinkedIn

🎥 Subscribe on YouTube for expert interviews and tech tips: Youtube


📅 Ready to level up your tech infrastructure? Schedule your consultation today

Transcript
Speaker:

So now anybody that is non-technical can use AI to create little applications.

2

:

While you can't ask, you know, Chatchity to create some ransomware for you, you can ask it

to create all the pieces that then when put together becomes ransomware.

3

:

And there's a lot of tools that, know, that AIs that are not commercial, that they can

build on their own and kind of remove those checks and balances.

4

:

So now people that aren't even sophisticated.

5

:

can get involved in some of those malicious activities.

6

:

Welcome to the Las Vegas podcast.

7

:

Today I have the pleasure of speaking with Leo.

8

:

This is our second conversation and I'm super, super excited to get to know a little bit

more about what he's been up to.

9

:

He is with Healthy Technology Solutions.

10

:

How are you doing today, Leo?

11

:

Hey, thanks for having me on.

12

:

I'm doing great.

13

:

Happy Monday.

14

:

Yeah, happy Monday.

15

:

Mondays are a beautiful thing.

16

:

We've had a discussion in the past and I am super excited to have you back on the show.

17

:

You're actually our first person that we've had back on the podcast, which is pretty

exciting.

18

:

No, glad to be back.

19

:

Yeah, that was very very exciting and we did have a great discussion, but can you just

remind our audience about your background and what led you into the IT and cybersecurity?

20

:

I've got a useless, what I call BSBA, and BS is not Bachelor of Science.

21

:

And so right out of college, I'm looking for a job and somebody I interviewed with liked

me and they said, what do you want to do?

22

:

I said, I don't know, what do you got?

23

:

And they said, how about computer networking?

24

:

And that was about 30 years ago.

25

:

So learned pretty fast and ended up in a consulting environment where you really learn

fast.

26

:

So every year is like 10 years in a regular job.

27

:

So that's pretty much how I ended up doing it.

28

:

That was in California, built up the business there, sold it, moved to Las Vegas, kind of

started over again, just to be in a more tax and business friendly state.

29

:

And we've since expanded to Florida and San Antonio.

30

:

wow.

31

:

Well, that's very exciting.

32

:

And I'm sure as you said, within this industry, things do grow and change pretty quickly.

33

:

Absolutely.

34

:

What are some of the changes that you've seen in the last 30 years?

35

:

When I first started, was, when I first got an IT, there was no internet.

36

:

mean, there was, but it was like the ARPANET or whatever, the university system.

37

:

It took me about a year to convince at that point, my first employer to get me an internet

account, just a dial-up account to get online.

38

:

So it was, from that to now you can't do business without internet access and everybody,

every cell phone has faster access than we did.

39

:

even paying thousands of dollars a month for internet, you years ago.

40

:

So it really, you know, the remote access piece, I mean, especially the MSP business,

which really didn't exist 30 years ago, it really started about maybe 20, but it couldn't

41

:

exist back then because we didn't have that remote access.

42

:

We didn't have the ability to monitor our clients.

43

:

We didn't have the ability to remotely connect and remediate issues.

44

:

So there's a lot of changes.

45

:

Got it and with someone who's I'm 32 years old, but his I grew up with a well.

46

:

And I honestly could not imagine what it was like 30 years ago.

47

:

Like what your job would be if you could I started kind of take you back but very

interesting and kind of what that looked like 30 years ago.

48

:

There was some before.

49

:

I.T.

50

:

was really it was literally just help desk and physically, you know, making sure the

servers are running, making sure the end users could work and resolving hardware issues,

51

:

resolving some user training issues.

52

:

But what it's migrated into is we are now cyber security that happens to do I.T.

53

:

So if it if if the business is not secure, if the business is.

54

:

If their data gets deleted or encrypted or their systems are brought down by bad guys,

there's no business.

55

:

So our primary focus now is security and then everything else is secondary.

56

:

Back then, our primary business was making sure people's stuff worked and helping them

maybe understand how to work with it more efficiently or better or use shortcut keys,

57

:

things like that.

58

:

Whereas now that is not really an afterthought.

59

:

It's still important because the customer service piece and working with our end users is

very important.

60

:

But if their systems are down because of bad actors, you know, and I don't mean, you know,

Mel Gibson or, you know, Jean-Claude Van Damme.

61

:

mean, like bad actors from North Korea or China or Iran, you know, or the script kitty

that lives in his parents' basement in Des Moines, Iowa.

62

:

All those people want to do is...

63

:

damage people's businesses and steal.

64

:

So if we miss any of those opportunities or give them opportunities to do that, it doesn't

really matter what kind of customer service we have or how well we treat our end users or

65

:

what we've taught them because there's no business and there's nothing for them to work

on.

66

:

So that's really the main difference.

67

:

Got it.

68

:

And then you didn't mention like someone possibly sitting in their, you know, I don't

know, in their mom's basement or someone in a different country.

69

:

What are some ways that companies can protect themselves when it comes to these people

that are trying to do harm to their business?

70

:

So first of all, you're, know, nobody is immune.

71

:

So, and anyone that says, hey, do what I tell you or pay me and you'll be a hundred

percent secure, I would run because there's nobody can be a hundred percent secure.

72

:

know, major government agencies with billions of dollars in budget are getting

compromised.

73

:

So it's really a matter of really paying it, you know, it's really doing a holistic

approach to security and, you know, doing everything you can.

74

:

And then making sure you've got the right backups in place, making sure that you have

contingency plans.

75

:

But really, it's a combination of end user training, training the staff not to fall victim

to the millions of phishing emails, the social engineering phone calls, or now there can

76

:

be social engineering video calls.

77

:

So you can actually have a call that looks just like this, but it's not the person you

think it is.

78

:

It could be just an AI-generated conversation.

79

:

on video.

80

:

So you actually can no longer trust the voice you're talking to as the person whose voice

you know, whether it's your family member or it's a business associate.

81

:

And now at the point where soon by the end of this year, I guarantee that video deepfakes

will be mainstream.

82

:

If there's already been a few that have been compromises or thefts using video deepfakes,

but it's going to become much, much more mainstream as our

83

:

There'll be free tools online to do these things.

84

:

So there's a training, but then there's always the regular antivirus, the anti-malware,

the managed detection response, the advanced detection response, the data backup.

85

:

If you combine all of those things with the end user training, then you are not low

hanging fruit.

86

:

It's like being the only house on the street without an alarm and a rottweiler.

87

:

If everybody else has a alarm system and a big sign that says we will shoot you if you

come through our door and yours has a little peace of love and you know, your house is the

88

:

ones can get burglarized.

89

:

So not being a hanging fruit for most businesses really is the best defense.

90

:

Now, if know, North Korea or Russia or, you know, China or Iran decide they want your

data, that's a different story.

91

:

That's much more difficult.

92

:

But for the average business we deal with,

93

:

whether it's a doctor's office, a law firm, a construction firm, architecture firm,

they're not being directly targeted by these nation states.

94

:

They're just being targeted by kind of the shotgun approach.

95

:

You shoot a shotgun in the air and you hope a pellet hits something.

96

:

That's what the bad guys are doing.

97

:

They're sending out millions of emails or billions of emails.

98

:

They're hoping somebody clicks on it.

99

:

And if you end up on some kind of a list, maybe they try calling you and try and do some

deep fakes.

100

:

and do a little bit of research, but it's a different level, whether you're, you if you're

the NSA or the office of personnel management for the U S government, there's a different

101

:

threat level than Dr.

102

:

Smith's pediatric office, that sort of thing.

103

:

So for normal businesses that we have here, it's it's doing all the kind of, all the

things that you need to do, the training, the backup and the higher level of, of security

104

:

software.

105

:

And ideally some

106

:

zero trust approach.

107

:

It's that white listing saying nothing can run on my employees' computers that hasn't been

approved already.

108

:

So that's kind number one in our mind.

109

:

If we can prevent bad things from running, and we don't know what those bad things are.

110

:

So the only way to protect you from everything is to say nothing other than this list of

20 applications is allowed to run.

111

:

And then you're much more safe.

112

:

than maybe your neighbor who doesn't have that.

113

:

Understood.

114

:

I know Leo, that was a lot of great information.

115

:

I had like a hundred different questions that came up to mind when you were speaking.

116

:

So I do have a question that one of the questions I do have is, you when it comes to

sources or websites that remote employees can go to, like, how do you protect the

117

:

organization when you have remote employees?

118

:

So it depends on whether those remote employees are using your company-owned computers

that you can completely lock down, just like as if they were in your office, or if they

119

:

are offshore employees.

120

:

So if they're employees, let's say in Philippines, India, Central South America, whatever

the case might be, that are using their own personal computers and you're hiring them

121

:

through an agency, you can't lock those down because they don't belong to you.

122

:

So now the question is, how do you...

123

:

have them working on your company's data.

124

:

What we do for our clients with those types of employees is we set them up with Azure

Virtual Desktops.

125

:

So Microsoft Azure, those desktops are set where they can't download anything from that

virtual desktop to their computer.

126

:

They can't print to printers, they're attached to their computer.

127

:

They can't exfiltrate data and they can't install anything on that virtual desktop.

128

:

because completely locked down.

129

:

So now they only have access to the programs, the applications that you allow them to.

130

:

And then if you use some productivity monitoring tools, you know what websites they're

going to.

131

:

You you block malicious websites or websites that maybe are inappropriate for your

business.

132

:

You block known compromised websites.

133

:

There's a lot of things that you can do, but that would be my strong recommendation.

134

:

Never allow...

135

:

somebody that's getting paid $5 an hour in the Philippines who's using the family

computer.

136

:

That's the computer that, you know, cause you're not talking about people that would, you

know, for them $5 an hour is a really good wage.

137

:

They actually have a really nice life, you know, then they have benefits and everything

else, but they don't have five laptops and, you know, and iPads and everything else in

138

:

their home.

139

:

So their kids and their spouse are also using that same computer.

140

:

So you don't want your company data touching

141

:

or those computers touching your company networks.

142

:

So you have to use kind of an intermediary and using a virtual desktop.

143

:

When we happen to use Azure, some people use VMware, some other people use Citrix.

144

:

I mean, there's a lot of different, know, Amazon Web Services has some virtual desktop

solutions.

145

:

There's a lot of ways to skin the cat, but you need some kind of a solution to separate

those remote employees from your data.

146

:

Got it.

147

:

Leo, I might be getting out with you very shortly on that.

148

:

So thank you for sharing that with me.

149

:

And then, I mean, it's been a couple months since we've chatted.

150

:

Has anything changed within your organization since a few months ago?

151

:

So there's a couple of things we added San Antonio as a service area, which is exciting

because Texas is a big place.

152

:

And we've also added credit card processing to our services just because we found that a

lot of customers, a lot of our existing clients are not PCI compliant and they're getting

153

:

charged a PCI non-compliance fee, which is not a big deal.

154

:

Per se, it might be $29 a month or $75 a month, whatever the case might be.

155

:

That's not so much the issue.

156

:

The issue becomes that if they have a customer that they sell something to and that person

uses a credit card that then charges that back.

157

:

If they're not PCI compliant, then they can't contest those chargebacks.

158

:

So if it's, let's say a plastic surgery, you medical practice, and they're doing some kind

of reconstructive surgery and it's $20,000 because it's not covered by insurance, someone

159

:

charges 20 grand on their credit card, has a surgery and then charges it back.

160

:

If they're not BCI compliant, have no leg to stand on.

161

:

They just lost that money.

162

:

mean, they could sue the person individually, but what business wants to deal with that?

163

:

Where all you need is just a little bit of care once a year to run a little test that

keeps you compliant.

164

:

Got it, and what are some ways that companies or organizations can make sure that they are

PCI compliant?

165

:

look at their credit card statements, their merchant statements.

166

:

It'll say that they'll show that there's a non-compliance fee.

167

:

If you're paying a non-compliance fee, according as far as that merchant services company

is concerned, you're not compliant, which means that you don't have appeal rights and

168

:

things like that.

169

:

So it's really just a matter of logging into the portal.

170

:

We do this for a lot of our clients where we'll log in, we'll run the tests and make sure

that they are compliant.

171

:

And for our clients that we process for.

172

:

we definitely make sure that they're compliant, just because that's really one of the

reasons that they're with us.

173

:

Got it.

174

:

No, it is a huge, huge thing.

175

:

So then that's so amazing that that's something that you offer.

176

:

And when it comes to cyber cybersecurity threats, you they're constantly changing, they're

constantly evolving.

177

:

What are some of the biggest threats businesses are facing today?

178

:

So it's still the same things that have been going on for the last few years.

179

:

The business email compromises is a major issue because once they get into your email

account, they have everything that you've sent or received.

180

:

They know who you talk to, they know how you talk.

181

:

And there oftentimes will be things in your email like credit card statements or phone

bills.

182

:

And those phone bills oftentimes have your PIN.

183

:

So now they can potentially steal your number.

184

:

you know, if they get into your bank or they try to do a password reset, they set a rule

to that where that email then gets forwarded to them.

185

:

They could potentially take over your bank account and then they pour your their user pin.

186

:

They're able to transfer your cell phone number to a burner phone and they receive the

text from the bank to confirm.

187

:

And so now they have full access to your bank.

188

:

You know, Microsoft 365.

189

:

used to be that if you had multifactor authentication, you were safe.

190

:

Well, now just clicking on a bad link while you're logged into your Microsoft 365, they

steal your session token.

191

:

They can insert it on their computer.

192

:

Now they're in as you with a completely bypassing multi-factor authentication.

193

:

So there's those types of things that are major threats.

194

:

But on top of that, throw in all the AI.

195

:

So now anybody that is non-technical can use AI to create little applications.

196

:

While you can't ask, you know, chat GPT to create some ransomware for you, you can ask it

to

197

:

to create all the pieces that then when put together becomes ransomware.

198

:

And there's a lot of tools that, know, that AIs that can be, that are not commercial, that

they can build on their own and have, you know, and kind of remove those checks and

199

:

balances.

200

:

So now people that aren't even sophisticated can get involved in some of those malicious

activities and throw in now the ability to speak with anybody's voice.

201

:

So anybody, no matter what your accent can now sound like, know, sound like me, sound like

you, and they can call your employees, they can call your family and pretend to be you and

202

:

ask for stuff.

203

:

So there's like that ability to really fool people.

204

:

So all of those things combined really make it a very dangerous neighborhood online.

205

:

Got it, and you did mention trainings.

206

:

Like what are some of the trainings that employers should be offering to their employees

to protect their business?

207

:

Well, it's the security awareness training.

208

:

It's what are the threats?

209

:

How do you, you know, how do you browse the internet?

210

:

Cause most people, if they want to go to, you know, a particular website, they search for

that website instead of typing in the, you know, the website name that they know they're

211

:

searching for, let's say Wells Fargo.

212

:

And then they click on the very first link that pops up.

213

:

Oftentimes that first link is malicious.

214

:

It's versus if you just type wallsfargo.com and hit enter, you go right there.

215

:

You go right to that website.

216

:

So just little things like that.

217

:

But also how to spot a phishing email, how to check, hover over the URL to see where it

really goes.

218

:

How to not be fooled by people pretending to be coworkers, HR people not changing the

direct deposit information for an employee based on an email that was either compromised

219

:

or fake.

220

:

Bob Smith.

221

:

you know, an ABC company dot com sends an email to HR from, you know, Bob Smith, Bob Smith

at, you know, bad guy dot, you know, CN from China.

222

:

That's probably not the person you probably shouldn't take, you know, change, change where

you're direct depositing their, their, their next paycheck, you know, a couple of days

223

:

without maybe calling them on the phone and saying, Hey, you change your bank account.

224

:

That's just little things like that.

225

:

So there's a lot of security awareness training and there's also phishing training.

226

:

So, you know, like we send phishing emails to our clients and then we see who falls for

them.

227

:

And if they fall for them, then we have conversations with either that individual or with

the employer.

228

:

If a lot of people are falling for it and doing some additional training and there's

nothing, everyone's busy.

229

:

There's nothing that doesn't make somebody a bad person or lazy or stupid for make for

falling for this stuff, because everybody's really busy and they're, know,

230

:

you get an email from a name you recognize, you may not have the time to look deeper, but

you have to at this point.

231

:

Yeah, unfortunately.

232

:

Definitely are these trainings that your company provides or you guys just provide a

resource?

233

:

So we actually, so any of our clients, provide a base level of training.

234

:

Actually any client or any, really any company we engage with, even if they don't hire us,

we still provide them with a training portal for their employees.

235

:

Just for, it's a once a year training.

236

:

For the, for our clients that want more, we provide where there's weekly micro trainings,

little 30 second trainings once a week.

237

:

And then in addition to that, the phishing simulation where they're receiving emails that,

you know, that we're generating that

238

:

that they can then either fall for or not.

239

:

And we get a report back, who clicked, who entered data, and that's a great tool for

seeing who needs a little bit more, a little more training.

240

:

I know and I just love that.

241

:

It's awesome that you guys do that for people and for companies.

242

:

And then, know, many small to mid-sized businesses think they're not targets for cyber

attacks.

243

:

Why is that a super dangerous mindset?

244

:

Because who is more susceptible to being compromised?

245

:

You know, a small business that has no professional IT staff, may be working with a

company like mine or their IT might be the receptionist's boyfriend after work type of

246

:

thing.

247

:

And they're not devoting any resources to training.

248

:

They're not devoting any resources to more advanced cybersecurity solutions, firewall

solutions versus a large company.

249

:

You know, a large company has, they have somebody that maybe probably has 30 years

experience like myself as their chief information officer.

250

:

They have a chief security officer.

251

:

have, you know, all these different levels and IT manager and staff plus the budget to,

you know, to really, you know, to properly back things up, to properly secure, you know,

252

:

secure the infrastructure.

253

:

And, and those companies even get compromised, but it's much more difficult versus the

small business.

254

:

That is who the majority of the compromises are against.

255

:

You just don't hear it because, you know, when MGM got compromised because someone in the

help desk made a mistake, was that affected stock price.

256

:

That was international news.

257

:

When, you know, a small business in Las Vegas or Florida or wherever gets compromised,

one, they're embarrassed.

258

:

They don't tell anybody.

259

:

They don't know, you know, oftentimes, even though legally they're supposed to.

260

:

But it's not going to be news.

261

:

So even if they report to the state or to Health and Human Services, it's still not going

to be front page in the paper unless it's a really egregious, you know, something really

262

:

egregious happened.

263

:

So those are, you know, the businesses that get compromised the most because they're the

ones falling for one of the simple phishing emails that are still written in bad English.

264

:

And for those emails, there, is there something that, know, companies like words or

something that they should see?

265

:

I know you did mention like, you know, maybe it was, it looks like that email, but maybe

instead of like dot CNN or dot com or whatever, but is there words or anything like you've

266

:

found that, you know, these people that are doing this that they possibly use?

267

:

No, so it used to be that you knew right away that it was bogus when it started with

greetings of the day.

268

:

You know, it's not someone from the United States.

269

:

No one speaks that way in the US.

270

:

So but now those people are able to just type that up in chat GPT and say, please, you

know, please correct the grammar, you know, and put and translate this into American

271

:

English and chat GPT will make it perfectly, make it sound.

272

:

like me or you would write.

273

:

So there's really nothing, there's no language that the bad guys are going to use because

depending on what business they're targeting, it's going to be completely different.

274

:

If it's a medical practice versus a low voltage contractor, that is something that is a

problem.

275

:

They're going to be able to use it to make sense to the person that they're targeting.

276

:

got it so you know we may be using chat gbt or an ai software for you know a positive

resource but they're using it in a negative way

277

:

No, and that's in keep in mind now you can actually like images built into the Samsung

Galaxy phones.

278

:

I can actually call you and speak to you in any language that exists.

279

:

And I could be speaking.

280

:

I'll speak English and you'll hear it in whatever language that I've asked for it to be to

be it.

281

:

And it's on the fly.

282

:

And then when you respond back to me, it's going to translate that into English.

283

:

And so we're going to have a two way conversation without

284

:

those awkward silences and it will be natural.

285

:

So now you've got people from anywhere in the world that can have conversations with

people anywhere in the world and pretend and use any voice they want.

286

:

So you have, you know, people that, you know, this actually knows some people that this

happened to, but they get a call saying, Hey, we've got your kid, you know, pay X dollars.

287

:

because they know based on they compromised someone's account or based on social media,

they know that that person happens to be on vacation in Mexico.

288

:

So now they call the relative saying, we've got your kid or you got your grandkid,

whatever the case might be.

289

:

then they, suppose they put them on the phone real quick and all they did was they took a

couple of snippets of their voice, put it in the AI, typed what they wanted to say.

290

:

And there's no way to distinguish that.

291

:

from reality.

292

:

It's something that's, as you said, that can be fearful, but we just have to protect

ourselves.

293

:

Yes.

294

:

And so.

295

:

And the other thing is people pretend, people call businesses and pretend to be their MSP.

296

:

They pretend to be, so they can say, hey, I'm calling, because they can fake the phone

number that the caller ID shows.

297

:

And they can even fake the voice.

298

:

So we're actually implementing verification software.

299

:

So soon, our clients will be able to verify us just like we verify our clients.

300

:

Got it, and I'm sure that's very important, the times that we're currently in.

301

:

We did talk about AI, the threats that on the rise.

302

:

Is there a way that businesses should adjust their current security strategies?

303

:

Really, it's all the same things.

304

:

The only other thing I would say is that now you have to verify who you're talking to even

more.

305

:

So never wire money based on an email, in all reality, or a text message.

306

:

Actually call the number that you have for that person or for that company and put in

their extension number in order to talk to them to actually get wiring information.

307

:

So this is an area where businesses are getting hit a lot, whether they're buying a house

or they're...

308

:

you know, starting a construction project and they're wiring money.

309

:

You cannot trust what you get from people.

310

:

You just via email or even just if they call you, you don't necessarily know that's the

real that's the real person.

311

:

I would call back and don't call the number that's in the email.

312

:

Call the number that, you know, is either on the company's website or that you have in

your contact records.

313

:

Beyond that, again, training, you know, advanced security products and,

314

:

I didn't mention earlier, patching all the computers.

315

:

That's another area where people don't, they'll get compromised because their computers

are running Windows that has vulnerabilities that should have been patched two years ago.

316

:

Still unpatched.

317

:

Well, you just make yourself low hanging fruit just by browsing the internet.

318

:

You are potentially compromising your organization.

319

:

Thank you so much, Leo.

320

:

And what exactly does an NSP do and why should businesses consider working with one?

321

:

So managed services provider, it's the new name for IT consulting.

322

:

And the main difference between regular IT consulting, what used to be IT consulting and

managed services is our job is to keep the customer up and running.

323

:

And instead of getting paid per hour, when the client has problems, our job is to prevent

those problems in the first place.

324

:

So they're paying us per month, typically per user or per computer per month.

325

:

our responsibility is to make sure that they don't have to call us.

326

:

So that's the ideal situation with MSP environment is the customer almost never has to

call us unless it's for good stuff.

327

:

And we don't have to drive out for emergencies.

328

:

And that becomes very profitable for both us and for our clients because if we do the

right thing and they don't have problems, they get to do their business.

329

:

They get to do their job and they're not wasting time talking to us.

330

:

And

331

:

if we find that we're seeing the same problem over and over and over again from multiple

employees in the same organization, then it's really behooves us to figure out how do we

332

:

solve those problems so they stop calling.

333

:

So it's really, it's selfishness that really works for both sides of the equation because

they don't want to call us.

334

:

They want to do their job.

335

:

They're busy.

336

:

They're oftentimes understaffed and then talking to us takes away from what they need to

do.

337

:

So if we can really do our job properly and keep them up and running and not

338

:

having problems and not getting compromised and those types of things, then it makes it

much more profitable for us.

339

:

It makes it a more interesting job for us because we can be working kind of on the next

project to make them more efficient, to utilize technology better.

340

:

And we're not having to deal with the monotonous, I can't print, I can't print, I can't

print.

341

:

If you hear that from 10 clients every day, that's just not fun.

342

:

Just from a

343

:

you know, from a, you know, IT job perspective.

344

:

The other thing is in a smaller companies, they can't necessarily afford good IT staff.

345

:

So if you have under a hundred employees, you probably shouldn't have a full-time IT

person because that IT person is going to get stale in that environment.

346

:

They only see that environments.

347

:

They don't know what else is available out there.

348

:

And then also that person gets sick and goes on vacation once in a while.

349

:

So then what do you do?

350

:

Now you have to have a firm.

351

:

that you can contract with.

352

:

And then what happens with an IT person leaves and finds a different job or gets hit by a

bus?

353

:

So now you have all your eggs in one basket versus when you work with an MSP, we don't go

on vacation.

354

:

You know, we have, we don't, can't do a company retreat just closed for a week because our

clients depend on us.

355

:

So we're always available and we have people, have someone available on the weekends.

356

:

We have someone always available for our clients.

357

:

So that's really the main difference.

358

:

Now for larger companies, they may want to work with an MSP and have staff.

359

:

And we have a number of clients like that where we do the more complicated projects or,

you know, if they run into situations that they can't handle, then they escalate it to us.

360

:

And then they also oftentimes use our tools to manage their environments.

361

:

And then if they have big projects and they don't have enough manpower for, you know, they

want to roll out a couple hundred computers.

362

:

Well, IT staff can do it, but it'll take them potentially a couple of months versus

363

:

They can contract with us.

364

:

We come out and we will get it done with them in two weeks.

365

:

Got it.

366

:

No, that totally makes sense.

367

:

So I get it.

368

:

And maybe what should a business look for when they're trying to choose an MSB?

369

:

So there's a million on these MSPs out there.

370

:

Some are small as one person working out of their house.

371

:

Others are huge public companies.

372

:

It's really based on your type of business.

373

:

Who do you want to work with?

374

:

You want to work with someone that's local, someone for whom every client is important.

375

:

So it's that the size.

376

:

If that MSP has one employee,

377

:

you're very important, but they may not have the resources to properly support you.

378

:

And then do they have the tools?

379

:

Can they afford the tools?

380

:

Do they have cyber, you know, cyber insurance?

381

:

Because that's an area where, you know, we maintain cyber insurance because no one's in to

help.

382

:

And if we get compromised, then potentially all of our clients can get compromised.

383

:

But if any one of our clients gets compromised because of something we do,

384

:

that's potential lawsuit, which we really, really want to avoid.

385

:

But if we didn't have insurance, then they're not going to get that much.

386

:

They're not going to be able to really become whole again.

387

:

So every MSP we work with should have cyber insurance and be able to prove it, could have

tools for verifying the end users that are calling and really having enough expertise in

388

:

their industry in order to properly support them and having that security focus.

389

:

And then when it comes to the type of client that you're looking to work with, what does

that look like?

390

:

For us, is, you know, we specialize in a few different industries.

391

:

You know, we have deep specialization in healthcare.

392

:

So we've been working in healthcare for a very long time.

393

:

Really understand HIPAA and the requirements for that practices need.

394

:

Also construction engineering and architecture firms.

395

:

You know, we've been working with those folks for a very long time and understand the

industries, understand what they need, their software tools, and then other professional

396

:

services organizations like law firms, CPA firms that

397

:

need to be up and running because they're really their business depends on their computers

functioning, especially like for CPAs during tax season.

398

:

And there's regulatory, like CPAs are now governed by some regulatory requirements that

they have to, because they have tax information, have, know, social security numbers.

399

:

There's a lot of data, just like healthcare, that they have of their clients.

400

:

So it has to be secured.

401

:

And there's both federal and state laws that govern those things.

402

:

So we really understand that.

403

:

But the other caveat,

404

:

We want to work.

405

:

We don't want to work with companies, no matter how much they pass, if they don't value

what we do for them.

406

:

So for us, it's important that it's a partnership.

407

:

Our job is to keep them up and running.

408

:

And their job is to listen to our recommendations.

409

:

They don't have to do exactly what we say, but they at least need to listen to our

recommendations and understand why we're making those recommendations and not just say no

410

:

because they don't want to spend the money.

411

:

So if they're not willing to

412

:

invest in their own business to keep themselves secure.

413

:

At this point, our policy is not even to engage.

414

:

So they have to be able to maintain a minimum level of security for us to even consider

working with them.

415

:

So someone that doesn't want to do the cybersecurity, know, know, softwares that at a

minimum we recommend, we just can't work with them.

416

:

Someone's not going to do data backup.

417

:

It just doesn't make sense for us to work with them because we're risking our reputations

if they get compromised.

418

:

And in healthcare,

419

:

If they get compromised because we didn't do what's really required, we can be fined by

Health and Human Services.

420

:

And I'm not really willing to be fined and risk my business based on somebody else not

wanting to spend budget on critical things.

421

:

Got it.

422

:

No, and that's super important.

423

:

No, and I totally understand.

424

:

We're in the same, I totally get it.

425

:

mean, cabling's cabling, of course, but I know I totally understand what you're saying.

426

:

And then when it comes to, you know, what are some of the challenges that MSPs face when

working with clients who don't prioritize cybersecurity?

427

:

I mean, the clients are prioritizing some security.

428

:

just not working with them.

429

:

So it's not it was a problem because, you know, we were trying to kind of fight that good

fight, but we were losing because if we know there are clients, we're not their boss.

430

:

They're our boss.

431

:

But as as the employee or the contractor or the consulting firm, we have the ability to

decide who we work with.

432

:

And we're working with those that, again, value.

433

:

what we're trying to bring to the table.

434

:

The challenges for us now really is maintaining a good staff on our end because all costs

are going up.

435

:

you know, all costs over the last, you know, you know, the last four years was the costs

went up tremendously, you know, during COVID and after and, know, and they're still going

436

:

up, maybe not as fast anymore, but they're still rising.

437

:

The tool costs, because we're finding that we have to add additional tools.

438

:

to our repertoire and we don't necessarily pass it on to our clients.

439

:

So, you know, staying profitable while doing what we need to do is a challenge.

440

:

And just, you know, again, really making the clients understand that, hey, this is there's

a reason why we say, know, yes, it's inconvenient to do multifactor authentication.

441

:

It's terrible.

442

:

I have to look at my, you know, authenticator app a dozen times a day.

443

:

It's extremely inconvenient.

444

:

critical because without that, pretty much, you know, it's like leaving your door unlocked

or even cracked open in a bad neighborhood with expensive stuff on the inside that people

445

:

can see.

446

:

So you just, that's just a bad idea.

447

:

Now you could do that for a day or two and you might not get burglarized, but you might

get burglarized in the first 15 minutes.

448

:

Your guess is as good as mine.

449

:

So we just have to not, you know, pray.

450

:

We just have to actually do the right thing.

451

:

it.

452

:

Now that makes total sense.

453

:

So would you say in the making music, you it's not really something that you guys had

dealt with in the past?

454

:

Would you or not you're not dealing it with it as much?

455

:

Do you feel like maybe you guys became more, I guess, better at educating your client?

456

:

And that's why you're currently not dealing with it as much?

457

:

No, I think we just become more mature and as a business and gotten to the point where

we're just not going to work with people that don't fit into, you know, into our, you

458

:

know, ideal client kind of scenario.

459

:

If somebody's not willing to do what, you know, what we ask them to do, there's one of two

things.

460

:

If they're a good client otherwise, we'll make them sign a declination of service, you

know, form where they're saying, yes, we've formed them about

461

:

how critical this is, they've said no, they've declined, and they're willing to assume the

risk themselves.

462

:

Because now they are acknowledging they've been told.

463

:

Because if you just have a conversation with somebody a year later, that person may no

longer be there, or six months later, and the person that replaced them is going to blame

464

:

us, even though they declined some of those critical services.

465

:

So that's

466

:

Either so that's the one scenario.

467

:

The other scenario is if it's serious enough, we'll just say, you know, thank you for your

business, but we're going to have to help you transition to somebody else that may not

468

:

care about these, you know, security as much.

469

:

And we're willing to do that versus, you know, five years ago, six years ago, we were

smaller.

470

:

We had fewer resources.

471

:

We may not have been willing to do that as much because every client, you know, every

client's important, but

472

:

losing certain clients could have been, you know, very detrimental to business.

473

:

Now, no one client is, you know, is that big of a percentage of our revenues to where, you

know, we have to worry about that.

474

:

And it's more important for us that the clients do the right thing, that we do the right

thing for the clients than to keep the client.

475

:

got it and Leah, totally actually understand exactly what you're saying.

476

:

I feel like we're at the same place as well, which it's a great feeling when you don't

actually have to depend on a client to eat or be able to feed your employees.

477

:

So I do think that's actually a really good feeling.

478

:

And the other thing, the clients have to communicate.

479

:

What I hate is getting the phone call, hey, you know, we ordered a bunch of copiers and

they're here and they're going to take away our old ones.

480

:

Can you guys come out and set them up?

481

:

It's like, wait, copiers?

482

:

He's like, why didn't we have this conversation?

483

:

Because we don't charge our clients hourly.

484

:

You we're not attorneys.

485

:

We don't charge every 15 seconds or 15 minutes.

486

:

It's, you know, question one, you copier.

487

:

Give us a call.

488

:

We'll review the options and say, yes, this company is good.

489

:

This company is bad.

490

:

This one's not going to do what you need it to do because that's our job.

491

:

And then, you we plan for good transitions.

492

:

When we get those calls last minute, one, we're having either they're going to have to

wait for us if we have a lot of other appointments or if we're having a busy day or, you

493

:

know, or if it's really critical, we may have to put off somebody, you know, some other

client because of the poor planning.

494

:

that

495

:

Communication is really important.

496

:

Getting a phone call, hey, we're moving our office next week.

497

:

Can you guys come out and help with that?

498

:

Okay, what about internet?

499

:

Do you have internet?

500

:

Oh, can you guys set that up?

501

:

Well, no, we can't get fiber internet for you in a week.

502

:

None of the internet providers will move that fast.

503

:

We need 30 days.

504

:

Those types of things, that's what makes a good client, it's that proper communication.

505

:

They need to reach out to us when it's appropriate.

506

:

We need to reach out and inform them about things when it's appropriate.

507

:

That two-way communication, just like in any relationship, whether it's an

employee-employer, whether it's a relationship between spouses or boyfriend-girlfriend,

508

:

kids, whatever, there has to be that communication.

509

:

Otherwise, you end up with problems.

510

:

Yeah, no, totally.

511

:

Very, very true.

512

:

And then how, what are some misconceptions do businesses often have about MSPs and how

have any of those changed in the recent years?

513

:

I mean, you know, every everyone has their own misconceptions or some just think that

we're just trying to sell stuff and selling stuff is such a small part of our business

514

:

that honestly, we just don't care.

515

:

You know, whether you buy computers from someone else or from us.

516

:

Sure.

517

:

You know, we prefer that you buy it from us, but we don't really care.

518

:

What we care about is that you buy the right stuff.

519

:

So who you buy it from is it really is a role.

520

:

Beyond that is that there's a major, think the biggest misconception is that just because

you have an MSP that they're handling all of your cybersecurity, your HIPAA compliance,

521

:

that they're handling everything.

522

:

Unless it's specifically stated, they're not.

523

:

so when we get, oftentimes we're asked to fill out cyber insurance paperwork for our

clients.

524

:

One, I won't fill it out.

525

:

I will look at it.

526

:

I'll tell them what I think the answers are.

527

:

They need to fill it out because if I fill it out, then I am almost I'm myself on the hook

that this is all true that they're doing that they are really doing those things.

528

:

And oftentimes they think, well, you as long as as long as I have an MSP, I'm compliant.

529

:

It's not true unless you actually do the things that you have to do to be compliant.

530

:

So that's a big misconception as well.

531

:

And we try to keep our clients compliant, but.

532

:

We still have some few legacy clients that where we may not handle everything for them

like we would like to.

533

:

And, you know, unless it's actually in our agreement, we're not doing it because, you

know, again, we'll recommend it if they say no.

534

:

You know, get them to sign off saying that they know that they've been told.

535

:

But, you know, that's something people really need to think about.

536

:

And the other thing is that, I've got something, you know, cloud, you know, all my

software is cloud.

537

:

You know, it's all, you know, other companies, we're compliant, we're secure because it's

not installed on a server in our office.

538

:

Still, you know, you're still just as vulnerable as if you had a server in your office.

539

:

Got it.

540

:

Would you say with being on the cloud you're more at risk?

541

:

No, not necessarily.

542

:

Oftentimes you're less at risk for the, as far as data loss, because if you have a cloud

provider for whatever software, CRM or electronic health record system or practice

543

:

management system, there's nothing that you're going to do is going to cause that server

that you're connecting to over the internet to be encrypted.

544

:

So you're not going to get ransomware issues.

545

:

there's a chance that the vendor could get ransomware if they're not properly managing

things.

546

:

And we've seen that before, but that's not something that you have control over.

547

:

What you have control over is if someone compromises your computers and gets the password

to that system and is able to exfiltrate all the data, you're still just as vulnerable for

548

:

that as if it was on your network.

549

:

So the uptime piece, you're not as vulnerable about as long as the vendor you've gone with

is a good vendor.

550

:

But the potential for data loss,

551

:

Because now anybody, when it's on your network, someone has to break into your system and

actually use your system to access it, or somehow get into your network.

552

:

When it's in the cloud, anyone in the world potentially, if they have the username and

password, can now get in there, make changes, steal data.

553

:

that becomes, reusing passwords becomes a really big issue, using poor passwords, or even

storing passwords in your browser.

554

:

because clicking on a bad link, the bad guys get all your passwords immediately, literally

instantly.

555

:

So not using a password manager makes being in the cloud less safe.

556

:

it.

557

:

Thank you for sharing that Leo.

558

:

And then where do you see that the future of managed IT services heading on the next five

to ten years?

559

:

So there's going be a lot more AI enablement.

560

:

Our official intelligence, while there's a lot of bad things happening because of AI,

there's going to be a lot of good things.

561

:

So you have AI involved with security.

562

:

You have AI involved in service delivery.

563

:

We're about to implement some AI tools to make communication with us better.

564

:

So there's going to be AI phone agents, I think, are going to be able to solve a lot of

frontline problems for our clients.

565

:

you know, so that they don't have to wait for our staff.

566

:

So there's, can see a lot of what we're self-service where they're going to be able to

call in, they get verified, they can make a request and our AI will immediately handle

567

:

that for them so that they don't have to wait for a person to do it.

568

:

So it's going to speed up service delivery, going to make the communication better.

569

:

All at the same time, it's also making communication more dangerous because the bad guys

are going to be using it to

570

:

pretend to be us, to pretend to be our customers, to try to get us to do things that we

wouldn't otherwise do.

571

:

So it's really the, it's going to be the battle of the AI.

572

:

And this was, I think this is the decade of AI.

573

:

This 10 years massive changes.

574

:

I mean, it will continue indefinitely, but it's going to be absolutely massive changes in

every industry.

575

:

No, I totally I can totally see that.

576

:

And that was actually coming into my next question is how do you think AI and automation

will impact the role of MSPs and cybersecurity trust strategies?

577

:

So again, really the same answer.

578

:

It's, we're using AI tools that are getting better and better and better at spotting

malicious activity.

579

:

And at the same time, there's AI tools that are going to be used to try to do that

malicious activity.

580

:

literally you're going to have Skynet battling, you know, Skynet, know, Earthnet, you want

to call it.

581

:

So it's just going to be, it's going to be the battle of the AI, the AIs with

582

:

humans that are needing to look at, you know, look at when AI flag something, you know,

you're going to need to look at is this legit?

583

:

Is this not legit?

584

:

Yeah.

585

:

So there's going to be a lot of, you know, a lot of human intervention that's going to be

needed, but the AI tools are going to be doing a lot of the heavy lifting, least on the

586

:

front end, both on the bad guy side and on the good and on the good guy side.

587

:

Got it.

588

:

that's something for you know, for us to think about Leo if someone's What like what would

you like to share with our is there anything else that you would like to share with our

589

:

audience before we go?

590

:

You know, I think we've covered just about everything.

591

:

Really, it's a matter of staying educated, staying on top of what's out there, not being,

not trying to save, risking a million dollars by saving a dollar.

592

:

So that's really important.

593

:

But then also knowing you don't have to buy every tool that's being sold.

594

:

It's really a matter of covering your bases, properly training your employees, having

processes in place.

595

:

You know, if the CEO emails a CFO and says, hey, I need you to wire, you know, half a

million dollars to this new vendor, it needs to get done today and I'm hopping on an

596

:

airplane, you know, email me when it's done.

597

:

No, you have to have a process in place that that would never happen, you know, that that

would be a phone call.

598

:

That would not be, you know, that would be a phone call with a callback with some kind of

a pin, you know, just there has to be processes and checks and balances.

599

:

for everyone to protect themselves from the corporate level all the way down to the family

level.

600

:

You get that call that, we got your kid here.

601

:

to them for a second.

602

:

There needs to be some kind of a real code that you know that's really them.

603

:

It's not someone that is using AI to make it sound like it's them.

604

:

Got it, no, I get that.

605

:

Thank you so much today, Leo.

606

:

It was a pleasure.

607

:

If someone is looking to connect with you, how do they do so?

608

:

So they can email me at leoB at htsfast.com.

609

:

That's Henry Tom Sam and the word fast.com.

610

:

The website can be reached by htsfast.com as well.

611

:

That's really, you know, look me up on LinkedIn, look me up on, you know, on the web and

would love to talk to just about anybody.

612

:

We're also looking to for companies that are in business friendly states in the United

States that are in managed services that are looking potentially to

613

:

Either get out or sell.

614

:

looking for smaller MSPs that would like to join a larger team.

615

:

Awesome.

616

:

Well, thank you so much, Leo.

617

:

We'll be sure to put that in the description and everyone have a good day.

618

:

Thank you so much.

619

:

Thank you very much.

620

:

Have a great one.

621

:

you too.

Next Episode All Episodes Previous Episode

Listen for free

Show artwork for The Las Vegas IT

About the Podcast

The Las Vegas IT
Weekly Insights from IT Experts
Welcome to the Las Vegas IT Podcast, hosted by K&B Communications with our host Shaytoya Marie. Your go-to source for weekly insights and expert advice from top IT professionals in Las Vegas. Each week, we delve into the dynamic world of information technology, exploring the latest trends, challenges, and innovations shaping the industry. Join us as we interview seasoned IT experts who share their knowledge, experiences, and practical tips to help you stay ahead in the ever-evolving IT landscape. Whether you're an IT professional, business owner, or tech enthusiast, our podcast offers valuable perspectives and actionable insights to enhance your understanding and success in the IT world.

About your host

Profile picture for Shaytoya Marie

Shaytoya Marie

Shaytoya Marie, the host of the Las Vegas IT Management Podcast, has been with K&B Communications for almost 10 years. Throughout her time with the company, she has taken on many roles, including sales, marketing, accounting, and recruiting. Shaytoya’s hard work behind the scenes has been essential to the company's success.

Inspired by her diverse experience and dedication, Shaytoya started the Las Vegas IT Management Podcast to share valuable IT insights and connect with local experts. Her passion for technology and helping businesses thrive makes her the perfect host to bring you expert advice and practical tips each week. Tune in to learn from Shaytoya and her network of top IT professionals in the Las Vegas valley.