Cyber Savvy
A successful cyber-attack has taken your company off-line. The FBI and CISA have been contacted. What now? As you know, if this hasn’t already impacted your business (either directly or indirectly), it will.
How can you make yourself a harder target, mitigating against cyber-attacks? What does all the terminology mean and why does it matter? What happens if an attack is successful?
Join DTC, Inc. as we outline, in a straight-forward manner, many of the issues surrounding cyber security which directly impact business owners. Our Cyber Savvy podcast episodes feature Michael Urbanik of RK Tongue and Andrew Rose, a cyber specialist as well as special guests and co-hosts.
New episodes will be posted monthly on the 2nd Tuesday, make sure to follow and subscribe wherever you listen to your podcasts, so you don't miss new content!
We would love to hear from you! Please send us your comments and questions to: AskUs@DTCtoday.com
Cyber Savvy
Main Threats Against Medical Professionals ft. Scott Leister
In today's episode, we will be discussing the main cyber threats against medical professionals with Scott Leister, a Dev Sec Ops engineer who has been in the MSP industry working for DTC for over 20 years.
Andrew Rose began a cybersecurity awareness program in 2016 while at a major agricultural bank after recognizing that the ag sector wasn’t getting the attention it needed about the risks posed by cybercriminals and other adversaries. He helped coordinate several symposiums and events focusing on the topic. He is now an independent contractor and volunteers his time to bringing cybersecurity awareness, education, mitigation, and response to the ag and food supply chain (and other special projects). His focus is on mitigating emerging threats. In addition to his experience in cybersecurity, he has a deep understanding of banking/finance, risk management, and other professional service sectors related to food, agriculture, and climate.
Want to hear more? Past episodes are all posted, including on YouTube! Follow and subscribe on your favorite podcast app to ensure you don’t miss out on the conversation!
00;00;05 - 00;00;24
Andrew Rose (Intro)
Welcome to cyber savvy. This podcast was created by DTC to bring awareness, mitigation and response to cybersecurity threats. Companies and organizations face daily. Be prepared. Be cyber savvy.
00;00;24 - 00;01;31
Andrew Rose
Good morning. I'm Andrew Rose, your host of the DTC Cyber Savvy podcast. And as our lawyer listeners know, we invite subject matter experts to join us to offer us new and novel ways to protect your organization against the threat of cyber thieves and other malcontents.
A little bit about who DTC is. For decades, we've been servicing and protecting the computers and networks of our clients, particularly those in the specialty medical and dental fields and we're known throughout the industry for how nice our staff is.
And I believe we have just celebrated our 25th anniversary. If I recall seeing the LinkedIn post recently. That's phenomenal.
One way we do give back to the community is by hosting informational seminars in a variety of topics. And recently, two of our engineers spoke to a group of dental professionals about some cybersecurity risks. And today I'm joined by Scott Lister.
Scott, you've been on this podcast before, but I'm sure there's a few listeners out there who are not as familiar with you.
Can you talk a about what your background is and how long you've been with DTC? And right now, what is your current area of interest?
00;01;32 - 00;02;08
Scott Leister
Well, my, background consists of, about 20 plus years in the MSP industry working at DTC. Which we primarily focused on dental all that time, although now we're branching into other verticals as well.
My current interests are automation. I love just being able to automate repetitive processes. The use of AI and security is a big thing. I have a deep interest in security just because of how important it is to everybody, not only businesses, but, personal lives as well.
00;02;09 - 00;02;16
Andrew Rose
Now, I know we're going to talk more about dental presentation that you gave, but can you describe some of the other industries that DTC is branching out into?
00;02;17 - 00;02;32
Scott Leister
Yeah. We're looking to get into, a little bit of the financial we are into some of the manufacturing and also, some of the government spaces too, are starting to explore. That's just a couple of the things as well as, transportation is another one that we're currently in.
00;02;33 - 00;03;03
Andrew Rose
Nice well, you and Kevin recently gave a presentation to a group of dentists. And Kevin McNamara is another one of our engineers. And you focused on both cybersecurity but also patient information, which is critical for health care providers to maintain, secure presence with that. And you started your presentation with just reviewing some of the main threats that are facing medical professionals today.
Can you, briefly describe each one of these threats and as well as add anything that you've thought about since your presentation that you would have liked to included then as well?
00;03;04 - 00;04;51
Scott Leister
Yeah. Pretty much. I focus mainly on the threat side as social engineering. That seems like primary threat and basically what that is, it's just the presentation of, like, phishing attacks. Be it an email or phone call or text that seems legitimate, that most people run across every day in their lives, that it doesn't look out of the ordinary. So they're emulating stuff that people see regularly, and they're just trained to accept that, like a UPS shipment or a Fedex shipment or something along those lines that people will click the link and then the bad stuff happens.
Other things that we talk about are ransomware. Obviously, that's always the big scary thing. Password cracks and password attacks, lack of multifactor authentication and weak passwords.
And also just like other stuff like, the old traditional malware, which is in the form of, like, Trojan horses, stuff that just resides on your system, just waiting to launch another software or a for someone to use.
There's keystroke stealers that get installed that will just copy what keystrokes are going in and they use that for password stealing. And then another one that's been really recent here that we've seen a lot of is, like token theft from browsers.
Software goes in and steals that and basically what a token is, is it's just an authentication token that once you had that, it bypasses all forms of authentication because that indicates that you're already authenticated to what you're doing. So they don't need passwords and multifactor authentication. So those are some of the key things that we highlight and discuss.
00;04;52 - 00;06;01
Andrew Rose
Well that's certainly a scary universe. And I'm familiar with the social engineering attacks quite a bit. And one of the things in addition to, UPS, your Fedex, your bank is they employ a sense of urgency.
So they've got your text number. They'll send you a series of text one after the other. And as a human being, we're conditioned to respond to that, persistent tapping on the door. So it could be a persistence of emails, text messages or sometimes even phone calls where they'll emulate the voice of someone else. I read a statistic recently that, the social engineering Attacks many of them are romance, involved. And the average romance attack results in at $10,000, theft.
So whoever thinks they're, their new mate is request money for a child that might need surgery or something like that. But on average, the amount of money that's stolen is $10,000. You know, this is a wide array of threats that are facing medical professionals and their employees.
Scott, what are some of the things that, reasonable people can do to mitigate against these types of threats?
00;06;02 - 00;08;06
Scott Leister
Yeah. Well, that's a great question because is a scary landscape out there. And the number one thing that I stress is, just education, user education. There are programs out there that can do phishing simulations, that emulate a lot of these attacks and these social engineering attacks that you see. And then also like just cybersecurity training in general, just, different trainings, and they're not a huge time commitment. Usually it's like five, ten minutes at a shot. But what it does is it clues you in to the different types of threats that are out there and what to look for.
Be it, link embedding or email address spoofing, where they might use familiar name, but you can find out what the actual sender email address is. And, to me, that's the big thing. And then the other thing is multifactor authentication. If it's available, use it. Because that just adds another layer of authentication on top that makes it more difficult to gain access.
There's other things we talk about is zero trust policies, which in the past security was always trust but verify. But apparently that has not worked. And so now you have to do the zero trust, which you don't trust anybody to do anything. And they must prove that they need access to something before it is granted.
Other things, the standard type of stuff, a run like your software update, your operating system, critical security updates, run like an endpoint security. Antivirus just isn't enough anymore. You need, some of the more advanced tools like, endpoint detection and response and even,
managed detection and response, which usually has like a security center behind it, monitoring for, activity and threats. And then obviously, like network security for firewalls. Blocking any incoming traffic. Basically, data encryption is another good one to.
00;08;07 - 00;08;43
Andrew Rose
Oh, absolutely. And I heard recently that there are still a lot of people out there that will use the same password for multiple accounts. And I know password management can be burdensome. And I've seen even NYSC that is one of the standards arbitrator is in.
The federal government has come out and said that every company should allow passwords to be at least 64 characters now. And I know that there's some, organizations that even I use for my financial purposes that don't allow longer passwords like that. What are your thoughts on passwords in general? And maybe some of the new guidance as well?
00;08;44 - 00;10;54
Scott Leister
Yeah. Well, that's great. My thoughts on passwords are number one is length is the most important thing. You indicated like 64 characters is a good standard, which it is, cause, you know, a simplified sentence that is, 32 characters long is far more secure than, ten letter or ten character complex password just due to the time it takes, crack that with, current technology.
Another thing on passwords that I strongly encourage is using a password manager. Because when you have multiple sites, cause everything's in the cloud, everything is online and multiple sites in multiple passwords, and instead of using the same password for every site, and when you're forced to change a lot, sometimes on these to help remember, as you make them simplified where you might do you something like password one on one account, password two on another account or something that is familiar to you, like, child's birthday or your favorite vacation spot or something along those lines, which is a lot of that stuff is easily accessible or found out through social media.
So what the password manager does is it allows you to create one long, complex password that you have to remember, and that's just to access the password manager. And then any time you go into a site, you can create a random generated long password that is unique to that site. And the password manager will remember that and allow you to log in using that.
To me that is a huge thing. And I always definitely mention that on password managers. And then just like I mentioned earlier, multifactor authentication, if it's available to you, then use it.
Like the randomly generated codes, any biometrics, anything along those lines are going to be your strongest. SMS, which is like a text or an email. They're okay. They're a little weaker, because they can be cracked a little easier. But, any kind of multi-factor authentication on any account, I strongly recommend.
00;10;55 - 00;11;25
Andrew Rose
An along those lines, familiar with the Google password manager, that stores everything there. And I think just as a general listener, they might say, okay, that sounds very convenient, but what if the password manager gets hacked?
What kind of peril? Am I in at that point. So just a question for you. You don't have to respond with any particular platforms out there that you would recommend, but is the Google password manager adequate and what it does, or would you recommend something even more robust than that?
00;11;26 - 00;13;28
Scott Leister
I would recommend something more robust. Most of the password managers that are commercial that you have to buy are, a few dollars a month, and they're portable, so they can work on your cell phone. They can work on computer, a web browser, tablet anything that has allows you to either download an app or put a browser extension in there.
And they're going to be a lot more robust and and you can even do like the multi-factor authentication through those password managers as well, just to cut out the extra access, if it's something that is not hyper secure or it's better than using, an email or a text message as the backup for multi-factor authentication, because that will use the randomly generated ones. And to your previous question about the password managers being hacked, it happens.
I know there was a very popular one that I had used that had been compromised, and that was actually just or designed by the company that had that where they stored decryption keys in the same location as the backups. So once that got breached, they had access to everything.
So that's kind of like a one off. It’s not something you hear of often, but it does happen. And if you hear of anything along those lines, it then definitely go in and change your, regenerate your passwords. For any sites that may have been compromised and a lot of the password managers to also the commercial ones will do like, a dark web monitoring for you where they'll actually indicate within the manager itself that your password may have been compromised in a specific breach or something, and they will recommend you to go in and change that password.
Or they'll also let you know that any sites that you have, the passwords are weak, and you should change it. And, generate a long random password that the manager will maintain for you.
00;13;29;21 - 00;14;31
Andrew Rose
Wow, going back to what you said a little bit ago, just for a couple dollars a month to protect your most critical crown jewels in your organization.
For me, that's almost a no brainer to have an upgraded password manager. And, not that it's good to anyone gets hacked and stuff like that. But if a password manager gets hacked, every other password manager platform out there is going to see how it got hacked and they’re going to ensure they protected themselves against that type of threat. And I'm sure the one that was hacked, if it's still viable, is now much more secure than it was prior to that too. So not to wish ill, but hopefully they learned from their mistakes.
Another question for you. I do a lot of work in the agricultural community, and one thing that we find there is folks will often have the same router for their business as well as their personal use. I don't know if that is the same that you're seeing in the medical industry or not, but could you comment on how important it is not to have shared router for family as well as business?
00;14;32 - 00;15;32
Scott Leister
Yeah, certainly. you definitely want to segregate any kind of traffic out your business even if you have wireless in your business, that should be on a separate network to what your local is. Anything to restrict access. And you definitely want a business grade firewall for your business. Because that's the livelihood right there, like all the crucial information.
And usually the commercials are going to give you a lot more protection and a lot more control over data coming in and out and plus they're going to generate a lot more updates. That's managed to that can be applied if there's like a security flaw or something along those lines that can be done, which you just don't see that on like home side. And that's most likely, a lot of that stuff is set it and forget it.
Although you should go in and change the full passwords on any device that you buy. But, yeah, definitely. You always want to segregate any kind business firewall or router from just basic home, what you would use in your home.
00;15;33 - 00;16;38
Andrew Rose
Yeah. And, you know, you touched on something that we could spend an entire hour talking about. And that's the entire device management. You mentioned change the password on any device that you have connected the internet.
I would venture to think there are some listeners out there that had devices plugged in the internet that password hasn't been changed, and I've heard stories and more of these are anecdotal or true, that some thieves will go out there to the user manual for some of these devices.
And the try the default password that comes with the device, and lo and behold are able to get into, people's networks using that. And, common sense, you if you're a business owner and you're just starting out there, make the investment to get a business router or get the commercial firewall in there.
I can't stress that enough, and in the medical professional world, it might not be as prevalent, but I'm seeing in a lot of the small businesses out there, especially those that are home based or moving out of their home, are using that one router. And it just it terrifies me that that could be an open network for adversaries to get into. Scott, any any last feelings about that as well? Because I know this is something I'm passionate about.
00;16;39- 00;17;20
Scott Leister
Yeah. It's just you want to secure everything as best as possible. And sometimes, you have to spend a little bit more to get the proper tools to protect yourself and even home you never want to just plug and play a router or modem or wireless or anything. Always change passwords, always make access as difficult as possible. And that's the beauty of like commercial equipment is If it's managed then who's ever managing it is, has that burden on them to do it. And most companies will do that for you, or they'll make access as difficult as possible for anybody outside of, who should have access.
00;17;21 - 00;18;45
Andrew Rose
Yeah the proactive threat monitoring. There's a lot of folks out there that are more in a reactive stance, but having a commercial account, that's another benefit.
I think I told this story on an earlier podcast, but I ran across a business owner who had their home compromised, their home router compromised, which was linked to their restaurant. The restaurant got compromised.
The restaurant was linked to their production facility, and that got compromised. But just another case point of making sure that you've got some sort of segmentation between your personal and your professional routers. Out there. Scott, in the old days, we used to have the saying it's not if it's when you'll be attacked. And right now the new saying it's not when it's again, the persistence of the ransomware, the malware, the keystroke loggers, it's inevitable.
Well, knock on wood, it's pretty much inevitable that, business will be, subject of a cyber-attack. And when that happens, then there's a response mechanism. And oftentimes that is not only IT, but insurance as well. And I know that you covered, insurance when you're giving your presentation to the dental professional. Can you talk a little bit about how you and DTC work hand-in-hand with insurance companies, not only after an attack, but those assessments before a client engages an insurance company?
00;18;46 - 00;20;26
Scott Leister
Yeah, certainly, we strongly recommend, almost to the point of requiring our clients to have cyber liability insurance. And what that does is obviously that financially protects you in the event of a security event, and how we interact with them is our very first response when an incident occurs is to inform the client to contact their cyber liability insurance and just open a case, not indicating that anything is going to come of it.
But the sooner that you open that case, the more responsive and the quicker it will be, and the less chance that anything will be denied. If by waiting too long just to see if anything bad happens down the line. It's a proactive stance on, trying to remediate anything that might have happened.
And basically what we will do is we will give access to whomever is doing the, forensics because the most the insurance companies will have, like a forensics team that they deal with. And what we will do is give them access to it will provide any kind of logs or information or specific access that they need to get in to the network to try to investigate what may or may not have happened. And sometimes they will actually install their own software that will, just scan the network and monitor the devices and check it out for anything that's running.
And basically what we do is then we become just an assistant to that process. And then we kind of wait so the cyber liability church really drives that piece of it. And then we just assist as we can.
00;20;27 - 00;20;51
Andrew Rose
So some of our listeners, I'm sure, will be getting their new premiums or their new requirements to even have cyber liability insurance. And I know that DTC will often work with their clients to ensure that checklist are complete. What are some of the main things on these checklists that you see that our business professionals should focus on to ensure they have, frictionless, renewal for their cyber liability?
00;20;52 - 00;22;17
Scott Leister
The primary things that I see on the forms are multifactor authentication is heavily, heavily listed. That's a major requirement and that's multi-factor authentication for any kind of remote access. They want to make sure that you are using a secure access.
A lot of them will specify a VPN. We don't really use VPNs anymore. Just because they can be insecure and some of the ones can be a little difficult to set up multi-factor authentication on. So, we'll do like a zero trust, which we use another third party to authenticate.
Another thing is email access. What's the email access like outside of the office? Do your employees have access to the email 24/7 ? And is that email set with multi-factor authentication? And then a lot of the standard stuff, like do you have backups that are on site and in the cloud and are they encrypted? Have you tested your backup to make sure that it's good?
Then, then the standard stuff like, what do you use for your endpoint detection? Do you have a business grade firewall? Those kinds of questions. And then the as far as the AV and stuff, they want to make sure that, you're actually using a business grade AV as well, something that's managed and, is verified is updated and set to scan and is monitored.
00;22;18 - 00;22;19
Andrew Rose
Did you say AV?
00;22;20- 00;22;23
Scott Leister
Yeah. I'm sorry. Antivirus. That's the old school, you know, antivirus.
00;22;24 - 00;23;27
Andrew Rose
I was thinking the AV club from high school. Yeah, those are all, I hesitate to say basic, but they're also critical. And I think business owners a lot of times are focused on doing what they do best. And these types of resilience, these types of things.
The MFA, is just one of those that two years ago, I believe, it was the CIS came out and said, MFA everything. And if you do that, you reduce your attack service by 98%, whether that's an accurate percentage or not.
It is critical. And it's one of the things that really is heartening to me, just as a consumer, is the availability of MFA on places where, your social media sites and other places like that, where in the past it hadn't been as common, but due to a lot of the social engineering attacks that you mentioned early on and people's accounts getting taken over, It’s a very, very safe way to do it and Scott, you and I probably remember those days when passwords were four characters long.
You know this, we will never go back to that point in time unless there's some sort of biometric chip that's embedded in us that is only good for us.
00;23;28 - 00;23;34
Scoot Leister
Yeah, I agree, I remember back in the days in like windows 98, where there were no passwords.
00;23;35 - 00;23;52
Andrew Keene
Oh gosh. This is the part of the podcast I'm really looking forward to because I unfortunately was unable to be at your, CE presentation. I'm curious, what were some of the questions and comments or concerns or things that the doctor shared with you after your presentation that you found enlightening?
00;23;53 - 00;24;57
Scoot Leister
Probably the primary questions that we get are around the cyber liability insurance. Like what they look for, what's the, what's the, amount there covering? What are the hurdles? Why should I have it that kind of stuff? We do get that. And then a lot of times I will, specify specific things, like I mentioned the password managers before, and another big one that I highly recommend is just like ad blockers in, like computer browsers and stuff that just block the pop up ads or the ads you see when you just use a Google search.
So I get a lot of questions around those as to, what's good? How do you access it? How do you install it? What's the cost? Those kinds of things. And then other things are, we get a little bit of the generic stuff about, well how do I recognize that an email is phishing or like how do I make sure that I can protect my data but still have remote access? And why should I not use a VPN? Those kinds of questions.
00;24;58 - 00;25;12
Andrew Rose
Yes, there's so much there. But let's get back to that VDN for a minute too, because I do remember it wasn't too long ago, 4 or 5 years ago, when that was the gold standard of internet security. From a technical standpoint, what happened? Why is that changed?
00;25;13 - 00;26;38
Scott Leister
Well, the problem with the VPN is if it's set up correctly it can still be a viable remote access solution. The problem is, is that when you create a VPN is whatever device you are connecting from, and most times it's a home computer or something that's unsecured or not monitored. And what that does is now that puts that device on your business's network.
So now anything that is happening to that computer can spread across the VPN over into your network. So it now puts your net, your business network at risk just by adding an unknown device into it. And plus, the other thing I mentioned earlier was that some of the VPNs, the traditional VPNs, are a little difficult to add MFA to if you're using just a VPN through, say, like a regular firewall or something along those line.
A lot of times you have to set up a complicated third party service that can be expensive and difficult to manage. To enable a multi-factor authentication. And, so without that and plus weak passwords. So once if your passwords cracked, then a lot of times it's just a username and a password. And once they have that then they have access to the keys that they kingdom. Because once you're in on a VPN is generally you have access to the entire network.
00;26;39 - 00;27;08
Andrew Rose
Okay good, Well I appreciate your framing on that one, because I had thought that maybe there was a flaw in the whole VPN schema rather than endpoint user issue. Okay, and then another question, you mentioned that, a lot of the docs were commenting on the cyber liability where they commented, I mean, I'm assuming they understand that it's a given now that it's really almost impossible to operate a business at their level about having that kind of protection. What were some of the questions about? Where it, was at about cost? Was it about complexity? Give me a little bit of framing on that.
00;27;09 - 00;28;21
Scott Leister
Well, some of it is what are the requirements? I mean, we briefly go over, but they may specify a like specific things like, do I need this? And I have this? Is this sufficient enough type of thing. And another thing that we do mention, that Kevin always brings up is using a commercial grade email. A business email service instead of just like the free Gmail or something like that. Because of the controls and stuff are a little more robust that you can, lock that down and then plus, enable like multi-factor authentication and stuff like that.
So that's most of the questions are like, what do I need and how much is it? We don't get too much on how much is it going to cost us? We do get some on, how much can I get cyber liability insurance for? And then that answer usually we say that's up to whoever is providing the insurance, whoever the broker is and what they will allow and it's like, just because you want $10 million of coverage doesn't mean you're going to get $10 million of coverage. A lot of times it's capped off that, like a certain amount. And then plus, based on your answers and how you're evaluated through the questionnaires and stuff, then that can affect your rate and the amount of coverage that you can get as well.
00;28;22 - 00;29;43
Andrew Rose
Yeah, and here are trusted partners within the medical community that provide that sort of risk management. Both, policies and advice. And we certainly recommend that you reach out to us for recommendations or reach out to your provider and just ensure that you've got adequate cyber liability insurance. There's a lot of folks out there that I feel are either under-covered or have opted out, or have an assumption that cyber insurance will be the firewall they need to protect them against adversaries. And it's a lot, lot more complicated than is an area that is changing rapidly too, because of the amount of attacks that are happening.
One little bit of advice that I've heard from many insurance providers is whatever cyber liability insurance which you get, keep it printed off your network. Cyber thieves for years, that is one of the top prizes they go for it. They understand what your liability coverage is. That's going to be the exact amount they demand. If they exploit a ransomware attack on your systems. So it's, again, it's a brave scary new world out there.
Scott, we've covered a lot of ground here, and I'm sure since you gave that presentation, there are a few of the things that you thought of that, you wish you had gone deeper in or talked about, as we close out the podcast here, what are some of those things that you would like to share to the medical community about how to better mitigate and respond to some of these cyber-attacks?
00;29;44 - 00;33;19
Scoot leister
Yeah, so I will stress and usually what I state is that, for good security posture is you need three things. You need time, you need effort, and unfortunately you need money. There are ways to do that without spending a ton of money, but it still takes vigilance against these types of threats. And I can never stress enough, like just end user education just to help identify some of what these threats are. Because, like I said, the bulk of this stuff comes through some kind of phishing attack. And that's because that's the easiest way in because the human is the unknown element in there. And other things that I would like to just stress on that generally I don't go too deep into. I will mention is, I stated earlier about like other than just anti-virus running more advanced endpoint tools like endpoint detection and response, and also manage detection and response, and basically what those are is those are services that have like some kind of AI or automation or actual human beings in the background looking at information on the network and your endpoints like computers and such, that what is going on.
Because in the old days, like ransomware used to be like they get access and they just blast the ransomware. Well, that's not really the case anymore. Because cybercrime has become really specialized. It's a business like any other thing. And so you have like, access brokers now that what they'll do is they'll gain access to a network and plant some kind of seed or trojan or some way that they can gain future access, like credentials or a new user or something along those lines. And then what they'll do is they'll sell that access.
And then once that access is purchased, then somebody else will come in and they just don't blast malicious software because a lot of the detection tools have got so advanced that they use something that is termed as living off the land. So they use existing tools, existing built in functions of the operating system to move around the network.
And that's where like the managed detection and response and the endpoint detection and response really comes into play because it looks for unnatural lateral movement. Or it looks for like the creation of a new admin account or it looks for patterns that are abnormal to what's normally generated on a system. Like we had one that it was a tool that was used to scan the network and it got flagged because it was using a built in default account to scan the network.
And our security company noticed that said like, somebody's moving across the network laterally. And it wasn't like any malicious tool or anything. It was just a network scan. And so the advance methods that those tools allow you to utilize against like I said, the threats that are living off the land that are not using any kind of malicious software or anything. So that's something that I generally do not discuss too much in detail.
I may mention it a little bit but that's something that more than just running an antivirus or going up and getting the free one or using a built-in unmanaged antivirus or something along those lines. It's like, unfortunately, that's the name of the game these days is you have to pay to play.
00;33;20 - 00;33;54
Andrew Rose
Yeah, exactly and just I'm sitting back here thinking about all those attacks, all those things that DTC and you and the rest of the team mitigate against. That the clients don't ever see, you know, all these these penetrations that were thwarted. I mean, you guys are heroes every day. Sometimes I don't think that's recognized as much as it should be. And, thankfully, you are out there protecting and servicing medical and dental professional world. So, Scott I certainly tip my hat at you and hopefully somebody buys a good cup of coffee today for all your efforts.
00;33;55 - 00;33;56
Scott Leister
Oh, thanks.
00;33;57 - 00;34;53
Andrew Rose
Well listen, this is my second to last podcast. As your host, we will be passing the torch to Mike Sheila. So, our next podcast, we will do an introduction to Mike and all things about him. I've known him for probably almost 20 years, so I'll have a whole pocket full of stories to share and get his inputs and insights on quite a few things. And to all your loyal listeners who've grown accustomed to my voice, I will see you out there in the Netherlands and, ether lands or Netherlands, or if you want to say it. And, Mike's got a heck of a voice too. So, I think you'll appreciate everything he's got to share. Should you be listening to this and need immediate attention or just want to inquire about DTC services, please visit our website at www.DTCTODAY.com and reach out. We'd love to hear from you. Thank you very much.
00;34;55 - 00;35;35
Andrew Rose
We would love to hear from you. Please email us for questions or comments to askus@DTCtoday.com. New episodes of Cyber Savvy are posted the second Tuesday of every month. For more detailed information, visit our website at DTCtoday.com. Be prepared. Be cyber savvy.
