Hey, it's Samantha Hartley of the Profitable Joyful Consulting podcast. This is Season six, we're going to be talking about management consulting. And bizarrely, the first thing I'm going to talk about today is ransomware, hacking and viruses.

It is our job as consultants to see the blind spots for our clients. And even if your particular specialty doesn't have anything to do with security, this is a major area of vulnerability for clients, corporations, big ones and little ones alike. And so I'm bringing this to you today for a reason. And I want you to take this to your own business, take it to heart to your family and also to your clients.

In the last couple of weeks, the ferry service that serves my little island got a ransomware attack. Now, in case you might not know, I live on Martha's Vineyard, which is an island off the coast of Massachusetts. And it's a real island, I say, meaning that it doesn't have a bridge or a tunnel or any way to get from the island to the mainland or to anywhere except by ferries and airplanes. So the ferry service that we use and we rely on to be able to get to the mainland while all of their websites and software were hacked in a ransomware attack. And this is a small organization. This isn't one of the huge, it isn't the biggest meatpacking plant in the world, which just got ransomware. It's a little tiny transportation service. And I'm not talking about this just because it affected me personally, but it was remarkable in pointing out how many businesses are not prepared for an attack of this kind.

We know this is happening and I'm talking to you today because this is happening around us and it's happening to little businesses at the same time period when that hack happened to the ferry service, a former client of mine whose website my company had built, that website got basically taken offline by hackers. And so she came to us for help in getting it back online. And it is not a slow process. What happens is that if your website has a virus in it, your hosting provider, especially if they're really good, will isolate your website and take it offline. And unless you have a service that you're paying for, they won't help you much in getting it back online. So you have to get your own tech people to clean up the virus that's on there in order to get it back online. And it's on the whole server. So it's affecting the website. It's affecting her branded email and all kinds of other parts of her work. So that has disrupted her business.

That's two examples I've just given you now. I've had more than one of my websites hacked and taken offline. And so I know what this is about. And that's why I really wanted to help her with this, because if you don't have somebody to do it, they're like nobody to show you the ropes. It's expensive to have it restored. It's a lot of hours of it. And as I said, for the hosting service, basically you have a contaminated thing which is in and among their other paying clients, and they have to get you out of there. So they're really interested in quarantining you and not so much in helping.

Again, during that same time period, I had a client whose phone was hacked. He could look at the phone and see the activity of the hackers and that they went to his bank and they were draining his bank account. They were transferring money out of his bank account. That ended up being about twenty four thousand dollars. And they brought in the FBI to help in the state and local and all the blah, blah, blah. And in the end, nobody seems to be dealing with that in a way that made him feel like they were on top of the situation.

So whether it's your phone, your computer, your website or whatever it is, it's basically the wild, wild west out there. You know, there was a time when we didn't lock our cars and our houses and then everybody would get robbed and then suddenly remember, everybody would get an alarm on their house or an alarm on their car or they would move to a safe place.

Well, there isn't really a safe place right now in terms of technology. So we have to take security measures. I wish I didn't have to talk about this, but here's the deal: if you're putting your head in the sand around this or your clients are, then they're just sitting ducks. And I'm not willing for that to happen to you or to my clients or to your clients. I really want us to just take the simple actions that we need to take so we don't have to hear these stories anymore.

So I have some things that I want to share with you. Remember, your clients will have blind spots about this. And when you come to them, you can bring this up. For a lot of us, our clients are the only consultant they work with. We're the only person outside of their company that they work with. If they have a whole cadre of people they work with, that's fine. But I want to make sure that we have said something to them so that businesses large and small don't end up having to deal with this. The clean up for it is way worse than the prevention of it. So here's how we can prevent this.

The first thing that we need to do is to back up everything. So if you have currently a way that you're backing up your computer to the cloud or however you back it up using a service like Carbonite or something like that, make sure you're backing up your phone, your computer and any other records that you need to have backups of. In general, it would be good if you had hard copies of certain things so that your passport and things like that always have a copy of them, a carbon copy of them located somewhere else other than the original thing in case there's a fire. You know, a safety deposit box and all the blah, blah, blah. Those are good practices to have for hard copies of things and definitely you want to have that for all your technical things and do this for the people in your house and do this for your parents because they don't know how to do this in most cases, maybe you have IT parents who do. But in a lot of cases they're confused, like, why does this thing keep popping up or why do I what is the semantic subscription say? It's expired and things like that. These are helpful things that we can do. And you're probably the most tech savvy person in your environment. So if you aren't, go find that person and get help on this. So backing up is one of the most important things that you can do. And all site files, phones, computers, everything.

The second thing that I want you to do is invest in a security monitoring and cleanup service for your website. I'm using the term invest intentionally because they're expensive. And if you don't get hacked, you're going to be feeling like that money is going to nothing. But I'm telling you, having just dealt with the hacking, that it's hours and hours can be 100 hours of combined time between my tech person, the CEO of the company, her team and all of this. By the time we get this done, it'll be a lot of time. And if she had simply had a service that was both backing up, monitoring for anything weird on her website and then then to clean it up, the tech time for my tech people to clean it up is less than the annual cleanup service for the website. So I would get it on your main site for sure. And if you have a few crucial sites, for example, some landing pages or something like that, if it's a different domain name, you're probably going to need different monitoring for it. So go ahead and invest in that for all of them. It's probably going to be like a thousand dollars. But if you think of it like your homeowner's insurance or your health insurance, insurance is expensive and it's annoying that we have to have it, but it is there to prevent whatever happens on the opposite side of that when things go wrong. So a monitoring service like Sukkari is a good thing to invest in. Don't just rely on your tech person to clean this up, because, again, if it takes your tech person 20 hours to deal with this situation, I think we've been dealing with it right now for at least that many hours. In my one client's case, imagine 20 hours of your tech person's time and see if the monitoring service isn't less than that.

The third thing I want you to do is to study and teach these security practices, OK? The more you teach things, you know, the more they kind of get solidified in your head. And so if you say, I want to have maybe 15 minutes at the beginning of our next meeting just to go over some security best practices that I think would be really important, it may not seem related to what I do in human resources or it may not seem related to what I do in marketing or wellness. Right. It could be super off topic, but this is the thing I'm seeing happen in my business and with clients. And I really want to make sure that you're addressing it. If your client says, dude, we're super on top of this, then that's fine. But what I don't want to hear is, yeah, we're working on that. And then they work on it right up until the point that the thing happens, because that's how these things go. So if you study this just enough, just like read the articles, click on and read the articles about it so you can kind of see what's happening. Like in the last week, I've learned that 80% of companies don't actually pay the ransomware I was like, oh, that's really good to hear. 80% of the companies that do pay the ransomware or pay the ransom in the ransomware attack get attacked again. Interesting. Right? So I'm just staying abreast of this information and I'm studying, you know, ransomware is unlikely to happen to me and my little business. You never know, but it's unlikely. But it could happen to my clients and it most definitely will happen to the clients that my clients work with because they work with much larger businesses. So it's a thing for us all to stay on top of and just to study. OK, let's just be aware of it.

I want you to print some things out. A few laptop computers ago I did a back up of all my floppy disks. Remember those? I threw those all out and everything was backed up in one place on my computer. And then that hard drive died. And so I don't have pictures from the beginning of my relationship with my husband. I don't have pictures of my dog as a puppy. And now she's no longer with us. And I'd love to see those pictures. So certain things are gone and not recoverable ever, ever. If I had a few of my favorite photographs printed out, I wouldn't feel so bad about the loss of hundreds of them because I would have a few that were important to me. So from time to time, print out some special photographs and I would say it might be good to print out a few key documents, or if they're all good digital things, you can just back them up in more than one place. I have Dropbox and I have Google Drive as well as iCloud. So I have multiple systems so that if one thing gets hacked or craps out, I will have a backup plan for those things. But I still think it's really important to have like a printout of your passport, a printout of certain things that you can easily refer to. So if the electricity goes out, you don't have to wait to be able to access the thing that you might reference every day.

The fifth thing I want you to look into identity theft insurance. So for years I've had ID theft insurance and I've never called them to try anything out, but had my friend and client who had his phone hacked, had an identity theft company, he could have called. Then there would have been, you know, fifty percent less pain in the neck factor from the phone hacking. He wouldn't have had to manually go and shut all this stuff down or whatever. He would have been had a service that he could rely on. So you may get it through your credit card. I get it through a different organization. And by the way, I don't sell any of this stuff. I'm just sharing this with you because these are things that give you a little bit of peace of mind and hopefully make this a little bit easier. These things were kind of rare before, and I think they're happening more frequently. So look into the ID theft.

The last thing I want to share is do not procrastinate this. My brother is an insurance and he, every time someone famous dies almost every single time he will tell the story of how their estate went to probate because most of them don't have wills. So there's like all these famous people who have millions and millions of dollars, and that's locked up in the legal system because they didn't have a will. And so it's like, do you have a will? I know you don't expect from profitable, joyful consulting to be talking about your will, but we need to be thinking about these things. So and here's the deal. There's going to be somebody who needs this and they're going to be getting around to doing it for a really long time before they finally do. My concern is that you get hacked before you prepare for the hacking. You get a virus on your computer and lose things before you get the antivirus stuff dealt with or heaven forbid, somebody dies before the wills get worked out. In our family, we had an experience of somebody who died just like right before the final stuff on the will was done and everything just took a little bit longer and cost a little bit more. And I know that she wouldn't have wanted that. So don't procrastinate the stuff. Get on your to do list.

There are some things that we have to do that are heinous tasks that we do to please our future selves. Do this as a gift for your future self, do this as a gift for your clients. Be the person that they can come to and ask about. You don't have to be the expert on this, I would enlist someone else who is even more of an expert. But I want you to be the person who will have the conversation with them about this, even if it's five minutes to find out they've got it all taken care of. All right.

We're going to be talking about all kinds of management consulting topics this season. And to me, there is nothing more important than making sure that your business is safe and secure. OK, so with that, I wish you also a profitable and joyful consulting business.