In this episode, Barbara and Stephen discuss:
- What are the traits Doctors and IT professionals have in common?
- Where do you begin in having cybersecurity?
- How do you determine a real or fake email?
“First, focus on email security, and then move from there. Since email is the gateway for most problems, so focusing on that email first and foremost is a great way. ” – Stephen Jordan
Connect with Stephen Jordan:
Connect with Barbara Hales:
Content Copy Made Easy
14 Tactics to Triple Sales
Power to the Patient: The Medical Strategist
Dr. Barbara Hales: Welcome to another episode of marketing tips for doctors.
I’m your host, Dr. Barbara Hales. Today, we have with us a special person. He is known for cybersecurity, which is something that we all could know more about.
Stephen Jordan has spent over 33 years providing computer-related products and services to small businesses working as a technician, a system administrator, a system engineer and an IT Manager with 30 of those years running his own business, Stephen experienced the evolution of the industry as it changed from being the sales driven computer industry, to the more balanced sales and service IT industry, and then to the managed service industry and has seen many new industries created, including cybersecurity. Steven sold his it and managed the service business in October of 2021. So he could just focus on matters of cybersecurity for small businesses, which brought him to start his latest business venture called sound. Cyber security. Welcome to the show, Stephen
Stephen Jordan: Thank you. Thank you for having me. Glad to be here.
Dr. Barbara Hales: Stephen, as an IT professional, what do you feel you have in common with doctors?
IT Professionals and Doctors
Stephen Jordan: Gosh, you know, I’d say there are two things that I have in common though, there’s probably more than that. But I started out in the industry as a technician, as many do. And that evolved over time into me becoming a system engineer, where I was then selling, installing and supporting servers and other network products for small businesses. But then I woke up one day, and I found myself running my own business. And that was a bit of a shock. But I started out, you know, in college as a computer science major, and then moved on to industry certifications. And though I finished my bachelor’s degree years later, once there was such a thing as an Information Technology Degree, none of that prepared me for running my own business.
So the first thing in common that I’d say we have with a doctor or I have with a doctor is, you know, intentionally or unintentionally, you know, finding themselves in the same position with their own medical practice. We’re all great at what we do in our professions, but we’re learning to run a business as we go. And, you know, the second thing I say we have in common is that we just don’t have enough time to learn and do everything. So instead of working on our business, we end up spending all of our time working on our business.
Dr. Barbara Hales: As you work with doctors over the years, what do you see as their biggest challenge?
Stephen Jordan: Gosh, from my perspective, unless they all just had me fooled, and we’re hanging out and having a great time somewhere that I didn’t know about. They never seem to have the time to deal with matters of it or cybersecurity. So, I’d imagine that flows into other business matters as well.
Dr. Barbara Hales: How do they overcome that challenge?
Stephen Jordan: Wow, well, I’d, I’d say surround themselves with people that they can trust, and that are smart in their professions as the doctor is and there’s you know, and then actually trust them. You know, it took me a while to learn that and to give up some of that control. So in my realm, you know, they need a really good professional. However, they need to realize that IT professionals don’t know do and provide everything that the doctor needs, no matter how good they are, and no offence to all the IT professionals out there, as I’ve been one of them for 33 years, and I believe I cared more or tried harder than most in the industry. But no one knows at all or has the time to do it at all. So they also need a good cybersecurity professional to help keep an eye on things and fill the gaps in their cyber defences.
Dr. Barbara Hales: Over the course of the last few years, we really heard a lot of horror stories about how people have installed malware unbeknownst to health professionals into their computer system with various viruses and then held the health care professional hostage saying, you know, you have to pay a certain amount of money or hospitals millions of dollars before they would deactivate the virus, which is a really a nightmare. Either that or well of the data and files on the computer are just washed out. How do you recommend that the doctor protect against that?
Stephen Jordan: Gosh, you know, I’d say almost all cyber attacks start with an email. So according to a report from the FBI in May of 22, you know, business email compromised accounted for 35% of all cybercrime losses. So my recommendation is to first focus on email security, and then move from there. I mean, that’s, that’s just a starting point. But you know, as with most of us, you need to know, first, where you’re at before you can plot a path to where you need to go. So finding someone like myself, to help, you know, do an assessment and take a look at where you’re at in regards to email security now. But a lot of people shouldn’t, or, you know, especially doctors, or anybody in the health care profession, you know, shouldn’t assume that all their bases are covered. You know, because this is just one facet of email security.
Dr. Barbara Hales: So are you to computer systems? What Lifelock or identity theft is for personal data?
Stephen Jordan: I don’t know, I’d quite go as far as LifeLock. But is this comparing myself to LifeLock? In regards to cybersecurity in general, but as far as email security goes, definitely, I think I have a good set of services that do. Allow me to keep a good eye on what’s going on with their email security.
Dr. Barbara Hales: How did you get the name sound cybersecurity, I understand cybersecurity, but boy sound?
Stephen Jordan: You know, that’s a good question. You know, I approached that process of finding a name for my company from the perspective of, you know, what, what can I do that is, looking at it from the perspective of protection. You know, that’s, that’s really what you know, we do and you, if you’ve ever gone to my website, and you see my logo, you’ll see that there’s a shield as part of that logo.
So I spent a lot of time searching for something course, you know, these days, when you start a business, you also have to look at what domain names are available. So I spent a lot of time searching through a lot of possible names and just ended up coming to the term sound cybersecurity, how can we be sound and our approach and our posture in covering those cyber gaps that may exist?
Dr. Barbara Hales: What’s one thing you’d recommend for doctors to do to improve their cyber security posture?
Stephen Jordan: Yeah, I think I’d go back to starting with that email. You know, that, since that is the main entry gate, for most problems, whether that’s, you know, a business email compromise, spear phishing, a type of attack, or just somebody sending you a link that’s trying to give them access to something they shouldn’t have access to, you know since email is that gateway, I would say, focusing on that email first and foremost, is, is a great way. And if they’re paying monthly for some service that may be called email security or email protection, they still need to look closely and not just assume that, that that’s everything, seek email security related, you know, again, whether they have their own cybersecurity professional or somebody like me, who can do an email, health check for them and make sure that all of those different things are turned on. Because there isn’t just one piece of that puzzle.
Dr. Barbara Hales: Could you tell us a little bit about what your check is for an email to make sure that the office is safe?
Stephen Jordan: Yeah, so I use several different outside checkers, you know, it’s kind of nice with this. I can’t just look at any company out there and say, Oh, they have great antivirus software, they have great group policy or, you know, I can’t see their internal systems from out here. But I can see a lot about their email security from outside. So I have several different utilities online that’ll check different facets of their email settings and their DNS settings, MX records. And there are lots of acronyms I may be throwing out so don’t worry if you don’t know what they are, I know what they are. But there’s you know, with SPF and Deacon and D mark, and DNS, sec and MTA STS and TLS RPT and all these different, you know, the acronyms of things, are they enabled? And are they up and running so that we can count on that entity having as much protection on that domain name as they can?
Dr. Barbara Hales: So is sound cybersecurity mainly dealing with email security?
Stephen Jordan: I’d say mainly right now is my main focus. There are other services that I do provide. But I guess you could say I’m really on a mission right now to educate business owners and doctors included about demark. That is one of the, I think, easiest ways to put an end to business email compromise. And you know, it’s nothing in the industry is perfect, nobody can tell you that you’re always 100% protected. But that’s kind of my mission right now, is that email security.
Distinguishing Real and Hacker Email
Dr. Barbara Hales: So, you know, I know that it is foolhardy to download any attachment, especially if you don’t really know where they’re coming from. But if a hacker said that they were a lab, and they would like you to download test results, that would seem quite natural. How do you avoid or distinguish between the real test results, and a hacker dreaming up yet a new trick for you?
Stephen Jordan: Yeah, and then that, that to social engineering is the biggest challenge because in the end, it’s that person sitting there staring at that message, that is the final line in the defenses that we’ve put up. So them getting that as it is a struggle, whether it’s coming from a lab, or UPS, shipping, or whatever the source is, that looks so trusted and so real. But I think in the end, you know, I’ve always, you know, the old adage, call before you dig that your gas company always tries to get you to do you know, call before you click is really the big thing that I’ve always told my clients over the years, you you just, if you’re not absolutely certain, then give that lab a call and find out if that’s really from them. And they should be able to help you find that out. Now down the road, if this continues to become a bigger and bigger problem, I hope to see more. You know, use of file transfer services that you can, you know, log into securely online and obtain those things instead of doing them by email. You know, even when I get an email, then from a valid vendor that says I have an invoice, I don’t click on that email, I go to that vendor’s website and log in. And look at my invoices on that website. So that way, yeah, it’s a nice little notification in my inbox that I’ve got an invoice. But yeah, links in invoices should always be something that we approach with caution.
Stephen’s Career Journey
Dr. Barbara Hales: How did you get involved in this?
Stephen Jordan: Oh, wow. You know, it’s an event an evolution of things over time. I, as you mentioned in my intro to the industry evolving. You know, I guess I knew from a young age that I wanted to get involved with computers, you know, embarrassing to say, but it was my senior year in high school when there was actually a computer in the one computer in the entire school. And I happened to get into a basic programming class and decided from that that computer science would be my degree when I started college and it didn’t take me long though in into all of that to decide that programming really wasn’t what I wanted to spend the rest of my life doing. And that’s when I started you know, picking up books and started reading all those manuals that put you to sleep and figuring out how it works. And that just evolved from one thing to another.
Dr. Barbara Hales: Are there a lot of other companies or competitors of yours in this field, it doesn’t really seem like there are.
Stephen JordanL Yeah, because I’m a little bit of an anomaly, I think in the industry. They, you know, they’ve evolved to a point where we have managed service providers and managed security service providers. And they continue to try to do everything. And that was one of the biggest struggles as I was creating and molding this to business was just, you know, how can I break free from having all of that, to have to worry about and take care of and just focus on the specific things? And so I don’t, I think there’s a lot of different companies that still do the things that I do, but they also do so much more. And in the process of doing that so much more, a lot of those specific individuals targeted, things get overlooked.
Electronic Health Records
Dr. Barbara Hales: Well, that’s very sensible. And so what I would like to say, you know, normally I asked for the interviewee to give one good tip, you know, to their listeners, about their services. But, and, of course, if you have one good tip, you know, we’d all like to hear it. But from my perspective, the one good tip is, like, Ron, don’t want to hire this guy here. Because, you know, just cybersecurity for doctor’s records is so, so crucial. Now, in terms of electronic health records, are you involved in that as well?
No, you’re not, not directly. I mean, obviously, anytime I’m helping somebody with cybersecurity that comes into perspective, but I don’t, the things that I do, don’t ever give me access to those things. Now, if I were your IT company, your managed service provider, I’m probably going to be providing services that are going to expose those things or give me access to those things. But the cybersecurity services that I provide, keep me away from those things and outside of that purview, and protect the things that could then give somebody access to those records.
Dr. Barbara Hales
Right. So this is like really important for people to distinguish, because they may be under the false hope or premise that the company that they are affiliated with in terms of their electronic health record, you know, promises them security, but the fact is, their computer is used for much more than just their electronic health records. And that’s where you come in.
Stephen Jordan: Yeah, exactly. I think probably one of the biggest objections is I reach out to companies and show them, you know, I’ll send them some email messages and call them about it and show them a screenshot that shows exactly where the vulnerability is. And one of the things I often hear is, Well, I already have an IT guy. And then that there, the flip side of that goes back to me is I remember all the years of you know, sitting in meetings with clients, and something would come up and they’d go, yes, Stephens taking care of that for us, and I’m sitting there going, No, I don’t take care of that for you, you know, they they have this false perception that IT guy is doing everything for them. And unfortunately, as hard as we try, we’re not. So somebody needs to point out those other areas and have the time to tackle those areas. Because those guys, I know, they’re insanely busy with the day-to-day technology, and issues of taking care of their clients, and they just don’t have the time to do everything.
Dr. Barbara Hales: Right. So, you know, if you’re just flying solo with no insurance, you know, this is the time to really consider, you know, speaking with, you know, this guy Soundcyber Security, to keep your record safe, and to keep your computer system and your office from having a major meltdown would not be a pretty sight. Agreed. Do you have any horror stories for us and how you were able to convert them?
Stephen Jordan: Oh, gosh, it’s a simple one that comes to mind is just an attorney that I had worked with for many years. And he, he was probably amongst my most skeptical of clients for a long, long time. And I had been hounding him and hounding him he had been a holdout on using some old email system. And he just wasn’t getting it. And finally, one day, one of his staff received an email message with a Microsoft Word document and opened it up. And, you know, that Word document ended up grabbing every single email address that they could get their hands on out of the email account. And unfortunately, that was his receptionist, and she had access to his email account. So they had a huge compromise of all the email addresses and email messages that had been received. And so you know, he had a huge cleanup to do and notifying all of those people about, hey, this has happened, they have my email address, you might be a little skeptical about anything you receive from me right now. And it took him some serious effort.
And then, but then, of course, he was wide awake to the reality of the need, of what I have been hounding him about for literally probably two years that I had been trying to get him off of that, and to get better protection in place. So So in the end, it turns out good because they are awake, and now ready to proceed. I always tell everybody, you know, I can get you from point A to point B, but you’ve got to arrive at point A, you you’ve got to arrive there realizing Yes, I do need to address matters of cybersecurity, I’ve got to pay attention to this. But I’m never going to get you to point B if the whole route, you’re you know, you’re questioning and doubting and being suspicious of my motives every single step of the way. You know, it’s tough. And unfortunately, he’s an attorney. So I guess that’s the way he has to be right in his profession. But some back to that original.
Dr. Barbara Hales: As an attorney, he must also realize that it’s far beyond like, Oops, I’m sorry. I mean, I get, you know, like libellous to the tune of millions of dollars.
Stephen Jordan: Yes, yeah. And the reputation of that. I agree.
Dr. Barbara Hales: Are you insured or bonded for any oops?
Stephen Jordan: Yes, I am. And as funny you say, oops, because I was thinking of that just a second ago that was one of the reasons I think I became a, IT person instead of a doctor I can say, oops, and nobody’s going to die. But at the same time, yes, I do keep that insurance up and everybody, not just in my industry, but any business needs that cyber insurance and, and the requirements to meet that you have to meet now to get cyber insurance or at least get it at decent rates are quite stringent. So that’ll that alone is quite the process.
Dr. Barbara Hales: Are there licensing and certifications that you have to go through periodically to like show that you know, like, You are the man?
Stephen Jordan: Yeah, yeah, there are industry certifications, compute is a security plus is the one that I have. And they’ve got some newer versions of that that I’m working on. And yeah, in this industry, it’s constantly you know, which 1500-page book am I going to read next? And so yeah, it’s it is a constant and ongoing process.
Dr. Barbara Hales: So can I assume then that you don’t have any Netflix programs that you are hot and heavy about?
Stephen Jordan: No, I know, not much on Netflix. I probably spend more of my time on YouTube learning about things or you know, just catching up on the latest of this or that but yeah, I have to put the book down sometime and get some break from all of this. And I can’t read them before going to bed or that, you know, that doesn’t do much good other than put me to sleep pretty quickly.
Dr. Barbara Hales: But they make good bedtime stories for the kids don’t they?
Stephen Jordan: Yeah.
Dr. Barbara Hales:
For our listeners out there that are now sweating under the collar saying like, Oh my God, I don’t know how I have missed doing this before and I have to reach this guy. How can Get hold of you?
Stephen Jordan: So several different ways. Of course, they can go to my website sound cybersecurity.com And there’s a Contact page there. They can call me directly. The phone number is 866-772-8181 and of course, they can send me an email. It’s Stephen, S T E P H E N at sound cybersecurity.com.
Dr. Barbara Hales: Well, it’s been a real eye-opener having you on the show today and I’m sure our listeners are sitting at the edge of their seats. Only leaving their see to get the Tom’s for their indigestion now, thinking like, what this is another thing that I can’t afford to delay, delay on. Thank you so much for being with us today.
This has been another episode of Marketing Tips for Doctors. We have been talking about cyber security, and it’s really been an eye-opener. Till next time.