2-Minute Tuesday – Memphis IT Solutions

On this week’s 2-Minute Tuesday, Austin sits down with Paraic Sweeney of Memphis IT Solutions to talk about how you can protect your business on the web.

Watch it here or check out the full transcript below!

Memphis IT Solutions Interview Transcript

Austin: Hey, Austin here with Tour Collierville, and I’m here today for 2-Minute Tuesday with Paraic Sweeney, who is the CEO and owner of Memphis IT Solutions.  So, Paraic, thanks for coming.

Paraic: Good to be here, Austin.

Austin: So, just to start off, I guess, if you want to give our viewers a little bit of info about yourself, maybe starting with where you’re from.

Paraic: Yeah, well, as you can gather, originally—I have an accent—originally, I’m from Ireland, the west coast of Ireland.  Achill Island is the place.  But now, living back in Collierville; I moved recently from Oakland back into Collierville.  And so, moved here in ’95, so I’ve been here for 23 years almost, at this point.

Austin: Twenty-three years in Collierville, or you moved to Oakland?

Paraic: Basically, Collierville, Memphis, Germantown, Collierville, Oakland, Collierville.

Austin: All over. You’ve lived in the area all over.  You know the area very well.

Paraic: Exactly.  Very well at this stage.

Austin: Well, that being said, what do you think about Collierville?  Do you like it here?

Paraic: It’s a great town.  And that was one of the reasons I moved back here from Oakland.  There’s a lot more to do; it’s a lot more convenient.  Lifestyle is definitely different than anything else.  It’s got that community feel.  It’s got that hometown feel as such.  And that’s what I love about Collierville.  And that’s one of the reasons, you know, that I had the business in Collierville.  We purchased the property back in 2015 and decided to stay in Collierville.  Before that, it was a leasing property, but I looked at Collierville being a good community and a good place to be for my business.

Austin: Leaving Oakland, we’ve got Raven and Lily out here.  Have you eaten at this Raven and Lily?

Paraic: You know, not yet, but the goal will be to get free one of these days.

Austin: Gotcha. I wanted a comparison.

(both laugh)

Paraic: No, it’s the same restaurant, but a different location.

Austin: So, Memphis IT Solutions, as I said—and you’re over there, off of Center Street, so not too far from the Square.

Paraic: Correct.  Well, with the construction now and everything else on Center Street, you know, it’s maybe a three-minute drive—it used to be—versus a five- or ten-minute drive.

Austin: Yeah, a little bit further than it used to be.

(both laugh)

Paraic: Right.  And that’s the key.

Austin: So what all’s going on over there with the renovations and stuff?

Paraic: Eh… We’re going to be affected, eventually, when they widen it.  But I think it’s going to be a major plus for the Town.  Because it will have sort of a boulevard effect into the Town, and it will be sort of the main entrance from 72 into the Square.

Austin: You’ve got 385 right there, too.

Paraic: Exactly.  And that’s the way we look at it.  It will definitely, I think, it will give a better approach.  It’s gonna be much nicer of a drive in there, if nothing else.

Austin: Do you think that will help you out some?

Paraic: It will help with exposure, yeah.  And we don’t depend on any sort of passing traffic.  We don’t have people who come into our location to drop off systems or stuff like that.  It’s our office for doing support for our clients.

Austin: So is most of your business out here in Collierville?  Or do you kind of do business a little bit of everywhere around?

Paraic: We do the Memphis Metro area.  So we have, probably, four or five locations—here in Collierville, Germantown, then we do Downtown Memphis, some in Bartlett, and… so we do a variety.  With the support we provide to our clients, we are basically looking at possibly about 90% of our issues can be handled remotely, so it’s only about 10% of the time we have to send out to a client a technician.

Austin: Interesting.  I would have thought it would have been a little bit more than that.  That’s cool.

Paraic: Yeah, it the way we do management of our clients.  That’s the key, so it is.

Austin: Gotcha, yeah.  Well, is most of the business ya’ll do small or large businesses?

Paraic: We do a variety of businesses, and that was one aspect when I started the business back in 2004, 2006—that era when I started.  I started doing one and two small user offices, and now we’re managing up to 120 – 150 users is our sort of sweet spot.

Austin: So all across the board, then.

Paraic: All across the board.  And then the verticals we will do, we will emphasize on medical.  Medical is huge to us because of security and everything else.  And then what we will do professional services, and we’ll do retail.  So, we will do a variety of businesses.  But again really, we say our sweet spot is, really a 20-user office all the way up to 120.  And that’s where we’re working.

Austin: Gotcha.  So mainly retail and stuff like that, not much residential?

Paraic: Residential we will handle if somebody’s using a home office.  So if somebody is—has—their business, and they’re working out of their home, we’ll assist them with that.  We’ll take care of them.  But residential is one area we will not work on.  And we’ve just tried to avoid it more so than anything else.

Austin: Gotcha.  Okay.  So, you’ve already mentioned security, which I figure is a big component of your business, a big part of your business.  If you want, maybe kind of dive into that and talk about security and what else you also provide as far as support goes.

Paraic: With a sort of a small business, if somebody comes onboard—let’s say they’re in the health field more so than anything else, where we try to specialize, is that we will go in, and we will do an evaluation of their network.  We will see where there’s weaknesses, where there’s potential risks or exposures to security breaches.  And then, if they become a client, as such, security’s going to be #1 for us.  And we take the approach that a prospect may have their own firewall, they may have something else that resembles a firewall on their network… We’re going to replace it with our own equipment.  We’re going to provide the essential enterprise firewall that’s needed behind the internet provider.  Because I’ve seen cases where people will have just their ISP, whether it’s AT&T or Comcast, and they’ll have their equipment connected to their modems—hey, they’re secure.  You need to have a physical barrier behind your internet provider equipment.  It is critical.

Austin: You’re saying it’s important stuff.

Paraic: Yeah.  Even if you take that aspect with even the sort of residential people as well, Comcast and AT&T will put in the standard modems, and they will have Wi-Fi enabled on their equipment.  Again, the residential—and this is a piece of information for residential people in the Collierville area—it’s essential that you put another device behind that for your own sake.  Make sure you’re changing your passwords.

Austin: So don’t use the default Xfinity password they provided me?

Paraic: Exactly.  Do not.  Change that, if possible.  And then, if you are using your own equipment, then disable the Wi-Fi on the internet provider’s equipment.  Because a lot of times, they will allow other customers to use your Wi-Fi throughout the area.  So that’s a potential risk, because especially more and more homes now are using their own cameras.  They’re using Ring Doorbell, Hello by Nest; they’re using Nest thermostats.  So those are all considered internetted things.  Internetted things allow a vulnerability onto your network if you’re not changing the password, if you’re not securing those somehow, if you’re leaving those exposed through your internet provider.  And you will even take that a little bit, extract that information and say that happens in businesses as well, is that you have an internet enabled device on your network, such as a camera on your network or a thermostat on your business.  If it’s on the same physical network as your line of business application, your EMR solution… Then that is exposing the potential risk to security.  And that’s giving somebody a way in.  And I recently saw online where somebody actually contacted somebody in Arizona.  He was a white hacker, actually.  A white hacker is basically someone who find vulnerabilities in systems.  He actually connected to a camera on a residential network and was communicated with the owner, telling him that he connected to the camera, that he could see all his information in the living room.  He could tell him the physical address of his location.

Austin: That’s terrifying.

Paraic: And that’s why if you don’t change the default passwords, you’re having this.  It’s fine changing the passwords, but even if you don’t also update your firmware on these devices at home, that’s a concern as well.  So that’s an aspect for home users that they need to be aware of.  It’s fine going out and buying these devices.

Austin: So how often would you recommend that we change our passwords?

Paraic: With passwords, you have to make sure they’re good enough.  Do not make them your kid’s name, your favorite location, something like that.  That’s number one.  What you need to make sure is if you have difficulty remembering the password, think of something that you love to do or somewhere you want to go and why it’s something you want to do, but then make it cryptic enough that it is very difficult to basically break.  My recommendation is every 90 or 120 days, change it.  But don’t, if you’re using the same password for your bank information as your utility bill or online services, don’t.  Have a different password that is specifically for your banking information.

Austin: Yeah, that’s something I hear about often is, you know, people using their bank account password for their Facebook password, you know.  And that can cause some serious issues.

Paraic: Well, and that’s the thing.  With all the breaches that are going on, you have to be aware of this.  You have to understand that you can’t just bury your head in the sand.  You can’t just say, “Well, I’m not going to use Facebook.”  Well, if you go to a doctor’s office, you’re giving them information.  If that doctor’s office has a problem, they’re required to report those potential breaches or whatever.  So you have to be conscious that your information is out there, whether you like it or not.

Austin: Right.  Absolutely. Security is something that is coming up in the news almost every day in some form or fashion.  It’s a big deal right now.  What would you say is your personal take on it?  Just in general.  Are or is there an uptick in compromises?  Are we getting better at security?  You know, what are your thoughts there?

Paraic: Well, the thing is—let me do this analogy—long ago, if you wanted to get money, and you were in the great western days, you would basically rob a stagecoach.  And that’s the way you got your money.  That evolved into basically holding somebody up on the street.  And now it has evolved; someone can sit in a back room, send you an email—a phishing email—and basically say, “I need you to reset your password.”  And you don’t think twice about it.  You look at it and click it.  They’re basically now already in your computer.  They’re getting your information.  That quick.  Because #1, you may have said, “Eh, I don’t need to worry about updates.”  I know there’s a lot of people out there that are not fans of Microsoft.  Well, Microsoft is still the most prevalent system in home users.  It’s still used in the Windows environment.  So the major thing is making sure your operating system is up-to-date.  Make sure you have a good, security software on your system that’s been… And that’s where we approach it with businesses.  It’s that we just don’t look at the firewall as being the total end all of your security.  We have to have a security software that can communicate to your firewall.  And basically, if one of those systems does get compromised, it can lock it out of the network and stop the spread.  So it has definitely evolved is that it’s gone from sort of this stagecoach to somebody sitting in—and it doesn’t have to be sitting in Eastern Europe or North Korea or even China—it can be somebody sitting in an office in upstate New York that could be breaking into your system.  It’s the same way with the concern about security… If you see the word “free Wi-Fi,” step away from it.  Because my recommendation is—and I’ve seen it myself in the last 6 – 8 months—is that some of those Wi-Fis can be poisoned.  And poisoned meaning that they have found a vulnerability in the equipment that’s providing the Wi-Fi signal and gaining access to your information as you’re typing it.  So if you have to use an internet connection, either invest in a… make sure you can tether from your phone or buy a device that can provide.

Austin: In other words, making your phone a hot spot?

Paraic: Exactly.

Austin: And maybe have one of those My-Fi devices you can hook up to?

Paraic: Correct.  One or the other.  And that would be key.  Then you’re secure. But if you’re connecting back to the office—if you’re, say, using the software that lets you remote back into your computer—make sure that software is encrypted back to your office.  Because again, some of these vulnerabilities more and more I’m reading online about this and through our peer groups, is that there is more and more emphasis on the residential user being working from home, bringing their own devices and everything else into the office… Then, that is a source of infection.  That’s where you can have vulnerabilities coming back into your office.

Austin: It’s hard for us to remember to be careful where we click when everything, you know, on the internet is geared toward getting you to make the click.  It’s kind of against us, so it’s hard to remember to be careful.

Paraic: You cannot be—no matter how good people say… It’s a lot to do with education.  Educate yourself.  Spending that extra, maybe, ten seconds reading that email before you click it.  If you want to get paranoid, and you have to do banking online, and you’re absolutely paranoid, have a computer just for banking at your home.  I mean, not for social media, nothing like that.  But use it just solely for banking.

Austin: So segment what you’re doing.

Paraic: Exactly.  That’s being paranoid.  But that’s one solution.  Because we ourselves—and even I would do it—I’ll put out my iPhone, I’ll log into my bank and everything else.  But I’m doing it on secure networks.  But you have to know where you are.  There’s no point in going to a local restaurant and them having free Wi-Fi, unless you know who’s managing that network, it’s really not that secure.

Austin: Right.  And you have to… If your phone is set to where it asks you to join networks, sometimes you can be walking by a place, and you’re connected to Wi-Fi without even doing it yourself.

Paraic: At least people have gotten away from the open networks that used to be prevalent many years ago.  They’re actually making them password, requiring a password… But at the end of the day, you just have to be careful with security.  And it’s definitely… That is where we in an industry as an IT consulting company, we look at security as still top of the line for us.  And having in a business is making sure your network is secure.  But also make sure you’re taking that and saying, “Okay, I’ve my data here.  How am I backing it up?  Where is it being backed up?”  If you have a server, how that server is being backed up.  Are you using a service?  Can they verify the data is good?  So if you do have a ransomware attack, how do you do it?  But the best prevention is to have a backup for your business.  Have your data somewhere else.  And that’s key, especially with the ransomware.

Austin: So that’s actually one of my questions for you.  If you can, speak a little bit to the ransomware.  The crypto ransomware.  A lot of people don’t really know what that is.  If you could, maybe, explain that a little bit?

Paraic: Yeah, and that’s constantly evolving as well.

Austin: That’s the thing with technology: you gotta keep up.  I’m sure that’s part of the game?

Paraic: It’s a big part of the game.  With the sort of evolution of the criminals out there, we, as technology providers, have to evolve as well.  If we don’t evolve, that’s a problem.  Going back to your question about sort of ransomware and how that works is basically what happens is you’ll get an email.  And then you’ll read it.  It may be a phishing email, and that’s what it normally is.  And it’s not the fish you catch, it’s with a PH.  So that’s the thing.  But it’s trying to fish you to do something.  So you click on a link, and it’s like, “Oh.  I need to reset my password; it has been compromised.”  Then, what that happens is it’ll go to a website, it’ll basically have a look at your computer in milliseconds to see if there’s any holes in it.  If it sees any holes in it, it’ll drop a package onto your computer.   That, then, would spread to your files and lock your files.  Then, at that stage, it’s now communicating with a control and command center at somewhere on the web.  And that basically said, “We have locked this computer.  If you want your files back, you need to pay us X amount of Bitcoin.  And Bitcoins are basically… it’s an electronic currency.  That’s what Bitcoins are.  And they have increased in value over the years.

Austin: It’s harder to trace, I guess?

Paraic: Very hard to trace.  So it is.  But because of the prevalence in it and everything else, the value has increased.

Austin: So you’ve spoken to the medical field quite a few times since we started talking.  Why is it so important in the medical field to have security, and why is that such a big part of what ya’ll do?

Paraic: We look at it… I mean, if you go to a doctor’s office, you’re going to be giving your date of birth.  You’re giving your Social Security number.  You’re giving your full name.  And everything else.  So, those are sort of three key pieces that are valuable to any hacker out there.  And that’s the piece of information that’s personally identifiable information.

Austin: So the criminals, they’re kind of gearing towards that field more than others because, you know, it’s all this information in once place, and they know it’s there.

Paraic: Yeah.  They know it’s there, and that’s the thing—they’re going to go after it.  And then, that’s where you have to understand that you have to have some method to know whether your data is out on the web—or on the Dark Web, as we call it.  And the Dark Web is basically that layer under the Good Web.  So, it’s where the cyber criminals live.  That’s where the guns are being sold on the Black Market.  Where the drugs are being sold and all of that.  And that is available to people if you know where you’re going.  And that’s where your credentials are being sold off.  And it can be credit card information that can be worth $20 a pop, but if you can imagine that, extrapolate that amount of information that is being pulled from a business or your Social Security number being available, it could be $5, it could be $15, depending on the type of individual you are as well.  And they will be able to find out that information very much.  So it’s important that you have something in place to know whether your credentials are out there.  We recently had an issue with Facebook in the fall of last year.  Where it was a third party…

Austin: Facebook has had a hard time staying out of the news.

Paraic: They have.  But as I said, again, you can’t bury your head in the sand.  You just can’t.  And as I said, your information is everywhere.

Austin: Do you think Facebook, in particular, do you think it security-wise is getting better?

Paraic: It’s not a question… Is it… It’s hard to say.  You have to be conscious of what you are doing as an individual.  You have to be conscious.  I mean, is the device I am on secure?  That’s the key.  Am I logging in?  Do I have two form-factor identification enabled on my Facebook account?

Austin: So you should?

Paraic: You should.

Austin: Even though it takes you longer to log in?

Paraic: Yeah.  You should, and that is the key in any sort of—and I’d recommend you use it even if you’re using Gmail or something—any sort of service that offers two-form factor authentication, use it.  Because that’s another layer.

Austin: And use data instead of wireless where you can when you’re out and about?

Paraic: Yes.  If you’re… That’s important.

Austin: Why is that more secure?

Paraic: Well the thing is, you’re over your telephone net.  You’re over your cellular network.  You’re not over… You’re not connecting to a device that possibly could be poisoned.  And that’s the key. Because there’s always going to be vulnerabilities happening on these pieces of equipment out there.  And if somebody’s not updating these pieces of equipment—and when I’m talking about a piece of equipment, I’m talking about a wireless router, an access point, one of those devices.  Whether you have inexpensive from the likes of your local stationery store using on your network… If you’re not updating that as well on a regular basis, installing the firmware updates on that and securing it and being aware of it, that’s key.  And the other key is that we know when we get online and we’re shopping and everything else, we’re going to be asked for an email. Use one that might not be business-related.  Use your personal one or set up a second one for it so you’re not getting all the junk and everything else.

Austin: Well, I have to say, I certainly feel smarter.

(both laugh)

Austin: Before we go, is there anything… I want to open the floor up if there’s anything you’d like our viewers to know about Memphis IT Solutions.

Paraic: Well, one of the aspects that we look at is security is always going to be key to us.  And that is why, even if you are a business owner and you need… Just, even if you have an existing company and you want a second opinion… Don’t hesitate to reach out to me.  I don’t have a problem.  Even if you have a business domain and you want to ensure that you’re not on the Dark Web, reach out to me.  I’m willing to do a complimentary scan on your domain name and see if it’s out there on the web.  And I don’t have a problem with that.  Because the way I look at it is that we have other companies here in town to provide IT services.  But the way I, as a business owner, look at that is we are there to service you as an individual or you as a business.  And if somebody’s not doing something right for you, you need to be told. End of story.

Austin: Well thank you so much, Paraic, for coming in.