We are talking cybersecurity today and learning about all of the ways that hackers are looking to infiltrate the secure files, emails, address books, and bank accounts for real estate brokerages and law firms.
Meet Eric Shorr, founder of Secure Future Tech Solutions, a Rhode Island-based industry leader providing small-to-medium sized businesses IT support and cybersecurity services, and maintenance of computer networks, servers, workstations and applications.
Eric launched the company in 1992 on the campus of the University of Rhode Island, and has been at it for over three decades now - probably longer than you've had an email address and even knew about the internet!
Eric has built a team of business specialists that are ready to become the computer departments for SMBs. They listen to a company's organizational requirements, evaluate the existing systems configuration, implement the right hardware, software and cybersecurity solution, and maintain networks safely.
The best way to protect your firm from hackers is to train your team and be aware of the everyday risks that we all face - everything from back-end network security to teaching agents and employees what not to click on within emails.
Learn about some of the top threats and ways that you can protect your real estate brokerage or law firm.
In this episode, we discussed:
- What are some of the most common mistakes people make regarding cybersecurity?
- Cybersecurity best practices for real estate agencies and law firms
- Why real estate lawyers are a favorite target of hackers
- The best types of cybersecurity training for businesses
- What exactly are hackers looking for (hint: address books and passwords)
- What are phishing emails and how do hackers steal information with them?
- Why picking up the phone and getting verbal confirmation is important
- The benefits of cyber-liability and cybersecurity insurance
- Tips for employees who work from home and in non-traditional work settings
- Is your phone's hotspot really safer than a shared wifi?
- Why is multi-factor authentication safer than just a password?
- When should remote workers be using Virtual Private Networks?
Where you can find Eric:
Website - https://www.securefuturetech.com/
Facebook - https://www.facebook.com/securefuturetech
Linkedin - https://www.linkedin.com/company/pc-troubleshooters-inc./
Eric on LinkedIn - https://www.linkedin.com/in/ericmshorr/
Join Jason Muth and Attorney / Broker Rory Gill of NextHome Titletown and UrbanVillage Legal in Boston, Massachusetts for another episode of The Real Estate Law Podcast!
#realestatepodcast #nexthome #humansoverhouses #realestate #realestatelaw #realestateinvesting #realestateinvestor #realestateagent #cybersecurity #datasecurity #customerdata #networksecurity #workfromanywhere #hackers #phishingemails #cyberattack
First of all, you have to have the mindset. You have to think like a hacker. So it's really important for you to do that. You also have to have all the protections in place, it's really important that you have good firewalls, good anti virus, email security. You know, if you're running a law firm practice, you get a lot of emails every day. Well, there's email security that can filter out a lot of that garbage, so that you don't click on it to begin with.Announcer:
You found The Real Estate Law Podcast, because real estate is more than just pretty pictures. And law goes well beyond the paperwork and courtroom argument. If you're a real estate professional, looking to build real estate expertise, then welcome to the conversation and Discover more at the realestatelawpodcast.comJason Muth:
Hello, hello. Hello. It's The Real Estate Law Podcast. Thank you so much again for listening to us. Jason Muth here along with Rory Gill attorney broker NextHome Titletown Real Estate, UrbanVillage Legal in Boston. I could see that you have more shelves over your shoulder today versus the last episode.Rory Gill:
The slow progress here. So for those tuning in, just to see the progress of our background and our shelves, this is what we've got today with the shelves in place now and just need to decorate them and get the wall up and going.Jason Muth:
Yeah, you know, the recording of the podcast does not stop for us to actually put together a good set but we finally got around to it. Upstairs, we have this beautiful background. Downstairs, we're both in the same building actually today recording but we're going to have those shelves looking awesome. Put something right in the middle have a great podcast background, something fancy just like our guest. Our guest Eric Shorr with Secure Future Tech. Did I get that right?Eric Shorr:
You sure did. It's great to be here.Jason Muth:
Eric, I'm embarrassed to say that this is episode number 79 for us. I haven't really talked about what number episode that we're on. We just kind of publish these things, but 79 episodes in and we have not talked about cybersecurity and protecting ourselves and protecting our businesses. And this is something that you do all day every day as the CEO of your company. I believe I saw that it's Cybersecurity Awareness Month. Is that right?Eric Shorr:
October is Cybersecurity Awareness Month. So it is the month to talk about cybersecurity. So you are in good timing.Jason Muth:
Well, we're recording this in October. We're putting this out in late November. But cybersecurity is a topic that is 24/7 365 - 366 on the leap years I'm sureEric Shorr:
Hackers never sleep. So keep that in mind.Jason Muth:
Yeah, and you know, I could attest to some, you know, personal infringements upon my credit and accounts or whatnot that have happened this year. We don't have to get too far into it. But think that we're all aware that hackers are out there, they're out to get our information. There are tons of scams that are happening. Rory as an owner of two businesses that deals with lots of sums of money and lots of legal things. I'm sure you see this stuff all the time.Rory Gill:
And I'll try not to monopolize the whole conversation just telling stories. But barely a day goes by where I don't receive a, you know, an attempt at a scam. And I'm only counting the scams that are directing directed specifically at real estate brokerages and real estate law firms. There's a niche industry out there. I don't know where these people come from, but they're busy, and they're constantly trying to get into my businesses. So I'm really excited to talk to Eric and welcome him on. But before we go into my list of questions, I just want to ask Eric, tell us about your business a little bit how you got started how you found this practice area, and you know what your company does.Eric Shorr:
Well, I'd love to. So in 1992, I started my business back then we were called PC Troubleshooters. We were a computer repair shop and I was working, I was working for the University to Rhode Island while I was a student, and then I started taking private accounts back then. Back then we didn't really have to worry about too much cybersecurity. Very few people actually had high speed internet and weren't really connected. Maybe they were connected through dial up. But fast forward 30 years later, and I can't believe where the time is going by, everyone is connected to the internet. There are a lot of cyber security threats out there. And I've continually for the last 30 years, grown my business. So we have a team of experts that works with the law firms and other businesses as well. You know, protecting protecting their data. So it's a passion of mine to make sure that, you know my clients are protected.Jason Muth:
You know, around the time that you started on the campus of University of Rhode Island, I was on the campus of Brown University just up the way. And I remember getting my first email address in 1993, I think it was, when my friend went abroad and she wanted to stay in touch and she's like, Hey, just sign up for an email address. You can go to the computer center and log into the computer there and we could share messages back and forth. This is legitimately what it was back then. I mean people listen to this right now might not have been alive in 1993. And it feels so strange to say that we're dating ourselves there but somehow you found your way to a cybersecurity company on the campus of URI when interconnectivity probably wasn't as as popular as it is today. You know, I just give an example of the first email address right, then I got an AOL address shortly thereafter, you know, I didn't realize these scams were out there back, when you're just starting out with dial up and 10 hours of service per month We're actually physically driving to the computer center to check your email address. I mean, you probably remember those days, right? Yeah. You know, in the real estate and the law professions,Eric Shorr:
It was almost non-existent back then, you know, I think I got my first email account in probably 1990, or 1991. So it was pretty non existent. And the threats just weren't there. At the time, hackers were, you know, kids having fun, like, you know, me or others, you know, maybe they you know, we talk about those things, obviously, a lot on this were, you know, playing around on the basement and calling, calling up dial up services, or using a modem to try to hack into different computers that had a dial up phone number. So that's what it looked like back then. It's not like that anymore. Today, everything is interconnected. And that's why this issue is so important, because it affects every single one of us. podcast, you know, what are some specific issues that you have seen working with clients and people that, you know. What are ways that people should be aware of scams that are out there? And what are some just basic things that you've done to help protect people in those industries? First of all, there's a common misconception out there that many people even today still have, particularly if they're running a small law firm or a small practice, they think that they're not a target, like, Well, what a hacker, why are hackers interested in me, I don't have anything of value to them. But that couldn't be further from the truth. Now, if you're a real estate attorney, you're moving around a lot of money as part of closings. So that is a very big target. But even if you're in a different kind of practice, or a real estate agent, or you just have a computer, hackers want to get into your system, and they want to use your systems to be able to commit their crimes to the intended victims because hackers never use their own computer systems. So so it's called low hanging fruit. They look for small businesses, small law firms, realtors, other people that they can just get in and use their systems, or they can steal their address books, and then send out a whole bunch of, you know, fake emails or phishing emails, to see what who they can log in. So that so that's what's what's going on. So first of all, you have to have the mindset, you have to think like a hacker. So that's really important for you to do that. You also have to have all the protections in place, it's really important that you have good firewalls, good anti-virus, email security, you know, if you're running, if you're running a law firm practice, you get a lot of emails every day, while there's email security, that can filter out a lot of that garbage, so that you don't click on it to begin with. So having the basic security in place is just the start, though. It's not enough to have that. Because half the battle can't be solved by technology. I don't want to scare everybody out there. But that's the truth. The sad truth is that hackers are making billions and billions of dollars stealing from you and me, and whoever they can get their hands on. And so it's really important to have training too cybersecurity training and ongoing training. And that's something that all of our businesses should be should be doing.Rory Gill:
I've been to a bunch of continuing legal ed classes continuing ed classes on cybersecurity, where they just kind of talk about the the topic, but you hinted at something that a lot of those seminars seem to skip over. And that is answering what what are they after in the first place, we can start to talk about how to get into our systems, how they break in, what to avoid, but what do they want from our businesses in the first place?Eric Shorr:
That's a great question. Access to your computer. Because if they can get into your computer, not only can they steal the data from it, but thereafter the address book, that's really important, because now Rory, if I get your address book, and I have access to your email, I can now send to all of your clients, contacts, friends, family, I can send emails that a good majority of people will click on because it came from you because I trust Rory, he's my attorney or he's my friend or cousin. You know, this is the kind of thing that hackers are looking for. So that's the first thing. The second thing is they're looking for passwords. It's really an if they can get access to your systems. And they do that for through a variety of ways. But the number one way they get in is through phishing emails. That's fake emails that come from your bank, or come from a friend or somebody you know, and you click on a link that's embedded in there, and then you're giving access to hackers. So they're looking they're looking for that out as well so that they can spread their attacks to others. So those are the two big things that they're looking for.Jason Muth:
So Rory actually has had, I'm sure he has a list of a couple things that he has experienced. But you know, the one that I could think of has happened multiple times to you and to your agents, where your agents are suddenly getting text messages from what seems like it's you asking to go get gift cards from Home Depot or Walmart or somewhere and put money on them and do with our send the code or I don't know exactly what this specific scam is, I'm sure Eric knows exactly what I'm talking about. But it's happened a couple times to your whole team, and not to name names. But there have been a couple folks that basically at the store to get these gift cards, which shocks me that people would go to that length.Eric Shorr:
This is a common thing.Jason Muth:
Yeah, the text messages seemed so genuine. It seemed like it was Rory asking them these questions. And then, you know, it wasn't.Eric Shorr:
So hackers get our information in a variety of ways it can be from our websites, it can be as other, you know, the dark web, which is a black market of information. And so they create these realistic looking text messages or emails. And I cannot begin to tell you how many times I have seen this kind of attack work, where the gift cards actually went out. And and it's and it's very sad, it's very sad because that once that money goes, it's gone. And the way that it works is they'll get a text message from Rory or even, interestingly enough, my front desk person at my office received a text from me asking her to go get gift cards, which I thought was hilarious. And she immediately brought it to my attention, which was, which was really good. But but then it will always go something like this, Hey, are you available, I need you to do me a favor. I'm in the middle of something. So I can't talk on the phone right now. But can you please go down to the pharmacy or the store and get me some gift cards 10 gift cards for $100 apiece, and then take a picture of the backs, you know, scratch off the code on the back there so I could see it and send me a picture of it. Thanks so much. And, and it works. People do that, you know that we are all as as you know, human beings, we want to please people. And so if our boss is asking for something, there was a good chance that we will not question the boss. And we will go and do as he's asking. Or she. You know. So it's really, it's really important to know that you know what your boss is not going to ask you to go and use your own money and credit card to go and buy gift cards. And and if that's ever the case, the best practice here is just pick up the phone, please don't text back or email back. Because I'll give you a situation that we've seen in the past as well. Someone's legitimate mailbox usually is through Office 365, or could be Gmail or whatever has been compromised. And the hacker is actually reading the email and responding to the email. So if you get one of those text messages, and you write back, hey, Rory is that did you really want me to do this Rory? And hackers gonna write back and say, of course, yeah, can you please take care of this for me. It is always important if something isn't quite right, pick up the phone. And just confirm, it's really important that you do this. And a lot of people who are working for us, maybe some of the younger folks, they don't necessarily like talking on the phone, which can be a challenge because everybody does text and Facebook and Instagram and all that good stuff. But but it's really important to get verbal confirmation when dollars are at stake.Rory Gill:
The good news of the scam like that is when you know texts like that impersonating me comes from a completely unknown phone number. We know that none of our internal systems have been compromised. They're just accessing what's public information about, you know, a real estate roster who's in the company. So they're taking public source data, and they're trying to trick people into it. So I know with that our systems are not likely compromised. But it's an opportunity for my agents, people into my office to kind of have a relatively low risk way to adopt the mindset pick up the phone call me which a number of them did and they always happen in batches. So he's getting all these phone calls in a batch but I know that they're thinking of things the right way. When it becomes a little bit tricky or things that look a little bit more buttoned up and real and one thing that's really been circulating a lot, particularly my law practice our fake title orders. I'm getting a number of title orders that look somewhat legitimate from lenders that I have done closings for, but if you look at it, something's a little bit off about it, you take a look at it, the sender's email address is from kind of unknown third site. And it's for, you know, often I've seen it's for five main street or some real sounding address, but they don't specify the city so they could really be targeting anybody. But I've seen the fake title orders in there. When we receive those, should we be worried about any implications or compromises? And then what should we do about the fake title orders when we receive those?Eric Shorr:
A lot of these attacks are just coming from the outside, and there's no compromise in the system. If you have proper security in place. I don't want to say you're 100%. But that goes a long way. And so what's happening is just spoofing, it's called, it's just, it looks like it's coming from a legitimate address or person, but it's really not. And that that is a tough one to prevent. That's why the training is key. And that's why we implemented a security training called Think Like a Hacker. That's something that my wife and I designed together, and we give this talk to our clients. And also, we just did that for Providence Business News' cybersecurity summit a couple weeks ago. So it's really important to be aware of that. And be mindful. Now, if there is a compromise, and you actually somebody wires, the money and loses money, it's really important for you to take action as soon as possible. I can't stress that enough, this does happen. There's billions and billions of dollars being stolen. So cyber criminals are sending this stuff out because it works. So it's really important to contact the authorities. If there's a large dollar value at at stake, the FBI, particularly, there's a cybersecurity unit in Boston. So you want to call the FBI and report this right away, they may be able to intercept the funds before they disappear permanently. But you have to do that within the first 24 to 48 hours, or consider that money gone.Rory Gill:
If my office or one of my clients fell victim to fake wire instructions and wired money off to the wrong party. What who should their first phone call be? Should it be the FBI? Should it be the sending bank the receiving bank? Or do you really just need to call everybody?Eric Shorr:
Well, first of all, first and foremost, you need to get a company like mine involved. So call your IT provider cybersecurity specialists to help you with that. So that's the first thing. You want to make sure there isn't an ongoing breach or something inside your network. So that's really important that you do that. And then you want to call the authorities. But also I think what's really important to know is all of you should have cyber liability and cybercrime insurance. If you don't, that has to be a requirement. Because if there is a loss, and you don't have any kind of cyber insurance, that money is gone, you're not getting it back. So that's where these policies come come into play as well. So you want to reach out to your cyber insurance company as well. And they have a whole series of resources and teams that can help you during an incident asRory Gill:
One of the most nefarious things and difficult well. things about wire fraud, at least in our industry, we see it's most often something that impacts our clients more so than our own offices. And I'm sure there are many, many exceptions to the contrary, there are. But we're often really concerned about providing wire instructions. But the truth is, if I were to just email wire instructions to a client, those are legitimate wire instructions. We're just teaching them a bad habit to accept the wire instructions that they've that receive over email. So it's about training them and thinking about things in the right way. Who's liable though, if one of our clients falls victim to this, and it's not a result of our systems being compromised, but they then they can see that we're working in a transaction together, they send these wire instructions off and the client falls for it. Where does the liability rest?Eric Shorr:
Well, that's, you know, that's a really interesting topic, because the question is who's responsible? Right, you know, as an attorney, I'm sure you could answer that question a little better than, than I could. But but the fact of the matter is, you want to make sure that, you know, if you're practicing a real estate agent, attorney or other business, you do have the proper insurance to cover yourself because if there is an incident, it could be there could be responsibility all around. So you want to you want to make sure that you're protecting yourself.Jason Muth:
So I have a question about kind of the work patterns these days, you know, we're not COVID's not going away, but we're kind of in the post COVID surges and work patterns have been very disrupted the past couple of years where folks are going in the office, not going in the office working remotely not working remotely. The nature of real estate, people are often not in offices, you know, so like kind of a lot of agents and people that are in the real estate world are often on the go and not sitting at their desk on a network, like many people that historically have worked in offices, and cubicles, and office parks and those kind of traditional settings. But those traditional settings are also changing where a lot of people have come into the workforce, for a variety of industries, and they're working from their bedrooms, at their parents house, at their apartment, whatever. What are some things that maybe this new crew of employees should look out for? People or their 20s, late 20s, early 30s, that have a remote situation, and they're working for any company, you name it, you know, a startup, a massive company that lets them work remotely, that's now just decentralized. You know, what are some tips you might have for those folks?Eric Shorr:
You know, the endpoint, that's the computer, you're right, it's not in just an office anymore. Many of us are working from home, working from our cars, working from coffee shops. So it's really important to be aware of that there are threats everywhere. And they're even more when you're outside of the office. You know, if you have a law and established law office, it's going to have a solid firewall and a perimeter and anti virus protection. And there's a lot of built in protection that we can do to protect that office. But once you leave that office, that protection needs to come with you. So you need to make sure that all of your devices have a really solid, what's called Next Generation antivirus system, that's an anti virus system with artificial intelligence built into it. So it can look at threats and kind of figure out where you are, and what's going on, so that it can stop it as well. And we need training too, you know, if you're working from a coffee shop, and you just jump onto a wide open wireless access point, that's probably not a good thing to do, because somebody could be, could be there sitting next to you, or somewhere in that vicinity, and they can see what you're doing, you know, so those are, those are all things that you have to be aware of, instead of using a wireless access point that's wide open, use the hotspot on your phone, that's much more secure, it's not perfect, but it's much more secure than just hopping onto a coffee shop Wi Fi. And then the other thing goes for home computers as well, too. It's really important if you're going to work from home, that you have a dedicated computer that you can do your work from, that can be secured and the kids aren't hopping on to it or, or maybe your spouse or whatever to do online shopping or whatever you want to have that dedicated machine that is used for work only. Because homes have very little security and hackers know this. They can jump onto a system, you know, from home, and then they can piggyback their way into your work computer if you're accessing your work computer. So those are all things that youRory Gill:
You hid in there, I have like a series of maybe kind need to be aware of. of rapid fire questions to get your thoughts on. But that's where I'll go, I know that as business owners, we should take this seriously and, you know, consult with a professional to build our infrastructure, especially if we are dealing with, you know, lots of private, nonpublic personal information if we're dealing with lots of money moving around. And if we're dealing with remote work. But you know, a lot of us kind of implement these other things just to patch things over. So the first question I had was about using shared Wi Fi spots, convention centers, hotels, I remember sitting in a room full of attorneys at a convention center when everybody's logged into the conference center Wi Fi. And the speaker came on and told everybody that's a bad idea you should be on your phone hotspot. Is your phone hotspot really safer than a shared WiEric Shorr:
It is safer because it's not a shared connection. So Fi?Rory Gill:
Is two factor authentication one of the single when you hop onto that conference, room, Wi Fi or you're at a hotel or whatever, just keep in mind there, there could be somebody lurking, and they may be able to get into best things that a business can do to tighten up their networks? your computer through that connection. We're when you getEric Shorr:
Without a doubt. Now two factor or it's also called onto your hotspot that's attached to your phone, unless you're sharing it with everybody. You know, it's really just for your use. So it is safer. But nothing's perfect. It's really important that everybody knows that there was nothing 100% Anything can be compromised. But the odds go down. And you don't want to be that low hanging fruit that we mentioned earlier. The more defenses and the smarter you are in the cybersecurity realm, the tougher it is to get in, hackers may move on to their next target. Because at the end of the day, the quicker a hacker can get in and steal something from you. The more money they make, if they have to spend all day messing around trying to get into your systems, they may move on to somebody else multi factor authentication is an additional step that you need to log into your systems. So you'll have a username, a password and then you can set it up for that additional factor to be a text message to your phone, or what's even more secure as many of us are now using authenticator apps. That's an app that you put on your phone, and it has a rolling code that changes every 60 seconds, and you use that as part of the login process. Now, without it, hackers would have an incredibly difficult time getting into your email or other systems that are protected by two factor.Rory Gill:
And actually, I use the the the authenticator apps to get access to some third party platforms. Now, if we're a business, and we're subscribing to third party options, like you know, MyCase, or Clio for a law practice, How worried should we be about the data that's stored in those services? Or should we just trust that if there are these bigger companies out there, they're, they're better equipped to handle the data than we might be as small providers?Eric Shorr:
Yeah, I wouldn't, I wouldn't trust I wouldn't trust that's that's a tough word to say, because some very big companies have been compromised, including Microsoft, Target, Home Depot, Uber, I could go on and on all day, I mean, we could be on this call for an hour listing off all the compromises. So it's important for you to know that it is possible, but you don't want to make it easy for hackers to get into your account. So that's why, you know, setting up all these cloud services, with multi factor authentication is really important. But just know, it's not safer, because it's up there in the cloud. Because I hear that a lot. Oh, we don't have to worry about security on our computers, because the cloud vendor is doing security for us. Well, they're doing security for their end, but not on your end, right. So your computer still needs to be protected. So it's really important that you take that seriously, because if I'm a hacker, and I can compromise your system, I can watch you log into Clio or whatever tool you're using, and I may be able to get in that way,Rory Gill:
You know, a similar vein, should businesses trust some of the file sharing apps out there, like Dropbox, or the various file sharing apps, because a lot of those are really invaluable for remote working? Are they safe to use?Eric Shorr:
I don't want to go as far as say safe, they are okay to use, provided that they're set up properly. Now, a lot of people use the free versions of Google Docs or the free versions of Dropbox, those are not okay, because they don't have enough security built in. To our clients, we actually sell them Dropbox for Business. That's a business class version of Dropbox that has auditing, two factor authentication, a lot of security built into it. It keeps revisions of files. So if something gets deleted, you can, you can scroll back to unlimited versions. So you want to use the paid versions of those and make sure that you consult with an IT professional, that all the proper security is set up. And that people only have access that they need to have access to. It's called a zero trust philosophy, I'm only given access to that folder, or that file that I need to do my job and nothing else. So it's really important that you take the time to set it up. They're not any more or less secure than keeping stuff on premise. A lot of people feel - oh I think we're safer because I have my files in a file server that's under my desk. No, because you're connected to the internet anyway. And actually, that's easy for hackers to get into your office, it's much more difficult for them to compromise Dropbox or Microsoft.Rory Gill:
You know, with the, the servers all over the place, who should be using VPN, should all this be doing it should it you know, who should be using a VPN?Eric Shorr:
Everyone, everyone needs to use a VPN. If you're remotely working, you never want to just directly connect into your systems. I used to see a lot of that with our clients, we don't do that. You know, you have to have a VPN if you're going to connect into an office. But you know, several years ago, people would open ports through the firewall and allow remote desktop RDP. And that is really bad. That is a hackers dream, they can get into your system very easily and compromise the system. So Virtual Private Networks is essentially a secure tunnel between two locations. So it's an encrypted connection, which means the signal is scrambled so that only you can use it.Rory Gill:
And then kind of the last of my rapid fire questions that have been on my mind about data security. Are mobile devices any safer than your desktop computer running an iOS or the Android equivalent or are they just as much of a liability as your your computer?Eric Shorr:
They're a liability as well, which is why it is so important to make sure you keep up to date on your updates. It's very important, you know, Apple is always coming out with updates, Android is always coming out with updates, it's really important that you do that because they can be compromised as well. I think I think PCs are probably a bigger risk. But it doesn't mean that an iPhone or your Android app is not a risk, but because it is. So that's why it's really important to keep up to date, have the latest phone with the latest security, and then and use it in proper places, you know, don't jump on the hotspots and other things. And you should be you should be okay.Jason Muth:
Yeah, you know, I hear a lot of what you're saying, Eric, and you know, for the layperson, like I'm the non attorney non agent on this call not cybersecurity professional like yourself, I hear these things. And I think about cybersecurity. And I think it's a bunch of people down in the basement somewhere hacking away on a green screen, like WarGames style, like we've seen in the movies for so many years. But a lot of what you're talking about, at least from our perspective, is education, which you mentioned earlier. And it's explaining to people what some good habits are. And I know there's a lot of behind the scenes, software and infrastructure that you I'm sure you offer to your clients all the time. But you're probably right, the first defense is just understanding and good behavior for people like us, people who are the employees, people who are using the technology, you know, not sharing passwords, not logging in, in a unsecure environment. Not leaving a computer to run to the bathroom and come back, probably not sharing files on USB drives, you know, there's, I just think back to my last employer, and they worked with another cybersecurity company. And there were all these short little skits and vignettes that they had us watch on a regular basis. And you know, they were cute and hokey, but they, they told the story that you're telling, which is really some basic stuff. Like, if you're working for this company, you know, don't just bring your files home in an unencrypted manner and use your home computer. A lot could happen along the way. Whether you lose that drive, or whether you get hacked, those are some basic things that people can probably do a better job with.Eric Shorr:
That's a common thing, by the way is people's laptops get stolen all the time. And it's really important to make sure that those laptops are encrypted, you know that that's called BitLocker, on Windows 10, and Windows 11, machines. Max, you can encrypt the hard drives as well on those. So if the machines do disappear, and that does happen all the time. So please don't leave your laptops in your cars, particularly on the front seat for everybody to see because the window can get smashed, and your laptop can be gone in a second. But that's really important. And it's really just having these ongoing conversations about good cyber hygiene. Yeah, you can't have just one conversation with your company or your firm, it has to be an ongoing conversation to make sure you remind everybody because people forget, or maybe they get a little lax with their security protocols. So it's really important that this gets worked into your, you know, regular meetings, and you know, talk about it.Jason Muth:
Well, talk about recession proof businesses. I mean, you got one right here, Eric, as technology continues to change. And we keep putting technology into our ears onto our wrists, on our faces, you know, with smart goggles smart this smart that smart home technology. I mean, there's a lot of plate, lot of entry points that people that are looking to do nefarious things can come compromise our networks and take our personal information. And all it takes is 1%. Right? It's just like direct mail, like you could send out 100 mailers, if you get one response out of 100, you're gonna make a ton of money. I bet you that these hackers, they're throwing out a big net. And if they can get one fish out of thousands of things that they're looking at, they're probably gonna make a lot of money.Eric Shorr:
Well, it's interesting that you say that because in the business, we say that as a defender, right, we have to be correct 100% of the time. Where if you're an attacker, it just takes once one little opening, to get in somewhere. So we have to be constantly vigilant and on our guard, to make sure that we are doing everything that we can to protect our networks, and to educate our team members and get the education out there is about what what's good cybersecurity practices.Jason Muth:
Well, Rory, you know, it's just like that - we had a conversation with an attorney a couple of weeks ago, I did at least and I got you know, freaked out with all these things I'm not doing correctly and you got a flurry of text messages saying like, I need help with these things. Same thing here. Like I think I want to power down all my stuff and turn off all the lights and you know, just go hide for a couple days after this conversation. What do you think Rory?Rory Gill:
No, I don't think I you're examining the problem here. And that's probably just to catch your breath. Realizing you probably are doing a number of things correct. But, you know, I hear as a business owner that you know engaging these kind of these professionals, to both to audit my practice to make sure everything's set up correctly that I, that I'm educated myself on, you know how to maintain the systems going forward, but also how to train the agents and the staff that are in the office. So that they, to me, that's the most important thing. And it's probably, I'm not sure if Eric would agree, but that's one of the biggest values that companies like Eric's bring is being able to train your staff and employees because you, you might have the best buttoned up systems that you could possibly have. But a poorly trained member of your staff can open the door anyway and let the hackers come through.Eric Shorr:
You're 100% correct. You know, we can, you know, the little secret is we can put in all the best security, and hackers can circumvent it, using what's called social engineering. And social engineering is The Art of Deception. And that's it. It has nothing to do with technology. So you can have the best firewalls and the best security in place. But if somebody opens the door, and lets you in, it's a problem. So social engineering is a big issue. And that's why it's really important to talk to everybody about how these scams work and what people are looking for.Jason Muth:
Well, Eric, thank you so much for all of this. This is just so many things to think about. And hopefully, you as the listener, have taken a couple notes for you are going to change your behavior for a couple different things that you're doing on a regular basis as a result of hearing some of what you've just heard in this podcast. Why don't we get to our final few questions that we ask of all of our guests, and then Eric we'll have you tell everybody where they can get a hold of you if they want your services or have questions. So the first of these three questions if you can get on stage and talk for a half an hour for any subject in the world with zero preparation, what would that be?Eric Shorr:
Well, my favorite subject is me. So I could definitely talk about me for half an hour. But in all seriousness, I you know, I love cybersecurity. I love computers. Technology has always been a passion of mine, since I was a little kid when I got my hands on my first computer when I was about eight years old. So I'm dating myself a little bit that was a little while ago. But technology and cybersecurity and the industry, and cloud computing. All those are very interesting topics that I could definitely get up on stage and talk about.Jason Muth:
My hunch is we're about the same age because I think that we were in college around the same time. What was your first computer?Eric Shorr:
My first computer that I worked on in eighth grade was a Radio Shack Model 1. And our elementary school school at the time I was living in West Hartford, Connecticut, had one computer, and I stayed after school to get time - now there was no there were no programs back then. So we had magazines with different programs that you could you could type into the computer. And so we had a lot of fun doing that.Jason Muth:
I remember having a Commodore 64, right ,with a floppy drive.Eric Shorr:
Yeah, I had a Commodore 64 as well. That was that was the first well actually, I had a Commodore VIC-20. That was my first computer that I owned. And then I upgraded to the Commodore 64.Jason Muth:
Right, right. It's a it's a big piece of 80s nostalgia.Eric Shorr:
That was a great system, I loved that.Jason Muth:
I still remember playing Summer Games. I played Summer Games. You had it? Yes, the Summer Games and Agent USA. Those are my two favorite games. Second question we have of the final questions is tell us something that happened early in your life or career that impacts the way that you're working today?Eric Shorr:
That's, you know, that's an interesting question. You know, I think one of the things that I've gotten a lot of inspiration from is my dad, you know, my dad is an entrepreneur. He's retired now, but he ran a textile factory up up in Woonsocket, Rhode Island. And when I was in high school, he bought a computer for the business. And I worked very closely with my dad and his company to computerize the business. So there was a lot of inspiration from him. I learned a lot about business. And then I also got a lot of practical experience as a computer consultant, working with my dad. So I think I think that it was it.Jason Muth:
Was he connected it all to And and Hope?Eric Shorr:
No, he wasn't connected to in and hope, which was a Rhode Island company. He dealt with raw fibers, so he would buy wool and other materials, and he would sell them to people who made yarn and fabric. That business went away. You know, it's unfortunately, we don't really spend too much yarn knit cloth here in the United States anymore. But it was a very good business for many years. But I found my passion in technology and I went on to University of Rhode Island and started working for them in the IT department. And then obviously, here I am today.Jason Muth:
Yeah, and there's so much history and all those old mill buildings, there's so many mill cities throughout New England. You know if the walls could talk and tell the stories of them, we always love, you know, going to the businesses that exist in them today and kind of learning about the past. The final question that we have for you today, Eric, is tell us something you're watching, reading or listening to these days.Eric Shorr:
I'm watching House of Dragons. I love that. I love that show. I'm into science fiction them also another passion of mine that I could probably talk a lot about up on stage. But House of Dragons.Jason Muth:
So Rory watches Game of Thrones, I can't just because I keep falling asleep during it, because we have a young toddler. And you know, she's exhausting. But are you watching that yet? Rory,Rory Gill:
I'm two episodes into it. So I think I don't know how far they've come along. And by the time this comes out, and probably still only be two episodes in, but I, I tend to do shows like that in bursts. So I will catch up at some point.Eric Shorr:
Episode six, or seven. And it's definitely something you would have to particularly Game of Thrones, you have to pay attention, because there are so many different plot lines and things going on that even if you miss one episode, you will be lost. So I like it. It's a complex story. And it's a good one.Jason Muth:
Eric, I have to ask you a bonus question about another show related to your profession - Rory knows exactly what show this is. You must, right? CSI Cyber, it's not on anymore. Did you ever watch that?Eric Shorr:
You know what I have not watched that show.Jason Muth:
t was on a couple years ago. And basically that I loved everything got solved within sixty minutes. But I was a big CSI fan for so long. But they had a special show. It was on a couple seasons about cybercrime. And it just felt so part of us over the top at outlandish and part of it was you know, appealing to the 65 plus audience and CBS has, and you know, creating the fear, uncertainty, and doubt of cyber in in their minds, but I thought a lot of it was practical. And I think a lot of what you've said on this call today, you know, is probably a plotline that CSI Cyber covered.Eric Shorr:
It's definitely you know, it's TV drama, but it's reality. It's it's real. I mean, this yes, it's happening every single day. And that's and that's what gets me up every morning is to help protect my clients.Jason Muth:
There was there's a whole episode about hacking into baby monitors, and you know, freaking people out in their kids rooms. And I'm sure thatEric Shorr:
Unfortunately, that is not good when that happens. IRory Gill:
And as I add more and more home automation items into the house, it's just more and more openings for somebody to, to come and get us or at least spook us.Eric Shorr:
All of that is true. That's why you really have to think about do I really need this? Is this something that I want to put in? And if yes, make sure you have a good password. And you set up that two factor authentication?Jason Muth:
Well, along with that, Eric, how can people get a hold of us so they could you know, hire you for your consultation, your services, talking at their conference? Where can they find you?Eric Shorr:
So we work with law firms all over New England and also other businesses as well. But we have a very good niche in the legal industry. And you can find us at securefuturetech.com. And my calendar, you can book an appointment with me my calendar is right up on the website. And I would love to if you need help, I'd love to be there for you.Jason Muth:
Yep, we will link all that up in the show notes, you know, so just kind of look down beneath this episode. And you'll find links directly to how to get a hold of Eric. And also how to get a hold of Rory, what are some ways that people can get a hold of you.Rory Gill:
You can find me through my law practice UrbanVillage Legal, urbanvillagelegal.com. Or my brokerage NextHome Titletown, nexthometitletown.com. And all my password passwords will be in the show notes.Jason Muth:
They they will not. But you're welcome to add them if you'd like after the fact. And that's it. So thank you for listening. I'm Jason, if you need to get a hold of me and you want to reach me, I want to be a guest in the podcast or you have comments for Eric, for Rory, for myself. Any feedback. You can reach me email@example.com. And if you've enjoyed this episode, we'd love it. If you can give us a great review. Hopefully, it'll be five stars. We love reading comments. We love all your feedback. So we do appreciate your listening. Eric, thank you so much for all of your expertise.Eric Shorr:
My pleasure.Jason Muth:
Yeah, it's great talking to other folks here in New England, especially about topics that are applicable to all of us. And if you didn't think cybersecurity was important. Well, you know, hopefully you do now. So on behalf of Eric and Rory, I'm Jason, thank you for listening. Bye!Announcer:
This has been The Real Estate Law Podcast. Because real estate is more than just pretty pictures. And law goes well beyond the paperwork and courtroom arguments. were powered by NextHome Titletown, Boston's progressive real estate brokerage. More at nexthometitletown.com and UrbanVillage. Legal, Massachusetts real estate counsel serving savvy property owners, lenders and investors more at urbanvillagelegal.com. Today's conversation was not legal advice but we hope you found it entertaining and informative Discover more at the realestatelawpodcast.com Thank you for listening.