Steve P. McKeon (Mac) serves as the team leader with 25 years of experience in information technology (IT) and the software industry. His knowledge of software development, reverse engineering and ethical hacking supports MacguyverTech's many projects. His love for Blockchain allows him to integrate groundbreaking technology into many different projects. You may have even caught Steve live as DJ Macguyver as he also toured the world and published over 20 songs as an ASCAP member. ​ MacguyverTech was founded on the idea that custom software solutions should not compromise on security, performance, or user experience. We focus on building application secure applications that will stand the test of time using the latest technonogies like blockchain.
In this episode
Mac McKeon of MacguyverTech emphasizes that protecting your business from cyber criminals and hackers is a continuous ongoing activity not a one-time or annual task. Hackers are getting more sophisticated all the time, including using Artificial Intelligence. Mac states that it's not uncommon to get 500 - 600 hack attempts per day! This is an ongoing war with no detente in sight. Small businesses are attractive targets for hackers because they lack the defenses and vigilance found in larger enterprises. You need both systems and procedures for your people to have effective cybersecurity defenses. Listen to the end to hear why Mac's email signature mentions a big funeral.
A glimpse of what you'll hear
02:43 Cybersecurity is a continuous not one-off process
05:21 By the time you realize you've been hacked, the criminals have been in your systems for 6 months
06:16 Small businesses can be more attractive, that is easier, targets than larger enterprises
10:06 Hackers are using social engineering to attack the weakest part of a company's defenses: the people
18:44 3 key steps to reduce the risk of getting damaged by a cyber attack
20:21 Insurance that doesn't insure
22:46 Learn about Mac. Email Mac at mac@macguyvertech.com
Episode Transcript
(Note: this was transcribed using transcription software and may not reflect the exact words used in the podcast.)
Centricity Introduction 0:04 Welcome to the Best Kept Secret videocast and podcast from Centricity. If you're a B2B service professional, use our five step process to go from the grind of chasing every sale to keeping your pipeline full with prospects knocking on your door to buy from you. We give you the freedom of time and a life outside of your business. Each episode features an executive from a B2B services company sharing their provocative perspective on an opportunity that many of their clients are missing out on. It's how we teach our clients to get executive decision makers to buy without being salesy or spammy. Here's our host, the co founder and CEO of Centricity, Jay Kingley. Jay Kingley 0:42 I'm Jay Kingley, co founder and CEO of Centricity. Welcome to another episode of our Best Kept Secret show, where I am happy to welcome Steven McKeon, but you can call him Mac, and Mac is the CEO of Macguyver Tech. Now, Macguyver Tech develops custom software solutions that don't compromise on security performance or user experience for larger mid market clients. Mac is based in Glenolden, Pennsylvania, which just happens to be a suburb of Philadelphia. Mac, welcome to the show. Steve "Mac" McKeon 1:19 Thank you, Jay. It's a pleasure to be here. I really appreciate you taking the time here to chat. And, you know, it's really exciting. Thank you. Jay Kingley 1:27 Alright, it's my pleasure. Now, Mac, one of the things every time you look at the news, you're seeing one or more articles on cybersecurity, you're seeing companies of all sizes get hit, you're seeing governments get hit. It is like the technical pandemic of our day. So there's so much ink that is spent on this, and it comes up in lots of conversations that I have with business owners, and let me tell you, typically, for the ones that seem to be pretty dialed in, and savvy what they're telling me, which is they are organizing project teams, they're pulling together people to do a top to bottom scrub of their security and their systems. It's a big effort, they get through it. And then I get this ticked that box, everybody go back to your day jobs, we are good. Maybe we'll take a look at this again, in a year or two down the road. So Mac, as someone who's got a lot of expertise and experience in this area, what I want to understand is, what's wrong with that picture? Steve "Mac" McKeon 2:46 Well, that's a good approach to start with. But be honest, to be really effective in this fast changing world that we live in now is you got to do this on a regular basis, having at one time is good to check that box once, that's where you should start. But honestly, at least every quarter, even less than that will be better, the more frequent, the better, just because of the urgency of how things have changed, I'm sure like have you mentioned there, the news is going I mean, there's so many companies every single day, I was it seems like there hasn't been a day gone by, I haven't seen the flash across the news pages, or social media talking about this has been hacked or something happened. And a lot of times they happen because like what you said there, they went and checked that box that one time said, You know what, we're good to go. And then things change. These hackers are very sophisticated, they're not just doing a one-time using a tool and hitting scanning. They're changing your tactics constantly. They're also integrating things like artificial intelligence to constantly tweak things and find vulnerabilities in systems that maybe weren't when you first did that scan them a while ago, but the software is all ever-changing system. You know, your web pages change all the time your browsers change, you know, your operating system like Microsoft Office and, and Windows, they're always changing. And sometimes what was working before they made a mistake, you're only humans. And next thing, you know, your company's compromised. So that's a very common kind of thing that's a misconception about having just a one-time check that box off and think we're good. It's actually all going persistence. Right? And you have to handle it in that manner. Jay Kingley 4:32 You know, Mac, I think it's also worth appreciating that there are hacker schools out there. There are places on the dark web, where you have organizations, by the way, many of them are state sponsored by enemies of capitalism, enemies of the United States, and other developed countries that are actively seeking to undermine the integrity of our infrastructure. There are enormous sums of money that are being invested in continuously figuring out how to probe and disrupt the defenses that companies have around the security of their system. So this is not something that evolves at a leisurely plate pace. That's something you would agree with. Steve "Mac" McKeon 5:25 Absolutely. And on top of that, most of these hackers that are sophisticated state sponsors are not just looking to come in and hack you. Most of the sophisticated hackers hack your system six months prior to knowing because what they do is they hack, they lay low, they gather information, and they find the best, biggest impact to hit. And it's usually when you hear these big hacks they happen over the holiday weekend, they happen on big days, that are probably the worst timing possible for the company that gets hit. Jay Kingley 5:57 Mac, certainly, this is an issue that only the large multinationals, you know, the Amazons, the Microsoft's, the Facebook's at all General Motors has to worry about. If you're sitting here, you know, running your own business, you're small, mid-market type company privately held, I mean, why would they come after you when they got these big boys? Steve "Mac" McKeon 6:20 Well, that is a little bit of a misconception. The reason being is the hackers know that they don't have the funds or the infrastructure, the properly to defend them, where they had these huge sophisticated at times, teams are legions of 1000 or so in the room going after one target. And they're looking for easy targets. And they're looking for targets to like you said, disrupt business and visual capitalism, not just to kind of, you know, steal some money. You know, the misconception is, you know, the hacker what everybody sees on TV. And what you kind of think of is some kid in the basement, we're in a hoodie, a little bit of an outcast. But in reality, these are military, well-trained, really sophisticated teams and units working together in tandem with the takedown targets and unison. And it's almost impossible to defend against them if you don't have the proper defenses up because the normal anti-virus and the stuff that you might think is a good defense is not good enough. These days. These guys are very sophisticated, they have great tactics. Jay Kingley 7:22 And it sounds like what you're saying this is actually a good segueway for me, is that a variation of that old story where you know, you and I are walking through the woods, and a big black, black very hungry bear spots us and starts coming after us. And you know, that old joke is, I don't need to run faster than the bear. I just need to run faster than you. Yeah, so I guess my, my next question to you is, so given that this one time, let's tick the box, and then we don't have to worry it approach is not the way you want to do it. How should companies of all sizes, be looking at this area of cybersecurity? Steve "Mac" McKeon 8:09 Well, first of all, I mean, starting off with that initial scan, and this getting a baseline is essential, because without that you won't even know what you're dealing with here. And once you have that baseline, you start kind of doing it and much higher frequencies. Because on average, I mean, give you an example, some of the network's idea with every single day, I'm getting anywhere from five to 600 Hack attempts every single day. So you can imagine they're doing on that type of frequency. And you only go and do this, maybe even once a year, you're really in a way behind the eight ball, they have 1000s of times more times they looked at you than you looked at that, or could just try to put up a defense and the traditional stuff is not going to cut it there. So you have to be very proactive. And think about honestly as oniong and have multiple layers of security, not just like a firewall and this and that and say, hey, you know what, I got my firewall, I got it guy washing it. But honestly, it is starting to get stretched because it's not really an IT job. This is more of a cybersecurity job. And it's a completely different competency. We are at cyberwar. And we're dealing with state sponsored attacks that are doing everything they can to cripple us. So you have to think about it from that side. And at the simple IT person or staff is not really equipped and understanding the tools and sophistication of some of these things. Jay Kingley 9:31 So what I'm hearing you tell us is not only is maintaining your cybersecurity, an ongoing, rather than episodic activity, that you need to have, obviously, the right skills, but it's also this layered approach. It's not just one thing. It's not the old antivirus software that it used to be 20-25 years ago, you'd add that on you say I'm good, I am protected, that it's really a multi-facet approach, which I assume is partly systems, but also partly human and talk for a moment, some of the things on the human side that companies need to better train their employees about. Steve "Mac" McKeon 10:14 That is a great point because honestly, I think this is the biggest overlooked area. And you know what a tactic of the hackers use now, as they find out that the security might be really good, and they might have great firewalls and all this and that, but what they're doing is social engineering. So they're using social media and other online services to build profiles on people and their targets. And what they do is they'll impersonate you, or they're trying to basically get you to be friends. Honestly, their goal is they click on some link that you get an email or a web page, that they can compromise your system. As soon as you click that link, the game is over, they get in and they bypass all that sophisticated security you might have already, and now they're behind basically enemy lines. And once they get in within milliseconds, they're installing many other things to prevent you from removing them and trying to jump to many other systems instantly, and you have no idea that even happened until months later when they kind of strategically plan out the attack to take down the company financially or by the information data, any other means. But honestly, I believe the biggest thing you can do as a company, is training your staff and have them educated on what these things are, at least at the simplest level of if you see like a weird looking email from LinkedIn, but maybe the logos off a little bit, bring it up to somebody to have them take a second peek. Because if you don't do that, and you just as quick, I got a friend request that could be detrimental and cost millions of dollars, if not close the company, because of a simple click and more that could have been simply avoided by somebody just kind of talking to even your coworker, they hey, does this look right to you? Or bring it up to your IT Departments. Hey, please, that's all that's come in? Something doesn't seem right, could you just take a look at it. And that would save a lot of money and costs for a company or individual because of yeah, they're getting more sophisticated, they're doing everything they can to get in. And that's what their main objective is. Jay Kingley 12:12 And I think another thing that I have run into is, if you get a request from someone within your company, typically to senior level, to send them some emergency funds, wire them some money in its not typically part of your standard operating procedure, for gosh sakes, check with that individual, don't do it by replying to the email request. But get on text, call them on the phone, walk into their office and verify that in fact, this is an authorized instruction, because that is another one of these scams where they're impersonating people in your organization to get you to do things, whether it's money, or passwords or access that you shouldn't do. Steve "Mac" McKeon 12:59 Absolutely. And another thing that's even happened, I've experienced in my own company of hiring new staff, they take advantage of that, because most people's like, hey, we have this new employee, they advertise it on LinkedIn. Next thing, you know, I have people impersonating me saying, hey, please change this accounting number, please do this. And it's not me. And I've seen that happen to my own self and others. And that, as I said, the sophistication and velocity of the sophistication are really increasing at an exponential rate. So you really have to be vigilant to be protected. And it's kind of scary in some senses. Jay Kingley 13:35 I get it. Now, that brings me I think to the next question that I've got for you, which is, you know, you've laid out what the problem is, you've laid out how you got to change your thinking in your approach. But in any serious business, you are weighing the benefits against the cost. And when you look at the types of things we've been talking about its effort, its effort in terms of hours, its effort in terms of probably needing to spend some money. So let's talk about the benefits side. So can you give us any indication, Mac what you see as the benefit to a business that takes proper care of their cybersecurity? Steve "Mac" McKeon 14:18 Well, I mean, I could speak you know, from some experiences here. And you know, basically, what I've learned, I've been on the frontlines of ransomware attacks. And I've seen how crippling that can be not just from the financial side, you know, give an example about six months ago, a buddy of mine business and I was helping him out. He got hit with ransomware immediately that ransomware they lock all the files in a company made the company inoperable for eight days and one of $100,000 and said, pay me off. So that's one financial thing there. On top of that the eight days not having email and being able to operate a company. You can understand how devastating that could be for a company like ours. They're on sight, hearing all the phone calls come in of the customer saying, Are you still in business? I can't get ahold of anybody what's going on? And you have analyst calls nonstop that that's devastating for business. And then once you tell them what happens, there's like, where's my data stolen? Did anything I have viewers get following. So it creates this huge reputation loss, huge financial loss, and also inoperability for a period of time. So the best way to think about it is, there are some scary statistics online. You know, this recently has read an article saying 60% of midsize businesses that could have been out of business in six months. So if not, right when that happens, and the scary part is a lot of people think they might be protected by like, cyber insurance is a really big thing right now. And I was all you know, I checked that off on cyber insurance. But here's the flip side of that. Every single one of these cyber companies is overwhelmed. And they're doing everything they can not pay a claim, including the one that was dealing with here. So imagine being the business owner, now you have to pay $100,000, you bring it up the insurance company, and there's like, No, we're not paying, you didn't do proper security, protect yourself, Why am I gonna pay you, on top of that they're overwhelmed with these claims. It's, it's actually worse than the pandemic, it's literally like you said, the pandemic of businesses. It's this all online. And it's kind of most people don't think it's a big deal cannot see it. But it's really kind of a scary economic situation. I have never seen anything like this in the last, you know, I've been in this for 25 years. And, you know, this is a really odd time. Jay Kingley 16:40 Now, just to clarify for our audience, your friend, they got the ransomware attack $100,000, the eight days of downtime, but we talked them fortune 500 company? Steve "Mac" McKeon 16:49 No, this is a small mid level company been in business for 30 years, never had any issues has a great reputation. I'd say maybe they have about 20 people on staff, small, small company, honestly. But those people had their lives and its company people been there 10-15 years. Next thing, you know, they're their livelihoods on the line Jay Kingley 17:10 You know, financially devastating, also emotionally devastating. I've got to imagine Steve "Mac" McKeon 17:15 Oh, I mean, as I said, this was one of my friends too. And, you know, I had to coach him through a lot of it, he was depressed, he thought he might lose his business. Very his whole entire livelihood is on the wane of the insurance company paying the $100,000 Thank God, I was able to kind of coach him through help him as much as I could as a friend and say, Listen, you know, these are tough things here. We just got to stand our ground, prove this, this, this, and this, and, you know, do everything I can to support him emotionally because he was a train wreck. Honestly, if I was in his position, I think he took it better than I would honestly, he took it really in a way that, you know, he was depressed and upset, but he kind of held us cool, which I got to give him a lot of credit. I don't think I would have been able to do that. Jay Kingley 18:02 I mean, do you see your life's work, go up in flames to see your legacy, your financial future, but also, this, and you talked about it, this reputational trust issue. A lot of times when we're running a company, we have real relationships with our clients. And this type of thing happens, there's a sense from your clients, that they've been violated, and that you're responsible for making it happen. It's truly catastrophic. So, Mac, it brings up the, I think, the obvious next question, you know, it's such a strong and compelling case. So if you're a business owner, and you're listening to this, what are the three, four, or five things that a business owner really needs to do to give them the protection they need to prevent or certain how many to never prevent anything but to dramatically reduce the risk of getting attacked? Steve "Mac" McKeon 18:59 I think the number one honestly is not even really the technology is your staff, get them up to speed, get them some basic cyber training, get them to basically point out things that they think aren't right? And really be proactive about this and not just kind of like, you know, hey, you know, we trained everybody a year ago, everybody's good, but we have three new people and I expect other staff to let them know but that's not really good enough you have to have everybody get together as a group, share their stories and experiences and also show some good examples of what this could be. Another tactic is also to do some phishing exercises like actually stress test your staff and see who's the person who will click on those things. That's another tactic. And then on top of that, the security side and IT side. If you haven't had a good vulnerability, assessment, scan or anything like that, get one done immediately and then be more visual on top of that and have an independent third party, audit your IT We need to make sure that they're actually doing what they say they're doing. Because a lot of IT companies say they can do cyber, but they're not always as proficient at that, because it's such a different skill set. And this, because it's technical, doesn't mean they can do these other things that are not just technical, but also social engineering. Jay Kingley 20:18 And I would think, given you, you mentioned insurance, if you aren't taking out a cybersecurity insurance policy, you better read the fine print, and make sure every i is dotted, every T is crossed, or you're going to find that you don't have an insurance policy. Steve "Mac" McKeon 20:36 Yeah, you're just paying money in case something happens, and they won't help you. And really what's common, I'm seeing, there are only a few of the larger companies that really know what they're doing. They're paying out claims, some of the smaller insurance brokers, especially, you know, what's very common thinking to myself is, you know, I've bundled my packages and my insurances with, you know, like, the one vendor because it gives you a better deal. But for me, I used to do that. But now I have is completely separate cyber policy, completely separate from all my other workman's comp, general business insurance, because those types of companies that try to bundle or generalist and not understand what this is going to be, and they're going to be the first companies to deny your claim. Because it's not they're not You're not doing a business and making money, not in the business of paying out. And the problem is, there's, it's such an upside down world and that now they're paying out millions of dollars every single day. So they're trying to do everything to stay afloat, because if they keep paying all then they will be out of business. Jay Kingley 21:39 Well, Mac I guess, on one hand, it's a very sobering story that you are sharing with us. But on the other hand, I think you have pointed the way forward in a very constructive way, how we deal with this. So we are going to take a short break, we will be right back. To learn a bit more about Centricity Introduction 22:02 Wondering how much longer you have to grind and chase after every lead conversation and client. Would you like clients to knock on your door so you no longer have to pitch follow-up and spam decision makers? Well Centricity is The Tipping Point program uses a proven five step process that will help you get in front of the decision makers you need by spending less time on doing all of the things you hate. It's not cold, calling cold email, cold outreach on LinkedIn, or any other social media platform, or spending money on ads. But it has a 35 times higher ROI than any of those things, leveraging your expertise and insights that your prospects and network value. The best part even though you'll see results in 90 days, you get to work with the Centricity team for an entire year to make sure you have all the pieces in place and working. So you can start having freedom of time and a life outside of your business. So email time@Centricityb2b.com to schedule an 18 minute call to learn more. Jay Kingley 23:00 Welcome back. Let's find out a bit more about Mac. Mac. Let me start by asking you about MacGyver tech. What are the pain points that you typically address for your clients? And why is it that they need you to get rid of that pain? Unknown Speaker 23:19 Great question, Jay. Honestly, I love solving problems. I love doing the hard things other companies may shy away from. And we just like to make sure that you have a lot of connectivity between your applications and datasets, where a lot of times, you know, software is siloed. Between these different things. We'd like to roll them up and give you the big picture one, you can see KPIs and analytics and also get the big picture. I think as a business owner, you want to see the big picture. Because if you can't, how can properly make good decisions? So that's something I always kind of just really kind of gravitate towards. We like to do the things that others may shy away from or are unsuccessful, and we've been pretty successful. I would love it. Jay Kingley 23:59 My next question, which is, I think sort of the follow-on question. And one of the things that I tell everybody is a truism in the world of business, which is we don't work with other companies because of what they do. We work with them because they are great at what they do. So Mac, when you look at your team, if Macguyver tech, what are the things that you think that you and the team are particularly great at doing? Steve "Mac" McKeon 24:26 Great question here too, as well. I guess one of the bigger things is we like to bring data to life. You know, they that, you know, an Excel spreadsheet doesn't tell a story. But what we like to do is build really fantastic KPI dashboards that bring that data to life and tell the story in real time of any metric or thing that is important to that business. And I think that's an important piece of things. Also tying things together. We're really great at that. And also what makes us a little different in the software world is we really care about security and user experience. And I think those three things along with the end things with the engineering complementing each other, you want to have an ultra secure system, you want it really easy to use, and you want it to be nice looking. When you have those types of things in a system. I think people gravitate towards those. I like to deliver excellence. And I think when you deliver excellence, people really appreciate that. I'm in it for the long game, we don't have much transactional business. And I would say that 98% of my business comes from referrals. Jay Kingley 25:30 Now, Mac, I've had the pleasure of not only talking with you, but checking you out on LinkedIn, you have a very impressive resume that I encourage everybody, go to LinkedIn, see all the things that Mac has achieved and accomplished. But I'm interested in something else, I want to understand why you've gone down the path that you have in running the company that you are so Mac, what has happened, you know, in your personal life in your professional life, that you could point to as the real underlying reasons why you do what you do at MacGyver tech? Steve "Mac" McKeon 26:10 Great question. Well, I guess it's a little bit of personal level, I come from nothing, I'd come through very, very hard things that most people would never make it through. Little History of me, my father committed suicide, I have seen much of the worst sides of human beings, my myself had about four times of almost not being here. And honestly, I'm just happy to be here. So I'm trying to be the best human being I can. Not only am I driven by trying to make great products and deliver excellence, I'm also a philanthropist I give back to people all over the world, I use social media to do that. And I've gotten into 180 countries where I'm just helping people that don't have what I have, I just find that that's very fulfilling to me. And that's part of my mission here on this earth is to try and help others help us grow, and just do the best I can as a human being. And maybe one day when I'm not here, people will say good things about me. Jay Kingley 27:04 You know, back, I'm one of those people that when I get an email from someone, I look at the signature. And I like to see what people put in their email signature, and I was struck by what you put in yours. And I wonder if you can share Steve "Mac" McKeon 27:24 Thank you for picking that I sometimes forget, I put that there. And it really resonates with what I just said. So this the say what my quote is, you know, kind of humbled to say this is my life goal is to have a big funeral. Please be kind to each other. And that's it. It's like, you know, my goal, you know, it's really simple. So if I have a large funeral, and I think about what is it going to take me to have a large funeral. That means I have to impact a lot of people in a very positive way, I've got to maybe change the world for the better do something for people that is, you know, really struck them in their very emotional or great way. It's not about how much money I make the money is a tool to allow me to do these good things. And that's kind of something that really resonates with me, I want to be somebody that's here to help. And I like I said, I feel like I'm on board, I'm honored to be in the seat, I would never thought I would be in the seat in my past going through some of my challenges. But I'm here now and I'm going to maximize my impact. And hopefully, I'll be successful in meeting what I'm trying to accomplish on the footer of my email. Jay Kingley 28:33 There's nothing that I find more meaningful in what I do, than talking to people who are truly experts in the professional domain that they play in, but with that are just terrific, wonderful human beings. And I know that I am not the only one listening in that will share that point of view Mac on you. So let me ask the question. I know there's a lot of people who are going to want to reach out to you to learn more about cybersecurity. Learn more about what you do in the tech world and frankly, learn more about you as a human being what is the best way for people to get in touch? Steve "Mac" McKeon 29:19 Well, I provide a few options one is my email which is Mac@Macguyvertech, as if you want to kind of directly communicate with me and others if you want to see what I do professionally check out LinkedIn my handle Stephen P. McKeon. You can check me out there and see who I'm you know, doing business with and networking with, but also on the personal side to bring that up, as you know, my Twitter handle, I have two of them actually. And I use both of them to reach out and pay people and help them with food or money, whatever it is all throughout the world. I believe I'm in 180 countries and I can't even believe that. But my handle there are both Macguyvermedia, which is my formal name of the company. And the other one is MacGuyvertech01 either one of them. You can check me out on there. They're both related to what I do. And you know, get to see a little bit of my philanthropy side. Jay Kingley 30:10 I encourage everybody to reach out to Mac, learn more about them understand what he can do for you. So Mac, I want to thank you so much for being a guest on The Best Kept Secret show and to our listeners. Let's keep crushing it out there. Until next time.