Bar Talk with Jeff Sanford from Juris Fabrilis
Brad Parker: Well this Brad Parker, I’m here today with Jeff Sanford who is the owner of Juris Fabrilis. Did I say that right?
Jeff Sanford: You did. Yes.
BP: Very good. It took me. I took me a time or two. Jeff is owner of the company who is doing our IT. In fact, and we wanted to get on today a little bit talk about the IT industry and what his business does. But more importantly we’re all hearing about security issues and Malware. All the different things that can happen to your system that you can be held for ransom, many things that I don’t know a thing about and have to trust and rely on somebody and Jeff does an excellent job at it. I wanted to visit with him a little bit. But first Jeff, why don’t you introduce yourself?
JS: Hi there. My name is Jeff Sanford. I am the owner of a little small. IT company in Tarrant County called Juris Fabrilis and our whole goal in life is to provide IT support for law firms, attorneys, and folks in the legal services industry. We’ve been around for about 15 years and we try to help our customers, grow with the trends that they need to grow with and to stay on the front edge of Technology as opposed to kind of holding them back into the Stone Age.
BP: Well y-you know that’s a pretty small select Niche. What made you decide on law firms? The legal industry.
JS: So two things. First one was it’s an interesting industry because they’re lawyers. I think are normally about four or five years behind Technologies just in general terms, but probably the most important reason why is because my wife’s a lawyer and I was watching her go through some growing pains when she first started out where she was doing these letters, these letters of representations what they’re called and she was going through and type in these things basically by hand and I’m like, is that the same letter every time? And she’s like, yeah, just the names change. And I’m like, have you ever heard of a mail merge, and she’s like, no and I’m like aha opportunity.
So I taught her how to do that. We built a piece of software which is kind of how we ended up naming the company. What we did Juris Fabrilis is roughly translated into fabricating law tools. And so we were making little custom software pieces for different firms around the area. But anyway, the mail merge peace happened with her and we saw like instant output time decreases, and her production went up a lot and she was able to get way more stuff out way faster and with a lot more accuracy and we thought, you know what, the there’s probably something to this.
My normal background is in systems Administration. I’ve been in it almost 30 years. So taking a little bit of the software, a lot of our old sysadmin background and our new found love for attorneys.
BP: Joking right!
JS: that’s right. We in threw everything in the bucket and stirred it up. And here’s where we sit today.
BP: Well, but developing the software and mail merge. I mean, that sounds so ancient, you know, everybody’s got that now, but how did you progress to where your business is now?
JS: So it’s funny. I think, with any business you have to learn how to Pivot and you have to recognize when things aren’t going your way right away. And so what happened with us is we started with doing the small tools and we weren’t really making enough revenue to stay competitive or alive. So, the second thing that we came up with was a piece of software that was kind of a practice management application for small farms. I mean, it’s like, you got five or five or six people, and you just need people using common information to stay connected on that level. Then this was a piece of software that was for them. What we found out really, really early on was that no law firm works the same as the other one and to try to cram them into a small box like That was really, really impossible. Also at the same time. There’s this company in Canada that was coming online called Clio. They have like, government money. So it was like, all right, we’re going to have to shift gears. I mean, there is no way we can compete with that even though our product was kind of similar. You just can’t compete with money if you don’t have any. So we did a little bit of a pivot went back to systems Administration, which is kind of a core competency for us. And, you know, we’ve been we’ve been rolling ever since so system administration.
BP: I mean, what does that mean, Systems Administration?
JS: So basically what systems Administration is is it is the management of data resources, computers servers printers, anything that’s in that it kind of ecosystem. Our job is really, to manage that thing for our customers. So if someone comes up to us and says, hey, you know, we want to hire you guys to help us with Office 365 migration project. Or hey, we don’t have An IT guy, can you help us or hey, we need to order, you know, 50 PCS from Dell and we need a better price than if we can get for retail. All of those things kind of fall into that scope for us. And that’s kind of the services that we provide for our customers.
BP: Well, I know that we’ve been using your services for gosh, number of your stuff, probably close to ten years, seven years and I have seen it grow just from originally getting some computers. All connected up so they can all talk to each other, to server issues, iCloud issues, moving our email to a different kind of platform. Can you tell us a little bit about how that works? I mean, when you come in you’re doing more than just buying computers and setting people up, right? Go into depth, little bit more about that.
JS: I think for us what we really try to look at is like long-term relationships with our customers. I mean, yes, we can certainly come in and do one off. We can certainly sell you a bunch of computers, but for us it’s all about the long game. We’re going to have a much better in a much more successful business. I think if we’re really connected with our customers and we’re really looking out for their best interest and we’re really making sure that they’re staying where they need to stay to stay productive. I think with most of the production part of it nobody can make any money if their systems aren’t working. So, yeah, for us, we want to make sure they’ve got fast computers. Want to make sure that the software works, configurations are right- there’s nothing like impeding the attorneys or their staffers from actually completing their work. And since we work specifically, with that group, it’s easy for us to be pretty aware of tools that are out there that are specialized or specific for law firms and how they manage documentation, how they deal with email, how they share their calendar information. There’s all sorts of different things out there. Plus, we have to stay, you know, kind of current with the offerings, coming from the OEMs like Microsoft or HP, or whoever. So as they’re bringing out new stuff to market, we have to kind of be able to take that new stuff and figure out how to apply it for the law firms, so they can take better advantage of it faster and less with less money.
BP: Makes sense. Give us an idea of the types of firms that you work with. Are they all one Niche or they different? Are there sizes you try to concentrate on specific type of size of firm or what are you trying to do?
JS: I think for us what we really there’s there’s a niche spot for us and it’s basically from 0 to 100 and I think what happens is that if a law firm has 100 users, they probably have their own guy. They probably have an in-house guy, that’s qualified to do, whatever it is. They’ve got to do when you get into the 70 range. They probably have an in-house guy, but he may be more like a desktop support guy. And they may have server requirements and Network application requirements that are, you know, beyond the scope of what this guy can do. And so we can kind of come in and run the top end of that. So really anything from a solo that you know, just needs to call us periodically to figure out why they can’t print, all the way up to firms of 50, 60. 70 people that have 20, 30 lawyers and a bunch of staffers that need, some like serious IT support. And as a managed service provider, that’s the kind of thing that we try to provide to them. But yeah, it’s 0 to 100 8.
BP: Are you, regionally or do you go outside the DFW metroplex area?
JS: You know, not really. That’s another place where we pivoted back a long time ago. When we first started up, we thought you know what, we can probably be a Statewide organization and then we learned really, really quickly. That Texas is not Rhode Island.
BP: No, it’s not,
JS: It’s really hard to travel around and we picked up some work in Waco, San Antonio and in a couple other places like Wichita Falls, so, we were kind of up and down the 35 and 287, but the problem was is that we didn’t have enough staff to really make the travel and we really didn’t have enough Revenue to support having people in these other locations because we just haven’t been around long enough. And so we just we kind of turned back to and looked in the mirror and say you know, what? We are a Tarrant County IT company that serves law firms, you know, we have a few Dallas County that we work with maybe a handful and we have a couple of customers out work outside of the scope of legal, but 95% of, who we work with is in Tarrant County.
BP: So if somebody’s looking to need, or they need an IT group, that provide the services that you provide, why your company?
JS: I think that our competitive Advantage, more than anything else, is that we work with firms, we know the lingo, we know the rules when someone has to have something filed by a certain time, we understand that. That is the deadline. It has to be done. And there’s no, you know, I’ll do it tomorrow. We’re we’re kind of ingrained in the community now since we’ve been around so long. The Tarrant County Bar Association, and the Foundation, is one of our customers we’ve had for forever. And that was one of the places where we felt it was really important to be able to get in, show what we can do, offer a lot of classes on how to, you know, be a better computer user. How to make a pricing calculator, how to manage your email, all of these different things. We started way back early on working with groups like that to try to, you know, get the word out about. Hey, if you’re a lawyer and you have an IT problem, these are the guys, you need to call their good to go.
BP: Well, in fact, I think that’s how you and I originally met was through the Tarrant County Bar Association.
JS: Yeah, it was.
BP: You mentioned that you’ve been in this business for 30 years. I don’t want to go into detail, but tell everybody a little bit about your background.
JS: Okay. So my IT background started when I was in the Marine Corps.
BP: Thanks for your service.
JS: This is true. So this was probably- I went in in 1993. So probably about 1994 was when I got my first introduction into what you could do with the computer and and really kind of take advantage of multiple uses of the same data to kind of like make everything go faster, using a database and I turned a 40-hour workweek into a two hour project, just by one little piece of dopey software that I wrote a long time ago. And I thought, okay, there’s definitely something to this. So when I got out, I went to work for a company based in Chicago, worked for them for a bunch of years. And then after that project rolled out, I ended up going to work for Hewlett Packard when I left there, I was actually like a customer engineer level 5 my work that the data center up there at Centerport. You know, they’re my there was six of us on the team were responsible for like fifteen hundred servers. You have to have this fixed by and three hours or less. We have like 2 million in Parts on site. I mean, it was really upper level IT.
I think going back to the competitive Advantage question earlier too, we take that same kind of like, really high, upper level Enterprise approach and try to bring it down to the to the smalls. I think that they appreciate that so that’s kind of it in a nutshell. You know, from an IT perspective.
BP: Yeah. I am a member of EO and go to some of these learning events and stuff and it seems like inevitably every other one seems to be about cybersecurity, or ransomware, or something like that, way above my pay grade, but Got my attention because I know my computer broke down just the other day. And of course, the supply chain had the park coming in, rather slow, but I had to go a couple of days without a computer while. You guys were busy, getting me up until the part come in on another spare computer, but I went crazy. I mean, you know, 12 hours or two business days, think it was without a computer or limping with a Sort of computer system. It drove me crazy. And I found myself totally paralyzed almost and not knowing what to do. And I started thinking, you know, if this security issue, this wasn’t a security issue. But if I had a security issue, it would be devastating. If not because of Any economic impact on the community, but because the economic capacity impact on my business and my productivity or my staff’s and so, you know, obviously I’ve been with you. For seven years, nothing like that has ever happened. But what are some of the things that as a small business or even a larger business? I mean, 100 people is not a small business that are out there that could could affect an impact and how do you protect?
JS: That’s a big question. So maybe we just need to walk through it one at a time. I think the first part of it is everyone needs to understand that the threats are real. You know it you hear about ransomware on TV, you know may read about it in the the news if you’re watching anything about the local situations going on in Europe right now, you know, cyber warfare is as just as important as bullets flying for a lot of those folks over there. So you kind of have to understand, I think, right out of the gate that it is a thing and the fact that you’re in a business or, you know, whether you’re working in one or or you own one or whatever. The case is, you’ve got a responsibility to make sure that you can do your job. Your people can do their job or you can provide the services to customers that they’re paying for it. And when your systems are all locked up, it’s a lot more difficult to do that. So I think that’s, that’s probably the first thing is just being aware.
The second is, you know, don’t let yourself be the low-hanging fruit. Yeah, if you make it really, really easy, then it’s easy. So, if you put, you know, you can put maybe two or three things in place, just extra layers to keep yourself from getting torched. One of the things that we are working on really hard right now is is dealing with email. There’s so much email that comes and goes every single day. And every single domain that there is and you know, a lot of it is fish, a lot of it’s spam. A lot of it is got viruses in it or malware or whatever. And some of it may just have a link to a cat video that some lady clicks on. And all of a sudden she’s locked up for six months. So there’s a lot of that kind of stuff going on through email as a kind of a conduit to bring the stuff into your network. So we’ve been working really hard on helping people identify stuff that’s coming from outside of their networks, put in spam filters in doing you know, Geo blocking, and making sure that they can’t get email from places they don’t need to do business in or whatever. A lot of it is people don’t really even realize that those things are there. So for us, it’s one of those opportunities to come in and say, you know, here’s our quarterly review. These are the things we think you ought to do, you know, right? Because a lot of times folks if they’re so really kind of dialed in on their own vertical, they don’t even know that this stuff is happening or that it’s even available. So for us, we hate, you can do this. This will probably decrease this by this much, you know, you don’t, you can look here and there and everywhere. And, and, you know, try to find the little nuggets of information that’ll keep folks from torching themselves.
BP: Well, I’m backed up, you back us up religiously through the iCloud, I guess. So that the stuffs out there. We don’t have to worry about the server, going down at the server goes down. We can bring it back from the iCloud, correct?
JS: Well, we’re not actually using iCloud. So that’s an Apple product. We’re actually using something for you called a DRaaS system. And what DRaaS is, is disaster recovery as a service. So what we actually have is a separate appliance. It’s kind of like its own server. That sits in the computer room with your other gear and that thing is the local backup for what’s going on in the server. And then when it’s done with its locals, it takes that same information and then pipes it out to the cloud. So we have a good backup in the cloud and we have a good backup locally. What our goal with this kind of solution is is to not really worry about back up so much. But how fast can we recover? I think that’s been kind of, you know, our stance. If you do get locked up, how much time is it going to take me to recover. The cool thing is with this particular system that we have in place is that we can rebuild your server on the backup. Appliance or if something happens to the building, we can actually rebuild your server in the cloud so we can give you a VPN connection to get right back to work.
BP: And they brought up a great point because it’s not necessarily just cyber warfare or Cyber attack that might put us out of business, or close us down. It’s a fire. It’s a flood. It’s a tornado.
JS: Hardware failure
BP: Hardware failure, any number of those things. So you strive to protect us from that kind of deal. But if it is a Cyber attack, you know, my thought has always been well, so what it, who cares? We’ve got the backup, we can immediately do in my fooling myself. I think that you’ll, even as fast as you can, restore a server.
JS: I think, at the end of that, you have to go back through and do like, remediation work. You got to find out where the gaps are and then you got to constantly work to fill the gaps. And so if you end up with a situation where you have, like one computer that may have ransomware or some other kind of, you know, cyber attack on it or whatever. That’s one thing, if it gets in, where it’s kind of infiltrated the entire network, that’s something completely different, you know, if something happened to the server, you know, it’s not just you know, I can’t send my email. It’s like Our archive files and folders are locked up. We can’t print we can’t log in that thing controls. You know how traffic goes in and out of the network. So, you know our phones don’t work. I mean it Dominoes start stacking up really really quickly. And so then you have to really have a plan in place of hey if this happens, what are we going to do? How are we going to do it in to make sure that that plan is in place? And with a lot of the Cyber insurance policy requirements that are out. Now having a Recovery plan and having a business continuity, plan are two of the things that most folks will never get to because they just don’t prioritize it and they don’t think that it’s super important. But if they do and they have the plan in place and they already have, like, all those dominoes set up so to speak, it makes it a lot easier to knock them over in the right order when you have to do a recovery understood,
BP: let me give you an example of something I heard. That obviously these guys are very sophisticated and if they do attack you it’s probably not attack you and you feel the effect. It is they’ve attacked a g attacked you and it may be going on for weeks or months or because they want to infiltrate your backup system. Right? So that you when you go to try to back up its not there. Well, it’s locked out as well. How do you get around that?
JS: I think the best way to do that is again, you have to kind of think like you have to kind of think like the criminal and you have to have a plan. So If we know that that’s a threat, then for us, part of our quarterly review, on our accounts, especially ones that are in the DRaaS systems, are to actually like kill files out, and then go restore and make sure that that whole function continues to work. We also the group that we partnered with to actually complete the cloud side of that they can they can do their, their recovery options testing almost at will. So if we say, Hey, you know, we just want to throw this out there. Hey, we need to be able to spin this thing up. You know, what kind of condition is it? In the? We can get an answer on that really, really quickly. I think for most of us. It really just comes down to, you know, how much is enough? How much is too much because you can, you know, spend a ton of money on this stuff and never really need it as a business guy. You’re looking at it like well, I want to make sure that you know, I’m covered but I don’t want to go to the Poorhouse because I’m spending all my money on IT services. You know, there’s there’s a little bit of a balance in there somewhere where you know, at some point you probably going to get past that point of no return or you know, where you’re over the hump that you don’t want to be over. But at the same time you definitely want to make sure that you’ve at least got your planning done. And that you put, you know, a handful of steps in place to be able to, you know, maintain your business in the instance that you’ve gotten some kind of attack like that.
BP: Now, you say planning for you, talk about, About me planning or you’re planning?
JS: I think it’s a really a combination of both. So while we are very familiar with your it business, we’re not really as familiar with your day-to-day operational stuff. So how you go about doing marketing or how you go about generating revenue or how you pay your bills or whatever. I mean, a lot of that stuff, we don’t we’re not really kind of like privy to. So it’s important for us to sit down with our customers and say, okay, this is what we would do. The IT side of things for a disaster plan, you know what, what tenants inside of your business are the most critical, you know, is it your Billing System? It’s like, well, we’ve outsourced that, you know, it’s in another location. Okay. Well, at least we know that we’re not having to find that out on the way, you know, if there’s a practice management system or critical files or you know, the Crown Jewel documentation for the company. We would just want to know, you know, where it is, how it is. So we can plan to recover. Or as it’s critical, the number goes higher. Does that make sense?
BP: Yeah. Yeah, it does. How I mean, is that does that take a lot of time?
JS: Not really. I think most of it really kind of comes down to just a couple of conversations.
BP: Really, I mean, have you had those conversations with us?
JS: I’ve had them with Angela.
BP: Good. That’s the one to have them with for sure. Not me.
JS: I think what happens is over time is a lot of folks kind of build their own file structures and they put files all over the place. And it’s kind of hard to figure out where all this stuff is, especially if you’re doing it under the gun. So while we’ll have those same conversations about business continuity and disaster planning will also have them about, you know, follow retention, you know, a lot of this stuff where it’s tough just gets laid around and it’s just piling up everywhere. It’s like what’s important? What’s not? It’s harder to find it. It’s not organized and we see that a lot. You know when we’re either going in after another vendor and cleaning it up or if we’re helping somebody start out right away. It’s like you really have to think about how you want the structure to work. Because if we have to recover it, the cleaner it is. And the more sense it makes, the faster the recovery is going to go. So a good systematic filesystem sub-directory directory and just knowing good business practices are all right. Just clean IT. I mean, you know, if you have if you have user folders In some directory somewhere there where everybody can like store their stuff on the network or whatever. That’s a critical piece of information because everybody’s stuff is in there. So we would need to know. Number one. It’s backed up. It’s being tested, the recovery test are working. Everything is good to go. But if someone had gone out and created their own folder in another location, we didn’t know. And it wasn’t part of the backup routine. Then what do you do? It’s like, oh that just happened to be our QuickBooks.
BP: After you jump off the bridge. That’s right guys.
JS: Well, okay. So that’s that part of it.
BP: But the other thing you mentioned was multi-factor authentication. What does that mean?
JS: Okay, the definition that I’ve been able to kind of like either find or come up with on this is that multi-factor means more than one, right? So it’s something that you can kind of break it down into something that you have and something that, you know, so those two things combined will be like a two-factor authentication, which is pretty common today. If you’re logging into your bank or your email, or your payroll system or whatever, it’s the part where they send you the code after you login with your username and password, which is something that, you know, they’ll send you a code to a text on your phone, which is something that you have. And so the combination of those two things makes it way, less likely that someone can steal credentials and and gain access to the systems.
BP: Not the low-hanging, were not low-hanging fruit.
JS: And the funny thing is that it’s not impossible to implement 2FA. One of the other things that we do with a lot of our firms is kind of help them review their cyber insurance applications and almost every one of them has 2FA as a primary component of what they’re wanting to do. And it’s gotten to the point now where it’s not even just, you know, 2fa on your email systems, like Office 365, or Google or whatever, but they want multi-factor authentication on your remote access to your own office. So, if you’re using, you know, like a Cisco router setup or a SonicWall or something like that, whenever you type your credentials into your VPN client, it will send you a code and you have to type the code in to continue on and a lot of folks. It’s funny. You know, it’s a it’s it only takes an extra second to type the code in, but a lot of folks really will dig their heels in on that. I don’t have time for that- is like you you should make time for that.
BP: Yes. When the microwave is too slow on. You know, you’ve been spoiled.
JS: That’s right.
BP: I don’t have or don’t get an authentication code when I log on to my email every morning, right?
JS: So that is a combination of a couple of different things. Number one multi-factor may or may not be on. I can’t really tell everybody on the podcast, what your systems right about, right? So I appreciate you not. We’ll leave it like this, it either is or It Isn’t. So that can be one part where it To a phase just not enabled and that’s why you don’t get the code. The second thing is that if you’re using Outlook or some other application, you may be using something called an app password. And basically what that is is it’s a kind of a lock and key type of setup where this version of Outlook and that version of Office 365 are kind of keyed together based on this 2FA password. So it keeps it from being super inconvenient, where you have to type in a code. Every time you open Outlook, but it also gives you that second layer of protection, you know, it’s been configured for so long and all the times and all that stuff is all very configurable through, you know, the Office 365, tenant. I mean, you can go in there and say we want to do challenges every time you log in or every tenth time you login or whatever the case is, and it’s all very, very, very customizable.
BP: So I’m protected.
JS: You’re good to go.
BP: Okay. I knew I was, I just like the little reassurance over now than then and you put all this in place, but you’re still very vulnerable and it’s my understanding and you correct me if I’m wrong the vulnerability then becomes the human factor because more likely than not they’re going to come in through an email.
JS: Absolutely
BP: Somebody’s going to open and they shouldn’t have and no matter what kind of authentication you’ve got no matter what kind of backup you’ve got.
JS: Once you open that email, it lets them in, right? And that’s really kind of, you know, if you look at any of the studies that are articles or anything really that where people are kind of like looking at, you know, security threats. As what’s going on, how are they getting in over 95 percent. It’s coming through email and even people that are trained up will make mistakes. You know, we have a group that we’ve done some work with for a bunch of years and there was a spoofed email that came in and it looked legit and it was to change somebody’s payroll to a new bank account. And it was like, okay and so the guy didn’t get paid and the bad guy got paid and so that’s part of it to where once you introduce the people. It’s really, really, really hard to manage that. So the best that you can do, really, is training and and provide them as much protection layers as you possibly can. The one of the things that we’ve been working on in Office 365 as of the last couple of weeks is marking email that’s coming into a domain with an external tag if it’s coming from an outside source, so you can do that with just setting up some simple rules that just, you know, if if I give me mail from Parker Law Firm.com, then it just puts external in the subject line. So it just a visual cue. But now the exchange part of Office 365 is actually allowing you to kind of go in and and have that tag. That way without even having to go setup an extra rule.
So, you know, there’s a million ways that notify people, there’s phishing training simulators that you can put into send out, you know emails that are you know, kind of like bait-
BP: that’s a great idea.
JS: Yeah, and what’s really cool about it is because it’s all you know kind of its own system. Then the people that are doing the testing get feedback on what the people are looking at. So if they click on it, if they just Open it, if they forward it, if they click all the way through you get all that feedback and for some of the larger firms it may make more sense to do that because you’ve got a lot of people that it’s hard to manage and then you may just have one person that just can’t help themselves. And so once you find that person then you can really spend a lot more training, training case. Yeah, its resources on the, on the, on the part that needs it instead of, you know, doing like a blanket. Everybody in the firm is going to have to do 50 hours is, you know, see me work on, you know, phishing emails. Nobody wants to do that. If you’ve got one person that’s really kind of really struggling with it. You can really focus your training, you know, dollars on that person instead of spending it on everybody.
BP: Yeah, that makes perfect sense. We’ve Incorporated just talking about it. We have our weekly meetings case meetings, and every so often we just talk about it. And then of course, I’ll get spammed with something and I go, hey, is this legit and Angela immediately yells? No, get Rid of it! immediately because they do find their way in, and you’ve got to be careful about. I know, one of the ones that I routinely get, I say routinely, seems like, I get it ever. So often is a fax. Somebody wants to send me a fax and I’m going, we don’t have electronic fax, you know, and, and if we do, it’s above my pay grade and I’m not opening the threatening, and I also have seen it on after our calls that go to a recording that we have. It comes in on a Platform that looks totally different, right but it says it’s a voicemail that was left for me. Right? And I go no, no, no,
JS: All they’re trying to do is get you to open that attachment man.
BP: Yeah.
JS: Yeah, and you know, we have a lot of our customers that will send us the that stuff the same way. Hey is this legit and our rule of thumb with the email as like even if it is legit, if you… The way that I always put it as if it smells like a fish. It’s a fish. So if you get a piece of email, that’s underneath facts from someone who doesn’t do business with you that way, it’s a fish. And so, you know, even if it is important, you delete that one, they’ll call you or follow along with a line. You know, where are you? Why are you ignoring my emails? I thought it was a virus. I don’t know.
BP: Good excuse . Well what we’ve kind of talked about it. In a nutshell, what’s the, as a small business owner in a legal industry like like I am, what is the best thing that they can do to protect their business?
JS: I think the best thing that they can do to protect their business is just like personal awareness, you know, I mean we can put like all the technology in place until the cows come home, but really like we were just talking about one person can really kind of caused a ton of problems. So I think personal awareness, understanding that people are out there that are trying to take advantage of the situation and not everything that you read online is true
BP: so when you you mean, the Google isn’t always accurate,
JS: that’s right.
BP: That’s right. Well, maybe it’d help you find stuff. You don’t really need to know about, I don’t know. Well, I want to kind of focus just in the closing moments here on insurance. I think all of us have seen, you can buy a cyber Insurance. and as a lawyer and in some of my business meetings, there’s a, there’s a strong feeling that the insurance may not be right for a smaller business and I may be totally wrong on my observation, but that the requirements for the insurance are so onerous that as a small business. You probably aren’t going to fulfill them in some form or fashion and therefore your claims going to be denied if and when you ever make a claim on it, right?
JS: I think that that’s, I know how… I know how you are about insurance companies.
BP: I have a problem with. Yes, that’s true.
JS: And so we’ve actually taken a page out of your book on how we deal with our customers when they’re actually asking about cyber Insurance the questionnaires and the applications and the renewals and everything else. And you know, we really we take the approach of like look they don’t want to pay you. And so if you sign, ‘yes, I’ve got all this crap’ and you submit it and you’ve tried to file a claim and they do their audit on you and you don’t have the stuff in play or if it wasn’t in place in time. They’re not going to pay the claim. So what we’ve tried to do is really get out ahead of that situation. So try and a lot of the things that we’re putting in now for some firms are, you know, like email filtering, DNS filtering where we’re able to kind of see what’s going. And you know, the back end of the network, there’s just there’s all sorts of tools that to monitor all this stuff. And so basically on the compliance piece of it, it really kind of comes down to, you know, we’re we can put these things in play, you can have them done and ready to go, but the game changes like, every year. And so what we really try to do is start to kind of and trying to be in front of it. We try to do maybe like a quarter. Order before the renewals are ready to go to get in and say, okay. This is the stuff we’re seeing now.
These are the questions that they’re asking this year. It gives us a little more time to put a solution in place that can you know, meet or exceed, those requirements, by cyber Insurance. Then opposed to trying to, you know, crowbar something at the last second because if you’re doing something really fast like that, you’re going to make mistakes.
BP: Not going to work, right.
JS: But if we, you know, can have some time to plan and have some time to, you know, really? The solution in place the right way. Then not only will it meet the Cyber requirement. But it will also give you another layer of protection based on whatever it is that you happen to put in.
BP: Some of my colleagues have expressed an opinion that the premium seemed to skyrocketed there were gone up significantly and that they believe to some I mean there are some default minimal coverages that apply kind of no questions asked I think that the Companies, right? But if you really want to up at the premium start increasing and it requires you, of course, then to spend more money on your it to be sure you are protected and you had those things in place. And I guess it kind of comes back to a business decision on the part of all the business owners. I mean, you never want to be too vulnerable out there and and know the risks, but it’s just something I guess. Everybody has to sit down and evaluate don’t want to spend money here. Don’t want to spend money there and Lower hanging fruit. Am I right?
JS: And it’s funny that you say that to you because I think with a lot of the like IT spending. I think, traditionally a lot of people just look at that as like a money pit, you know, it’s a black hole. I’m not getting anything out of this.
BP: I call that marketing.
JS: Exactly, but I think that, if you can kind of move away from being like a vendor and to a trusted advisor role, it really changes kind of like the scope of what it can be and for us and our customers, you know, we want to, we want to be that trusted advisor, we want to be a trusted resource, and if you guys have any questions, if we take something to you and say, hey, look this is important, you know, you need to sit down and really kind of evaluate this and make sure you either do or don’t want to do it. But make sure you have a good reason. Why then I think that that’s enough, you know, I don’t think you have to just throw tons and tons and tons of money into it. All the will be glad to take it.
BP: Sure. Absolutely.
JS: I don’t think you have to like overspend on IT. I think you can, you can get quality protection and meet the requirements for not like significant money. And that’s one of the things that we’ve been doing over the last two years, especially is doing tons of research, tons of vendors. Really kind of like, you know, vetting, these groups. Hey, look, we’re we can get this for this. This is great price at offers all these things. This is something that you know, will work for 95% of our customer base. And then we bring that in as an offering and then we’re building out a security platform. It’s like, look, we can check all these boxes by adding in this this and this. And your cost per unit goes to whatever that number is going to be, but it’s, we’ve already done the research, you know, we’ve already kind of really looked through the whole thing to make sure that what we’re bringing in is going to work. And obviously, we don’t want to be putting in software solutions that are are not good solutions- that doesn’t do anything for our reputation. So we need to make sure the stuff that we’re putting in there has really been gone through with a fine-tooth comb and it’s not one size fits all either.
BP: And I mean, it kind of depends on what you’re doing, how you’re doing it, and the level of just knowledge on part of the business owner and their staff, I guess, right?
JS: Yeah. I think that that’s really true. And, you know, and a lot of it, especially when you’re making your selections, a lot of it really depends on, you know, Which insurance underwriter is sending you the applications, right? Because we’ve gotten applications in probably, every insurance company there is to help our lawyer friends, you know, be able to take this really technical language and turn it into regular, ‘I can understand this language’ and some of them will have like eight questions and some of them will have like 50 and so, you know, depending on who’s sending you that information and everything else you need to do. It can take, you know, quite a few hours, it just being able to get through it all. And the funny part about this too is it’s not only insurance companies that are sending this information out these requests for your security posture. Big corporations are sending that down to farmed out lawyer groups, to make sure that if they’re doing business with that firm that, that firms back end is squared away. Those questionnaires can get up over 100 line items and they’re like, really.
BP: Well, that that’s a great point because obviously my business is a personal injury attorney. I’m a business to Consumer and and so I’m not going to have that coming back but for the law firms out there that are doing business and corporate type work, sure. They are getting those kinds of questions for.
JS: Yes, absolutely. And being here in Fort Worth area. I mean, you know Lockheed is just right up the street, you know, and they have to farm stuff out. You know, it does those questionnaires come in and and what what the customer is asking for, in terms of data security is significantly more complicated and complex than what the insurance companies are asking.
BP: really, that’s interesting.
JS: Yeah. So it’s while insurance is the focus today. I think for most folks, the fact that their customers are requiring that A step up their game is another deal. So without question, it has become a more integral part of all of our practices.
BP: Yeah, all business General. I mean, when I first started practicing, fax machines just came out with thermal paper and who uses a fax anymore. It’s crazy.
You know I just want to plug you Jeff. You have been a great great IT person for us. You are responsive. Your staff is responsive. We send an email. It’s done like that. I alluded to a moment ago that my computer crashed didn’t want to give the impression that you left me two days without anything- you didn’t- I just have so much on my hard drive that it had to be downloaded into another computer. You got me back up and running almost immediately and it just seemed like 12 excruciating hours. Probably only about 2 but it just seemed like an eternity, but it’s like any business know like and trust and you know, that’s one thing. I think you absolutely bring to the table, is that your trustworthiness, and our ease in conversation, you know, you can boil it down to something I can understand and appreciate in a few few minutes or and not have to talk till my eyes roll over in the back of my head going. Please. I don’t understand anything. You’re saying. You make it like make sense. How can if people want to know more about you and your company and what you provide? How what’s the best way to reach out to you?
JS: Really the best way to reach out to us is email phone or our website. Our website is jurisfabrilis.com.
BP: You better spell that!
JS: I’m going to. It’s J U R I S F A B R I L I S.com. And it’s there’s not two L’s because it would be Fabrillis-
BP: that something you spraying the air? That’s right.
JS: It’s kind of more of a play on tortilla. But, you know, but our main number to the office is 817 481 1573.
You can hit extension 0. Anybody that picks up the phone is a technical resource for you. They can get you started right away, help you with whatever problems you’ve got. If you want to reach out to me directly its [email protected]. If it’s a support related question, [email protected] and the guys will step up and get you going.
BP: Well, I’ll say we have had a lot of conversations over the years, not all of them involving IT, lot of lot of music and other things. But the one thing I always appreciated, as if I bring you an issue and you go, I don’t really think that’s right for your business. And here’s why I’ve always appreciated that because you do see it as a money pit. Sure, you know, as a business owner, you go golly. You know, how much am I going to spend? And I’ve always appreciated the kind of just straightforward. No, you don’t need this. Yes. I would really encourage you to think twice about this, right issue is well appreciated and I don’t think you get that from every vendor out there. Oftentimes, they want to sell you sell your cellular cellular, right?
JS: I think a lot of that comes from my old days at the old HP. When I was there, it was rules of the garage and, you know, it was before the Compaq merger, and it was all about customer relationships and it was all about the long game, you know, it was never about, I’m going to sell this guy, a bunch of toner, a bunch of paper for his printer. It’s like I’m going to sell him a badass printer and then he’s going to call me, when he needs anything because I’ve sold him a quality piece of gear and it’s going to last forever. And so I’ve take that same approach with the company here, you know, it’s all about- I need customers that are going to be here for a long, long, long time. I don’t want to customer that’s going to be around for a year. I don’t need that. I would rather have somebody that’s been around 7 8 10 15 years, you know, that way we know their business, you know, they know we’re good to go.
BP: Yeah, no question about it. Well, I really appreciate you taking the time to visit with me today and anything else you’d like to add?
JS: Just don’t be an easy Mark.
BP: Was it like the old bear thing and your buddy runs past you? Why are you running so fast? Because those are bear chasing me. You can’t outrun that bear. Don’t let have to just out Run you.
JS: That’s right.
BP: That’s right. Don’t let the bear catch you and don’t be the easy Mark. If you can do that, you’re good to go. Sounds great. Thanks. Again, Jeff , I appreciate it.
I’m Brad Parker the attorney he want, but hope you never need and thanks for listening to another edition of Bar Talk: The musings of attorneys, entrepreneurs and other interesting people. If you like our show, I want to know more, check out our website at Parker Law Firm.com, or please leave us a review on iTunes Spotify or your preferred podcast Outlet. See you next time.