(Video) Cybersecurity is MY Problem. What the mantra means!

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime and cybersecurity discusses –  the reason that everyone needs a mantra – you can borrow mine – Cybersecurity is my problem – Rotary Talk

[Start of transcript]

Thank you for the introduction, that was great. Today I like to talk to you about what happens to your financial security and your digital security if you get hacked and the bad guys steal everything.

The digital world has a population of between 2.5 and 3 billion users. It’s the biggest community on the planet. And because we are now focusing everything towards the digital world we are forgetting a number of aspects that really make human life a lot easier.

The digital world is becoming our social platform. It’s where we do business. It’s our network. It’s how we read our news. It’s what we look for if we need to buy something or find something or do something. It’s been an innovation and it’s happening more and more and more. It’s where we keep our websites and its how we market to each other and to the world.

The reason why we are now starting to use the digital world more and more is because of two things. One is its cost effective and it’s very cheap to do. Normally for a small business to go into marketing it used to cost thousands and thousands of dollars but with today’s digital world we now can do our marketing for a fraction of the cost.

But it’s also convenient. I can pay my bills while I’m sitting in a cafe. I don’t have to go to a post office or I don’t have to go to the bank. As we go forward into the digital world governments are going to cut services and going to put more things online. Banks are already closing their branches and putting more things online. Small businesses are now focusing on what the digital world can do for them.

And because of that we now have this really big separation of what the big guys are doing and what the small guys are doing and what the good guys are doing and what the bad guys are doing. In today’s world what we see is this part, the tip of the iceberg, literally the bit above the water. That’s where we do most of our business. That’s where we do most of our searching and that’s where we do our marketing.

This section underneath is so much more dangerous. And it constantly flows from below to the upper. Let’s just do a little bit of history about crime itself. And crime against people used to happen a long time ago when it was one-on-one. It was I needed something and I took it from someone. And whether it was legal or not it was just the way things went.

In the 1600’s we moved our money into the banks or the money used to move around in stage coaches or trains. So we then had the problem where it was if I wanted to steal money from a bank I was a small group of people stealing from a larger group of people. So that was one to many.

In 2014 in target attack there was a group of people who stole something from 34 million people, a third of the entire population in the US, exponential rise in rewards and exponential rise in targets because that is the way we are going.

So really why are they targeting everyone? Well, for one we are connected to the digital word. If you are connected to the digital world you are a target. And not just because you have something, it’s because you use something. Yes, they are after our money and our access to money.

As I said we can do our banking from a cafe. But if you’re connected to a free Wi-Fi system then the bank guys can steal that information. They are after our intellectual property. Our intellectual property is really important to us. It’s our date of birth. It’s our tax file number. It’s where we live. And each one of those individual components of our personal information is not a big problem. But when you start linking them all together it allows a criminal to come out of the digital world and go into the real world and go to a bank and open up a bank account in your name. And you definitely don’t want to be in that kind of a trap.

But they are also targeting our technology. Everybody has a smartphone or a tablet or laptop. And they are targeting the utilization of that technology. But on top of that they are targeting things like your Wi-Fi connection, your Internet connection because that is how they do business.

The bad guys rely on us trusting them because that’s what humans do. Humanness, Gullibility and Honesty is all part of the human animal. The trouble is the bad guys know this. And they are very good at making us trust them.

In real life you meet someone and you shake their hand and you see what they look like. In some cases they are so nice. Sometimes you get the feeling that they are not very trustworthy. The trouble is in the digital world we don’t get that feedback. In the digital world we have one point or one sense that we use and that is trust. And then we have to work out from that picture whether we are going to trust them.

So how do they get in? Well, the bad guys are notoriously good at using the systems we put in place to further their own needs. They are really very good at finding holes in software, some operating systems, applications, apps on your phone, your phone operating system. They are looking for ways to take over the control of that device and that technology.

The problem with a lot of these things is that most of these holes in software don’t lead to anything. It’s one in a hundred that have the capability to be uncompromising and compromise your technology. But that’s all they need because it’s not an individual person sitting in a dark room who is doing this, it is an application that they have on their laptop that is trolling the Internet looking for those exploits. When they find them they then utilize them to take over your technology. And you definitely don’t want to be there.

The other thing they use and regularly use is Spam. An email that comes to you that is not warranted. Now previously over 5 years ago Spam just used to be a nuisance. “Do you want to buy Viagra?” 5 years ago the cyber criminal saw how beneficial it was to be able to use Spam to target people. That targeting of people makes it very interesting for us as users because now we get email that is caught by or sent to us and we look at it and we then make decisions.

The next step up from that is fishing where they use a bait. And spear fishing is they literally go out and target you and aim arrows at you and that’s where spear fishing came from. Spear fishing is mainly social engineering. They will go onto your social websites. They will go onto your social profile and look at what you do and who you do it with, who your friends are, who you know, where you’ve been and what you’ve been doing. And then they will target you in an email that is designed specifically for you. When that happens you have to be very aware of what’s going on.

I was saying that we have to protect our own technology. Our own technology is very important. But the people who got websites need to have that protected as well. If you’ve got a Cloud-based system or a Website hosting system then the underlying operating system also needs to be patched because that is also a target of cyber digital criminals.

So how do I create security in my own self? I’ve got to keep my information systems secure. I’ve got to protect my assets. I’ve got to understand the dangers and I’ve got to back things up because you never know when things might happen that you have no control of.

For instance if I leave my mobile phone over the top of the car and drive away, then A-I’ve lost my mobile phone. But I’ve also lost my contacts. I’ve lost all my information about what I’ve been doing. I’ve lost a lot of information that is irreplaceable because I haven’t backed it up. The digital world is notoriously bad that if you turn something off then most of the information is lost and you have to be really aware of that.

So how do we protect ourselves? For me I have a mantra, Cybersecurity is MY problem. And if everybody else had that mantra, Cybersecurity is MY problem then we will be able to make sure that we are protecting ourselves all the time. But my mantra has 6 components. And this is what makes a secure environment for your own safety.

The first thing we need to look at is Passwords. And everybody has passwords and we all have used passwords. And those passwords can be literally anywhere doing anything. Your passwords are your passport to the digital world. And they are very important. But with the rise of the cyber criminal they are becoming more and more protective of what you do.

So passwords have to be complex. Anything on the table can be used in your password. They have to be more than 8 characters. If they are less than 8 characters, for instance a 5-character complex password can be cracked with a Brute-force attack in 2 hours. And it goes up, it escalates from there.

One of the things that people really have trouble with is your passwords have to be unique for every site you visit. First question people are going to ask and everybody in the audience is going to ask is, “how the hell I’m going to remember all those passwords?”

Well, there’s a number of ways that you can do it. One is you get a system like PassSafe which is a system that sits in your browser that remembers passwords. You have a master password that has to be complex and with that you do everything else. But the second thing of that LastPass is it creates complex passwords that it remembers.

But if you don’t want to really go down that and if you want to keep human control of your passwords come up with a phrase that you will remember. “Every Saturday I play golf.” Turn the end into 1 and put a space at the front and put a dot on the end. You can actually write that down, “Every Saturday I play golf” because you’re going to remember that. Okay, that’s 7 characters already.

Now I want to go to Gmail, “every Saturday I play golf” Gmail. “Every Saturday I play golf” LinkedIn. “Every Saturday I play golf” Internet. You know what the password is because you know what your standard password is that nobody else does. And you can actually make sure that people can’t understand that.

The second thing we have to look at is patching. We all know how annoying Microsoft, Apple and Android can get when it comes out and say’s we’ve released a new update and you have to update your ownership. Well the new update in most cases is not for functionality. In most cases it is a security update because someone has told them that they have a problem with their software that they have now created something that stops that problem from arising.

Going back to the exploits most viruses and malware are targeted at those exploits. Because they are targeted at those exploits then if you don’t patch those exploits then we have a problem.

In 2003 I think it was we had the Code Red problem with all the database servers on the Internet who were running Microsoft Explorer. This is the first time that patching really came to the fore. Microsoft wanted to have a patch 6 months before Code Red was released. And all of the systems administrators went “No”

Code Red was released and it was infecting a hundred thousand servers an hour and at that time if it was patched Code Red would have gone away, not a problem. It was very important that they did it.

All the systems that are connected to the Internet and connected to the digital world have to have some form of antivirus installed, whether it’s an Android, an Apple, a Microsoft, an iPhone or whatever it needs to have some level of antivirus to protect it from malware and viruses, it’s really very important.

People go, “well I can’t afford that.” Well, you can’t afford that, in most cases it’s expensive but there are solutions. We bought a product called FortiClient which is from FortiGate. And what it does is it’s on all of those platforms and it’s one of the best antiviruses available and it’s free.

And the reason why it’s free is because FortiGate are an Internet security company. Their products are high-end Firewalls that are going to enterprises and organizations. But when J-Bolt is connecting via VPN, Virtual Private Network to our systems they needed to make sure that the PC’s were clear and that’s why they came up with this solution. What they said is, “okay, we will create an antivirus product which also does the Virtual Private Network component. And we will make sure that the PC’s are clean.”

All systems also have a Firewall. And a Firewall is literally a wall between you and the digital world, your device and the digital world. A Firewall has stuff to go from your digital device and go out to the big wide digital world, get information and bring it back. But what the Firewall does is it stops anybody connecting to your device and a set request is left for the system. So it’s very important to have firewall.

As I said before you never know that you are going to lose your phone. You never know when your laptop hardware is going to fail. You never know when your server is going to fail. You never know when your building is going to burn down and it’s going to take everything with it. So back it up.

But the thing about backing it up is to make sure that the backup is not where the device is. So if you got a USB hardware on your laptop and you’re travelling a lot make sure the backup is at home while you’re traveling. So if something happens to your laptop you are certain that you haven’t lost everything. And I’ll tell you what when that happens to people it is really heart-breaking because you lose your files, you lose your data that you have been working on, sometimes you lose things like access to bank accounts and all of this stuff, very important.

There are two things that we push as IT people who are very aware of what is going on in the digital world. Be paranoid and it makes sense really. But the reason why you’re paranoid is that practically everybody on the digital world is after you. And that is really how you have to look at it. They are after you for all of those things I just talked about before, your money, your access and whatever. It’s very important that you do not let people get to it.

The other one is that you use common sense which surprisingly is lacking in the digital world. The common sense will protect you when other things won’t. If the website you go to says “I’m free,” no you’re not because they are looking for the information. They want you to fill in a form. They want you to do something. That initial point of contact is again what they are building trust on.

Here’s the bit on drivers. So you’ve installed a new printer but the CD is no good as you’ve got Windows 8 and this system is d designed for Windows 7. And you got onto the Internet you go to HP 5600 drivers Windows 8.

If you do that you’ll notice within the Google search results that a top 5 or 6 will have nothing to do with that HP. So again be paranoid. Go to the end of the third one that says HP or www3.hp.com/ or whatever. That’s an HP site. If you go to hpdrivers.com then you are not going to an HP site. It will even look like HP but I can guarantee you it’s not.

So this is how you secure yourself. Keep the mantra going, Cybersecurity is MY problem because if you do that you have a smaller change of being compromised than the person who hasn’t got that kind of a help. Use complicated, individual and unique passwords.

Patch everything. Patch it in a timely fashion. What happens to some of our clients is they come to us and they go, well my laptops playing up. When we got a look at it they haven’t applied patches for 12 months and there’s 220 of them. This is a problem.

Use a good antivirus whether you pay for it or not, use a good antivirus. Never turn your firewall off. You can make holes in your firewall but never turn it off. Get paranoid because in the real world and in the digital world everybody is after you because there are automated systems that are testing you and your appearances all the time.

And you use common sense. Read what the website or the site says. One of the ways that criminals get you to do things is they will have a URL that looks like a real URL because they know that if you go to anzbank.com.au it’s not the same as anz.com.au. It’s a criminal’s site.

My name is Roger. I have a couple of books that I wrote if you want to have a look at them. If you need to access some questions of us contact us on any of those. We run a regular Twitter feed. We are on LinkedIn. We have a Google Plus page. We are on Facebook and we are on YouTube.

And we run Seminars and webinars regularly. Webinars are run on Google Hangouts. We haven’t run one yet but we will be. Seminars are running in Sydney, Melbourne and Canberra monthly and in Adelaide, Perth and Brisbane quarterly. Thank you very much for your time.

[End of transcript]

(video) What sort of monitoring is needed by an SME.

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime discusses system monitoring and why an SME needs it.

[Start of transcript]

Hi. My name is Roger. I’d like to talk to you today about what sort of monitoring is needed by a small and medium enterprise of a non-profit organization.

In today’s world, if something breaks it usually stops what you are doing pretty drastically. If your hard drive fails in your laptop or in your pc then naturally that becomes just a paper weight on your table, and you don’t that to happen. You don’t want to be in a situation where when it fails is the first time you realize you had a problem and this is where my team monitoring comes into it.

Most many services providers will have a managed component that is probably free or very inexpensive as part of their package. Because it’s really important to them to understand (a) that you’ve got a problem and (b) to fix the problem before you realize you have a problem, which makes them look really good. And that’s what it’s all about, making them look really good in your eyes.

So, instead of having the hard drive failure or having had the pc running for a long time and then come up and say, ‘well it’s running out of space’. You need to know that sort of thing. And this is where that sort of monitoring comes in.

When they install the monitoring system, they actually do it on all of the pcs, all of the laptops, all of the tablets and phones, and they create a baseline. That baseline is how it works now. So they can see what happens over the course of a couple of months and a couple years. And when you need to replace it, or when you need to upgrade it, if your processor is working overtime just because you’re doing graphic design then you need a better computer to do the job.

And as I said, the good thing about a managed service provider provides if they got a monitoring component is that they will look at the system and go, ‘that’s going to break, we better do something, here’s our hard drive, go and put it in and swap all the data out’. And that is why you need to have it.

Thank you very much.

[end of transcript]

I don’t know everything that is why I need a Mantra “Cybersecurity is MY Problem”

“Cybersecurity is MY Problem”

There are hundreds, if not thousands of security experts out there who will tell you that you have to listen to them.
So, Why would you listen to me?
I do not know everything!  Come to that, no one does!   No one ever will!  But, They will try to tell you that they know everything.
There is nothing on the planet that will protect you fully in the digital world.   And Nothing is available or will it be available in the foreseeable future.
We have to change.    We have to change before the bad guys take over the digital world.
What we do know is that we have a problem.
What we know is we have a problem keeping our digital information secure.
We have to – improvise, adapt and overcome.   Oh raa
What I know is that digital protection has to be holistic.
A holistic outlook will deliver better digital protection.
To fully achieve holistic digital protection you have to have a mantra.   An affirmation.   A focus for your protection.
We have a mantra.   Our mantra is “Cybersecurity is MY problem” say it with me “Cybersecurity is MY problem”
What does it mean?
It means that there is no silver bullet .   It means that it is hard work.   It means that it can be expensive and costly.
It means that everyone in the organisation is responsible for protecting your organisation.
Everyone does their bit.
Everyone is aware.
Everyone, not just the ICT department, or the managers, or the board members but everyone has to do their bit.
Digital security is intensive, focused and above all hard work.   There is no set and forget.   It is a constant battle between you, your staff, your organisation and the bad guys.   Attacks change, defences adapt – this is the way of digital protection.
Why am I telling you this?    We build and supply holistic digital security systems to small and medium business and not for profit Organisations.
What I do have is a passion, no that is wrong, I have a focus on protecting people from the criminals that inhabit the digital world.
So why would you listen to me?   I am just a normal ICT consultant with an extrordinary outlook on digital crime.   I do not understand the need to say – buy this because it is the best thing you can buy – especially when it is untrue.
If you want to create a more secure organisation in the digital world you need to talk to me.   Talk to me now
What I do do is create a holistic environment
Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   He is a Speaker, Author, Teacher and educator on cybercrime and how to protect yourself from the digital world.

(Video) How to Protect Your Money and Cards within an SME from cybercrime

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime asks how small and medium business and not for profit organisations are securing the information about money and cards from cybercrime.

[Start of transcript]

Hello, my name is Roger. How do you protect the money and your card information within your organization?

Small or medium business not for profit organizations have a requirement to A. Collect money otherwise they get broke and B. To secure the information concerning that money and how it’s being collected and diversified and the banks getting the information.

But on top of that, if you’re running an e-commerce site for instance, then the information that people are putting into that page in the digital world is really important because the criminals are targeting that as well. So if you take payments from the internet or the digital world, or you run a system , how do you make sure that that information is always secure?

Now this is a major target for the cyber criminals because they know that most people, when they set up a website or set up an e-commerce site or accept credit card and PayPal information that they haven’t set it up because they might not know quite what’s going on, they’re not fully understanding what is required of protecting that information.

But on top of that, if you’ve got an e-commerce site, you need a payment gateway. Now that payment gateway is literally the gateway between your site and the bank. And you have to make sure that as you’re accessing that gateway it is in a secure fashion.

The other way you can accept money is through PayPal, or if you’re on places like EBay where they have a platform store, which actually points to a payment gateway.

So what do you need to do to make sure you’re protecting the information? Well, you got to make sure that you’re receiving information from your potential customers and clients and the moment it goes into their computer nobody else can reach into your system. The only way to do that is with a high level encryption component and this is where SSL and TLS comes into it. SSL encrypts all the information and the only people who understand what’s going on are the computer that’s sending it and the one that’s receiving it at the other end.

So protecting that information against cybercrime is also very critical when you’ve got the information itself. So you’ve collected the information and now you want to store it somewhere. Again, you’ve got to make sure that you’re storing that information in such a fashion that you cannot be hacked.

Thank you very much.

[end of transcript]

 

(Video) Why are good digital security solutions in short supply

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime discusses why digital security solutions are in short supply

[Start of transcript]

Hello, my name is Roger. Why are digital security systems in short supply?

I was on LinkedIn a couple days ago and came across an ebook from Checkpoint. Checkpoint they’re a supplier of firewalls and intrusion protection and anything that is front facing onto the internet. Now, the information in that white paper was really good information, it really was.

There was only one problem with it; they’re working on the principle that it is a silver bullet component. You put this in, you will be secured. You do this, you will be secured. You protect yourself in this way you will be secured.

Now, cyber criminals rely on you doing this because to them, they know that there is no such thing as a silver bullet. There is no such thing as something that you can do that A. Doesn’t require maintenance, B. Doesn’t require someone looking after it, and C. Other components would have had nothing to do with it. Because cyber security is holistic, it really is holistic.

There are four main components of it. You’ve got your technology, so your operating systems, your software, your hardware, antivirus, your encryption all of those components use technology. Then you’ve got management components, your policies that tell your users how they’re going to use the technology.

Your procedures that make sure that when they put a server together or when they put a work station together, or they do something in your business that it is this way and this way only. It also includes training and education. So you got a new firewall, who knows how to set it up? Do you know how to set it up? And if so, what’s the next step?

The next part is adaptability. The adaptability of your system to be resilient. So something does happen, what are your steps that are going to take you back to being business as usual? And this is business continuity, disaster recovery, resilience, what culture you’ve got in your business.

And then the last component, which is really important, usually a lot of people focus on, compliance, which is what I’m talking about, before they focus on the other things. But if you get those other three things in place, compliance is a relatively easy process.

Because you’ve already done the policies and procedures. You already got the high end taking place, you’re already doing the patching that makes it all work. So, it’s a holistic process, a complete, total, protected sequence.

Now, because that holistic attitude is very rare when it comes to protecting business that’s why it’s in short supply. Because I can to down and buy a Cisco router and I’m going to be protected. No I’m not. Because I haven’t got the policies and procedures in place. I haven’t got the DR in place, I haven’t got my compliance in place.

So, it’s very difficult to make sure that the next step you take is not listen to the salesperson, but listen to someone who is going to say, ‘yes, you can buy X. Doesn’t matter if it came from Checkpoint, or Cisco, or Fortinet or whatever. Because you know that that is only one small component of protecting your business.

Thank you very much.

[end of transcript]

(Video) How to Improve the technical staffing within an SME.

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime discusses how to improve the technical capability within small and medium business.

[Start of transcript]

Hello, my name is Roger. How do you improve the technical staff capability within a small business?

There are two things that people notice in a small business when something goes wrong with your IT. When something goes wrong with your IT, (a) Everybody gets involved, so you might have five people working in your business but those five people are now focused wholly and solely on why Joe can’t print. So you just lost, let’s say ten minutes, of course five people, because he can’t print.

And on top of that it takes five times longer for it to be resolved. And because it takes that long to resolve things it then becomes more expensive because those five people didn’t take ten minutes, they took half an hour.

Now this, for a small business or a not for profit organization slows down other things, so it slows down your access to your organization. It slows down your delivery of products, it slows down your receptionist, because they are no longer focused on what you need them to focus on. So how do you fix that? Well, there’s two ways you can fix it.

One is you put a dedicated IT person on the staff, which is, usually for small and medium businesses, not an option cause they’re way to expensive and you need to have them do something else if they are going to come into your business. The second that is you can get a manage service provider or an outsource, you could outsource your IT to someone who knows what they’re doing.

They have the right qualifications, so they could come in remotely and fix little Joe’s problem in two minutes and if you are being charged by the minute well that’s great cause it only cost you two minutes. Everybody else can go back to work and nobody has a problem. Or if you have a monthly fee and that type of thing is included, it didn’t cost you a thing because you’ve already paid for it or it’s part of the service level agreement.

This is why small or medium businesses not for profit organizations need a better solution and a better solution for most small businesses not for profit, is to outsource your IT.

Thank you very much.

[end of transcript]

Two attitudes to cybercrime that have to change!

There has been a large amount of discussion on why cybersecurity is important to all Organisations.    No matter your size or your focus we are all targets of cyber criminals.  The biggest and hardest thing to do is convince small and medium businesses and not for profit Organisations that cybercrime is in fact rampant in the digital world.

I often hear, we are too small to be a target, it will not happen to me and we have nothing worth stealing.   These are classic examples of the SME’s mentality when it comes to cybercrime.

Recently I came across two more reasons that SME’s are not embracing the dangers of cybercrime.

We make hammers

I was recently talking to a small hardware retailer at a networking function.   When I explained to him what we did – educate and protect Organisations against cybercrime to build business resilience – his comment was

“Why should I worry about that, all I do is sell hammers”.

This is a major flaw in the SME business world.  Organisations forget that no matter what you do, how you do it and how you make money we do it in the digital world.  Protecting your digital assets is just as important as using them for the business.

The digital world is cost effective and convenient.   We use it for everything – sales, marketing, communication, accounting.   Connecting to the digital world = target.

Being targeted because they are connected, does not seem to enter into most business minds.  We take enormous care to make sure that we cannot be robbed in the real world.   We are blazee about our digital assets.

We are all citizens of the digital world;

  • Using the digital world = target!
  • Connecting to the digital world = target!
  • Being a member of the digital world = target!

You may sell hammers, or build patios, or run electrical cable, or dig holes, we all still have systems in place that are connected to the digital world.

How do you communicate – email, social media!

How do you bill your clients – accounting package or cloud based system!

What other uses is your smart device used for – on line banking, looking for information.

Each one of those system, in today’s world – is a target.

Make sure you protect it!

Practice you recovery

If disaster struck, would you survive?

One of the largest problems as a managed services provider is that we can do everything that is required of us.   We can create disaster recovery plans, business continuity plans or install backup solutions.   We know that they will work and will protect the organisation.   But how do we prove that?

If the C level, board or management levels are not interested then it is a total waste of time.   There is an advert for a mattress company that goes “a 50% saving on a bed that is not right for you is a 100% waste of money”. The same is true of an untested disaster plan.

An untested DR plan, BC plan or backup are a total waste of time if;

  • It is not tested
  • The right systems are not included in the plans
  • No one knows what to do
  • No one is willing to invest time and money in the outcomes

Where you do not want to be.   The first and only test is when a disaster happens.   That will bring you a world of pain.

The only way to confirm that your plans are going to work is to see what happens if the systems are turned off.

Try it sometime.

It will definitely show you what you can expect in the aftermath of a cyberattack, a natural disaster or just a failed hard drive.

Managing the risk of a cyber-attack is very important to all SME’s.   If you have a digital component it is a risk to your business.   Make sure you mitigate that risk to a level that you are happy about.

Winging it and no plan are not alternatives.

There are so many stories about Organisations that did not have backup, did not have DR or BC plans, or thought that did not have to worry about digital security.

Most of them are now out of business.

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   He is a Speaker, Author, Teacher and educator on cybercrime and how to protect yourself from the digital world.

(Video) What sort of monitoring is needed by an SME.

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime discusses system monitoring and why an SME needs it.

[Start of transcript]

Hi. My name is Roger. I’d like to talk to you today about what sort of monitoring is needed by a small and medium enterprise of a non-profit organization.

In today’s world, if something breaks it usually stops what you are doing pretty drastically. If your hard drive fails in your laptop or in your pc then naturally that becomes just a paper weight on your table, and you don’t that to happen. You don’t want to be in a situation where when it fails is the first time you realize you had a problem and this is where my team monitoring comes into it.

Most many services providers will have a managed component that is probably free or very inexpensive as part of their package. Because it’s really important to them to understand (a) that you’ve got a problem and (b) to fix the problem before you realize you have a problem, which makes them look really good. And that’s what it’s all about, making them look really good in your eyes.

So, instead of having the hard drive failure or having had the pc running for a long time and then come up and say, ‘well it’s running out of space’. You need to know that sort of thing. And this is where that sort of monitoring comes in.

When they install the monitoring system, they actually do it on all of the pcs, all of the laptops, all of the tablets and phones, and they create a baseline. That baseline is how it works now. So they can see what happens over the course of a couple of months and a couple years. And when you need to replace it, or when you need to upgrade it, if your processor is working overtime just because you’re doing graphic design then you need a better computer to do the job.

And as I said, the good thing about a managed service provider provides if they got a monitoring component is that they will look at the system and go, ‘that’s going to break, we better do something, here’s our hard drive, go and put it in and swap all the data out’. And that is why you need to have it.

Thank you very much.

[end of transcript]

(Video) What is managed web filtering?

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime discusses managed web filtering

[Start of transcript]

Hello, my name is Roger. What is managed web filtering? Well, we all know that everybody likes to access the internet, whether it’s on a tablet, on a mobile phone, laptop, computer, even on the server when you need to download updates and things like that. You always need to access the digital world in some way.

But the trouble is, the bad guys know how we all access the internet, and they are always willing to put little traps and systems in place so they can actually get information out of you or infect your computers.

Now what I mean by that is there are, websites are created, and we all have websites. Websites are not created equally. Some are high-end, high-processing, e-commerce sites that are secure and locked down, and everything is really hunky dory.

But at the other end of the scale, there’s people who put together a WordPress website, who doesn’t worry about security, doesn’t worry about patching or widgets, making sure all the plugins are working, making sure the plugins are all patched up.

Now if this website, the one that was done in WordPress, gets hacked, now there are a number of ways they can do things to you. They can hack your website and take it down. Bang, there goes your website. Or they can just deface it. We were here, stuff you. Great.

The worst one they can do is they can actually infect it so that all of the visitors coming to your site will actually be asked to download now or then. Now when that happens, what happens is you need a system in place that will protect you from that happening to you. Now how do you do that?

Well there’s a number of products around that allow you to protect the way you surf the internet. And by that protection, it will come up and go, don’t go to this website, because it’s infected, or it may go to something that says when you log on to the website, something is wrong.

And that is really important for business. Because you get malware on your PC or your laptop, or your tablet, or your phone, then the bad guys have access to that information. What people don’t understand is it can happen to anybody’s website.

It takes, it can happen at the lowest level with your web-hoster, hosting company, has been hacked, and the server with all of those websites on it are now vulnerable. Or you could be a major news site.

There’s been times where places like ninemsn have been not so much hacked, but the information for things that run their ads have been infected, which then infects the people who come to it.

The other way that you get infected is through Ethernet. So this is a process that the bad guys call water holing, because everybody has to go there to get information. The biggest one that we’ve ever seen was when they infected a site that looks after human resources. So everybody had to go there, work out their leave, and every time they went there they got infected.

But, on top of that, if you get an infection from a website, that you, and you haven’t been protecting yourself in such a way as it will come up and tell you that you’ve got a chance of being infected by the website, then you have a problem with your own technology itself. Because it is no longer yours. It has spyware, it has malware. It may even have things like drive-by malware that encrypts all the information on your system. You don’t want to be in that situation.

On top of that, people also believe that if you go to pornographic sites that you’re going to get infected. To tell you the truth, pornographic sites are probably the securest internet websites on the internet and have ads. And there’s something, because the pornographic sites need people to come to them all the time. And yes, it’s huge business, it’s really a lot of money that they get.

So, you need to have some way to protect yourself, and that is where a managed web filter will come into. That managed web filter will sit on the desktop, or the laptop, or the tablet and phone, and actually intercept the information before it gets to your technology itself, and will protect you. And because it’s a managed web filtering, it’s like any other cloud product, it is a monthly fee.

Thank you.

[End of transcript]

(Video) How are you protecting your clients information

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime discusses How small and medium business and not for profit organisations are protecting your clients information.

[Start of transcript]

Hi, my name is Roger. How are you protecting your client’s information? Every business nowadays uses a digital component to make that business work. And by having that digital component, and making that information available to your staff, then you have to make sure that you are protecting that information at all times.

That information can be anything as basic as a telephone number associated with a person who’s associated with a registration number on your car. That information is really critical to taking it to the next level for protecting your business, and protecting your clients. Because clients are not going to trust you if you are known to breach their privacy.

So to protect the information that you’re collecting from other people, you need to make sure that what you’re collecting, are you going to use it and do you need it? Because it’s no use collecting all this information if it’s just going to sit in a database and one day we’ll get to it. Because that just gives you exposure to a number of other problems.

You also need to be able to segregate that information. You need to be able to take that information and go, “We don’t need that information,” or, “Those certain people do need access to that information.”

And the final part is, you never store information about people with information about their credit cards. Because if you do that, and something does happen in the background, and someone does get compromised, then they have all of that information.

So do you know where all your client data is? Do you know where it’s located, who has access to it, and why those people have access to it? Thank you very much.

[End of transcript]