(Video) How can the Cloud be a better way of doing business?

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses –  How the cloud can be a better way of doing business.

[Beginning of transcript]

Hello. My name is Roger and today I’d like to talk to you about How the cloud can be a better way of doing business.

We all heard about the cloud. It’s a case of we demand move a capital expense on hardware and software to an operation expense where we are only paying for the use of systems. And because we’re doing that, it’s now a lot more cost-effective to use the cloud to do what we need to do.

It’s not going to cost me $25,000 to set up a server, it’s going to cost me $500 a month. And if you think about $500 a month could be expensive, so you look around for cheaper ways of doing things. But also, the cloud makes it convenient.

I consider the café down the road and I can pay my bills or I can transfer money to my employees or I can buy stuff. And that makes it really convenient for me as a business owner to be able to do anything I want.

And that is one of the reasons why the cloud is becoming a better way in doing business because it is cost effective and it is convenient. And those two things are really important to any small business.

Thank you.

[End of transcript]

(video) How to increase Cyber Awareness within an SME

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses –  How to increase Cyber Awareness within an SME

[Beginning of transcript]

Hello. My name is Roger and I’d like to talk to you today about how you can increase in your site cyber awareness within a small and medium enterprise.

When it comes to cybercrime and the cyber criminals, everyone and every piece within your organization is a target and those targets are what the cyber criminals go after all the time. So, you have to make sure that people are aware why we do these things, why you are in the process of protecting it and you are in the process of protecting them as well as your business or organization, your staff and your clients.

That is why passwords are so important. And the way to come up a better way of doing things, passwords are going to be around for long. And passwords, not only on your systems but also on systems that are being installed. So your wireless access point. . Your router needs a decent password. You better need decent password, your internet connection need a decent password.

And what I mean by “decent” is it is complex, it is more than 8-characters long, and it is unique to the piece of equipment that you to put it on because the cyber criminals are very, very clever. And you need to understand that being clever, they’re also very aware of what normal people do on the internet. And they make sure that they exploit better.

Thank you very much.

[End of transcript]

(Video) How to create a Business Continuity Plan

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses –   How to create a Business Continuity Plan

[Beginning of transcript]

Hello. My name is Roger and today I’d talk about creating a Business Continuity Plan.

Now, Business Continuity Plan is really important for any business going forward but it has a 5-point life cycle and that life cycle is used to make sure that you are always up-to-date with your business continuity. So the first thing that we have to look at is what risks are in the business and what risks will impact the business to stop it from going forward and continuing to do business.

We don’t have to design a solution around what those risks are and then we have to implement those designed systems to make sure that we are looking at how things are going to run and how things are going to be at a business continuing level.

From there, we need to test it. Now, testing can be one of two things. One of the two things is you can do a hypothetic ‘what happens if this happens?’ Will these things be in place and that’s great. Or you can do it physically – turn off something. What happens if I turn off this? Oh no, that’s broken.

And then from there, we can maintain it. And that maintenance they looks at all of the new additional components that we bring into the business as we go forward as a business. So, new technology – better business continuity.

But going back to the analysis, we have to look at business impact statement – what systems impact the business the most? What is the most critical part of the business? What is the biggest threat and how do we analyze that threat to make sure it is all right. And then, once we’re done with that, we need to go, well, if we’ll lose this, what requirements are we required to recover from that problem?

We need to have a business continuity plan for security for ourselves and we also need to put into account as an individual business what components could go well to that plan. And with every organization, it will be different. You might have two problems but they might have different requirements to make sure that they have business continuity and their business continues no matter what.

Thank you very much.

[End of transcript]

(video) Are you sick of your ICT costing a fortune

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses –     why ICT cost so much to implement

[beginning of transcript]

Hello. My name is Roger. Are you sick of your technology costing a fortune?

So let’s have a look of why it costs so much. A lot of large organizations especially in our space, people like CISCO or fortiGate, invest a lot of money in understanding what the bad guys are doing. They invest a lot of money in doing technology to make sure that the bad guys are not getting in to your systems and that is one of the reasons why they’re a lot more expensive than some Dlink or Linksys.

So, you need to know that although technology is expensive and if you bought something like a fire eye system depending on the size of the organization, it comes down to making sure that you are understanding the risks to your business.

If you don’t consider the risks of being hacked really important, then you won’t spend a lot of money on protecting yourself. But if you the other attitude where my business is critical, my information is critical, my information about my client is critical, then you start to invest in making sure that you have the best environment.

The other alternative to making sure that you have the best is to outsource and you can use better technology to deliver better outcomes within your business because you are not paying capital expense to bring that into place.

And because you’re not paying large amounts of money as an initial outlay to make things work, and then you’re training people up to make sure they are working, then you need to know that the systems of the outsourcing company is going to bring to the table are going to be a lot more productive and beneficial to your business.

Thank you very much.

[End of transcript]

(video) What sort of monitoring is needed by an SME.

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime discusses system monitoring and why an SME needs it.

[Start of transcript]

Hi. My name is Roger. I’d like to talk to you today about what sort of monitoring is needed by a small and medium enterprise of a non-profit organization.

In today’s world, if something breaks it usually stops what you are doing pretty drastically. If your hard drive fails in your laptop or in your pc then naturally that becomes just a paper weight on your table, and you don’t that to happen. You don’t want to be in a situation where when it fails is the first time you realize you had a problem and this is where my team monitoring comes into it.

Most many services providers will have a managed component that is probably free or very inexpensive as part of their package. Because it’s really important to them to understand (a) that you’ve got a problem and (b) to fix the problem before you realize you have a problem, which makes them look really good. And that’s what it’s all about, making them look really good in your eyes.

So, instead of having the hard drive failure or having had the pc running for a long time and then come up and say, ‘well it’s running out of space’. You need to know that sort of thing. And this is where that sort of monitoring comes in.

When they install the monitoring system, they actually do it on all of the pcs, all of the laptops, all of the tablets and phones, and they create a baseline. That baseline is how it works now. So they can see what happens over the course of a couple of months and a couple years. And when you need to replace it, or when you need to upgrade it, if your processor is working overtime just because you’re doing graphic design then you need a better computer to do the job.

And as I said, the good thing about a managed service provider provides if they got a monitoring component is that they will look at the system and go, ‘that’s going to break, we better do something, here’s our hard drive, go and put it in and swap all the data out’. And that is why you need to have it.

Thank you very much.

[end of transcript]

I don’t know everything that is why I need a Mantra “Cybersecurity is MY Problem”

“Cybersecurity is MY Problem”

There are hundreds, if not thousands of security experts out there who will tell you that you have to listen to them.
So, Why would you listen to me?
I do not know everything!  Come to that, no one does!   No one ever will!  But, They will try to tell you that they know everything.
There is nothing on the planet that will protect you fully in the digital world.   And Nothing is available or will it be available in the foreseeable future.
We have to change.    We have to change before the bad guys take over the digital world.
What we do know is that we have a problem.
What we know is we have a problem keeping our digital information secure.
We have to – improvise, adapt and overcome.   Oh raa
What I know is that digital protection has to be holistic.
A holistic outlook will deliver better digital protection.
To fully achieve holistic digital protection you have to have a mantra.   An affirmation.   A focus for your protection.
We have a mantra.   Our mantra is “Cybersecurity is MY problem” say it with me “Cybersecurity is MY problem”
What does it mean?
It means that there is no silver bullet .   It means that it is hard work.   It means that it can be expensive and costly.
It means that everyone in the organisation is responsible for protecting your organisation.
Everyone does their bit.
Everyone is aware.
Everyone, not just the ICT department, or the managers, or the board members but everyone has to do their bit.
Digital security is intensive, focused and above all hard work.   There is no set and forget.   It is a constant battle between you, your staff, your organisation and the bad guys.   Attacks change, defences adapt – this is the way of digital protection.
Why am I telling you this?    We build and supply holistic digital security systems to small and medium business and not for profit Organisations.
What I do have is a passion, no that is wrong, I have a focus on protecting people from the criminals that inhabit the digital world.
So why would you listen to me?   I am just a normal ICT consultant with an extrordinary outlook on digital crime.   I do not understand the need to say – buy this because it is the best thing you can buy – especially when it is untrue.
If you want to create a more secure organisation in the digital world you need to talk to me.   Talk to me now
What I do do is create a holistic environment
Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   He is a Speaker, Author, Teacher and educator on cybercrime and how to protect yourself from the digital world.

(Video) How to Protect Your Money and Cards within an SME from cybercrime

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime asks how small and medium business and not for profit organisations are securing the information about money and cards from cybercrime.

[Start of transcript]

Hello, my name is Roger. How do you protect the money and your card information within your organization?

Small or medium business not for profit organizations have a requirement to A. Collect money otherwise they get broke and B. To secure the information concerning that money and how it’s being collected and diversified and the banks getting the information.

But on top of that, if you’re running an e-commerce site for instance, then the information that people are putting into that page in the digital world is really important because the criminals are targeting that as well. So if you take payments from the internet or the digital world, or you run a system , how do you make sure that that information is always secure?

Now this is a major target for the cyber criminals because they know that most people, when they set up a website or set up an e-commerce site or accept credit card and PayPal information that they haven’t set it up because they might not know quite what’s going on, they’re not fully understanding what is required of protecting that information.

But on top of that, if you’ve got an e-commerce site, you need a payment gateway. Now that payment gateway is literally the gateway between your site and the bank. And you have to make sure that as you’re accessing that gateway it is in a secure fashion.

The other way you can accept money is through PayPal, or if you’re on places like EBay where they have a platform store, which actually points to a payment gateway.

So what do you need to do to make sure you’re protecting the information? Well, you got to make sure that you’re receiving information from your potential customers and clients and the moment it goes into their computer nobody else can reach into your system. The only way to do that is with a high level encryption component and this is where SSL and TLS comes into it. SSL encrypts all the information and the only people who understand what’s going on are the computer that’s sending it and the one that’s receiving it at the other end.

So protecting that information against cybercrime is also very critical when you’ve got the information itself. So you’ve collected the information and now you want to store it somewhere. Again, you’ve got to make sure that you’re storing that information in such a fashion that you cannot be hacked.

Thank you very much.

[end of transcript]

 

(Video) Why are good digital security solutions in short supply

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime discusses why digital security solutions are in short supply

[Start of transcript]

Hello, my name is Roger. Why are digital security systems in short supply?

I was on LinkedIn a couple days ago and came across an ebook from Checkpoint. Checkpoint they’re a supplier of firewalls and intrusion protection and anything that is front facing onto the internet. Now, the information in that white paper was really good information, it really was.

There was only one problem with it; they’re working on the principle that it is a silver bullet component. You put this in, you will be secured. You do this, you will be secured. You protect yourself in this way you will be secured.

Now, cyber criminals rely on you doing this because to them, they know that there is no such thing as a silver bullet. There is no such thing as something that you can do that A. Doesn’t require maintenance, B. Doesn’t require someone looking after it, and C. Other components would have had nothing to do with it. Because cyber security is holistic, it really is holistic.

There are four main components of it. You’ve got your technology, so your operating systems, your software, your hardware, antivirus, your encryption all of those components use technology. Then you’ve got management components, your policies that tell your users how they’re going to use the technology.

Your procedures that make sure that when they put a server together or when they put a work station together, or they do something in your business that it is this way and this way only. It also includes training and education. So you got a new firewall, who knows how to set it up? Do you know how to set it up? And if so, what’s the next step?

The next part is adaptability. The adaptability of your system to be resilient. So something does happen, what are your steps that are going to take you back to being business as usual? And this is business continuity, disaster recovery, resilience, what culture you’ve got in your business.

And then the last component, which is really important, usually a lot of people focus on, compliance, which is what I’m talking about, before they focus on the other things. But if you get those other three things in place, compliance is a relatively easy process.

Because you’ve already done the policies and procedures. You already got the high end taking place, you’re already doing the patching that makes it all work. So, it’s a holistic process, a complete, total, protected sequence.

Now, because that holistic attitude is very rare when it comes to protecting business that’s why it’s in short supply. Because I can to down and buy a Cisco router and I’m going to be protected. No I’m not. Because I haven’t got the policies and procedures in place. I haven’t got the DR in place, I haven’t got my compliance in place.

So, it’s very difficult to make sure that the next step you take is not listen to the salesperson, but listen to someone who is going to say, ‘yes, you can buy X. Doesn’t matter if it came from Checkpoint, or Cisco, or Fortinet or whatever. Because you know that that is only one small component of protecting your business.

Thank you very much.

[end of transcript]

(Video) How to Improve the technical staffing within an SME.

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime discusses how to improve the technical capability within small and medium business.

[Start of transcript]

Hello, my name is Roger. How do you improve the technical staff capability within a small business?

There are two things that people notice in a small business when something goes wrong with your IT. When something goes wrong with your IT, (a) Everybody gets involved, so you might have five people working in your business but those five people are now focused wholly and solely on why Joe can’t print. So you just lost, let’s say ten minutes, of course five people, because he can’t print.

And on top of that it takes five times longer for it to be resolved. And because it takes that long to resolve things it then becomes more expensive because those five people didn’t take ten minutes, they took half an hour.

Now this, for a small business or a not for profit organization slows down other things, so it slows down your access to your organization. It slows down your delivery of products, it slows down your receptionist, because they are no longer focused on what you need them to focus on. So how do you fix that? Well, there’s two ways you can fix it.

One is you put a dedicated IT person on the staff, which is, usually for small and medium businesses, not an option cause they’re way to expensive and you need to have them do something else if they are going to come into your business. The second that is you can get a manage service provider or an outsource, you could outsource your IT to someone who knows what they’re doing.

They have the right qualifications, so they could come in remotely and fix little Joe’s problem in two minutes and if you are being charged by the minute well that’s great cause it only cost you two minutes. Everybody else can go back to work and nobody has a problem. Or if you have a monthly fee and that type of thing is included, it didn’t cost you a thing because you’ve already paid for it or it’s part of the service level agreement.

This is why small or medium businesses not for profit organizations need a better solution and a better solution for most small businesses not for profit, is to outsource your IT.

Thank you very much.

[end of transcript]

Two attitudes to cybercrime that have to change!

There has been a large amount of discussion on why cybersecurity is important to all Organisations.    No matter your size or your focus we are all targets of cyber criminals.  The biggest and hardest thing to do is convince small and medium businesses and not for profit Organisations that cybercrime is in fact rampant in the digital world.

I often hear, we are too small to be a target, it will not happen to me and we have nothing worth stealing.   These are classic examples of the SME’s mentality when it comes to cybercrime.

Recently I came across two more reasons that SME’s are not embracing the dangers of cybercrime.

We make hammers

I was recently talking to a small hardware retailer at a networking function.   When I explained to him what we did – educate and protect Organisations against cybercrime to build business resilience – his comment was

“Why should I worry about that, all I do is sell hammers”.

This is a major flaw in the SME business world.  Organisations forget that no matter what you do, how you do it and how you make money we do it in the digital world.  Protecting your digital assets is just as important as using them for the business.

The digital world is cost effective and convenient.   We use it for everything – sales, marketing, communication, accounting.   Connecting to the digital world = target.

Being targeted because they are connected, does not seem to enter into most business minds.  We take enormous care to make sure that we cannot be robbed in the real world.   We are blazee about our digital assets.

We are all citizens of the digital world;

  • Using the digital world = target!
  • Connecting to the digital world = target!
  • Being a member of the digital world = target!

You may sell hammers, or build patios, or run electrical cable, or dig holes, we all still have systems in place that are connected to the digital world.

How do you communicate – email, social media!

How do you bill your clients – accounting package or cloud based system!

What other uses is your smart device used for – on line banking, looking for information.

Each one of those system, in today’s world – is a target.

Make sure you protect it!

Practice you recovery

If disaster struck, would you survive?

One of the largest problems as a managed services provider is that we can do everything that is required of us.   We can create disaster recovery plans, business continuity plans or install backup solutions.   We know that they will work and will protect the organisation.   But how do we prove that?

If the C level, board or management levels are not interested then it is a total waste of time.   There is an advert for a mattress company that goes “a 50% saving on a bed that is not right for you is a 100% waste of money”. The same is true of an untested disaster plan.

An untested DR plan, BC plan or backup are a total waste of time if;

  • It is not tested
  • The right systems are not included in the plans
  • No one knows what to do
  • No one is willing to invest time and money in the outcomes

Where you do not want to be.   The first and only test is when a disaster happens.   That will bring you a world of pain.

The only way to confirm that your plans are going to work is to see what happens if the systems are turned off.

Try it sometime.

It will definitely show you what you can expect in the aftermath of a cyberattack, a natural disaster or just a failed hard drive.

Managing the risk of a cyber-attack is very important to all SME’s.   If you have a digital component it is a risk to your business.   Make sure you mitigate that risk to a level that you are happy about.

Winging it and no plan are not alternatives.

There are so many stories about Organisations that did not have backup, did not have DR or BC plans, or thought that did not have to worry about digital security.

Most of them are now out of business.

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   He is a Speaker, Author, Teacher and educator on cybercrime and how to protect yourself from the digital world.