Letting an IT manager go, how do you do that?

One of the worst situations that you can be in is acrimonious separation of an IT person from an organisation.

A bad separation, just like a bad divorce can have significant impact.

Large organisations have systems, policies, procedures and processes in place that protect the organisation, when they are used of course.   If followed they protect the organisation well.

SME’s on the other hand have different problems.

We have come across smaller organisation that still have old staff members on the books with full administrator access to everything that is still being done in the organisation.

The problems this creates can be huge.

They have access to privileged accounts.   Accounts that can do anything on the organisations digital world.

Just a few ideas of what they can do!

  • They can steal your trade secrets and take them / sell them to your opposition.
  • They can steal your client list and use them for a number of bad things – competition, blackmail, sabotage.
  • They can cause software issues, lock outs and shut downs
  • They can lock legitimate users / all users out of the organisation.

Another problem!

In most cases the IT person is there because they know computers.   They were allocated the role when they joined and you may even have paid for some education and training packages to make them better.

This just puts them in the position of holding the keys to the kingdom.

If you are going to remove an IT person from your organisation, the best thing you can do is outsource your IT, for a short time or indefinately.   They have the expertice to protect your organisation and they are under contract to ensure your systems are safe.

Roger Smith is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.   
He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one in 3 sections of Amazon.   
He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI.   He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.

Cybersecurity fatigue, have we reached it yet?

Are we sick of hearing about cybersecurity?
This has been hacked!   X number of records have been stolen!    Another bank ATM system has been compromised!
Yada yada yada.    Whats the use?
You can invest millions in cybersecurity and still get hacked.
We now seem to not care.
We are getting reckless.
Reckless to a stage where the old adages are coming back.   If in fact they ever went away.

It will not happen to me?   

But it will!   If you do not focus on protection it will happen to you.    It will happen to you because of what the bad guys are capable of.   The bad guys know more about the intricacies of programming than some of the engineers who created the program in the first place.
In today’s digital world a bored teenager, with access to the internet, a computer, an aptitude for mischief and minimal parental supervision can literally RUIN your life.
That is not a good thing!   But it happens, happens all the time.

I am too small to be a target!    

Actually no one is too small to be a target.   Everyone who has a device that connects to the internet is a cybersecurity target.
Your mobile phone, your smart device, your laptop or your computer are all connected to a network that eventually connects to the internet.
The moment that you connect to the internet you are a target.   You are a target of all of those automated systems created by the bored teenagers.
The moment you open an email, do a search for a product or service, create a website or any of the tens of thousands of things we do on the internet – you are immediately a target.

I have nothing worth stealing!   

Ask that of the millions of people, offices and organisations who have been compromised by the cryptovirus also known as ransomware.   When you are confronted with the reality that you can no longer access your data, you suddenly realize how valuable that information really is!
Most of the people targeted have some level of protection, some type of security because they realised they had something worth stealing.   Even then it happened!
What makes you any different, especially if you do not have any or only minimal protection.

Education is the key.

The reason that people like me harp on about cybersecurity is we see the problems.   We see the impact and more importantly we see the solution.
The solution is not investing in millions of dollars of technology, although technology IS needed.  It is not about legislation, making it harder to do business, that is also needed.    It is wholly and solely about education.
Education has a drastic impact on the frequency, occurrence and severity of being compromised.
At the moment the bad guys do not have to work very hard to get users to click on a link or open an attachment (Social Engineering 101 – the easiest way to target anyone)
We have been conditioned to do it.
Click, double click or swipe is normal everyday activity when using a digital device.   There is no thought, it is conditioning.   We have to break this conditioning because in most cases  that is what the bad guys rely on.
The only way to break this is education – try this course.
The on boarding business security course (http://business-security.com.au/login/)

(Video) How being paranoid is a good digital security strategy!

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses – How being paranoid is a good digital security strategy!

[Start of transcript]

Hello. My name is Roger.

And today, I’d like to talk to you about why being paranoid makes you more secure in the digital world.

In the digital world, everybody is after you. Everybody wants to target you. You get spam, you get phishing emails, you get spear phishing emails. If you go to a website, you could be targeted from the website.

If you download drivers, you could be downloading literally from the Google search. And there are websites and there are torrents where you can get infected by. So, looking at all of that information that’s coming towards you, on the chance that they want to steal something from you, should make you a damn sight more paranoid, the more people are at the moment.

One of the best things that bad guys do is that they will infect torrents. And torrents are used by people who want to download illegally from the internet. And those torrents can have back doors into your business, and your organization and your home computers.

And it’s very important that you get paranoid about why you have this information on your systems. But the good thing about being paranoid is you actually start to protect yourself. You make that assumption that you are in trouble and you need to look at other ways of protecting yourself. And by being paranoid, it makes you a lot more focused on how you protect yourself.

So, thank you. If you need any more information, please contact us.

[End of transcript]

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world.

(Video) What to look for in an outsourcing company

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses – What to avoid in an outsourcing professional

[Start of transcript]

Hi. My name is Roger.

And today, I’d like to talk to you about what to avoid in an ITC, an internet technical professional.

Whenever you are employing a managed-service provider or an outsourcing company, there are a number of questions that you should be asking. And it should not be based on price alone. You need to know if their practical experience is going to suit your business. So, if you use Apple technical, they need to be Apple’s experience. If they are Microsoft, then do they have a Microsoft experience? Do they have cloud-based systems that they understand?

The second one is, there is no such thing as one solution fits everybody. I can walk in to anybody and say, “You need to go to cloud.” If I did that, not only am I an idiot, but you’re an idiot for listening to me because every business is different and every business has a requirement to look at what is available and what they need to make sure that going to the cloud is going to be beneficial for you.

The third one is there’s no transfer of knowledge between the professional and the business. You need to be in a big situation where you can’t get hold of the professionals and you can actually sort out some of the problems without resorting to really big issues.

The fourth thing is, how about sales pressure? “If you buy this, we’ll give you a 20% discount. If you buy this, we’ll send you to Maris Island,” and all of that. These are pressures, or systems put on pressure to make you buy that widget at three times the price that it should be anyway.

The fifth thing that you should be looking at is, are they selling smoke and mirrors? It looks pretty cool, sounds pretty cool, but is it going to do to the job that I want it to do?

And another thing to look for is you may get a number of small solutions to that go to making the live solutions, and each one of those small solutions has a huge price tag. And if that’s the case, then, you really do not need that professional.

But there are other things that you need to look at. How about bribes and collusion? Are they being bribed by their suppliers? If you sell a million dollars’ worth of stuff, we’ll send your troops to a Maris Island because that’s really good.

Or they send you incomplete systems. An incomplete system is you get a firewall but if you pay for the firewall, you say $2,000 for the firewall, but all these other components to make the firewall really secure are extra $2,000, $2,000, $2,000. So, you’re getting an incomplete system for what you specified that you want it to do. Then they ignore you.

When you have a sales person that ignores your deadlines, ignores your fiscal position, then you also have problem, because they’re not going to respect you to understand what they need to do to make your business more focused. And they have no accountability. The only accountability to themselves is themselves and you do really don’t want to be in that situation.

So, to make sure you avoid an ICT professional that has all of those, then why don’t you contact us?

[End of transcript]

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world.

(Video) How the cybercriminals get you to cooperate

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses – Clever ways cybercriminals get you to let them in

[start of transcript]

Hello. My name is Roger.

And today, I’d like to talk to you about the clever ways cybercriminals get you to let them in.

So, there are a number of tactics and strategies that the cybercriminals use, both physical and electrical, that allows you to let them in so that they can do their nefarious deeds.

One of the ones that we’ve seen is they used fake access points. And there’s a thing called water-holing where all people congregate within a business. And usually where they’re congregating is actually where you are fixing and attaching to a Wi-Fi point. And if you make an access point the same username and you don’t give it a password, then, all of that information that you’re connecting to is being recorded.

But there are other things they do. One of the things that the bad guys do is they change file names so you might get an attachment that say “readthis.txt,” but you, and because Windows and Apple only read the .txt part, they don’t know that it says “.txt.exe.”

And most anti-viruses won’t allow that to happen. But there are some that regularly will bypass. There are other things that they do. Location of files, they use the actual operating system and the way it searches for information to serve out, so they might have a “notebook.xe” and “notebook.exe,” which is the real one. This one is found before this one, this actives malware and viruses.

Or, we use hosts and DNS redirects. And all those redirects take us to totally different sites. And there’s a number of sites, for instance, if you go to anz.com.au, you go to Australia National Bank. But, if you go to anz, then you go to a fake bank. And that’s how they catch you, just by substituting that one letter.

But one of the other things they do is they use a bait and switch. They get you to download legitimate software, especially if you’re downloading legitimate software from a pirate site. Because if you are doing that, then you are making yourself vulnerable. Because that information that you’re downloading is being stolen by the criminals and has been created to make look like a real information.

So, as you can see, the cybercriminals can be very, very clever. And we have to use a number of systems to make sure that we catch them before they get into our system.

If you need any more information, please contact us. Thank you.

[End of transcript]

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world.

(Video) A firewall does protect you from the Digital World

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses – A firewall does protect you in the digital world

[start of transcript]

Hello. My name is Roger.

I’d like to talk to you today about A Firewall does protect you in the Digital World.

A Firewall is a piece of hardware or software that sits between the real digital world and your device – whether it’s your laptop, your server, your network, your smart device. It sits between the digital world which is out there, and your privately owned piece of it.

And that’s all it’s there to do. It’s there to stop the bad guys coming in to your system and doing damage on your system. It allows information from your system that is requested to go out to the digital world and then come back in again.

And in other cases, it’s very effective about stopping that first level of attack that we have from the digital world.

When it comes to network management and protecting yourself at a network level, then, you need to spend a little bit of money to get a more expensive model of the router/firewall modem component because that is what is going to protect you from the digital world. And that expensive model, whether it’s a FortiGate or a CISCO, or a Palo Alto, is really important because it has a lot more features as well. And we have things like 2nd generation firewalls coming in to the information.

Thank you for listening and if you have any other, if you have any questions, please contact us on the slides after this.

[End of transcript]

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world.

Fighting the business of cybercrime

We all approach the cybercrime issue with a very unrealistic attitude that the cybercriminal is a geek who really does not understand what they are doing.   To most people the cybercriminal is just in it for the fun.

Compound that with our own attitude of

  • we are too small to be a target,
  • it won’t happen to me and
  • we have nothing worth stealing

And you can see why we have a problem.

Cybercrime perpetrated on the digital world is no longer hap hazard or uncoordinated.

The cybercrime gangs are well organised, exceptionally well run and ruthless in who and what they target.   In most situations the main cybercrime gangs are better run and managed than the small and medium business and large Organisations that they target.

What most people do not realise is that most of the high level cybercrime gangs have the same principles as everyone else who is using the digital world.

Make money!

Make as much as they can!

Make it as fast as possible!

They steal, destroy and manipulate the normal users of the digital world because there is little or no perceived repercussions if they get caught.

The difference is that they know so much more about the digital world than we ever will.    They also know how to exploit our vulnerabilities.

Most of the criminal enterprises have a similar structure to every other business.

They have a management team, they have marketing and sales, they have advertising and sales, they deliver products to their clients and they use research and development to create more product.

Their clients are the 12 – 24 year old wanna be hackers who think they would like the glamorous world of a cybercriminal.

Their product is automated systems that gather data and probe exploits on anyone or anything that is connected to the digital world.

They then feed that information back to the command and control systems to create better and more complex systems that are easy for the wanna bes to use.

When it comes to making money they have the same attitude as most SME’s.   Make more than you spend.

Apart for the fact that you do not get fired and the retirement plan for the bottom level of the organisation is not very good.   Once in the gang, the smallest stuff up and you could be found in the lake face down or even worse never found at all.

If you understand the cybercrime business then you have a better chance of protecting yourself against it.

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME digital security framework.   He is a Speaker, Author, Teacher and educator on cybercrime and how to protect yourself from the digital world.

(Video) AntiVirus does protect you in the digital world

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses –  why and How antivirus protects you in the digital world

[start of transcript]

Hi. My name is Roger and today I’d like to talk to you about antivirus and how antivirus protects you in the digital world. Now there’s a couple of schools of thought about antivirus. One it doesn’t work, one it does work. Those schools of thought, correct in both respects, sometimes it doesn’t work, sometimes it does work, but an antivirus system is also designed to do a number of things.

One, it catches the old problems that we’ve had. It catches all viruses, which are out there and they are [0:40 inaudible], but it also catches things that have been in store on your system that weren’t classified or weren’t called out before but are now.

A regular scan will catch those infections because the regular scan is now using the new systems because those updates are now looking for the components that are on your system. But anti-virus also does one thing. It only does its job if two things that are happening.

One if you’re patching your system and two if you’re regularly updating your antivirus. So whether you update or scan [1:27 inaudible] your definition is part of the process to make sure your antivirus does protect you from digital work.

Thank you.

[End of transcript]

(video) How to increase Cyber Awareness within an SME

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses –  How to increase Cyber Awareness within an SME

[Beginning of transcript]

Hello. My name is Roger and I’d like to talk to you today about how you can increase in your site cyber awareness within a small and medium enterprise.

When it comes to cybercrime and the cyber criminals, everyone and every piece within your organization is a target and those targets are what the cyber criminals go after all the time. So, you have to make sure that people are aware why we do these things, why you are in the process of protecting it and you are in the process of protecting them as well as your business or organization, your staff and your clients.

That is why passwords are so important. And the way to come up a better way of doing things, passwords are going to be around for long. And passwords, not only on your systems but also on systems that are being installed. So your wireless access point. . Your router needs a decent password. You better need decent password, your internet connection need a decent password.

And what I mean by “decent” is it is complex, it is more than 8-characters long, and it is unique to the piece of equipment that you to put it on because the cyber criminals are very, very clever. And you need to understand that being clever, they’re also very aware of what normal people do on the internet. And they make sure that they exploit better.

Thank you very much.

[End of transcript]

(video) What sort of monitoring is needed by an SME.

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime discusses system monitoring and why an SME needs it.

[Start of transcript]

Hi. My name is Roger. I’d like to talk to you today about what sort of monitoring is needed by a small and medium enterprise of a non-profit organization.

In today’s world, if something breaks it usually stops what you are doing pretty drastically. If your hard drive fails in your laptop or in your pc then naturally that becomes just a paper weight on your table, and you don’t that to happen. You don’t want to be in a situation where when it fails is the first time you realize you had a problem and this is where my team monitoring comes into it.

Most many services providers will have a managed component that is probably free or very inexpensive as part of their package. Because it’s really important to them to understand (a) that you’ve got a problem and (b) to fix the problem before you realize you have a problem, which makes them look really good. And that’s what it’s all about, making them look really good in your eyes.

So, instead of having the hard drive failure or having had the pc running for a long time and then come up and say, ‘well it’s running out of space’. You need to know that sort of thing. And this is where that sort of monitoring comes in.

When they install the monitoring system, they actually do it on all of the pcs, all of the laptops, all of the tablets and phones, and they create a baseline. That baseline is how it works now. So they can see what happens over the course of a couple of months and a couple years. And when you need to replace it, or when you need to upgrade it, if your processor is working overtime just because you’re doing graphic design then you need a better computer to do the job.

And as I said, the good thing about a managed service provider provides if they got a monitoring component is that they will look at the system and go, ‘that’s going to break, we better do something, here’s our hard drive, go and put it in and swap all the data out’. And that is why you need to have it.

Thank you very much.

[end of transcript]