17 reasons why we should be listening to the digital security expert

The same way that we listen to accountants, solicitors and motor mechanics, the digital security expert has an important role to play in supporting your organisation.

Digital security is becoming one of the most important areas of modern business.

For some reason we believe technology in business is easy.  So easy in fact, that we just install it and forget about it.

Anyone can do it.

Like other professions what you do and what you can do are total opposites.  An accountant, for instance, can make you more money by legally changing your tax requirements, or a solicitor can get you a reduced fine or jail sentence better than you could if you were representing yourself.

So a digital security expert can make your organisation more secure because they have studied business and technology, but more importantly they have a better understanding of what the bad guys are doing.

Here are 17 ways that a digital security expert can make your organisation more secure:

  1. They study the bad guys – being a digital security expert is not about selling the next best thing (if there is such a thing).   Being a digital security expert is more about understanding your enemy.   The more you study the cybercriminal the better you get at predicting their next move and being able to be one step ahead.
  2. They keep abreast of what the bad guys are doing  – digital security experts use the same world that the cybercriminal uses to perpetrate their trade.   They are in the dark web, watching, recording and documenting what the bad guys are going to do next.
  3. They understand business requirements  – what most people do not understand is that the digital security expert has to understand business.   They have to understand marketing, management and cash flow.   They need this information to ensure the recommendations that they give to their clients will not impact their business, or have minimal impact on the way business functions.
  4. They understand technology  – in most cases a digital security expert is at the same level of technology understanding that the bad guys are.   To ensure that your business is not vulnerable to a cyber-attack they have to know the technology to ensure it is safe.
  5. There is no such thing as being too small to be a target  – if you have a digital footprint,(yes we all have one) no matter how small, then you are automatically a target of cybercrime.   If you have a smart device, an email address or an Internet connection then you are a target.
  6. There is no such thing as 100% secure  – against popular belief, there is no such thing as being totally secure.   The digital world is ever changing, so are the tactics, strategies and targets of the cybercriminal.   There is always someone else out there who knows that little bit more.
  7. Everyone is a target  – if you have a smart device – you are a target.   If you have an email address – you are a target.   if you have a web site – you are a target.   The larger your digital footprint the bigger the target you are.  The more your footprint will be targeted by the automated systems that are sold by the criminal gangs.
  8. Technology is not the only answer  – there are four components of being secure in the digital world.   Technology is one of them.   The other three are management, adaptability and compliance.   All four components together make a more secure environment than just technology alone.
  9. People are your best defence  – your staff and users can be either your best Defence or your biggest problem.   If you educate them with proper digital hygiene then you will not only get them to protect themselves but also the flow on effect is that they protect your organisation.
  10. Complex, unique and long passwords are good for business  – we all hate these.   To access the digital world we need a username and password combination.   The more we rely on the digital world the more important these components are.   All passwords should always be complex (letters, numbers, symbols, capitals), more than 8 characters long and they have to be unique for each site.  That’s pretty easy isn’t it?
  11. Penetration testing will prove you have it right  – penetration testing is one of the best ways to test your defences.   Penetration testing should also be carried out across all components of the business.   From websites, to cloud Infrastructure, from social media to smart devices.   A contracted penetration tester should have carte Blanche across the whole network.   You are not on a witch hunt or targeting the IT department, you are finding holes in your organisation and finding ways to resolve the risks before you are compromised or hacked by the bad guy.
  12. Think when using social media  – social media is great.   It is also one of the best systems used for social engineering by the bad guys.   Information that is posted to social media sites is there forever.   Educate your staff about the dangers of social media.   Put a social media process in place to ensure that trade secrets and intellectual property is not posted out there, and each post is checked before going live.   In the heated exchange of a social media discussion, think before posting.
  13. Get paranoid  – paranoia is the understanding that everyone is against you.   In the digital world this is truer than our normal world.   Does that make you paranoid? Not really but having the understanding that everyone in the digital world is out to get you makes you more secure.
  14. Use common sense  – everyone remembers the old Nigerian Prince scam, people are still getting caught by it.   There are a number of things to remember on the digital world – if it is free then it is not (you always have to give something to get something), if it’s free it could be infected with malware, if it’s free somewhere along the line you will have to pay a lot more than what you expected.   Using common sense to make that decision is critical.
  15. Email is a broadcast medium – We often forget that although email is targeted, sent specifically to individuals or groups of people, it can go astray.   It could be sent to the wrong person via the email fields being filled in automatically.   Email can also be forwarded, printed and scanned, sent to people who it was not intended.   Like all types of communication be careful with email.
  16. Digital security is a whole of business endeavor  – we are constantly told that digital security is an IT problem.   No it’s not, it is a whole of business endeavor.   Everyone and every department has an impact and input on the digital security of the organisation.
  17. Have a mantra  – I have a mantra “digital security is my problem”. What that means is that I take personal responsibility for protecting myself and protecting others.   The more people who change their attitude to this mantra the more secure your organisation will be

A digital security expert can and will make your business more secure and like any other profession, what they bring to the table is well above normal expectations.   Like accountants and solicitors their expertise can save you substantial amounts of money, sleepless nights and angst, just by them doing their job.

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME digital security framework.   He is a Speaker, Author, Teacher and educator on cybercrime and how to protect yourself from the digital world.


(Video) What questions should I be asking about my Managed Service Provider

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses –  What questions should I be asking about my Managed Service Provider

[start of transcript]

Hello my name is Roger and today I’d like to talk to you about what questions you should be asking about your managed service provider or your access source I.T. company. There are a number of questions you should be asking before you even get involved with an outsourcing company. Are they stable? Have they been around for a while?

Have they been around for three years or have they been around for three months? Depending on if they’ve been around for three months also depends on what sort of expertise they have. The next question you should be asking is are they scaled.

Your business is booming and you have now gone from ten people to twenty five people in a space of three months. So are they going to be able to manage that scale when that happens for your business? Do they have any experience and the expertise within the business?

Do they know how to set up a Cisco rather or are they going to play around with it and hope for the best? Do they know how to set up a client based server, or again are they going to hope for the best?

Have they got policies and procedures in place to make sure that if John Watts comes into your office to fix something that Peter, the next I.T. person is going to come in and not have to relearn everything that’s been done?

This is really important because if you’re paying an hourly rate he’s going to take three hours to do so that he took an hour to do because he doesn’t know what’s been done and that’s a really big impact on a business.

Another question you should be asking is also are they helping my business. Are they making sure I have the right technology? I’m using the right technology in the right place. I’m using the right systems to make sure things are going to work.

Because if you don’t do that, then your business is going to have problems competing with other businesses and you’re going to have that sort of issues with making sure that you’re competing at the right levels.

One of the other things you should be asking is are they nameless and invisible. Have you had an MSP or contract with a company where you haven’t seen anybody? The only person you’ve spoke to is a voice on the end of the telephone. The only person you speak to is a new man. Are they in your office? Do people see them? Are they seen regularly to make sure that your systems are working to the best level, not just invisible to everybody else?

Thank you very much.

[End of transcript]

(Video) How can a MSP / MSSP increase business efficiency

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses –  How can a MSP / MSSP increase business efficiency

[Start of transcript]

Hello my name is Roger and today I’d like to talk to you about how a managed service provider or a managed security service provider can increase your business in efficiency. SMEs have a large problem when it comes to I.T. Not so much that they don’t understand it, but what happens is in a small or medium businesses up to twenty five people, you usually end up with someone who knows computers.

They will be doing all of the stuff that they need to do to make sure the business is working. Those people who know computers might be a salesman. Might be the secretary. Might even be the CEO, who have a lot better things to do than looking after the printer or making sure a database is right.

You are taking people away from their core business and I know CEOs like to work sixty hour weeks, but I guarantee if you take the I.T. worries away then they have a better way of making more money and it’s a better way of doing business.

So an MSP and an MSSP coming to the table as an outsourcing product gives you a large area to be able to work with cause they have better ways of doing business. They understand the technology and they can implement more efficient and effective solutions for your business.

They’re not there just to be—to implement stuff that’s not going to work. They are going to make sure that it’s going to benefit your business and take you to the next level.

Thank you very much.

[End of transcript]

(Video) AntiVirus does protect you in the digital world

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses –  why and How antivirus protects you in the digital world

[start of transcript]

Hi. My name is Roger and today I’d like to talk to you about antivirus and how antivirus protects you in the digital world. Now there’s a couple of schools of thought about antivirus. One it doesn’t work, one it does work. Those schools of thought, correct in both respects, sometimes it doesn’t work, sometimes it does work, but an antivirus system is also designed to do a number of things.

One, it catches the old problems that we’ve had. It catches all viruses, which are out there and they are [0:40 inaudible], but it also catches things that have been in store on your system that weren’t classified or weren’t called out before but are now.

A regular scan will catch those infections because the regular scan is now using the new systems because those updates are now looking for the components that are on your system. But anti-virus also does one thing. It only does its job if two things that are happening.

One if you’re patching your system and two if you’re regularly updating your antivirus. So whether you update or scan [1:27 inaudible] your definition is part of the process to make sure your antivirus does protect you from digital work.

Thank you.

[End of transcript]

(Video) What is Business Continuity?

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses –  Business Continuity

[Beginning of transcript]

Hello! My name is Roger and I’d like to talk to you about what is Business Continuity.

Business Continuity, along with disaster recovery, are looking at critical compartments and functions of the organization and make sure that they will continue to run if there’s an interruption to your business.

So, it counteracts business interruptions to a level where you know that if something is going to happen or something has happened, you will be in a situation where it will be a better problem day forward.

So, with the business continuity plan, you have to have solutions to problems and business continuity does solutions have to have an understanding of how they are going to impact the business of the organizations.

There are two main components of Business Continuity:

Your Recovery Point Objectives –which ones do you want to get up and running again and how fast you need to do that is called a Recovery Time Objective.

And those two components are what you should be looking at in the business to find out what is going to be good for your business and how fast you need things up and running.

But with that Business Continuity, there’s a lot of things. You have to understand that if you have a disaster and you need the business continuity plan or the business continuity has to come in to it, you need to know that you have to spend money to get back to where you were and who has the purse strings and how people access that money is part of business continuity.

Also, you need to have a compliance component. The compliance component make sure that your business is up and running and protecting everything that it needs to protect your tasks.

Thank you very much.

[End of transcript]

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   Rapid Restart Appliance Creator.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world. 

(Video) What is Business Continuity Planning

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses –   what is Business Continuity Planning

[Beginning of transcript]

Hello. My name is Roger and today I’d like to talk you about Business Continuity Planning.

So, What is Business Continuity Planning? Well, that is making sure that if something happens to your business, that the business is going to continue as business as normal or if something has happened and it has a detrimental effect on you, how far or how long is it going to take before you get back to business-as-usual.

Today in business continuity plan, you have to have an impact analysis of what risks and mitigate those risks to make sure that you have the best in place of things if things go wrong that they could recover from.

So, you need to have your Recovery Time Objectives – what is critical to the business, how fast does it need to be backed-up? If something fouls and it is critical to the business, can it be done at all? And if it does go down, what are you going to do about it?

But also, you need to do a risk assessment and this is all about risk. You’re looking at the risks of the business and making sure that you are taking overly-expectant consideration in making decisions based on those facts. If you need email to work all the time, then that is a business continuity consideration. If you need your database to be accessible at all times for the website, then that is a business continuity assessment. And then you have to mitigate all those risks to put systems in place so that your business continues no matter what.

So if you have a on-site, website server and your internet goes down, then you lost a large component of your business. So how do you make sure that doesn’t happen? Well, you have to download systems or you move your server, you mover your website to a cloud or to a cloud-server or to a hosted system. But on top of that, you have to also keep monitoring and testing to make sure that if things are changing, how do we make sure that business continuity is changing with them. And if we add things or remove things, we have to change the plan to make sure that we are no longer consuming the old technology and we are now using the new technology.

Thank you very much.

[End of transcript]

(video) How to increase Cyber Awareness within an SME

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses –  How to increase Cyber Awareness within an SME

[Beginning of transcript]

Hello. My name is Roger and I’d like to talk to you today about how you can increase in your site cyber awareness within a small and medium enterprise.

When it comes to cybercrime and the cyber criminals, everyone and every piece within your organization is a target and those targets are what the cyber criminals go after all the time. So, you have to make sure that people are aware why we do these things, why you are in the process of protecting it and you are in the process of protecting them as well as your business or organization, your staff and your clients.

That is why passwords are so important. And the way to come up a better way of doing things, passwords are going to be around for long. And passwords, not only on your systems but also on systems that are being installed. So your wireless access point. . Your router needs a decent password. You better need decent password, your internet connection need a decent password.

And what I mean by “decent” is it is complex, it is more than 8-characters long, and it is unique to the piece of equipment that you to put it on because the cyber criminals are very, very clever. And you need to understand that being clever, they’re also very aware of what normal people do on the internet. And they make sure that they exploit better.

Thank you very much.

[End of transcript]

(Video) How to create a Business Continuity Plan

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses –   How to create a Business Continuity Plan

[Beginning of transcript]

Hello. My name is Roger and today I’d talk about creating a Business Continuity Plan.

Now, Business Continuity Plan is really important for any business going forward but it has a 5-point life cycle and that life cycle is used to make sure that you are always up-to-date with your business continuity. So the first thing that we have to look at is what risks are in the business and what risks will impact the business to stop it from going forward and continuing to do business.

We don’t have to design a solution around what those risks are and then we have to implement those designed systems to make sure that we are looking at how things are going to run and how things are going to be at a business continuing level.

From there, we need to test it. Now, testing can be one of two things. One of the two things is you can do a hypothetic ‘what happens if this happens?’ Will these things be in place and that’s great. Or you can do it physically – turn off something. What happens if I turn off this? Oh no, that’s broken.

And then from there, we can maintain it. And that maintenance they looks at all of the new additional components that we bring into the business as we go forward as a business. So, new technology – better business continuity.

But going back to the analysis, we have to look at business impact statement – what systems impact the business the most? What is the most critical part of the business? What is the biggest threat and how do we analyze that threat to make sure it is all right. And then, once we’re done with that, we need to go, well, if we’ll lose this, what requirements are we required to recover from that problem?

We need to have a business continuity plan for security for ourselves and we also need to put into account as an individual business what components could go well to that plan. And with every organization, it will be different. You might have two problems but they might have different requirements to make sure that they have business continuity and their business continues no matter what.

Thank you very much.

[End of transcript]

(video) Are you sick of your ICT costing a fortune

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses –     why ICT cost so much to implement

[beginning of transcript]

Hello. My name is Roger. Are you sick of your technology costing a fortune?

So let’s have a look of why it costs so much. A lot of large organizations especially in our space, people like CISCO or fortiGate, invest a lot of money in understanding what the bad guys are doing. They invest a lot of money in doing technology to make sure that the bad guys are not getting in to your systems and that is one of the reasons why they’re a lot more expensive than some Dlink or Linksys.

So, you need to know that although technology is expensive and if you bought something like a fire eye system depending on the size of the organization, it comes down to making sure that you are understanding the risks to your business.

If you don’t consider the risks of being hacked really important, then you won’t spend a lot of money on protecting yourself. But if you the other attitude where my business is critical, my information is critical, my information about my client is critical, then you start to invest in making sure that you have the best environment.

The other alternative to making sure that you have the best is to outsource and you can use better technology to deliver better outcomes within your business because you are not paying capital expense to bring that into place.

And because you’re not paying large amounts of money as an initial outlay to make things work, and then you’re training people up to make sure they are working, then you need to know that the systems of the outsourcing company is going to bring to the table are going to be a lot more productive and beneficial to your business.

Thank you very much.

[End of transcript]

(Video) Cybersecurity is MY Problem. What the mantra means!

Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime and cybersecurity discusses –  the reason that everyone needs a mantra – you can borrow mine – Cybersecurity is my problem – Rotary Talk

[Start of transcript]

Thank you for the introduction, that was great. Today I like to talk to you about what happens to your financial security and your digital security if you get hacked and the bad guys steal everything.

The digital world has a population of between 2.5 and 3 billion users. It’s the biggest community on the planet. And because we are now focusing everything towards the digital world we are forgetting a number of aspects that really make human life a lot easier.

The digital world is becoming our social platform. It’s where we do business. It’s our network. It’s how we read our news. It’s what we look for if we need to buy something or find something or do something. It’s been an innovation and it’s happening more and more and more. It’s where we keep our websites and its how we market to each other and to the world.

The reason why we are now starting to use the digital world more and more is because of two things. One is its cost effective and it’s very cheap to do. Normally for a small business to go into marketing it used to cost thousands and thousands of dollars but with today’s digital world we now can do our marketing for a fraction of the cost.

But it’s also convenient. I can pay my bills while I’m sitting in a cafe. I don’t have to go to a post office or I don’t have to go to the bank. As we go forward into the digital world governments are going to cut services and going to put more things online. Banks are already closing their branches and putting more things online. Small businesses are now focusing on what the digital world can do for them.

And because of that we now have this really big separation of what the big guys are doing and what the small guys are doing and what the good guys are doing and what the bad guys are doing. In today’s world what we see is this part, the tip of the iceberg, literally the bit above the water. That’s where we do most of our business. That’s where we do most of our searching and that’s where we do our marketing.

This section underneath is so much more dangerous. And it constantly flows from below to the upper. Let’s just do a little bit of history about crime itself. And crime against people used to happen a long time ago when it was one-on-one. It was I needed something and I took it from someone. And whether it was legal or not it was just the way things went.

In the 1600’s we moved our money into the banks or the money used to move around in stage coaches or trains. So we then had the problem where it was if I wanted to steal money from a bank I was a small group of people stealing from a larger group of people. So that was one to many.

In 2014 in target attack there was a group of people who stole something from 34 million people, a third of the entire population in the US, exponential rise in rewards and exponential rise in targets because that is the way we are going.

So really why are they targeting everyone? Well, for one we are connected to the digital word. If you are connected to the digital world you are a target. And not just because you have something, it’s because you use something. Yes, they are after our money and our access to money.

As I said we can do our banking from a cafe. But if you’re connected to a free Wi-Fi system then the bank guys can steal that information. They are after our intellectual property. Our intellectual property is really important to us. It’s our date of birth. It’s our tax file number. It’s where we live. And each one of those individual components of our personal information is not a big problem. But when you start linking them all together it allows a criminal to come out of the digital world and go into the real world and go to a bank and open up a bank account in your name. And you definitely don’t want to be in that kind of a trap.

But they are also targeting our technology. Everybody has a smartphone or a tablet or laptop. And they are targeting the utilization of that technology. But on top of that they are targeting things like your Wi-Fi connection, your Internet connection because that is how they do business.

The bad guys rely on us trusting them because that’s what humans do. Humanness, Gullibility and Honesty is all part of the human animal. The trouble is the bad guys know this. And they are very good at making us trust them.

In real life you meet someone and you shake their hand and you see what they look like. In some cases they are so nice. Sometimes you get the feeling that they are not very trustworthy. The trouble is in the digital world we don’t get that feedback. In the digital world we have one point or one sense that we use and that is trust. And then we have to work out from that picture whether we are going to trust them.

So how do they get in? Well, the bad guys are notoriously good at using the systems we put in place to further their own needs. They are really very good at finding holes in software, some operating systems, applications, apps on your phone, your phone operating system. They are looking for ways to take over the control of that device and that technology.

The problem with a lot of these things is that most of these holes in software don’t lead to anything. It’s one in a hundred that have the capability to be uncompromising and compromise your technology. But that’s all they need because it’s not an individual person sitting in a dark room who is doing this, it is an application that they have on their laptop that is trolling the Internet looking for those exploits. When they find them they then utilize them to take over your technology. And you definitely don’t want to be there.

The other thing they use and regularly use is Spam. An email that comes to you that is not warranted. Now previously over 5 years ago Spam just used to be a nuisance. “Do you want to buy Viagra?” 5 years ago the cyber criminal saw how beneficial it was to be able to use Spam to target people. That targeting of people makes it very interesting for us as users because now we get email that is caught by or sent to us and we look at it and we then make decisions.

The next step up from that is fishing where they use a bait. And spear fishing is they literally go out and target you and aim arrows at you and that’s where spear fishing came from. Spear fishing is mainly social engineering. They will go onto your social websites. They will go onto your social profile and look at what you do and who you do it with, who your friends are, who you know, where you’ve been and what you’ve been doing. And then they will target you in an email that is designed specifically for you. When that happens you have to be very aware of what’s going on.

I was saying that we have to protect our own technology. Our own technology is very important. But the people who got websites need to have that protected as well. If you’ve got a Cloud-based system or a Website hosting system then the underlying operating system also needs to be patched because that is also a target of cyber digital criminals.

So how do I create security in my own self? I’ve got to keep my information systems secure. I’ve got to protect my assets. I’ve got to understand the dangers and I’ve got to back things up because you never know when things might happen that you have no control of.

For instance if I leave my mobile phone over the top of the car and drive away, then A-I’ve lost my mobile phone. But I’ve also lost my contacts. I’ve lost all my information about what I’ve been doing. I’ve lost a lot of information that is irreplaceable because I haven’t backed it up. The digital world is notoriously bad that if you turn something off then most of the information is lost and you have to be really aware of that.

So how do we protect ourselves? For me I have a mantra, Cybersecurity is MY problem. And if everybody else had that mantra, Cybersecurity is MY problem then we will be able to make sure that we are protecting ourselves all the time. But my mantra has 6 components. And this is what makes a secure environment for your own safety.

The first thing we need to look at is Passwords. And everybody has passwords and we all have used passwords. And those passwords can be literally anywhere doing anything. Your passwords are your passport to the digital world. And they are very important. But with the rise of the cyber criminal they are becoming more and more protective of what you do.

So passwords have to be complex. Anything on the table can be used in your password. They have to be more than 8 characters. If they are less than 8 characters, for instance a 5-character complex password can be cracked with a Brute-force attack in 2 hours. And it goes up, it escalates from there.

One of the things that people really have trouble with is your passwords have to be unique for every site you visit. First question people are going to ask and everybody in the audience is going to ask is, “how the hell I’m going to remember all those passwords?”

Well, there’s a number of ways that you can do it. One is you get a system like PassSafe which is a system that sits in your browser that remembers passwords. You have a master password that has to be complex and with that you do everything else. But the second thing of that LastPass is it creates complex passwords that it remembers.

But if you don’t want to really go down that and if you want to keep human control of your passwords come up with a phrase that you will remember. “Every Saturday I play golf.” Turn the end into 1 and put a space at the front and put a dot on the end. You can actually write that down, “Every Saturday I play golf” because you’re going to remember that. Okay, that’s 7 characters already.

Now I want to go to Gmail, “every Saturday I play golf” Gmail. “Every Saturday I play golf” LinkedIn. “Every Saturday I play golf” Internet. You know what the password is because you know what your standard password is that nobody else does. And you can actually make sure that people can’t understand that.

The second thing we have to look at is patching. We all know how annoying Microsoft, Apple and Android can get when it comes out and say’s we’ve released a new update and you have to update your ownership. Well the new update in most cases is not for functionality. In most cases it is a security update because someone has told them that they have a problem with their software that they have now created something that stops that problem from arising.

Going back to the exploits most viruses and malware are targeted at those exploits. Because they are targeted at those exploits then if you don’t patch those exploits then we have a problem.

In 2003 I think it was we had the Code Red problem with all the database servers on the Internet who were running Microsoft Explorer. This is the first time that patching really came to the fore. Microsoft wanted to have a patch 6 months before Code Red was released. And all of the systems administrators went “No”

Code Red was released and it was infecting a hundred thousand servers an hour and at that time if it was patched Code Red would have gone away, not a problem. It was very important that they did it.

All the systems that are connected to the Internet and connected to the digital world have to have some form of antivirus installed, whether it’s an Android, an Apple, a Microsoft, an iPhone or whatever it needs to have some level of antivirus to protect it from malware and viruses, it’s really very important.

People go, “well I can’t afford that.” Well, you can’t afford that, in most cases it’s expensive but there are solutions. We bought a product called FortiClient which is from FortiGate. And what it does is it’s on all of those platforms and it’s one of the best antiviruses available and it’s free.

And the reason why it’s free is because FortiGate are an Internet security company. Their products are high-end Firewalls that are going to enterprises and organizations. But when J-Bolt is connecting via VPN, Virtual Private Network to our systems they needed to make sure that the PC’s were clear and that’s why they came up with this solution. What they said is, “okay, we will create an antivirus product which also does the Virtual Private Network component. And we will make sure that the PC’s are clean.”

All systems also have a Firewall. And a Firewall is literally a wall between you and the digital world, your device and the digital world. A Firewall has stuff to go from your digital device and go out to the big wide digital world, get information and bring it back. But what the Firewall does is it stops anybody connecting to your device and a set request is left for the system. So it’s very important to have firewall.

As I said before you never know that you are going to lose your phone. You never know when your laptop hardware is going to fail. You never know when your server is going to fail. You never know when your building is going to burn down and it’s going to take everything with it. So back it up.

But the thing about backing it up is to make sure that the backup is not where the device is. So if you got a USB hardware on your laptop and you’re travelling a lot make sure the backup is at home while you’re traveling. So if something happens to your laptop you are certain that you haven’t lost everything. And I’ll tell you what when that happens to people it is really heart-breaking because you lose your files, you lose your data that you have been working on, sometimes you lose things like access to bank accounts and all of this stuff, very important.

There are two things that we push as IT people who are very aware of what is going on in the digital world. Be paranoid and it makes sense really. But the reason why you’re paranoid is that practically everybody on the digital world is after you. And that is really how you have to look at it. They are after you for all of those things I just talked about before, your money, your access and whatever. It’s very important that you do not let people get to it.

The other one is that you use common sense which surprisingly is lacking in the digital world. The common sense will protect you when other things won’t. If the website you go to says “I’m free,” no you’re not because they are looking for the information. They want you to fill in a form. They want you to do something. That initial point of contact is again what they are building trust on.

Here’s the bit on drivers. So you’ve installed a new printer but the CD is no good as you’ve got Windows 8 and this system is d designed for Windows 7. And you got onto the Internet you go to HP 5600 drivers Windows 8.

If you do that you’ll notice within the Google search results that a top 5 or 6 will have nothing to do with that HP. So again be paranoid. Go to the end of the third one that says HP or www3.hp.com/ or whatever. That’s an HP site. If you go to hpdrivers.com then you are not going to an HP site. It will even look like HP but I can guarantee you it’s not.

So this is how you secure yourself. Keep the mantra going, Cybersecurity is MY problem because if you do that you have a smaller change of being compromised than the person who hasn’t got that kind of a help. Use complicated, individual and unique passwords.

Patch everything. Patch it in a timely fashion. What happens to some of our clients is they come to us and they go, well my laptops playing up. When we got a look at it they haven’t applied patches for 12 months and there’s 220 of them. This is a problem.

Use a good antivirus whether you pay for it or not, use a good antivirus. Never turn your firewall off. You can make holes in your firewall but never turn it off. Get paranoid because in the real world and in the digital world everybody is after you because there are automated systems that are testing you and your appearances all the time.

And you use common sense. Read what the website or the site says. One of the ways that criminals get you to do things is they will have a URL that looks like a real URL because they know that if you go to anzbank.com.au it’s not the same as anz.com.au. It’s a criminal’s site.

My name is Roger. I have a couple of books that I wrote if you want to have a look at them. If you need to access some questions of us contact us on any of those. We run a regular Twitter feed. We are on LinkedIn. We have a Google Plus page. We are on Facebook and we are on YouTube.

And we run Seminars and webinars regularly. Webinars are run on Google Hangouts. We haven’t run one yet but we will be. Seminars are running in Sydney, Melbourne and Canberra monthly and in Adelaide, Perth and Brisbane quarterly. Thank you very much for your time.

[End of transcript]