Cyber Security Basics

Cyber Security Essentials For Small Business

Estimated read time: 1:20

    Summary

    This enlightening webinar, hosted by Seed HR, focuses on essential cyber security measures for small businesses. As presented by Evan from Enabler Technology, the talk underscores the increasing importance of cyber security in safeguarding a business's valuable data against threats such as ransomware and phishing attacks. Key points include understanding risk levels, the significance of secure passwords and multi-factor authentication, and the role of continuous education in maintaining a robust security posture. With a practical approach akin to protecting one's home, Evan provides actionable tips for upping a small business's cyber security game with cost-effective measures and a focus on prevention over reaction.

      Highlights

      • Kickstarted the series with the hot topic of cyber security! πŸ”₯
      • Meet Esther, your guide to HR and cyber learning! 🌟
      • Interactive Q&A brought clarity to cyber doubts! πŸ—¨οΈ
      • Evan’s house analogy simplified cyber security effortlessly. 🏑
      • Insightful tips on managing remote workers securely. πŸ’Ό

      Key Takeaways

      • Cyber security is crucial for protecting your business, just like securing your house. 🏠
      • Secure passwords and multi-factor authentication are fundamental for defense. πŸ”
      • Education and continuous learning are key to staying cyber safe! πŸ“š
      • Use a password manager to keep your credentials safe and share securely. πŸ”‘
      • An incident response plan is vital for when things go wrong. 🚨

      Overview

      The webinar kicks off with Esther from Seed HR, introducing cyber security as a critical focus for small businesses. Highlighting the importance of continuous learning, Esther underscores the need for businesses to engage experts like Evan from Enabler Technology to help navigate the complexities of IT security. Evan, a trusted partner, is praised for his ability to make technology a positive force for change, emphasizing a simple, accessible approach to security measures.

        Evan's session brings to light the various risks small businesses face, with a particular focus on phishing and email compromise. Through a relatable house analogy, he explains how cyber security emulates the layers of protection one would use to secure a home. From securing passwords and using multi-factor authentication to implementing firewall and endpoint protection, Evan presents a comprehensive suite of tips aimed at fortifying business operations against cyber threats.

          Rounding off with a Q&A, the session tackles common concerns about remote workforces, the security of mobile devices, and best practices for training teams on cyber risks. Evan stresses the importance of having an incident response plan and leveraging resources like government guidelines for more robust security strategies. Overall, the webinar is a call to action for small businesses to treat cyber security as an ongoing journey, crucial for ensuring the longevity and safety of their operations.

            Chapters

            • 00:00 - 03:00: Introduction The introduction kicks off the small business mastery series at Cedr, focusing on the critical topic of cybersecurity. The webinars aim to connect attendees with trusted experts from the HR community. The speaker expresses appreciation for external expertise, particularly in areas outside their core competency of HR.
            • 03:00 - 07:00: Expert Speaker Introduction The chapter titled 'Expert Speaker Introduction' starts with the speaker emphasizing the importance of lifelong learning, hoping the audience will gain new insights from the session. Esther, the speaker, introduces herself as the co-founder of a business. She then introduces her business partner, Christie, inviting her to unmute and greet the audience, which Christie does by saying hello and briefly mentioning their business together called Seed.
            • 07:00 - 11:00: Cybersecurity Overview The chapter titled 'Cybersecurity Overview' discusses the experiences of a group of women working together to assist small to medium-sized businesses in Australia. Their primary aim is to help these businesses build strong and high-performing teams. Part of a webinar series providing practical tools for success, this chapter emphasizes community building and shared learning. Housekeeping notes for the webinar are mentioned, but not detailed in the provided transcript.
            • 11:00 - 14:00: Importance of Data Protection The chapter titled 'Importance of Data Protection' emphasizes minimizing background noise during virtual meetings by using mute and engaging through emojis available in team applications like a react smiley face. It encourages interactivity and allows posting questions in chat or unmuting at the end of the session, highlighting a focus on maintaining an interactive environment.
            • 14:00 - 26:00: Strategies for Small Business Cybersecurity The chapter introduces the topic of cybersecurity strategies specifically tailored for small businesses. The speaker for the session is Evan from Enabler Technology, whose expertise is presumably in cybersecurity. The session aims to provide valuable insights and strategies for small businesses to enhance their cybersecurity measures. It also mentions that there will be a Q&A session at the end, and the session is being recorded to be sent out to participants afterwards.
            • 26:00 - 40:00: Q&A Session The chapter titled 'Q&A Session' highlights the value of Evan as a managed service provider, especially for HR professionals who may not be IT savvy. The chapter emphasizes Evan’s role as a mission enabler, dedicated to using technology as a driver for positive change. Their approach is characterized by a 'get it done' attitude, continuous learning, simplicity, and a culture of giving first. These values resonate with those of the seed organization, which aligns with why they choose to work with Evan.
            • 40:00 - 42:00: Conclusion and Next Webinar Announcement The Conclusion and Next Webinar Announcement chapter begins with a brief introduction of the organization's IT support lead, Evan, by Esther. Esther reassures the attendees that Evan, who holds a degree in IT and has significant experience in the field, is more than capable of managing their IT needs, particularly in cybersecurity. Evan then thanks Esther and the participants for the introduction and hints at the broader role their company plays in assisting businesses with technology management. The chapter likely sets the stage for Evan to discuss IT strategies or possibly announce details about a follow-up webinar centered on tech support or cybersecurity topics.

            Cyber Security Essentials For Small Business Transcription

            • 00:00 - 00:30 started. Thank you so much for joining us on our very first small business mastery series at Cedr. We've picked the hottest topic I think to kick us off which is cyber security and I'm really thrilled to have you here today. The purpose of these webinars is to really introduce you to experts that we trust and we know and we work with within our seed HR community. Personally, I couldn't run our business without the expertise of others. We we're pretty expert in the HR field, but it's so good
            • 00:30 - 01:00 to have that um presence of lifelong learning. I learn something new every day and I hope that you will take away something from this session and learn something new. A bit about me. My name is Esther and I'm the co-founder with my business partner Christie. Christie, maybe you can just unmute and give us a little wave and a hello if people don't know you. Hi everyone. I am Christie and Christie and I um run seed
            • 01:00 - 01:30 with another team of four other amazing women and um some of whom are on this webinar today and we help small to medium-sized businesses across Australia build strong and high performing teams. And as I said, this webinar series is all about giving um our small business community practical tools for success. Bit of housekeeping as always. Um it while Evan or I are speaking, if
            • 01:30 - 02:00 you could just try and um keep yourself on mute so we can minimize that background noise. Um if you know how to use emojis and teams, it's the react smiley face at the top. If Evan says something you love, you can give him a love heart or a hands up. And um you can post any questions that you have as you go along in the chat or at the end of the session, we've left 15 minutes for you to be able to unmute. We want to make this pretty interactive towards the
            • 02:00 - 02:30 end. If you've got burning questions or something you want clarification on, you can do that at the end of the session. Um, and we are recording the session as well, just to let everybody know, which will be useful when we send it out to you afterwards. So, I'm excited to announce our expert speaker, Evan from Enabler Technology. And what we love about Evan is what it says on the screen. He is a
            • 02:30 - 03:00 people first IT partner. And trust me, if Evan can be our managed service provider to a group of HR professionals who aren't always IT savvy, um that's what we love about him. Um their mission enabler is to make technology enablement the driver for positive change. Um their approach is a get it done approach. They never stop learning. They keep it simple and they give first. And I think that's why a lot of the values that we have at seed align with Evan and why we use him
            • 03:00 - 03:30 to provide all our IT support. He does have a degree in IT as well and he's been doing this for many years. So we're in good hands. So without further ado, I will introduce Evan. Thank you very much for that Esther and thank you everyone for having me. As you said, you know, we do what we say on the label. We help other businesses look after their technology. So cyber security is obviously a massive part of um our
            • 03:30 - 04:00 technology journey with a lot of clients that we work with with our businesses. It's really a case of education to make sure that they understand what cyber security means to them as a business owner. Uh as a business owner, it's really about growing your business and mitigating risk. And cyber security is no different uh when it comes to that. So our job is to help you be informed um and help you make accurate decisions and invest where needed to make sure that
            • 04:00 - 04:30 that hard-earned money that you're making isn't going straight out the door to some ransomware attack or fishing attack um as it can so often do. So what is cyber security in small business? Essentially I've put a graphic up there. It's the house analogy because it's such a good analogy to use for everyone. I like to try and describe cyber security in the same way that in your house you lock the windows, you potentially have the surveillance camera in there. You
            • 04:30 - 05:00 really um try to cater for quite a number of things to ensure that your valuables inside the house are looked after. And what you'll find is it's made up of a mixture of preventative measures, identification measures, and reactive measures. So when it comes to cyber security, it is no different. in your business, your data is your business and the worst thing for every business owner is sorry Marie says can't display that if you can see that Esther.
            • 05:00 - 05:30 Um for cyber security the data really is pivotal to your business and as a business owner it's all about understanding what is your level of risk and choosing whether you're happy with that acceptable level of risk. Our job is simply to help you understand it and recommend the strategies u to how to mitigate that. Thank you Esther. So what does this look like in a
            • 05:30 - 06:00 business? Well nowadays um fishing still remains the biggest threat to small businesses. email uh business email compromise is still a massive um component to uh businesses getting hacked and losing funds. I've included there um sorry can everyone see the
            • 06:00 - 06:30 slides? I think Marie was having issues but yeah maybe do a thumbs up if you you're okay with the slides. It might just be Marie. Yeah, looks like we're okay. Okay, all good. So, what I've done there is I've included a few screenshots. Um, the Australian Cyber Security Center releases a report every year. Uh, basically looking at the year that's gone. What have we recognized as the trends in the industry when it comes to cyber security? What is the impact to businesses? Where is it growing and
            • 06:30 - 07:00 changing? and what recommendations can we take from that uh as small business owners. So when we look at the trends here, we're still seeing significant funds being lost by small businesses. And all too often we're seeing that this is still happening through predominantly business email compromise, which is that fishing email. Um email compromise is still 20% of those threats that are reported.
            • 07:00 - 07:30 So what I wanted to do as part of this is to touch on a couple of key tips that you can take away from here to make sure that those I call them high impact areas of the business um are able to be controlled. Uh so what we want to do is make sure that we really cover the fundamentals of when it comes to cyber security. the fundamentals will really go a long way to making sure that your security posture uh maintains with the
            • 07:30 - 08:00 standards. Tip number one is secure passwords and multiffactor authentication. And what I mean by secure passwords is not having one secure password that you use for every single platform um and you can repeat it out for everyone to use. We want it to be something that's unique, random, and not used on all of the same platforms that you go to. So if any of those platforms get breached, there's less chance of any password reuse where people will be able to use your passwords or easily guess them into
            • 08:00 - 08:30 other platforms. For this, I would typically recommend for people to use something like a password manager. We recommend Keeper, which is a great tool uh to be able to synchronize your passwords between your laptop, your phones, your tablets, share them with people. Um, it really makes it a lot easier to store your passwords and your 2FA codes as well and it does it in a secure manner. Definitely worth looking at. On top of that, multiffactor
            • 08:30 - 09:00 authentication, it's free. There is literally no reason not to be using it. Multiffactor authentication um provides another layer of security. When you're signing in with your username and password, make sure you set up multiffactor authentication uh to go back to your phone with a six-digit code um using one of the apps like Google Authenticator or Microsoft Authenticator. So, there's that added layer of security as well. Tip number two, use a firewall and
            • 09:00 - 09:30 endpoint protection. Everyone thinks that just because you have moved your data to the cloud that there no sorry is no need to have security anymore where your devices are. When you synchronize your Dropbox, your Google, your one drive to your computer, that computer effectively has just become a gateway to all of your data. All they need is access to your computer and they've got free reign to essentially access your
            • 09:30 - 10:00 data as well. What we want to do is make sure that any malware that has entered the network, any sort of threats that have come onto your device or something of that nature, there is a proven um manufacturer vendor such as Sofos installed on there to be able to capture those and lock it down. Um, if you use a vendor such as Sofos, which goes through a technology partner like us, we'll get all the notifications as well and we'll
            • 10:00 - 10:30 be able to help you make sure that you action it accordingly if something ever does happen. The biggest problem with trying to do that on by yourself is if you don't check the alerts, then there's what's the point in having it in the first place. So, it's important to make sure that if you're going to have something like this, it's being monitored and being responded to accordingly. And tip number three, educate your team. So this is such a crucial but overlooked part when it comes to the security
            • 10:30 - 11:00 posturing of your business. Build it into your onboarding process. When you hire someone new, you don't know what their experience is with it beforehand, what hacks they've been a part of, what they have seen and haven't seen. And so they may potentially introduce one of the biggest vulnerabilities into your business. As we touched on, one of the biggest um ways of getting hacked is through that email compromise. So, what we want to make sure that we're doing is creating a security first culture where people come
            • 11:00 - 11:30 into your business, they learn about what are these hacks, how are they um how should they be treating them, how should they react to them, and what can they do if they're not sure uh about uh some of the concerns there. What you really should be doing is engaging with your technology provider or more so they should be engaging with you actually um and talking to you about how they can do a better job of educating your team about what they're seeing and how they
            • 11:30 - 12:00 uh can be responding to it. creating a process for when something like this happens and making sure that everyone that comes into the business uh is caught up to speed effectively on how your business operates and what your approach is when it comes to cyber security and seed HR will definitely be able to help with that on boarding process as well. So, what happens if you've implemented those tips? Uh, you still get hacked
            • 12:00 - 12:30 anyway, which look, there's a saying, um, you either have been hacked or you're about to be hacked. It's you're never bulletproof, unfortunately. And that's the reality. All we can do is mitigate risk as much as possible. The reality is that there's always potential to get hacked. But what you can do is make sure that when you do get hacked, you have a incident response plan. A process that says we know what we're
            • 12:30 - 13:00 going to do if something happens to us. We know who we need to contact. We know what the process is and we can efficiently and diligently walk through that process to make sure that um we've covered off all basis. We've communicated to the right people that we need to. We've contained the systems. You know, if you have your cyber insurance, you've enacted on your cyber insurance um as well and all the necessary steps have been taken in order there. What I've done is included a QR
            • 13:00 - 13:30 code there which goes to the Australian Cyber Security Center. They actually have a template on this, albeit it's something like 40 pages and ridiculously long. It really gives you all the nuts and bolts um to be able to develop an incident response plan. Obviously, you flesh it out for your size business and what's relevant to you, but it what it should provide is some thought leadership around some key things that you should be considering when it comes to your instant response plan. Do you have cyber insurance? Do you have uh legal contact to help you um understand
            • 13:30 - 14:00 what your responsibilities are as a managing director? Um do you understand what industry you're in and what type of data that you're holding and what concerns there could be if any of that data does get breached? you may need to notify um government bodies in regards to that as well. So definitely take a look at that and make sure that when you are building the plan, you involve those people in the plan. There's no point in developing the plan and not telling them
            • 14:00 - 14:30 that they're a key part in one of your uh business plans there. So cost effective tools and resources. As I said, MFA, it is free. If you haven't got MFA turned on, it's borderline negligent, but I would always recommend make sure you do have MFA turned on. It is um relatively simple to set up. And if you work with your technology provider, they may even be
            • 14:30 - 15:00 able to go a step further and do what's called single sign on, which means once you sign into one secure platform, i.e. aa Microsoft. It will then sign you into all of your other platforms as well. So, you're leveraging that really good security that you've built in that one um initial place. Education, there are plenty of resources out there. The Australian Cyber Security Center is one of them as well. They are constantly publishing information um around what they're seeing, new trends that are out there.
            • 15:00 - 15:30 It's a good idea to subscribe to the Australian Cyber Security Center and it gives you an opportunity just to see and maintain up to-date um information on what's happening. Although I will also say with education, reach out to your technology provider. It's a key part of what we do. Um here at Enabler, we offer lunch and learn event sessions where we'll work with the owners of the business to develop key agendas. So we cover off items that are really important to them and we can make sure we communicate that in a Q&A fashion so
            • 15:30 - 16:00 that there everyone gets an opportunity to be vulnerable and talk about what it is that they don't know or things that they need to learn about. It's a safe space to be able to do that. So they need that opportunity there as well. So I think I have gone through that pretty quickly but um if anyone has any questions please throw them in the chat happy to talk about cyber security
            • 16:00 - 16:30 um yeah feel free to fire away Marie um oh I just realized I'm already unmuted so one of my biggest questions right now because I'm just in a process of on boarding a VA and uh due to change in direction my business I spent a good year without a VA so I'm just in the process of getting a VA back on board which is in the work that I do really really important but of course it brings
            • 16:30 - 17:00 up the question of cyber security cyber safety because it has become such a norm to just hand over all your password and details to this VA because there is this inbuilt trust while they are you know with a VA company and it it's just what you do. You hand over the password so that she can uh log into your Canva to your emails to your you know to support you in your business. And to me there's always this yeah this ick of how safe is this
            • 17:00 - 17:30 you know and she's sitting in the Philippines and you know how vulnerable do I become through that? Um yeah I think yeah I'm going to leave it at that with the question. Thank you. There there's that's a great question and actually one that we come across a lot. There's two main considerations when it comes to this, right? So when you are hiring a VA overseas, the first question is who's supplying the technology that they're going to be using? If it's the VA company and they're supplying the
            • 17:30 - 18:00 hardware and technology, you don't have any security on that device to necessarily know whether that device is secure. And that's where I touched on um every device is essentially a gateway to your business data if you synchronize everything there. In that instance, we've often recommended that they work through a web browser uh only so that they um so they work through a web browser so that they're not syncing all their data to the workstation. So when it come when
            • 18:00 - 18:30 you first engage with your VA, one of the first things I'd say is can we manage the hardware? So they will bring the device in. Can my IT person manage it? So that they can put our company security on that device and we can manage it the same way we would as if it's in our office. Okay. So that protects it from a gateway perspective. Just so understand if I understand what you're saying if we're speaking the same language here. So for example, if I have a shared Google folder because I have a
            • 18:30 - 19:00 Google folder where I've got training programs in there. This is what you do when I finish my podcast. This is what you do to upload, download, share. Um, so would it not be a wise idea to share that Google Drive folder? Is that what you're talking about? Or I'm mainly touching on. So you could share it to them. That's not a problem. If they access it through the web browser, if they decide to start synchronizing it down to their computer and their file explorer um on their computer, for instance, you don't know what else is on
            • 19:00 - 19:30 that device that they're potentially sharing with your data. So that's one thing just to be conscious of and check with them. Yeah. The other thing you touched on around sharing passwords um with them, that's where something like using a password manager can be really helpful to get around that. Yeah. Because there are features that are designed for sharing with other people where you may not necessarily Yeah. So let's say you're in um Keeper, for
            • 19:30 - 20:00 instance, is the password manager that we use. uh your VA could also be in keeper and then you have the ability to share a password with them and you can see if they're accessing it. You can revoke it if you need to. You can even hide the password so that they can't see the password. They can only just input it on the screen. Um so I would definitely recommend looking at something like that. And then I've got Last Pass at the moment so I guess I can do the same thing with that. I never knew that. That's incredible. That in itself was worth coming here. Thank you.
            • 20:00 - 20:30 Yeah, thanks Marie. We've got a few questions in the chat. Uh David wants to know, can you please explain the best way to protect phones stroke laptops versus information on one drive like is there a danger using mobiles and accessing through that platform? Look through mobile phones. It is a growing space that you've touched on the security uh mobile device security mobile device management. It is uh still
            • 20:30 - 21:00 very secure um to be able to access one drive and those sort of data storage locations through mobile devices but there are some um I would say some recommendations around how you set that up. Um so for instance in Microsoft there's some security you can turn on which makes sure that people have to use biometrics to access their company data. Um so third party apps can't see any of that information. It's completely segregated almost. Um and we can even go
            • 21:00 - 21:30 as far as to say we can lock down the whole mobile device. um it is a lot safer than say Windows and um you know your Macs and whatnot purely because it's not as um as big of a space. It is a growing space though. So I would definitely say to be conscious of it. However, at the moment you turn on those basic security features and you'll get some fantastic collaboration um opportunities using the apps on your
            • 21:30 - 22:00 phone there. So definitely worthwhile looking at. Thank you. Kendall has a couple of questions. The first is, "How can businesses measure the effectiveness of their current cyber security practices?" And she uses Dashlane. No idea what that is. What do you think of Dashlane? So effectiveness, how do you measure it of your security practices? And what do you think of Dashlane? Yep. Firstly, Dashlane, great product. Fantastic product. What does it do, Evan? It's another password manager. Um,
            • 22:00 - 22:30 I believe they only bill in USD though and that annoyed me. So that was not for me to leave them. Um, so went to keeper. But to answer your other question around how do you know what good looks like? That is such a big issue in our industry. There's so much smoke and mirrors out there because no one um really fully gets the entire technical products that we are selling. cyber security uh to be able to really assess what does good look like or you know do
            • 22:30 - 23:00 you have good security we often recommend doing an audit against a a framework so in Australia we have a framework that's called the essential 8 which basically says this is what good cyber security looks like and doing an audit just shows this is what you have in place and this is what you do really well and it really helps highlight to you where the gaps are in your business and maybe it'll um prove to you that you have really good cyber security or maybe it'll expose that um you know you're missing quite a number of recommended
            • 23:00 - 23:30 things at a high level. There is the essential aid if you were to Google it um which would tell you what the A key items are at a very high level. And if you know that you're already doing some of those then you know you're on the right track. When you want to start to get a little bit more in depth though, I'd recommend doing a proper audit with an IT company. And look, your existing IT company should be able to help with that. But it can um it is usually a project on its own to do it. So it can start to get costly. But for businesses
            • 23:30 - 24:00 where they're wanting to take cyber security to be a priority for the next year um and moving forward, doing an audit really helps set a baseline and it's worthwhile investing in because it's really going to inform all your future cyber security strategies and discussions and you can really start to see what changes have you actually done and you have a reference point to know where the value is, what have you invested in and you know are you on the right track essentially. So, I would definitely recommend
            • 24:00 - 24:30 something like that. That mention of audits has asked answered Lois's question, I think. What does a cyber security audit entail? Um, and you're saying that starting point is using that essential eight. Um, and Christie asked, are there steps you need to take before you can get cyber insurance? Because I know that's another hot topic. Um, is it beneficial if you do your audit first and you have some policies in place before you then um, get that cyber
            • 24:30 - 25:00 security insurance? Yeah. So, with cyber security insurance, it is getting harder and harder to get it every year and the um, list of requirements is getting longer and longer as well. So, I always look at insurance um, as a reactive measure. I prefer to not get hacked in the first place um to be honest. So if you were to weigh up the investment between cyber insurance or investing in preventative measures that would stop them from
            • 25:00 - 25:30 getting in the first place, I'd always start with preventative measures and quite often the cyber insurance will require you to have a number of those preventative measures. Anyway, if you've done a cyber insurance audit and you're able to show that you have really good security posture, then uh some insurance brokers will reflect that in their policy and you may be able to find some efficiencies and cost savings in there. Um, however, it may I don't believe it's going to be a major saving because the industry is still
            • 25:30 - 26:00 evolving. And over the past couple of years, there's been a number of insurance providers pull out of supplying cyber insurance because they realized that they weren't pricing it right. They didn't fully understand the technical products they were selling and, you know, they were basically losing money on it. So now there's only really a select few which are doing it and it's be becoming quite expensive and quite challenging. So definitely focus on the preventative measures. I would definitely recommend. And you provide those audit services, Evan? Yes, we do.
            • 26:00 - 26:30 So we would happy to work alongside um your existing IT provider or if you don't have an IT provider, we can walk uh the business owner through what we would need to do and what that would look like. And if it turns into a long-term relationship, well, that's even better. And we have another Evan. Hi Evan. How important is it to regularly change hardware passwords, laptops, phones, tablets, etc. Look, the stance on changing
            • 26:30 - 27:00 passwords. Best practice was always, you know, every 90 days to be changing um passwords. There's a few different um I'd say views on this where the view on what password you use has changed from changing it every 90 days to really making sure you have uh a stronger password or past phrase I'll say if it's really long unique has a number of different characters so special characters uppercase lowerase um mixed into it then you're going to be
            • 27:00 - 27:30 relatively uh safe with what you're doing when it comes to having an extreme cyber um security posturing. Uh, a lot of those actually recommend that uh, no one actually knows the admin password at all and it's a randomly generated just in time access. And um, you get quite complex when you start going down that route. But definitely just make focus on instead of having something easy you can remember that you change frequently, just focus on having something really strong, complex, and unique to begin
            • 27:30 - 28:00 with and you'll be um, much better off. And that's Microsoft stance on it now as well. H um Christie wondered you talked about training your team on cyber security during onboarding. How often should you be retraining and I know this is a space that's evolving all the time. So what are your thoughts around that? So education in cyber security there's a few different ways that you can undergo your education. Right? So, there's the in-person events, which, you know, is probably what most people think we're
            • 28:00 - 28:30 talking about, which is a great way to do it. But there's also what they call simulated fishing attacks and education, which is softwarebased education. So for instance, Enabler technology and other IT providers would provide this piece of software where when people on board into the business, one of the first things that they will do is undergo um a level of softwarebased education to bring them up to scratch and then they will mix in with everyone else where they will be a part of what we call our campaigns where
            • 28:30 - 29:00 over um a year or two of a scheduled campaign everyone will you know um get tried and tested with a simulated fishing attack education and that will generally inform what our lunch and learn events need to look like. So if we're seeing a lot of people are really struggling with a particular trend when it comes to cyber security that's where we want to focus our engagements with staff members. So they do go hand in hand. Talk of fishing um with a PH Kate wants
            • 29:00 - 29:30 to know are there top ways or tips to recognize fishing and other social engineering attacks? And I guess if you do the training module and you get those regular ones, you might But have you got any top tips on on how you know when an email is dodgy or not or whatever else it might be? It's definitely getting a lot harder, especially with AI in place now. Um, a lot of the text that they're using is you say they're able to pick up
            • 29:30 - 30:00 sentiment and a lot of things if they know and they've seen previous um, email chains. So, it's getting quite scary with what they're able to um imitate, but definitely looking at the domain name. So, when you see an email come into your inbox, you're going to see the display name, which is more often than not that's the name that they're trying to pretend they are. And next to that is their email address. Um, and what you should be looking at is the respond to email address and seeing is that a
            • 30:00 - 30:30 legitimate email address um, that's coming in to the business because it is so challenging. We do try to focus on um, a few behavioral points around how you treat these emails as well. So, when you get an email like that, you should really be questioning yourself. Am I expecting an email like this? Would I normally receive an email like this? If not, and this goes back to that cyber security culture, you should be questioning it and saying, "Well, I'm going to assume that it's malicious. I'm going to assume that there's something wrong with it. I'm going to check before
            • 30:30 - 31:00 I action anything around it." You know, Esther wouldn't normally ask me to buy her a thousand gift cards, but in this instance, maybe, you know, but no, definitely um focus on that behavioral side of it. And you know, for instance, if people are emailing you around change of bank account details and those sort of things, they should always in this business process be communicated over the phone as well with a trusted contact from the business. And we've had clients ring us about what do we do? We just had
            • 31:00 - 31:30 a staff member who has had that happen. They've lost $1,000 of the business's money. You know, should we discipline them? So, you know, it's a whole um issue if it happens. Amy, great question from you. I have a remote workforce using iPads and often using public Wi-Fi to complete work. How can this be managed or controlled better for security purposes? So, there's I suppose two real options I would recommend. Either iPads look at um
            • 31:30 - 32:00 putting in place your own SIM cards on the iPad. So, they're not using a public Wi-Fi network. But as well too with iPads, there's a feature um in all mobile devices called mobile device management. And what that essentially means is we're able to implement a lot of the security features and controls which we would now put onto all of our workstations out there. We're able to make sure that those iPads reflects the same um level of security so that other people that in the public network aren't
            • 32:00 - 32:30 able to um interfere with that iPad and or physical as well. If someone takes the iPad, they're not able to access uh key business data as well. So, I'd definitely be recommending what's called mobile device management for your iPads. Great. Thank you. Um, oh, interesting question because half of our team use Macs and the other half don't. I've been previously told that Apple Macs are more secure and difficult to hack compared to other
            • 32:30 - 33:00 brands, eg Windows. Is this the case? If so, why? No, not really. It's most of the business world still operates on Windows has I mean it's probably shifting a little bit shifting the balance but it's still majority Windows. So put your business hat on. I guess if you're a hacker you're going to spend your time trying to get into Windows because that's where most of the people are. That's where you'll get the ROI. That's really the main reason why Windows is so much more susceptible to hacks because that's that's where the market is. Yeah,
            • 33:00 - 33:30 with Macs, you know, go back 5 10 years, a lot of people didn't even really put antivirus on their Macs. Now that there's a lot more of a growing population of MacBooks out there, we're starting to see more malicious attacks on the Mac OS operating systems. So, and a lot more people are conscious of that and now they're really starting to follow suit with what Windows devices are doing. So, I think they should be treated equally because they're both just as susceptible as each other. Um
            • 33:30 - 34:00 they there may be some balances in there but definitely um yeah something to be conscious of. Is there an anti another question? An antivirus system you would recommend for Macs? Yes, same one I'd recommend for Windows. It's called Sofos. S O P H O S. Um we use Sofos uh for all of our email security, for all of our device security, and all of our networking security as well. They're a fantastic brand. Um, and I'd highly recommend
            • 34:00 - 34:30 going through a partner if you do down go down the route of doing so. As I mentioned, if they have alerts, it's important that someone actually checks them and knows how to action them because there's heaps of jargon and doesn't make sense to most people. We use Sofos and today I tried to get on the website of a pub and it wouldn't let me. So, I had to ask Evan if he would please let me go on to a tobacco and alcohol site, which was quite amusing. Um, Evan, is there best, not Evan, the
            • 34:30 - 35:00 other Evan in the chat, Evan Gilchrist, is there best practice on how to provide billing details to circumvent any intervention attacks that may occur? The way that um this is I suppose the industry is really shifting is billing details aren't even encouraged to be on invoices anymore. From a data governance um perspective, we're really encouraging people to start when they on board a customer, there should be some sort of on boarding process and on boarding form
            • 35:00 - 35:30 so that they're verified, all the details are verified together all at once and they're captured in the system. When it comes to updating um billing details or other critical information, that would really you'd start to be thinking about what's our change management process then? who has the approval ability for that, who can um provide that information and how should we be verifying it and updating in our system. So, I always say a phone call to that trusted person in the business that
            • 35:30 - 36:00 you know um is the best way to do it. But, you know, when you're dealing with larger businesses and there's multiple people in there, it obviously can get challenging. When it comes to sharing um those forms for if you're adding someone onto an account with your business, we often recommend it's better to upload those forms directly into your SharePoint or one drive, you know, shared folder to them rather than transmitting it via email as well. Once they're on your account, um then the BSP and account details on your invoices on
            • 36:00 - 36:30 the PDFs um shouldn't even really matter after that. Thank you. Um, Evan again, I get a lot of VPN ads saying they enhance security. Are VPNs something in the business IT landscape? Is a VPN a virtual private network? It is. It is. And we use VPNs less and less now. And look, VPNs, all they're those ads, all they're really doing is moving you to another geographic location. Is there any
            • 36:30 - 37:00 security benefit to it? Not really. you're just bypassing, you know, Netflix and um the geo blocking that comes with it. So, from a security point of view, there's really not much because your internet connection is still going out through your internet service provider, i.e. Telra or whoever it is, and it's still going through a NVN network in order to go out to via your VPN network and back out. I It's a bit of a gimmick.
            • 37:00 - 37:30 Um to be honest, you're better off actually going the other way with your security and in Microsoft and which geo blocks anyone outside of Australia from being able to access all of your information using geob blocking. So VPNs are a little bit of a thing in the past at the moment. Okay. Um Lois, can you recommend any lowcost or free training that uh people with staff can complete?
            • 37:30 - 38:00 low cost or free. Look, I would the software that I talked about before I would suggest is relatively low cost um for softwarebased training um because I believe it costs less than $10 a user um per month. So, it's relatively cheap and that way it's automated, it's consistent and it's deliberate in how it is that you're doing it. Otherwise, from a free perspective, there's lots of resources out there, as I touched on, which you know, the Australian Cyber Security Center is probably one of the better um
            • 38:00 - 38:30 government funded uh sources out there. It's all legitimate and fact checked and, you know, would provide you the best sort of information to keep you up to date. Great. Thank you. Um, anybody else have any more questions for Evan? I assume the $10 a month is not linked to a partner yet who can read the alerts.
            • 38:30 - 39:00 Uh it would norm So is that from the device security perspective? How it would normally work is you know you pay around $10 a month. It would get your partner would also get the alerts and it all depends on your relationship with them. If you have a doand charge relationship they might reach out to you and say this has come up. Do you want us to action it and bill for it? Um, and you know, that's completely up to you. Or you may be on a managed services relationship, which is that fixed fee arrangement where, um,
            • 39:00 - 39:30 essentially anything that comes in, they're just going to action it and get it done. So, uh, and it really boils down to what type of engagement you're looking for in your business. Um, Kate wants to know, are you aware of the New South Wales TA cyber security training and is it any good? Yes, I am. I have. I looked at it actually, but I didn't actually do it because I'm currently in the middle of um another degree at the moment. So, um
            • 39:30 - 40:00 I wanted to still have a life outside of it, but definitely um I believe it is free. It's more government funded. So, definitely worthwhile looking at TA um down that path. And there is always I I regularly check government funding as well. and cyber security is definitely becoming or is but will definitely be growing um their investment around it and what uh information is out there and courses out there that people can access. There's even um talks of
            • 40:00 - 40:30 subsidies um related to tax incentives and potentially we've even had um cash back in our pocket as well for some investment to do cyber security. So, as and when those things come up, we will obviously bring that up to our clients and it makes it a lot easier to have that conversation around making sure we're secure. Are there any final questions before we let everybody know how they can get in touch with you if they have any more burning questions after the webinar?
            • 40:30 - 41:00 Anyone? No. Going once, going twice. So, this is how you can get in touch with Evan. Um, this will be on the recording and the slides. So, there's this email, mobile, and their website. Um, thank you so much, Evan, for sharing so generously all your knowledge on this topic. And I know it's a topic that, you know, you could just take one cyber security topic and it would probably take an hour. I think the key things for
            • 41:00 - 41:30 me in terms of takeaways was I loved the house analogy. It is no different to securing your house. Um, I feel super confident, you know, in terms of the data that we work with our clients with at at seed HR and working with you and having Sofos, but we also have just decided to um put in a policy around our own data protocols and and really up the education of our own team and our clients as well. Um, so thank you so
            • 41:30 - 42:00 much Evan. Lots of food for thought there. Um, if you enjoyed this webinar, our next webinar is all about the numbers. My favorite topic, not. Um, Nikki is our fabulous accountant. She is also English, I must confess. And, um, she's going to take us through some golden rules for small business success. Um, and that will be on the 3rd of June. So, um, I think that leaves me to say thank you so much to everyone for
            • 42:00 - 42:30 attending. We hope you found it valuable and informative. And as I said, keep an eye out for our webinar series. We'll do them every other month. Um, and we look forward to seeing you at the next one. Have a great day, everyone. And thank you. Thank you all.