WEBVTT 00:00:00.980 --> 00:00:05.200 We talked earlier about an awareness program being timely. It's 00:00:05.200 --> 00:00:09.870 always good to address what are the current threats. And some of 00:00:09.870 --> 00:00:12.420 these, of course, can include ransomware. 00:00:12.990 --> 00:00:17.340 We see an awful lot of that taking, should we say, advantage of 00:00:17.340 --> 00:00:22.290 companies these days and costing a huge amount of money, as well 00:00:22.290 --> 00:00:24.730 as a disruption to business operations. 00:00:25.490 --> 00:00:29.050 We also have distributed denial of service attacks. 00:00:29.260 --> 00:00:33.710 These have often come through unprotected devices on our networks, 00:00:33.710 --> 00:00:37.070 but it is also good to discuss social media. 00:00:37.480 --> 00:00:41.530 People post a lot of things on social media that probably 00:00:41.530 --> 00:00:44.370 shouldn't be posted, things about their work, 00:00:44.370 --> 00:00:46.250 their location, for example. 00:00:46.850 --> 00:00:50.890 And it's really good to sort of address with people, hey, be careful what 00:00:50.890 --> 00:00:56.100 you post because it could well be that you're opening yourself up to some 00:00:56.100 --> 00:01:02.700 type of theft or, of course, other types of, should we say, problems. We 00:01:02.700 --> 00:01:06.630 know that one of the big challenges is that people will have their 00:01:06.630 --> 00:01:12.900 passwords stolen, and then a hacker could log in with that person's user 00:01:12.900 --> 00:01:14.210 account and password. 00:01:14.720 --> 00:01:19.150 This is why it's good always to discourage people from using the same 00:01:19.150 --> 00:01:23.140 password for their online banking as they do, for example, when they're 00:01:23.140 --> 00:01:26.010 doing shopping or on a social media account. 00:01:27.410 --> 00:01:31.220 We see this quite often when the same password is used, both on 00:01:31.220 --> 00:01:34.990 sensitive business applications, as well as social media. 00:01:35.690 --> 00:01:41.140 We should advise people on how to create a good password and certainly 00:01:41.140 --> 00:01:46.490 remind them again and again that when you get a link that has a 00:01:46.490 --> 00:01:51.510 oneā€‘time password as part of usually multifactor authentication that 00:01:51.510 --> 00:01:53.830 should never be shared with anyone else. 00:01:54.180 --> 00:01:56.630 Someone calls up and says you're going to get this 00:01:57.050 --> 00:02:00.310 notification in just a moment, let me know what the code is. 00:02:00.310 --> 00:02:03.680 That's certainly not a good practice. 00:02:04.970 --> 00:02:09.240 One of the things we have to educate our staff about more than 00:02:09.240 --> 00:02:14.200 anything else is that it's okay if you've had a problem. 00:02:14.200 --> 00:02:18.550 Report it because if you report it, we can fix it. 00:02:18.890 --> 00:02:23.100 If it doesn't get reported, it's probably going to get a lot worse. 00:02:23.600 --> 00:02:27.330 But we see, in many cases, they don't even know who to report to. 00:02:27.340 --> 00:02:31.570 Who do I go to if there's a problem? And this is where we should 00:02:31.570 --> 00:02:36.250 advise people who to call in case they have a problem or even 00:02:36.250 --> 00:02:38.520 just something that is suspicious. 00:02:39.110 --> 00:02:44.330 You see something, as we said before, see something, say something. 00:02:44.330 --> 00:02:48.500 Even if it's only suspicious and you're not sure, 00:02:48.510 --> 00:02:50.940 it's better for us to take a look at it. 00:02:51.540 --> 00:02:52.080 Now, 00:02:52.090 --> 00:02:56.210 the problem with this is that very often organizations have a 00:02:56.210 --> 00:03:00.100 blame culture. If you come to me with a problem, 00:03:00.160 --> 00:03:01.410 you must be the problem. 00:03:02.010 --> 00:03:05.360 If you've had a breach, well, you've done something wrong. 00:03:06.080 --> 00:03:10.430 The point is that many people can become a victim of a breach 00:03:10.440 --> 00:03:14.070 through really very little or no fault of their own. 00:03:14.670 --> 00:03:19.250 We want people to know that if they call us about a possible problem, 00:03:19.300 --> 00:03:23.030 it's not that we're going to be pointing blame and so on. 00:03:23.110 --> 00:03:28.070 Instead, it's that this is what we need to know so that we can 00:03:28.070 --> 00:03:32.620 help protect the organization. It's part of our culture we have 00:03:32.620 --> 00:03:36.010 to create. The key points review. 00:03:36.410 --> 00:03:40.410 The unfortunate reality is that security breaches cost 00:03:40.410 --> 00:03:45.490 organizations enormous amounts of money every year. Not 00:03:45.490 --> 00:03:50.320 only in repairing damaged systems, maybe even paying ransomware, 00:03:50.530 --> 00:03:54.300 but also in downtime and operations that can affect even, in 00:03:54.300 --> 00:03:57.200 some cases, thousands or millions of people. 00:03:57.730 --> 00:04:02.120 The majority of breaches are due to human error. 00:04:02.810 --> 00:04:06.600 We can see this that when they have looked at the breaches in the past, 00:04:06.670 --> 00:04:09.720 it was because of an unpatched system or it was 00:04:09.720 --> 00:04:11.840 because of a misconfigured system. 00:04:12.250 --> 00:04:17.640 So it's really important here to have awareness programs so we can try to 00:04:17.640 --> 00:04:25.130 reduce these types of mistakes. Through awareness, hopefully, we will not 00:04:25.140 --> 00:04:30.550 only prevent many types of incidents, but will improve our detection and 00:04:30.550 --> 00:04:33.920 reporting of those types of incidents as well.