Tony skinner 00:04
Hi, and welcome to the podcast channel for podcastmybusiness and contentmade easy.com.au. And today we have Matt from cyberlorian.com. And we’re discussing the importance of cybersecurity and let’s face it at the moment thats a pretty big issue. How are you, Matt?
Matt 00:26
I’m really good. Thanks, Tony for having me on. I appreciate that. Yeah, we’re definitely talking about cybersecurity. And it’s definitely bad.
Tony skinner 00:33
It is. And just to clarify, you are in Melbourne, I know you’ve got a hangover of an accent that some people may might not notice. But you’re definitely in Melbourne.
Matt 00:44
Yeah, I’m in Melbourne. I’ve been here for 22 years. Now. I’ll drop a bit of rhyming slang here and there to remind you that I’m here. But I do have this sweet accent.
Tony skinner 00:56
If you go nahh , it’s like you said Melbourne correctly. So that was the test. Right? Cool. Okay, so, look, I mean, we’ve had so many things happen. There’s so many things still happening even at the moment that are impacting on cybersecurity, and threats, and so forth. And now we’ve got countries, I guess, state state actors that are hacking away. Right across, we’ve got China and of course, we’ve now got Russia, thanks to their terrible episode in the Ukraine. Are there state actors out there hacking businesses?
Matt 01:34
Yeah, yeah, I’ll talk a bit about that. There’s, it’s, it’s, it adds a few layers of complexity to the, to the to the cyber security, I guess, part of it. When the when the conflicts first kicked off about three weeks ago, between the Ukraine and Russia, like the main conflict, the invasion part, they were obviously there’s people in Russia that aren’t for it, there’s people in Russia that are for it.
Matt 02:03
And, you know, the Russian and the Ukrainian hackers were all sort of a cohesive unit. And they were strategizing. And they were, you know, working together, and some of them were hacktivist. And some were just like the ransomware people. And at the time, they were sort of arguing about how they should go about doing things whether to start going after people that that support NATO or not to, and some Ukrainian people within that group, we’re getting a little bit upset. So they released everything that that sort of had that was happening within those groups, to sort of warn the world that this is sort of coming. So the government agencies are going to be targeted.
Matt 02:46
Some of the, I guess, businesses that are SOC II, so like your transport, your education, your health care, that are covered under that some of the key infrastructure going to be sort of targeted, and there’s good, you’re gonna see sort of a lot more in the way of, instead of ransomware, they’re going to just completely wipe your stuff without any sort of backups. That’s what they’re targeting. So the state, the people that are sort of supporting the the Russian invasion, are going to be going towards Western countries in that key infrastructure, and they’re not even going to have backups are going to get into your system. This is their strategy. Now to get into your system with no pay us Bitcoin, and we’ll give you the stuff back, their intent is just to destroy. So we’ll go in wipe your data, you’ll be like, Can I have it back? I’ll give you $5,000 in Bitcoin, and they’re going to be like yet, right?
Matt 03:40
And then there’s the other way around, you know, they’re targeting the Russian ones with the same thing. So that’s, you know, companies or businesses or infrastructure that I sort of had a thing that said, well, the worst thing is going to happen is we’re gonna have to pay a few $1,000. But that’s just not the case. They’re, they’re actually going to be targeting just to be malicious. The other thing is, a lot of people have cybersecurity insurance. You think that that’s sort of a safeguard, like, like, they’ll get into your thing, they’ll find out how much you’re insured for and they’ll target you for that amount? Well, most cybersecurity insurance now has a clause in there where if someone is acting on behalf of a state or a government agency or involved in a conflict, and they’re targeting you, for that reason, your insurance won’t pay.
Matt 04:27
So if someone is doing it, because they’re trying to support Russia, or NATO or whatever, and you get caught up in that they have they’re not going to pay you so there’s a bit more danger now with this conflict going on, especially in key infrastructure. And if you if you want to know if you’re in your companies involved in that, if you’re part of that because a lot of companies don’t know if they’re a part of that SOC AI, Sochi thing, like we were talking to a transport company didn’t even know that they were had to had certain reporting obligations and things like that where they do and a lot of people don’t, because a lot of the a lot of the, I guess legislation changed the end of 2021. So, so there’s that. So there’s definitely a lot of dangers now because of the conflict. And you wouldn’t, you wouldn’t think it would change that much. But it has, and probably a lot of stuff was going on until that leak happened. And now we know.
Tony skinner 05:22
Yeah, like, it’s always been a bit of a challenge. You know, one of the other challenges, of course, has been COVID. And we know where I want to say we’re past COVID, but we are living with it more, and we’re not as in the panic in the emergency situation that we were before. And what I like also is that not just the cybersecurity, but the risk management and looking at the what LCM lifestyle management with onboarding and off boarding staff. So tell us a little bit more about that.
Matt 05:57
Yeah, well, how much time you got? I remember. I remember thinking about about six months before COVID happened, thinking like, like, I remember I was in I was on like, on the 11th floor in the building in a city and I looked around the city. And I thought, as soon as companies realize that we can work remote, they’re not going to want to pay for, for offices and stuff.
Matt 06:23
Like as soon as they realize that there’s ways to monitor people. And as they’re secure ways to work from home, they’re going to do it, because it’s just so much easier to do it that way, whatever. And then, you know, COVID happened. And that’s sort of what happened. So I was sort of thinking through some of the problems that were happening with people being on boarded at home at the time.
Matt 06:41
And one is if you don’t have a VPN, if you have like a large staff and you don’t have a VPN, that’s the first thing that’s going to get you you’re on people’s home Wi Fi, there’s no way to lock it down. There’s no real security. People using their own antivirus, you don’t know what it is, this is like us with the BYOD and things like that. So we, I suppose the last company I worked for is a prime example.
Matt 07:11
And the company before that, for some reason, onboarding of people working remote seems to happen, like at 1000 at a time or 500 at a time and no real plan to do it is just a decision happened. And no thought from the infrastructure. It is just a business decision to make people work at home. And the IT stuff comes after. And that’s the first part like it is rarely ever consulted, especially with the with the smaller business, it’s just a business decision that it’s going to be cost effective to have people at home. But the infrastructure and it sort of stuff happens after and usually a couple mistakes have to happen along the way. For that, that that conversation sort of happened and a lot of it blame game sort of happens and all that.
Matt 07:51
But talk to your IT guys talk to your managed service or talk to whoever it is that manages your your security stuff or your infrastructure before you make that decision to work remote to see what applications are going to happen. Because I mean, I was working for a company ages ago that thought the VPN was if you basically just get remote, remote desktop, and remote into a remote desktop server and you use your profile, there’s no protections on that. There’s dangers with people logging into a server in the first place. Admin privileges we and this goes into the essential and I want to touch a little bit on the essential eight that the government sort of talks about is sort of like a framework to base your your strategy around to. But admin rights like there’s some companies just find it easier to give everybody admin rights.
Matt 08:43
So if you don’t have a VPN, and you’re remoting in and your your, your, your profile has admin rights, if someone gets into someone’s home computer at home, because their network isn’t secure. They don’t have a VPN, the antivirus isn’t locked down, they have access to your entire network. And they’re not going to go after stuff straight away. They’re going to they have full access, they’re going to take your time, they’re gonna go through every single one of your files, they’re going to find out what you’re insured for. They’re gonna find out what your executives are, or your business owners where they live, what with their kids do, they’re going to get all your passwords, and eventually, they’re going to hit you. And they’re going to have so much information on your backups and everything. You’re not going to be able to do anything about it.
Matt 09:28
It’s best to be proactive on all that stuff. And then one of the services we at and it’s a base we offer this to everybody, no matter what our conversations are, as far as you know what your problems are, your problems are always going to start at the staff level, no matter whether they’re using work computers, or they’re using home computers or what their anti viruses. Have your staff trained on what to look for, and their best practices and how to deal with invoices that come in the mail, or what phishing attacks look like and the latest strategies and we offer that As part of our services in, no matter what we offer as an ongoing solution, training is always the first part of it.
Tony skinner 10:07
And that’s what I like about your company is that you guys really put training at the forefront even for seniors, you’ve got free seniors training as well on a lot of these things. Because, you know, you’re talking about phishing and hacking, and we’ve all heard the stories about the phone calls and everything else. Now they’re smart enough to send you a message that you think’s from the bank. And even if you hover over, you can’t tell where it’s actually from.
Matt 10:37
Yeah, well, the fishing in the vishing, which of the vishing is like a sub form of fishing, so it’s the one that come in your voice. So everybody would have gotten these things now from Amazon? Well, Amazon pretending to be from amazon for your refund, then you call up, I don’t even have an exam as Amazon account.
Matt 10:53
Well, they’re using your credit card, whatever. So even the ones that that pretend to be from like the ATO and all that even me, that’s onto it all the time, my heart skips a beat that like we’re calling from the Australian Federal Police, or I know it’s fake. And I go, Ah, this is like a brief second. So if people aren’t in on this every day, like I do, I watch videos, I do research and everything every day to be up on this stuff.
Matt 11:15
That’s why our training is really good. I’ll just speak to on that free training, too. When we formed our business, we always had the idea that we wanted to have some sort of give back, and it was sort of briefly mentioned in those initial stages that that give back was probably going to be training, we thought maybe we’ll go to schools or something like that. But I, I had to go to the bank and do a transfer some money at one point months and months ago. And I was just having a chat about cybersecurity, to the bank manager.
Matt 11:44
And she was saying, like, oh, we need you to provide proof that you know that the details that you’re sending your money through to are in fact, you got them over the phone, you spoke to this person, you didn’t get them in an email, and I knew why. It’s because people will intercept an email fill, they’ll basically fill out the details of their own bank account, resend that email as someone else. So when you submit that you’re sending it to them, it looks like a legitimate email, right. So I knew that what I didn’t know, for that one branch alone, there’s one senior every week for that one branch alone that will come in and tell the bank that they lost everything that had which and I asked a follow up question, does that mean that every bank branch across Australia for every bank has at least one senior that comes in every week, and has lost their life savings? And they said yes, that would roughly be the case, right?
12:42
So I basically went straight back to the team. And I said, Well, this is where our thing should be, we should be training seniors. And we shouldn’t be charging for like if we go to like a library or something like that we might charge to come out and do that. But we we once a month will put some content together with the latest scams that are going on what to look for, and emails, what actually the scams look like when you encounter them, like we’ll talk about our next one that we’re going to do is to that very well that we were talking about the Amazon scam. So someone will call you with a recorded message and say like, call back, if you haven’t made this, you get your refund. We outlined what that looks like, what they’re going to get you to do. So if you do start getting caught up in it, you’re like, wait a minute, I’ve seen this, I know what this is, and you can hang up or whatever. So that’s that’s what we’re doing. We do that on YouTube as like a as as a webinar. So you can ask your questions ahead of time, you can ask them after and we’ll address those
Tony skinner 13:37
great stuff. Okay. So what are some tips for businesses to avoid being hacked and fished and snatched? And whatever it may be these days?
13:51
Yeah, so one thing I always say like, like, I play sport, right. And a lot of times I play sport at a low level, and there’s expectations, I have someone that’s been playing baseball for 20 years. And if they don’t do it, my initial reaction is Come on, you got to know how to do that. But if they only just started playing last week, like I can’t expect them to know what to do in that play. And it’s the same thing with cybersecurity. You hired someone to do accounting or you hired someone to do marketing or whatever it is, has always seemed to be the marketing department. No offense, but you can’t expect just because they use a computer doesn’t mean like you got to know you got to expect that they’re not that they’re going to know that this comes across like there’s a lot of times the example that a game gave earlier.
14:36
One of the things they love to do is they will get into your network early and they’ll find out where your emails come through who does your invoicing and things like that. So they’re able to duplicate and replicate exactly what your invoices look like, make it look like the people from your that are sending invoices. So to them, it’s just natural, right? The only way you can expect them to have any chance to counter that Is to have training. I can’t stress enough like we, when we started this business, it was like we’ll give them single sign on and multifactor.
15:08
And we’ll go in with all this tech about antivirus and stuff. I have an example where one of the companies I was working for like 10 years ago as a big company, there was a Telstra subsidiary. I had to wipe his computer once a week, right. And I finally had a conversation with him. And his justification was, well, we have anti virus Matt, I would expect that it would just work all the time. And I said do you have seatbelts in your car? He’s like, yeah, why? I said, do you just drive into trees all the time? He’s like, Oh, no. Well, I mean, you can’t expect anti viruses to stop everything, especially new threats come out every day.
15:47
So the best chance you have is the training, start start that process. And if there’s other things like we have, you can have a relationship with us. We’ll see what you’re doing. And we can help you implement other strategies if those strategies are appropriate. But always start with the training. That’s my big tip. You can’t expect people to know if they don’t know.
Tony skinner 16:06
Yeah, look, I agree. And I’ve interests I guess, is that I’ve been doing a lot more on Facebook, the business and what have you. And I’ve been making some comments, we’re getting lots of traction. So much traction, in fact, that I got an email from Facebook for a thing called Facebook protect. And what it is that he automatically applies an extra layer of protection for accounts that they see there’s lots of traffic and connections and what have you, that will be open to more hacking, and I got it in my old Hotmail account. Here we go.
Tony skinner 16:39
So I did my research, and it turned out to be real. And I logged into Facebook, and they said, Are you better? And they gave me a timeframe. And I thought it all looked really really suspicious. Yeah, yeah. But it was true. It was real. And that’s, you know, not many people get into the Facebook protecting or whatever. But yeah emails factors.
Tony skinner 17:00
Yeah, that’s right. Multi factoring, and they’ve monitored further or something rather. But yeah, it’s, it’s interesting. All right. Cool. Look. Thanks very much, Matt. We’re out of time for this one, but I got a sneaking suspicion.
Tony skinner 17:12
There’s plenty of things that we can be covering in the future. So definitely get you back and bring us up to date on what’s happening. So that’s Matt from cyberlorian.com CYBER LOR IAN.com. And thanks for your time.
Tony skinner 17:31
Thank you, Tony. I really appreciate the time. Appreciate that.