Tony skinner 00:02
Hi, and welcome to the podcast channel www.podcastmybusiness.com.au. And today we have Jon Lang from www.ddls.com.au, and they are a large training organization. And we continue on with our theme of cyber security. So we’ll touch on that as well. But first off, how are you going there, Jon?
Jon Lang 00:27
Tony thanks for having me doing quite well, at the moment, some interesting times with a lot of things going on. And none more so than cyber security being front of mine on a lot of people’s lips and in our conversation with a lot of our customers but doing well.
Tony skinner 00:42
Yeah, look, it really needs to be and we’ll get to that in a second. But what we’re talking about just before was, you have like a huge number up to 20,000 students or so on six campuses, ordinarily. And then we hit our wonderful world turning upside down event in March. So how was that as a shock to the system.
Jon Lang 01:08
Um, quite a large shock shock to be to be honest, you know, we’re a business that’s been around for nearly 30 years and built a really strong brand and, and presence in the face to face training space. Now, as you just said, fast forward to two most recent times, where delivering face to face isn’t an option, all of a sudden, we’re suddenly sitting there, and the next week, it’s a Wednesday and the next week, we’ve got circa 500 students coming on to our campuses right across Australia. And all of a sudden, we’re told we can’t deliver to them face to face.
So we suddenly have to pivot and move all of those or as many across as possible, to a virtual offering. Now, we were quite lucky, because we have been offering virtual delivery as an option, and not just face to face for at least six years. So we were a little bit ahead of the curve. So we suppose we got that little bit of a jumpstart which helped. However, I got to admit, looking at the company and the staff around to our customers, it might have seen like the same like smooth sailing, but I assure you the whole business was running the fleet underwater, the duck on the pond scenario to try to get everything suddenly shifted across. It was a big shift to the business. Right across the board.
Tony skinner 02:29
Well, I guess one of the good things for you guys, you got experts at Cisco and others in Google Cloud courses and all of that that would have helped you somewhat.
Jon Lang 02:40
Yeah, absolutely. A lot of the courses, we deliver our vendor certifications. So they’re not necessarily DDLS specific courses, we actually are authorized training providers, for many of the vendors you just mentioned. So we’re the largest training provider or partner in Australia for Microsoft, Cisco, VMware, Cisco, EC Council, and a bunch more. And we were really fortunate to have supportive partners during this time to really help us along this journey. Now, interestingly, you alluded to the fact that we’ve got those trainers we’ve got, and this was the tough thing, to be honest. And something that we were faced with where we’ve got well over 100 trainers are spread out all across Australia, they used to delivering in a classroom environment.
So that’s making eye contact direct with your students. Whereas an all of a sudden, there’s not a classroom of 20 people where your eyes are moving, trying to make eye contact, you’re now looking at data at a at a 20 inch screen, and seeing little boxes of people and trying to stay engaged. So some of our trainers have been delivering for 30 years, and all of a sudden, a complete shift for their delivery capabilities. So yeah, it’s been interesting, but it was really good support by the vendors and our partners, as we like to call them.
Tony skinner 03:58
Fantastic. So if I’m a business, and we’re talking about medium to large businesses here, and at the moment, I think there’s a huge, even bigger demand for cybersecurity, because all those little hackers out there, and all those little scammers out there rubbing their hands with glee that everyone’s working from home. And if I’m at home on my home computer, I would imagine there’s a higher risk to the organization and working in the enclosed office environment.
Jon Lang 04:32
Absolutely. And it’s a really good point to make there because it’s often felt within a business where the small, medium or large for that matter, that the cyber security responsibilities on the IT team. So on the Help Desk team, it’s on the it’s on the IT managers, the network infrastructure, people that are within the business that it’s their responsibility for cyber security. However, the statistics actually show it’s the frontline staff that often are that that chink in the armor. If you will, whether it’s that, that simple opening up of an email, which otherwise might have been protected when you’re working in the office environment, and you’ve got particular security protocols in place, but suddenly that remote learning, and remote learning, sorry, remote working from home, it opens you up to things as hard as the, IT professionals around Australia in the world for that matter, trying to replicate that, that security that they once had in the office environment, trying to replicate that at home.
There’s definitely new elements. But the interesting thing with that the knowledge base or the training is it’s it’s this misconception that it is the responsibility of just the your IT manager to look after it. And that’s why when it comes to the training element, the education piece, he looked at the higher end, cybersecurity certifications are absolutely important to make sure that that major protections there, but it’s also that frontline staff awareness, that I think is really, really critical. And interestingly enough, we recently did a survey, where we had quite a large amount of respondents. And in regards to Cybersecurity Awareness training, well over 40%. And in fact, it was in total, I think it was around nearly 80%, where cybersecurity training was considered at least somewhat important, if not extremely important. Yet, when it came to the actual investment in the training portion of it, it was much lower. So people are talking about the importance of it, people are aware of the importance about it, but the key is just seeing that driving investment to the actual skills training required.
Tony skinner 06:44
Now when you look at the training and in an organizational sense, so do you think it’s best to or and I was I use the word best to have particular people organization that are trained in cybersecurity, and they go and pass it on and I guess drip feed it? Or do you think everybody should be doing some form of cyber security training, especially in again, these times working from home,
Jon Lang 07:15
I think that they absolutely the universal view would be would be everyone has to have a level of training. Now, the more training they get they get, the better equipped they are to front up to any issue that might be raised. However, I also recognize that getting everyone within a business to do the most detailed certifications because it’s quite a complicated landscape cybersecurity training and identifying the right course, ideally, you would have every single person in the business really well equipped, and have multiple certifications, etc. but also understand that that’s not a feasibly possible.
So what what my recommendation would be in has been, is making sure all staff are living, at least given the most basic level of cybersecurity training. And that doesn’t involve just what someone told them at a family barbecue and what they shouldn’t open or, or what their children are, tell them there are formal and short courses and online content, there’s a lot of frontline staff awareness training, that’s available out there, I would be doing that as a minimum. But at the same time, the concept which you raised, which I’m a big fan of and it’s what we do in house, actually a DDLS as well, is you have internal champions. So you find someone it doesn’t ideally do it. staff member would be that person with the technical expertise, but you can also have one of those frontline staff that has that awareness or that passion for it, that becomes the internal champion. You know, all businesses have got your WHS committees out there. And it’s someone that’s willing to get involved and be the champion, be responsible to try to lift everyone else’s awareness within the business. So at a minimum, frontline staff should all be trained in some way. But having little pockets of cybersecurity champions, if you will, throughout the business to help lift everyone else. Hmm. I think is a really good step forward.
Tony skinner 09:16
Yeah, it’s interesting you say that, because I can envision where you were talking about Work Health Safety committees, that you would need to have a cybersecurity committee and genuinely there’s a board level member on that committee as well.
Jon Lang 09:34
That’s right. And look, it’s really good to start seeing that that’s quite at the moment where we’ve just finished off the ASX reporting season and it’s something I generally go and do is go and look through a lot of those annual reports and see what sort of cybersecurity governance they’ve got in place and the comparison to annual reports this year as opposed to last year where clearly and it’s mirrored by the comments by And the investment sorry, by the federal government across many things that that being the, Australian Government cybersecurity strategy for 2020, but also the job trainer package, it is clear that is becoming more and more important. And the fact that I have six companies and now bring it to the forefront in a governance is a really important thing and shows the level of importance.
Tony skinner 10:25
Now looking at your site have looked up courses, cyber security is a bit of a smorgasbord here. And I know Cisco courses and Google Cloud courses. But where would I start if I was looking at offering this to beyond just the IT department of the organization to get you to help me with?
Jon Lang 10:47
Right, so we’ve actually got a couple of courses that that frontline staff, we’ve got a, a couple of great products with through some of our vendors, one being the RESILIA frontline course. And it was actually something we brought on last year. And in fact, you mentioned board members, and one of our board members raised it and said, you know, we were dominating Microsoft and Cisco and all these other partners and known as being the number one and they said, look your cybersecurity offerings there.
But we really need to lift the profile. So they challenged us to come up with more cybersecurity products. So we’ve suddenly enhanced our portfolio to move away just from that technical side that you started to mention, and really started to open up. So as opposed to going to the banks, the mining companies, these big ASX companies and only training their IT business, we started to move into this frontline stuff. So some of those courses, there’s a Nexus course on there, there’s a RESILIA frontline course these are some of the ones we offer. But what I would encourage is people to just make sure they speak to if it’s a course that DDLS offers. That’s fantastic, then speak to one of our course advisors who can talk you through the options because it is a complicated landscape, we actually brought in a full time team on product management for cybersecurity, because of the level of complexity.
So I would encourage people to open that conversation. And if it’s a course DDLS doesn’t have there are plenty of really, really strong cybersecurity content and training providers out there. But it is really important that you go beyond just the Google of googling cybersecurity courses, speak to someone, make sure it’s right for you. Because there’s nothing worse than investing in training, finishing the course and working out, or that wasn’t what I was looking for. So invest that time upfront, speak to someone that’s got lots on offer, because it means they won’t push you into one course. But specifically, I’d say that RESILIA frontline is very strong, and a good option to take care of, you know, all staff at all levels, it’s actually something that we rolled out within our group to all staff as well.
Tony skinner 12:51
Fantastic. Okay, so I’m going to stick to the cybersecurity theme here, jon, and I don’t mean to put you on the spot. But what would be a couple of quick cybersecurity tips that every organization should be aware of and thinking about.
Jon Lang 13:08
It’s an interesting one. And it’s, it’s, hopefully I’ll do my IT manager proud because he’s constantly we have regular updates that gets sent out. That for me, the most open thing and the biggest issue is, is probably got to do with those phishing emails. And not pH I sh it’s the pH I sh phishing, where it is getting more and more advanced at the moment, and it not a week would go past that someone in my company wouldn’t be receiving an email, so called from jon Lang, so called DDLS adverts requesting whether it’s a money transfer, or whatnot, I just think people need to be more diligent and a better understanding of what to look for. In their emails, and when they respond, and how they action things.
I think that is a really key thing. And so any sort of learnings people can take and you know, most people say I’d never get caught on that, you know, I’m not going to send some money to some Prince over in, you know, in another country that’s or someone that’s been kidnapped or something along those I think you’ll find most people would agree that the level of advancement that these emails have come through is incredible. In fact, a lot of the times I have to double check emails that come through, or someone says,
Hey, you sent me this, and I’d say, actually sounds like something I’d send but I didn’t send it. That’s one element. And the other one is being mindful of those and it might sound small, but I have a cybersecurity. I mentioned the product team. But we also have quite a few full time cybersecurity trainers. And we actually encourage them to present at our company meetings and speak to our customers. I’d actually give case studies or examples of what hackers and alike are doing and the one thing that they’ve told us which isn’t as relevant at the moment due to lack of travel But it’s you know, jumping onto public Wi Fi spots. That’s a big thing. It’s not very difficult for someone with a with a computer just to set up a false Wi Fi. And if you need a whether it’s whatever Hotel Group it is just to protect to call it you know when your phone when you set a Wi Fi hotspot, change the name to be sitting in McDonald’s and change it to McDonald’s, free Wi Fi. And all of a sudden, someone logs in or hotspots off you when you if you’re savvy enough can have full access to that person’s computer. So there’s probably a couple of things I’ll just be
Tony skinner 15:33
mindful of. I got hacked in Tokyo A few years ago, doing executive that offer Wi Fi hotspot. And now tell everyone that same story and I got you know what? So you go looking for Wi Fi hotspots, what do you want to do on the wife hostel? I need to log into my bank account go Oh, my God. Yeah, that’s correct.
Jon Lang 15:54
That’s exactly right. Yeah, it’s the other stories that I’ve been hearing, you know, it’s not just software, it’s not just Wi Fi and emails, it’s also hardware, you know, a little iPhone charges, where people have been able to, they look like a normal charger, but an actual fact when as soon as they connected into your computer or your phone, it’s actually got whether it’s a treasure, whatever it might be, it’s actually a hardware that can also infiltrate your security system. So it is a lot of it, you know, a lot of people get amazed at the sort of level of creativity in security that’s required. But it’s it’s not a level of amazement when your businesses suddenly lost millions of dollars, whether you’ve been hacked a personal identity issue, and never more so than, you know, most recently when, there was the I think the cyber security breach that would that was raised by Scott Morrison during the the recent cyber security attacks on Australia. So it is interesting, but it’s interesting until it hits you and then it doesn’t become interesting. And it can be really, really painful to go through.
Tony skinner 17:08
Yeah. And look, I’d certainly recommend every business out there to look at cybersecurity and certainly your courses. I think that’s a great way of protecting your business and protecting your employees from being hacked and downtime. And let’s face it, lots of challenges at the moment. That’s one that you don’t need.
Jon Lang 17:28
Yeah, I think look it again, to bring in what the government’s doing, if you think about I think was a beginning of August this year, where the Australian government released its its cybersecurity strategy for 2020. And the strategy has the digital invest. I think it’s just south of $1.7 billion over 10 years. It’s quite an incredible investment. And it’s across many different things. And that’s whether it’s the critical infrastructure, whether it’s different ways to investigate shut down crime, there’s there’s going to be a 24 seven cyber security vise hotline for SMEs and families. So that’ll be a great initiative. There’s lots it’s clearly front and center, not just businesses, but the but the government as well.
Tony skinner 18:18
Fantastic. All right. Anything else you’d like to add? JON?
Jon Lang 18:22
No, I just appreciate your time. And again, on the cyber security, a sense and, you know, I can’t stress the importance enough that it is going to it impacts everyone, not just the IT managers, but everyone within the business. So I do encourage everyone to go out there and just lift this skill set. Just that little bit because you never know that it might be you that actually stops that cybersecurity attack that could otherwise impact a very, very big business. So, but again, Tony, thank you for your time.
Tony skinner 18:56
No worries. Okay, thank you. www.ddls.com.au.