Tony skinner 00:00
Hi, and welcome to the podcast channel for podcast my business and content made easy. And today we have Kristof has made from https://www.aseit.com.au/ And we’re having a chat today about protecting your business investment in hardware and data. Now, it seems like a long topic, but it’s really, really important. And we’re covering off on the big see where we are. Because we’re in Sydney and we’re stuck at home. How are you Kristof?
Great. I’m doing fantastic. Thanks for having me on, Tony.
Tony skinner 00:36
No worries at all. Thank you for taking the time. Look. It’s been interesting. I’m just calling it the Big C now because that’s mean something else? No. Let’s call it the Coronavirus. See, there we are. Let’s just get it out there.
Tony skinner 00:50
We’re both in Sydney. We’re in lockdown. half the country is in lockdown. We’re heading move forward. We’re moving on. We’re getting past the panic. And we’re now into the army getting into the Curiosity stage, I want to see what’s going to happen next.
Tony skinner 01:06
So and what’s going to happen next is a hybrid model of people working from home and from the office. We had the main rush to get people to be able to work from home now. So how do you with technology be out being able to work from home and from the office? going forward?
Interesting point. And it’s a good one. Thanks for raising it, Tony. So technology has enabled us to be more versatile, right? So if you think about it, we’re very disparate in our workforce these days, you know, we used to be everyone used to love coming to the office, the sociality of it, the security of it, all of that was wonderful.
Now we’re all sort of being asked to work from home for a period, the future will definitely be nothing like the past. And that’s that’s been written, you know, major tech companies have said that, let’s pull it benchmark moving forward. And you know, we’re gonna see that hybrid model. Yeah, absolutely. Right. It could be a mix of, you know, two days in the office three days in the office. So businesses get their assets utilized.
But in the same way, it’s because of that people are finding, you know, the commute, for example, you know, refers to the ability to have a third space, right. So the commute from the office to home, gave me that ability to separate your business frame of mind, and then to go home. And I think that’s probably why we’ll see that resurgence to people getting into the office.
Tony skinner 02:35
And also, another thing is that we both have hot cars. And if we don’t get to drive them to the office, or meetings or whatever, then what’s the point of having a hot car?
This is true, this is true. And it’s not like we can take them to the racetrack right now in the car. It just is what it is. But but in so doing that set of benchmarks for many loopholes was caught in security, loopholes, especially the we as users, and corporate businesses need to to be more mindful and considerate, especially now that we’re working from home a hell of a lot, and it probably won’t change in the dynamic very soon.
Tony skinner 03:17
Yes, exactly. I mean, is, there’s a whole range of risks. I mean, I’m just thinking of moving data. Data is a huge business asset that businesses undervalue and underutilized. But if you’ve got a sales database, and your staff are working from home, it’s so much easier for them to copy that data, utilize that data, and then go to a competitor with that data. So how do you manage that sort of risk?
Look, at the end of the day, if someone wants to be corrupted such then the ability to do that is you can always do that, even from the office, Tony can screenshot let’s see, say you can take your camera out no different to you being in the office, as you would be at home. You know, businesses are more likely to log data and activity now. So technology certainly enabled that. And if you think of your business, daughter acid, the volatility of your data is probably the biggest Paramount right now.
Not because the theft is coming from internally, in actual fact, 73% of CES doesn’t actually occur internally, because externally at the moment in Australia. And that’s where people’s focus is needs to be. So from that perspective, you know, you’ve got to consider some pretty simple basics, both in education.
So if people were to go to my top five tips in regards to being a little bit more security aware, number one, to your point, it’s all about education.
#1 So the ability to actually educate your staff on you know what to think how to actually act within their state before you click for example, right? You’ll see this How to take take a wild stab at it. How many text messages randomly Have you caught over the last week? That hasn’t, you’ve got no idea how different
Tony skinner 05:11
I’ll get a few every day. And as for emails, thankfully, I’ve got a filter. And people need to be aware that you can get filters for emails. But yeah, nonstop phone calls, emails, texts. My favorite one at the moment, is the recorded overseas voice from a Australian data protection agency or something or the A to if you don’t pay this bill, were to take you to court again. So yeah, they don’t either.
Correct. Correct. And that’s the biggest thing. So first things first, education is ultimately the key to enabling stuff to be able to be a bit more secure at home. Part of what you talked about, for example, around those data assets, you know, the creality of it, business’s data is it’s now actually aligned on your p&l, you’re seeing it more and more. Insurers want to see it, the banks will understand it, you know, it’s becoming a crucial part of business transactions activity. So guess what? That assets? So in vital, it’s so important that you need to have a proper data strategy and backup plan? Yeah. So what that what does that mean?
#2 Here’s your second tip, right education one second, backing up, consider an alternative what we call a gap service, where you actually don’t have the same data stored in the same location. So for me to backup, for example, my daughter on my laptop, that’s kind of like putting the keys next to the car outside and then hoping no one steals it. So the concept is having a cloud based service or you know, what we call an external third party air gap service, being able to back your daughter up in the case that if you do happen, how do you systems corrupted your applications corrupted, that way, you don’t have that corruption fully to the backup 93% of all, hacks or cyber security threats can’t be recovered without a proper data or backup strategy, as an example.
So that’s pretty much the first one that you would probably want to consider as it’s a pretty simple task, you know, you can back up your mailbox for anywhere up to $5 a month Unlimited, I know for a fact that your data is going to be sitting there outside of your laptop in the case that you have an event. sack right.
#3 So the third one on the education train, ask, the biggest problem we have in a disparate working environment is the inability for someone to just to simply pick it up with the walk up to your desk, and ask. So Tony, you’ve sent me this email saying that this invoice is due for the supplier. And it looks legitimate in your tone of voice, it’s got your email address at the top, all looks pretty legitimate.
And so I guess I should consider it. Normally, if you’re in the office environment, I would be able to just pick up the phone on my landline, or I just walk over to your desk and go Hey, Tony, what’s this? Right and same as with the links that we’re getting, you’re getting a lot more email links, asking you to click here, you’re getting a lot of text messages going your voicemail is currently locked, click here. So first things first, if you’re unaware or unsure, ask that’s probably the most important thing right?
Pick up the phone and give Tony a call your accounts person, whoever the link is, and don’t click on them, because at the end of the day, if any, let’s go reputable service, they’ll send you the information not asking you to follow on from a link. So generally, you’ll say this Australia postal say, your tracking number is tracking number x y Zed, click go to the Australia Post website and put this in, they won’t give you the link.
Tony skinner 08:39
Anything that is interesting, you used to be able to do that myself with emails and on the computer. I hover over the link and I can see the link. How can you do that on a mobile,
you can effectively do that you can copy it, and therefore paste it into a note, for example. And that generally gives you the URL. But my honest suggestion is don’t click on anything from a text message. That’s usually the best way. And if it looks suspicious, eBay telling you that your latest purchase and you haven’t purchased anything on eBay. It’s pretty common that it won’t happen.
Tony skinner 09:17
Yeah, yeah, they’re very clever. They they, they go for this simplistic option. So you know, I get them from PayPal. And they go your you have PayPal credit from your last purchase or refund or whatever. And I go well hang on. I don’t deal with PayPal. I refuse to have anything to do with PayPal. Point blank. Because there’s so many scams and PayPal and whatever is not a good system to work with. Okay, so what other tips can you think of?
#4 So MFA multi factor or two FA authentication. You’ll be familiar with this. It’s a little bit cumbersome to put it on but biggest one, your banking systems, absolutely put on MFA. Now this could mean that it’ll send you a text message for you to answer again, or you could do something like Google Authenticator, Microsoft authenticator, quite a number of those tools out there.
But yeah, turn it on, turn it on your social media, on your banking account turns on your email account, it is the biggest way to reduce cyber threats. So 90 odd percent of threats to online accounts is carried out by the fact that you turn on MFA. So, biggest one you can do.
One of the biggest things we did with all of our corporate customers about 24 months ago, is we turned MFA on for everything. The pushback was heavy, I get it. The funny parties, now it’s become common practice, people don’t think about it, and they’re actually a lot more secure. And so when they are being attempted to be hacked, they’re getting a text message saying, this is your code. And now that these users are so away, they can see that their accounts are attempting to be hacked.
So they n alert us as a security provider. And we already see half of these to know that the fact that they you know their accounts need to be monitored for that. So MFA, multi factor authentication turned on. That’s definitely important. Even
Tony skinner 11:11
my Steam game account, wants to have MFA. Again, well, I don’t do any, anything really financial on my game account, but it is all everywhere. And I know I’ve spoken in the past about password managers, and how important password managers they need to have MFA or to FA critically on their Android, you can get it you can get it download onto your mobile authenticator app, I’ve got that for zero, it’s really, really easy.
Yeah, and to be fair, with you tony, the worst thing people do at the moment is post up useless effects. Their theory is it’s useless bits of information on things like social media, and to your point, right, putting information about the tools that you use online is, is basically letting cyber security, cyber threats, etc, and build a profile about you. And that’s the worst thing you can do.
Because if you’ll check on prime example is what are the security questions that they ask you, when you go to reset your account. And it’s funny because people will go, this was where I grew up, hey, guess what that information is available on your social media account, because you put it there. So don’t, my biggest piece of advice, don’t put that sort of information out there. It’s all good. And well, and it’s nice. You know, the other thing is tiny, for example, is that you take a photo, I’m sure you’ve seen if you’ve taken a photo on your phone, now you’re an Android user. unfamiliar, but you can say on that side of where and what time that photo was taken exactly the GPS and geo location for the time, etc.
Now, did you know when you upload that photo, that information still goes with it straight to the social media platform. So the social media providers have so much information about you, because of the fact that you had geotag the photo, so people were building profiles about so if your Facebook account can get hacked, that sort of information means that they can then build a profile about you.
Tony skinner 13:09
So moving on now. Now, that’s interesting, because I don’t have location on for anything. I think absolutely nothing. And also on my mobile, I don’t, because what I know what it used to use up battery power, and it still does. But I just don’t have location for anything. Does it still transmit, if you don’t have location on?
Yeah, GPS rotates. So when you take a photo, GPS, locate that on the device, it’s just an inherent identifier within the actual photo. So you’ll see that you can see that on any of your photos that you do. So for example, if you open your apps, you scroll up and you’ll be able to see the location where you took the photo. It’s just geo tagging, as well. So it’s a pretty, pretty impressive stuff. But it’s also scary. So yes, absolutely, absolutely.
But the other thing I suggest, and that’s, you know, social media accounts, for example, or anything to do with online shopping and so prime example at the moment is we’re shopping so much more on my walk down target to the shops, doing Woolworths shops, call shops, direct closed shops, whatever it is.
#5 We’re using the same account on our email to use these online shopping services accounts, as we do for our personal banking services accounts. So suddenly, one email account has access to a multitude of the entry point. Now, you’re going to maturity people use a similar password for all kinds of services.
So if you’re getting your data and information to a possible online shopping service, that could be compromised. But that information therefore can then be used to access your financial accounts because of the fact that it’s tied by either a car Writing password, but generally by the same email address.
So my, my top suggestion for users and for all adults outside is set up an email account a free one, you know, you’ve got Hotmail, you’ve got Gmail excetera, for online shopping, anything you do, use an online email account, don’t use your business account, do not use your work email address, do not use your personal email address, just set up specific one. So you know, whatever it is firstname.lastname@example.org or call it tiny shopping, something that is very, very, very close.
And then use a very different password. Because at that point, if that happens to be compromised, no big deal, you shut down that service that account. And it doesn’t have ties to your other personal banking, etc, work etc. The biggest problem is once people get through that sort of online shopping, they can then compromise your device, which has can be a corporate device, to then continue that on to compromise the corporate data. So yeah, so that’s the now the top tip.
But of course, you know, everyone’s sort of out there asking about software even right, you know what antivirus? So you know, there are security services, rather than just antivirus. antivirus detect viruses, but it doesn’t necessarily detect malware or phishing. So, you know, my consideration for that.
Tony skinner 16:26
You mean like with worms down in the river down in the sea? Give me my fishing,
fishing with a pH instead of an F. Yes. So if you think about fishing, it’s it was the terms referred to where it looks like a legitimate email, but it actually has some compromised information behind it. So prime example, as we were talking before, I’ll send you someone who pretend to send an email on my behalf to us saying, hey, Tony, thanks for doing this work. Here’s my invoice.
Please, could you pay this within the next seven days? That’s what’s considered a phishing email. So antivirus software does not a security platform software can, right. And so cyber threats and criminals out there these days are being a bit more ingenious and actually starting to test them against the major brands.
So that’s partly what you know, to be fair, it’s hard to know where and how but decent brand and a well known brand will actually spend quite a considerable amount of money on updating a threat databases and being able to actually then patch if needed to be or update them.
Tony skinner 17:33
Good. Alright. Well, thanks very much for that Kristof. I mean, we went out we’ve flew through the time there. It’s it’s quite interesting how well we covered off a lot of different points. And just something I want to say to people is one of my personal bugbears and the browser, you use your browser on shopping, and it says, Do you want to save this credit card? saying, Oh, do not save your credit card details in the browser?
Yes. or anywhere? In fact, yeah, yeah.
Tony skinner 18:08
It’s like, No, okay. I know. Yeah. Okay. It’s convenient, blah, blah, blah, blah. Don’t do it. Because even if someone does, again, if there’s no credit card details stored anywhere, nothing I can do about it. So let’s work with a retailer. So if you bought it from a shop somewhere online shop, and I go, I’ll save it for future reference. Don’t do it. I didn’t even save the account. I always go in as guest.
Yeah, look, it can be handy to have an account. Because the ability to have an account means you can track your shopping for example.
Tony skinner 18:45
Okay, well,there we go. https://www.aseit.com.au/ Excellent. Thanks so much for your time.