Cyber Security Cultural Change for SMEs

The war with cyber criminal scumbags wages on, and unfortunately the battle is still being lost by the good guys. Luckily we're yet to unleash our greatest arsenal in full. No, it's not AI, it's not tech, it's not process, it's people. People are the biggest target, and people therefore are the greatest asset if they know how to identify and respond to IT scams.

Video Testimonial from ISR Training

In case you're wondering what results look like when it comes to cyber security awareness training, this video should explain it quite nicely. The video testimonial is from a company called ISR Training (https://isrtraining.com.au). These guys featured on the investor TV series "Shark Tank" and gained investment. Just to clarify, this is feedback from professional trainers!

 

Toot toot here comes the deep fake paintrain!

The Scam

Picture this: The receptionist gets to work, and there's a voicemail from the IT Manager saying that cleaners are coming today to clean around the printers due to dust issues. Later in the day the cleaners arrive, they mention how the IT Manager organised for them to come in. The receptionist lets them into the secured area to start cleaning. They plant some devices onto the network, and boom you've now got IT criminals sitting on your network doing whatever they want, and you literally have no idea about it.

The benefits of cybercrime

Yeah I'm gonna go there. Doom and gloom is all we hear, the global economy is losing trillions, companies are getting hacked everywhere, people are losing their data and their identities, but there's always two sides to every story. I'm yet to see someone have a crack at this, so I figured why not?

So, lets drop the doom and gloom for a bit, and have a peek at the benefits of scumbags stealing our money and information:

It's All About the Lightbulb Moments

Metrics in cyber security awareness can be a bit of an art form, and will need to vary between organisations. But I realised yesterday while half way through a training session that I have access to one of the best metrics there is - lightbulb moments!

Having Fun With Scammers, Again.

Scumbags in 2018

“Dear Michael, Congratulations! Web Safe Staff has been selected as one of the 10 Best Security companies list of 2018 in The Silicon Review magazine. Please read below for important details and next steps….. Cost is $1000.”

I'm Calling BS on the Cyber Security Skills Shortage!

I've been doing this cyber industry thing for a while now. Informally for 3 years, formally for a bit over a year. I've learnt a heck of a lot from some amazing people, and I'm exposed to amazing / scary ideas, news and content every single day. But the big focus in our industry is tech. I talk to recruiters, cyber tech companies, and companies with cyber security issues, and they talk tech.

The Cyber Security Awareness Sales Cycle

cyber security sales lifecycle smallHere's a nice (actually it's pretty bad) flowchart of the cyber security awareness sales lifecycle. Where do you fit in this?

Customising Cyber Security Culture

I recently met up with someone in the Information Privacy sector, and we had a great chat about how our two industries are so closely related and beneficial to one another. This person's company was already implementing cyber security awareness training, and was also starting on cultural change (i.e. keeping awareness front of mind for staff).

Objections on Price

Objections on price. Sometimes I get them, usually not. Odd considering I'm pretty damn cost effective! Some companies don't see the value in spending a grand or two to massively reduce their cyber risk profile.

Cyber Security Awareness Options

In case you’ve been living under a rock, cyber warfare is on the rise, and the consequences to businesses and individuals can be devastating. At best it will cost you a lot of money, at worst it will cost everyone their jobs, so companies are starting to wake up to the fact that something needs to be done, and that’s a good thing!

The Cyber Security Breach Life-Cycle

When it comes to Cyber Security, most companies unfortunately remain oblivious or ignorant to the threats they are faced with on a day to day basis. This document will explain the typical cyber security breach lifecycle, what the implications are, and what you can do about it.

How Would I Breach Your Company - #2

(if I was a cyber criminal)

I am always amazed at how readily people will print out a word doc for me when I turn up to train, when they have no idea who I am. It obviously makes a great discussion topic for the awareness session, Thank you for making this so easy, it's fantastic!

How Would I Breach Your Company - #1

(if I was a cyber criminal)

I go to a cafe that doesn't have free WiFi. I setup some portable hardware and software to broadcast a WiFi hotspot with the cafe name. It's an open network, so no password required, and no encryption.

Online Vs Face to Face Training

If you've had a look through this website, you'd know that I focus on face to face Cyber Security Training, and there are some really good reasons for that. Sure I restrict myself geographically, but there are plenty of businesses in Brisbane and the surrounding area, and I can do FIFO as well. So there's no shortage of work, especially in my niche!

Conversations with a Scammer

Below is a transcript of my conversations with a real scammer who contacted me anonymously via LinkedIn. I tried to see how much fun I could have with this, and how long I could keep the communication going for. I will continue to add to this as the conversation continues.

Watching You Watching Porn

eyeball webcamI'm going to link to this one over on LinkedIn Pulse, because frankly it may damage my website search engine results!

https://www.linkedin.com/pulse/watching-you-porn-mike-ouwerkerk/

In the fight against hackers, you must use your staff!

This is an article I wrote for Go1 as a guest blogger.

https://www.go1.com/post/fight-against-hackers

My Interview with "The Art of Service"

This is my interview with Ivanka Menken from "the Art of Service" (a provider of IT training materials, https://theartofservice.com/). We discussed cyber security staff awareness training in the context of cyber security risk management, and the full interview can be found here:

https://theartofservice.com/the-importance-of-creating-cyber-security-awareness-across-the-organisation.html

Compliance Does Not Equal Security

I see this a lot - companies doing a short 1/2 hour online cyber security awareness course. They tick the box that their compliance is done, and that their staff are cyber security aware. When I ask the staff from companies like these how the course was, they can't really remember much about it.

When Cyber Security Tech Becomes Dangerous

So this is an interesting discussion topic that popped up the other day. I was discussing cyber security awareness with an IT support provider, and we started talking about their terminal services solution involving Citrix and AppLocker. So basically they white-list what can / can't run in the session, therefore effectively preventing malicious software from executing. And that's great for the client, no doubt!

What Can I Do to Keep My Data Safe Online?

Hacked...... private information leaked. Hacked..... private information leaked. It's a never ending headline, and it will continue to be a never ending headline, because information is worth money. It's that simple. And the more valuable your information, the more of a target it becomes.

There's a War Going On

It's a known fact that about 91% of all cyber crime is initiated by email. Essentially this is a war being fought between hackers, and your staff.

How do staff feel about going to war? Heck they don't usually know they're in it! They think that IT has got it covered with their fancy hardware and software - it's not their job to look after IT security right? But actually, it is their job now, or at least it should be. They are at the front line, and they must have the proper skills to wage a successful defense!

Actual Cyber Breach Costs: Small Business Case Study

1. Background

This information is compiled from a company that WebSafeStaff trained for Staff Cyber Security Awareness. By working with them to analyse their monthly IT invoices, the following information and conclusions were able to be extracted.

How to Steal a Car

Weird thing happened today - I worked out how to steal cars. Expensive ones. And you can just get someone to hand you the keys and drive away with it no questions asked. Not that I'm into that sort of thing though.

Disclaimer: Please don't steal cars.

"A blind person with a taser just shot my forklift driver!"

Scenario 1

"Hi Bob, welcome to the warehouse. How's your first day going?"
"Yeah great. So what do you want me to do?"
"Well I guess we'll start you on the forklift."
"Um, ok sure."
"So you've driven things with wheels before?"
"Yep, I'm good to go!"

What are Typical Cyber Security Breach Costs?

Cyber security breaches can come in many different shapes and forms. Essentially someone has either done damage to your systems, has stolen your information, or has locked you out of your own information. Let's have a look at those three categories in a bit more detail:

Why Onsite Instructor Led Training?

While we can deliver webinar style training, we always find it more effective to be onsite at your premises and teach people face to face. There are a number of reasons why we've taken this approach.

Get in Touch

Contact Details

qassure logo