Good afternoon everybody thank you for taking the time with me today. I know all of you are very busy ceos and executives, and i don’t like to take up your time on it issues, because i know your number one focus needs to be taking care of your clients running your business.
So i’ll, be as brief as possible, but i’ll promise you. What i’m, going to share with you today, is an extremely important topic that you must address, and i’m going to urge you to pay attention, because there is immediate action required at the end of this session.
That all of you need to take to protect your organizations. Okay, so let’s. Talk about what we’re, going to cover today, uh. First of all, we’re going to cover uh. What is the number one? Security threat to your business and why the conventional security tools are not adequate to protect against it.
Secondly, why those tools, firewalls and antivirus software, simply aren’t enough anymore? And thirdly, how mobile phones and cloud vacations are seriously jeopardizing your organization’s, security and data protection, because in the past years there’s.
So many cloud applications that have gotten out there and it’s getting out of control, and how do you deal with that and plus the proliferation of mobile phones? Ultimately, we’re, going to cover how to avoid being a sitting duck and protect the most important thing, which is your business, and i ‘
Ve got a special bonus. Today i’m going to make available at the end of this session, and that is a free, mobile device, security and acceptable use template for your use and emphasize the importance of of having added controls over your mobile devices.
So this is very important value and also we’re, going to offer a free consultation to talk about a little more one-on-one with you about your business and what your needs are and making sure that you have the proper security and protection in place.
So if you just do me, favorites hang around until the very end we’ll talk about all that and how you can get that off free for your restoration first of all, uh before we get rolling. I know there are solutions here today that i have never met so for those folks.
Let me briefly introduce myself so who is this guy david, quick? Well, i founded total coverage in 2008. I’m. The president and ceo of the company uh. We’ve, been business for about 12 years and but but i’ve, been in the it profession for over 20 years, and i also have a background in accounting and finance.
I was on account for a number of years before i even went to i.t, so i do understand this is side of things as well. In addition to the i.t, my last full-time position was his i.t director for an accounting firm.
So i have experience in managing large networks, but that experience i now take to my clients and be able to handle smaller situations as well bring basically bringing corporate i.t to the small business okay.
So now let’s, get to it. So let’s. Talk about the cyber crime business! I’m, going to emphasize uh that this is. This is an actual business uh back in the early days of well hacking hackers that this is kind of for the fun of it had to be more of a nuisance of themselves.
But now it’s got a little more sophisticated and uh. By and large hacking hackers are doing this for money. Maybe there’s, still uh a few hackers that still may get between for kicks, but they are uh far far in the minority.
Now that’s more, it’s more so a business and um, and it’s, a very lucrative one at that and let’s talk a little bit about the evolution of crime in the uh. In the early days of crime, uh criminals would just um, go on a train with a gun and just stick them up and extract the money they need from passengers.
It was very efficient because uh trains in the early in the earlier days, traveled over large areas of territory that were not under the control of police or any other uh force of law uh. So it’s, a very easy target, and generally these passengers were very wealthy people.
So having all these wealthy people all in one location, they now have a captive audience to go in and if it efficiently extracts, uh maximum amount of money possible. Uh. Today we live in the digital world, but in many ways it’s the same, but instead of trains we have organizations like facebook, uh, microsoft, twitter, all accomplishing large amounts of user information and packers just go after those large targets to extract the data.
Very much in the way that they did um criminals did with uh trains and a good example of this was jp morgan. You would think that jb morgan, they have probably the wherewithal and the means to have the best security infrastructure possible, but even they were hacked and as a result, um information from 80 billion households and seven billion businesses were exposed by them and all that go goes Back to the concept of the train um, but in this case jp morgan is a train.
It was a very large target. Has a lot of passengers on it with valuable information that um can can be sold for a lot of money and um it’s, um, essentially the same principle. Just stick them up and just get in there in a hacking way and get their data.
Now it’s. It’s, a thriving black market. I mean the hackers do this because they can get money for what they the data, that they extract, and here are some examples of that. Basically credit card details, itunes accounts, you can get credit cards themselves and then not to finish anything.
But there are such things as fake atms out there and hackers um buy them and they use them. So i mean this. Is i mean this? Is this is essentially a business? I mean there. I mean there there’s like a whole uh infrastructure.
In place in the dark web for uh packing, i mean it’s like it’s, think of it as a franchise. It’s, a it’s like a dark franchise, somebody with very little resources or money or next to no uh technical knowledge can get hacking.
Software from these uh hacking, development companies or organizations rather um, and make a deal with them. That okay, i’m gonna i’m gonna use your tools and i’ll pay. You x percentage um of the money stacks uh, we regenerate as a result of that, and there are these these, these hacking groups, they even have like things like help desks and support uh for their um, well, their customers, the people that are using the hacking software Uh to make sure that they get a maximum maximum benefit from it, so it’s.
It’s, a very um. It’s, a very sophisticated uh enterprise that’s. Uh going on here it’s, a and again it’s, a business and they have their incentive to to make to to make money. So when you have that you have a recipe for this whole cyber crime, business, okay, anybody want to guess uh what this number is.
Well, i’ll. Tell you it’s. It’s, an average estimated cost associated with one stolen record according to the ponymon institute. Now that seems like a well that’s, a pretty small number, but you have to keep in mind that it doesn’t encompass all the costs of a data breach.
There are all a whole bunch of other costs as well. There’s, the damage to uh reputation of your company, potentially results in lots of clients and loss of business um. You can have assorted lawsuits and um and cost associated with breach legal fees and potentially compliance uh violations and fines associated with that and being able to recover, replace your data and and being able to to get all your systems back up and running again.
All the costs associated the it costs associated with that and uh. Most importantly, downtime. Now, if you’re like a professional services, firm like like, like a cpa, firm, for example, every hour, you’re down costs money, especially if you’re during a busy season.
If you have um, if each billable uh accountant has 250 dollars of revenue per per hour, if you have 10 employees, that’s, losing twenty five hundred dollars per hour um in an eight hour day, that’s, twenty thousand dollars a Day um, if you uh, have a larger firm that could be much larger and a hundred percent hundred percent firm um.
That could be a couple hundred thousand dollars a day. You’re losing um as a result of your downtime. Now you may ask yourself: nobody’s, gonna bother talking to us, i mean we’re. First, we’re, a small company.
We’re. Not we’re, not jp morgan. We’re, not uh. Facebook um, we’re, not a large company. You think that they’re, not gonna wait for us right. Well, let me tell you something: one in five small businesses, false addiction to cyber crime.
Each year, according to the national cyber security alliance, so um very large percentage of small businesses have are getting hacked into and, first of all, because of this uh this standpoint, this attitude that that small businesses have that we’re, not a target.
They’re, not devoting resources to uh, making themselves more secure, and so because they don’t believe that they’re. A target and um. Therefore, um they don’t, have the proper security uh tools in place to prevent this from happening.
So they’re. They’re, basically low-hanging fruit and hackers, love [, Music, ], low-hanging fruit. They want. They want the maximum benefit for the least amount of effort and mind you. Half of all cyber attacks are aimed at small businesses.
Now you ask yourself: well i never. I i don’t hear any more about that. I only hear about jp morgan. I hear about facebook hear about microsoft. I don’t care about small businesses being hacked well. Here are some reasons they don’t one thing: it’s very embarrassing to admit it and number two.
You may not even know you’ve been hacked, hackers are um, so so sophisticated and typically they could be in a network. For months i mean they could be in there. They could be in your network for five or six months uh, without even knowing about it, and during that time they’re quietly, making their way through from uh system to system getting more and more control over your network until they hit.
And thirdly, it’s. Of course it’s, bad pr um. Do you really want your your clients, patients, really knowing that their information was exposed and, of course, uh? There are all the legal ramifications we talked about already and the regulatory fines and such that we’ve already talked about those could get become very significant.
So as a result of all this generally, these get underreported and also the news organizations like sensationalism. They like to like when a large organization gets hacked if abc accounting firm gets hacked it’s, not really as newsworthy as uh jp morgan.
Now, just because you’re, not worried about your information, doesn’t mean of your customers. Information is any less valuable and what? If your customers knew that you took such a cavalier attitude toward their information, what they? What what they think about it? I think they would be a big concern, maybe that implication of that may be as negative as as being hacked potentially now i should emphasize not to underestimate um the danger and being complacent.
You think to yourself. You know i hear all this, but i still don’t think it’s really worth my while to to invest in more security. Really well, it’s, not a question of of. If you’re going to get hacked it’s when it’s, not if, because they’re, going to find a way in sooner or later, and now let’s, get into our five Biggest threats and how to stop them now any of you have a thought as to what the biggest threat is number one threat.
Anybody. Well, please tell you the number one threat are your employees, because employees may, even though they’re, doing good work for your company. They may do things to inadvertently, not intentionally to cause problems and cause exposure to your to your network.
They can leave fleet information, uh click on phishing emails or logging into compromised pages, and what and that may download malware to their computer and spread it to your network and there’s. A lot of file sharing applications out there uh tools that just go ahead and just download and use without perhaps not even telling you about it and that those tools may have very loose security, um configurations and potentially may tend to potentially expose your data.
Dropbox is one example of that and we talked about the good employees now. What about the disruptive employees? When do you fire, if you fire them? Typically, in the olden days you fire them, they show them the door and you’re done and that’s.
It well. It’s, not quite that way anymore, because you fire them and show the door it’s, not really a real door anymore because of all these cloud applications that are out there. If you don’t control those cloud applications, they can still get access to your data, so they can do a huge amount of damage to your company um.
Even if you physically send them out the door and they can’t get back in, they still can get into your cloud apps i mean they. Could they complete important data? They can still software um. They can steal some private information they can.
They can all kinds of damage to your company. Now let’s. Talk about shadow i.t! Now going back to your employees. Employees can have access well, they do have access to a whole plethora of applications on on the internet and they want to get their work done.
So without your knowledge, uh, they just go out and download whatever you want to use and and use it to do their work and go about their day. They think that they’re, doing good for you, uh problem with that.
Is it’s outside your control? You don’t know where your data is and how it’s uh how it’s being used. I mean it. It’s going outside of your company policies, but you have no way to know or enforce it. So this is kind of a big problem, because if you don’t know that this this shadow i.
t exists. How do you protect it – and this is a very good example here with micah doubt michael dougherty, now i’ll, go into the whole details of the story because it spanned quite a number of years, but this guy had a four billion dollar company And all that was brought down due to one employee downloading, a file sharing sharing application to her computer because she wanted to listen to music.
What she did unintentionally was share a file folder, a file folder that contained very confidential company data and an outside party discovered. This and basically try to extract money from michael.
This is michael’s, company to kind of keep it quiet and michael refused, and this gentleman proceeded to send it off to the ftc and, from that point forward a whole series of legal and regulatory uh processes sued.
That went on for a number of years um. It ultimately led to the destruction of his business. Ultimately, he did prevail. He did have some some vindication in court, but it was a good point. He he won the battle, but he lost the war.
His his business was destroyed and all because of that one employee and their action now number two in the list malware now the amount of malware that’s out there now is um amazing it’s. It’s. Just there’s, 250 000 new malware threats are being released per day per day.
Now you think to yourself, i have antivirus. I should be able to have myself protected with that. Antivirus can only do so much, especially for traditional antivirus, because antivirus needs to have certain definitions updated to that, yet to know that the virus exists, so it’s like a cat and mouse game.
New viruses come out. Our software gets updated to protect it. New viruses come out the fire. Software has get updated again and it’s, not a perfect situation because um the virus, the antivirus software vendors, are always behind because they have to catch up to to update their software um and it’s.
It’s. Uh it’s, an impossible task. I mean you’ll, you’ll, get some protection, but it’s, not gonna be 100, and that in that less than 100 scenario you could get hit and related to that they what they’re.
Very notorious about class of of malware is ransomware right. It’s, it’s, the latest rage in in malware. You want to call it that, and this is what’s. This is what’s happening in the cyber crime world.
Basically they you rent some rickets on your on your system. It encrypts your data, unknowingly to you and then once it has done that it sends you a random note, saying well. Well, it’ll. Give you back access to your data if you pay x amount of dollars in so much time, so it’s.
It’s again, going back to the theme that this is a business. This is the business side of cybercrime ransomware. Basically, it’s, extortion and um. It’s. It’s. Proliferating. I mean i mean it’s. It’s, really gotten uh rampant.
I mean this is a good example here, with uh presbyterian medical center, i mean they had to pay uh roughly about 17 000 bitcoin to get their data back um. I know of another um company, um black belt, a major developer for the nonprofit industry.
They have a hosted application application, they got hit in ransomware, and the ironic thing is that they actually had the means to restore all the data and not have to pay the ransom which they did. They did, but they ended up paying the ransom anyway.
And why do you ask that they do that? Because the latest trend in ransomware is not only are they encrypting your data, but by the time they’ve centered, the ransomware note. They have already uploaded the data to to their network and they are now threatening not only to keep you from getting to your data.
They are threatening to expose that data on the internet, so just simple backup is not enough anymore, so that now now it’s open season, they just three days out onto the onto the internet and you have no more control over it and and It’s, a it’s.
This is a this is a very growing trend in uh ransomware number, four mobile devices, how many of you have mobile phones and how about your employees and you access your corporate email on that phone? This is a very large and uncontrolled uh situation.
I mean you mean you have a kill, switch wipe to wipe your phone if it gets lost or stolen. I mean over past couple of years, uh in this case 2018 to 2019 um, a million between a million and almost at two million users have been attacked with mobile malware.
Basically, a a mobile device is like a computer that competes like any other computer. It can be hacked into and there are just as there are malware applications for a computer for desktop computers. There are malware apps for mobile devices and you can be downloading a malware app, even inadvertently.
That may look like a regular application like a mobile, app thinking. It’s, something useful you can download, not knowing is actually malware, and this is this is a. This is very dangerous because it’s.
A mobile phones are largely uncontrolled and you have, and if you put company data on there, like your email, that could be recipe for disaster, and this is a good, a good example of a uh, a organization that is actually fined uh by the government, because um A laptop was lost and they were found negligent because the laptop did not have encryption.
Encryption helps to potentially block and access the data on the device and they’re. Just not, they were just a non-profit recognization. They got 50 000. So the implications of mobile devices um the dangers of of of compromising those devices is great, and this is a law in tennessee, but other states may have this too.
So it’s uh. You have to be concerned um that you do help the potential exposure uh from uh from not from not protecting your devices. Okay number five, i spent i saved the best for last year. I mean span actually kind of ties in to uh, malware and general, because the stand is uh, the means by which hackers get onto your network.
Primarily you fit phishing emails, um, trying to trick you into uh clicking a link or going to a website um to uh compromise your data. I mean it’s. Actually, the vast majority of email volume out there is spam and the key one of the keys to controlling uh.
Your security is controlling the level of spam that gets into your network. Okay. So with all that, how do you protect yourself? So you need to get a little serious about your company against cybercrime.
I mean it. You have to have to just get away from the cavalier attitude that you’re not going to get hit because um it’s just so prevalent because it’s just a matter of time before you do so. You just need to get serious about that.
Okay, so here are some three steps. Um, that i recommend that you go through to better protect your organization. First, people do have threat assessment, so identify the gaps. Are employees using company owned devices? What are they doing for work at home? Are they using the corporate corporate devices at home, where they working off of their personal machines? What cloud applications are using uh? What your backup look like your exposure and then again again and it’s, a good idea to identify who’s accountable for that whose job is to make sure that that’s the case.
So once we’ve gone through this discovery phase, we put together an action plan and to make sure that your systems are protected and secure and um and that you’re in good shape. But even if we hit go through these two steps, there is a third step that is very important because it’s.
I should emphasize uh security is not um set and forget. You can’t just okay. I put the plan in place. We’re done looking away, we’re safe. No, that’s, that’s, not the case ongoing maintenance and again it’s, not said and forget, because attackers have not said and forget either they’re constantly um.
They’re, actually very innovative. The hackers, a lot of innovation goes on in the hacking community, looking at new and better ways of hacking into your network and getting the most benefit to them and exposing you.
So it’s. A cat and mouse game, so you have to have proper maintenance, have the proper updates, um changing in strategies, adapting changing, evaluating current solutions and see if they’re still sufficient.
There is quite a bit to um maintain security, so ongoing maintenance, very important. Okay and that first step is three okay: now we’re going to give you a low cost obligation, um a fed assessment. Okay, we’re gonna identify security gaps and give you an action plan for better improving your security um.
It may include some things like firewall: more advanced endpoint protection, more than antivirus user awareness, training, um, locking down your systems and making sure you have both backup and recovery abilities and everybody who signs up for this gets this free mobile device policy template and it’s, something that you just take easily customize for your own use.
Now i would love to offer this um to everyone here today, but the reality is um. I only have so many hours in a day. Um therefore um i can ‘ T extend this to five people today, uh, so please only sign up for this.
If you relate truly uh seriously, truly in general, generally serious about being more strategic in your iit and don’t sign up to be just only mildly curious uh also, i want to want you to know. Uh there won’t, be any heavy sales pressure to buy anything or to work with me now, of course, some of you may decide that you want to do that and hire us work with us and that’s great, but that Will be your decision? All i want to do today is provide you a lot of value answer.
Your questions show you some ways to be smarter and more strategic about your i.t and um and and and choice and things you might not even be aware of uh. Finally, um there’s, an application process for this consultation and that’s, because one i want to make sure i can help you and two uh there’s, some information i need to get about you, uh or, and Your organization before we can schedule the first meeting to help me prepare for our time together and to make the meeting as productive, productive as possible and and hear my again.
We emphasize through these points here um, so that’s a little bit about what we’re offering and um. We’ll. Look at that application to today and uh. If you just get back to us before end of this week by the friday um, that’d, be great and uh, that’s.
All i have for you today and i’m sure i would, and then we’re finished up quite a bit early today. Um and i certainly would be more than happy to take any questions. Well looks like um. They’re uh, not any questions but uh that’s.
Fine, i i think it sounds like you’re, all very busy people um, so i’m gonna give you all of your time. Back and um to signing off here, david quick, total cover. I really appreciate that you’re taking time today, and i really appreciate your attending here and hearing about this.
Thank you.