 Hi everyone that was a little slow in starting there. Good afternoon, hope everybody's well and thank you for joining us today for our fourth webinar in the recover and rise series. We're going to be talking a little bit later on to Chris all about cyber security and how to stay safe online which is really important when obviously you're running a business or trading online and Chris has got some really good hints and tips and information for us on that. Before I start I noticed that we've got a few new people in the room. So I'm just going to invite Nikita from Network My Club to just talk through the remote platform that we're on. Hi everyone, welcome to today's event. So just a couple of points to figure out remote and get you familiar with the platform. So just to highlight when the Q&A starts later there's a Q&A section just to the right of your screen so you can put any questions in there. So turn your camera and microphone on just use the toolbar along the bottom of the screen where it says calm on and mic on. In the open networking room just double click the table and you'll move over there. And if you're having any problems turning your camera and microphone on just give the screen a refresh and that should reload it. If you have any questions any queries just double click one of the help desk for support. And you can also use the button tile view in the toolbar to make everyone's screens disappear a bit larger on your screen as well. Any problems just find me in the room. Thanks Cheryl. Quite slow in pulling through from my little avatar so I'm sorry about that today. So as I say this is our fourth in our series. I'm just going to share if I may quickly and show you all what we're up to. Can everybody see those just goes into presentation mode. Okay so recover and rise. We are series one getting online all about how to get online how to improve your business online how to sell online how to be secure online. That's what we're all about for the next few weeks. All of the workshops start at midday. They're all lunchtime and they're all Tuesdays and Thursdays. We then go through the series two which is about customers and marketing series three systems and productivity and series for growth and expansion. So as I say today we're talking about web security. But on Thursday we're going to be running a webinar on e-commerce with Malcolm Duffett who some of you might have met a few times it's also one of our digital champions. And Malcolm's going to be running through how you can sell online using different systems and different platforms. What it looks like and how you can actually improve your business and make sure that you can get those all important sales. So that's on Thursday so if you haven't booked onto that yet book onto that and come along. That'd be really great. But today we're going to hear from Chris White who is police detective inspector. And Chris is going to talk to us all about why cyber security is important and how to protect ourselves and also what to do if you think some things not right. Because sometimes it's really difficult to know whether something's right or not right and whether you just got a feeling about it. So without further ado I will hand over to Chris and we can start that webinar. Chris are you there if you just pop your cam and your mic on you should pop up on the screen with me. Hopefully I'm on. Yep there you go. Work in my end but let's just... Right hang on. If you look at the bottom of your screen Chris you should be able to pop your cam and your mic on. Sorry about this everybody. I'm just going to pop back out out of presentation though so we can sort Chris's camera. He's just popped our screen he's just joined us back in the room now so he should just turn his camera and microphone on right now. Hopefully that's all working. Love tech. Yeah. That's frustrating because we were just talking weren't we so... Right there we go. We can see... Oh right okay. We can't see you but we can hear you. We're trying to get this never do something. I'm scared if you input it. Don't go wrong with the technology so we have to live with that one. Hi Chris. I'm going to leave you. No pops. So Chris White I'm a police officer in the southeast side Brazilian center which we're not for profit organization pulled together by private sector public sector. As it says there that we are working... 10s Valley. Oxford, Southampton, West Sussex. I'm working with the forces from 510th Valley and Sussex and what I've done is I've interviewed a lot of students from the local universities over at Port from Southampton, Surrey, Oxford and New Bucks. Effectively there are the students who are either doing computer science or cyber crime degrees and... To help make safer and trading online safer with their computer systems. So... Going on to the presentation at the moment I'm going to talk to you about some figures just to start off with... Roughly these are all similar to the UK. So in the southeast we're no different with the threat landscape because the moment you plug your computer into the internet you're going on for threats sadly that anyone can experience all around the globe. So when we look at the overall levels of cyber crime reporting it has remained consistent with a small exception in November which was the likelihood online to buy stuff just before that mattress was rushed. I'd say that smaller peak has probably experienced a little peak. It's still out there, the threats still out there sadly in relation to computers. There is a national trend which the southeast of the UK so I can only narrow down some of the crime figures for Surrey, Sussex, Hampshire and Thames Valley. But the national trend has seen cyber crime reporting by about 11%. The southeast has seen an increase back last June but we don't quite know what the big causation was for that. We break down some of the crime figures even more when we look at the last quarter for this year. I'll go through some of these titles so if you don't know what they mean don't worry I am going to explain them. But these I'm going to be talking about these crime types because these are the more serious ones that we see at the moment. So email compromise that's effectively I don't know if you've got Yahoo accounts someone guess your password login to your Yahoo accounts and then take over the account change the password and kick you out and that would be a proper headache for you. Network intrusion so I don't know if you own a bakers on the street corner and effectively you have a website and some infrastructure where you can book orders or you can take payments using an online system. I could effectively break into your systems and then change your website around just cause general havoc and lock you out. So that's where someone can get into your system and damage or disrupt your system. D-dossing which stands for distributed denial of service. That's where I could flood your website or your business with so much traffic that your website falls over and a good example that is when big shows musicians or football matches go on sale. Ticketmaster is a great example. Everyone wants a ticket at 9 o'clock and then by 9.03 the website's gone down because too many people are on it. That's D-dossing ransomware. So again, I've got into your system. I take a copy of your data. I then encrypt what is left and then you can't have access to any of your data. So I say like pension customer record management database emails. You just you just lose access to everything sadly and that's called ransomware. And what happens next is you'll receive one email from me saying if you want access to your payments and money. And then if you pay, you then get another email saying here's your data back, but actually I want another payment to prevent me from publishing it online. So they're doing the what's called exfiltration, taking a copy of the data, encrypting it and then exposing the data. So watch out for that one. PBX hack in smaller figures. They're only one last quarter. So PBX hack it is sometimes you use online phone systems. Sometimes we pick up the phone and we just dial the number, but when we're at work in bigger organizations, we use the internet to make those phone calls with some of those internet phone systems can be hacked as well. And we see what we see there. Premium rate numbers being dialed and you wouldn't know. And web vulnerabilities, small figures are going there. Put that down to minor vulnerabilities and exploits and websites where they just exploit the issues, but more importantly, moving on to data breach. So that's where someone stole in your data and you've lost part of your data. And then there could be a reportable incident off to the information commissioners office. And then the other one of aceless extortion threats. There could be I did ask your company until you pay me to stop. That's some I've seen there. We've talked about ransomware. ransomware still remains to be the primary disruptive threat to organizations in Southeast England. And we'll show you later on how that can happen. So down in the Southeast, we've had over the previous quarter, there are about 19 ransomware instance involving small businesses. And then there was four ransomware instance that's effectively disruptive people at home because you can still catch this stuff at home. We know that in a lot of the incidents, the dominant variant is ransomware called Conti. Certainly different ransomwares have different titles because they're different pieces of software or they're different organized crime groups, groups operating it. But ransomware did get a bit busy during the summer. Historically, there was ransomware outfit called dark side and they were responsible for that instant over in America. You might have heard of it, that colonial pipeline attack. They did go quiet, but I know that they offer this as a service so you can go on to the internet. There are particular areas of the internet where you can buy someone or you can buy something that can undertake this service for you if you're not technically competent to do it yourself. But that's known as ransomware as a service. So there's not a lot you can't buy on the internet and you can still unfortunately buy unlawful products and unlawful services. So you can get people to do this and they run things like price jobs or hourly rates or daily rates at this stuff. And sadly, we break down the victims as to who's being targeted. I mean, I could be safe to say that once your computer is connected to the internet, you could be exposed to all manner of these threats. But looking at this, manufacturing seems to be impacted on the most. And then going around that circle, professional scientific, that's probably some link to pharmaceutical sector at the moment. But you have a quick look at that. These are all in relation to the more serious cyber instance. There is a vulnerability out there that you might have heard of and I don't want to go too technical in this group, but it's called print nightmare, which if you have printer scanner copiers in your workplace, the short version is if you could make sure they all get their software updates when there's weaknesses and vulnerabilities. Effectively, that would be fixed overnight as long as you're updating all of your devices, your machines, your mobile phones. We're going through the threats, because this we can relate to a little bit more. So color coordinators, we're probably looking at here is business. I think we'll chat today, but we do target threats towards primary schools and secondary schools and further education colleges. So overwhelmingly, at the top there, you can see the threats are all coming in through phishing emails, phishing attacks. Then the next one down is impersonating crimes. So again, that could be a phishing email where I'm just pretending to be someone I'm not, which is there. But you should always, if you're not too sure about an email, don't be too afraid to react and act on what they're asking you to do. Due diligence, go to a reputable search engine. The phone on their advertised phone number, you should never phone someone on the phone number, which they send you in the same email that you've got suspicions about. Just take your time. You don't need to rush. And if there's any emails where they're putting you on urgency, then that's a great red flag for me. If someone says you must do this within the next hour, that's pretty much a red flag, because that's not how genuine lawful people do trade. So once the phishing emails come in, sadly, some people click on the link, then the computer by clicking on the link has had the permission to download viruses or the malicious software. Viruses, your malicious software is the third biggest threat we see at the moment. Then you've got unauthorized access to files or networks by students. The denial of service attacks. So we're going down the list there and you can just see where the threats are. So it is the phishing emails. As a result of a cyber incident, there's disruption. It's not always a financial disruption. So yes, at the top there, no any listed impact. That's just some of the data which we've collated and that people haven't filled it in. So we've just always got to do full disclosure on that data. So we just don't, it's an unknown listed impact. But what you'll see there is people in business, your time is taken out of your day to recover from the impact or disruption of that incident. And time is money, isn't it realistically? When your staff are not able to deliver the product or service that you sell and they're trying to do something else, time is money. So you may get bad reputation, lots of sales. People might go to your competitors. You get complaints. You then might have to cover a fines or goodwill compensation. So it's not just a cyber incident where your computers won't work. There's a lot of consequences to that. Can we stop all this from happening in the first place? So I mentioned earlier about what are the easiest ways majority start taxes, covering off some of these up-to-date malware protection. So if you're running a Windows 10 machine or machine a Mac, just make sure Windows Defender is up-to-date, turned on and actively downloading its latest protection every day. So always make sure you're getting the download. If you're using a paid for virus product or a free virus product, just make sure it has the ability to make contact with the internet every day and download today's version of it. Passwords, definitely important. We've got to have strong passwords. I'd probably move away from the expression of passwords and go to passphrases. So just wrap three random words together. They can't be linked into pet names, birthplaces, favorite color or maiden names. All of those are out realistically. Maiden names because I could probably go on to... Ancestry.com and I can look up a lot of your maiden names anyway because it's all there listed publicly. So certainly on social media accounts, we do leak a little bit too much information on social media accounts, especially when it comes to pets. So three random words. Just pick three random words, squash them together and then make that your new passphrase. So try and get it out of your head password. Go to a passphrase. It'd be nice if you could have a passphrase with character length of at least 13 characters. So if I put that into context... Password in your head. You have your password length, which is only made up of eight characters. I could probably hack a password. There's only eight characters long in just under 20 minutes. So we've got to bet with our passphrases. So try to get your passwords a little bit longer than 13 characters. It'd be pretty good. I know you're sh... It's getting fast. If we could just make our passwords longer. Firewalls. We need firewalls turned on. So at home, you're probably looking over there by the TV and you've got your Skyrouter, your TalkTalkBox, or your BT Home Hub. And I know in small business, you like to have those same sort of devices. Just make sure the firewalls turned on and it's working. So that will keep the bad traffic out and the good traffic in. It's rather like you're going into, I guess, a nightclub and you've got the door steered on the door. Generally, they screen all their customers, don't know. And a firewall will be screening internet traffic and it will be preventing the bad stuff getting in and out. Restricting rights. So again, if you're small business, your laptops which we're using or your computers that you're using, make sure you're not using it on the administrator account. So I know when you take the laptop out of the box, you plug it in and it has one account which you log into. That's usually the administrator account where you've got permission to do loads of different things. What you need to do is create a guest account, or try not to call it a guest account, but call it in your personal name. But just make sure you have standard user settings so not administrator level. Administrator means that you can do anything. You can do untold about damage. So realistically, we want to remove administrator settings and do your day-to-day business activity. So surfing the net, answering emails, just do it on a standard account that doesn't have high-level privileges. Why? I open up an email. I click on the link. I then try to download some software with only standard privileges. I can't download the software. So that means I can't download the virus. So there's good protection there. Back and up data. So we must have a backup. People are comfortable with using the cloud. Certainly, we've got Dropbox, iCloud, OneDrive. They're all good examples of it. You must make sure that you have backups in place. You can use cloud, or if you've got your own storage devices in your shops or offices, once you've completed your backup, it needs to be unplugged from the internet. So it's called an offline backup. So if you leave your backups all connected to the internet, if the virus comes in, it will find your primary backup. And then it will realize that you've got another backup connected and it will just encrypt that as well. But if you unplug your backup when you're not using it, no one can get to it. So just make sure you have offline backups. So as we go down that list, there's certain security controls which we can put on. Policy. So you must have a policy to update any security updates within 14 days. Sounds complicated, but just go into your window setting or your Mac settings and just turn automatic updates on. You can do that on your iPhones and your Android phones as well. Just turn software updates and app updates to automatically on. Some phones are set up so that they will only do the updates when they're plugged in on charge and they're on their home Wi-Fi and they have more than 51% of battery life left. So just bear in mind that when you charge your phone up, that's when probably it has its only opportunity to do those updates. And then if you're going out shopping, I don't know, or you're on the train and you're going to connect to any public Wi-Fi, it's preferable that you use what's called a VPN, a virtual private one. The ability where you can encrypt your Wi-Fi. If I'm on the same network on a public Wi-Fi with some special software, I can see internet traffic and I can decrypt it and I can see that I don't know if you had a Yahoo account or you were logging into eBay. You log into eBay and it says what account do you want to use, you type in normally your email address, it then says what's your password, you type in your password. With some software you can see all that traffic being transmitted and received. But if you have a virtual private network, a VPN turned on, that gives you end-to-end encryption. So if you can use public Wi-Fi to do what's called sensitive searching, so that's like your banking, your emails, anywhere where you've got to log in and pass the password, preferably use a virtual private network. If you're just going to log in to see the latest sports results or see what the weather's like, that's not sensitive. But I will prefer if you use the virtual private network. So we're going to... Fish and emails, because that's what... ...the moment. Whether you're on your phone or on your... ...you're going to get a screen like this. The email comes in. So this is rather old one, and things don't change with the Fish and emails. So there's a couple of things here. Let's go for the chat room. Let's use the chat room. There's five things wrong with this email, or five red flags on this email, which would make... ...backed away. Can you type in, if any of you can spot what's the risk in this email? We'll go through and identify them. So anyone see anything wrong with this email? Any alarming features? So certainly on your computer so you can probably see the mouse. You can highlight the mouse up the top. So the time date stamp. So how many of you have had the United Parcel Service come around your house at 4.49 in the morning? It just doesn't happen. So have a look at the time date stamp. Does it match the sort of service that's been delivered? So to me, I'd delete that straight away. If they were around my house at 4.49 in the morning, I probably would have heard about it because there'd be doorbells going. The email address. You know you can hover across the email address and it would tell you the real email address behind it. So we'll go through that in a second. So time date stamp, the email address. So when we hover across it, it would display the real... ...finder. So we know there the ntxresearch.com is nothing to do with UPS. So as long as you hover across it or if you're using a mobile phone, you press it and it will show you the real email address it's come from. So always check the header. If you're in a business and you've got things like Office 365 running, there is a rule you can put in where it will automatically display the real email address for you. You just got to do that for you. A small business is big enough to have a couple of staff members. You can configure it to make life easier for you. So consider that one. Attachments, download. Wouldn't download anything that I don't really expect. So zip files quite dangerous. So you download zip files, a bit of software, it will go into your computer, you double... which is then on your machine. So consider what you really need to download. So any Microsoft Office products, you can use what's called disabled macros or open in protected view. If you don't really need to open up the whole spreadsheet or the PowerPoint, always make sure any Microsoft products, you can open them up in protected view only. Why? Because you can hide a virus in a spreadsheet or you can hide a virus in a Word document. It's not complicated to do that, which is why you always see things like macros disabled. It's quite important to leave them disabled. Dear customer, the game's a little bit vague, isn't it? Realistically, if it's a personal email, it should say Dear Chris. So anything that's Dear Customer, they don't know who you are, so delete that. And then the comma. There's a little bit of grammar error in there as well. Yes, I know the bad guys getting better at their literature and grammar, and there's less errors in it, but certainly that one is a dead key. For example, Barclaycard. There's some errors on this one. One, two, three, four. I can see five on that one. Any ideas on that one? So again, the email address at the top, hover across that one. So there's the real email address underneath it. Again, you can see that Barclaycard server.cybermarket24.ru. Certainly, last time I checked, .ru means Russia. Barclaycard's head office is not based in Russia. So again, straight delete. You've got a cut and paste error here, haven't you? Between party and this, that should all be on the same line. Get started. If you hover across that, that will not be taking you to the Barclaycard website. That'll be going somewhere else. And then down the bottom there, I have done this talk to education. They've said best regards. That should be capital R on the second word, which is a bit serious, but Barclaycard. They never call themselves that, do they? It's always Barclaycard. So a bit of... Anyone not had this? Any email? I don't know. I asked you to go to the cat and we're all wishing to just click on the link just to see what happens. Well, I can just tell you it takes you. If you're in the UK, it would take you to... And Facebook. ...for TV license. Basically, all it's trying to do is just get money out of you. But again, if you're outside of the UK, because this is a campaign that's targeting UK people only, if you open this email up outside of the UK, it takes you to some weird YouTube channel. So there's something called your IP address, which gives away which country you're in. So that's how people target particular countries with phishing emails. So, yeah, from email up there, insightbase.com is not the UK TV licensing outfit. I say outfit. Sorry, agency. That's what happens. You click on the link and it takes you to a dodgy website. So you go on to this... Remember, so we've clicked on the obituary section. And you see the circle is going round and round at the moment. Often seen when you've got a slow internet connection. It's a bit slow. Website or my internet's playing up. At the top, you see it's responding. Down the bottom now, you see the security centre. That's being turned off. That'd be worrying. But unfortunately, it's now too late. So you're probably thinking, oh, this is a very slow website. You might close the screen. You might not. You might just sit and wait. But what wins that? That was 26 seconds. I think that was. That is the encryption has taken place. All of your files are now encrypted. You can't see anything. Everything's like gobbledygook, as you can see there. That is how quick the encryption takes place. So there's a lot of things you can do to prevent that from happening. And we will go through that. But roughly that is what you see and how quick it takes place. So the only file which we left unencrypted. This is a typical example. This is the only file you can see. So there will be all your files have been encrypted. Tough luck. Not what you can do. Don't reset. Don't do this. Don't do that. A lot of worrying things there. I'll address here. So this would be the email. If you want your stuff back, you email us and you put some money in our Bitcoin wallet. So they will say how much money they want. And effectively, Bitcoin is a currency. It goes up and down like a YOLO, like any other currency. But certainly they could ask for one Bitcoin or half a Bitcoin. I have heard that they do homework on the businesses that they do target once they successfully target them. So they've gone to company's house and they will see how much money you've got roughly from your last submitted accounts. And then they will adjust their ransom accordingly. So certainly, let's look at the figures. Since last March, March 2020 to July 2021, we saw 294 reports of ransomware reported to ActionFraud. 46 of those were schools. So it is quite disruptive to schools and they do tend to target schools during school holiday time when there's not many IT support people in. So again, we've also seen examples of some of these ransomware being inflicted and their damage on like long bank holiday weekends because they know there's less people in offices or shops because most of them are shut because it's a bank holiday. So just be aware of that. We protect ourselves because it's all a bit doom and gloom at the moment, isn't it? So, what we want is to go to your home on the family computer or whether or not you're at work. All advice is to print systems. If you're on Windows 10, just make sure it's auto-updating. It's a switch that is inside the window settings. Just turn on auto-updating and on your phones, update the apps. The manufacturers of these devices fix it and this stuff happens 24-7 because it's not necessarily the people that fix it are in the same country so they could be working whilst we're sleeping. So, yeah, effectively, update your systems, update your browser, update your antivirus, your antispyware. So on Windows, that's called Windows Defender. So antivirus and antispyware is all in the same one but you might have downloaded some additional ones. Make sure your firewall is updating so you can see the theme here. Make sure everything is auto-updating. There's something called two-factor authentication or multi-factor authentication. Again, turn it on. They're free. They all have it. Just turn it on. So if I log into my email account and it's the first time I've used that device to log in, effectively it will send you like a six-digit code to your phone as a text message or you might have an authenticator app and then you type that six-digit number in and then... So make sure two-factor authentication is turned on. When it is turned on, you can see from, I don't know, Sainsbury saying here is your six-digit authenticator text. You've been asleep. So someone knows your password. You're saying Sainsbury's account. So effectively, you know that password is compromised. They couldn't get any further because they didn't type in that six-digit code that went to your phone. But it's a great notification. So my password is being compromised. I need to change that. But without two-factor authentication, you can just imagine what's happened. So I see that quite a lot. Every week I speak to businesses where they small business do all their trading on Facebook and Instagram. So not all of them have turned 2FA on on Facebook and Instagram. So if there's a data breach and I can see some passwords for that small business, you could log into their Instagram account, take over their account, change their password, be a bit destructive, probably damage the reputation, upset some customers. In the meantime, you've got to email the business if you want your Instagram account back. You best pay me some money. Quite rightly, you'd be reporting it to Instagram. You would then respond to the investigation and try and give you back to your genuine account. But that doesn't take place instantly. And whilst I have seen the side people of your accounts, and they're just damaging your database. So just make sure you again, virtual private network if you're going to use anything other than a trusted Wi-Fi. So you're going to go to a Wi-Fi that you don't know who owns. Password manager. So if you've got access to a password manager, they're on your browser, or you can download a password manager. Definitely use one. So the password can store all your passwords for you. So you really need to remember one long, strong one, which gives you access to your password manager. And a password manager will then remember all of your other passwords for all of the other accounts that you log into. So I think I've got about a load. It's well over 100. And it still mounts up, doesn't it? You've got your bank, your shops, your loyalty schemes, your email, Amazon, Facebook, it all adds up. So there's probably, I guess most people had at least 40 to 50 passwords. So have a password manager with that. I know in the olden days people used post-it notes, but we're trying to move across to password managers now. A screen lock. So on your username, effectively, it should go into and then when you come to you pick it up and you come to using phone phones, they would take your face, take your recognition. Others would take your fingerprint. Others would get password or a pin code or even a pattern. Just make sure you've got that turned on. So that's if someone picks up your phone. Let's keep their kids out of their phone. I know that. But certainly just make sure you've got screen lock on. And you should have a separate account for every user as well when you're at work. So if 10 people are logging in to the same generic computer, you can't tell what's gone wrong. So have a separate account for each user. And again, back up and not using a public Wi-Fi. So I've talked about some of the risks. And I know some of you that that might be above you. Some of you might be technical proficient in this already. But certainly the Home Office, when they started this project, they advised that not all small business have to technical services or support to find help. And then when they have lived, they can't all act to help because it's hard. So effectively, we're offering these services here, no services here. So security training, for instance, and the this says that new staff when they join a business should have some security within one month of joining a company. Apply with some of their recommendations. But I know small business can have departments. So it's something which we account for as well. Just general security awareness training. And it will benefit you as well, because we all say accounts and mortgages, which we want to keep our money because we've worked hard to get it. Most, all the sub-skated training which we do does benefit you as a person, not just as an employee of a workforce. If we go down that list, some of them got confused and titles, but the remote vulnerability assessment, I can pretend to be a hacker, but I can't see what the weaknesses of vulnerabilities are. We would then provide you a report to low-hanging fruit yourself, and then if it's at your technical capability, we can signpost you to some more experts that can help fix your systems. We provide that all in a report. The hackers will, obviously, once they find a vulnerability, they would exploit it. The internal in this one is once they get into your systems, they can see how they can move around your system. So imagine that you're big enough that you've got quite a few staff. Some of those staff, one of them could be a bad apple, a midlife crisis. What could they do with the data? They could go into your sales database or your pension base and just take a copy of everything and then try and sell it on the dark web. So your sales team shouldn't have access to your HR data and your, I know that the security guards shouldn't have access to the sales data. You give people what's called least privileged principles. They only get what they need to do to undertake their roles. Security policy reviews. Again, do you have security policies in place? Do people know what to do? What is the plan? Not everybody has any security policy reviews. And again, continue the exercise. Have you practiced a cyber drill? So I know that we've looked at, we have fire drills, haven't we, since the day we were in primary school and we do first day training four times a year, one of the new threats at the moment is, have we ever practiced a cyber drill? Do all your staff know what to do if it starts to go wrong? So we do continue the exercise, planning and training. So that's comes that off. Cyber essentials is a framework which the UK government are pushing out. So you know where you've got some, you want to install some windows or you want to buy a certain toy. They've all got frameworks in these like British Kite Mark or ISO. What we are doing is benchmark framework for computers. So if you achieve cyber essentials, yes, there's a cost to it. It's 300 pound plus fat, but it will encourage you to do certain cyber security devices. So I talk about your computers, your laptops and your mobile phones. They are effectively just small computers that fit in your pocket. If you get cyber essentials and you achieve it, that will protect you from the cyber crime. You're also entitled to cyber insurance as part of that scheme. That's something worth considering because I know some people go and buy cyber insurance and I've certainly we pushed the school down this journey the other day. And yes, cyber essential cost and 300 pound plus fat to get achieved didn't need to do their cyber insurance which was costing them about 2,000 pound a year. So have a look at cyber essentials. Give us a ring we can help you along that journey. Certainly during the cyber resilience centre the core membership is free of charge. Everyone gets a welcome pack which talks to you about what we can do. There's monthly newsletters that come out that talk you through what the threat is that we're seeing. So every week I get to see the crime data and I see that that could be Facebook account takeovers Instagram account takeovers people logging into work machines when they're at home. People letting their kids jump on their laptops to do their homework. The kid goes on to a weird way and then sadly downloads the virus to your work machine which then spreads around. So some of these like bad practices but I can see why sometimes this happens but the membership we're talking through some of the things that you can fix yourself free of charge. There's a lot of free services out there that the government are dishing out which others charge for but certainly there's some things that you can download for yourself that you use in the workplace that will help keep you safe not as a chargeable service. So there you see it secrc.co.uk slash membership if you just join sign up I have a read of the welcome pack and then one of us to have a chat through what you need but if you want to connect on LinkedIn my details are there we are on Facebook, LinkedIn YouTube, Twitter Spotify, Buzzsprout the list goes on because I know everyone is not comfortable with every single channel so we're just trying to get out there and raise awareness realistically and it is just generally crime prevention advice but we're now moving on to cyber crime prevention advice because that's just please so question time I guess yes please Chris that was absolutely brilliant really really interesting actually we've got absolute loads of questions and I'm going to sit and ask your avatar oh I can see you there's really 100% can you see us we can see you Chris there's really 100% we can see you right I'm back great brilliant nice to see you nice to see you I didn't realise I didn't know then whether you could see that we could see you so that could have been awkward we've got quite a few questions here you can can you see the Q&A from your sculpture yep I'm wondering if you could run down normal whether you know there's quite a few there so perhaps you could just kind of run down and see what's going on right how many small businesses are affected on a yearly basis oh my lord loads loads so I will get some actual data for you on that one I will I'll get some data and I'll put that back to Cheryl so she can send you an update on that one but I'll get you the I can break it down by Sussex sorry Tenswellia and Hampshire depending on where you are I think you're all in Sussex but I can find out organisational data for you so if you don't mind I'll pass on that one at the moment but I will get you the answer so you get the correct data I think from my personal perspective when you think about hacking and cybersecurity you always think about the large companies you don't actually think about the small businesses so we would be actually really good to see that sort of data so we know how vulnerable we are as a small business community so yeah thank you that would be really nice okay question number two I don't just have any of the backup solution providers so if I'm sat on my computer now and I have all of my family photos on my computer and then I back them up to iCloud or Dropbox there is a backup there so say for instance the hacker gets into my computer and he I can get away with saying this a he because I haven't met a female hacker yet but they delete all of the photos on my computer now that I'm using they will see that there's a live iCloud and they will then jump across to iCloud and they'll delete all of the photos on there as well so now yes I know say your computer had a hardware failure you've still got the iCloud your backup but if it's a malicious hacker that gets in they will see where your storage devices are whether it's in the cloud or whether it's on a device and they will delete the lot there is certainly depending on the third if that hacker knows that and then they go and do the simple thing like empty the waste bin it's gone so that's where the risk is so the cloud solutions do provide solutions for power cuts and hardware failures laptop failures but when a malicious actor gets in there they they want your data they want to prevent you from getting the data so they're looking for you to pay to get their data back so that's why you need a version but I know that not everyone can afford that there was a question there actually Chris just leaves on from there how often should you back up? wow God yeah how long's a piece of string I'm sure well it depends how busy your business is because if you're I don't know let's pick on bakers this week say for instance they start trading 8 o'clock in the morning and they take a load of customer orders over the phone or online orders and you've taken 20 orders by 10 o'clock and you lose your systems and that's 20 orders that you now need to try and find out who they were from how they were paid where they should be delivered to depends on how busy you are so banks they would do what's called mirroring backup about three or four times a second quite obvious why they do that and they'd be stored in multiple different locations all around the world schools I think they do backups a little bit more frequently during exam time but if you're not doing business you might want to do weekly backups or daily backups certainly at home I think I do monthly backups but it depends how busy you are and again finances because to do a backup could be costly because you're increasing your storage space so it's how much time you've got to work out if it all goes wrong to fix it we've got one from Clive here action fraud is dismantling what or who is replacing the service that's work in progress so action fraud is still around they are the UK's response to reporting cyber crime or economic crime or fraud it's run by the city of London police force and until another service has been identified and is up and running and is fault free we won't be moving away from action fraud so they are here for the moment but they're not going anywhere and I think that's all in tendering at the moment so I don't know the answer to that one I don't think many people do know is there an operating system which is less hackable wow so Microsoft Windows is quite popular isn't it quite a lot of people around the world have it and Apple is probably one of the biggest competitors a lot of people have iPhones and iPads and MacBook Pros certainly Windows machines are more flexible from a configuration programming point of view and Apple's a little bit more locked down isn't it they work in containers where an app gets vetted and screened by Apple and unless you tear down an Apple product you can't really get inside of it they do have weaknesses and vulnerabilities like anything they are massively different in the way they operate Windows and Apple users don't get on do they because they even like the left mouse button and the right mouse button does completely weird things yes there are people that do say Apple machines are far more secure but then there's other software out there called Kali Linux which is not so user friendly but that is more secure you've got to get what's right for you and then like with all of the devices the advice is the same in relation to turning on 2FA which is not operating system specific turn on your antivirus make sure it's updating turn on the patching make sure it's updating all of these things keep all of the devices safe and that also includes things like your Samsung TV at home your smart TV I mean I know you might not think that those things can catch viruses but they can because you can surf the internet on them and you'll find that in some of the Samsung TVs that there is an antivirus in there and a monthly checkup you should be doing on them as well which is a scary thought isn't it but anything that's connected to the internet a smart device I hear every day that you can hack different devices so case study time the world one of the casinos over in America last year publicized that they were the safest casino going brave because they were hacked within a matter of hours just to prove a point how did they get done over well in the casino lobby there was a fish tank which obviously had fish net fish temperature fish pump fish this fish that and the temperature gauge was connected to the internet and it had a vulnerability net so they had to see no fruit of fish tank temperature gauge so you've they're called internet things so when you look at your own house I know there's a lot of washing machines out there that are now internet enabled there's toasters kettles fridge freezers TVs you've got the Amazon Alexa the Google Echoes the Ring doorbells all of these things were desperate to connect everything to the internet but we're not too concerned about reading instructions on how to set it up correctly so all I would say is please do read the manufacturer's instructions make sure you've taken everything off of its default password because you can Google most default passwords so like a printer scanner copy in the office if it's still left on the password it got when it was put in its box and you take it out of the box and just plug it in I could probably get into your printer scanner copy because it would be on its default password so do read the instructions because they are all different we are trying to challenge different manufacturers at the moment security products are an opt-out if you're not happy with it rather than you having to opt in to turn stuff on because that would be the better way of operating some of these things securely let's go back to question time you can see I talked don't you is there free software I can use to check if I order we can always carry it on in the network and after but please carry on for a moment or two it's okay I can use to check if I'm on the team I've been hacked does it become everything right particularly kind of you know something to share so the free software I can use to check that I or the team have been hacked I don't understand a question in that one is it your device that's been hacked or whether or not you've been involved in the data breach if you could just just chuck that in the chat room so have I been pwned which is spelt p-w-n-e-d just use a reputable search engine then type in at the top have I been pwned.com should be a blue screen with white writing if you register email address on that it will tell you how many data breaches you've been involved in and then tell you what the data is that has been breached normally it's email address password name address employers details there's a lot of stuff which is out there on data breaches again once you know what's been breached you then know what to change if you've had quite a lot of like personal identifiable you want to really be subscribed into like a free monthly credit scoring system so Equifax, Xperia, Moodle any of those things clear score they can then give you a free monthly credit report and if someone's doing what's called identity theft pretending to be you so I don't know let's pick on Cheryl so I've got Cheryl's details her date of birth her home address her postcode her name that's probably more than enough for me to get a mobile phone in her name and then the next thing Cheryl will know when the bail is knocking on the door so are you actually going to pay your phone bill and you go well I know nothing about that if you had your free monthly credit score the moment I put a new mobile phone in your name you'll see it and then you can phone up whichever mobile phone provider is and get it cancelled and squashed is there free software is there free software check the team we've done that one can't the password manager password be hacked yes it can their business is to keep your data secure if they do get hacked then they're going to be bankrupt to them seconds aren't they so they take security very seriously and to access anything for a password manager they will tell you you have to have the latest operating system you have to have two factor turned on you have to have a strong password you have to use the same device so they will make all of the security mandatory to use their services because they want to protect their brand as well so if they turn all that stuff on then I doubt you'll be allowed to be a customer of theirs so they take security seriously but you are right yes anyone that's on the internet can be hacked but they look after security far better than most people because of what they do action fraud we cover that one off would we be able to have slideshow sent to us after to look back on yep I'll chuck that on a PDF for you scared to think the new TVs yes totally agree this one what's that so have I been poised as basically a search engine of data breaches so if you type your email address in it's just searching against all of the data breaches that are out there if it comes back if the screen goes green I would say you haven't been involved in the data bridge yet if the screen goes red it will give you a list of the number of data breaches that you have been involved in now certainly is someone was involved in 34 data breaches and the amount of information was out there the only way that they could clean up was change all their passwords and move house that's not proportionate certainly what they needed to do was look through all of the breaches which involved a password and all you had to do was change the password for all those breaches you can never use that password again because that's where you've used the same password because your password is researchable and your email address is researchable but change the password turn on 2FA and never use that password again and if you're one of those people that does your password is like January 1 I know what your next password is going to be so it's going to be January 2 so the hacker will know that as well so if they see a password breach that involves January 2 so you need to do something when I spoke about 3 random words so like beach sun sand make sure each word is capitalised so from a password point of view that's capital B then E-A-C-H capital S-U-N capital S-A-N-D that's what beach B-E-A-C-H 12 so that's 14 characters isn't it beach sun sand if you want to make your last character a space that's quite annoying it is a character a space is a character but then you can't actually see how long it is you don't know how long it is so chuck a space in at the end that's a really good tip yeah it's a really good tip yeah and then if you are brave enough and good enough to make it complicated putting symbols and numbers in then that's where it starts to get difficult you can spell otherwise that's going to be a bit annoying when you come back to the intro but if you're not comfortable with using a password manager I get that some people still like to use a little black book some people like to use post-it notes some people put the black book in a fireproof safe every night because they're comfortable with it because they're in real-life possession of it I use password managers myself I have a long complicated password which the password manager says all right Chris is trying to get into ebay it would then auto populate the password in ebay and then I log in and I've I've had to do very little human intervention if I get an email in asking me to log into Amazon for today's deals I go to Amazon password manager is trying to populate the password but it's already checked Amazon because it's a fraud website I need to go to Amazon and it directed me to go to their version of Amazon the password manager will not populate with your password because it knows that's a fraud website so it's doing some extra work in the background so there are some pros and cons to it as well but I know not everyone's comfortable with using something that they're not happy with and I wouldn't encourage people to do anything they're not happy with so have I been pwned we covered that one off with dates on those seven data breaches now and see effectively I don't know if one was data breach in January 2016 to your Yahoo account if you changed your password after January 2016 then you're safe but if you're going oh I don't know where I have then I'd say that's a no and you need to change your password and at the same time turn on 2FA and then once you've done that click the line and you are involved in the I don't know the Chris White data breach I hope not but you're involved in the Chris White data breach tomorrow and you'll get an email about it telling you what's gone and realistically how to fix it all right Vicki what about cookies when we have to accept these cookies when we go on to websites you don't have to accept cookies if you don't want to accept your history and you and what you've liked and where you've been before so that when you jump onto the M&S website for instance they know you looked up food last week so the website will probably be offering new food offers on what you've been through before so you can surf anonymously if you want to or disable personalisation cookies you can say with all cookies if you want to but you'll then just have to auto enter everything when you go go onto that website just means a little bit more typing for you and you won't get that personalised experience which is what the market is and advertising people think is great tracking cookies cookie is a tracking thing they're all tracking so you jump from one so if you go to Google for instance you'll probably there is some software called ghostery so that will block all cookies and allow you to basically surf anonymously and you'll see that if you go on to the BBC website or Google they might be exchanging cookie data between like 20 different companies because they all share data so yeah they track that's why you hit Google don't you and down the right hand side you get banners and there's a plumber near you or there's an offer on Google but you can surf anonymously ghostery or just set up your browser so if you use edge or Firefox go into the settings and you can browse anonymously if you want to brilliant Chris you're an absolute super star absolute super star thank you so much I'm getting a bit of an echo back I don't know if anybody else is but Chris are you happy to stay around for sort of 10-20 minutes on our networking yeah certainly I'll be around for a while but definitely encourage you all to sign up to the centre and you can get that welcome pack come through and start that journey to keep you safer and trading online brilliant and just to confirm we will be sending out Chris's slides so if you've missed any of the links or any of the info we will be sending those out so thank you Chris that's absolutely brilliant we should see you in a moment if you just turn your camera mic off now you'll disappear like magic from my screen thank you okay so just that was absolutely I mean I was actually riveted there really really interesting but so much information and so much to do as Chris has just said he's going to hang around with us for a little while we're going to have about 20 minutes of networking and for those of you who haven't used Remo before you literally just when we come out of presenter mode you literally just click where you want to be so you double click around the tables depending who you want to talk to we don't have any digital champions today with us but there is I'll just quickly share my slide if I may just to show you very very quickly past Chris we do have digital champions who we have introduced you to already and you do get up to eight hours of free specialist support with these digital champions through Coaster Capital and all you do need to do is register at that email address there and you'll then have a chat with one of the growth relationship associates it is a free eight hours of support through this project so I would really encourage you to take that up and also have a look at some of these business support areas that we've also discussed before so the hot house where there's actually some grant funding at the moment locates the EU funding project and rise to 30 so some really really good ways to actually maximize how you can get funding and how you can move forward but I will pop off now and we will go into our networking session and click around have a chat with Chris we've got probably about just over 15 minutes thank you all so much for joining us and I look forward to seeing you on