 Good morning everybody JR Fisher here welcome good to see you here Do me a favor use that chat box over there introduce yourself Let me know where you're from what you're doing. We're going to talk about cyber security today And this is a big thing guys, especially if you have a small small business because that's who they're attacking They're not going after these big companies with big, you know security teams and all that They're going after you guys And the information I'm going to give you today can protect you and help you from becoming a victim So yeah, it's going to be some good stuff. Don't forget to subscribe guys See that subscribe button down there turn it from red to gray. Don't forget to ring the bell Turn on all the bell notifications here notified each and every single time I go live or if I upload a video I apologize. I didn't get an email out yesterday. Let you guys know I was gonna be live today We got people here anyhow, which is great. I just you know, no excuse. I'm not gonna even come up with an excuse I didn't do it. Okay. I didn't do it. I should have done it. I didn't do it But today we're gonna do some good stuff and then and I think it's really gonna help you guys out because you know these Hackers whatever you want to call them ransomware people They are attacking small businesses more than ever as a matter of fact according to FBI's 2020 internet crime report there were 791,000 790 businesses reported cyber attacks that year Like keep in mind. This was a 69% increase over 2019 That's huge guys and that's just the ones that were reported not everybody reports it You know from cross-site scripting in which attackers actually insert new lines of code into unsecured website components to phishing attacks Targeting group email accounts malicious malware. There's all kinds of ways. They can do this Cyber security is a growing concern for most small businesses as it should be for you to now We're talking about cyber security today But any questions that you want to ask put it that chat box, you know ask me about starting running and growing your online business That's what I do here on this channel. We have over 1200 videos right now on those subjects And it's here to just help you guys. That's it. You know, I've been doing this for over a decade I'm going on in my 13th year now And you know, this channel is really just me giving back to you guys to help you out and help you grow your businesses And give you all the tools you need So let's let's first kind of talk about cyber security and what that even means It's basically securing your protected information and critical data online You know little businesses small businesses They implement cyber security measures to defend sensitive data from both internal and External threats because it could be an employee or it could be somebody, you know in Lithuania You don't know and I'm not picking on Lithuania and he stretched to the imagination just stuck in my head But I will say that Joe Biden actually signed a law into effect March of last month. It was just March 1st 2022 But this legislation actually requires critical infrastructure entities To report cyber attacks to the cyber and infrastructure security agency. That's the cisa if you want to look it up So if you get attacked you need to report it because when you report it They can actually do something about it. They can try to figure out how they got into your system They can do all kinds of good stuff. So You do want to report these attacks if you get them That being said a national infrastructure improves So do hackers methods While it is nearly impossible to eliminate all threats You can greatly reduce your business exposure to hackers by establishing a strong cyber security posture It's kind of like, you know, somebody who parks in a parking lot and locks their keys Excuse me, it locks their car and walks away that car's going to be pretty secure But the next person parks in a parking lot and leaves the windows rolled down and the keys in the ignition You know, you're opening yourself up to a lot of threats So what we want to do is kind of mitigate all this stuff before what happens So let's kind of go over the most common cyber security threats to small businesses According to the sba small business association 88% of small businesses actually are worried about cyber attacks. They feel like they're vulnerable One because they know that small companies are often more vulnerable because they don't have these big it teams to protect themselves They just don't have it So they know that they're more vulnerable because people are going to want to attack them more To effectively protect your company and customer information You need to understand three primary cyber threats to small businesses And I want to go through each one And kind of define it because we hear this stuff in the news all the time and we're like, what are they talking about? All right, so the first one is called malware malware actually includes a variety of cyber threats such as trojans Which is something that kind of sneaks into your system viruses, which we all heard about right And these attacks hackers use code to break into private networks Now their intent is actually to steal and destroy data. That's it. Some of them are just doing it to be malicious They just want to mess up your company and some of them want money out of you Malware attack and then some of them actually want to get your information But malware attacks usually originate from fraudulent downloads Spam emails or from connecting to other infected devices Potentially costing businesses an excessive amount of money to repair This is serious stuff guys. This can this can bankrupt your company if you're not if you're not prepared and you're not protecting yourself Um, the next one is called ransomware And it is just as it sounds according to the cisa, which I just defined to you guys ransomware threats significantly increased in 2021 Hackers usually inflict computers with email and can result in significant damage and expenses You know it as the name suggests basically ransomware attacks And holds a victim sensitive data such as passwords files databases, whatever for ransom hackers required to pay the money To be paid within 24 to 48 hours or they will destroy or leak the data Now something interesting about this. What if you pay them and they still didn't release your data? It happens all the time guys, but i'll tell you there's there's kind of a criminal code around this To where ransomware people don't want to do that because people will quit paying So, you know for the most part they're going to release your data for that reason Now the next thing up here is called phishing But that's spelled with a p so it's let me let me put this in here As a matter of fact, let me put The actual definition in the chat box so you can see what this is and then you can kind of follow along as I talk about it Uh, Wayne Charles, man, where you been you've been high and I haven't seen you in a while Good to see you in here, buddy There we go. So what I did is I put The actual definition of phishing in there And basically it's when a hacker sends a fraudulent email or direct message to a company employees with a malicious link In fact members of an organization and work emails are a leading cause of small business data breaches So if you see what looks to be like an edgy email The first thing you want to do is look at where it came from check that return email But that could be fake too, but don't click on any links that you don't know Okay, if you don't know that person you don't know that company don't click on the links Phishing attacks can result in data leaks system freezes virus installations So according to the fbi's 2020 internet crime report a rise in these attacks caused an adjusted losses of 54 million dollars in that year alone. Okay, so it's a lot of money Now how are you going to protect yourself? What are you what are you going to do as a small business? As I said earlier small businesses arguably suffer from the cyber attacks more than larger enterprises Because they lack the resources. Okay. In fact, 60 percent of small businesses closed within six months of an attack 60 percent So they can crush your business guys before describing how small businesses can defend themselves We'll first discuss the cia triad It's a wide accepted model that serves as a basis for modern cyber security So I want to go through each one of these. All right. So what is the cia triad? What is this fancy thing? Basically, it defines three vital components. It's confidentiality integrity and availability Every cyber attack attempts to breach at least one of these attributes guys So if you know about it and you're trying to protect yourself You can do a whole lot better than if you were just laid yourself out there. So Let's look at them confidentiality All sensitive business data should be kept confidential and accessible by authorized users. Okay, so that's the first part of it integrity Proper measures should be taken to ensure that the system data is reliable and trustworthy And you're probably going to have to enlist some help in this. I know we do we don't do all this on our own Availability all authorized personnel must be able to access the network and its data at any given time This means that businesses need to continually monitor network security and system functionality. Okay, this is the triad cia now To understand the relationship between these terms There's an example that I want to go through right now So confidentiality to log into an account The business owner needs to enter their username and password if they forget their credentials They can take advantage of a two-factor authentication Which sends users a code to reset their password? We have this set up on all of our sites integrity Once logged in they had access to accurate unaltered personal and customer data and then of course availability Lastly the business owner and their customers can access the store at any time because of a 24 seven online availability Now here we go The nist Okay, I'm going to go through all this the nist cyber framework The nist is the national institute of standards and technology It's a department within the u.s department of commerce that helps businesses increase their cyber security All right, so using the cia triad as a guide the department established the nist T okay, you can go back through watch this video later I know there's a lot of terms in here at all But it's a five-step system for businesses small businesses particular to defend their information security systems Here's how it works Number one is identify the first step of creating cyber security plan is to identify all devices accounts and data That need monitoring and protection So this includes your equipment, which is your computer's laptops point of sales systems smartphones router everything you got Okay, and then your network Your wi-fi network and your vpn if you don't have a vpn you should get one. It's a virtual private network your account credentials A login for information for email accounts company software tools computer and laptops your cloud storage Any files or information utilizing cloud storage? You want to check out and your website including client information inventory and your payment processor Okay, so that's number one number two is protect Your business needs a multi-faceted approach to defend against multi. Excuse me against cyber Attacks my phone here. It's going off here. It is just fine. Okay, just had to check it. Make sure it wasn't anything important So here's your primary steps for that you want to appoint somebody in your company And it can be you you could be a one-version company But to direct all cyber initiatives if you're the only employee then you'll have to manage it yourself and hire a reputable contractor Like what I said, um, you want to install antivirus software full disk encryption and host based firewalls To set up all software to install updates automatically Only allow your authorized staff to log into your system and your network. Don't let anybody else do it Okay, so I have to every now and then if I have somebody work on my website allow them access But I immediately take away that access once they've done what they're supposed to do You also have to require strong passwords for all devices and accounts and update them every six months I know this is a pain. I don't like doing it either, but you got to do it strong passwords Um, basically are this they have eight characters or more They have one or more upper case characters and they have one special character and one number So you need all four of those components guys you want to implement email spam filters You want to provide and you know if you're using something like gmail They have a lot of good spam filters in there every now and then go check your spam though A lot of people forget to do that and it piles up and you don't even know it Uh, you want to provide staff training on most common threats You want to perform regular security audits to ensure that there are no holes in your system You've got to back up all your critical assets guys. Uh, and you want to use multi-factor authentication Okay, so in other words, it's got to send you a text on your phone or email or something for you to click on You want to use a secure payment processor to protect your client data? We do that you got to do it Number three, you want to detect Okay, your first line of defense to get cyber attacks is consistently monitoring your network systems Any unusual or suspicious activity such as unknown login attempts strange file transfers or movement of data should be reported to your security point person And investigated immediately and then number four is going to be respond You got to respond. Okay Respond means identifying which system or data have been compromised confirm the type of attack. What is it? Inform all users you excuse me users on your network If the source of the breach was an email and form all employees to immediately delete it get rid of it Take the source computer system or application offline to isolate the attack Okay, and then have your point person or it professional somebody check any backdoor hackers May have set up to regain access and then you want to identify the damage number five You want to this is the final one you want to recover Recovery from a cyber attack can feel overwhelming. I mean guys, this is a really frightening thing Like any unfortunate incident, you know, you get in the car accident You get sick or whatever you got to take it as a learning experience And iterate on your security so it doesn't happen again figure out how they got in there patch that hole Whatever it is After an attack remain patient and allow your system and employees to prioritize recovery before resuming business as usual We're pursuing new initiatives now It could be something as simple as some employee within your company Actually clicked on an email and you said don't click on emails and they wouldn't click on emails Has this happened to any of you guys, you know put that that chat section there Have you already been You know attacked have you had a virus has something happened to your system put that in that chat section there This would be really helpful to other people If you share that information now The next thing you want to do because it's a law now is you've got to inform law enforcement and regulatory agencies And I gave you the name of that agency at the beginning of this training So if you didn't get that go back and look at it or or or Let me see if I can just copy and paste that in there Uh, let me scroll through my notes here And I want to give you that particular There it is Okay I'm trying to look through my notes here and find exactly what I gave you in the beginning So that you can use it to your advantage And like I said guys if this happened to you put it in that chat section I know some of you guys may not be watching this Live and if you're not watching it live What you want to do is just put it in the comment section below And um then Okay Okay, I'm trying to find the beginning of my notes here for you guys All right, there it is And I'm going to copy this and stick it in there Copy and I'll punch this right in the notes right here so you guys can have it There we go. So all you got to do is look that up And you'll you'll get the links and you'll figure out how to actually Uh report things which is what you need to do Let me get back down to my other notes here Is this helpful to you guys? Is this helping you guys out? Let me know put that in the chat section put it in the comment section I will come back by later on And respond to any comments if you put it in the comment section if you're not watching this live So you want to inform law enforcement, which is what I just said you want to remain transparent Okay, you want to let all your clients and customers know about the breach against their trust This is super important. You see businesses doing this all the time, you know, whether it's target or a bank or whoever it is They send out an email and they say hey you may want to change your passwords You may want to do something different here While a cyber security attack can hurt your reputation Not sharing the information with your stakeholders can really cause more damage than good. So you do need to let them know Choose a secure website builder your website may contain private data like payment processing information Customer credit card data email addresses logging credentials your inventory. What whatever it is. There's a lot of information there Um, this is uh, Charles Wayne Charles says this absolutely helpful. Good. Good. I'm glad to hear it This is why website security is one of the most important aspects of protecting your business Now, I know I always talk about making money online how to make money online But if you don't protect yourself all this money is not going to matter because people are going to steal it from you And we don't want that to happen. So every now and then I got to do this technical training every now and then I got to do this motivational training, you know, every now and then I got to talk about your health and eating right All these things are important. So therefore a select Website builder that guarantees the highest level of defense Um, so that's what we use we use magento. We use wordpress and they have a lot of built-in securities Plus we pay for other security patches and stuff um A self-hosted platform versus a managed platform Unlike self-hosted platforms which leave users responsibility for their own website security managed platforms Let's say something like wix or Shopify something like that have dedicated 24 7 security teams to take care of this You don't have to worry as much if you're using somebody else's platform But there's downsides to that too wix developers review the process So there's Shopify and they investigate the suspicious activity and they work with outside security consultants and provide reliable web hosting So you also want to have an https and ssl certificate protection We pay extra for those and you should too if you don't have them you want to manage your website builders They're also committed to the highest international privacy and security standards This applies to all business tools and apps it develops Like scheduling software email services like we use kartra and they have their own protection in there And if you don't know what kartra is go into the description section after this video has been posted You'll find a link to kartra and you can watch a video on that Cyber security threats evolve Arm yourself with a provider that has necessary resources to respond to these threats so that you can focus on your business That's the best thing to do is have somebody else watch all this stuff for you Make sure you choose a platform that's aligned with the payment credit card industry data security level one This e-commerce compliance standard protects the security of your credit card and card holder data So you want to make sure that you're doing that Also There's a whole litany of different ones. There's the california consumer privacy act You can look at that Which is a california law that allows consumers to see all personal information and company tracked as well as third parties information share If you want to get more resources or resources on this guys Knowing that a managed website builder oversees your site security Gives users the peace of mind that they need to efficiently operate their small businesses However, you still need to secure other password protection systems or databases like your internet network or email accounts Without an it department smaller enterprises may find it difficult and overwhelming to establish a complete security system That's why we run a lot of our emails through gmail. I have them set up in there I pay gmail every month Even though you're sending an email to let's say jr. Fisher at survival cave food It runs through gmail and they have all those protections built in there for me Which helps but i've got to pay a fee every single month Take advantage of these existing resources to help create a comprehensive plan Number one is the federal communication commission cyber security planning tool. Okay, and let me put this in here Uh, let's see I'm going to put this in the note section so that you guys have this and you could look it up later on if you want There we go. I will put it right here There we go All right, and then i'm going to get back to the other ones i want you to know the next one is the department of homeland security cyber resilience review I'm going to also put that in the note section Uh, and you can you can look up all of these at a later time Oops, let me get it here. It's hard to talk and broadcast and copy and paste Goodness gracious, but you know what? That's what I got to do. I got to get you guys this information This is important stuff guys, and I know it's kind of boring. I mean, I'm this is not exciting stuff But man, it's so important to you guys And if you don't have it it's going to hurt you the next one is called the cyber security and infrastructure security agency Which is the cisa and I talked about this in the beginning. So I want to put this in the notes too There we go. I'm slowly putting all this stuff in there. So you guys have it And those of you who aren't watching this live all you have to do is um Go into the chat section show chat section And when you show chat section it will Pop up and you can get all these links and all these things that i'm putting in here for all these people And then we've got see what do we have here? This is the last one right here, and this is the national cyber security alliance So let me get this in here So you guys have this one here too Boom in there boom got it done All right. All right. So we got that in there All right, so guys, that's what I've got for you today. I know it's more technical stuff today It's not just fun today, right? We're not getting all excited about making a thousand dollars a day or anything like that But you know what if you don't protect yourself? Like I said, you're gonna make all this money and then somebody's gonna steal it from you And it is really prevalent now guys. I mean if you have not gotten a cyber attack or virus lately Whoo, you are a lucky person because about anybody if you if you hold out a stick and touch some people I guarantee you they're gonna say they they experience some of this This is not something that you can put your head in the sand about anymore This is something that you seriously need to look at you need to dig into If it's above your head, that's no problem You can find people on up work or you know, wherever they can help you out with this But this is something you need to do guys you really do Hope this helped you out today. Put any comments any questions in that chat section while i'm still live And if you're if you're not live and you're just watching the recording of this put it in that comment section below I'll be happy to come back and answer any questions for you if you haven't subscribed yet. Oh my gosh. Why not? You need to subscribe click that subscribe button down there turn it from red To gray and ring the bell Turn on all bell notifications so you're notified each and every time I go live I do have like two or three minutes left If you guys want to ask anything if you want to put the comments in there you are welcome to do so um We didn't have a big crowd because I forgot to email you guys yesterday. I really apologize for that It just whatever i'm not going to give you an excuse. I'm always telling you not to have excuses and then if I have one Well, then that's not good. So i'm not going to have an excuse. I just didn't do it didn't do it Okay, no excuses no excuses But I also have a bunch of new videos coming out guys My new videos will be on monday wednesday and friday of every single week I am going to be going to new orleans. I've told you guys a little bit about that So i'm going to be gone from I think it's the let me check here I want to check my calendar before I tell you because I won't be live during that period of time I think i'm going to do some recording now because i'm going to be in new orleans And uh, I might as well Yeah, i'm going to be gone from the 15th. It looks like Uh of april and I won't be back to the 19th So i'm going to miss doing a live on the 15th and i'm going to miss doing a live on the 18th Those are the two days i'm going to miss outside of that. I'm normally monday wednesday friday, you'll see me monday wednesday friday Live and we upload new videos on monday wednesday and fridays too So you'll also get the advantage of that And there's you know anytime you have a question About anything you know starting running and growing your online business This channel i've probably done a video on it and all you really need to do is go into the channel and use the search box Type in any subject matter whether it's drop shipping or whether it's e-commerce or you know seo or whatever it is that you want to ask You know you have a question in your mind about go into that search box type that in there And uh, you'll find a video. I'm sure you find a video on it And if you don't if by some chance you don't send me a message and say hey You need to do a video on this whatever this is okay if you want some information and stuff like that Guys, I really appreciate you being here. Thank you so much for supporting this channel I do appreciate it any time you want to use a monetary support You can also click in that box if you're on youtube there's a little dollar sign there click on that dollar sign You can donate a buck or two to the channel to keep it going All right cost money to broadcast all this stuff with the lights and the camera and the time and everything So you're welcome to do that. Just click that little dollar sign there. Send me a sticker Let me know that you're watching. Let me know that you're enjoying this stuff All right guys. I'm going to get out of here and get to work We finished up three minutes early amazing right three minutes early That's pretty impressive right if you're impressed with that give me a thumbs up Don't forget to give me a thumbs up no matter what I really need this thumbs up It helps distribution of the video guys. So thank you so much I appreciate each and every one of you love having you here and I see more people coming in now But I gotta go love you talk to you soon. Bye