 All right. Good afternoon and thank you for participating in today's NC Tech for Good session. We are the local chapter of TechSoup Connect program. Our primary goal is to collaborate with nonprofit professionals and learn about the future of technology together. We are currently seeking speakers for next year's meeting beginning in January. If you or another subject matter expert in your circle are interested in presenting a nonprofit technology topic of your choice, please contact us. We will also include our contact information in the chat window below. Today, we are pleased to welcome our speaker, Jeffrey Brown. Jeffrey is a global ITC help desk manager with IntraHealth International. In his role, he is committed to making formidable technology, making formidable technology work for others. Over time, Jeffrey enjoys baking cakes, astrophysiography, sailing, and flying kites. He also runs gaming guilds on EverQuest, Rift, and Vanguard. Today's topic is navigating the IT security landscape in a hybrid environment. During this session, Jeffrey will offer guidance and tips to nonprofit professionals when considering their cybersecurity infrastructure. Thank you, Jeffrey. The stage is yours. Thank you, everybody. Second here, let me get my things set up so I can see, okay, see people, I can see chat. Okay, so this talk is really around how the IT landscape has changed over the last two years from everyone sitting in the office to sitting wherever they're sitting, not necessarily in the office. What's impacted IT and as well as how that's affected our security primarily. So we'll just go through here. Next slide. All right, so who am I? So that introduction was great. I'm just going to kind of skip over some of this. Now, mainly for the IT sector, I specialize in virus malware and ransomware remediation. That's when you already have an infection, and you need to get rid of it. I work up in recovery and user support. I built computers from the ground up for years. I evaluate IT vendors, specifically as it relates to, you know, whatever project we have here at Intra Health going on, and customizing off the shelf hardware and software for specific use cases. I've been working around IT for 27 years in all areas of it. You know, from building computers at small shops like Intrex and things like that to large retail chains or solar computers and ran the the support area for Best Buy, large telecom providers that worked for Northel when they were still a thing. I supported their installers who were installing equipment inside of telecom companies. I've been with Intra Health for about five years again at all levels of IT support. And it supported me the luxury of working in 15 countries around the world that I physically visited to set up new offices and take down offices. So this group has a wide variety of nonprofits, and there is no one solution that's going to fit everybody because everybody has a different footprint everybody has a different set of attack vectors. So we're going to go over a lot of information. Please, I'm an off the cuff speaker. If you have a question, raise your hand type something in chat. I'm more than willing to stop and pivot to something specific if you have a question. Really, what changed in the IT environment. When we send everybody to work from home. The first thing that happened is, we could no longer trust that the person we're speaking to is the person we think we're speaking to at Intra Health. This has always been a problem simply because we're all over the world, and I haven't met everyone at the organization. But this is just kind of heightened for the US people who come to me directly for support. You know I used to know everyone in the Chapel Hill office, and now they're all working from home as we hire new employees. You know, they've never been to the office. So we have a real problem around trusting identity. We have a different footprint for security. Before, you know, everything was really in a central location, either, you know, hosted on site in a server room, or maybe all at a data center, but we knew where everything was and how people were accessing it. This is just information. Again, this is changed quite a bit. We used to have everything on file servers, and you can't really get to those file servers from home. There are ways to do it, but each way that you do it causes a different set of problems. You know, you used to have copiers and printers and video conference equipment, rooms all set up, and, you know, that's gone away. You know, we're doing the same things from home, but it's a different set of equipment. Communication. You know, one thing I don't miss is the telephone that used to sit on my desk. However, it's just moved to a different area. It now comes in on my cell phone through soft VoIP, and things like that. Collaboration has changed because instead of everyone going to a meeting room on collaborating, we're all on Zoom, we're on teams, we're on Google Meet or Skype Meet Now. There's all kinds of different ways to do that collaboration. And the biggest thing that has changed, at least from my end, since I am an end-user support person, how do you get help now when you have an IT issue? There's some things I can do. I can do most things remotely. However, there are problems that just cannot be solved unless you physically have hands-on equipment. So that's kind of the areas that I think have changed. So identity and trust. These are the different ways that IT people have traditionally authenticated a person as who they think they are. You know, when you're sitting in the office and everybody's on your domain, they're logging in with known credentials. And if you have a problem, you can go and generally find that person and say, hey, look, you know, what's going on? We've kind of transitioned some to Azure Active Directory where everyone is again logging in across the cloud. But again, that causes submissions. You know, what if someone's password gets compromised? And that person who may be logging in via Azure Active Directory may not be the person you think it is. They could be sending out loads of spam, you know, all at once, and you really have no insight into what's going on. There are ways to mitigate that. We're going to talk about some of those. There's lots of single sign-on platforms like OCTA where you authenticate with OCTA and then you're automatically authenticated on a host of different sites all at once. So Active Directory and Azure Directory are kind of Microsoft-focused. Open Directory is more for Linux-based users, Apple users, and a host of other places that are less Microsoft-focused. One of the big changes that we've seen is the move to multi-factor authentication for as many services as possible. This gives you some added security that the person you're talking to or the person who's authenticated is indeed the person that you think they are. Because it has to use a second form of authentication, typically done across your cell phone, but it can be even through email, which is a little bit more problematic. So if they can get to your email, they can get those multi-factor authentication things. Sometimes it's just as simple as typing in an additional code, come from a token, or if you're using an app, it just kind of rotates the codes. And then you have things like biometric security, fingerprints, face ID, or even if you're government, they also use, government still uses smart cards quite a bit as well. Security. So we've gone from an edge-based platform where we build up our security walls and then trust that everybody that's inside those walls is who they're supposed to be. With everybody no longer behind those walls, we have to pivot our security profile to account for that. So that means a lot more endpoint security, you know, making sure the laptops or desktop that they're using from home or wherever they are is also secure. We have to make sure that we're enforcing our security on those users. You know, antivirus, endpoint protection, endpoint detection and response, roaming DNS protection if you want that as well. So roaming DNS protection is more if you type in a web address in Google, is it going where you think it's going or is it being redirected to a bad site, where a lot of these products are offering that at the device level instead of trusting your corporate firewall to trust that where users are going or where they're supposed to be going. Access to, yes, I will speak some on VPNs and Tor as well. And even here on the slide you can see that's listed. And again, this is all ways to access information from anywhere in the world. So we used to go traditionally with file servers. Intra health has started to shift away from file servers for a variety of reasons. Into things like one drive G drive box drop box, SharePoint, even teams and Slack have some file hosting capabilities as well. One of the ways that we used to get people into file servers when they're home is to use a VPN. The main issue why intra health is transitioning away from VPNs is it opens up a security hole everyone that connects to the VPN looks like they're sitting in your network. But again, you can no longer walk to that person's desk and ensure that that's who it is, but you can use things like two factor authentication across VPN to get an additional layer of security. For or onion routers or those outfuscation based products, there's a couple of them out now are more towards the more advocacy based organizations where you really want to obscure who you are. And so that people and entities cannot pinpoint who is working who's going to show up to what rally the VPNs if you're using more of a public VPN where you're logging in and just making it look like you're logging in from a different location. So those are more for those grassroots organizations without a lot of central infrastructure, really to kind of help protect their users who may not be, you know, a formal employee of an organization. You're just trying to get information out but you also want to keep that information secure, as well as keep the people who are accessing it secure and safe. You know, intra health is kind of a health organization, and we do work in a couple of sensitive areas around sex workers or protection of same sex relationship people. And in some of the countries that we work, it is incredibly important that we keep the information about who we're servicing away from the government and the community, because it may be against the law there. It may be against social norms there. And really the people that we're providing services to can really be impacted so we have to really do a whole lot around that to make sure that, you know, when we're going to, you know, counsel these people about HIV, and these issues, that, you know, our client database doesn't get out. You know, if someone gets stopped by the police and they're carrying their work laptop. You know, and the police just take that laptop, we have to have policies and procedures to make sure that they cannot get the information that's on those on that equipment. And the other ways people are accessing information is self hosted. So that's more if you have servers in your facility or servers at a co location facility that people are accessing. You still need to make sure that that information is secure and accessible only to those people that you want to have access to it. So there's a new trend toward public hosting of software and services that would traditionally be self hosted. This would be things like using AWS, Amazon servers, or Azure services, you know, any of those big public clouds where you're putting your information there, and then securing it via web methods. And you'll hear no end of reports where someone misconfigured one of those services, and suddenly all of their information was then public and accessible. So it's really, you know, a trade off public hosting is great, because everybody can then access that from anywhere in the world with limited downside. But the thing is you have to make sure that your servers and services are configured correctly using industry standard norms to get that server secured. So a lot of times, you know, smaller organizations don't have an AWS or an Azure expert, and they've set up a server or service, and they missed one little key step, and all of their information is then accessible to a smart hacker, or, you know, researcher out there. So really, if you're using public hosted, it's worth it to have, you know, a third party evaluate your instance for these vulnerabilities, especially if you don't have a certified expert in it on staff. Next, access to equipment. I have a horrible problem now because Intra Health is hiring people remotely that are going to stay remote. You know, we've moved fully to embrace the hybrid environment. So, you know, we had to think about bring your own device. Are we going to allow people to use a device that they own to access our information. If not, we're going to have to purchase equipment and then ship it to them. You know, our shipping cost has gone through the roof. Because we are shipping expensive equipment, basically all over the United States now. They do. We do have some people who are still being hired locally, where we'll purchase the equipment and they will come to the office and meet me my team is the only team at Intra Health, who is still actively working from our office. Every single day. So we still have quite a bit of equipment that we're doing in this way. You know, my biggest example of that is we were doing a laptop refresh this year. You know, we ordered, you know, 50 laptops. I can't do that from home I can't have that those 50 laptops shipped to my apartment. It's not big enough. I needed the equipment to come to the office I needed the space in the office to be able to configure them and get them set up and ready to ship. I we do still have some staff occasionally coming into the office. And that are able to work from the office on a on a limited basis the Intra Health Office is not fully open, but we're allowing up to eight staff to work from the office on any given day or time. So one of the ways that we at Intra Health are able to quickly respond and get issues fixed and resolved as we maintain a very few model of laptops so that we can swap stuff out quickly. You know, if a laptop is having a hard drive issue. We can ship that user a whole new computer. That's exactly the same as what they're using, and just load it with their software and data, and then get that, you know, equipment back. But that's another reason why bring your own device is more challenging for it departments, because we have to have a wider knowledge base of issues that are going on. Because, you know, they could be using anything at home, and it could be something specific to just their make of laptop or just their make of printer, there were a lot of printer issues over the last year, where they tried to solve a problem, and then they broke a bunch of printers and their ability and people's ability to print. So again, that's kind of a trade off. Another thing that has sprung up over the last few years is hardware as a service where, you know, you're no longer owning the laptops. It's not exactly leasing. It's more, you know, renting of laptops and equipment. And that you've got a wider base for getting issues resolved. So instead of, you know, sending it back to the corporate office to get fixed, you could maybe depending upon where you're getting your hardware as a service, have that equipment maintained by a central retailer so to speak, as they can, you know, ship loan or equipment out as needed to get some of these issues resolved. So I'm looking here and someone has asked, are you someone you know a subject matter expert on NP tech topic. What is NP tech, can someone explain. This is me. Yes, just to call out for future presenters. Thank you. Okay, I got you. Mark Hutchinson does have a question for you related to the previous slide. How do you deal with government officials that don't understand security or how things work. What is the example of a Missouri governor that threatened to journalists who reported a data visibility problem after doing a page source search. That is an excellent question with not a real answer. There are a lot of there's a lot of that going on. There's a lot of government overreach, where you kind of have to. I don't say initially comply or go to jail. But that's actually happened. Now Sudan we've had government officials who of course wanted this information about sex workers and same sex people that you know we had. The only real answer is to lawyer up and get legal advice for wherever you're at. Know what the government is capable of doing capable of forcing, and you have to push back use advocacy organizations. To make your case. And by all means if you can before you receive the, the gag orders. Get the information out that this is what the government is asking you to do. Public outcry is your best defense, but you have to make sure that you have not received that gag order first. So like I said there's not a good thing to do. The government is very very powerful, but they are not everything, at least not in the United States and some of our countries maybe, but in the United States we have strong legal protections. And you have the ability to fight back, you just have to make sure that one you're completely in the right. You've got law on your side, you've got public opinion on your side, and you've got lawyers and organizations willing to back up your claims. I hope that answered pretty well. As it relates to communications. We've switched. We've switched modes really. We now communicating heavily on teams slack phones have relatively gone away, even when I had a phone on my desk. The only calls I were getting were, you know, vendor calls where they're trying to sell me additional stuff, or white paper calls where they want to send me additional information to read about, you know, whatever topic they have. The phones are still vitally important. I don't think that we're to the point where we can run organizations without phone numbers. So what we did was we transitioned away from off of our PBX, and we are using teams integrated phone, but there's a bunch of different platforms out there that are basically soft phones where the phone lives on your computer. It lives on your cell phone it lives wherever you have the app installed and can sign into it. So that's kind of where phones are going because when we sent everyone home, their phone stayed at the office. So all of their business cards were basically useless. So by transitioning where those phones live and how people access them. We were able to, you know, get those calls going through. And believe it or not, I actually. So it took us about six months to transition away from our telephones. And staff got used to having no phone calls. And they were actually upset with me for enabling them to receive phone calls again so that is something that you do need to watch out for. So we also communicate quite a bit still across email. One of the things that we noticed though is from an HR standpoint, we can't really maintain phone lists at the IT level. At least not at intra health. So we needed emergency contact methods where if something was going on. For example, a couple years ago we dealt with a ransomware attack and our email servers were just not functional. How else can we get emergency information out to everyone when email doesn't work. There's a number of services that have popped up that do exactly that. There are more apps that you install on your people's computer that they would then know that if it comes from this app, and it looks like this exactly. Then it is official information that's being distributed. You know, of course, you know, between bosses and employees, you know, we generally have cell phone numbers for staff members. But as far as a whole, you know, send a message to everybody at intra health about an issue that we're having. We really needed another way to contact people. Teams has helped because everybody has teams so we can, you know, send information out that way. We actually have a global team team where, you know, just a few people can actually type in that team and everyone else is just kind of reading information. So that's one way that we send out these big broad messages when email is not an available option. And then of course, we've got things like zoom, blue jeans, WebEx, Google Meet, Skype Meet Now, Join.Me, there's a whole host of these kind of video and audio collaboration platforms depending upon your budget and needs. We started on blue jeans, we moved to zoom. Now we're doing most of ours on teams. But it's all about who your audience is, which method is best to use. And then we have collaboration which is a lot of the same stuff that I've already gone over so I'm just going to kind of skip this slide. This is really something that I've touched on as well. You know, how can you get help when you have a problem what your IT helped us people able to do, and how are they doing it. So, at IntraHealth we have a platform that we use Kaseya. They were in the news, a couple months ago, with a major supply chain hack. So that's an issue and something that you have to think about is when you're put everybody on one platform and that platform is powerful enough. You have to really, really, really secure that platform, so that if somebody gets in, they're not able to do whatever they want maliciously to all of your equipment at once with very little effort. So, most of the time, if someone has an issue, if they can get their computer online, I can fix it. There's very few things that I can't fix. If the computer will boot up and get online, I can't fix remotely. However, there's a lot of things that can happen that can prevent you from getting online that can prevent you from powering up. And when these things happen, you have to have a plan. If they're close enough to come into the office, I bring them into the office. I get them fixed, I get them into a loaner, and I send them on the way. If they're remotely, I'll prep a loaner, I'll send it to them, I will have them use that box then to send their equipment back. I'll repair that equipment and then it becomes a part of the loaner pool, just so that I can get them back up and running quickly. Because, you know, typically, you know, if someone called me up today and their laptop just won't do anything, I can get a laptop prepped and shipped inside of two days. It just depends on when they called me and said, hey, I have this huge enormous problem. And then we have to think about, you know, how are we provisioning new staff. You know, there's an additional issue going on with the global chip shortage, where I can't just go out and buy a laptop. I said we really control our model numbers so that we just have a few, we've had to open that up a little bit so we have a few more models now, simply to have the flexibility of being able to purchase new equipment, because the supply globally is very, very limited when I order those 50 new laptops earlier this year, it took them four months to arrive, and now it's closer to six months. So you really have to kind of plan ahead. If you've got any big initiatives coming. If you've got a fleet of old laptops or desktops that you're going to look to refresh before 2023 plan very, very far ahead. Get your order in. Be aware that suppliers are no longer able to guarantee prices. When you preorder HP specifically have told the suppliers, look, give our cost go up after you order. When we go to fulfill that order we're going to charge you the new price. So mark is asked, do you do background checks for hard drive health for your users laptops and desktops. That's part of our cassia platform. We can perform those checks and have it report back to us. This will report information on how full is their hard drive, whether or not spart errors are being detected and general file system checks. The next time they reboot. We can schedule all of that stuff within to say, and then go back and look at the reports or it will flag alerts for us if someone's computer is having hard drive issues. One other thing that we've done specifically at intra health is around equipment hygiene. When we're getting equipment in. We sanitize the equipment before we touch it. And then when we give it back to our staff, we again we sanitize the equipment. You do have to be kind of careful with screens, because they screens don't like solvents on them. They don't like disinfectants on them. Yes, there are ways to even clean your keyboard. They have the UV light boxes that you can put electronic equipment in, leave it in there for five to 10 minutes. And then everything, you know, on every surface of that equipment has then been sanitized for germs and stuff like that so that we can help stop the preventive COVID or flu or whatever. New nastiness is coming around, but it is something to think about, you know, you're handling someone else's equipment. You know, you may do everything that you can to prevent yourself from getting sick and not know about an issue for the last thing you want to do is fix a person's computer give it to them, and then discover you had COVID and didn't sanitize their equipment. So, you know, that's real important to think about now during a pandemic and working from home. So this is some information around the types of services that are out there now, more from an IT security standpoint, antivirus anti malware which is more your traditional antivirus software. And they've upped that now to endpoint protection, which adds some browser protection and more sure stick base protection for types of activity, rather than just does this file match this known bad piece of software. And then they've upped the game some to endpoint protection and response. This has more behavior based protection, and the ability to do a lot more. One of the problems with antivirus and endpoint protection is, it's very good at stopping threats. But if a threat gets through, it's not very good at cleaning up behind an actual active infection where endpoint protection and response gives you a whole host of tools. At Intra Health, we've had this long standing problem where we know a computer got infected, we know what it's infected with, we know what it's doing. Getting that user to get back to us so that we can get it fixed has always been a problem. Detection and response allows us to do things to that user's computer outside of the infection that can help one alert the user to prevent the user from using that computer prevent the infection from spreading and force them to contact support, we can completely lock them out of their own computer. Using endpoint protection and response, we can stop it from writing to the hard drive so if they've got some kind of ransomware and we catch it early, we can prevent that from doing any additional damage. We can disconnect that computer from the internet, and in this work remotely environment that's essential that everyone have internet, they're going to be calling you, because they cannot get online anymore with their laptop. Like I said in extreme cases of network aware ransomware, we can just completely lock and send a message up on the screen, you must contact help desk before you can use your computer again, call this number. Reach out to us on teams use a cell phone, some other method but we now with the protection and response can do something about these infections that are being reported to us. The next step up would be live monitoring live monitoring is extremely expensive and really more for infrastructure based things. So if you've got your server room or your co location facility. And you don't have a dedicated IT security person looking at those servers and making sure that they're not compromised that they're configured correctly. And that they're not doing anything that should not be done. So then advanced live monitoring maybe for you, where they just kind of monitor everything, and then they will just pick up a phone and call you and say, Hey, look, this is your monitoring service. We've got this going on. We've prevented it. What would you like to do. And here are some options so it's more outsourcing of your security, but for some large organizations or organizations with limited IT support, it can be essential. My favorite thing is user training platforms. The 1% of all new infections are being reported as coming from an end user who did something, click something went somewhere and cause the infection to start. Training platforms can train them how to identify all of these things that, you know, these malicious actors are doing the update their training platforms regularly. One thing I like to do is we actually test our users, we send them spam, we send them very good spam. It's like it came from us and say, Okay, did you check did you check to see where it came from. Did you check and see, you know, exactly what's going on to verify this email to verify this web address before you click on it. And so that they know, and if they click on it. I roll them in more training, and they will just keep getting mandatory training until they learn to suspect everything. If I send them an email from help desk instead of from my main intro health account. I know that they should be asking me, did you really said not, is this real do I have to do that. And I'm perfectly okay with that I have no problem with any of my users, asking me, hey, is this legitimate before they do something. So it's a little bit work on my end, but it's much better to prevent these infections before they begin, and that all starts with end user training. So certification problems in the past few weeks. No. So we have not had any certification problems so I'm assuming you're talking about web certs or server certs. Those are typically if there's an issue that's not specific to your servers it may be to your certificate authority. So, for example, a couple years ago. There was a certificate authority that was just handing out certs to everybody without necessarily verify who they were giving those certificates to those will cause my widespread outages. And most of the other times, it's really related to either DNS changes where you have changed where something live, and it hasn't caught up and propagated to all the DNS servers around the world we will see issues around that sometimes. But most of the times it's we get those errors when we switch a certificate. So the certificates always have expiration dates on them. So you'll have to change certificates every six months every year every three years, but there's always an end date to it. So you will end up with certificate errors. So you're going throughout the system when you switch those certificates, but generally speaking I haven't had any reports of widespread certificate issues. Web browsers themselves have made some changes to what they accept and the ability to access servers without certificates. Sorry about that. My lunch order evidently didn't go through and they're trying to ask me what to do about it. So those are really the things that happen around certs. So, browsers for no longer let you go to an HTTP, an HTTP site, they want you to go to an HTTPS site. And if you have to go to an HTTP site, they make you jump through a whole bunch of hoops to get to that site. So that's really where sites are being forced to be secure and have web certificates, so that you can be assured that where you're going is where you think you're going. But again, that's at the browser level, not necessarily around anything specific that you're doing. So we also have remote control software. And there's some do's and do's around that. And then the step up from that is remote administration software, which can be very good and helpful if you're working with large fleets of laptops that are all over the world or even if they're just you know, all in the same thing, it helps you keep the software up to date. It helps you push software out to your users from a central location, rather than having to manually install it on everyone's computers. And there's some do's and don'ts around that smaller organizations are more likely to be using MSPs managed service providers, where they have outsourced their help desk and things like that to a third organization. And you really need to evaluate those organizations and know what they're using. Like I said, there's been several high profile hacks of the software that these MSPs are using. Like our Kaseya, where the actors are getting into that software, and then taking over and pushing whatever software that they want out to whole users whole organizations, and the MSPs are very attractive targets. So instead of, you know, getting a ransom from one organization, you can put the ransomware on the MSP. The MSP pushes it to all of its clients, and then you can charge the MSP a larger amount of money. And you can charge all of the individual organizations that rely on that MSP information. So it's double dipping and generally a huge mess. So you need to know what the MSP is using so that you can watch out for these alerts when these large supply chain hacks are going on. And ultimately, we weren't kind of affected by the Kaseya hack because we were using their cloud version, instead of their self hosted version. But those organizations really had a bad few weeks I've been through ransomware infections and no one in IT sleeps until everything is back up and running. So you really need to know what your organization, what their organization is using, what protections they have, what protocols they have in place, and you know what their emergency plan is, because really it's not a matter of when you're going to get infected, it's a matter of when it is going to happen. It's going to happen to every organization at some time. So you need to have a plan. And by all means, if you have servers, if you have fleets of equipment that you own, get cyber insurance. It's essential in today's environment that your organization is not going to have to foot the entire bill to clean up an infection of any kind. It's just super important, you know, it. I believe when intra health got affected they said, our cleanup efforts was somewhere around a quarter of a million dollars. With our cyber insurance, we ended up paying about 15,000 of that. It's that important that you have it, and it's available to you should something happen. I'm sorry to interrupt we're at five minute mark. Okay, no problem I can actually stop here and if you have any questions, let me just go here. Questions and follow up on, you know, available to answer questions after this meeting. Please, you know, use me as a resource. I've got all my information here and available should you need it. I will turn it back over to you. Thank you so much Jeffrey. Does anyone have any questions and we'll open it up to the panel. Feel free to unmute yourself and ask away. While we're waiting for that one thing I did want to highlight is we are seeing a huge bump in email spam that is highly targeted. This is what we're seeing. This is an email that came in. It looks like it came from intro health AP, but if you look at the email address, it's not an intro health email address. You can look and see that they have flagged this email that it's already been approved by intro health safe senders list. We don't tag our emails that way. And the other thing that they do now. Intro health is kind of a bigger target because we do have health in our name, even though we are not a specific healthcare company, they have stolen our logo and put it inside this email. And we're seeing a lot of this across all of our stuff it's getting sent to everyone. This is our organization at all levels. We've gone through additional pains to protect our high value targets anyone at the C suite level. Intro health staff are not able to receive email from them if, or anything that pretends to be them. If, if it doesn't come from their official intro health email address directly from our servers. We just kind of blank it out we've got a lot of attempts where the, it appears to come from the CEO, and you know they're asking for us to go and get, you know, gift cards and things like that. If someone is unmuted you have a question. Yeah, this is Mark. Thank you for answering my questions earlier. For, for an organization like yours. I'm, I'm kind of surprised that email that that such fishing and spam email wouldn't be caught by some automated process within your, your exchange so I don't know what what your email servers are like who. So we have three levels of protection. The problem is these emails rotate in such a way where we can filter them completely without blocking real email. And the problem that we have is the email that's getting blocked when we really push the bar up on those spam protections is it starts affecting our donors we stop getting email from USA ID, or the WHO these places and that we just have to do business with. So there's always going to be some level of spam. We do block, let's say 90% of it. And this email that I'm showing here is actually was actually blocked it never made it to the intended users. I just wanted to highlight it so that you guys know it can see exactly how targeted these emails can be to to just show an example. Thank you, Jeffrey. I also added a link here. There was a recent McKinsey study on the increase in fishing attacks. Jeffrey is absolutely right. There's been a 600% increase across all factors. Because of the pandemic, these threat actors are seeing this across the board, and they're targeting, especially like Jeffrey said with the hell. Mark, thank you for that question. We are closing up the session we're at the end of the session of course Jeffrey is agreed to to be around for a few more minutes if you have additional questions or would like to pop offline. I just wanted to give just a reminder and just say first, thank you all so much for attending today's session. Again, please share your applause and your congratulations to Jeffrey for sharing his extensive knowledge with us on cybersecurity practices Jeffrey we appreciate you so much. Our next NC tech for good meeting will be held November 18 at 2pm Eastern, and in that session will explore creativity and resilience in the age of uncertainty. Our speaker here, Juan will provide insight on mindfulness practices that nonprofit techies can use to help us better navigate the new reality of hybrid and remote work. So please sign up for our future events at events.techsuit.org. Again, thank you Jeffrey and feel free anyone who would like to stay after please feel free to talk and Jeffrey whenever you're ready to cut out just let me know. Thank you. Still recording. It's still recording now if you'd like to talk offline amongst yourselves that's fine.