 Welcome to another special episode of Door Hardware Nerds. Today, we have a very special guest in celebration of Cyber Security Awareness Month, which is the month of October. We have our Director of Cyber and Information Security on with us. Now, what a lot of people don't know is that Richard and I have a Teams chat that we send each other different cyber means and LinkedIn posts that we find are funny dealing with cyber security. We thought we'd pull this episode together and share a little bit of what we're laughing at so you can laugh with us and learn a little bit as we go. I mean, that's part of why we do this channels to better our education and knowledge in security as a whole. I feel like with cybersecurity and physical security are just converging more and more. It's becoming more just about security, right? You can have the best physical security in the world, but if your cybersecurity stinks, then you're still getting that ransomware and vice versa. Exactly this way. Well, Richard, I'm so glad to have you on the show. Welcome. Why don't you hop on, say hello, introduce yourself and tell us a little bit about what you do for Ossobloy. Absolutely. And thanks for the invite. By name again, like you said, Richard Wilford, I am the Information Security Officer for the America's Division at Ossobloy. My responsibility is to protect us from all of those things that you just said are all of those cyber threat actors out there trying to get on to our network and stop what we're trying to do. And that's securing people and making sure that our door hardware is the best in the industry. So that's kind of what I'm here to do. Nice. And I've always been curious and I probably might have asked you this question before, what is it like being a cybersecurity professional for a security company? Because a little inception there, right? Yeah, I think it's an interesting point, right? Because what we produce is necessarily a cybersecurity product, so to speak, but it's really integrated into our products, right? Whether those are smart products or other things. I will say I have no boring days. I always have a lot going on. And it certainly is really a part of the sacred trust, I think, with our customers, right? That we have cybersecurity built in. And so it's an important part of what we provide to our industry and certainly to our business internally. So I really love what I do. Actually, I'd say thank God it's Monday, which most people don't say when they're coming into work. But I really do enjoy what I get to do. Awesome. I'm excited to have you on this special episode. So how the episode is going to work out just to give everyone a frame of mind of what's going to happen. I'm going to share my screen with the different cybersecurity fails, whether that's a picture or meme or something like that. We're going to react to it. And then Richard here is going to share some helpful tips to help us keep a little bit more secure for next time when we run into some of these. And we'll go from there. How does that sound, Richard? You ready? Sounds good to me. I'm not sure I'm ready, but we're going to find out soon enough. Oh, my goodness. Yeah, everything about this is what keeps me employed. This is absolutely the equivalent of leaving your key underneath a mat with the holes that the attacker can see. That's the fun part. It's strange to think that the most common password is still password. So this resonates really well with me and keeps me up at night. That's a problem, right? That's a problem. I thought we started off with somewhat of a door fell slash cybersecurity fell at the same time, right? And it really feels that way, right? I can tell you an attacker is going to try admin-admin first, right? Or admin-password or admin-pass. Password security is critical to protecting your data. And when you don't have good password hygiene, you're just opening yourself up to all kinds of attacks. It would be like getting an incredible door lock and never locking it. Yeah, right? Yeah, so the door's not open. It's closed. But to be honest, all they have to do is turn the knob and push, and it comes right open. So certainly not the best idea. Do you have something important to protect? That's a great analogy, especially for this channel. That's a fantastic analogy right there. Yeah, I've learned something in my few years working in the door hardware and door design company that we do, so it's kind of fun. And we are big on puns, as I'm sure you are well aware. Puns and acronyms. Too many acronyms for everything. Oh, my goodness, yes. And you have a great fraternity with security. We have tons of acronyms that only we understand. I'm pretty sure. So that's how it works. OK, are you ready for the next one? I'm bracing myself. Let's hope that it's OK. This is great. I'm sorry. This is so fantastic. So it's funny. I was on a phone call with a real information security officer who said, oh, if we put in two passwords, then that's multi-factor. And I'm like, yeah, that's not how that works. So it's important to realize that factors mean something different. So in this case, opening the container and having the exact same opening is just not two-factor authentication. Two-factor authentication requires that it's something we know, something we are, or something we have. And we have to mix up those factors to ensure that we have security. As you can imagine, you're going to get to what's inside this by doing the exact same maneuver and defeating that first container opening in the exact same way that you're going to do the same for the one under it. So yeah, this is just two single-factor communications. It's really what we've got going on in this particular example. I love this meme. This is great. This is just like you have a storm door in front of your door that's unlocked, right? Like it's just like, okay. And it's also unlocked. So you just lift it and you're like, oh, look, the door's open. Fantastic. So not super secure. It's important to remember that having multi-factor authentication does in fact require multiple factors. That's kind of the key to making that work. Nice. I love it. Okay, next one. Oh, I love this cookie monster in the background. Oh my goodness. It's so incredibly funny. You've ever had this scenario where you're talking in your living room and then you go to your computer and there's an ad about what you were talking about. You're just like, wait a minute. How was that possible, right? How did they know I wanted to go on that trip to Hawaii? It's amazing how connected the cookie farms are in the background and how much data they're collecting about us. And when we do accept that, yeah, sure. I agree to the cookies. They are able to gather a lot more data than you think, including kind of the places you visited really across the entire landscape of what your system's gone to. Maybe they don't know it's specifically Richard, but they're like, yeah, you're a middle-aged guy. You probably live here. You might have some kids. And so what we want to market to you is this particular thing. And they're pretty good about aligning all of those areas. But it does feel like, and it's funny because I had these conversations with my family. They're like, yeah, it's already out there. All my stuff's already out there. I mean, like, what am I really protecting? I think it just makes a lot of sense for us to pay attention to those sites and really only share data when we want to, right? Like when we really feel like we have a legitimate interest in the product because it is giving away information about ourselves. Yes. And with information, there's liability. There's vulnerability. That's absolutely true. Okay, next one. So in my job, one of the things that we talk about is this concept of resilience, right? In the event of a cyber attack, which really happened quite frequently, as you can tell in the news, you're like, what are we going to do in the eventuality that an attack happens? And breaking the glass and pulling the cables is probably going to be something that happens in real life, but certainly not the way you draw the play up, right? This is not the ideal kind of scenario. You really do in fact have to have a better strategy than that. Hopefully you have good backups. You've been thinking about how you segment your network and you've got the good stuff as protected as possible. This is a strategy, boy, this is not a good strategy. It's definitely the worst case scenario. And again, when you really think about how quickly electronic communications transfer, pulling cables is not fast enough, right? That's just the reality. It's like having the AI attack you, it's going to be faster than you can respond to it. So I don't know that this is an effective strategy, but certainly I am sure that over the history of cyber attacks, I can absolutely see people pulling cables in doing exactly this activity in real life. And they're like, no, no, no, no, no. No, please, anything but this. Yeah, please, yeah, just pull the cable. I mean, I've heard it more often than not. Appreciate your time. And I don't know, maybe we'll have to do another one of these. If people like them, comment below and give us your top takeaway or something like that. Sounds good. And thank you so much for inviting me and this is a pleasure and I'd be happy to do it again.