Speaker Session Resources
Cybersecurity & The Human Firewall
Thank you for visiting this web page which has been designed specifically for you as a member (or a guest) of Vistage.
These are the things that I signposted for you in my recent group session which you attended.
If you would like me to present any of the content to your team let me know, there are several options that work really well.
In the following information, I have included references to documents, videos and resources which should help you deal with the subject of cybersecurity and the human firewall within your organisation. I hope that it is helpful and would welcome feedback with ideas and requests for additional material.
Thank you once again for your participation and interest.
Warmest wishes Rob.
How do you stay up-to-date?
Sign-up to my free weekly email
Every day I share the lastest technology, cybersecurity news and scams on my Twitter feed @robmay70. On a Friday morning I collate these and share them in an e-newsletter format.
Enter your email address and choose subscribe in the button below to automatically receive the weekly summary (you can unsubscribe at any time).
It's a great way to get an overview as to what is happening in the business and cyber world.
Videos to share with your staff
Data to Go
The Coffee Shop - produced by cifas
You're more at risk of identity fraud than you think. Sharing personal details like your date of birth, address and phone number can make you vulnerable. Don't make it easy for identity fraudsters. Start by setting your privacy settings. This video made by cifas can be viewed below and is also available via www.identityfraud.org.uk
We're All Porn Stars!
TEDx Woking - November 2017
This is the video of my TEDx Talk on the humanfirewall. I also include a clip of the 'data to go' video within the talk.
You can get copies of the accompanying book for your staff here.
Jimmy Kimmel Live!
What is your password? (it's had 9 million views)
President Obama had just unveiled a number of proposals to crack down on hackers. The Jimmy Kimmel show in the States said "It's great that the government is working on this but we need to do a better job of protecting ourselves. So we sent a camera out onto Hollywood Boulevard to help people by asking them to tell us their password". Watch what happens!
What would a cyber attack look like in the real world?
This is a brilliant video released by Hiscox in conjuntion with Brompton Bicycles which shows what a cyberattack might look like in the real world. It's very clever and thought provoking.
Encryption of any device is encouraged as best parctice and under GDPR it is advisable to reduce your reporting responsibilities.
This is a great artice which discusses how you encrypt all your devices (PC's, Macs, iPhones or Android devices) you can find all the info you need here or click the button below.
LastPass from Logmein
The last complicated password you'll ever need to remember...
LastPass is a freemium password management service that stores encrypted passwords in private accounts. LastPass is standard with a web interface, but also includes plugins for many web browsers and apps for many smartphones. I use this and recommend it to my clients. You can get a free Premium trial here.
Are Password Managers a good idea?
What the NCSC has to say about password managers/vaults.
People keep asking the NCSC if it's OK for them to use password managers (sometimes called password vaults). Who and how should people use them? Is it safe to put all your crucial passwords into a password manager, and forget trying to remember any at all? This is a useful article if you want to hear their thoughts to back up what I said.
Responding to and planning for a data breach
cyber incident response plan
If you're the leader of your business you should know how strong its defences are.
A recent PwC report found that only 37% of the 6000 respondents had a cyber incident response plan. That means that should a cyber crisis arrive, only four in ten companies have personnel that are “fully trained” to act as first responders, of those PwC found that the overwhelming majority (73%) are IT security staff.
If you haven’t got a plan this checklist should help you prepare and give you a useful framework.
Responding to a data breach
This is a sample response plan.
It's important that as an organisation you have a response plan for a data breach, you also need to test it and document those tests (just as you would with your Business Continuity or Disaster Recovery plans).
External due diligence
Planning for a cyber data breach.
I thought it would also be useful to share with you some of the main steps external due diligence would go through if helping you prepare.
9 Key Questions for the board
9 key questions for CEOs and boards
9 steps to avoid ransomware
prevention comes first...
1.Keep your Operating System and antivirus up-to-date.
2.Regularly back-up your files.
3.Enable file history or system protection.
4.Beware of phishing emails, spams, and clicking malicious attachment.
5.Disable the loading of macros in your Office programs.
6.Disable your Remote Desktop feature whenever possible.
7.Use two factor authentication.
8.Use a safe and password-protected internet connection.
9.Avoid browsing websites that are known for being malware breeding grounds (illegal download sites, sites with unsavoury content, etc.).
The SOCIAL cybersecurity model
A really useful acronym for discussing with your humanfirewall.
Security Minded - everyone has their part to play
Organised - includes clean desks and tidy work places
Conscientious - slow down and be mindful of the actions we take
Inquisitive - ask before you act
Active - encourage prompt disclosure when something goes wrong
Level headed - educate how to respond with calmness
my top 5 (or 6!) tips
1. train staff (keep records)(use my TED Talk as a free starter)2. get/keep cyber on your board agenda3. create/share/test your cyber-response plan4. book a penetration test (including social)5. gain cyber-essentials accreditation6. add external email notification to mail
Glossary of acronyms and abbreviations
I work very hard on never using jargon but some abbreviations or acronyms are unavoidable, this brief guide hopefully clarifies any questions that have arisen but if I've missed anything please do let me know and I'll update the graphic accordingly.
Thank you for your help!
GDPR - General Data Protection Regulation
Getting ready for the GDPR
ICO produced tools and resources to help you get ready.
The Data Protection law changed on 25 May 2018 and organisations need to now comply with the General Data Protection Regulation (GDPR). The ICO has produced a package of tools and resources to help comply. These resources include the following:
GDPR - 25 May 2018
What should we be doing?
Why does GDPR matter? What things should you be doing in different departments right now so as to comply with the GDPR. I created this 6 minute animation as a good guide to show to your leadership team to help understanding and company wide buy-in.
Do you need a DPO?
Read the full guidance from the ICO here: DPO
In brief, under the GDPR, you must appoint a DPO if you:
Does Office 365 Help with GDPR?
Visit the Microsoft Trust Centre
Details on how Microsoft Trusted Cloud solutions can help your GDPR compliance journey.
National Cyber Security Centre Resources
National Cyber Security Centre
a part of GCHQ
The NCSC produce and provide great guidance on how to improve cyber security within your organisation - here is a pick of some of those documents which I think you will find useful.
Cyber Security: Small Business Guide
How to improve cyber security within your organisation - quickly, easily and at low cost.
Cyber security needn't be a daunting challenge for small business owners. Following the five quick and easy steps outlined in the guide below could save time, money and even your business’ reputation. This guide can’t guarantee protection from all types of cyber attack, but the steps outlined below can significantly reduce the chances of your business becoming a victim of cyber crime.
Cyber Security Small Business Guide
This file may not be suitable for users of assistive technology.
Small Business Guide Infographic
A summary of low cost, simple techniques that can improve cyber security within your organisation.
10 Steps to Cyber Security
Guidance on how organisations can protect themselves in cyberspace, including the 10 steps to cyber security.
This guidance is designed for organisations looking to protect themselves in cyberspace. The 10 Steps to Cyber Security was originally published in 2012 and is now used by a majority of the FTSE350.
10 Steps To Cyber Security
NSCS Infographic on the 10 Steps To Cyber Security.
An effective approach to cyber security starts with establishing an effective organisational risk management regime as illustrated in this diagram.
Common cyber attacks at-a-glance
NSCS Infographic on common cyber attacks at-a-glance.
This infographic summarises the security controls you can apply to reduce your organisation’s exposure to a successful cyber attack.
10 Steps Board Level Responsibility
Why protecting your information is a board-level responsibility.
A useful NCSC guide to key questions for CEOs and boards.
More 10 Steps Resourses
These additional NCSC 10 Step Guides are a really useful resource.
10 Steps: Risk Management Regime
10 Steps: Secure Configuration
10 Steps: Network Security
10 Steps: Managing User Privileges
10 Steps: Users Education and Awareness
10 Steps: Incident Management
10 Steps: Malware Prevention
10 Steps: Monitoring
10 Steps: Removable Media
10 Steps: Home & Mobile Working
How can ramsac help me with cybersecurity?
ramsac’s cybersecurity solutions
I make a point of never selling at any presentation I'm engaged to deliver. On that day I'm there as a professional speaker and a subject expert, however a number of you have asked me how my business ramsac can help you when it comes to Cybersecurity hence this inclusion.
ramsac has a wide range of services to help organisations to improve their cybersecurity, these can be used as standalone solutions or in combination with each other for the ultimate protection against cybercrime. All solutions are updated regularly to include the latest cybercrime techniques and scams.
The services include:
For more information on ramsac’s cybersecurity solutions and how you can get your organisation protected, contact ramsac on +44 (0)1483 412 040 or email email@example.com.
So, where do I get my shirts?
The one question that always amuses me at the Q&A session is where do I get my shirts? So I've decided to include a link to my two favourite sources!
For the truly unique visit 1 like no other or for equally different shirts on a lower budget try Joe Browns - enjoy!
Feedback & thoughts
If you want to send Rob a message or give him feedback on the workshop and resources please do so here:
© 2019 Rob May - Thought Provoked. All rights reserved.