• Speaker Session Resources

    VISTAGE

    Cybersecurity & The Human Firewall

    Thank you for visiting this web page which has been designed specifically for you as a member (or a guest) of Vistage.

    These are the things that I signposted for you in my recent group session which you attended.

    If you would like me to present any of the content to your team let me know, there are several options that work really well.

    In the following information, I have included references to documents, videos and resources which should help you deal with the subject of cybersecurity and the human firewall within your organisation. I hope that it is helpful and would welcome feedback with ideas and requests for additional material.

    Thank you once again for your participation and interest.

    Warmest wishes Rob.

    The book of the TEDx Talk suitable for any audience
    The original book of the TEDx Talk

    How do you stay up-to-date?

    Sign-up to my free weekly email

    Every day I share the lastest technology, cybersecurity news and scams on my Twitter feed @robmay70. On a Friday morning I collate these and share them in an e-newsletter format.

     

    Enter your email address and choose subscribe in the button below to automatically receive the weekly summary (you can unsubscribe at any time).

     

    It's a great way to get an overview as to what is happening in the business and cyber world.

    Videos to share with your staff

    Data to Go

    The Coffee Shop - produced by cifas

    You're more at risk of identity fraud than you think. Sharing personal details like your date of birth, address and phone number can make you vulnerable. Don't make it easy for identity fraudsters. Start by setting your privacy settings. This video made by cifas can be viewed below and is also available via www.identityfraud.org.uk 

    We're All Porn Stars!

    TEDx Woking - November 2017

    This is the video of my TEDx Talk on the humanfirewall. I also include a clip of the 'data to go' video within the talk.

     

    You can get copies of the accompanying book for your staff here.

    Jimmy Kimmel Live!

    What is your password? (it's had 9 million views)

    President Obama had just unveiled a number of proposals to crack down on hackers. The Jimmy Kimmel show in the States said "It's great that the government is working on this but we need to do a better job of protecting ourselves. So we sent a camera out onto Hollywood Boulevard to help people by asking them to tell us their password". Watch what happens!

    What would a cyber attack look like in the real world?

    Hiscox Insurance

    This is a brilliant video released by Hiscox in conjuntion with Brompton Bicycles which shows what a cyberattack might look like in the real world. It's very clever and thought provoking.

    Encryption

    Encryption of any device is encouraged as best parctice and under GDPR it is advisable to reduce your reporting responsibilities.

    This is a great artice which discusses how you encrypt all your devices (PC's, Macs, iPhones or Android devices) you can find all the info you need here or click the button below.

    Password Management

    Click here for a free trail

    LastPass from Logmein

    The last complicated password you'll ever need to remember...

    LastPass is a freemium password management service that stores encrypted passwords in private accounts. LastPass is standard with a web interface, but also includes plugins for many web browsers and apps for many smartphones. I use this and recommend it to my clients. You can get a free Premium trial here.

    Click here for a free trail

    Are Password Managers a good idea?

    What the NCSC has to say about password managers/vaults.

    People keep asking the NCSC if it's OK for them to use password managers (sometimes called password vaults). Who and how should people use them? Is it safe to put all your crucial passwords into a password manager, and forget trying to remember any at all? This is a useful article if you want to hear their thoughts to back up what I said.

    ncsc.gov.uk-what-does-ncsc-think-about-password-managers

    Responding to and planning for a data breach

    cyber incident response plan

    If you're the leader of your business you should know how strong its defences are.

    A recent PwC report found that only 37% of the 6000 respondents had a cyber incident response plan. That means that should a cyber crisis arrive, only four in ten companies have personnel that are “fully trained” to act as first responders, of those PwC found that the overwhelming majority (73%) are IT security staff.

    If you haven’t got a plan this checklist should help you prepare and give you a useful framework.

    Responding to a data breach

    This is a sample response plan.

    It's important that as an organisation you have a response plan for a data breach, you also need to test it and document those tests (just as you would with your Business Continuity or Disaster Recovery plans).

    External due diligence

    Planning for a cyber data breach.

    I thought it would also be useful to share with you some of the main steps external due diligence would go through if helping you prepare.

    9 Key Questions for the board

    9 key questions for CEOs and boards

    • How confident are we that our company’s most important information is being properly managed and is safe from cyber threats?
    • Are we clear that the Board are likely to be key targets?
    • Do we have a full and accurate picture of:
      • the impact on our company’s reputation?
      • the impact on the business?
    • Do we receive regular information from IT on who may be targeting our company, their methods and their motivations?
    • Do we encourage our technical staff to enter into information-sharing exchanges with other companies to learn from others and help identify emerging threats?
    • Are all staff receiving on-going regular cybersecurity training and awareness?
    • Are we confident we've identified our key information assets and thoroughly assessed their vulnerability to attack?
    • Has responsibility for the cyber risk has been allocated appropriately? Is it on the risk register?
    • Do we have a written information security policy in place, which is championed by us and supported through regular staff training? Does the entire workforce understands and follows it?

     

    ransomware

    9 steps to avoid ransomware

    prevention comes first...

    1.Keep your Operating System and antivirus up-to-date.

    2.Regularly back-up your files.

    3.Enable file history or system protection.

    4.Beware of phishing emails, spams, and clicking malicious attachment.

    5.Disable the loading of macros in your Office programs.

    6.Disable your Remote Desktop feature whenever possible.

    7.Use two factor authentication.

    8.Use a safe and password-protected internet connection.

    9.Avoid browsing websites that are known for being malware breeding grounds (illegal download sites, sites with unsavoury content, etc.).

    The SOCIAL cybersecurity model

    The SOCIAL cybersecurity model

    A really useful acronym for discussing with your humanfirewall.

    Security Minded - everyone has their part to play

    Organised - includes clean desks and tidy work places

    Conscientious - slow down and be mindful of the actions we take

    Inquisitive - ask before you act

    Active - encourage prompt disclosure when something goes wrong

    Level headed - educate how to respond with calmness

    my top 5 (or 6!) tips

    1. train staff (keep records)
    (use my TED Talk as a free starter)
    2. get/keep cyber on your board agenda
    3. create/share/test your cyber-response plan
    4. book a penetration test (including social)
    5. gain cyber-essentials accreditation
    6. add external email notification to mail

    Glossary of acronyms and abbreviations

    A really useful acronym for discussing with your humanfirewall.

    I work very hard on never using jargon but some abbreviations or acronyms are unavoidable, this brief guide hopefully clarifies any questions that have arisen but if I've missed anything please do let me know and I'll update the graphic accordingly.

    Thank you for your help!

    GDPR - General Data Protection Regulation

    Getting ready for the GDPR

    ICO produced tools and resources to help you get ready.

    The Data Protection law changed on 25 May 2018 and organisations need to now comply with the General Data Protection Regulation (GDPR). The ICO has produced a package of tools and resources to help comply. These resources include the following:

    GDPR - 25 May 2018

    What should we be doing?

    Why does GDPR matter? What things should you be doing in different departments right now so as to comply with the GDPR. I created this 6 minute animation as a good guide to show to your leadership team to help understanding and company wide buy-in.

    Click here to read the ICO advice

    Do you need a DPO?

    Read the full guidance from the ICO here: DPO

    In brief, under the GDPR, you must appoint a DPO if you:

    • are a public authority (except for courts acting in their judicial capacity);
    • carry out large scale systematic monitoring of individuals (for example, online behaviour tracking); or
    • carry out large scale processing of special categories of data or data relating to criminal convictions and offences.
    Visit the Microsoft Trust Centre

    Does Office 365 Help with GDPR?

    Details on how Microsoft Trusted Cloud solutions can help your GDPR compliance journey.

    National Cyber Security Centre Resources

    National Cyber Security Centre

    a part of GCHQ

    The NCSC produce and provide great guidance on how to improve cyber security within your organisation - here is a pick of some of those documents which I think you will find useful.

    Cyber Security: Small Business Guide​

    How to improve cyber security within your organisation - quickly, easily and at low cost.

    Cyber security needn't be a daunting challenge for small business owners. Following the five quick and easy steps outlined in the guide below could save time, money and even your business’ reputation. This guide can’t guarantee protection from all types of cyber attack, but the steps outlined below can significantly reduce the chances of your business becoming a victim of cyber crime.

    PDF, 1664.54KB

    This file may not be suitable for users of assistive technology.

    PDF, 1041.44KB

    A summary of low cost, simple techniques that can improve cyber security within your organisation.

    10 Steps to Cyber Security

    Guidance on how organisations can protect themselves in cyberspace, including the 10 steps to cyber security.

    This guidance is designed for organisations looking to protect themselves in cyberspace. The 10 Steps to Cyber Security was originally published in 2012 and is now used by a majority of the FTSE350.

    PDF, 399.05KB

    NSCS Infographic on the 10 Steps To Cyber Security.

    An effective approach to cyber security starts with establishing an effective organisational risk management regime as illustrated in this diagram.

    PDF, 399.05KB

    NSCS Infographic on common cyber attacks at-a-glance.

    This infographic summarises the security controls you can apply to reduce your organisation’s exposure to a successful cyber attack.

    Why protecting your information is a board-level responsibility.

    A useful NCSC guide to key questions for CEOs and boards.

     

    More 10 Steps Resourses

    These additional NCSC 10 Step Guides are a really useful resource.

    How can ramsac help me with cybersecurity?

    ramsac’s cybersecurity solutions

    I make a point of never selling at any presentation I'm engaged to deliver. On that day I'm there as a professional speaker and a subject expert, however a number of you have asked me how my business ramsac can help you when it comes to Cybersecurity hence this inclusion.

    ramsac has a wide range of services to help organisations to improve their cybersecurity, these can be used as standalone solutions or in combination with each other for the ultimate protection against cybercrime. All solutions are updated regularly to include the latest cybercrime techniques and scams.

    The services include:

    • Cybersecurity board briefing
    • Cybersecurity employee briefing
    • Online cybersecurity awareness training
    • Cyber Essentials gap analysis

    For more information on ramsac’s cybersecurity solutions and how you can get your organisation protected, contact ramsac on +44 (0)1483 412 040 or email cybersecurity@ramsac.com.

    So, where do I get my shirts?

    The one question that always amuses me at the Q&A session is where do I get my shirts? So I've decided to include a link to my two favourite sources!

    For the truly unique visit 1 like no other or for equally different shirts on a lower budget try Joe Browns - enjoy!

    Feedback & thoughts

    If you want to send Rob a message or give him feedback on the workshop and resources please do so here: