How To Sign Oregon Banking Form

How to industry sign banking oregon form secure

all right good morning and welcome my name is Brandon Laws I am the director marketing at Zen iam and I will be your moderator for today's webinar in an effort to bring you more relevant content not only just HR content that we typically bring but we're really trying to focus on some business focus topics so that you know whether you're an HR person you can become more of a business partner to the executives on your team the senior leaders and for for you who may be an owner or an executive these are the things and the topics that we find that the employers are worried about so we partnered with core on this webinar how to keep your business data secure without spending time worrying about a breach and I'm really excited about this webinar so before I turn it over to Scott who I have from core I'm gonna go over a couple of housekeeping items and then I'll get out of the way so today's webinar we're gonna have a 30-minute presentation around there will depending on how fast Scott can get through this content but we'll make sure that we leave at least 10 to 15 minutes of Q&A and we'll get you out at 10:45 Pacific time if you have any questions throughout the presentation I'll be monitoring that that's kind of my role as moderator and I'll obviously moderate the Q&A but enter questions that you have into the chat window and if it's quick answers I can get back to you right away otherwise we'll save it for the Q&A at the very end the question that we always get time and time again is are the slides and recording available to attendees and oftentimes if you want to share it with your team or if you have to jump off because you have a call or something like that we'll definitely make sure to have the slides and recording available to you and usually we send those out within a day time hopefully by today I can send you an email with with the slides of recording but you will definitely have those if you want any alerts about new events new webinars or other content from zhenya just go to our website you can enter your email either in the live chat window that we have or if you scroll about halfway down on the website you can enter email address there we have tons of great stuff there there's podcasts we have web courses and ongoing events and in fact we have to I think two or three webinars published that we have coming up through May or June so go make sure to sign up for those as well okay I'm gonna give an introduction real quick to Scott Scott is the senior vice president at core business services they were recently acquired after as Scott has has really founded and developed this this business he's disgusts found a core in 2006 he realized that there was such a need for small medium-sized businesses to manage all the technology and I imagine Scott would believe that this is more true today than it wasn't 2006 there's so much technology around that it's so ubiquitous that I think we all need a little bit of help with our systems and really core focuses on monitoring client software and hardware issues so that they can catch it before there's ever a crash so it's kind of that peace of mind factor and you know they've been a great partner to us and I'm really excited to to have Scott here and and real quick about me I'm a director marketing and at zhenya my name is Brandon you probably see my name on emails and other pieces of content that would get out but I'll be behind the scenes today and I'm gonna turn it over to Scott right now Scott welcome thanks Brandon thanks for thanks for having me and excited to chat security today so as we jump in and again we'll have a lot of East amount of time for questions at the end and and I always try to try to preface some conversations with you know all of us probably have a lot of content coming at us and attend different webinars and presentations and you know I really think the goal should be can you take one or two things out of today's presentation back to your business that could make an immediate impact so quite a bit of content coming at you again can you take one or two things back make an immediate impact to your business hopefully be able to take some of those things today so the press is really I want to start out with this the goal being we need to keep our data safe keep our company data safe really the the thing we need to do as HR leaders as executives as owners is is ask our employees and really train our team to treat company information as if it was their own and so as we go through the presentation today will talk through different ways that a they are affected personally when there is a breach and B how as leaders we can help the company develop better security postures to keep our data safe so it doesn't always rely with only NIT I know we have quite quite a few HR professionals on the phone today so we're going to target that a bit and really how even HR can and probably should have a bigger play in terms of security and breaches so two pieces we're going to focus on today as we really talk about developing a better security posture and keeping data safe one is phishing so email phishing and and phishing attacks which I'm sure we're all somewhat familiar with because we either clicked on something we shouldn't have or our cube mate has or we've heard of an issue then the other one is passwords and password policies password hygiene and how we can do a better job there and so just as we jump into that kind of two stats I just want to lead off with is that 91 so in relation to phishing 91 percent of breaches come from or start from a phishing attack so 91% of all breaches come from a phishing attack you know a lot of people I talked to still think it hacking it is that the big thing that causes breaches and that somebody hacked in through our firewall stole our data but really it's coming through emails into the organization that somebody is clicking on something that they shouldn't and the other pieces we talk passwords will be that the average person has a hundred and thirty different logins out there on the web so they have a username and password tied to an email address a hundred thirty different times out there on the web and the problem being that when we don't have good password policies or password hygiene that all of a sudden we have the same password in a lot of different places which can lead to breaches so we're going to talk through both of those distinctly we're going to talk through a phishing we're going to talk through a password and then we're gonna kind of wrap it all together with how do we develop some material some policy some training how do we keep in front of mine for our staff or our team to do a better job to help keep the organization secure so so really how that relates to even directly HR and this is a fairly this is not a good statistic is that 45% of employees receive no cybersecurity training from their employer so roughly half of all employees do not receive cybersecurity training either formally or informally so cyber security training you'll hear me say security security awareness training today a big piece of keeping our data safe is training our people yet half of companies aren't doing this and this is the part that is part I T but I would say is is more HR operational than it is IT and it's not getting done today near enough so as we jump down we're going to talk the password piece first then we'll come back to fishing so as we jump into passwords and just how critical passwords are overall just some stats to kind of tie it together every day every day in the U n eight point two million passwords are stolen every day so you can obviously do the math and determine you know what that annual or per minute figure is but it's a lot of passwords stolen everyday 44% of people changed their passwords once a year or less so a lot of passwords getting stolen and a lot of people keeping the same passwords in play consistently either forever or at least on an annual basis and then 61% of people use the same passwords across multiple websites or multiple accounts or maybe they log on to their work computer with the same password that they use for Facebook or LinkedIn or Amazon or something else so people are using the same passwords across multiple websites so when we really tie those three stats together and we say hey 8.2 million passwords are stolen every day we know as we move that most people aren't changing those passwords so the password that was just stolen is probably in played for quite a while and then we know that a lot of people are using the same passwords across multiple accounts for logins it gets fairly scary because when a password is stolen the chances of that password working in a different account or for a different websites or for a different login increase pretty dramatically a quick real-world scenario of this and when we say how breaches start how data gets stolen and there's the CIO that I know that that hired a company to do a penetration test on his company 300 user company hired a company an IC security company to do a penetration test on this company a penetration test is when you hire good guys to try to break into your network to expose some weaknesses before the bad guys do so hired hired a company do a penetration test the first place that the IT firms started was to go to the dark web the bad part of the internet and get some stolen usernames and passwords that were tied to that company's domain name so company emails at ABC company comm were out there on the dark web and passwords were associated to this one of the passwords was for the company CEOs email which was shown on the website as well as the public information and the password was something to do with the Oregon sports team so some form of go ducks ducks are the best something do with ducks so the penetration testing firm took a play on that and used all of the Oregon sports teams so Blazers ducks beavers pilots and put it into a program that generated a lot of different passwords using those sports teams as they did that and then use those passwords they were able to generate the correct password because the company's administrator password for their network was also a play off of an Oregon sports team and gain full access to their network so it kind of gives you a quick real-world scenario of how a password stolen normally they're stolen and tied to an email address can really help you gain access to a network so password hygiene password policy pretty critical so not to scare you but I'm hoping as we go through this year password is not on this list so most common passwords today one two three four five six passwords add two seven and eight and then again hopefully none of us have one on the list here but common passwords today I think this is the top 25 passwords in use today again hopefully we've got a little more complexity in your real world so some pieces though as we talk passwords and and for yourself and to talk to other people is never never never tell anyone your password and never write it down too often your neighbor cube mate neighbor knows your password because they might need to get into your computer once in a while and way too often those passwords are either under their keyboard behind their monitor the thought is when you give somebody else your password they have your identity so anything they do on the network is linked back to you so hey your password is now compromised and can go elsewhere be it's scary for your own perspective because if something is done wrong with that username and password it's definitely gonna point back to you so never tell us anybody or write it down and always tell IT when it is compromised so it can be changed and always create strong passwords which will come back to strong passwords is that the big point you can talk about that more as well hey and you say but you know I might ask for from time to time so you bet so psyche needs your password talk to them and they might need your password not a chance so if you are okay with that statement remember we just set a slide and a half ago don't tell your password to anybody so I T should not ask for your password in the first place and you should not need to tell them your password I T has the tools to log into your computer to reset your password to gain access to what they need to gain access to without having your password again giving your password to IT is just like giving it to your cube mate should not be needed to be done sometimes I see people can be lazy and asked for your password rather than reset it sometimes we're lazy and think I don't want to have to reset my password so it's easier to give it to Fred on the helpdesk he can fix my issue and then I can keep going should not give your password to anybody if you do give it to IT for some reason once they're done fixing you fixing your issue typically they should make you reset it or you should reset it on your own so what is a strong password discussion we have a lot because a lot of us create strong passwords and then don't remember them which leads us to write them down so what is strong is this a strong password ball hidden red Sun or is this a strong password w3 dollar sign lower e f9 to you you know over time a lot of us have really been trained to say when when I do this presentation live and ask for a show of hands majority of the room definitely raises their hand at the lower of the passwords and says that's stronger problem is today really we're moving to a world war where passphrases are stronger so the top one would be stronger and when we look at why it would be stronger it's really because it's longer so link in passwords matters more so than complexity lengths because when a password is just being randomly generated or randomly hacked it's really a matter of how long does it take to do that and the top password in this case is twice as long as the bottom password which means it's going to take an infinite amount an infinite amount of time longer to actually crack the top password even though it is more complex typically as we know though a website or even our work log in will probably mandate some sort of complexity so you can still add some complexity to a passphrase by capitalizing the be making the a and a sign doing different things add an exclamation point to the end but the point being longer passwords are better and typically when we make them into a passphrase they're easier to remember so might scan the room and find four objects which is how I came up with this one and that becomes my passphrase which will be much easier to remember which will lead me not to have to write my password down in with passwords you know we've got to teach our people to report suspicious events and really create that security culture to where they raise their hands in the event something is compromised where they raise their hands if password is compromised if they clicked on our own wrong link you know even if they did something that caused an issue we want to make sure our security culture says it's okay it's better to raise your hand even if you did something bad so that nobody else does the same thing so we need to ask our people to report suspicious events some of those suspicious events are not being able to login with your same ID and password came in yesterday could login come in today can't login definitely should be reported quickly if your computer's running extremely slowly should be reported a lot of times if a breach happens meaning maybe malware gets installed on your computer nobody knows about that for way too long often so it's the kind of thing that don't just put up with it report it and ask IT to see if there is something on your computer that shouldn't be there if you see under unauthorized changes to documents you were working on a document yesterday and today it was changed report it and obviously receiving attachments from someone you don't know or that are suspicious especially if they're clicked on should be reported so again the point being though we really need to train our people as it comes to passwords and as we transition to phishing that it's okay to raise your hand in the event you do something maybe you shouldn't have so as we talk fishing again phishing bean emails that come to you where they are trying to do something bad so the two types of phishing are credential harvesting in credential harvesting the phishing is designed to have you enter your credentials probably username password email and password into some sort of website that is not going to do what you think it's going to do all they're doing is stealing your passwords so credential harvesting or the other type of phishing is where they're trying to get you to click on something to download a malicious payload so credential harvesting where they're trying to steal credentials malicious payload phishing where they're trying to download malware or a virus onto your computer and then gain access to your network that way so we're going to talk about both of those different types of fishing a little bit but as we start just some things to know on phishing one in a hundred and thirty one emails contain malware today big number it's the number one delivery method for malware so phishing emails clicking on links those links that look like invoices or POS are delivering most malware and it's a huge industry huge industry people are making a lot of money 3.4 billion dollars in losses back in 2017 caused by phishing attacks in a third about a third of all phishing messages are opened that's a big number that means a lot of people are clicking and opening messages they shouldn't be which leads me to my favorite stat the phishing emails have six times the click-through rate of real marketing emails so we all get a lot of marketing emails and sign up for things and get on marketing lists and you know hit delete pretty quickly phishing emails though are so good these days that they have six times the click-through rate that really is a staff that goes to show you that this is a big business right the dark web here this is big business this isn't just people sitting in a basement sending out emails trying to get people to click this is business where marketers very good marketers are employed by the bad guys to send out phishing emails that are very clickable so big payroll here to execute on what they're trying to do big business and so as we get to today why is why is phishing such a big deal right why why is 91% of breaches of starting from a phishing attack and this goes back to 2016 so it's a little old but I think it's very relevant because it's really the time when this started and we look back and if we look back to the beginning of the in January 15 we see there was you know a lot of spam going out still but back in 2015 we were getting spam but there wasn't a whole lot of bad behind it most of it we could just click delete move on it was an inconvenience but it wasn't too scary we can see in the start of 2016 there in the red almost half or more of spam email now includes a malicious attachment so the bad guys saw that spam was a good medium to deliver with and they thought why don't we start attaching malware to it it'll be the easiest entry point into a business and they were being successful with that so that's why it has become such a bigger thing they're people and the bad guys are having success with it so they're continuing to grow that means with credential harvesting and with malicious payloads in and so as we talk phishing you know we've we've all seen a phishing email like this today not as much but when phishing just started we used to get the emails that were from a Nigerian prince or somebody overseas and and they were poorly written and plaintext and you know people still fell for them once in a while but we look at that now and think man we used to pat ourselves on the back for catching that fish when really that's not a great means today phishing looks much better in and I took these two examples that came directly to me and neither of these are perfect but they're not horrible either and they are both office 365 which is something we utilized internally which I'm sure a lot of people on the phone use as well and so they're they're targeted and so we see today knowing that a lot of people use in office 365 or a lot of people use Apple or iPhone a lot of people use Google or Amazon we see a lot of phishing attacks targeted to these big online providers because they are such well used amongst most people and by throwing that office 365 logo in the email it looks kind of legit if you're working quickly and a lot of people click confirm' account when you confirm account or a lot of people click view documents when you do that in both scenarios it's going to take you to a website that tries to look like office 365 and the goal is that you enter your credentials there and your credentials are stolen so phishing is looking much much better all the time another example of a new school phishing we all have probably seen a LinkedIn invite I tell this story somewhat embarrassed seen ly but still liked to tell it this was actually a fish test that we ran internally on our company looks pretty legit when you see it other than that it says high test first which when we sent it out said the person's last name and first name looks pretty legit we've all seen emails like this and it mimics the LinkedIn everything looks correct we sent this internally and we're a team of about 40 within the IT division of our company and in being an IT where a lot of younger single dudes so they get hit up by somebody on LinkedIn that's a recruiter that's also somewhat attractive and let's just say a lot of our guys actually hit except here so failed our own test a little bit internally and when you look at you know when you look at this email what is wrong with this email why should I not click on this email and this is a really good one but if you look at in the top left the domain name linked in communication calm that's actually not LinkedIn's domain name their domain name is LinkedIn so everything looks correct except one piece tells you this is not from LinkedIn because it's from the wrong domain name my favorite example of new-school fishing again not because it is a perfect looking email I think it looks fine it's from the correct domain name in the top left so that was spoofed it looks fine looks looks okay what is really concerning though is step two so once I click on sign on to account online in the middle of this email it actually takes me to this page which at the time this email was sent out looked exactly like Wells Fargo's website but it was not their website so not only did we send out a solid phishing email not only did we spoof the domain name in the top left so it actually looks like it's coming from Wells Fargo a whole other web page was created to look just like Wells Fargo and if you didn't look at the domain name to know that it wasn't their exact domain it looks exactly legit the problem is when you log in on the left there under view your accounts you're not going to log into your Wells Fargo online banking page instead the bad guys just got your username and password and now they can log in so really really big business here and have design behind it to be able to get this complex and really make it look this real so some things just off the cuff that can be trained on to your users right how do we how do we combat phishing when it is that real and so some of the easier places if we start at the top is look at the domain name make sure the domain name is from the correct company a lot of domain names from the bad guys are changed just a little so we've seen Microsoft instead be milk recites the L instead of the eye and a quick glance and you look right over it in the example on the screen you can see they instead of Amazon cannon they've missed the a but the app sign on a quick look you still see da going down the page we also see generic pieces make it somewhat suspicious so everybody that's marketing today pretty much has your name and is able to send out a mass email but autofill your first or last name so when it's generic there could be something to look at and then before you click on any links you should always be hovering over the link when you hover over the link with your mouse it'll actually show you where you go so any of us could send an email and type in a link but then if we right-click it and change the hyperlink it can take us to a whole different page so hovering over the link is an easy place to start to make sure that what you click on is actually where you're going to go so real real word world example of a fish test email so we worked with a client of ours a good-sized client of ours and we're in the process of initiating a security awareness training program and the first part of that was well let's test our users today and figure out how many are clicking on things they shouldn't how many are getting fished so in this example we sent out around 265 females the company used office 365 so we made the phishing campaign look like an office 365 email up to 265 that were sent it was roughly a hundred and fifty five were so open to the email so came in to Outlook they double clicked it open to the email at that point not horrible not great also but but not horrible 155 open it of the 155 it was roughly 42 that actually clicked the link so in the email was a link saying they needed to reset their past to office 365 of the 155 or so 42 or so clicked that link which took them to a webpage that asked them to enter their office 365 credentials to enter their email address and their password of those 42 it was about 26 that actually entered their credentials so they answered their office 365 credentials online which means at that point in time the bad guys would have access to those 26 email accounts and access to the corporate network because it's the same credentials so roughly 10% of the company entered credentials online and were harvested in this first attempt and this was before training had taken place but it really goes to show and as we've done these at smaller scales or larger scales this is a pretty good scenario and a pretty good estimate that if you don't have training in place the amount of click-throughs and credentials insert is going to be fairly large so the goal would be over time as we do this campaign monthly or bimonthly or quarterly that we start to see the amount of clicked emails and credential enterings drop and really we get to the point where when we send out a fish threat test hopefully somebody's raising their hands and shoot I just clicked it hey this is don't click this email rather than being the person that typically clicks the email and then hunkers down in their queue we've got to make security something that can be talked about so why does phishing work social engineering work we're curious people are curious and they click because they're curious it's also a habit to have it when an email comes in I click and I move on typically a sense of timing as well I talked about phishing and security all the time and about a year ago I was working with the bank on something and they had sent me a doc you sign email and the DocuSign email came in roughly about noon on a Tuesday on Wednesday I was working through my email kind of been a Power Hour of getting caught up on email and a DocuSign email came in and in my head in about a second and a half a process that hey it's roughly noon a DocuSign email came in yesterday I'm getting another one today it's probably been about 24 hours it's probably their Auto reminder all of that process in my head real quickly because I was focused I double clicked it that fast I clicked the link which took me to another website and as I click the link I'm looking at the email and I realized oh shoot this is not really a DocuSign email but I talk about this all the time and because I was really working quickly at the time and because of timing in regards to yesterday I got a real DocuSign email I click and then trust trust being the last piece so trust to that hey I'm getting this email from somebody I know it must be real well what if their credentials were leaked and somebody's acting is them so pieces of security that I see people talk about proactive management is something that has to be done systems have to be patched point solutions all companies probably have a firewall or antivirus software something that at the point defends us we've got to integrate those points Solutions hope they talk and the part we're really talking about today is secured awareness training which I would say is one of the biggest gaps in a full security program and it's the piece that doesn't need to just fall on IT in the last piece again an IT piece is detecting issues so what about when things do get through those points solutions your antivirus software doesn't pick up the virus how do we detect and respond that but else we really put together a true IT security strategy if that security awareness training piece that falls to HR or to operations to really implement and help enforce in what we see is that security risks are reduced by about 70 percent with proper training so by doing that training over time the phishing example where we saw about 10% of people clicked goes down significantly so training has to be done only about 45% of companies are doing it but yet when they do it consistently it reduces the risk 70% so couples in wrap up a few things few do's and a few don'ts does you really look to extend a security awareness training program to your organization to help keep your data safe first do is extend it to everyone in the organization too many times when training is rolled out its rolled out to just IT or its rolled out to just lower-level employees or maybe it's rolled out to just executives it really needs to be extended to everybody in the organization it needs to be required by everybody in the organization don't just default to videos or classroom sessions that are boring right we've all been through too many boring sessions it has to be relevant it has to be something that people are going to talk about outside of the meeting it has to create a security culture that people talk about consistently maybe even if it's funny stuff real world stories we want people to talk security outside of the classroom do experiment so each time you send a phishing email a fake phishing email make it different simulate different attacks or different drills that way your training as you simulate and test experiment with it don't think you're going to teach everything in one session it's not going to happen we've got to make sure that we're doing this again and again do prioritize different topics so us we know that I'm just implemented office 365 we should probably prioritize the phishing attack against office 365 so prioritize it based on your business don't make it generic and again same thing we said a minute ago from a don't don't assume one session is enough too many times we see people get a security awareness training session handed to them when they start with the company they're there 17 years and they've still never had another one so don't assume one session is enough because with that what we typically see when companies do rollout security awareness training we said 45 percent of companies roll it out of that group a lot of them roll it out still just does it check the box maybe HR wants to cover themselves or IT wants to cover themselves security awareness training cannot be a check the box it's got to be a continuous thing so we're creating a security culture a culture inside the business where people talk about security they talk about keeping the business safe which keeps their jobs personally safe we want to have those discussions we want to really initiate a culture of it's okay to raise your hand and say I just did something wrong so that it can be stopped before it spreads them from there so we've got to make sure it's not a check the box type program it's an ongoing program that has talked about regularly so hopefully that's relevant content delivered fairly quickly really talking about how do we keep our data safe two big surface areas that that are somewhat outside of IT realm is phishing and passwords how do we create policies create training programs to keep our data safe and a lot of that's through educating our employees and creating that culture of security and making it something that's not just a check of the box hopefully that was relevant something you can take away and would love to talk through any questions that was great Scott thank you so much for going through all that the contact information for Scott is shown on the screen right there Scott Anderson that helped me core comm and if you need to reach out to me too are my email address is right there don't send me any phishing attacks please we have several questions we have about this six minutes before we need a 2-part so I definitely ask you know reach out to Scott if you have any questions if we don't get to it so first question Scott and I probably going to butcher this this domain name here but question from Derek says is have I been pwned calm a good sight to monitor to see if your email address has been involved in any breach uh you know I wish I could answer that exact one so I will look at that in in Brandon we can send that out to everybody after the fact it is not one I use we recommend though that companies sign up for a service that monitors the dark web so as a company it's best interest to sign up for a service that monitors the bad part of the web and looks for any new domain name he looks for your domain name and looks for any new passwords that have surfaced at it and so you can get regular reports that say you know here's the twenty seven emails that have credentials on the dark web for sale out there so definitely a piece of security posture would be to implement that service a very inexpensive service with a lot of return you talked about passwords before in depth do you serve a lot of people who have varying passwords across so many different websites and they can't remember them all where do you like do you recommend storing them somewhere whether it's in a spreadsheet on their own computer or or does that them all be from memory like what do you recommend for storage of passwords right and that's a real thing today right everybody's got so many different passwords and we're asking people to create multiple passwords it's about impossible so so never know never store them in a spreadsheet on your computer don't write them down the best solution is to use a third party like a LastPass there's competitors as well but a LastPass type solution that a generates extremely random passwords and B you keep track of one password and the last pass or other type of application does the rest for you available on mobile devices on all internet browsers and that way you can have unique passwords for everything and it changes your passwords for you regularly as well so at that point you've got one unique login that can be ultra complex that you can remember to log into and then the last pass or other type of application creates and and uses the other passwords for you that would be our recommendation so we hear about breaches a lot in the news especially with big companies like like Facebook where maybe passwords are stolen or something like that what's like how does that happen for one and what's what typically happens as a result of that like is information stolen and used or like what what do you know about those breaches that we can learn from yeah you know the how part is you know there's the bad guys are pretty much rockstars right so just just like they can break into our business they can get into Facebook how that's used is so so when passwords are stolen so I talked about the LinkedIn example earlier so in this case Facebook passwords were stolen from Facebook when they stole those passwords with the password was most likely a user name or an email address so now you've got you know my email scott anderson at core and my password one two three four five six because so many people use passwords across multiple sites now there's programs that the bad guys have that they're going to take that list of passwords to Bank of America comm and they're going to try to log in to Bank of America comm with those passwords or to another account and so on and eventually they're going to hit some of those because we all have 130 different accounts online with passwords and because we're all reusing our passwords so it's a matter of hey I've got real passwords and real user names here they're gonna be valid somewhere else on the web just based on statistics what a breach happens or some sort of attack what typically happens as a result would we'd know right away that hey there's been a breach or is it like you know months or years later when we find out our informations been stolen yeah both right at some points you'll know but but yeah you know the big companies would have to release so Facebook or LinkedIn are probably gonna release if they get breached but at the same point if you clicked on a phishing email and it downloaded some malicious payload to your computer a lot of times that stuff sits dormant for quite a while or sits and reports back and nobody knows so so it's both which is why a from say a password and login criteria we say yeah you should be monitoring the dark web through one of these services to know when your credentials or your company credentials are out there so you can change them immediately on the flip side we should have good policies in place to be doing that on our own because we know we're not always going to know when there's a breach so we should be having policies in place internally such as we need to change our passwords every 90 days or such as you're not allowed to sign up for Facebook or LinkedIn using your work email address so parts of policy and parts of parts of service you services you can sign up to you to help you know when there are breaches I'm going to do two more quick questions and then we'll part so you'd mentioned that email is typically the beginning of most phishing attacks and they look like marketing emails and in fact you even said that sometimes they're there they have higher click-through rate than marketing messages which is scary especially since I'm in marketing how do we filter out as organizations how do we filter out the bad messages while keeping like the ones we want to see yeah you know I use any emisn example I send a lot of email marketing out about our events about our content about webinars and people want to see those but with servers that are now blocking out a lot of messages that that look like that we're having a lotta links maybe a lot of graphics how do you make sure that you see emails like that where they make it through where the other ones don't and maybe that's a too big of a question yeah yeah that's fully loaded I'm sure you've got a better click-through rate I'm sure your click-through rate is much better than six oh yeah let's just get that out of the way I think you know part of what we would recommend is a lot of those additional emails are coming because we all have to sign up for something to download a white paper or to do our online shopping or something so it's worthwhile to the quick part of the answer is to have a couple email addresses right to make sure your work email address is only for stuff for work and even if you need to download a white paper for work you're downloading something in your credentials and not credentials but your email because somebody wants to market to you right so I want to see zhenya Moo's letters because there's valid content in it so I'm gonna include my work email there because I want to get them at work I want to read them at work there they're an educational tool but maybe when I do something else I've got I've got an email set up just for the stuff I don't care about any further so use that email never check it but it's there and it filters it out of your normal inbox okay so last question and then we'll go if you suspect that you've been compromised in any way through an attack regardless of the position that you're in what should the first step be and reporting to somebody in the organization so first thing should be changed your password or passwords plural but change your work password and then if you're using that password elsewhere I changed it in the critical locations online banking or whatever you think change password and then report it to IT to pieces good okay Scottie Anderson thank you so much for for coming on the webinar and shedding light on this very scary dark subject but I learned a lot from it I know other participants probably learned a lot from it but for anybody that that watched this and will get the recording and the slides definitely share with your team and then reach out to Scott if you have any questions his email address is on the screen we were lucky to have Scott from core today and again I'm I was your moderator today Brandon laws from zhenya reach out to me to if you have any questions have a great day again thank you Scott thanks Brandon