Sign Maine Banking Permission Slip Myself

Industry sign banking maine permission slip myself

wait so a Rebecca just easy and I just put it there I'm gonna put it here in the comments if for some reason there's someone that can't login I will be happy to send the full slide decks after the meeting and then get on a call with Metta Thomas can make all right Chris you are set up as a presenter I believe if you just go ahead and would like to share your screen I believe everybody will be able to see it and everybody can hear you now good Rebecca it looks like we've got about six attendees in in right now I've recently received several sign ups but most of them don't appear to have logged in and recently in the last five minutes there's been looks like seven or eight sign ups and they should have received an email with the link and I've also put the link directly in there in the chat if you need to just you can send that link to anybody and they can log-in all right Chris it's all yours and everyone can see my screen I can and ever everybody should be able to alright perfect thank you guys for joining us today Chris may our information security consultant with advantage technology deal with everything from small companies all the way through large corporations just a little background on me I began in the US Navy with the United States naval nuclear school years ago I won't say how many I don't want to date myself and we had a huge focus on security around ICS systems right industrial control systems information control systems it's actually called them back then now they're referred to as industrial control systems and distributive control systems which some of you might be familiar with in manufacturing later through different roles I ended up with DuPont chemical actually in Bell West Virginia which is now chemours and also there we had a massive focus on security around ICS DCs systems and then that led me to my role here at advantage technology where I consult with many of our clients on on how to understand security frameworks how it fits into their business and how they can keep their self safe I'm going to start off with just simple cybersecurity right the fact that you as an individual are the last line of defense now go through some of the basics some people know the basics some don't move through that it's a good refresher if you do know the basics and then Jack Sheaffer who's also on the call and will introduce himself a little bit later is going to step into more specific security around manufacturing and the specific threats to manufacturing so we'll just jump right in first of all I already introduced myself like I said I'm our information security consultant this is what I was used to seeing years ago when I was went through the Navy so pretty serious security around reactors and ships and the things that control these things so a question I get a lot is what will the warrior Guardian in the future look like right basically people ask me you know what what is the new defense gonna look like it's a lot of people think it's this guy it's more like this guy back here the biggest threats we have now from nation-state actors are not them crashing our borders like what happened in d-day but actually to crash through our systems to control critical infrastructure refineries big manufacturing operations as people know a lot of these things can be turned into a job bomb if they're put in the wrong hands or not operated correctly some of the big chemical plants and refineries in the world especially very very critical to the way we operate safely so a lot of your protections now are done through a computer some of the recent headlines that we'll go through basically point back to what I want to talk about today is the fact that they the human factor is a big deal in security it's a really big deal we hear over and over employees at fault in major breaches human area to blame for breaches the biggest threats are the people inside your company once again employee err lack of confidence staff under trained employees company employees blamed for cyber attacks right so you see this over and over it's the people the staff that are being blamed that's a big deal right and it makes people a little nervous it makes people scared they're trying to figure out what's going on so let's try to figure out why that's the case and then what we can do about it right so the first question is what is the risk then we get into why are there hackers right and are you at risk so here's the big thing that you have to understand about security ninety-three percent of all money is digital and that's what's at risk right it's a financial crime it is not a crime because somebody doesn't like you or doesn't like your business or these other things that you hear about it's purely financial motives right they're out there trying to make money so let's look at that right let's look at how that happens right what is a cyber crown the some of the basic threats we have today crime as a service which is a big deal that will dig into a little deeper if you don't understand what that is and then tips to protect yourself in your business so basically what is cybercrime right it's a criminal activity that involves the internet a computer system or computer technology so 50% of Online's adults about half of them more cyber crime victims in the last year most don't even know it those numbers actually just went up recently due to the major breaches that we've seen with Yahoo saying they lost three billion records so a lot of those records were things that affect basically all of online traffic 500 billion dollars so that's what it cost the global economy annually currently now that numbers going up astronomically every day nobody has a good handle on exactly what it is right now and 20% of businesses so one in five small medium business has been targeted these are these are serious statistics and these are what we're facing right now with cyber crime so the question is what is right what does blackhat cybercrime so you may have heard this term before it's popped up in the media a lot lately but blackhat cybercrime is a form of malicious behavior right just as we said it's motivated by profit and a predictable ROI and the reason I stress this over and over is these are the reasons that you have to be very very aware right it's once people find out you can make a profit and you have a predictable ROI we prove this in business every day you're going to continue to do those things that make you money that's why we're in the new normal now cyber crime is not gonna go away this is the world in which we live so once we know that that's the new normal what are the threats we're facing these are not all of the threats that we face currently or that you face in business or even personally currently but these are the ones that I think are important for us to talk about these are things that you can that you need to be very aware of in our current environment so first of all just simple econ right there's botnets out there that in fact you know networks and devices with malicious software they're controlled centrally they're deployed by an individual somewhere right and then there are some types of malware that live in the systems that you don't even know we're there that are really hard to detect by users right that takes software and other things to detect and we'll get into more of how that works later so that's just a crime in general phishing a little more specific can come through email phone SMX fax voice mail you can even have phishing scams through the u.s. mail right somebody's just throwing a line out there hoping you bite the hook and you'll give them value information whether that information is passwords whether it's financial information something of the such typically now we see it by email it's one of the biggest threat vectors that we have to deal with now because everyone uses email it can be done through spam or V phishing or SMS phishing so we have some fishing campaigns through text messages right through SMS now or the same thing they want you to reveal some critical information that will help them to make money and credential harvesting right so that's what I talked about passwords you're going to receive an email it looks completely legitimate you click a link that looks legitimate if it's not and it asked you to enter your Microsoft password for example you enter your username and password now they have your credentials you've probably used that username and password in other places that's a big one ransomware is huge right now if you had been a Bitcoin it enables people to take payments without them being traced once again financial gain is the reason they do this now they can't trace the payment that's made that's why we've seen it grow astronomically in the advent of ransomware what it does hold your files for ransom you log in your computer everything says it's locked it's encrypted you can't get in unless you pay you can't get into anything and you have to pay to regain access and people will pay to do that in order to be able to operate the business and then physical security we do see a big problem we see now is people can walk right into a business you'll see a desk with the administrative assistant or the receptionist there USB ports are facing the front so I can plug into USB right to the back that'll worm right into your network has a little program on it everything they need to do you never even know it happened and they didn't even have to come at you through your emails through your security so these are some things that you really have to think of about serious threats that are facing business nowadays let's move a little forward so out of those we talked about ransomware is the fastest growing threat that we see right in its we see it constantly honestly I just saw it with a firm about a month ago that supports the manufacturing industry they do packaging specialty packaging and not a lot of employees they eight employees and only a few people use computers but all the computers in the business we're locked out completely encrypted couldn't get into anything had to pay a ransom to get it back which is not easy for a small business and the ransoms get more astronomical as the companies get larger which is equally as hard so what do you do train employees filter emails scan emails configure firewalls patch good AV right these are these are the basics that I've listed here Jack's gonna get more in detail on this stuff of how you actually do that but if you want to know the things that you must do drain email security configure firewalls patch your systems and update antivirus those are the things you have to do right that those are foundational then you step up a little more manage the use of privileged accounts we want to start doing network segregation and some other things like I said Jack's gonna get it more into detail these control access to your networks disable micros implement software restrictions right these are all things that you want your IT department to really be looking at and thinking about also you really want somebody that's specialized in security nowadays IT and information security have become separate entities you want a third party oversight of what's happening with your IT to make sure it's absolutely safe all right then you want to take that next step and start to do stuff like disable and remote desktop protocol that's how people get into your network from outside maybe look at virtual environments and then go to the next step which is that physical and logical separation like so Jack's going to get into more of that later I just want to touch on the fact that there are ways to prevent this that's the key takeaway from this slide is yes it's prevalent yes it's growing like crazy and it will continue to but we can stop it and then here's the my favorite quote of all time bad news isn't wine it doesn't improve with age and I say that to say one of the biggest things you can do is when you see a problem tell somebody we see a lot of times somehow click on something they didn't mean to they'll see something looks a little suspicious they're afraid to tell IT they're afraid to tell whoever runs operations right they're afraid to say anything it's only gonna get worse step up say something happened I promise you the people that control your networks love you if you stop a ransomware attack at one computer so it doesn't spread through the whole to the whole company and this is the feeling you usually have right when you see something like that you want to hide from it you want to get away this pictures on here because we actually had a lady at one point at the state of West Virginia who was hiding under her desk because she got an email that said her best friend was trying to kill her and they wanted money to release the tape to her it sounds crazy I throw it in because it's kind of funny but that actually happened right she was terrified and the reason why is the email had a lot of personal information it was very detailed it was very crafted it was a very targeted spear phishing attack so these people are out there and they have crazy ways to get at you and what we try to do with these presentations these talks is to make you aware of what's going on so you can protect yourself you might have good resources and house to help you with this in your particular business your entity that you just need to reach out to it and make sure these things are going on and this is a quote that somebody shared with me some time ago that if you spend more on coffee than on IT security you will be hacked I don't think I agree with the last sentence what's more you deserve to be hacked nobody deserves it but the point of the quote is this is how serious that the the sovereigns are felt about it when he was in the White House is that it's is you yes it's a crime and yes we hate it but it's your responsibility to step up and to do something about it to make sure it doesn't continue so here's the biggest problem we see as well cyber crime as a service you see on the left and the right here these are tools that you can go buy off the internet so now you don't have to be some amazing nation-state hacker to deploy malware what's happened is people that have written these these different malware viruses as we know and things like that have realized wait I can put it on the internet and sell it to people and I don't have to then deploy it against the company and hope I get paid I'll sell it to other people get paid immediately and let those people deploy it and so now you have 8 billion people access to crime as a service kits which is what you see here they can go bomb they can send them out to some email list they've bought somewhere else to you know 10 million different emails and then just see what hits and see whose accounts that lock this is why we see a massive uptick in it right now so I will tell you that hiding in a box like this gentleman or lady is not going to keep you safe and that's what we see a lot of people do sadly is they think oh if I don't talk about if I don't think about it if I don't you know then I won't have to a lot any money to it and I think we'll be ok nobody wants our stuff we're not important that's not the point they're not coming after you specifically it's thrown out it's it's all this is painted with a very broad brush right they throw it up so as many people as they can and see what sticks they didn't have to be coming specifically after you but they'll be more than happy to catch in your bitcoins I promise so what can you do first of all we talked about firewalls keep them on you have to have them in your business and you need to have them at home and I malware software it's got to be up-to-date and we talked about patches earlier right keep software up-to-date and if it's possible do it automatically you should write and you have to be vigilant I tell you all the things I've told you up to now not till you scare tactics but to let you know that the threat is very very real these are things that myself and Jack see every day working with companies in regard to security and it's the worst calls we get or when somebody's had an incident and has ransomware or has a virus and it's not fun for us because they're in a crisis at that moment right they're businesses at risk or employees are at risk we would much rather help walk them through it in the beginning than have to hear them in that state because nobody wants to hear somebody that is absolutely devastated about what's happening to their company so let's be very vigilant and know what's going on right now and we can well we're going to take questions at the end Jack's going to dig into more some of this stuff about defenses specifically for manufacturing so I'll go through it a little quick and if there's things we need to come back to at the end feel free to ask questions here's a big one for me don't be tricked into downloading malware most of what we see now a user has shoehorned it into the network so they'll open a bad email it'll take them to a bad site it'll look very real just like these two sites do they start clicking links typing in credentials and it's it you have to really look at what these these emails are nobody's going to send you a subpoena in an email it's not how it works anymore if they do they obviously have no idea how things are supposed to work also - if your antivirus is on and your computer warns you of things you can't get to or the office network tells you there's things you shouldn't get to don't go around that a lot of people now have what to websites and figured out how to get around certain things and use proxies and all these other things it's a horrible idea you're just going to open your network up to something terrible here's a big one protect personal data and financial assets so once again how do you avoid these scams you have to be vigilant right look for signs think before you click on things and like I said these all point back to what you can do as a person not specific corporate security expect that you'll be the target of a scam there are so many now that you you are currently a target and will continue to be a target and you have to constantly know that when you're online once again I said this is the new normal this is where we live from here on out and keep your sensitive information private right you don't you should definitely not be on public networks logging into your bank account it's a really bad idea so now we're going to jump into this passwords this is a big one for me when it comes to personal security write your password is your personal security it's your personal piece of security that helps protect your your information corporate assets all these other things right you would not believe how true this meme is right somebody figured out my password and I have to rename my dog this is the problem that we have right now in our internet society is that we make password something so easy that we can always remember that makes it very easy for the people to try to get your passwords to get in and to figure out what they are so let's look at a couple passwords let's see if you can figure out which ones are strong I think everybody would agree that that's terrible and it is so how about this some of you're probably thinking well that looks okay right it's numbers couple characters this terrible random number generator can guess that in a matter of seconds what do we think of this yeah looks okay it's not it's a simple word with an exclamation point the reason I said it's not it's because now we have basic dictionary programs that will run through every dictionary known to man change every letter and character as they run through these dictionaries until they find a combination that matches I think you all understand how fast the computer can think so you imagine how fast it can go through these dictionaries it will figure that out absolutely no questions asked and they get better every day and there there's online repositories of dictionaries that are digital dictionaries that already have all the characters and numbers changed to make it even faster it's not a good now this looks a little crazy it's good and I'll tell you why it's good because it's four words that have no association with each other what's with each other whatsoever alright there's nothing about that would make you think to put those four words together and then you've changed some characters and numbers and things in them solid very solid password there's not a there's not a dictionary program that's gonna guess that out of the blue I've had some people before look at this and say oh that looks strong it's a bunch of different numbers it's not it's a weak random number generator can figure that out and it won't take it very much time at all this looks a little strange probably thinking that looks secure it absolutely is it's a it's as secure as you can get so what it is is it's a it's an acrostic basically right you've taken a sentence that you can remember so we still try to make it this is the way you make it easy to remember without being easy to crack taking a sentence my son Aiden was three years old in December take the first letters of every word in that sentence smash that together into a password change some letters and numbers there's some special characters completely solid I do this this is the way I generate master passwords that protect my password managers that encrypt and store very detailed passwords that are generated by the computer remember this use the sentence that you can remember all the first letters change the numbers and special characters I promise you it will help you the last thing you need is somebody to get a password that you reuse over and over and over for Facebook and Twitter and then use it to log into your bank account or even worse to log into the corporate network and then you're on the hook for the things that happen to sensitive information the money that's spent to recover so passwords protect your accounts with them make them strong keep them private don't send them through email and use unique passwords for different websites you know I tell this to everybody never ever ever ever reuse a password use a password manager something like dashlane that you can store them in and will automatically generate you strong passwords and you need one as a master password for that I can get into that in more detail I can send out some information from it if later you guys have questions you want to put them in the comments or send us an email we can help to answer how some of this stuff works in more detail off the call and limit use of employees using corporate email accounts on third-party websites so you should never use a password that you use in your company for Facebook for your bank for Twitter any of that you have to have something completely separate you need to definitely separate personal life from your corporate and business and then the other thing defend against checkers so this is things that need to be done in the networks to disable too many account logins don't use certain interfaces in the monitor for brute force attacks like I said Jack we'll get into more that the corporate security and we can answer questions about this later the other thing about security that I always talk about our backups so if the house burns down do you have a way to recover backups are critical nowadays and like I said that's something we can get into for the sake of time we won't dig deep into them Jack might get them to a little more but you have to have solid backups with all the threats out there nowadays in case somebody steals all your information if you have good backups you won't have to pay and then here's the big one with cell phones right I jump right into this because this is people don't think about it but we have security issues with cell phones right we there is there are malware programs out there now and as you start to do so to work and do stuff on your personal phone from work you know work emails and things like that you open yourself up to a to a lot of issues and doing that with cell phones we see a lot of people now that we consult and let them know that you need a personal cell phone and you need a cell phone for work it's expensive for companies but it's just it's the nature of what we do and we're starting to have to move in that direction so talking about cell phones and devices same thing guards your data and devices when you're on public Wi-Fi you want to connect securely you want to confirm the connection you look at this it's on my screen and it looks like it says Hilton Hotels net but it doesn't it's just it's missing a tie somebody spoofed that email or spoofed that website so you'll log in to that thinking you logged in to Hilton Hotels not nothing that everything you do on there it's gonna track you and it'll look just the same when you log in if you don't see it in the address you'll never ever know so you got to be very vigilant of this stuff and I talked about this too because a lot of us do work now on public Wi-Fi as we travel as we're in airports these other things public Wi-Fi is not secure you gotta use you know Virtual Private Networks and some tools to keep you safe out there and really watch for the websites you jump on to encrypt storage on mobile devices once again we jump back to mobile devices especially laptops right that's a mobile device they need to be encrypted they leave the office they go out in the wild as we say and once they're out in the wild you never know where it's gonna end up have to be encrypted phones now we see a lot of law firms that are being required by their clients to absolutely encrypt phones as well I mean it's it's then like I said this is the new normal safe sensitive activities for trusted connections my suggestion would not to be to hop on your corporate server while you're on public Wi-Fi at airport lounge it's a really bad idea if you have a good solid corporate VPN that you can trust that's one thing but try to save that activity for a connection that you trust and then flash drops never pick one up never ever pick up a flash copy plan to leave them in parking lots of corporations companies hoping that somebody will pick it up plug it in to one of the computers and then there in just don't it's not a good idea there's nothing on there you need to see I can promise you and then we'll get into more of this later around you know work for there's cloud storage but there's some really specific things you can do to help manage work features and workflow to keep you a whole lot safer than just keeping everything on a local device so once again what can you do to help right if there are problems like we said it's not like it's not like fine wine it doesn't get better with age immediately report incidents report abuse and other problems that you see right if you're getting nasty emails that are that are threats if you think it's somebody you know you really need to report these things immediately report phishing it's something that is very prevalent nowadays but it's something that you really really need to need to talk about when you see these phishing attempts comes through reporting through your IT department report them to the company that handles your IT security once again back up device data a big thing for us now if you get rain somewhere and you have proper backups you can recover from that without paying the ransom in most cases backups are now not just for business continuity but a critical part of your sovereignty plan for your business then immediately report any missing devices or theft of company data if anything if you lose a phone if you lose a laptop even if it's your personal phone but you do company business on it if you lose it report it to your company let them know change your passwords find out how you can wipe the phone remotely right these are I think that you personally can do to affect your security we'll get into the QA a little bit later Jack Sheaffer is gonna jump on get into more detailed stuff about manufacturing that was helpful for you guys Joe if you want to take it away and hand it over to Jack alright thank you very much Chris let's see here Jack I'm gonna make you a presenter now unmuted you Jack there and I'm gonna make you a presenter you should be able to share your screen now Jack great all right great great can you guys see my see my slide here yep loading I see loading coming up there's your slide all right jack take it away buddy great hi thanks a lot for joining us I'm Jack Shea from the business transformation director for bandage technology I'm also like a virtual CIO virtual see ISO which is a chief information security officer so I've been in around oil and gas business for many many years been in IT for almost 30 years and so seeing a lot of changes and have a lot of experience in in cyber security so 2017 it was bad kind of a bad year there was a lot of ransomware out there we had one a cry and not yet yeah these are all sort of systems that were infecting older machines Verizon had a big security lapse it was like 14 million customer data sold stolen we were had 57 million customer data exposed Equifax had 145 million Americans had their data exposed to the data breach in Yahoo that breach actually is probably the largest one to date there's like three billion people that are actually impacted in that breach so pretty pretty terrible statistics you know just from a cyber security perspective and like Chris says it's not really getting any better so you know manufacturing is is under attack today there's a Kaspersky Lab report that came out in October it said over 30% well actually a third of the attacks in 2017 were actually dedicated toward compromising Maine action so what are they after I mean was you know wise manufacturing under attack well a lot of it is intellectual property so I mean you know they're trying to grab some of this stuff off of your machines off of your industrial control systems and if you're using 3d printing 3d printing is particularly dangerous I'll say or not dangerous but at risk for compromised ation because that's where all your designs are you know you put all your CAD designs on all your CNC machines those sorts of things they always they have everything there and so if those machines can be compromised they can pull all those designs over hackers are also you know they're trying to disrupt or sabotage so we have an example here in Germany where a steel mill actually had a device that was compromised and it caused the furnace to overheat and melt down so it was just a compromised ation of the PC and it actually caused a physical problem inside the plant unfortunately nobody was injured but you know it still shows you what what can be done out there so what what really makes the manufacturing industry vulnerable to these kind of attacks well you know number one what we see is there's a lack of awareness and training so we're happy you guys are are on this presentation by Chris and myself because that that shows you know you are getting aware and but in general most of the mostly organizations don't really have formal security training programs in-house and so you know as Chris said you know you're the you're the last line of defense really and so having awareness and training programs really beneficial there's a lot of remote work that's out there you know you have folks that are connecting in using remote desktop tools you know so they can do their accounting systems from home wherever get into their industrial control systems from other places or allow you know vendors to come in and take remote control over some of their systems and so that makes it really convenient but it also exposes your network to attack because the same remote systems that you use hackers can compromise those and use them as well there's a lot of older IT products out there ladies systems are in place long time you know 20 years or more units of these factory settings and and these systems have been identified with known vulnerabilities because they've been out there so long so you see a lot of those that are in use there's not really a good cybersecurity culture inside of manufacturing you don't really think about some of the embedded systems as being even computers you know they just think I'm well it's it's a design system I don't really have a you know worry about it being compromised but a lot of these have embedded operating systems tha can be that can be compromised in a hack so again we see a lot of these data networks out here where your plant manufacturing systems are on the same same network as your office pcs and that's kind of bad because you know flat network like that makes it really easy for easy for hackers to come in and infect a PC and then move laterally through your network into your into your industrial control systems there's a lot of folks that are used in systems and putting things in play they don't really know what assets they have out there and there's not good asset inventories and it's almost impossible to protect a system if you don't really know what you have there's a lot of cyber of software weaknesses a lot of cyber security problems and a lot of these older systems you know they're still in play you may have Windows XP when is 2000 and 2003 still in use and some of these systems so there's some you know there's some problems associated with that we also see these aging control systems again you know out there you know they really you know they've been in place for a long time and so you know those weaknesses are out there and republished but what do you do right once you know we're under attack we've got all these kind of vulnerabilities and things that make us vulnerable for attack so what we really do well first off there's a lot of industry standards out here frameworks as far as quality in manufacturing you know ISO 9000 I'm not sure how many of you are familiar with that but you know these are these are quality management standards that are in use for a lot of manufacturing you know say well these are best practices that we use to manufacture especially you know if you're in things that are going to be you know involved in human consumption and that sort of thing you know you're wanting standards for quality and cleanliness and in that sort of thing and so these are frameworks that are used in that ISO 14001 that's a framework that provides for environmental so it's kind of specific around environmental controls so basically these are industry standard frameworks around some of the manufacturing processes oh there's also cybersecurity frameworks okay so these are these are frameworks that help you do best practices and standards around security so ISO also has a security framework it's called ISO 27000 and it's a family of these frameworks that kind of help you walk through and figure out you know what is a good process to put in place around in to end security the CIS which is the Center for Internet Security is for critical security controls and these are links here you can go out and and go pull this information now it's very very useful the the critical security controls tells you what kind of controls you need to put around your devices around your pcs around your servers around your industrial control systems so very very excuse me very good information there NIST which is the National Institute of Standards and Technology they have a framework for improving critical infrastructures so they went through this and you know a lot of manufacturing is in that critical infrastructure and so they in December they put out a cybersecurity framework that is made for folks who are running this critical infrastructure to review and put into place some of the best practices here if you're in the financial sort of industry there's the PC our PCI which is a payment card industry they have a standard out there for how you know if you're taking credit cards or your processing financial data there are a series of controls around the appropriate security of that data as well so these this is basically on your right is that CIS framework which I like a lot it's pretty simple it it really you know it's basically saying look we're gonna we want to protect the system we want to detect any kind of problem that gets in then we want to be able to respond to that problem then we want to recover and then we kind of identify you know the attacker and the threat that hit and so it's it's basically this framework around all of the security of your devices so one thing I'll tell you is that Security's not really just a firewall it's not just a product I mean it really is a entire set of process so you have policies and procedures that says this is how we're going to do things internally and make sure your employees are actually doing what they're supposed to be doing you know handling customer data or your own intellectual property with care you really should have an annual risk assessment so it's like have a IT company come in and do a risk assessment on where you are you know are there any gaps you know they're things you could be doing better again security awareness training those are things that train your employees on you know how to be suspicious how to not fall for some of these scams access control these are things that you know you you basically have you know you don't use shared passwords you don't have everybody with admin rights and that kind of thing you really want to define the access really on a lot of these industrial control systems security event monitoring is really kind of key you know what are you really doing you know as far as monitoring your internal networks you might monitor your premises with cameras and burglar alarms and that sort of thing but very few folks are actually watching their network changing configuration management those are things that you know it's always important anytime you make a change in your environment that you want to make sure it do you and that analyze what it does to your risk and so so again it's all it's just a process that keeps going and going it doesn't really stop so what's some action items here so action items here you you really should work with your IT department you know anytime you're doing a project you know putting in new equipment and putting in new you know upgrading equipment that kind of thing you should really work with your IT department a lot of devices anymore when you buy them they actually have internet connectivity built in you know you buy TV guess what they all have internet connectivity it's the whole internet of things there's a lot of security cameras and other systems they they basically come right out of the box with Internet connectivity if you just use default pass of the things that are set up on them right out of the out of the box and they'll change it then they can easily be compromised so again train your personnel and cybersecurity awareness it's really important you know just like Chris said you know it's your it's your last line of defense so you really should conduct a true security risk assessment you'll get somebody to come in do an assessment for you say okay this is where your gaps are here's where your potential risks are and have some action items that come out of that - to really say okay this is what we would recommend you to do going forward I'm a big proponent for event management and monitoring on your network a lot of these hacks and breaches for long long lived attacks I mean where they didn't know that somebody was on their system for like six months or more and the reason that was because there was no event monitoring so just like you have a burglar alarm or it's a fire alarm or something to monitor your physical premise you really should have something that does something similar in your network and again an asset inventory with technical details that way you know where it is what it is what version of the operating system what version the software that way you know if there's a threat or some kind of vulnerability that comes out you'll know so it's like oh there's a vulnerability on that particular piece of software while I'm doing on that particular piece of hardware so you know where it is so you can take the appropriate action so all your vendors and third-party providers I would suggest try to push them to use these same security frameworks so some of the some of the recent hacks like for Home Depot and target actually came in through third-party vendors who were managing and monitoring their HVAC systems and so again you're only as strong as your weakest link and so if you have third-party vendors they're doing things for you you probably want to encourage them to say okay what is your cyber security posture what is your ability to control access to your network so that when you're accessing and doing things on my network you don't bring a compromise in into our network I would encourage you to you know kind of put into place some of these frameworks pick one or two and and you know start doing some best practice around cybersecurity these frameworks really is a process and as you go it gets better and better now if you don't have an IT department you really should start working with a trusted firm that's really knowledgeable in cybersecurity you know and it is a specialized field is pretty complicated you know not just every IT company that just does pcs and firewalls and that kind of thing looks at it from a holistic viewpoint so so I kind of encourage you to if you don't have your own IT department reach out to to somebody that you trust that has skill sets and cybersecurity and with that I'll take any questions ok everyone I'm gonna go ahead and unmute all participants here if you've got any questions you can go ahead and ask them as soon as you get unmuted ok ok so attendees should be able to unmute yourself there's the little microphone icon there or if you have any questions you would like to type in the conversation area you should be able to feel free to go ahead and do that now alright Jack I don't think we have any questions crap Joe it's Chris okay I'll just say for anybody on here if there were some things you didn't understand or you don't want to ask about right now and also if you know anybody that wasn't able to log on let me know I'll be happy to set up a call to go through it in detail one on one just to talk about it share that the slide decks with you guys but stay answering any any questions you may have about you know what this looks like inside duration and how this would work and there's no question that there's no question that's that's too crazy or too simple right I'm gonna put my email address in here just so you guys on the mints so you know how to reach out and also a phone number this is the easiest way to reach me as well sometimes it's nice to have somebody to reach out to when things go bad and so that's the best contact information right there and the one thing I will say is the first step doesn't cost you any money alright the first step is to be vigilant to look at it to start the conversation see where you are right and that's something that you know we can assist with there's other people that can assist with if you have an internal IT department go to them and assess those questions right - it's free to start the conversation and a lot of times that's what opens opens your eyes to see that you have you have gaping holes that are gonna let people walk right in and cause you some serious problems all right Chris that was great Jack I think that was great presentation Rebecca I'm gonna go ahead and unmute you is there anything that you would like to say to everyone before we close out any last words from anyone all right great guys well we'll touch base against here real