How to Protect Yourself and Your Small Business Against Cyber Attacks

Despina Karatzias 0:23
Hello, good morning, everybody. Welcome to the Digital Discovery Show, I am absolutely thrilled that you’re joining us from wherever you’re tuning in from, or watching the replay across our Facebook and YouTube channels. This show is born out of the pleasure and the honour that we have daily at Tourism Tribe and Navii Digital of helping small businesses around Australia with their digital discovery and with their digital journey. So this is absolutely brought to you by Tourism Tribe and Navii Digital and our promise to you is coming to you live every Friday, same time at 11 am, Melbourne, Sydney and 10 am, up north to our Queensland friends and community. Now you haven’t seen me for some time on the Facebook network because it’s very, it’s very, very relevant to be having this conversation today and introduce to you a very, very special guest that we have here with us that we met recently on the backups cybersecurity week and Jonathan Horne, who I’ll introduce you and bring onto the show to have a great chat about the topic of cybersecurity and cybercrime and how it relates to all sizes of businesses. This is just a business matter. It’s absolutely so relevant for us to be aware. And speaking of awareness, Jonathan horn, he’s the CEO and founder of Cyber Aware and working to make cybersecurity for businesses of all sizes. If you haven’t heard the word Navii Digital with we’ve launched this week, with the one small step series and the one small step campaign. We had our first episode that happened on Wednesday that screen to the 200 million-plus Facebook, Australia page, as well as all of our streams. Our friend Jonathan, who you’ll meet shortly, he will be our keynote for Episode Two next Wednesday. So keep following our socials. And that is excellent at that is a great follow up for you to hear from Jonathan and other small businesses again, about their journey in avoiding costly mistakes in our small businesses. Now, Jonathan and his team at cyber aware were also named gold disruptors in the 2019 ACS, which is Australian Computer Society, digital disruptor disrupter awards, and recently with the winners of Best cybersecurity project product or pivot for the YPF women ventures, Australia online startup and Innovation Awards. So he’s not only he’s not only super talented, he’s also doing great things as an entrepreneur in the in the textbooks. So without further ado, welcome to the show, Jonathan horn from cyber aware. Hey.

Hi, john, thank you so much for joining us this morning. It’s a pleasure to introduce you to all of that community.

Jonathan Horne 4:04
Thank you for having me.

Despina Karatzias 4:09
You have done such great work. And certainly in the last little while, as I’ve gotten to know you and as as I’m now organising this, this episode with one small steps the series, tell us how you got started. Share with us your journey of cyber aware and how did that become a blatantly obvious challenge that businesses are having in Australia, that and the solutions that you’ve providing for the small, medium and big business community?

Jonathan Horne 4:42
Yeah, so thank you for the introduction. Thank you for having me on board. But the journey probably starts since since I left school. All I’ve ever done is build businesses. So build, scale and sell businesses and previously I was in the domain name and hosting businesses and as a young I had a business with the whole Nastro with website for you on the back end used to sort of burn around make sure was really loud exhaust, everyone could see the writing on the back of the car. But I’ve always been in technology and was building the web design business and then got into domain names and hosting. And we fast forward when I was doing that for probably 10 years and then fast forward built quite a good business in in that industry. And then started to get an interest in cybersecurity. The domain name and hosting industry is changing the internet the way that people get websites and domain names is changing. Squarespace, Wix and Weebly and the likes are really coming in and GoDaddy really changing that that digital journey. You know, previously you had to buy a domain name and point DNS records, the hosting and FTP or WordPress website up and, and then connect the MX records, the emails, a lot of moving parts, like like the old computer shop, you know, the future is very different in that space, the future is consolidated. You know, a young person deciding they want to go digital, and they, they simply go to a Squarespace or Wix and, and their presence is much easier to obtain. So, so knowing that that was the future, you know, you always have to be disrupting, disrupting yourself. I started looking at different areas to invest and look at building businesses in cybersecurity. And this would be four years ago was was really something that took my interest, probably because I felt that most of the the industry was either selling silver bullets, so by this single product, and you’ll be safe. Yeah, that’s sort of marketing. But a lot of businesses were being presented with solutions are very technical. You know, there were technical in nature, and difficult to understand. So I went travelling, I went to the to the RSA, which is the largest cybersecurity conference in the world. And I went to some other sort of nice ones like black hat and DEF CON, and started to talk to people predominantly in the US about, you know, what does cybersecurity mean to them over there. And what I learned was that a typical business in the USA, if we said, just a tourism business suite with four or five staff, they would have a representative going to the security conferences, to determine whether what they were doing for their business was up to scratch with with their current solution. And I was talking to a 10 days, and they were talking with a level of sophistication. That, to be honest, I didn’t even have in my business. And we were a technology business at the time. So So what happened is I, you know, they a typical was an accounting firm that I was speaking with, and they had five partners, and that was really the one that opened my eyes. And he started going through what they had as a cybersecurity plan and what they had in place and the controls and, and I was thinking, Well, you know, it’s just a small accounting firm, and they’ve got a better maturity than what I do at home, came back, got a security company involved, had them do a pen test on the business. So pen test is where they try and get into the business. Basically, they, they, they pretend that they’re hackers, and they try and get into the business and then present a report to you to so to say, this is how it’s done. And I thought we were pretty good. Anyway, this particular gentleman that came in, he was there for about 20 minutes. And he and he came in, sat on the couch in the office and had a bit of a chocolate and he goes Are these your passwords. And lo and behold, they work. And what he done is you’re now looking back and suddenly, quite simply just sent a phishing email to my staff, you know that that particular staff member that fell for that he got the email account address off him inside of his email box there was he just moved computers. So he had his passwords on a text file that he’d emailed himself so that he could get them on to the new computer that he had one year. This is sort of, you know, a long time ago and controls in that business. But but it was a really, it was a big eye opener, that that, you know, one we’d spent serious money and effort on securing the business, by the way two factor would have stopped that. So that’s what we’ll talk about later. But

the business, but what but what happened was, you know, it came down to the individuals in the business and we haven’t done any training. You know, I thought as a business owner, I could put a barricade and a wall around the business, technically speaking, and that really opened my eyes up to you know, the first and last line of defence of the people. So that that then led years ago to looking into how do I uplift the knowledge of the of the employees in the business. We did some stuff internally some training and that then grew and you know, like any good business grows out of necessity if scratching your own itch So we build out something really cool internally. And that was when it was originally called defend wise back in the very, very early days, we built a platform, whether the content could be delivered and the scalable way. And the rest is history.

Despina Karatzias 10:17
The rest is history. And I love so much what you shared here, not only for the awareness of cyber security, but also having a plan. I think a lot of particularly for the tourism industry, when I speak of the tourism operative being heavily compromised and hit by COVID. So we talk a lot about a COVID plan and the secure COVID plan. But in our language, having this as having a cyber security plan is not something that’s really ingrained in us. So that’s a real big one.

Jonathan Horne 10:53
The very first product that we did was at the time was called The Fairmont. But now it’s called a product called cyber aware business. And what that is, is essentially a 56 questions that a business will do. And then after those 56 questions, you’re, you’re you’re you’re given a cyber risk dashboard. And what that dashboard does, is it breaks down your entire business, and all the different parts of the business, and what cybersecurity risk risk you have in that. So it might be, you know, patching of the computers, it might be authentication with passwords and two factor, it might be information security, it might be, you know, incident response, if something goes wrong, and you’ve got no plan there, it might be disaster recovery, cyber security is a risk centre of the business is really big, you know, and it poses a really great risk. The problem is, there’s not a lot of things out there, that’s that give you the roadmap of you know, you’ve got 50 things to do, here are the things that are most important, you know, if you move into a new house, you know, the first thing you’ll do is you’ll put some basic locks on the window, you know, if you’ve got really valuable possessions, you might later on put bars on the window, you might instal a safe, you might not drill the safe into the ground. But then later, when you’ve got really valuables you might really integrate. And so it’s a it’s a linear progression of controlling what assets you have in your business. So cyber aware business was the very first thing we did. And it was a roadmap for businesses to follow, you know, now we incorporate some great resources from acsc into there, there’s some really great content, where the platform itself allows people to do a health check. And then they get the dashboard, and then it gives them you know, here are the top five things you should do in your business to start reducing that risk. So that was that that actually was the first and that was the big motivator behind the businesses as a small business that knows that they’ve got our cybersecurity risk. What do you do? You know, like, what, what do you what action steps do you follow over the next two years? To lift that maturity of the business?

Despina Karatzias 13:00
a great question. I think you’ve probably put some, yes, light bulbs will be going off for many people that are listening to this and listening to you talk. When it comes to it, I guess what are some of the things that you see that exposes the risk? What is the common thing that you would see in a, with a small business, and the type of education that’s required from these health checks, because it’s super Jonathan, for us, a lot of that education is around digital marketing to grow business. And it really has over the last over the last little while, it really our internal processes have really come into a lot of our programmes to particularly around the password management as a starting point. But I love this real holistic approach of a cyber health check for your business. So what are some some key things that you could share with us that really leads that type of exposure for businesses?

Jonathan Horne 14:07
Um, so two things. First of all, I think it’s important for businesses to understand they is for businesses to what, what I feel that I hear a lot is nobody really cares about my businesses, you don’t have actors in the Middle East story in Asia or even you know, other the other side of Australia that really care about hacking into my business. And that’s a really dangerous misconception. They say we’re too small, you know, it’s not appropriate to us. Unfortunately, once it happens, it’s too late. And then and then then it’s very difficult. There’s ransomware to be paid and systems to be restored. There’s, you know, it’s a real pain. I think the first thing is to understand that in most cases, some cases not if you’re an energy company or water utility company, it’s not the case but but most people It’s important to understand they’re not if the the the threat is not specifically targeted at you, what we like to say is that you become an accidental specific target. And what I mean by that is that, you know, there’ll be a large scale email campaign and might be you coming up to Christmas, a parcel is in the mail ready for your pickup, and it’s got an outpost logo on me. Now that might go out to two and a half million people, it might go, someone might scrape LinkedIn and get everyone in the tourism industry as an example, but it’ll go out to hundreds of 1000s if not millions of people, if any of your employees or anyone inside your network and might be a husband, a daughter, or a son, an employee, if anyone then clicks on those emails and and shows that they have a low, much cybersecurity maturity, so low understanding that that’s a phishing email, you basically come into a funnel, so you start out here, and then it might be a relative, a son, or someone living in your house, or someone working in your office or colleague, they will then click on that email and what happens, you know, then they go, you know, big board, they go, Okay, here is a 500,000 people 400,000 people ignore now email, you know, here’s 100,000 people that didn’t ignore those emails, you know, of those people, they would email hop out, or this I look, there is [email protected]. Okay, well, that’s that that’s a more interesting target to us. And they start the filtering, filtering. And then all of a sudden, just because of that one innocent thing that the employees, then you then do become a specific target, yeah, they will then research your business, and then then things become a lot real. So it’s not that you’re a target on the outset that someone says, I want to target that company with five employees or 50 employees, you accidentally become a target because of the behaviour of the staff. So the first thing is, every business to understand that they can be they can end up being a target. Second thing is, it’s not all doom, doom and gloom, there is some really easy things that have huge impact and things that don’t really even cost any money. So that’s what we talk about two factor. Two factor is easy to set up. You know, we’re big fans of one password, one password, we’ll do your password management, annual two factor in one. But I think that there’s a step just before the two factor, which is understanding that that your business can be at risk, and to understanding what in your business you should be protecting. No, you can’t. Yes, you can protect your entire business. But it’s not where your energy should go as a small business, you should know, there are just key things that if they disappeared, or if they were tampered with, or they were they were ransomware and locked. And like what’s happening at the moment, not only were they locked, but they were then put up for sale on the dark web. So your competitor or industry can see that information is that you know, would probably be your emails, it would be probably access to your p&l zero and mile, it would be probably access to your bank accounts, employee access to your file servers. So Dropbox as a like, what we recommend is understanding that those are the four or five most important things for your business. And then start by focusing on them, make sure that all of those particular systems have to factor, you need to put two factor on every single system that you use, put it on the ones that are most important. So putting two factor on zero putting two factor on bio putting two factor on your banking putting two factor on your socials if, if you’ve got business social pages as as you just alluded to, so making sure you’ve got two factor and good passwords. You know, the reason the password thing comes up is if if a particular side they use a password for gets breached, it’s very easy for a threat actor to take that and then go over to Dropbox and then start loading that that same email address and password into Dropbox. It’s a very easy, cheap way for them to get access into your business. So don’t use passwords, same passwords across multiple websites. The easiest way is bite the bullet spend half a day getting to understand how password managers work and implement them.

Despina Karatzias 19:25
So good Jonathan and and like I said, it’s something as the my firsthand experience through a social media compromise and it’s going to be an ongoing I think it’s gonna also Yeah, I’m looking at as an opportunity that has bought it to the forefront of really sharing experts like yourself to a wider network. Now. Thank you and welcome to Susan Holden. She’s one of our great friends from icon adventures. Jonathan Susan Welcome, Susan, thank you for joining us. She’s asking what are your thoughts on out of office auto reply emails? And she’s saying she seems to get a lot of spam. When this is turned on? Can you talk to that at all? Jennifer?

Jonathan Horne 20:15
Yeah, that is that is true. So, you know, it’s the, you’ve got to weigh up the mitigation on that control versus the benefit. If you’re, if you’re in the travel industry, and you’ve got clients in airports expecting to reach you, and they email you at a normal hour of the day and expect to get a response. You know, it’s it’s important that that add a response is there. So simply may saying don’t use auto responders, you’ve need to way up way that up. The auto responder, the issue is that if they email, if a if a threat actor gets a list of half a million email addresses, they will fit they will send half a million emails, and then they will see who who clicks. And also, who responds. So you remember before how we’ve got a funnel coming in their systems don’t understand whether that’s an auto response, or it’s a real person. Yeah. Then when they were three, they’ll say that. So ideally, you know, yes, it’s, you know, it will raise a flag for you. It’s very common, you know, of those 500,000 emails, probably 100,000 of them will be autoresponders. You know, just like ticketing systems, you know, a ticketing system. They have algorithms to detect autoresponders. I’m sure if, you know, if they’re running a good business that hacking organisations, they probably have filters to filter out autoresponders as well. But yes, it does prove that they are the problem, but but it’s a necessity Sozzani necessity, it’s a necessity being in business. Another point on that? Because it leads me in the same thinking is on on websites, it’s very common that you’ll have the email address in plain text on the website. That’s a big No, no, you know, it’s not required, you’re much better off putting a contact form on it. If you’ve got a contact form, even putting a capture form, which you’ll see, you know, if they you’ll have the Google capture form that says is this a traffic light or pedestrian crossing, that stops bots being able to send you details, but having your email address in plain text, and even worse, there’s a mouse to link. So you click on the email address and it opens your email browser, it’s called a mail to link, you know, is a surefire way for that email address, to get slammed with wi spam. So ideally, if it’s already on there, it’s likely it’s already floating around. But if you’re starting a new website, you know best practices not to put the email address in plain sight. Definitely don’t have a list of all your all of your employees with an email link to each individual employee link to their LinkedIn or put it on the contact form, say who you’d like to send inquiry to, but trying to restrict the amount of access that he’s that he’s easily accessible. They’ve got bots that will just scrape millions of websites a day.

Despina Karatzias 23:09
So best you’re saying put a LinkedIn profile if for for a team. If anyone else, I mean, is profusely writing and has, you know, goosebumps from like, what are we doing? And you know, we need to go and check these things. That would be a bit of practice rather than, yeah, it’s such innocent things that we’re trying to reach our customers and connecting the right way. Right. But what you’re, you know, even this kind of concept of threat actors, there’s a still as much as it’s, you know, there’s a lot of technology behind this, this is still, this is still crime by humans, that

Jonathan Horne 23:46
you look at the you look at when you the biggest threat right now is people and people are most at risk when they’re emotional. So that’s why there’s a lot of COVID scams going around, you know, COVID testing, you know, government subsidies for that. Travel is emotional, you know, and opens up the door for even greater risk, you know, if I was a threat actor, and I had the access to a travel agents details, being able to send an email to everyone that’s previously had a booking saying, hey, something’s come up, you know, we need you on the next payment for your next part of your trip. We need you to pay this bank account, instead of that bank account or your trips being cancelled. We need to just pay a small note. When people are travelling, they’re there, they’re happy or they’re stressed. It’s when they involve those emotions that mistakes happen. So it’s sort of an industry, tourism and travel is is certainly something that, you know, it needs really to pay good attention to cybersecurity.

Despina Karatzias 24:51
Absolutely. So some practical things in a summary here is really look at the important elements of your business and Something that you can do straightaway is to factor those. So having that clear roadmap or what is worth protecting, and, and the more way we do talk about time saving aspects of our business, avoiding the costly mistakes, particularly as more and more is on the cloud for all of our businesses, these are really important things. And the one password or LastPass, these are all really good platforms to move on onto. It’s really interesting what you say, about businesses not taking it that seriously. Jonathan, what do you think that is, you know, when it got with the cybersecurity and what would, what would you say to those businesses that think they’re too small or they don’t have? They don’t have the means of having anything that’s worth to them? That’s worth taking online? that mindset?

Jonathan Horne 26:02
Yeah, I think that that is risk in general. Yeah, I think, I don’t know travel. So I do. You know, if we just talk travel and tourism, but it’s probably no dissimilar to what a lot of the industry has, when they when they booking a trip and saying you want travel insurance? Yeah, it’s getting someone to understand when when their heads when you’re running a business, most of the time, you’ve got a positive mindset. So it’s an optimistic, positive mindset. It’s all going to be great. You know, when you’re booking a holiday, it’s going to be great. I’m going to be sitting on the beach drinking pina coladas, why would I need to get a level of insurance in cases of pandemic and I end up in hospital in South America for six months, or on a cruise ship, and I can’t get home for six months. So it’s understand the risk is real. And it’s also understanding, it’s looking at why people don’t take it seriously. And then, and then addressing those falsehoods, I’d say, and one of them is way too small for anyone to care, or we don’t have anything that anyone would want. Anyone in tourism has seen. Because you have people that are travelling, you have people that are spending money, most of the time, big money, and you have people who are emotional, so we’re not. But if I was a threat actor, that’s a great place to go fishing. So so it’s so it’s an industry that is ripe for it, there’s money being transferred around these relationships that aren’t face to face. So it really is a honeypot for cybersecurity. So, I think breaking down those reasons why people don’t take it seriously. But I think a lot of it also is because it’s a really big problem. And if you’re faced with a big problem, the easiest way is to ignored and I think, you know, anything that we do in forums like this is really to Yes, we’ve got a lot of things that we can help which, you know, big solutions and young. But there’s a lot of easy things like we were saying to factor, you’ve got cyber.gov.au is a great resource free resource, the Australian Government’s done a great job with that. We’ve got a free resource, which is free.cyberware.com these these things, just taking some, some basic steps will significantly reduce that risk. And also, I think another thing is, well, you know, another thing that we hear of why people don’t do anything, they say, well, LinkedIn was hacked, and there’s no way I can protect my business like LinkedIn. So I just wanted anything. Yeah, it’s that’s the, that’s the equivalent of saying, you know, I can’t stop anyone breaking into my house, because I’ve got windows so they can smash a window and climb through the window. But because they can smash through a window, which is relatively hard, I made a lot put locks on the doors, why bother? You know, people look at me really is a binary decision. If I can’t stop them, then why do anything? It’s too hard. You know, it’s it’s, you know, we we have a saying when we when we’re talking with people is, you know, the slowest, the slowest line gets even, you know, little cells chidiya team is that hanging fruit is where it’s going to be. So you don’t want to be the lowest hanging fruit, you don’t want to be easy targets not to say that you’re not going to be a target. You don’t want to make it easy. And you can there’s some really simple things you can do that have a huge impact.

Despina Karatzias 29:21
Jonathan, in terms of more for businesses that might be curious in looking at more of what you do in your solutions, what where can they find out more about that and, and find out more about you.

Jonathan Horne 29:41
So cyberware comm particularly if people wanted to look at what that roadmap looks like, they can go to free.cyberware.com that will take them to a landing page. They fill out the details there. They get that they get access to that health check I was talking about inside there. There’s a whole bunch of resources The government says the government’s website cyber.gov. Au, is a wonderful resource filled with some some fantastic tools tip sheets to get started. And I think the takeaway will be two factor authentication. Really, really important, especially on your email systems, your banking, your accounting software, your booking systems. And we really, you know, there’s there’s a few out there one password, we’re huge fans of one password, it’s a great system. Another common question is, if all my passwords were in one password, isn’t that worse than me? Yeah, incredible. Einstein brain remembering all these 25 character passwords? The answer to the answer to that is, is no, when you’re setting up a password manager like one password, there are a few a few things you need to be aware of. One is, you need to make sure that the password you use for them is really safe and secure. So a really great way to create a really safe one single really safe password is a passphrase. So it might be digital discovery show was great with Jonathan, from cyber aware in 2021. I’m going to take cybersecurity seriously. Yeah. Yeah, as a password as a passphrase. You know, it’s a lot of systems will allow you to have extremely long passwords, but but for a computer system to brute force that you’ll be we’ll all be dead before that’ll be brute forced at that at that point. So it’s so so making sure you’ve got one very secure password. And then they will enforce you’ve got to factor on those systems anyway. So once you’ve got that one thing done, and we two factor on that, then all of a sudden on your phone on your browsers, it’s so easy to say you like one password to create a strong password for Yes. You don’t even ever see the password. You don’t even ever have to remember a password again, except that one long, maybe the name of everyone in your family, we some stuff other stuff in there. And some of it is important for you to remember. That’s the only one that you have to remember. Yeah, so yeah. And two factor authentication.

Despina Karatzias 32:23
Oh, you’ve been enlightened us, Jonathan. Thank you so much. If anyone’s got any other questions, share your aha moments how you’re feeling at the moment with your cybersecurity journey and bringing that to the forefront as you’re creating your plans. And I think as much as for tourism, I can say and I’ve heard some stories from colleagues, even in any others. Really, it’s so relevant to every industries in it. Whether it’s, you know, like you had mentioned an accounting firm, or retail business, we are all, we are all exposed to this. And also personally, I think your personal exposure, not just your business, as I’ve recently found out, it was a personal compromise on my social media account, but because we need our personal accounts to be connected to our business, it was just, it’s been so disruptive, and so out of your control once that happens to you. So I think it’s

Jonathan Horne 33:28
and I think business owners have a real opportunity. We have a cheesy saying, but it is true, you know, a business doesn’t make it employees cyber aware, the employees make the business cyber aware. And as an as an employer, you have the ability to help your employees understand cyber security, not just for your business, but for their own personal privacy and their own digital footprint. You know, it’s a real opportunity for employers to to and that’s cyber away, you know, shameless plug on cyber way. That’s really what cyber aware is about. It’s about engaging the employees in cyber security so that they understand it’s all of our training is based upon real world incidences. So it might be that over USB might be Singapore health breach, and we we talk about that real world incident and how it happened with you know, real world people and what that means to them as individuals. So might be credit rating issues might be loss of jobs. So it’s, you know, we explain what it means for that individual because getting the employee to take their digital footprint seriously, inadvertently makes your business secure. So you need to do some things as a business. But more importantly, if each individual in your business understands, you know, what their digital footprint is and why that’s important. Then inadvertently your business becomes bulletproof. When I say bulletproof because that’s not true. That becomes

Unknown Speaker 34:55
a lot more revealing.

Despina Karatzias 34:57
All look, I think just be in your presence, and have You having you with us today we’ve we’ve taken that one small step to being bulletproof, on on the digital journey. And thankfully, look, it’s great. And I feel really blessed that with what we deliver in our programmes that this is really featured, and it has over some time now, particularly around password management, which is something so, so important. So, so Susan is saying, I think I have said, Everything Jonathan has mentioned, I’m too small, I’ve got nothing for them to take by passwords on a hidden spreadsheet on my computer. So she’s just saying, Thank you, and great information. Thank you so much, Susan. It does, it speaks, it speaks to all of us. And it’s just it’s good to put it back on the on the forefront and and have it as part of the any risk management and any risk management plan. Cyber,

Jonathan Horne 36:06
yeah, and speak to your it providers, you know, the the it providers have a conversation. We we then, you know, ask them what are what are we doing about two factor authentication? What are we doing about training? You know, what are we doing about, you know, the bringing their peoples bring people bringing their own devices into work, you know, terrorism, and to be

fair,

we’ve not, I’ve not put my head to tourism much for for tourism or travel. But the more we’re talking about it, the more I see serious issue, you know, you guys are working you remotely, you’ve got people from internet cafes, sending you emails, and when it and when they, you know, yo so so as an industry, you know, certainly there’s, there’s a lot to take seriously, but but it’s, it’s not scary, you know, there’s some simple things you can do right on the screen here, free dot cyber wire.com will not will get you into into a health check that will give you an ID and speak to your IT

Despina Karatzias 37:12
team and make sure you make to like we’ve all got an IT guy or girl, but it’s not being and I’ve said you know, in it’s not something even the it all, this is all about empowerment, that putting you always you know, again, and analogy good being in the driver’s seat of your bus, that if the it if your IT person hasn’t had this conversation with you, because they’re kind of there to make sure you know, everything’s working okay, but it’s not part of this. Basically, if it’s not the IT guy to go, it might be someone else that you need to have this conversation with

Jonathan Horne 37:52
abruptly and

that’s and I think that’s a good point to make as well. Yeah, cybersecurity is a unique unit risk and a unique industry in itself. It’s as much technical as it is, you know, soft controls as controls, you know, you wouldn’t speak to your IP provider to ask them when you’ve got an incident response plan, or the risk matrix in your business, you know, it’d be a consultant, possibly. So so. So if you don’t, if you haven’t addressed cyber security in its own right with your it vendor, that’s okay. You know, there’s, again, if you come through or shoot us an email, cyber where we can point you into the direction of some companies or do some companies do it support n cybersecurity services. there’s a there’s a, there’s a really quite a large industry of mssps and managed security service providers. And all they do is the security side of the business. So you’ve got the guys who look after your computers and your desktops and printers. There’s a whole industry of businesses that can just come in and and only help, you know, they work together the IT provider, which is called like a managed service provider. And then on this side, you’ve got an mssp managed security as a service provider. And a lot of times they’ll they’ll come together. A lot of the times businesses expect there it provided to be the security provider. You know, fundamentally that’s that’s not the case. It’s a it’s a specific set of skills and understanding of the risks, where in some cases, you just need to be put in touch with a managed security service provider.

Despina Karatzias 39:29
Absolutely. Absolutely. Well, Jonathan, we’ve got the resources, we will also have these you will find this on the digital discovery Show page on Tourism Tribe and on net nabee. On another.com.au, I think we’ll, we will stay definitely not I think we will stay in touch with Jonathan and if you haven’t signed up already for one small step. If you go To navii.com.au forward slash, there we go. One small step. Thank you. Do you Hannah, you will hear Jonathan as our keynote on next Wednesday at 11 o’clock, Melbourne, Sydney, and 10 o’clock over for our Queensland friends, and we will be sharing that with you on our channels and of course with our friends at Facebook, and mild. Pleasure, Jonathan, what a way to start off Friday and finish our week up our digital journey that’s for sure.

Jonathan Horne 40:38
Thank you Tourism Tribe in navigating.

Despina Karatzias 40:41
Thank you. Okay, until next time, everybody. Thank you to Jonathan. Thank you to everyone that has joined us live on the show. Thank you Suzanne for being always such a great a great supporter and and your questions. And to everyone that’s watched the recording, please feel free to reach out and and you can find some more resources on Tourism Tribe and Navii Digital and if you have not done so already join, register navii.com.au/one-smal/step. And you can watch the episode that we’ve just had this week with the launch of the of the one small step initiative. And don’t miss the opportunity to watch Jonathan and the other panellists sharing knowledge content. And you can see it’s just all gold. From from someone of the likes of Jonathan around time saving tips, time saving, but also being very mindful and aware of avoiding costly mistakes to your business. Until next time, happy Friday, or any day of the week, where you tuned in and we’ll see you next Friday. Same time, same place. Thanks, everyone.