S1- Hi.

S2- Everyone. We're ready to start our next session. We've got people joining the webinar for this session. You see them online. All right. So we'll get started with our next session. It's with George Anderson. George, you're going to be talking to us about cyber security for freelancers and small businesses. We heard a couple of sessions ago from the insurance group about the fact that cybercrime is the second highest cause of insurance claims at this point for businesses, which makes sense because a lot of our data now goes online every time you send an email, every time you receive. And for those for those of us in court reporting, every time we receive an audio, nobody's walking over a tape or a CD to our office. It's being sent online. We release a transcript unless it's a paper copy. It's being sent on online in some fashion. So George, we'd love to hear from you today about the different things that that the freelancers and small businesses need to worry about. Given all of our business at this point is online and this group especially handles very, very sensitive data. So I know you've been working with us for 10 years, 12, 12 years. You you've been managing our network infrastructure now for 12 years. And so you're very familiar with the type of information we handle and the sensitivity of it in. And you've also helped us manage our network security for the Canadian federal government's reliability B requirements. And you've you've managed a high security server environment on our facilities. So I'm I'm very well aware of how experienced you are. And so I'll let you take it from here. Thank you.

S3- Thanks, Mona. Yeah. So I've been doing this for a little over 25 years. The last 13 of those are with my own company and entity. And as Mona mentioned I've done it at a number of of levels from large enterprise down to small businesses and even single proprietors. So I'm able to touch on all of those contexts in my professional work. But this presentation specifically is targeted for those sole proprietors or small businesses in particular. And hopefully I can touch on the relevant topics for court reporting and the types of customers that are are going to be here today. So let's jump right into it. What should you or why should you care about cybersecurity? Number one reputation. As a small business, you don't have a large sales team or a big marketing budget. You need to rely on the reputation you have with your clients. Those one on one relationships where your clients can can trust you to handle their data safely. Your your reputation is your greatest currency as a small business owner. Financial stability A single cybersecurity breach in a small business can sink that business. So it's important for you to take the proactive steps necessary to secure your own data. Legal liability in this industry in particular, there are a numerous regulations that are going to govern the data that you're going to have access to. Smaller organizations don't have the budget to go through complex compliance requirements. So you're going to have to ensure that you have a basic level of security that avoids the legal jeopardy you could be in if you put your client's data at risk. And finally, you're a prime target. Cyber criminals are going to use the shotgun approach. They're going to attack everyone One and the low hanging fruit or the likely sources of them being able to steal information or hack into systems is small organizations with a smaller IT budget and less attention paid to policy and education around IT security. So what should your priorities be? Number one policy, education and training. Deciding how you're going to handle data securely. Making sure that all of your staff if your staff is just you, then it's just you are going to handle that data and what you're going to do to ensure that you protect your clients information passwords and multi-factor authentication. This is a real simple way to ensure that you have secure access to your systems, all of your systems and your client's data file and data management. This is critical how you handle those transcripts, audio video files that are coming in or going out to clients. It's critical to make sure that they're they're passed in secure manner and using trusted vendors, making sure that the partners you rely on are those that are in line with industry best practice and able to deliver the level of security that you need for your business. So let's dive deeper into education and training. Number one I would say is is phishing email training services. This is a simple service you can sign up for. Basically it's going to send you email. Mona's smiling because I keep trying to get her to sign up for it. It's going to send you emails that are simulated fishes. It's going to try and trick you to click on the link that you know you should not click on. The good news is if you click on it, it's going to give you a quick lesson and tell you why you shouldn't have clicked on it. These are very affordable services and can really help your team social engineering awareness. There are a number of of quotes out there. I think it was Kevin Mitnick that said why would I spend hours hacking a system when I can spend 10 minutes hacking a person? Kevin Mitnick is a famous hacker sadly deceased. But he was able to hack into a number of organizations simply by calling up and saying, hey, it's Jim calling from the phone company. Could you just answer this phone call for me and transfer me over to this number? And then he was able to take advantage of their phone system and make long distance calls or hey Mr. SysAdmin, I just need a password to get into that database. We're having a problem. Can you just give me that password? And by sounding official, by sounding confident and asking the right questions, he's able to get in and breach security that would otherwise be protected by firewalls and well architected systems. People are the weak point in any system. Giving up the information too easily to a confident person, leaving a password on a post-it note on a desk or a monitor, or reusing passwords are all ways that social engineering can take advantage of you. So data handling we talked about that briefly. How your your data moves into and out of your organization is critical applying the appropriate level of access and ensuring that only the amount of access required for any individual, for any piece of data is as limited as possible. Strong passwords and password managers I'll get into this a little bit more because it's an important topic. And finally multi-factor authentication tools. Those annoying text messages you get. Or even sometimes it makes you download an app and put it on your phone. Yes, they're annoying, but they are critical in this day and age for IT security. So let's get into passwords and multi-factor authentication. This is a real simple way that every individual can secure their data just by using this type of a system. So we'll start with password managers. Password managers obviously are a database that holds your passwords. Why would you use this? Why would you have your passwords written down? Well, because in this day and age you shouldn't know any of your passwords. I don't know very many of my passwords at all. Most of them are very long strings of characters that I have never known, and in most cases have never even seen. A password manager integrates with all your devices, whether it be a laptop, a phone or a tablet, and it allows you to set and update your passwords as well as enter those credentials as needed without having to remember anything. Now obviously you need that first way in. So what you should do is really just have your password manager secured by one single password. We'll get into how to create that one password to rule them all later. But that's essentially what you should be doing to take advantage of the technology that's available. The other great thing is you can never lose it. If it's in a password manager that's backed up online, you have the same passwords on your laptop as on your phone. If you lose your phone, you have that phone deleted and then you create a new phone. You add your account to it and boom, you've got all of your secure access passwords back where they belong. Multi-factor authentication. So as I mentioned, this is the annoying text messages you get. So there's a number of different type types of multi-factor authentication. The first would be biometrics. So your thumbprint, your fingerprints, your eyes, your face, all biometrics part of who you are as an individual that are unique. Those can be used by cameras or scanners. To authenticate. Many of us have used face ID on an iPhone or similar type of technologies where you put your thumb onto your phone and unlock it. These can be used as a second factor of authentication. SMS and email. So those codes I mentioned six digit code that gets sent to your email or to a text message. I'm not a big fan of these to be honest, but they're better than nothing. It's pretty simple to hack an email. It's pretty simple to clone a phone number for a sophisticated hacker. So if you can avoid this type of second factor, I would suggest you do. There are much more secure methods than that. The third is authenticator apps. You may have heard of Microsoft Authenticator or Google Authenticator. These are apps that hold a number of different essentially tokens. What used to come in a little RSA key. We used to have these little these little key keychains that we'd have around with us and we needed to get into our VPNs or our secure applications. We'd have to pull this out and it pop up that six digit number. Well, when the patent on that expired years ago, basically it became open source and now it's just an app on your phone or even an app on your computer. These are, I would say, the second best option for in general second factor authentication because because it allows you to keep a backup of that in a secure account, but also have it available to you if and when you need it. App based push authentication. So for example, again, if you've used Microsoft soft authenticator and you've used it with office 365 or Microsoft. Microsoft 365. You'll have seen these pop ups that say, type in the number or tap the number that I'm prompting you on this other device to confirm your identity. Those are nice, but it's not necessarily as ubiquitous as the other options. And finally, hardware tokens. And this is the current standard for true security. So I carry one with me wherever I go. This is called a YubiKey. So this has a number of different ways of authenticating me. I can use it with NFC up to my phone just by holding it close. I can plug it in with USB-C. There's USB-A options. These are the most secure way of having a second factor of authentication. And anyone who's dealing with serious serious security requirements, particularly around audit and compliance, should consider that type of a hardware token for their needs. And finally creating a strong password. This one is so annoying, right? Because we used to have these passwords and it used to be eight characters and eight characters used to be enough. And all these IT departments made us change it every month. So what am I going to do with this eight digit password? Well I'll just put I'll just put a month on the end so you know it's it's November now. So my password is the name of my dog Ani 11. That's my password. Oh but wait hold on, hold on. I'm going to capitalize the A in Ani and I'm going to trade the I with a one. No one will ever hack that password. Don't bother trying to use it. I just made that up on the spot. But this is a very famous comic that you may have seen. Xkcd is a comic online that talks about the right way to make a good password. And really it boils down to a passphrase. Have something where you can have four to six words that make a funny picture in your head. And the example that they're using here is correct horse battery staple. That's a great one. You can come up with the same type of thing to protect your password manager, right? So that's where you would use this type of a password. Have your password manager be secured by this type of secure passphrase. And then it's the only password you ever have to remember. All of the other ones get securely stored inside the password manager. And this is the one that unlocks that. Okay. File and data management critical in this industry. So number one have a plan and stick to it. You got to have a plan for how you're going to manage your data. It's very easy to just have emails flow through containing attachments or people that hand you data, whether it's in paper form or maybe a USB key if those are still around, they they make me cringe seeing people pass around USB keys. They're very insecure, very dangerous. You should have a policy and you should stick with it. So number one I would suggest for small businesses is use cloud drives. It's just such an easy answer for this. You're relying on trusted vendors who've been doing this for years for for thousands of companies. And they hold petabytes upon petabytes of data in their data centres. They know how to do it securely. So we'll get into the particular vendors later on. Access control who can see what. So if you're just a one man band, then obviously you can see everything and everyone else can see nothing, but you're still going to want to share those files, right? So when you're sharing it out to maybe it's a partner organization, maybe it's a client, maybe it's a subcontractor who's doing something have a secure way of sending that. If you're using a cloud, drive. Those types of of secure sharing are baked in. So use the tool as it's designed and it's going to save you a headache later with data getting lost. And finally backup. Backup is so critical. And backup and backup. Yes. Three times I have to repeat things three times for my kids, so I repeat it three times for you guys. Backup is so critical for your data. Make sure you have it in more than one physical location. So having a backup of your files on your laptop in another folder on your laptop that's not a backup. Having it on a USB key. Okay. I don't like it, but it's better than nothing. Having it in a cloud backup solution really is the best answer. Having your cloud drive backed up in a different service is another great answer for how you back those up, but whatever you're going to do, ensure that you've got that plan, you're sticking to it. You're using tools like cloud drives to keep your data safe and available, and then you're also backing it up somewhere else. Okay. Trusted vendors. So you can't just use any old vendor for any particular thing. But these are the most important services to make sure that you are using a trusted vendor. Email number one. Now this seems simple, but the number of times I have seen sole proprietors or small business and even when I go to doctor's offices and I get an email from Dr. Smith at gmail.com and I just go, please, Dr. Smith, tell me you're not sending my medical records to and from Gmail. We should all know by now that when you get a free service, you are the product. If you're using a Gmail account to transmit your clients data, you are also copying Google on all of those emails. Consider that. Have you signed an agreement that says you're going to keep your data confidential from prying third parties? You've just exposed yourself not only to a multinational who loves getting hold of your data. You've also ensured that it crosses the border, thereby ensuring that it goes through potential US government scrutiny if and when they decide to. So use a real provider for your email address. You probably have a domain for your business already. Setting up email for it is pretty straightforward. There's obvious answers out there. Microsoft 365 is the gold standard in the industry for this. They spend billions of dollars on their email system and keeping it up and running. They should be keeping it up and running for you. There's others like proton. If you want a non American solution at this point or you want something that is outside of outside of Microsoft but critically not Gmail or any of the other flavours of public email addresses. Yahoo, Hotmail, live, iCloud, any of those, get rid of those for your business purposes and get on a dedicated email service. We talked about cloud file storage. Dropbox is an obvious one there. There are a real leader in the industry. If you want a dedicated solution, they're a great partner to use. Microsoft 365 includes OneDrive for business. That's a great option as well, especially if you're already taking advantage of them for email. And Google Drive is fine as well. Very good integration to their platform for sure. One that people don't always think of domain DNS and web hosting. Okay, so if you have my company.com and you've decided to sign up and put your website out there you should make sure that that partner is a reliable partner. Cheap Domain.com might not be the best answer for where you're putting your data. There are some clear industry leaders in in this in this arena and it makes sense to to if possible, boil it down to a single provider. So I recommend Cloudflare for all three of these services. Because they're an industry leader and they give you attack prevention and DDoS protection as an add on only when you need it. You don't even have to pay for it. You can sign up for a domain with them. Or you can even just if you have an existing domain, port your domain over and you can sign up for their DNS for free and web hosting that's going to be a paid service. But again, you can do that very affordably with them or wherever else you want to host your website. I would say, you know, some of the organizations to avoid GoDaddy certainly does a lot of marketing, but I would say their services are are less than stellar. And I like to pick on them on a regular basis. Okay. CRM obviously important to maintain your clients information. There's a lot of different choices. Different industries are going to have different leaders for particular CRM. The obvious ones are Salesforce, HubSpot, dynamics, Mis dynamics. These are real critical. Don't be using some fly by night company to manage your customer data. Simply a name, a phone number and email address a title, all that information. That's private information for your clients. You shouldn't be having that in a situation where it's going to get out there into the public. Finance and accounting. Accounting, obviously. How much money you've got? Your ability to bill. And how it's all accounted for. And and submitted to the tax man, for example, is critical. QuickBooks is obviously a big one that's out there. I'll give a plug to a local company, FreshBooks. They're a great little organization for simple small businesses. They'll do invoicing as well as basic accounting. And there's lots of others like Zoho, Simply Accounting, sage. But for this type of thing, I would rely on whatever your bookkeeper or accountant says. I'm assuming very presumptuously that your outsourcing this type of thing, you should be you shouldn't be doing your own accounting. You should be focusing on what makes you money and using what they recommend is probably a good idea. And finally, managed service providers or IT support. So I don't do full managed services, but I highly recommend for organizations that are larger than a handful of people having a dedicated MSP being your support organization. If you're interested in in having a look at your existing MSP or signing on with an MSP, I can give you great recommendations for local providers of that. My one recommendation with MSPs is don't take the piecemeal approach. Go for the all in solution. MSPs are powerful when you let them do what they're good at. What they're good at is an all in one solution. So if you let them do the proactive thing that saves them time to support you, it streamlines your business. It lets it run more effectively and efficiently. If you just try and do, oh, just do this one project for this or just do this other thing for us, they have no incentive to do it in a proactive manner. They have every incentive to do it in a non proactive manner. Not that I'm suggesting they're going to do that, but the all in one solutions from MSPs give you that mutual benefit and a win win situation. Or if you're just looking for project work or consulting that's where I can come in. I'm happy to help. But get to know your IT partners. Try out a few. You may find that some are better than others. Try to avoid using your your in-laws cousins nephew. Unless your in-laws cousins nephew is really great, then maybe use them. And finally, there's some resources here. I'm going to put these up on my website for everyone to be able to refer to, basically just to look at what we've talked about today. Refer back to it and go to it. So if you want to get access to that.