VIDEO
HIGHLIGHT
Log InSign up
Tech Talk: Cyber Security with Matthew Prouse from Xero
SummaryTranscriptChat

Tech Talk: Cyber Security with Matthew Prouse from Xero

Introduction

The host introduces the Tech Talk and welcomes the attendees.

Welcoming Attendees

  • The host welcomes everyone to the Tradypad Tech Talk for May.
  • The attendees list is checked as people join in.
  • The host expresses excitement about having a lot of people joining in.

Technical Difficulties

The host experiences technical difficulties with live streaming and attempts to fix it while introducing the guest speaker.

Live Streaming Issues

  • The live streaming is not working, so the host tries to fix it manually.
  • Matthew Prows from Zero is introduced as a guest speaker while the host works on fixing the issue.

Importance of Cybersecurity

Matthew Prows talks about cybersecurity and its importance at Zero.

Cybersecurity Importance

  • Protecting customers' data is critical at Zero.
  • Most security challenges faced by small businesses occur between keyboard and seat.
  • Discussion will focus on how businesses can be safe and smart online.

Housekeeping

Host provides housekeeping information for attendees before starting the discussion on cybersecurity.

Interactive Webinar

  • Attendees are encouraged to use Zoom tools to participate in discussions.
  • Q&A tool will be monitored by the host during discussion.
  • Introduction of Tradypad as a technology training company that helps businesses within trades and construction sector understand how to use technology effectively.

Understanding Cybersecurity Threats

In this section, the speaker discusses how technology tools and the cloud can make us vulnerable to cyber threats. He shares an example of a sextortion scam and emphasizes the importance of awareness in protecting ourselves.

Cybersecurity Threats

  • Sextortion scams are commonly known scams that attempt to scare people into paying a ransom.
  • Scammers obtain passwords from public websites where they are published and use them as leverage to scare people.
  • Scammers prompt victims to pay a ransom by claiming they have footage or leverage against them.
  • Awareness is key in protecting ourselves from cyber threats.

The Cost of Cybercrime

In this section, the speaker shares some scary numbers about the cost of cybercrime across the globe. He emphasizes that small businesses are particularly vulnerable to attacks.

The Cost of Cybercrime

  • $172 billion was the cost of cybercrime across the globe last year.
  • 1 in 4 Australian small businesses were subject to some type of cyber crime incident in 2017.
  • Over half of cyber attacks across the globe target small businesses because they are more vulnerable.
  • A third of businesses impacted by an attack won't survive a week without critical business information.

Introduction to Matt Prowsers

In this section, the speaker introduces Matt Prowsers, who is head of Industry with Zero. He talks about his involvement with various organizations and advisory services.

Introduction to Matt Prowsers

  • Matt Prowsers is head of Industry with Zero.
  • He is also involved in the digital Business Council and the Australian business software industry Association.
  • Matt has provided advisory services to the ATO.

Cybersecurity and Digital Business

In this section, the speaker discusses the importance of cybersecurity in digital business and how it has evolved over the years.

Mandatory Multi-Factor Authentication

  • The rollout of mandatory multi-factor authentication for accounting software in Australia has made it safer for businesses to store data online.
  • This requirement was co-designed by industry experts to protect customer data and make millions of Australian businesses' data stored in the cloud more secure.

Importance of Digital Security

  • Compromising a business's security can lead to hackers accessing sensitive customer information such as bank account details, addresses, phone numbers, etc.
  • As digital business is now an integral part of how business is done, digital security is crucial.

ATO's Involvement in Securing Information

  • The ATO saw a massive increase in businesses moving to store their data online and planned accordingly.
  • At least a million small businesses in Australia are storing their data online, making them vulnerable targets for cyber attacks.

Australians as Targets for Cyber Attacks

  • Australians love technology and use smartphones extensively for both personal and professional purposes.
  • Australians are also trusting, making them soft targets for phishing attacks.

Overall, this section highlights the importance of cybersecurity in digital business and how mandatory multi-factor authentication has made it safer for businesses to store data online. It also emphasizes that Australians are attractive targets for cyber attacks due to their extensive use of technology and trusting nature.

Cyber Attacks on Small Businesses

In this section, the speaker discusses how one in four Australian small businesses is a victim of some form of cyber attack every year. The speaker also talks about different types of attacks and how they affect small businesses.

Invoice Doctoring Scam

  • Many clients have had their invoices doctored with incorrect banking details.
  • It is not the accounting package that has been compromised but rather the emails.
  • Fake invoices are sent out to a list of email addresses, often posing as legitimate businesses.
  • These scams are prevalent in Australia and other parts of the world like Malaysia, Singapore, and Southeast Asia.

Account Takeovers

  • Most online activities require usernames and passwords.
  • People tend to use the same email address and password for multiple accounts.
  • When a website gets compromised, attackers can borrow email addresses and passwords in bulk.
  • Have I Been Pwned is a database that collects known compromises of email addresses and passwords lurking in various dark corners of the internet.

LinkedIn Compromise

  • In 2012, LinkedIn was compromised, resulting in 164.8 million people having their email addresses and LinkedIn passwords exposed.

Protecting Your Business and Yourself Online

In this section, the speaker discusses the importance of having unique passwords for every account and protecting personal information online. They also emphasize the significance of securing smartphones as they contain sensitive information.

Importance of Unique Passwords

  • Using the same password for multiple accounts can lead to security breaches.
  • It is crucial to have unique passwords for practically every account.
  • Check if your email addresses are on a list with every one of your email addresses by visiting a government website.

Protecting Personal Information Online

  • Include all old historical email addresses when checking if you're on a list.
  • Use different passwords for each account to stay safe online.
  • Protect yourself, your emails, mobile devices, tablets, apps used, and information collected.

Securing Smartphones

  • Smartphones store sensitive information such as fitness data, health records, emails, and financial details.
  • Secure smartphones using fingerprint scanners or PIN codes that are not used elsewhere.
  • The most critical app on a smartphone is email; ensure it is secure since it contains sensitive information.

Email and Physical Security

In this section, the speaker talks about email security and physical device security. The speaker emphasizes the importance of two-step authentication for email accounts and locking up the security on phones to keep them safe.

Two-Step Authentication for Email

  • Two-step authentication should be turned on for email accounts.
  • Use Gmail or Microsoft's Outlook.com or Office 365 to turn on two-step authentication.
  • Take a privacy checkup to ensure that your passwords are secure.

Phishing Scams

  • A phishing scam is when someone receives an email asking them to click on a link and enter their username and password.
  • Hackers can spend an average of 18 months in your system before you know it if you fall victim to a phishing scam.
  • Two-step authentication fixes this issue by triggering a notification when someone tries to use your credentials.

Physical Device Security

  • Devices used for business should be kept physically secure.
  • Password protect devices, enable automatic updates, and avoid using public Wi-Fi networks.

Wi-Fi Security

In this section, the speaker talks about the importance of being careful when using public Wi-Fi and not logging into critical business systems in strange places.

Be Mindful of Where Your Connection is Coming From

  • Don't do online banking on free or public Wi-Fi.
  • Be cautious when connecting to a VPN to watch shows or download apps from unknown sources.
  • Review all apps and websites that have access to your Facebook or Google account regularly.

App Security

In this section, the speaker discusses the importance of reviewing apps that are connected to your Facebook account and how gaming companies may still have access to your information even if they no longer exist.

Review Apps Connected to Your Facebook Account

  • Regularly review all apps and websites that have access to your Facebook account.
  • View and edit permissions for each app connected to your Facebook account.
  • Gaming companies may still have access to your information even if they no longer exist.

Chrome Extensions

  • Avoid installing too many Chrome extensions as they can compromise security.

Importance of Cybersecurity in Business

In this section, the speaker discusses the importance of cybersecurity in business and how to ensure that your business is secure.

Hiring an Office Manager

  • When hiring a new office manager, it's important to ensure that they create strong passwords for all business-related accounts.
  • Passwords should be unique and not used for personal accounts.

Staff Members and Cybersecurity

  • Staff members who have access to online banking or business email on their personal phones can compromise the security of the business.
  • It's important to talk to staff members about the importance of cybersecurity and keeping devices secure.

Password Savers and Generators

  • LastPass is a popular password saver that offers additional security features such as biometric authentication and regular security checks.
  • When choosing a password saver or generator, it's important to look at their privacy statement and what kind of security assessments they have undergone.

Password Management

In this section, the speakers discuss the importance of password management and offer tips for keeping passwords secure.

Using Password Management Tools

  • Password management tools like LastPass are powerful and useful.
  • Turn off password-saving features in apps like Google Chrome to avoid saving passwords in multiple places.
  • Save passwords in one place to ensure security.

Two-Step Authentication

  • Xero has mandatory two-step authentication for all users with access to a Xero file in Australia.
  • Two-step authentication makes it difficult for hackers to gain access to accounts using lists of names and email addresses found on the internet.
  • Two-step authentication requires something you know (e.g. secret questions), something you have (e.g. authenticator code), or something you are (e.g. fingerprint).
  • Use different passwords for different apps, especially if using a mix of Xero apps.
  • Sign in with your Xero account when possible to take advantage of extra security measures provided by Xero.

SMS as Second Factor

  • SMS is not used as a second factor because it is easy for hackers to obtain personal information such as driver's license numbers and use them to gain access to accounts.

Security Breaches and Scams

In this section, the speaker discusses security breaches and scams that can occur when using SMS for login. They also provide information on how to report these scams and make everyone aware of them.

Risks of Using SMS for Login

  • Using SMS for login can lead to security breaches.
  • Telcos advise against using SMS for security purposes.
  • Accounting software vendors use authenticator codes, passphrases, and other solutions instead of SMS.

Zero Security Notice Board

  • The Zero Security Notice Board is a place where users can report fake emails or invoices from Xero.
  • Xero publishes a list of current scams on the notice board.

Importance of Reporting Suspicious Activity

  • It's important to report suspicious activity immediately.
  • Staff members should not be afraid to bring up any concerns they have about suspicious activity.
  • Awareness is the biggest tool in defense against scams.

Transparency with Suppliers

  • Being transparent with your team about who your suppliers are can help prevent falling victim to scams.
  • For example, if you bank with Commonwealth Bank, don't click on anything from Westpac.
  • The ATO does not send emails to business owners regarding tax refunds or logins.

Importance of Routine and Suspicion

In this section, the speaker emphasizes the importance of having routines in business operations to avoid suspicion. The speaker also highlights the significance of being suspicious when something seems off.

Routines in Business Operations

  • Having routines in business operations makes it easier for the team to be familiar with how the business operates.
  • Paying everyone on the same day and doing things consistently helps avoid suspicion when something unusual happens.

Being Suspicious

  • It is important to ask questions when something seems off, such as receiving a payslip on a day that payment is not usually made.
  • If there is any suspicion about an email from a supplier requesting changes in bank account details, it is best to ask questions before making any payments.
  • Being overly suspicious can help prevent mistakes such as paying money into incorrect accounts, which may not be recoverable.

Importance of Good Business Grade Email and Assurance Dashboard

In this section, the speaker discusses the importance of having good business grade email and introduces Xero's Assurance Dashboard feature.

Good Business Grade Email

  • Traditional server-based emails or some website-based emails do not provide enough security for businesses nowadays.
  • Having good business grade email services like Office 365 or G Suite is critical for businesses today.

Xero's Assurance Dashboard Feature

  • The last login feature in Xero shows who last accessed the file and what they did potentially if you click on it.
  • The Assurance Dashboard feature in Xero gives a view of some of the things going on inside the Xero file, including user activity and bank account feeds.
  • The Assurance Dashboard also looks at four common signs of internal fraud that may suggest compromise or something interesting has happened.

Detecting Fraud in Small Business

In this section, the speaker discusses how fraud can occur in small businesses and provides tips on how to detect it.

Red Flags for Fraud

  • Check if any contacts have the same bank account details.
  • Look for changes made to customer or supplier bank accounts.
  • Check for backdated invoices and bills as they are often used to make fraudulent activities look more legitimate.

Using Xero's Assurance Dashboard

  • The Assurance dashboard under accounting and advanced in Xero is a tool that can help detect backdated invoices and bills.
  • Business owners should check the dashboard regularly, while bookkeepers should check it every time they do a bank reconciliation.

Importance of Monitoring Your Business Data

  • As a business owner, you need to monitor your data regularly to ensure its accuracy and security.
  • Building technology tools into your business process can provide an additional level of confirmation and security.
  • Have an offboarding process when employees leave your business to prevent unauthorized access to sensitive information.

Mandatory Breach Reporting

  • In Australia, mandatory breach reporting requires businesses to report data breaches promptly.

Importance of Cybersecurity

The speaker emphasizes the importance of cybersecurity and highlights the need to keep software up-to-date.

Protecting Your Business

  • Businesses must inform the tax office and clients if their data is compromised.
  • It's important to consider how it would feel to have to tell customers or suppliers that their information has been stolen.

Keeping Software Up-to-Date

  • Using outdated software, such as Windows XP or Windows 7, can leave your business vulnerable to cyber attacks.
  • It's crucial to use the latest version of Windows or Mac OS for optimal security.
  • Having up-to-date software is more important than having expensive antivirus software.

Updating Devices

  • Smartphones require regular updates for security purposes.
  • Android phones receive security updates for two and a half years before needing replacement.

Responding to Phishing Scams

The speaker discusses how to respond when encountering phishing scams.

Realistic Emails

  • If an email appears realistic but nothing happens after clicking on it, it may be a phishing scam.
  • If a file attachment in an email goes blank after being clicked on, it could be malicious software or a tracking cookie that phoned home with information about your device/browser/operating system.

Accepting Cookies

  • Accepting cookies is necessary but make sure you're accessing the intended website from time to time.

Chrome Extensions

  • Be cautious when using Chrome extensions as some may do different things.

Understanding Cookies and Firewalls

In this section, the speaker explains what cookies are and how they are used for marketing purposes. They also discuss firewalls and their role in protecting devices from hacking attempts.

Cookies

  • Cookies are tags placed on a browser that can be used for marketing purposes.
  • Xero uses cookies to store tokens for two-step authentication.
  • Accepting cookies depends on the website's trustworthiness.
  • YouTube installs around 50 cookies when accessed.

Firewalls

  • Most devices have software firewalls built-in.
  • Firewalls make it harder for hackers to access devices but do not protect against identity theft.

Protecting Customer Data

In this section, the speaker emphasizes the importance of protecting customer data and provides tips on how to do so.

  • Exported data should be deleted after use to avoid cluttering local machines with sensitive information.
  • Storing everything on a local machine is not necessarily safer or more secure than storing it elsewhere.
  • A CSV file containing customer information was compromised in an accounting firm last year.

Ransomware and Cybersecurity Insurance

The speaker discusses how ransomware can hold businesses hostage by encrypting their data and demanding payment for the decryption key. Small businesses are particularly vulnerable, and having cybersecurity insurance may help, but the best defense is to have data safely stored online.

  • Ransomware can encrypt a business's data and demand payment for the decryption key.
  • Small businesses are often targeted because they may not have strong cybersecurity measures in place.
  • Having cybersecurity insurance may help with paying ransom demands, but it's better to have data safely stored online so that physical device theft or loss doesn't mean losing important information.

Importance of Passcodes on Devices

The speaker emphasizes the importance of passcodes on devices, including desktops and laptops, as they can contain sensitive information that could be used against a business if stolen.

  • Passcodes should be used on all devices containing sensitive information, including desktops and laptops.
  • Without passcodes, anyone can access everything on a device simply by opening it up.
  • Auto-delete settings for downloads folders can also help protect against unauthorized access to sensitive information.

Resources for Cybersecurity Education

The speaker recommends several resources for improving cybersecurity awareness and education.

  • Xero offers an entry-level cybersecurity education course on its website.
  • Adversaria offers a more in-depth cybersecurity awareness course.
  • Stay Smart Online and Scam Watch are both good resources for staying up-to-date on the latest scams and threats.
  • The Australian government's Stay Smart Online website has a wealth of information on cybersecurity, including what to do if your data is breached.

Importance of Technology Education

The speaker emphasizes the importance of technology education and training to prevent issues like email hacking.

  • TradingPad has an authenticator system in place to help prevent email hacking.
  • Xero provides technology education and training to help businesses improve their cybersecurity measures.
Video description

Watch the TradiePad Tech Talk: Cyber Security In this increasingly digital age, it is vitally important that we protect the data we are sharing online. The TradiePad team have seen an increasing number of attacks on our clients recently with potentially devastating impacts. In this Tech talk, we will discuss methods to help you stay safe online and protect your data from Cyber criminals. Joining us this month is non-other than Xero’s Head Of Industry Matthew Prouse to discuss the lengths Xero is going to in helping us all in this war against cybercrime.

Tech Talk: Cyber Security with Matthew Prouse from Xero | YouTube Video Summary | Video Highlight