Mind Byte | TecMan Academy Presents:
Cybersecurity Essentials
with
M. Usman Ghani
Chief Security Officer | NodeCypher Inc.
In this session on CyberSecurity Essentials, where we will explore the fundamental principles of protecting digital assets in today's interconnected world. This session will cover key topics such as identifying common cyber threats, implementing strong passwords and multi-factor authentication, recognizing phishing attempts, and understanding the importance of regular software updates.
#Cybersecurity #CyberEssentials #InformationSecurity #OnlineSafety #DataProtection #NetworkSecurity #CyberAwareness #DigitalSecurity #SecurityTraining #PhishingPrevention #ITSecurity #CyberHygiene #SecureYourData #EndpointSecurity #TechSecurity #InfosecBasics #CyberThreats #SafeOnline #CyberProtection #CybersecurityTraining #mindbyte #Sessions #tecman
Cybersecurity Essentials
with
M. Usman Ghani
Chief Security Officer | NodeCypher Inc.
In this session on CyberSecurity Essentials, where we will explore the fundamental principles of protecting digital assets in today's interconnected world. This session will cover key topics such as identifying common cyber threats, implementing strong passwords and multi-factor authentication, recognizing phishing attempts, and understanding the importance of regular software updates.
#Cybersecurity #CyberEssentials #InformationSecurity #OnlineSafety #DataProtection #NetworkSecurity #CyberAwareness #DigitalSecurity #SecurityTraining #PhishingPrevention #ITSecurity #CyberHygiene #SecureYourData #EndpointSecurity #TechSecurity #InfosecBasics #CyberThreats #SafeOnline #CyberProtection #CybersecurityTraining #mindbyte #Sessions #tecman
Category
🤖
TechTranscript
00:00hello guys welcome to the live session on cyber security
00:20i hope you guys are joining right now so with me is mr osman ghani he is basically chief
00:27information security architect so um with a little pause i will definitely introduce in detail about
00:35mr sman so i'm i'm thinking that still many people are joining us on live youtube session
00:43so this session is basically our first session of mind byte series and presenting by techman
01:00so our strategic partners are architect solutions node cipher and ogmc so this session is basically
01:09uh will be you know a lead by mr osman ghani and mr osman ghani has a very long and very leading
01:18career in information security uh cyber security and auditing which is covering almost 28 years
01:28it's a very long experience uh mr osman has done his uh mba in telecommunication from university of san
01:37francisco uh in 1996 so he is a certified information security professional by isc2
01:48uh he worked in many companies with many clients uh offshore onshore different parts of the world
01:56so as an information security consultant he worked with sensecom he worked also with c4i
02:04uh infotech 4g fertilizer uh infotech 4g fertilizer and i3 consulting so being an ict consultant he worked
02:14with the dossier a giz which is a german entity and also he worked with the uh the world bank
02:23currently he is working as a chief security officer and advisor with node cipher and that is a canadian
02:31company so you can find more details on the linkedin of mr sman and we will also let you know the upcoming
02:41session of mr sman in uh on uh at the end of the session which are which are the free and which are the
02:49paid session let's see at the end of uh this session i think i this is the right time i can uh give
02:59uh this platform to mr sman so he can uh also introduce himself as well uh in short and also he
03:07can start uh his discussion and his knowledge about cyber security essentials so over to you mr sman
03:14uh thank you uh thanks for the introduction and uh guys uh whoever is joining welcome to this session
03:26uh sakib i think has pretty much summed up my experience uh although i would like to add that
03:35uh for the last 20 years uh i have been working as a cyber security and information security consultant
03:43for many many of the large uh enterprises international financial institutions and such
03:50and also not only that but also a lot of smaller medium enterprises and this is why when we're talking
03:58about it we thought that you know which area is uh the one that uh needs to be addressed first in in any
04:08live session because uh a lot of big companies uh you know they have their own uh cyber security and
04:15information security centers but most of the smaller medium enterprises uh they lack uh the knowledge as
04:22well as the expertise in house so this session is mainly targeted towards the smes just for that specific
04:30reasons and again i welcome you all and i would like to start off uh with uh with the slide deck uh that
04:39i'll be going through and uh there will be a session for questions answered the question and answers uh right in the end
04:48uh where i'll take your questions and we can discuss any ideas or any suggestions that you may have
04:56and you know we'll get to that in the end so let's start
05:09okay uh okay uh i assume uh everyone can see uh uh the presentation uh this is basically the
05:23service of the essentials and uh well i have sort of uh created as a practical guide for small and
05:31medium-sized enterprises uh i'm a small and i'm the chief information security architect at node cipher
05:37uh it's a canadian company and we have been helping out uh not only canadian uh organizations but
05:45also international international companies as well moving on uh i went through my introduction a little
05:53earlier so after that why is cyber security a matter of concern for small smes there are several reasons
06:05but a few of these uh i'm going to discuss it and discuss them here uh the first one is that uh smes
06:12are basically prime targets of uh cyber attacks a reason being that they have less robust defenses
06:21as i mentioned earlier that they're small they don't have a lot of them don't have enough budget for
06:27uh information and cyber security but on the same on the other hand they do have valuable data i mean
06:35the data to a large company may not be that useful their data but to them uh that data is is very useful
06:44imagine if you're a small uh i don't know manufacturing company uh you manufacture car parts and you have
06:52a database for all your customers clients your uh crm your car parts your manufacturing and suddenly all
07:01the data is lost i mean how much uh effort uh would it be just to get the get the data back so the data is
07:10is very valuable uh going forward uh consequences of a breach financial loss and reputation damage
07:19uh there those are much bigger uh for a small and medium enterprise company as they are for for a large
07:29company i mean imagine uh we uh there is there is a small company that has you know a million dollars
07:36of sales and uh they incur sort of a disruption or you know they have a reputation damage or operation
07:45disruption or they have a legal lawsuit that uh incurs them a damage of maybe you know half a million or
07:51a million dollars they'll go out of business so the breach of a million dollar is much more effective
07:59for a small enterprise than it is for for a large enterprise uh the next one is the the threat landscape
08:06uh going forward i mean 10 years ago uh most of uh the codes and uh you know the the cyber security
08:17tools uh they were uh sort of in the access of only experts uh and there were not many tools you had to
08:25be an expert in order to use them but nowadays with ai and with advanced tools uh anyone who's even an
08:34experimental person they can come across these tools uh you know and they can uh wreak havoc in an
08:42organization they can create ransomware very easily you can create official site using a tool in 10 minutes
08:49and you can uh you know steal somebody's data so the threat landscape has uh expanded by a lot uh over
08:58the last few years and that specifically is a cause of concern for the sms and this is what i say that
09:08a lot of companies and a lot of people in the in the sea uh you know class of a company says that oh you
09:17know it hasn't happened to us yet we're not that important and i say to them that it's not a matter of
09:24if but it's when so if it has hasn't happened to you it does not mean it won't happen it's only a
09:31matter of time that when it happens to you are you going to be prepared for it have you prepared for
09:37it have you uh enforce your systems uh reinforce your systems accordingly so moving forward why do smes
09:49uh why should we care about security well here are some numbers uh as i was talking earlier that you
09:56know a company of uh maybe a size of million dollars uh if it uh gets a data breach of a million dollar
10:03that costs a million dollars um it will go under and these are the numbers that i'm going to just
10:10display here a few of them are basically uh the sort of i mean there's there i'm not going to use them
10:18as a scare tactic but the problem is that these are facts and these are the factors that affect
10:27uh you know a lot of the same making in a lot of large enterprises as well as small enterprises
10:33so a data breach can cost up to an average data breach can cost up to 4.45 million
10:41to a company a single one a single data breach so if there is a data breach i mean in your company maybe
10:47it's not that much but uh this is an average so it could be you know 100 200 000 what are you going to
10:55do and 43 percent of cyber attacks they target small businesses so that's that's a that's a big number
11:04compared to the the common thought that you know small businesses are not the target because they are
11:12small and they are you know the data is not important to uh and here's the number that i was
11:19talking about the 60 percent of sms goes out of go out of business within six months of a breach uh this
11:28is effect that is uh makes it a cause of concern from a lot of small enterprises that if there is a data
11:36breach big enough it may make them go out of business so i mean they may have a very good business plan
11:43they are very well-running business good people but a data breach can set them back and if you are
11:52dealing with the organizations and companies or if you're holding data of
11:56uh even the residents of european union you can have gdpr fines um and they can reach up to uh you know
12:08this number is 2.9 billion um with the data protection violations so even a small factor of it
12:16can be a cause of concern should be a cause of concern uh going forward okay we're going to talk about
12:25some common uh some common uh that are faced by sms uh the first one is the phishing and social
12:31engineering uh i think that most of you must have heard about phishing uh most of you have you know
12:39experienced it as well uh basically it's the email scams and now the email and other kind of
12:48uh scams that target your mobile phones uh it's just not the email it's your whatsapp it's your sms
12:57so these kind of scams and people can generate fake invoices uh they can harvest your credentials so
13:08very uh you know real looking website is shown to you and you are asked to release your password so that's
13:14uh one uh major threat and uh what you need to do to basically guard it is that uh it's the training
13:26of employees uh to support red flags uh we at mode cipher we do provide regular trainings to companies and
13:34organizations uh you can within your organization have a training program that you can run by yourself or
13:43uh buy an external partner uh it doesn't have to be uh you know very rigorous training but just
13:50uh get your employees to understand uh what a phishing scam looks like what a phishing email looks like
13:57and just you know they should spot the red flags and find out how to spot it uh the next and very
14:04important thing is the ransomware that's also very common these days uh ransomware is basically a kind of a
14:11virus that if it infects if it infects your computer uh can encrypt all the data so you won't be able to
14:18access uh the data and they basically demand for payment and this highlights the importance of backups
14:26that if something does happen of this sort you should be able to have backups uh that you can recover
14:34unless unless unless you want to pay the ransom um and this has happened this is interestingly this has
14:41happened uh uh i've talked to a few companies and i did work with one company also they didn't have any
14:48any backup and they wanted us to basically sort of get the ransom amount reduced and they ended up paying the
14:59ransom because they didn't have the backup so sometimes sometimes uh if the company is not prepared
15:08then you know be ready to either lose the data or pay the money or you know on the other side and
15:15uh anti-ransomware software installed uh like endpoint security or uh and also keep your data back
15:23for sale and again there's the general uh you know malware and spyware that keeps working around
15:32you can download it you can go to malicious websites and they can be downloaded on your computer your
15:38mobile phone without you even knowing even a lot of times there are these anti-virus software that do
15:47not detect uh the latest kind of zero day attack viruses so we'll have to think about uh solutions uh
15:57that help you guard against these kind of attacks and uh at node cipher we do have with these solutions
16:02and we can discuss them uh in the end as well uh again as i mentioned anti-virus and anti-malware solutions
16:10uh are the answer to these uh to these problems uh more threats this is very important the passwords and credential types
16:28even if you do not uh you have every uh kind of infrastructure installed on your computer on your
16:35website on your systems uh on your business side you still have the risk of using your access and your
16:45passwords by way of you know having weak passwords and someone can steal your credentials uh for that
16:54there are eight solutions uh you can do multi-factor authentication what that is basically as many of
17:00you must have seen these days before logging in uk the system asks you for another kind of authentication
17:10it could be biometric through your phone or it could send you an email on the human email letters that you
17:17had registered with and that uses the second authentication method by sending a one-time password otp to
17:27an email or to an sms and that's what multi-factor authentication is and the other one is strong
17:36password policies uh when i started off like 20 years ago in those days a strong password was uh still
17:46still a you know thing of you know desire for a lot of organizations that you know we have to have strong
17:54passwords but who would remember those passwords so you know people would write down those passwords and
18:04they have one or two one for their online email one for their um one for their work computer but as the
18:12time has passed what has happened is that now we use so many uh sas applications online we have accounts
18:20everywhere here so we end up creating so many accounts that we need to have passwords for and we
18:27can't have the same passwords for everything what if it's lost so you end up basically losing all your
18:34data so one uh solution to that is to have a password manager that you can install on your computer or on
18:43your browser uh that you can put a really strong password and multi-factor authentication on and
18:49you can store all your passwords there that is one of the very uh one of the very secure solutions that
18:54you can add and uh importantly inside the threats what is inside the threats uh is a threat by an employee
19:04there are discontentable employees who you know uh want to own your company who want to steal the data
19:11and sell it somewhere uh it could be an employee it could be a friend of an employee it could be a visitor
19:20so uh it could be accidental or it could be vicious and these kind of uh threats need to be catered for by
19:29using stronger access controls and also monitoring and we'll be talking about that later as well okay
19:38this is basically a very simple case study that i sometimes you know discuss with my parents uh with my
19:46my customers as well uh just for all you guys uh can you share your opinion on what it is and
20:09what is the red flag in this message
20:12can anyone of you come up with the red flag with this one
20:24let's have a question in the audience
20:33okay right
20:36anyone okay the phone number very good very good because a bank or a financial institution would not
20:54keep you a direct the other one is uh the atm card has been blocked by state bank
21:03so that right away is a gift uh that even state bank uh why would state bank be calling you from
21:17uh a simple cellular number to block your right so
21:24so the first question was that what type of cyber attack is this this is basically a phishing uh
21:30phishing attack where somebody sends you a message and most of the phishing attacks and you know the key errors
21:40identify what kind of uh you know uh things were there uh and how can you protect yourself from these
21:49attacks again it's to train yourself uh to understand that these type of messages
21:57devices most probably are going to contain uh some kind of uh malware or some sort of a fishing attack
22:06and you need to be prepared for that remember like many many years ago you would hear stories
22:12about uh you know when you sit in the bus uh you should not uh eat anything from a stranger
22:18uh or your mom or your dad or your uncle tell you that uh that whenever you're traveling don't take
22:24anyone from anything to you from state well these are the instructions that the parents or the
22:33colleagues should be giving each other is that never ever open a message that has these kind of
22:39correct facts so this is the kind of training that you have to train your mind on is not to uh
22:49basically act right away on this kind of message because uh these phishing attacks uh basically it's a
22:58human psyche uh that uh sort of triggers these these attacks uh and we'll talk about that later but uh first
23:06of all uh we're going to talk about the foundational pillars of uh uh cyber security uh basically there
23:14are three of them uh the people uh people are in your organization one of the key uh pillar uh in keeping
23:26your organization secure and they can became using the awareness and programs uh the second one is to have
23:35processes in place which includes policies procedure and incident response plans now these policies
23:42procedures a lot of people that they say oh you know uh we do not have a budget and we do not have
23:49the size and the resources to implement uh policies and carry out procedures and have incident response plans
23:58but what i do i suggest is that uh it's not about the size it's about the readiness you can have uh the
24:08readiness even when you're small you can have simple policies you can have actionable procedures and you
24:14can have incident response plans that are tailored specifically to your organizations the next one is the
24:22technology obviously the tools and solutions we'll be talking about the endpoint security we'll be talking
24:28about password managers and a lot of other technology solutions okay so now we're going to sort of get into
24:40detail about these pillars uh talking about the people and their training and awareness why is the training uh crucial
24:51uh because as i just mentioned in the previous uh example and the case study that you need to condition your mind
25:00it's not training it's not like going and sitting in in a big conference hall or a big hall and
25:06trying to understand the long slides training is basically conditioning your mind it's thinking
25:14that anyone can cyber attack you any time of the day you could be sitting in your bed browsing your phone
25:22and you could be the target of a cyber attack so you know someone can somebody's trying to steal your
25:30uh phone uh data somebody's trying to steal your financial data so it could happen anytime so a regular
25:38training is is very important and uh fishing simulations basically are practical exercises uh that you use to
25:46build the resilience that you use to build condition your employees on how to detect these kind of
25:53uh attacks and then very importantly social engineering and recognizing what the manipulation tactics are
26:04as part of our training programs which we do is we also uh sort of train people and help organizations
26:12understand uh what social engineering is and basically how to uh sort of capture uh the tactics of other
26:22people that are trying to manipulate you i mean for example i'll tell you that the two of the key
26:29factors that are involved in social engineering is a is the greed and b is the fear so basically
26:36fear of losing something or fear of your boss's anger and greed for getting more money or greed for getting
26:44things done the easier way so these are the kind that kind of loop you in into one of these traps
26:53and then in the end it's not just each employee in itself it's basically a security culture and make
27:00the cyber security responsibility for everyone not just a few people who are sitting maybe in your
27:06information security department or maybe your higher management or maybe your it team but also even uh
27:16or even office why needs to be very about how to secure the information that that is in your
27:24organization okay there's a uh this is a quick quiz uh it's about fishing and social engineering now
27:35there are these four options which of the following is the best way to verify a suspicious email request
27:41from the ceo for the urgent money transfer so what if your ceo has sent you an email and he wants that okay
27:50transfer this much amount urgently to this account because they are are you know a regular
27:59purchaser and we are sending them so they're sending us their products uh and you are going to
28:07pay to them so just send out you know this much money to him and i'll talk to you tomorrow so what's the
28:14uh what are you going to illustrate to handle this kind of opinion let's see uh how many say a b c or d
28:27what's the common consensus
28:44okay it seems like um we're having sort of uh okay most of them are saying let's see uh call the ceo
29:01directly on a non-trusted formula exactly that's that's right answer uh you should never reply to the
29:07email uh because it may take you to a link that is basically that the center intends you to go to
29:17so you should not do that or again any of you clicking on any of the other links trying to see
29:22where they lead uh because there could be malware in that so don't even try it um and last one was
29:29for your entire team for their opinion again that may you may be spreading a virus within the organization
29:35so the correct answer is c policy directly on a non-trusted formula and this is uh what you
29:41should be doing in a lot of other uh situations as well uh specifically like somebody calls you and
29:49says oh you know i'm calling from the bank and uh you know uh please give me your uh id and the mr so
29:57and so i know your name and uh i had you know i retired number also i have the first four digits
30:03please can you fill out the last ones and you know the first thing you should tell them is that
30:11tell me which bank you're from and i'm calling that i'll call back to that bank on their number
30:17and then i'll ask uh the help people whatever the problem is then i'll give my information to them
30:24so at least on the other side you do know that whoever you're calling is a trusted number or is a trusted
30:31email for that matter talking about uh the pillars of uh cyber security for sms the process policies and
30:43we talked about a few of the policies and the processes that should be in place uh first one is
30:53the password policy you should have and these are basically um you know a lot of organizations
30:59and they're quite bad they have multiple cyber security or information security policies in tens
31:07of number like 20 30 approved that number of policies but for small to medium enterprises there are a certain
31:16set of policies that has to be implemented and one of them is the access policy and the password policy
31:25and these policies should address the complexity rotation and unique passwords
31:31in the policy and whenever people are setting up their password they should follow
31:36this this policy i mean the access control should be least privileges and role-based access meaning that
31:43not everyone in your organization is the administrator the ceo of the company is not the administrator
31:53he should not get the privilege of an administrator it should be role-based access
31:59i i have seen a lot of companies where the ceo does have admin access he wants to have it all and then
32:06he ended up corrupting the system and then they're running after the id uh to fix it and if that happens
32:13then the data backup strategy the next one is uh the answer to that and that should be there you should
32:21have a database data backup strategy and the best rule is the what we call the three to one rule you should
32:28have three copies of data one is the original one and then two copies uh the two copies other ones should be on
32:35two different medias i mean they should either one being artist and the other one should be off-site
32:44so in the cloud or wherever you are storing your data and then very importantly you should have an
32:52incident response plan if something happens you should know what to do in case of a breach and you
33:00need to be ready to detect respond and recover from and then it not only just remains within your
33:10organization but you should also have these policies addressing your vendors as well like connecting to
33:17your vendors getting data and sharing data with your vendors and third party plans so those should be
33:22addressed in the policies as well and the third one is the third pillar is the technology which is that
33:28essential tools uh specifically there are uh endpoint protection which sort of combines antiviruses
33:37anti-malwares and that endpoint protection should be implemented on your computers your laptops mobile
33:45devices and iot devices also if they have to implement some sort of endpoint protection
33:54and they should also have a firewall and this is how we're talking about smes that if you have a single
34:02location or even multiple locations you should have firewalls controlling the network traffic uh for your
34:09organization and it should be configured directly and it should not be open by default and should not have
34:16the default passwords uh we discuss when we have uh our detailed sessions we discuss each of them in detail
34:23on how to uh sort of carry out each of these activities and what kind of uh recommendations we would give
34:31you and if you request us we can do these things for you and then as i mentioned earlier there's uh the
34:38mfa authentication is top slow and an external layer of security beyond passwords uh and it should be
34:47implemented not just on your personal passwords but specifically on your uh vpn on your critical apps
34:54and on your administrator passwords as well uh the admin administrator of your organizations uh should not
35:01have the admin one two three password and the default password for everything while everyone in your
35:08organization is setting up you know long tedious passwords more technology tools data encryption
35:18uh data should be encrypted while in rest and in transit meaning encrypting data on your hard disks or if
35:26your laptop is stolen uh your data is secure and you should not even let it be unsecured when you are
35:34transmitting the data you're transmitting the data means secure emails uh secure communication between
35:39artists and vpns and again uh different equipment and scale communication are two methods in which we do that
35:47and again the secure network wi-fi configuration a lot of companies have you know these standard wi-fi
35:56security implemented between passwords it is as bad as somebody sitting right next to you in your office
36:04and connecting their internet cable into your system so secure your library as well
36:11and then in the end patch management meaning you've implemented everything but you haven't updated your
36:17patches uh as the software in the last two years uh there are a lot of viruses that sort of detect those and
36:27they can infect the systems if they are not managed properly another quiz uh what should be the first step in
36:36your incident response plan after the cyber incident either you should delete all the affected files
36:44if you have a cyber incident or you should notify all your customers that hey you know we have a cyber attack
36:51uh please uh we are trying to secure your data or isolate the effective system to prevent further spread
37:00or pay the ransom demand tick tock
37:11let's see okay
37:14okay it seems like uh yep yep okay yeah see this is the answer so
37:35good moving on
37:36actionable steps for sms today that you can take action steps these are the top five ones
37:46the first one is implement endpoint security on your pcs laptops and mobiles as i mentioned earlier
37:53the second one implement multi-center authentication this is password management of all critical accounts
38:00as i mentioned not just your own personal accounts but also specifically on your
38:09firewall access accounts on your server accounts on your cloud accounts everything should have mfa
38:21next one back up
38:23and test those backups this is very important a lot of people uh they used to have you know these
38:36data or data backups on the cds and they used to you know post sort of store it off-site as well
38:44but when they brought it back to the cover something from those backups uh it didn't work
38:51so what good is a backup if you cannot restore it properly even if you store it on the cloud you
38:58should have a backup and testing strategy in place that you do it very frequently to check if the your
39:06backup data is of any use train your employees on phishing and basic security awareness that's very
39:13important and training and training uh is not just an organization like training you can have uh small
39:24sessions with uh employees uh you can give them some material on and off uh through email you can have
39:33uh some brochures handed out uh some banners uh posted uh within the workplace uh so there there is a lot of
39:44different uh ways in which you can train your employees and the last one is for sme develop a basic incident
39:53response plan uh it should be a part of your cyber security policy
40:02now we're going to talk about how you can manage security for an sme
40:13if you do not have the budget if you do not have the resources
40:17what we suggest is that you go for what we call a managed security meaning that let somebody else
40:23manage the security for you just like you let somebody else store your data on the cloud for you
40:29you let amazon web services store your data you let microsoft store your emails so you let somebody else
40:36manage your security for you if you are an smi
40:40and this is at node cipher how we do it we have a managed security program where we do the need
40:50assessment when we come in and interestingly we provide a 30 minute free consultation with anyone who
40:58want to implement managed security and that's free of charge we come and we discuss with you and even at the
41:07end you do not you know get our services you'll still walk away with a good amount of knowledge on
41:13how you can do it even if you want to do it yourself and then basically what you get from a managed
41:21security is that in the technology side you get endpoint detection you get something like cloud workload
41:27protection incident response threatening and in the competency area in the expertise area we provide
41:36our security program architecture for you specifically clean up your needs we also provide compliance
41:43assistance for you risk management data classification we provide all these competency services to you as well
41:49if you do manage security and it in the end provides visibility to through these dashboards uh that we
41:58provide you with uh for your security so your uh higher management can have a view of your security uh landscape all the time
42:14and for senior managers at smes senior management ceos what does it give you it gives you peace of mind and focus on your core business you don't have to worry about uh cyber security uh you don't have to worry about uh cyber security uh you don't have to worry about uh
42:16uh cyber security uh you don't have to worry about uh cyber security uh you don't have to worry about
42:28uh cyber security uh you don't have to worry about uh your program and we'll basically
42:36sit with you and we'll do it for you uh and for your it managers and tech leads uh you don't have to be
42:44intimidated that uh cyber security guys are gonna come in and they're gonna start interfering your work
42:50basically our team will work as sort of an extension of your team and will help you and guide you in
42:58implementing security because i've seen a lot of large and even smaller enterprises the biggest
43:06sort of fear for them is that uh they think that if the cyber security guys or information security guys
43:13are going to come in they're going to do the audits they're going to do uh risk assessments they're going to
43:22make us uh implement these kind of controls that are going to restrict our access
43:28it does not happen that way there is a whole systematic way of doing it and we do it with you not
43:37we don't force it and these are our technology partners at node cipher we have partnerships with
43:44endpoint security providers like check point with the camera backup providers we have our own sock and
43:54we use other security products as well okay so we are at the end of our presentation and if you have
44:06questions and answers please feel free i'm here to answer to the best of my knowledge
44:17so yes mr genny thank you so much for your great presentation on the cyber security essentials
44:24before i start over the questions i must say once again thank you for you and really we do understand that
44:32cyber security threats not only for the big companies equally concerning for the mid-size and the small
44:40scale companies and as you said that 43 percent of the cyber security breach victims are basically the
44:47small scale companies so overall as the prime target and as i understand from your presentation that the
44:57social engineering is good but at the same time we need to take all the protective measures to stay
45:05scared from the cyber attacks and i must say that cyber security is not only good for it is not only about
45:12securing information but it's also about security of your people your processes and your technology so
45:21solution is definitely to train your people and processes more right so uh yes we can move towards
45:30the question there are a few questions and one of question is um actually it's a someone said from as a
45:38on the on the behalf of the company that we are a very small business with only a few employees
45:44do we really need all these complex cyber security measures so what is your opinion on this yes
45:57and no
45:59even uh basically there there are solutions for smds and for large organizations
46:06and we at node cipher also understand that that not all the companies uh specifically the small
46:13and medium enterprises they have the resources uh financial as well as human resources uh to uh sort of
46:22cater for uh you know the cyber security needs of the organization because the attackers
46:28they do not care uh if we have a large organization or a small budget or a large budget
46:34uh they're gonna attack you so what we do is basically sit with you and as i mentioned earlier
46:40during the session the discovery section we call it we try to understand what your security
46:50post existing security posture is and what your budget is what your requirements are and how much uh sort of
46:59uh secure do you want to be in that kind of budget so basically uh we provide you sort of a customized
47:07solution for for your requirements and uh interestingly most of the small organizations they do go with
47:15uh with the managed services because it gives them uh a security and a piece of mind and a very very affordable cost
47:26yeah thanks so much uh there is one more question uh let's bring up on the screen so
47:32how much does the cyber security typically cost for a small medium enterprise we have a very tight budget
47:42so it's a very you know obvious question by many of the companies because budget is yes
47:50yeah actually that is uh the first question that people the companies talk about is is financial
47:58because when you go to a website when you are purchasing something you have the the amount right
48:03there uh on the on the screen that okay if you want to buy this shoes on this computer this is the amount
48:12you have to pay but uh with with cyber security and with the managed services uh it's a bit trickier than
48:21that in order that uh in order to understand uh what price you have to pay for our service we have to
48:29first understand what your requirements are so uh i would not put sort of a dollar figure that okay you
48:36know but we do have different options uh there are uh pay as you go options as well for really small
48:43companies where they do not have to make an upfront investment uh into cyber security which is a good
48:50option and you can just pay by the month by the user or by the endpoint for the security and
48:59we have different uh pricing models uh where apart from the technology solutions like uh endpoint
49:08security and cloud security if you want to avail the vcs or services which are the virtual
49:15chief information security officer which are basically uh the the expertise services that we provide
49:22like you can make use of our expertise we provide or we develop uh policies for you we develop your
49:31incident response plan so we can do that uh we can provide you those services on uh sort of uh on
49:40road businesses as well you don't have to invest upfront in that so again to answer the question uh
49:49we have to sit down with you in order to understand uh how much it will cost for you but
49:57there are different ways in which you can pay for for these services
50:02very well answered thank you uh there is one more question so another question on the behalf of the
50:10company so we use a lot of cloud services like google workspace and microsoft 365 isn't it their security
50:21sufficient enough that they can manage yes uh basically when you go to cloud uh
50:29if you go to cloud provider their security model that uh basically works on what you call the shared
50:36security model meaning that you share the security responsibility with them they will secure
50:43some part of it but they will not secure the data part of uh this uh the security so you have to
50:50implement your own security uh and we have several uh solutions for specifically for cloud that secure
51:00your cloud workload but cloud workload is basically whatever uh data you're retaining on the cloud
51:06uh that is protected by what we call our cloud workload protection uh solutions that we implement to secure
51:14the cloud motor as well as accessing that cloud data would require your computers your mobile phone so
51:24again we're talking about the endpoint security that needs to be implemented in order to uh access the cloud
51:31uh workloads and so basically the security on cloud uh services is sitting with the cloud provider and
51:41your staff as well yeah that's that's great so we have i think one more question yes what role does
51:50employ training play in the reducing cyber risk for smes so this is what exactly is that we need to train more
51:58people more people more processes and i think it's a similar question related to that yeah uh basically i think
52:07this is one of the key and the most important areas of cyber security is the people uh the systems uh
52:15they a lot of times come pre-configured with security policies people do not so when somebody comes on board
52:25then you have to configure their security policy and uh sort of train them uh i mean it's not that uh
52:33normal people uh are not trained in their general life as well these days uh we do get uh you know
52:42kind of these trainings everywhere in the world on your mobile phones even uh and the pta keeps sending you these messages
52:49your bank uh keep sending you these messages that how you can be secure why how not to click on the links
52:56but still sometimes a lot of times as i mentioned uh the social engine uh does take over uh people and
53:06the greed and the fear kicks in and people do fall for uh these kind of attacks as well and again this is
53:16sort of reinforcement that training is reinforcement you have to reinforce the same thing over and over
53:22and over again in order to condition your mind in order to a guard yourself from these attacks and be
53:29wary of the attacks even before they happen to you so yes uh secure uh employee security or employees
53:38training is a very crucial part of your cyber security so in the more proactive and more protective is
53:48better right so there are many questions mr swan coming up to you but we will take another one
53:54and this will be the last one for you uh how often how often should we train yeah yes how often is a very
54:04subjective question that how often you should we train yeah uh as i mentioned uh uh we keep on getting
54:10uh i got like three chances today uh one from my bank and one from uh you know my work that you know
54:18you should uh secure yourself like that uh you should not click your uh you know a link any uh links that
54:27are sent to you uh to sms uh you should always call your bank so this is i mean we're getting trained as
54:37often as we can on a daily basis but again uh there are some uh annual training exercises that you should
54:46have in place in your organization uh because this is just uh fishing there are a lot of other areas
54:53in which you need to train your employees uh on any basis as well as uh on a recurring basis as well
55:01and as i mentioned earlier that it does not have to be a instructor-led training all the time it could be
55:09uh trainings whereby you can train them uh using videos using flyers using standees so those kind of
55:19trainings uh should be available all the time with them but yes you should have a training program
55:26with at least one annual training uh in your schedule yeah that's great that's great and
55:34um yes uh thank you so much i think so we have as i said we have so many questions but we need to
55:42consider the time constraint as well so it's a one-hour session uh what i would say again that if guys if
55:51you want to reach mr smangani you can reach on his linkedin as well uh that is basically
55:58uh on linkedin it's a smangani 748 okay so we have our upcoming sessions as well uh which you can find
56:09on our official pages of linkedin and facebook and uh you can also find those on our techman academy
56:17sessions link uh as well you can now also find more sessions on the youtube channel where we are currently
56:26on live uh streaming plus uh for mr sman uh we have uh another um sessions which are free as well uh live
56:38sessions there are a couple of sessions coming in july another three sessions coming in august
56:44another two are coming in the september and one in october these are the free sessions hope you will
56:50be joining those as well there are also some paid sessions as well for the companies and for the uh
56:56you know groups as well one day sessions which are starting from the november then uh in december
57:03there are two sessions then in january 2026 there are three sessions and in february there are two sessions
57:08so i hope this session is basically being very productive for you all guys who joined us and even
57:16who will be watching this session later on uh on youtube you will be finding very you know productive
57:24for yourself so this is all done from this session and thank you so much for joining and participating
57:33in this session thank you for thank you usman as mr sman uh it's really uh you know thank you for your
57:40valuable time and i hope this is very informative for many of people who is watching now and
57:46we'll be watching later and you can subscribe our channel as well for more updates as well right
57:52thank you again thank you everybody thank you thank you everybody thank you thank you thank you bye-bye
57:58thank you bye-bye
58:16you
58:28you
58:30you
Recommended
56:21
4:57
0:46
2:11
2:55
11:13
1:00
2:50
Be the first to comment