Episode #125 with Kay Peacy from Slick Business
Episode #124 with Marc Toews from Gateway Web AR
Episode #123 with Sherry Pratt from Sherry Pratt Health Coaching
Episode #122 with Aaron Strauss from Cache Tactical Supply
Episode #121 with Cedric Delavaud from Ludoland Regina
Episode #120 with Jasmine Patterson from BDC
Episode #119 with Jeff Harmel from Realty Executives Diversified Realty
Episode #118 with Shahzad Khoja from IBITS
Episode #117 with Kathy Sabo from QC Gifts
Episode #116 with Andrea Lo from the Toronto Dating Hub
Episode #115 with Karey Kapell from Next Level Coaching
Episode #114 with Joel Sopp from Socially Acceptable Marketing
Episode #113 with Annabel Townsend from The Penny University
Episode #112 with Cathlyn Melvin about her Tedx Coaching
Episode #111 with Corey Liebrecht from Zippity Zip Courier
Episode #110 with Quinn Nikulak from Kustom Kitties Canada
Episode #109 with Tess Boehm from Totally Tess Tradeshows
Episode #80 Your Ultimate Guide to Get Found with Local SEO
Episode #68 with Santa Claus
Episode #42 with Nadene Joy from Nadene Joy
Episode #41 with Richard Arockiasamy and Sanjana Kumta from GreenMache
Episode #33 with Denise Anderson, Author, Divorce in a Small Town
Episode 23 with Gr. 5 & 6 Students from Argyle School
If you’ve ever received a spam email or aren’t exactly sure what phishing is, today’s episode if for you!
Fraudulent emails, scams, links and purchases are costing businesses billions of dollars every year with no sign of a downturn on the horizon.
Everyday business owners are caught by links that appear to be legitimate, by claims that seem reasonable and by offers that seem helpful. They all lead to one place ~ a lost and a cost to the business.
I’m talking to Shahzad Khoja today from IBITS to better understand how a business can protect themselves and their employees from the dozens of untrustworthy communications we receive everyday.
This is an episode that can save you $1000s! Protect yourself and all your digital assets (click here for a free worksheet!).
Are you ready to make the phone ring, the website paying and a till ding? In this episode, we’re talking about one of the best kept secrets in any community. Its network of local businesses, businesses that rely on foot traffic, phone calls and website bookings. From the skinny lessons that will make you wince to the tell all expose days, these everyday people are doing extraordinary things in their business. Welcome to The Secret Life of local. I’m your host, Barb McGrath, Google girl and founder of the Get found for local program. I’ve been helping local businesses thrive for over 20 years. From online businesses to multilocation stores, you can turn browsers to buyers and thinkers to doers. But before we head into our episode today, I want to ask everyone a question. Have you ever received a spam email? Of course you have who hasn’t? What about a spoof email where it looks like it’s coming from one business, but it’s actually coming from someone else? Or maybe you’ve even had that notification that an account like Facebook or Instagram has been compromised? That’s what we’re talking about today. Cyber security and how as a business, you can protect yourself. So we’re gonna go behind the scenes with Shahzad Khoja from IBITS Intelligent Business and IT solutions. Welcome Shahzad. Tell us a little bit about yourself. And IBITS.
Thank you, Barb. Thank you for having me on the show. My name is Shahzad. I’m with Ibis. Ibis has been providing IT services. Since 2010. In the province of Saskatchewan, we specialize in providing IT services IT support and cybersecurity to small and medium sized businesses all throughout Canada from our headquarters in Regina. And we are one of the very few businesses in Saskatchewan, providing IT services in both English and French language.
Excellent. So let me ask me a really silly question. Why is what you do important?
What we do is important, because especially living in a province, like Saskatchewan, where we live as a small community, there’s a need for champions in every industry to rise and help local businesses. And this is something that with our expertise, we feel almost obligated to serve our community by providing the best solution so that the small local businesses can thrive, be more secure, and are able to grow and help other fellow community members.
Isn’t cybersecurity. Isn’t that a big business thing? Like as a small business? Do I really need to even worry about it?
This is a million dollar question. every small business owner especially with all the tools, Google, you know, we know how to protect ourselves. We can easily go online search for help and get whatever thing we need. Right now. So So when when a question comes for cybersecurity, we are more, you know, eager to go online and find solutions to help protect ourselves which is also a very good option. But when when the question comes off, who is being impacted with that decision of someone managing their own cybersecurity? One one tends to look at some some answers that am I knowledgeable enough? Am I trained enough? Do I have all the Industry Certification? And do I know everything what I need to do to protect myself and my business from all the cyber threats? And when the question comes to that level? It is slightly you know, important for someone to are basically easy to just pick up the phone and call someone and ask for help. That goes a long way. A lot of time we speak with businesses and they have had their own it and control because every small business start with one or two people and when they start at that level, it makes sense to manage their own it. Yeah. But when they start growing, they definitely need to account for several people involved in the business and how their their their activity is going to impact their business if they are not taking all the checks and balances for their IT security,
Exactly. As a business owner, I know I feel quite comfortable with our security. But I can’t, I can’t influence what all of the rest of my team click on. So they might get something that looks 100% 100% legitimate. But when you click the link, it’s like, oh, that’s not where I thought it was going. And one of the biggest offenders that I’m seeing recently is Facebook, I will get a message that looks like it’s from, from Facebook, from Facebook billing from meta. And when you actually look at the link that it comes from, like the email address that it comes from, it’s very clear that it’s not. And even something that simple, I think really confuses people, because right away, they jump to well, if it says it’s from Facebook, then doesn’t have to be from Facebook. And people don’t understand how simple it is to you know, spoof, you know, when a name and an address that it’s that it’s coming from when you’re working with small and local businesses, where like, where would you typically start? I know on our side, we always start with web security and passwords and you know, two factor authentication, where do you start when you step into a local business?
Excellent question. There. I wish there was an easy answer for this question that you start from here. But but the best way that you can start at this day and age is education. Education is number one priority, if you have a team who, who is using technology, computers, cell phone, you name it, to help you with your business, they all should be first of all trained, they need to have the right education. Once they are trained, you have done 50% of the job. For example, you mentioned about Facebook, a lot of people now working from home, they try and in their spare time on their lunch break, they would visit social media website, which not knowingly could be safe and could not be safe. And especially when they’re using company property. Yes, their their office computer to go on such website, the risk of a cyber attack increases at that point. And then if the education piece has been taken care of the 50 person, the rest of this stuff would be your antivirus would be your spam filter. All the things that go in the list would kind of act as a you know, secondary defense mechanism. So this is this is very important for any small business to keep in mind that educate education is primary. And and we as a small community have a lot to take advantage of local resources we have available. For example, I did not know until a couple of years ago that through Regina Public Library, we have access to LinkedIn learning. Yes, so if your Regina Public Libraries, card holder, you can easily log into your account access LinkedIn learning and LinkedIn learning is full of security courses. So as a business owner, I would advise any person or anyone listening to this podcast is if you want your team to be educated, you can take advantage of a lot of free resources. In fact, Government of Canada has put in a lot of things in place you can go to get cybersafe.gc.ca There’s tons of material, you can get certified. You can Google you can go on online, and then just find resources to train your staff on how they can be more prepared for such attacks to emails to text messages, or you know for it of mediums.
So let’s start there, then she’s where or how do a lot of these attacks start? Is it email? Is it somebody clicking on a link they shouldn’t? How does this typically happen?
It’s one of the primary way of this as we are seeing more commonly happening is especially with email, email is been you know very very useful too. For many many years. People have been using email for their business for their personal for their tax. You know if you if you forget your password, what do you do? Do go on your email, and then you get your recovery code. So email has been number one, there’s text messages, there’s also websites, you know, a lot of time we would website that has, they have actually become more secure. If the companies who website you’re visiting, they have put security tools in place that are keeping them secure, you probably are best to explain that function. But But email is, of course, number one source. And a lot of times people unknowingly receiving messages from the people that know, click on links. And that can open up a can of worms, like, sometimes you won’t even know you have a virus, your computer would all of a sudden start acting slow. And you would just try and doing different methods, but But you wouldn’t know what you did. And the fact might come now or come down the road. But eventually you will see that one click that you did not knowingly, can cause a lot of harm. Like there’s been stats by the Government of Canada that I was eager to share on this podcast, please do that. In 2021 alone, the number of reported frauds costed $379 million, wow, which is 130% increase from previous year. And it is only based on five to 10 person reported crimes. Out of that almost 380 million or you can say 400 Close to 470 person fraud was caused or are was due to cybercrime. Now, if you look at the numbers, only five to 10 person crimes are reported. That means that that 70% of cyber attacks were were basically only five to 10% reported crimes. So if we start looking at the overall picture, the damage is huge. A lot of businesses do not even survive after a cyber attack, like on average estimated value of our cost that goes behind a cyber attack for any business as a million dollars. So if your revenues are basically, you know, under a million dollar, guess what, if your business is getting attacked, you are not able to recover from that damage.
Exactly. So if I do some quick math and no promises that this is correct, if if the cost is almost 400 million right now, based on that five to 10% of reporting, let’s assume it’s 10%. That means we’re actually talking about $4 billion. from a cost perspective. If we presume that the other you know, 90%, then gets reported $4 billion is absolutely huge. From a business perspective, that’s revenue lost out of the Canadian economy. That could be you know, hiring people doing things, or doing all of the the work that businesses are supposed to. So if my math is correct, and I’m literally doing it chicken scratch as you talk, if I’m wrong, please tell me now.
No, it makes sense. In fact, if I’m looking at it, the numbers even huge, because as we speak, you know, a lot of cyber activity is happening, right? A lot of and and it’s it’s it’s one of the facts that cyber criminals are evolving daily. They are finding new tools, new technologies, new ways of you know, spreading those malware attacks ransomware attacks in return, what are we doing as a business owner, right? What steps are we taking for their counter attack? Like what are we going to do today? That can stop them from attacking our business? And it’s a basically a group of businesses that are working together if I am a business owner, and if I buy my let’s say, I work with an accounting firm for my for my taxes, or my bookkeeping, right? And if my business is compromised, what effect I had on my business can impact that accounting firm. Now I bet accounting firm is dealing with another 10 organization in Regina, for example. So that ripple effect is is huge. And going back to the number you came up with. It’s probably possible in fact The damage is even more. So we all need to make sure that we’re taking small, tiny steps every day to secure ourselves so we can avoid such catastrophe.
A couple of months ago, I shared a blog post on my website, as well as a tool for anyone who was subscribed to my newsletter. And in that blog post, and in that, in that tool, all I was doing was giving them a spreadsheet that said, Hey, let’s keep track of your passwords. So what is the password for your website? What is the password, you know, for your domain and your hosting. And for lots of people that went beyond their comfort level, as soon as we started talking about hosting and DNS and some of those pieces, one of the things and I know you and I agree on this point, one of the things that I always say to a business owner is a, make sure you retain ownership of all of your digital assets. And that’s something as simple as the documents you create your website, your social channels, because there’s a very significant number of times where I see business owners give their ownership over to someone else. And for me, like I refuse to own other people’s stuff, because yeah, if I get compromised, I do not want you know, that to then spread from there. What kind of what kind of tools like as a small business owner, you know, where can I start? I know you talked about LinkedIn learning but but now I’m ready to do something, what should be some of my first steps Shahzad?
First step is you need to number one, very important, a lot of businesses when we start talking to them, they do not know what they have in their business. Sometimes they would have idle devices hooked up to their network, that they do not know what the purpose is. And those are an updated unpatched devices that can be very, very harmful for the organization. So first, first thing, first, you need to do an inventory of your entire IT environment. It can be as small as a, you know, keyboard and mouse, you know, printers, cell phones that are getting connected. And the second thing you need to do is to see what is your network coverage? For example, if you have a business where you allow visitors who come to your business and who are accessing your network to go on the internet, is it secure? Is it Is there any security in place, that they are not going to be connecting to the same network, as your staff is connecting to so you got to make sure that that’s separate. Apart from that, you also need to make sure that your devices, no matter how many devices you have in your organization, server, computer, laptops, print printers, network stores, devices, everything should be updated on timely basis. After email, the second, let’s say for example, in an attack, somebody clicked on a link. What happens is that was somebody’s mistake. But if your computer was never updated, with a very important security update from windows, guess what that update that was left out can be also a cause of an attack. That’s what cyber criminals are doing is they’re finding loopholes in existing code existing, you know, piece of software that you’re running on your computer. And if that was never updated, guess what you are opening a door for for an attack. So you got to make sure that all your devices are getting timely updates. You are keeping track of all the devices who are being updated because, again, you cannot always leave those things in your, in your staff hand they have tons of things to do every day, right? They have to to make sure that they’re doing their task regularly. So there has to be an automation or monitoring in place that they are the computer the devices are being updated. And that’s where you know that you have done your job in terms of patching your devices. And of course offer that you have to secure your network with proper network device software. And then you also need to make sure you have a good security antivirus or Nowadays, there’s been enhancement, and that is called endpoint detection and response EDR, which basically, not to get too technical, but can roll back a ransomware attack, which we can probably discuss down the road. But there are tools that you can use to protect your, your assets, and also kind of help your staff to be more secure from their daily job.
Yes, I’m gonna share a really quick, funny story. You know, our office, we have a network and one of the alerts that I have set up on the network is if a new device joins the network, I just get an alert on my phone. Right? Not a big deal. And the one day, a device that I knew was supposed to be inactive, suddenly joined the network. And it joined the network at some, like really weird time of the day. So I knew exactly who had done what. And in this particular case, it was actually one of my teenagers who was using it. But here’s the good part was one of my teenagers had taken their siblings device, and was logging on to the network. Simply wasn’t home. The other one was logging in, and I was like, ah, hey, what’s going on? And, you know, said teenager was like, oh, good God, like, Why does mom have to know so much about this stuff?
Perfect. Yeah. Yeah.
One of the things that I often see right now, and you know, if you look, in the average business, you’ve got folks who are nearing retirement and maybe aren’t particularly comfortable with technology, some are, that’s not a generalization. Then you’ve got, I’ll say, Generation X, who is a little bit more comfortable with it, but you know, maybe not in detail, right down to Generation Z, who has never known a world without a phone in their hand. And the culprits that I’m seeing most often right now, are my generation Z, folks, because they want to click everything, they move so fast, they don’t read. Any thoughts on you know, what that might look like in the next five to 10 years for a business? How do we start to put controls and protections in place from that that behavior where we all just click everything without thinking?
Very, very important question. And I think the, the answer to that question is, we all need to start about cyber security awareness. At a very young age for our our young generation, education, education, education, the more we spread awareness about it, it’s, it’s going to help us down the road, and five to 10 years, what we see here is now that what COVID did that it opened up doors to a lot of new platforms, for example, work from home. Yes, exactly. And what we have been noticing that countries are taking huge advantage of this opportunity they are, they’re actually allowing remote workers to come and live in those countries, which, for example, you know, we usually do it when we retire, we, we go away, when when it’s super cold, there we go and live somewhere warm. That’s actually happening now for younger generation who have who have the ability to work for the employer from from anywhere in the world. Not they’re able to go and live in the places of their dreams. But they’re also able to work remotely live a lifestyle that they like, and what what that say that we all need to make sure that the businesses who want to keep up because there’s a shortage of labor, right, we can find the right person to work for us. And if we need to find the right resource, we need to make sure that we open our doors to those people who have who have that option to work from home. And if you do that, we have to ask this important question. That what are we willing to do to make ourselves secure because if a person anywhere in the world wants to work for us, what tools we need to give them to be able to login to our, our network, remotely, do the daily job they’re supposed to do either it can be as small as email from any device they want, but we need to make sure that we provide the right tools and also not only providing the tools but also keeping a check and balance, which is very important and we tend to forget that you know if you have given an employee, a company equipment company property to do their job. Our responsibility doesn’t end there, we have to make sure that that device has been in track, we need to make sure that it’s getting updated. It has some some mechanism in place that if the person tries to visit any suspicious website, it’s blocking. Yes, it’s making sure that any extra work. Other other work that they’re not supposed to be doing, should be monitored and blocked. And that’s the only way you can make sure that your company property is safe because your company data is being stored on that device. Exactly. Data is is very important for any organization. So if you’re making backups, if you’re making sure the devices you have on your network are secure, then only you can confidently hire someone to work for you from from work from home bases or, or anywhere in the world.
Exactly. Yeah, that is fantastic advice. She’s on. We’re just about at a time here today. Before we do wrap up, can you maybe tell us how folks can get a hold of you? Should they you know, do some work first and then give you a shout? Or where do they start? How do they find you.
So we are easy to find our website is ibits.ca We are available on almost all social platforms. You can find us on LinkedIn, Instagram, Facebook, Twitter, we try and post regularly with tips that businesses can do. And it’s easy to get ahold of us as easiest just picking up the phone and giving us a call and asking any questions you have about your business it we would be more than happy to provide our services. And we are also offering a free network assessment of your entire business at no extra cost with no obligation because this is something we feel it’s important for us to give back to our community.
Absolutely. Well, thank you. I appreciate that. All right. On that note, if you want to sell your story, then you need to tell your story. And there’s no better place to start than being a guest on The Secret Life show. If you would like to be a guest you can email me at firstname.lastname@example.org or reach out on our Facebook and Instagram pages at above the fold. Ca. I’m your host Barb McGrath, Google girl and founder of the Get found for local program. Remember, you worked hard for your success. Don’t keep it a secret. Bye for now.