Episode Transcript
[00:00:02] Speaker A: Welcome to the NSYNC Assurance podcast. I'm your host, Dawn Cross, and today I'll be discussing the importance of cybersecurity with Dylan Evans finder at Simple Salt.
If you enjoy our podcast, make sure to leave a rating on your favorite podcast directory.
[00:00:19] Speaker B: Brilliant. If I could get you to start off, you introduce yourself and your company.
[00:00:24] Speaker C: I'm Dylan Evans with simple salt. We stop Internet crime, usually cheaper, better and faster than the industry standard.
[00:00:35] Speaker B: Oh, I love that. You've got it down to a t.
That's great. So how did you get into dealing with cyber security or something that you were always interested in or something that kind of fell into your lap?
[00:00:49] Speaker C: I think it fell into my lap, and I think that's true of almost everyone in the industry.
And, I mean, you get kids now that you can get degrees in it. But I. It was. Yeah, it wasn't a career option when I was getting started.
I got into it because it was kind of fun and it was hard, and it was. It was always something new. I think that's why some people find it glamorous. You know, people in balaclavas tapping on green screens, hackers, all very covert ops stuff.
[00:01:25] Speaker B: Yeah, it's quite an interesting one. And obviously because obviously, the growth of the Internet and everything else, it's ever growing, isn't it? Because there's always new, different ways to catch people up and new loopholes, as it were.
[00:01:37] Speaker C: Yeah. And there's this weird dichotomy because as people who join the industry mature, they realize it's a lot more boring than they thought.
Like, it's not glamorous. You're not doing the neatest, coolest thing. You're just. But most of us, people who don't work for security agencies, national security agencies, are really just trying to stop from getting nailed by a bunch of fairly boring crime rings in eastern Europe and India and wherever, from stealing stuff. And some people have crises of, like, well, what am I doing with my life? But I suspect most people in their careers end up with a moment like that.
[00:02:28] Speaker B: No, I think there's definitely. It's almost like a rite of passage when you're finding a way around the job world and figuring out what makes you tick, and it's always an interesting one. So my first question for you today is, why is cybersecurity so important in this day and age?
[00:02:50] Speaker C: That is a great question. I think some people, there is huge risk. The risk is more than they ever realized.
And for other people, the risk is much smaller than CNN would have them believe. But it's still, as an industry, as a social topic, causing pain for the people who, for whom it isn't a big deal, who don't need to worry about it as much because they don't know what they should worry about when they watch CNN, when they read the latest news reports about how much somebody else lost. It's unclear to most business owners how likely it is that they're going to be affected in a similar way.
[00:03:42] Speaker B: That's definitely interesting as well is that obviously nowadays, I think, you know, maybe just security software you get with your laptop standard or anything else, it's not going to quite cut it now, unfortunately. And I think as well that a lot of education is still kind of left almost. There's not many people have actually realized, you know, people still get caught out on phishing emails and stuff like that, although, you know, they are definitely, there are definitely signs of, you know, okay, this is definitely weird because the email address is like the most random made up thing ever, but it's, it's getting harder to spot the difference now as well, isn't it?
[00:04:21] Speaker C: Yeah.
And we're already on our way towards that becoming a lot worse because the advent of chat GPT and other generative AI's and is making the cost of running a very high quality white glove fish very cheap. Whereas before you had to pay someone like, who is an experienced broadster and good at doing recon and finding out the name of shareholders so we can trick the CEO. And now you don't have to do that anymore, just give it to chat GPT. It's already happening. And so I think a lot of businesses that weren't worth the time to go after are going to see a huge explosion and we're already seeing it in sophisticated attacks.
[00:05:15] Speaker B: No, definitely. I think what's really key as well is that, like we were saying, you know, there's always going to be a slight risk that something could happen and it's not something you can completely prevent. But I guess having certain measures in place, like for example, insurance for if something does go wrong and also give you that peace of mind, I'd love to pick your brains, actually, kind of, you know, what kind of cybersecurity measures that people can take, whether they're a freelancer or medium to big business owner, what kind of things like working with yourself that they can do.
[00:05:52] Speaker C: Sure.
This is the most popular question and I try to avoid it, but it's so popular for a reason, right? We are all looking for an easy bill, right? But it's just like weight loss, right? What works for me might not work for the next person. Might not work for the next person. It's going to be.
Most of your success is going to be through changes to things specific in your life or your business operations. Think about someone who runs a retail outlet. Maybe they sell like, I don't know, toys or hardware. And their risk of crime is pretty much restricted to the point of sale machines. Someone coming in at eleven a or 11:00 p.m. and putting a skimmer on their point of sale and running off with all the customers credit card numbers and doing like a money mule money laundering scheme to, I don't know, to try to turn those numbers into cash. An insurance policy will cover that. If you think about a divorce lawyer, if you get an email from a crime ring saying, hi, I have stolen everything between you and your, your lawyer, and I want you to pay me $200,000 or I'm gonna post it all over Facebook. That's your life.
What a lawyer sells is trust. You're gonna stab that guy. Like, that is a big deal to you.
[00:07:42] Speaker B: Oh, definitely.
[00:07:43] Speaker C: And the most effective way for someone selling toys out of a retail outlet in a mall to stop the cybers is going to look way different than for the divorce lawyer. It's probably going to look pretty different from even someone running a tire shop who also has a point of sale.
It really depends on what's at risk, what could really ruin their business. And, and so you go, you Google, everybody googles, like, top, like, what do I. What am I supposed to do to stop these hackers? And you will, Google will give you like a top ten listicle. Thou thou shalt do all these ten things and they're expensive.
It usually ends up like, thou shalt buy these ten techno products, right? And I'm here to tell you, I'm here to tell y'all, it doesn't work like changing just the, the way your staff walks around at 11:00 p.m. to make sure nobody can put a. A skimmer on your point of sale that's going to go a lot farther and cost you almost nothing.
Then checking everything off of a list. Sorry, went on a rant.
[00:09:11] Speaker B: No, I love it. It's really great as well because, you know, doing this podcast especially, we've come across a range of businesses. So, you know, we work, and I've spoken to, with a lot of estheticians, those who do like, thermal injections, you know, Botox, that sort of thing. So you know, like you said, it'd be very different for them than it would be for someone who just runs like a brick and mortar shop. And, you know, they don't actually have much online, whereas a lot of esthetician stuff is going to be online. Or they're more susceptible maybe to bank fraud if they just do it purely by bank transfer.
You know, unfortunately there's always going customers as well that's gonna, you know, be cheeky with it and try to default a payment or that sort of thing. So there's like a wide range of stuff that I guess people have to look out for. So I can understand it. It's not just one size fits all there.
[00:10:06] Speaker C: Yeah, I guess I'm gonna reverse myself a little bit. If there is one thing you start with, this stuff is not that hard. Think through your business and say if this thing was stolen, if like a particular thing disappeared, your bank account was drained, someone ran off with your credit card, someone took over the account of your office manager, someone took over your email account and sent emails as you to clients and sent them fake invoices and all. One thing went bad and it went bad in the worst way. How trashed would you be? You can, I mean, it's not hard. You can do this in like 2 hours, probably pour yourself a glass of wine and just do a simple thread inventory. And if none of the answers are, I would lose my business. You're doing better than a lot of businesses, and if you want help thinking about it, you know, you can call us up. That's what we do. We help find the easy answers instead of the expensive tech answers.
This kind of planning can go a long way in getting you really good results.
[00:11:23] Speaker B: That sounds really good. And as well you know, it's not. It can always just be simple as that. Maybe someone needs to use a secure password logging software.
You know where I need. Maybe they only have the master keyword or password to get into, or changing passwords regularly. I feel like not a lot of people do that. I know, at least I do it monthly. And not only just because it's kind of almost mandatory, but it's also just kind of good to do. Because obviously if you're so stuck in this using the same password for quite a while, obviously eventually someone's going to find it or guess it, or it's going to be in a leak or. And then that's it. You know, if you use same password for multiple things as well, from what I've heard, that sounds pretty detrimental to keeping safe.
[00:12:12] Speaker C: You're gonna. You got me started on another rant.
The security industry has given bad advice about passwords for like 40 years. All of this stuff about is it's got to have got to be complicated. Symbols, numbers, all this jazz. You got to rotate it. It's terrible advice. And the us federal government actually published a. I don't know, they call it a special publication in the 800 series. It's 53 b for those who are interested in that sort of light reading. And they said, guys, none of this is working. You are treating all this advice is as if people were computers who can remember 200 different passwords, all random strings of gibberish, all.
And they can't. People just get around what you're trying to get them to do and the end result is it's not helping. And they suggested a couple alternatives. Right now, the easiest way for most people to solve the password problem is to get a password manager and not type any passwords anymore. We have a series on like, how to use a password manager because like, the way you use a tool is more important than the tool itself. If we can, we can throw that in the comments. But passwords are problematic.
But they're never going away because there's always going to be some site that's going to be so behind the times and they're going to make you do a password and change it every 60 days.
So you're going to need a way to manage all these passwords safely for another decade at least.
[00:14:09] Speaker B: So would that be maybe be your kind of lasting advice then? Would be kind of, if anything, get a password manager that you definitely know the password for to help with your other passwords.
[00:14:22] Speaker C: That is a easy thing and it honestly saves people time. Like about the last year, how much time have you spent messing around with passwords? Like clicking the reset button?
It's so annoying. Not getting it right, retyping it, retyping it again.
And it's like, password cannot be the same as your last password. Well, if you do a password manager right, it will save you all that grief. The end state you want to get to. Oh, and it'll most, it'll mostly stop phishing attacks. That's the other benefit if you're using it right, which is honestly most of our practical exposure. Most. The biggest threat that most of us will run into. And your goal is to not type a password ever again except into the password manager. So if you want to know more, check. We got a series. Uh, it's a little old. Our production values have gone up since then. But, um, you know, fail fast.
[00:15:34] Speaker B: That's brilliant. We'll definitely leave a link in the podcast descriptions and people can have a look a bit more in depth about it. So I think some people, you know, they really love kind of seeing their teeth into it. And I think some people just, they're like, okay, so basically I should probably do that and then get on with it. So it's really great that you have an extra information that people from 30 afterwards.
[00:15:56] Speaker C: Yep. It's easy, guys. Don't be afraid.
[00:16:02] Speaker B: I love it. Have you got any lasting thoughts before we round off the episode?
Putting you on the spot there a little bit.
[00:16:12] Speaker C: Yeah. I mean, where do I go from there? Uh, I guess there is hope for the security.
Like, they have been the ivory tower for a long time.
And I think because businesses and people are starting to lose a lot, it is starting to grow up and it's starting to be helpful more than just like telling you all the wrong bad stuff you should, you haven't done.
This is our mission. We want results for you. We want who reduce the amount of money that goes to North Korea's nuclear weapons program through, you know, simple ach fraud, things like that. We want results. If that sounds appealing, come hit us up. We'll get there.
[00:17:01] Speaker B: That's brilliant. Well, thank you so much for coming on today. It's been really insightful to chat about cyber security anytime.
[00:17:09] Speaker C: Thanks, Donna.
[00:17:13] Speaker A: Thank you to my guest today, Dylan Evans, for chatting about his expertise and opinions in cyber security when it comes to your business. If you're interested in the services, please.
[00:17:22] Speaker B: Click the link in the description.
[00:17:25] Speaker A: I have been your host, Dawn Cross, and tune in next week for another episode.
Boonsync is one of the UK's fastest growing insurance providers, offering comprehensive cover for SME in the self employed across the UK. Our expert team can tailor your insurance to meet your individual business needs and compare prices. From our Lloyds of London approved partners, we offer a five star service and have been FIFO platinum trusted winners five years in a row.
