S06E09 – Cybersecurity And Your Business – Be Alert Not Alarmed

From medieval Danish raiders demanding tribute to modern ransomware attackers, we explore why paying criminals never works and discover the surprisingly simple steps that keep most digital marauders at bay.

Steve and David emerge from a classified briefing at the Australian Cybersecurity Centre with sobering news: the average cyber attack costs small businesses $50,000, and we’re all walking around with targets painted on our digital backs.

Bevin from Legends with Bevo shares his painful experience of losing his Facebook business page to scammers, illustrating how quickly years of hard work can vanish with one misplaced click.

The hosts draw fascinating parallels between 11th-century Viking raids and today’s ransomware attacks, proving that some criminal business models are depressingly timeless.

We examine practical defences including multi-factor authentication, regular software updates, and the surprising importance of simply turning your computer off at night.

A 2002 government advertisement reminds us that being alert without being alarmed requires constant recalibration as threats evolve.

Get ready to take notes.

Talking About Marketing podcast episode notes with timecodes

02:00  Person  This segment focusses on you, the person, because we believe business is personal.

When Spidey Senses Save Bank Accounts

Drawing from the classified briefing and real victim experiences, Steve and David explore our individual responsibilities for staying safe online. The segment opens with Steve’s admission that he’s slowly trained himself out of password complacency, despite the daily inconvenience of two-factor authentication codes.

The hosts share a sobering case study from Sydney, where a business owner’s spidey sense kicked in after clicking a suspicious link. His quick thinking revealed draft emails waiting in his outbox, ready to defraud his contacts using his reputation. This near-miss illustrates how modern cyber criminals exploit trust networks rather than simply stealing money directly.

Bevin’s story on the Think CYBR podcast from the Legends with Bevo podcast provides a heartbreaking example of consequences. His business page, built over seven years with 5,000 followers, vanished overnight when scammers gained access through a convincing Facebook phishing email. Despite spending thousands on IT experts, he remains locked out to this day.

The conversation introduces IDCare.org, a free Australian not-for-profit that helps individuals and businesses recover from identity theft and cyber attacks. Steve emphasises this resource doesn’t seek donations and supports everyone from individuals to large organisations, making it a crucial bookmark for anyone’s digital emergency kit.

11:00  Principles  This segment focusses principles you can apply in your business today.

Why History’s Lessons Apply to Your Email Inbox

John Cleese once observed that technology changes but people remain remarkably similar, and Steve demonstrates this principle through an unlikely historical parallel. When 11th-century English kings faced Viking raiders, they implemented the Danegeld, a special tax used to pay tribute and avoid destruction.

The hosts trace this through to 1066, drawing from The Rest is History podcast to show how these payments simply encouraged more ambitious raids. Each successful tribute convinced the Vikings to return with better weapons and greater demands, ultimately contributing to the Norman Conquest.

David connects this directly to modern ransomware advice: never pay the ransom. Just as historical tribute payments funded future attacks, ransomware payments finance criminal infrastructure and guarantee return visits. The Australian Cybersecurity Centre‘s guidance echoes medieval wisdom: you cannot negotiate with raiders who view successful extortion as validation of their business model.

The discussion moves to practical alertness versus paranoia. David prefers framing this as curiosity rather than suspicion, encouraging people to ask “what’s unusual here?” rather than becoming cynically defensive about everything. This positive approach to security awareness makes protective behaviour sustainable rather than exhausting.

The hosts identify three critical red flags: urgent money requests (especially fake invoice corrections), emails requesting sensitive information, and messages that look slightly off. They emphasise the importance of pausing when frazzled, as most successful attacks exploit our tired, rushing moments when normal caution lapses.

23:00  Problems  This segment answers questions we've received from clients or listeners.

The $50,000 Wake-Up Call

The problems segment confronts the brutal mathematics of cybersecurity failure. With average costs reaching $50,000 for small businesses, most attacks become existential threats rather than mere inconveniences. This context transforms every security measure from optional to essential.

Steve and David outline the minimum viable protection strategy, starting with multi-factor authentication for all critical accounts: banking, accounting, email, and social media. They acknowledge the inconvenience factor whilst emphasising that this irritation pales beside the devastation of successful attacks.

Software updates emerge as surprisingly crucial, with both hosts confessing to poor habits around computer restarts. The briefing revealed that leaving computers running continuously for more than 48 hours significantly increases vulnerability. Steve recognises an unexpected psychological benefit: shutting down creates healthy work-life boundaries whilst improving security.

The discussion covers modern password management, with recommendations for dedicated software like Dashlane or OnePass. The cybersecurity expert’s strategy of maintaining two separate password managers, one for critical accounts and another for general use, provides an elegant compromise between security and usability.

Access controls and user restrictions complete the essential toolkit, particularly important for businesses sharing computers or accounts. The hosts stress that these measures work by making attackers choose easier targets rather than creating impenetrable defences.

Resource sharing becomes community responsibility, with Steve offering to review suspicious emails for anyone in their network. The conversation concludes with government resources including the Australian Cybersecurity Hotline (1300 Cyber 1) and cyber.gov.au, positioning these as essential bookmarks for every business owner.

31:00  Perspicacity  This segment is designed to sharpen our thinking by reflecting on a case study from the past.

Alert But Not Alarmed in the Digital Age

The 2002 “Be Alert Not Alarmed” campaign provides a fascinating lens for examining how threat communication evolves. This post-Bali bombing advertisement attempted to balance vigilance with reassurance, encouraging reporting whilst maintaining social cohesion.

Listening to the advertisement today reveals its distinctly dated tone. David observes that whilst the core message remains sound, the delivery feels patronising and overly simplistic for contemporary audiences. The campaign assumed shared values and experiences that no longer exist uniformly across Australian society.

Steve and David identify crucial differences between terrorism threats and cybersecurity risks. Terrorist attacks, whilst psychologically devastating, remain statistically rare events that receive extensive media coverage. Cyber attacks occur daily but often remain hidden due to victim embarrassment and business reputation concerns.

This creates a perverse situation where the more common threat receives less social awareness. The hosts suggest that shame and secrecy around cyber victimisation prevent the community learning that might reduce future attacks.

The conversation explores alternative communication strategies, including Jasmine from Think Cyber podcast’s suggestion of using true crime storytelling approaches. David advocates for StoryBrand framework applications, positioning cybersecurity agencies as guides helping business heroes overcome digital villains.

The episode concludes with recognition that effective threat communication requires constant evolution. Yesterday’s messaging strategies cannot address today’s threat landscape, but the fundamental principle of alert awareness without paralysing fear remains eternally relevant.

Transcript  This transcript was generated using Descript.

A Machine-Generated Transcript – Beware Errors

TAMP S06E09

Caitlin Davis: [00:00:00] Talking about marketing is a podcast for business owners and leaders. Produced by my dad, Steve Davis and his colleague talked about marketing David Olney, in which they explore marketing through the lens of their own four Ps person, principles, problems, and pers. Yes, you heard that correctly. Apart from their love of words, they really love helping people.

So they hope this podcast will become a trusted companion on your journey in business.

Steve Davis: David, I, I dunno if you noticed this or not, but we were being tailed as we left the building today of the Australian Cyber Security Center, and it’s why we took longer to get home. I was trying to lose them. Does that surprise you?

David Olney: Uh, in the context of being in Adelaide on a whatever [00:01:00] day it is, Thursday.

It does sound a little bit surprising. I think it’s more that other people just also wanted to leave the building and the city. Oh,

Steve Davis: yeah. I, I think I just got the heebie-jeebies because we can’t even tell you who the person was from the Australian Signals Directorate who was leading the talk there, because we are sworn to secrecy.

It’s all. Top this is Australia’s, uh, defense against cyber attacks and they’re real and every one of us, you, me, dear listener, you as well. We don’t take it seriously enough. And this episode is dedicated to getting us to do that. And I hope you haven’t tuned out yet. What’s your, how can you scare people to listen?

David, what would you say? Because this is your gift.

David Olney: Yeah, well, it’s do a little bit of work now or have an awful lot of misery later.

Caitlin Davis: Our four Ps. Number one [00:02:00] person, the aim of life is self-development. To realize one’s nature perfectly. That is what each of us is here for. Oscar Wilde

Steve Davis: in the person segment. For this episode, we wanna look at the, our individual responsibilities when it comes to being safe online. And look, we can be very complacent, as we all know. The human brain likes to be a neutral as much as possible, and that means those pesky passwords or whatever. You know, it is just so easy to say, you know what, just remember it.

I don’t want to put it in every time. Thank you very much. I have slowly trained myself out of that. David, I, little things, I have like the little bit of software that tracks whether emails I send, people have been read or not. Uh, for our CRM. Every day that prompts me to log in again. It sends me a code by [00:03:00] SMS, uh uh, um, my accounting software, you have to put in the authenticator code.

It’s a pain in the butt, but I say to myself, you know what? This is a pain in the butt 100%. But what if certain creepy people, including some I’ve worked with in the past, got their mitts in on this code and they got in. How would I be feeling about it then? You know what? I wouldn’t begrudge this inconvenience for a second.

I think that’s the mindset we need. Yeah,

David Olney: most definitely. You know, two factor authentication is annoying the first 20 times, but by the hundredth time it’s normal. So the sooner you get used to the fact of, oh, you know, the software is gonna send a code to my phone now, and I’ll enter that in, and that way, well, I can be sure I’m the only one getting into my account.

There’s actually a wonderful peace of mind from taking the extra five seconds for two factor authentication. And we’re gonna look at a

Steve Davis: couple of, um, specific things a little bit [00:04:00] later on. But, uh, legends With Bevo is a podcast that looks at different sporting legends in particular. And I’ve worked with Bevin, um, through our mentoring programs and as a client, and I didn’t realize this, that, um, he’s had some issues when it comes to cybersecurity.

Well, after I was working with him, I Hasen tot and we just heard him, uh, telling a story about his experience on the Think Cyber podcast. Um, Jasmine who runs that, we met also at this briefing today, and, uh, that cyber spelled CYBR, there’s no e of course. Um, and he was telling the story about when it dawned on him that he’d been victim of a scam.

Bevo: I woke up in the morning as you do, and. I just check my bank statements and, and noticed there was an unusual transaction, and it doesn’t sound like a lot of money. It was only like 130 bucks. But, um, in the scheme of things, and as it turned out, it was yeah, quite an absolute pain in the butt because, um, I looked at the [00:05:00] transaction and it said something like a PayPal transaction for advertising.

And I was like, I haven’t, you know, said anything about advertising or paid for anything and asked for anything on Facebook. So what’s this? And then all of a sudden I went to like, log into my Facebook. And it’d been suspended. So I’m like, this is my personal Facebook I’m talking about. And I was like, what the heck’s going on here?

And then I went onto to my legends of Bevo, which is obviously Link, which is my business page, and that had also been suspended, so. Mm-hmm. Um, and it was just one of those things where it says, your account’s been disabled due to inappropriate advertising. You know, you, you probably know all about the side side of things.

And I was thinking, what, what the heck’s going on here? And then. Uh, just doing lots of different investigating, researching, uh, spoke to so many different people, so many different, it experts paid thousands and thousands of dollars to, uh, get in touch with, with, with meta, and still to this day have not been able to get it fixed.

And I guess the most frustrating thing is like May last year, these people who ever they were, that got into my Facebook page started doing these really weird, [00:06:00] inappropriate videos and yeah, sort of ruining my reputation on my page. And it was only for like a short time and. They never contacted me asking for money or anything like that, jazz.

So it was really bizarre situation, even to now, I dunno why they did it for whether it was just to have a bit of fun. Um, honestly, and it’s just been nothing but frustrating. And, and the page is still there, like over 5,000 followers. Mm. And it’s just, I’m just completely helpless that I can’t do anything about it.

And so, yeah, just all that hard work, you know, I’ve had the podcast for. At that stage would’ve been six years, so seven years now in April this year. Uh, so that’s a lot of hard work, over 5,000 followers that you lose really heartbreaking

Steve Davis: as Jasmine points out in that little snippet. He has this preventative mindset, this little habit of checking his bank account. I don’t think all of us, I mean I do from a business perspective because I reconcile everything that goes through our bank account. So I would see something that is untoward. It made me think, eh, on the personal accounts, [00:07:00] I’m not, I don’t pay quite as much attention.

I probably should do that. Um, what’s interesting is that. One of the, uh, case studies that they shared at this briefing today was about a gentleman from Sydney who clicked on a link in an email and afterwards he just had this spidey sense that something wasn’t quite right. So he looked through his emails and there he discovered draft.

Emails that were waiting there to be sent out in his name to people in his contact list with invoices and a message saying, just sending this invoice again, and here are the details and it’s different banking details. And he was lucky enough to be able to delete them before they got sent. He then discovered that these crooks.

Had worked out from the link, he clicked in how to sign into his inbox, and they were [00:08:00] going to be using his reputation, riding it into the ground and sending out emails in his name. I. That is very tricky. ’cause who would normally pick that up? David?

David Olney: Yeah. Who goes and looks in their draft folder when they haven’t, you know, written an email and wanna go through it and make sure it’s ready to go.

The point here in both situations is people’s preventive mindset was, oh, it’s a bit weird. I’ll have a look now. In Bevin’s case, it was a little bit too late. He realized after he’d seen the strange PayPal transaction on his bank statement, that actually he’d got an email he thought was from Facebook.

He’d treat it as if it was serious, and he had, you know, entered his username and password and in doing so, given control of his Facebook count away, his spidey sense came up when he went back to his normal level of preventive behavior of looking at his. Bank account the next day.

Steve Davis: Well, you’re dead, right?

And we are gonna [00:09:00] talk about some practical things we can all be mindful of, uh, in just a moment in, uh, next segment. But I, one thing that was brought up I didn’t know existed. If ever you are in doubt and you feel like your personal identity’s being stolen or compromised, there’s a website you can go to.

That’s id care.org, ID CAR e.org. An Australian based company is a not-for-profit. They do not ask for any donations. They are supported. And their job is to help you recover. This is fantastic, David.

David Olney: Yeah. When you hear someone like Bevin’s story where he just didn’t know what to talk or who to talk to and lost days trying to work out what to do, if he’d known, just reach out to id care.org straight away.

Who could have said what he could have done? What isn’t possible, what can be achieved? That’s really more important to just shut everything else down. Let everyone know that that account is not you anymore. You know, he could have [00:10:00] felt perhaps more positive about the actions he could take faster.

Steve Davis: And the beautiful thing is they don’t care if you’re an individual, small business or an organization.

Uh, they’re there to give you some free support to work out what a plan, uh, is going forward in how to recover from this. And they even actually hold cyber resilience outreach clinics from time to time. So I’m going to be having a good look at that site id care.org. I think from a personal perspective, just for us to sleep well at night, um, we have to understand this is real.

This happens to a lot of people, more than you would think. And we actually have these tools, uh, to try and stay ahead of the curve.

Caitlin Davis: Our four Ps. Number two principles. You can never be overdressed or overeducated Oscar Wilde.[00:11:00]

Steve Davis: The more things change, David, the more they stay the same. Yeah.

David Olney: Is that, is that true? It’s absolutely remarkable. The technology can change. The clothes we’re wearing can change, and people are remarkably similar

Steve Davis: because during this briefing we had at the Australian Cybersecurity Center, uh, there was a little comment actually made towards the end.

Uh, when it comes to ransomware, that’s where people have gone to work. They’ve discovered that they’ve been locked out of their computers, their network. Um, often sadly, they’re backup computers and discs have been, uh, encrypted. They’ve been locked out of them too. And the, the message comes on the screen that if you want to get access again, pay, whatever it could be.

It could be 300 bucks, it could be a thousand, it could be many thousands. Um, the advice is do not pay. And that’s hard to swallow when you know that you’ve got your businesses workings locked [00:12:00] away from you because that is an Armageddon kind of experience. And what’s interesting to me is as she was speaking and telling this story, I instantly thought of 10 66 as as you would, David, I’m sure your mind went there as well.

Uh, because if we go back to the, the history of England in the lead up to 10 66, uh, where. There was a, there was an Armageddon, if you like, uh, the Norman’s Armageddon, the poor Anglo-Saxons. Um, in the lead up to that, different kings had been dealing with marauders. David, I. You know, uh, Danish, you know, all the different Viking types, et cetera.

And my surname’s only, I’ve got a certain soft spot for those marauders. Yes. That’s why I’m sitting on the other side of the desk. So these marauders would come, and what some of the kings worked out to do is you do a special tax on people and you would get. 10,000, [00:13:00] uh, silver coins, whatever that is. I think the, the figures, well, that works out to millions of dollars today and give it to the marauders to say, here, don’t hurt us.

Take this money. Go away. And it was referred to as danegeld gerd, of course, being the, the Germanic word for, for money for gold. And the thing that history teaches us is. All that did was they went away and thought, you know what? That was pretty easy work. Let’s get some extra tools, some extra weapons.

We’ll go back. We’ll do it again. And so they did. This is where history can teach us and put this advice into context, David.

David Olney: Absolutely. You know, if the Vikings turned up for the third time and you can’t pay, you know they’re always willing to attack you one day if they have to. So why did you give them money the first two times?

Unless you were gonna build stronger ways to respond to them in between. So this point here, if you pay [00:14:00] the ransom, they’re gonna come back looking for more. And in the same way before 10 66 when the Vikings were turning up, unless you were gonna fortify your town and prepare to fight, next time they turn up, why would they change their rewarding behavior?

Steve Davis: And of course, um, I don’t always just think of 10 66. I have been listening to a fantastic history podcast called The Rest is History and they’ve got a series of episodes all about the year 10 66. And this clip actually shows us why you don’t keep paying the ransom. Nope,

David Olney: you gotta get better at security or runaway.

But either way, you can’t just pay. It’s not an option.

Rest Is History: And in 9 9, 1, Triva and his fellow free Booters, a kind of great fleet of Vikings are cornered on land at at Malden in Essex, so south of East Anglia, and they’re confronted by the the alderman of Essex, a guy called Brin North. And the Vikings win, and Brett North is [00:15:00] killed. Do you want to know a facts about that, Tom?

Yeah. Tell me. So obviously the Battle of Malden is one of the most famous old English poems, but you know, who was obsessed with the Battle of Molten JRR Tolkin and the stands that, uh, bit Not Makes at The Battle of Malden is apparently the inspiration for the stand that Gandalf makes at the bridge of Kaza Doom.

I did not know that. Isn’t that a good fact? That kind of Tolkien esque quality of glamor and magic and tragedy. It does hang over this story. And unsurprisingly, because for Tolkien, the Norman Conquest was the greatest tragedy in the history of England. Yeah. And he wanted to write Lord of the Rings, to give the English back the mythology that he thought they had lost as a result of, of the conquest at the red.

Not a kind of Toki nest hero, really. He decides that the best way to deal with this crisis is to buy the Vikings off. And so he uses his state apparatus to raise 10,000 pounds worth of taxes, which inevitably comes to be called the Danegeld, the gold that is [00:16:00] being paid to the Danes, and equally, inevitably in 9 94, Olaf Travain is back for more.

He this time, uh, he doesn’t just hover the coast. He leads an assault directly on London. It gets beaten back, but he then goes on a kind of great ravaging raid across the heartlands of Wessex. And this of course, is absolutely an open challenge. To Aha Red, it’s an attempt to shred his authority because wessex is the heart of the entire English kingdom and the rays just keep coming and coming, and treasure is stripped from churches.

Aha. Red’s subjects are enslaved, and this is a hideous experience both for men and women.

Steve Davis: So there you go. They knew they were getting, they would take the money while it’s there, but they were ready to get all the silver. Out of that country and then come back and completely destroy it. So not good customers. We know that now about ransomware. It’s the same thing that applies [00:17:00] and probably the first line of defense that she spoke about was we need to train ourselves and anyone working in our business basically to be suspicious.

And when I think of people being schooled to be suspicious. I think David only, that’s not a bad way to be. Is it David?

David Olney: Yeah. I like people to be aware. I like people to pay attention. I would rather say be curious about the motives of anything that looks unusual. I. Yeah, because I wanna put a positive valence on it because being curious is puzzle solving, being curious is being interested, and I would much rather people be positively valenced towards what’s going on than suspicious to the point where they see a problem everywhere.

Steve Davis: Interesting. You mentioned if you see something that look, just looks a little bit off, isn’t the dilemma, the fact that they’re looking less and less off these phishing emails where they try to look like the real deal? They’re actually looking pretty good.

David Olney: [00:18:00] Yeah, and particularly in my case where I’ve got the screen reader reading them to me again, I, I’m not seeing if the logo looks right.

So if the words sound right, I’m lucky that most of the people who write these emails have terrible grammar, spelling, and punctuation until AI helps them. Well, that’s the point. They’re getting better because of ai, not because of the other person who came up with the idea of the fraudulent behavior.

Steve Davis: Yes.

So it’s not so, I mean suspicious. So here are the, the three flags that they said to look out for. Um, the first one is if you get an email or a message that’s urgently requesting money. Whether that’s, if you have children, you’ve got a child texting you, um, people fall victim for that. The common one that was talked about in this presentation was the email coming from someone you know that might say something like, hi David.

The last couple of invoices have bounced. Um, I’m sending it again. Are you able to pay that today and what’s happened? Of course. This is the first time they’ve sent this. You think, oh yeah, I do owe Steve that money [00:19:00] and you pay it, but it’s gone to a different account. Would you do that?

David Olney: I would hope I wouldn’t, but I guess it depends how frazzled you are at, you know, five o’clock after an eight hour day at the computer, you might just be tired enough one day to go, oh yeah, I mustn’t have paid it, rather than to go, hang on, I should go look at my bank records.

Steve Davis: Um, so that’s the first one is to, to teach yourself that anything like that should trigger a fresh set of eyes to have a look. And one thing I say to anyone we’re working with, or anyone we have worked with in the past, you are always welcome to forward. Any email like that to me, [email protected].

I’m happy to run my eye over it because I can normally spot these things at 3000 meters. Uh, some things that might get past you, mind you some things. Would he test my limit? They’re getting better and better these days. So that’s the first one. The other one is emails or iMessages containing malicious links or attachments or asking for sensitive information like passwords.

That should be the [00:20:00] biggest red flag of them all. Well, uh, even that’s not

David Olney: right. They’re all big red flags. They are. But this thing of being asked for information, it’s so common when we’re inside of apps or inside of software packages. But the thing to really remember is. If they can ask you inside their secure environment or they can ask you to go inside the secure environment, why are they sending you an email and asking you to click on a link and randomly put sensitive information on a webpage?

You know, we only have to stop for a second and go, hang on. If that was legit, wouldn’t they be asking me to log in and go to the notification section so I know it’s real? The third red flag

Steve Davis: is any emails that look that little bit off. And I guess that just means, I think she said, you know, the banks, for example, you get something from A NZZ, ZZ.

Yeah. And if you are frazzled, rushing, when you do this, we are likely to miss it because the brain goes that, that looks about right. We have to get that spidey [00:21:00] sense really sharp, basically, trust. Nothing, especially if it’s asking you to take an action. I think that’s the fair thing to say here. So. Um, I always make sure when I, when that gets triggered typically depends what your software is, but you could hover over the email address that’s in the email and it will show you, not the one that it’s written to look like, but the real one underneath.

It might look like you know, [email protected], but you hover over it and it’s David at Gidi gig 3 8 2 Z said Russia. Um, that’s when you know something’s. Off kilter.

David Olney: Yeah, and I’ll take the line from James Py, a very capable intelligence interrogator where he said, if in doubt, always ask one more question.

That’s all you gotta do to avoid most problems.

Steve Davis: And I get that too, um, occasionally with these SMSs asking for something. I [00:22:00] got one recently and I asked the person for something that only me and them would know. So it was a personal question, and the wheels soon fell off because. It was not them, it was someone who was pretending to be them.

And this is the, the joy of being able to SMS and message and whatever is that you can do it all times and it’s easy, but it means that the ne do wells can hide behind that. Hmm. So really from the principal’s perspective, I guess the lesson is technology changes. People don’t, history repeats. And history sometimes has a fake email address underneath it.

Caitlin Davis: R four P’S number three, problems. I asked the question for the best reason possible. Simple curiosity. Oscar Wilde[00:23:00]

Steve Davis: in the problem segment. I figure for this special cybersecurity episode, we should look at what are the actual actions we can do. I think most of us have had the bejesus scared out of us. As the saying goes, um, let’s look at what we can actually do. Although we’ll notice that the average cost. Offer cybersecurity incursion for small businesses sits around $50,000.

That’s very hard to come back from. In fact, they probably wipe out most small businesses. David.

David Olney: Yeah, it’s a good way to keep this in context. Either take 30 seconds, investigate or potentially be $50,000 down. ’cause that’s the average.

Steve Davis: Hmm.

David Olney: Which means there’s a lot that are

Steve Davis: higher. Yeah. Interesting.

Looking at the figures, they had, um, medium sized corporations and, and bigger, uh, it was about 60,000. So, uh, per incident. Hmm. When you think about it, that makes the 50,000 for a small business [00:24:00] gigantic. Proportionately. Yeah. Yeah. So here are the, um, we went through the material that was sent to us and here are some of the free.

And no cost options and actions. We can take the first one. We’ve talked about this a lot. Turn on that multi-factor authentication. Sometimes it’s called two-factor authentication. Basically means that, especially for the most sensitive accounts, so that’s going to be your banking, your accounting, your email, your social media accounts.

I include them even though they’re frivolous at one level, they are your reputation. Online. It’s how most people mediate. Uh, you are mediated to most people. If we’ve got two factor authentication means when you log in, yes, you have to get a text message sent to you, or you use an authenticator app like Google, uh, authenticator where it generates an ongoing code that changes all the time, and you plug that in and then you get in.

It is a pain in the butt, but it is nothing [00:25:00] compared to having crooks get inside your world. The next one is update software regularly. So that means turning on those auto updates for your phones for if you’ve got Windows or, or whatever operating system you’ve got iOS. Let them look after themselves and stay up to date all the time.

That, to me is a no brainer. That should be happening.

David Olney: You agree dam? Absolutely. And the one I would add to that is very often to aid in software updates. Restart your computer every few days. Don’t leave it a month of putting it on the sleep at the end of every day and then waking it up in the morning.

’cause in a lot of cases, then it will be slower to do the updates than if you give it a restart every few days.

Steve Davis: And on that, that’s the one that surprised me today because I will put my hand up. You know, I’ve got this beautiful Windows beast that I’m running, and I would leave it on for seven days, [00:26:00] 10, you know, and they’ve actually said, do not leave your computer running nonstop for more than, I think they said 48 hours.

I’m gonna start doing that now. In fact, I think there’s, it kills two birds of one stone if I turned it off at night. It creates a psychological sense that we are packing up for the night, the day’s over and tomorrow’s a new day. Yeah. Yeah. Uh, and you know, I often do it ’cause I’ve got tabs open and I don’t wanna have to look ’em up again, but.

That’s not hard to do. There’s a thing called history.

David Olney: Mm-hmm.

Steve Davis: Yeah. It’s there. We just have to want to use it. So the biggest takeaway for me, ’cause I’m doing most of these things, I’m not saying I’m squeaky clean. I will be much cleaner after this experience. But, um, keep turning those machines off. And I, I think that’s a little bonus, David.

’cause that then prompts a refresh security software antivirus. Richard Pasco, the Adelaide tech guy who’s a friend of us here at, um, talked about marketing. He says, look, don’t worry if you’re a Windows person of getting [00:27:00] antivirus software these days, the windows inbuilt, um, protection that comes your defender that comes as part of Windows that does the job.

David Olney: Just make sure it’s on. Because again, it could have got turned off at some point to install something. So just every now and then type defender in, open it up and make sure it’s on. Well, that’s

Steve Davis: true. The other thing is, um, access controls, if you’ve got the ability to restrict users to certain accounts so that not everyone sharing the same login.

That makes it, uh, easier to track what’s been happening if you do need to forensically look at things and also giving people different levels of control. That’s important. Strong passwords and passphrases, passphrases are the new thing that’s come in. She did mention make use of these password. Um, so managers, password managers.

That’s right. Uh, the one I use is Dashlane. She mentioned OnePass. There are plenty of them out there. You end up [00:28:00] having a major password. You remember to get into it, but it is where all your passwords are captured and can log in automatically for you on these places and you can update passwords, et cetera.

It’s the smart way to go. In fact, she said little trick. She has two, one set for one sort of things like bank and the other one set for all the rest. So she remembers two different passwords or pass keys and that manages what she gets up to. I think that’s an interesting, um, kink in the hose, making sure they’re strong.

I mean, ’cause we want 12 characters or more for your passwords. But she said, well, the data says if you’ve got at least eight characters in your passwords. And you are using, um, one of these password managers and two factor authentication, um, you’re doing a pretty good job. Uh, ’cause the job is in, at some level, everything’s crackable.

At some point you’re just trying to make yourself harder

David Olney: so that the crooks go elsewhere. It’s the classic thing. Unfortunately, you want [00:29:00] your house to look just a little bit more difficult to break into the next door. You want your computer to just take a little bit too long. To work out how to get into, but the next one they send the phishing email to the next one.

They try and crack the password on. Well, that was easy. So you are not interesting anymore. Why put effort where it’s hard work, put effort where the result is easy

Steve Davis: and there are plenty more. I’ll put a link in the show notes to a couple of the, the resources they’ve got, but I just think on a website front, turning on this multifactor authentication for logging into your website.

It’s time for that to be the case because again, that is the single source of truth about your business to the world. It makes sense. I’m gonna have to enforce that myself, David, I, I make sure other people have it. I dunno that I’ve done it myself.

David Olney: Yeah. We can’t cut corners and then ask people to do things.

No.

Steve Davis: The key thing is they’re the minimal things to do to keep yourself much. [00:30:00] Harder than many competitors as far as protection is concerned. There’s a couple of websites and she did say she wants us to report anything that we find that’s suspicious because that just helps this government agency keep sharp.

There’s the Australian Cybersecurity Hotline, which is one 300 Cyber One, and I’ll put the link in the show notes so you can find that, and also cyber.gov au. Again, the links in the show notes. It’s worth it. It’s worth having a look. They’ve got a little kit you can download to check the things, but this podcast has covered the most important things to look out for, but they’re probably a couple of little contacts that are worth having up your sleeve.

Dare I say it, favorited and bookmarked on your computer

Caitlin Davis: our four Ps. Number four per s. The one duty Weta history is to rewrite it. Oscar Wilde.[00:31:00]

Be Alert Not Alarmed: Terrorism has changed the world, and Australia is not immune, but the way of life that we value so highly must go on.

Australians are friendly. Decent democratic people,

and we’re going to stay that way.

Our security agencies have been upgraded and are ready to detect, prevent, and respond to terrorism. All of us can play a part by keeping an eye out for anything suspicious. Over the coming weeks, the Commonwealth Government will be providing you with more information on how we can work. Together to protect our way of life.

Be alert, but not alarmed together. Let’s look out for Australia. If you see something suspicious, call 1 801 2 3 [00:32:00] 400, authorized by the Commonwealth Government Canberra.

Steve Davis: David, as we start this per per cassity segment, how are you? Are you alert? I’m always alert. Can’t help it. Are you alarmed? Nah, it’s a waste of space. Well, this ad dates back to about 2002 was after the barley bombings. The Australian government took this action because people became, we had nine 11 not that much earlier, and I.

We, I think, to be fair,

David Olney: many of us were a bit rattled. Yeah. I think the world was pretty jumpy after the Bali bombings happened. Mm-hmm. Very much. Australia was suddenly at the center of big events that were meant to happen other places,

Steve Davis: and I guess you could describe this ad that we just listened to as an attempt to have a calming hand placed upon our collective shoulder to say, you know what, it’s all right.

Stay alert. [00:33:00] But we’re gonna get through this. Is that what it was? It was. I think that’s what it was trying to achieve.

David Olney: Yeah. I think it’s an interesting one because the whole message of be alert but not alarmed, I think was really good. But having not heard the ad for probably 20 years, it now sounds fairly stale mail and pale.

I think the format of the ad is not great, but the message I still really like because be alert has a positive valence. Being alert is not going somewhere negative. It’s not being suspicious, it’s not being paranoid, it’s not mistrusting other people. It’s just be alert. Anything that is odd, and if it’s odd, pay a little bit more attention and decide if it’s something you need to take action on.

Steve Davis: It does. Listening back to it now does sound like that. Um. Old lady across the road from you. You look over and the Venetian blinds quickly close because she’s been watching you. I also pictured John Howard in his [00:34:00] flannelette PJs and his dressing garden slippers, being relaxed and comfortable and wanting the world to stay that way.

That’s the, yeah, this is the world they were painting as being the normal world. Mm. And that we’re at risk and we’re gonna, you know, look after ourselves. I don’t think we could paint ourselves in that same picture today. ’cause it was a bit twee. A bit patronizing. Yeah. I think there’s more nuance to our life.

I think we’d have to approach it from a different way. And maybe we, it’s like they, they fluffed around the edges. Maybe we need to be more direct in the way we would talk about it these days. Hey, come on, this is real. They’re gonna be groups. They’re gonna, and they win by having maximum impact. And our job is to thwart them as best we can and they’re a little tell tail things.

Don’t feel ashamed. Don’t feel embarrassed, let us know. We’d much rather have a million messages that turn out to be nothing than miss something.

David Olney: Yeah, I think that’s a key difference between 2002 and now is in [00:35:00] 2010, two, the threat to us to conceivably all of us or any of us. So it was a very broad message.

Whereas now cyber is normally going to affect individuals one at a time, or organizations one at a time. And in the main, we won’t know that someone. You know, got ransomware and paid $50,000, we won’t know that someone, you know, got sent an email with the wrong banking details ’cause someone hacked their email and paid $50,000.

Most of us won’t know how prevalent this is. So in a sense, the interesting contrast now is terrorism was very rare. You know, basically cyber attacks are every day and everywhere, so being alert is even more important now because you are more likely to be affected now by some sort of, you know, cyber attack.

But here’s the

Steve Davis: rub. Yes, they were rare and they, they, they still are to some degree, but when they happen, we all know about it. [00:36:00] These things are happening more often. But for shame, often embarrassment, people don’t talk about it. Mm-hmm. And so I wonder if our ability to put our hands over our eyes and to think it is not gonna happen to me is

David Olney: more robust now than it was back then.

Well, we’re so distracted now by so much information from so many sources. Who wants to listen to the boring, sensible message? Sorry, David, you were saying something. Yeah. How do we get this message

Steve Davis: out?

David Olney: I think we just keep trying. The fact that we got an invitation to go to, you know, the cybersecurity briefing is, is great that they are reaching out and talking to us many people as possible.

You know, we mentor people, we help people. We might be the people who can help them take their cybersecurity seriously because they won’t listen to the broader message. Yeah. But when we are helping them with their website or their marketing, or their business development, or we are doing executive [00:37:00] coaching to help them plan for growth, we are the ones that can say, yeah, but you’re gonna do all this growth.

That’s great. But what have you done to secure your cyber environment? What if you do all this growth and then get a ransomware attack? What if you do all this growth and then someone breaks into your email? You know, there, there are so many things that can undo your good efforts. So if we can help people to just take that few minutes a day and that’s all it takes to be as secure as you can be, then that’s, that’s not so hard to do.

Steve Davis: So we’re gonna agree that that ad just wouldn’t work today. So it, it’s not something that you’d run, again, you’d have to rethink that communication strategy part of it, interestingly enough, Jasmine from the Think Cyber Podcast had mentioned to us that she thinks fictionalizing, uh, or personalizing the story through true crime, uh, could be a way of getting in front of some people,

David Olney: but not all people.

Hmm. And again, it really aligns [00:38:00] very well with what we do. And that is use the StoryBrand, you know, mechanism. To lay things out with heroes and stories and problems and guides. And again, we sat through a very useful presentation this morning. Done in. Uh, you know, not a super technical way, but it could have had a lot more storytelling.

Mm-hmm. They could have positioned themselves better as the guide. They could have positioned the people they help better as heroes, and it would be easier to get engagement if you talk to people, if the way they enjoy and understand. So it was a good lesson this morning in the power of communications, such an important message.

But as we said in the car, we could immediately help rewrite the message and probably make it more consumable. David.

Steven,

Caitlin Davis: thank you for listening to talking about marketing. If you enjoyed it, please leave a rating or a [00:39:00] review in your favorite podcast app, and if you found it helpful, please share it with others. Steve and David always welcome your comments and questions, so send them to [email protected].

And finally, the last word to Oscar Wilde. There’s only one thing worse than being talked about and that’s not being talked about.