Episode Transcript
WEBVTT
1
00:00:00.200 --> 00:00:03.720
Alright, Rich Casanova back in the
Atlanta studio here for Global Podcast Studios,
2
00:00:03.799 --> 00:00:06.280
and we have the Man of the
Hour, the Myth, the Legend.
3
00:00:06.360 --> 00:00:11.560
Dwayne Hart is standing by for m
He's gonna talk all things cybersecurity. Uh.
4
00:00:11.599 --> 00:00:13.759
He wrote literally wrote the book on
the sept matter. He has a
5
00:00:13.800 --> 00:00:17.280
podcast, he's just launched a YouTube
channel. Uh. And today's topic is
6
00:00:17.320 --> 00:00:21.640
gonna be talking about protecting new church
uh from cyber attackers. And so let's
7
00:00:21.640 --> 00:00:24.800
start off the show with some key
facts before we bring in the Man of
8
00:00:24.800 --> 00:00:29.280
the Hour here. Uh. Did
you realize worldwide spending on cybersecurity is forecast
9
00:00:29.280 --> 00:00:35.079
to reach a hundred and thirty three
billion in two data breaches exposed four point
10
00:00:35.079 --> 00:00:39.320
one billion records in the first half
of twenty nineteen. Seventy of breaches were
11
00:00:39.320 --> 00:00:45.159
financially motivated. We're motivated by espionage, Uh, enterprise ransom effects up to
12
00:00:45.200 --> 00:00:52.880
twelve percent Uh. In terms of
affections of breaches featured hackingent involved maware,
13
00:00:52.920 --> 00:00:58.079
and thirty two percent included fishing or
social engineering. Uh. Dwayne, those
14
00:00:58.119 --> 00:01:03.519
are some pretty staggering status right there. There are numbers that that if I
15
00:01:03.640 --> 00:01:07.280
was a member of a church,
if I'm in the past of a church.
16
00:01:08.079 --> 00:01:14.879
After Sunday, I'd be saying,
Holy Batman, you know, I
17
00:01:14.879 --> 00:01:18.640
would say that, I would say
that we need to have a meeting,
18
00:01:19.239 --> 00:01:22.280
okay, and you know, call
all your members, well all of your
19
00:01:22.319 --> 00:01:27.680
staff to the office. This this
is this is very important. But the
20
00:01:27.760 --> 00:01:34.760
reason why why it's happening is that
churches were never ever seen as as an
21
00:01:34.799 --> 00:01:42.519
institution that would be cyber hack because
they don't produce goods, because because they're
22
00:01:42.519 --> 00:01:46.120
not looked at as a business,
so they look at it as a private
23
00:01:46.120 --> 00:01:51.439
institution. And they're not technology based
traditionally, right, they're not collecting a
24
00:01:51.439 --> 00:01:55.040
lot of data that in terms of
the church not thinking in terms of right,
25
00:01:55.280 --> 00:01:59.719
but in fact, but they are. But in fact, technology is
26
00:01:59.799 --> 00:02:05.840
you everywhere. Cybersecurity is the fabric
of technology. So if someone uses a
27
00:02:06.519 --> 00:02:09.319
someone uses a computer, or if
you attach that computer to the internet,
28
00:02:10.039 --> 00:02:17.639
you are involved with cybersecurity, even
in even in the faith based institutions like
29
00:02:17.759 --> 00:02:22.319
church. And you know, speaking
of a couple of weeks ago, that
30
00:02:22.439 --> 00:02:25.879
was a cyber tack on on like
one of the churches, but I I
31
00:02:27.080 --> 00:02:31.879
vaguely remember the name, but you
know what I remember was that a lot
32
00:02:31.919 --> 00:02:38.719
of data was exposed. Man,
it's it's it's not really anything that should
33
00:02:38.800 --> 00:02:45.120
scare us, but it should raise
our a awareness so that we can be
34
00:02:45.360 --> 00:02:51.120
more so, um, knowledgeable of
what goes around with cybersecurity, because cybersecurity
35
00:02:52.000 --> 00:02:55.000
it's kind of under the rug because
it's that moving peace. I mean,
36
00:02:55.039 --> 00:02:59.039
it speaks to that statement that we've
all heard see something, say something,
37
00:02:59.120 --> 00:03:01.120
right, So we have to just
it's an awareness situation, right, and
38
00:03:01.120 --> 00:03:05.080
we're gonna be talking about some of
these red flags as we move on.
39
00:03:05.199 --> 00:03:09.960
So uh yeah, four questions.
You kind of talked about why cyber criminals
40
00:03:09.960 --> 00:03:14.159
attack churches. I mean, well
that's actually before we move onto the next
41
00:03:14.199 --> 00:03:17.039
question of these four questions, Um, what are some of the motivations?
42
00:03:17.520 --> 00:03:22.159
You know, we we you talked
about the awareness for the church. Why
43
00:03:22.199 --> 00:03:27.719
would a cyber criminal be interested in
attacking a religious institutional organization? What's in
44
00:03:27.719 --> 00:03:29.960
it for them? So to speak? Right, show me the green?
45
00:03:30.360 --> 00:03:35.520
Okay, it is about money,
all right, because churches are considered a
46
00:03:35.560 --> 00:03:39.319
financial honey pot. Right now,
let me break down what a financial honey
47
00:03:39.319 --> 00:03:46.520
pot is. A financial honey pot
as a place that has a lot of
48
00:03:46.520 --> 00:03:53.599
finances that are going either let's just
say the financial transactions or are either coming
49
00:03:53.639 --> 00:04:00.080
to the church always leaving the church. Now imagine that that is the only
50
00:04:00.159 --> 00:04:08.080
type of information that is cyber criminal
want a financial honeypot is one of the
51
00:04:08.159 --> 00:04:12.319
reasons, one of the main main
reason. But but we can break this
52
00:04:12.360 --> 00:04:15.600
down and just look at the church
members, because see we have a lot
53
00:04:15.639 --> 00:04:19.000
of people that haven't going to church
for forty maybe fifty years, so the
54
00:04:19.160 --> 00:04:25.439
old schoolers. So so what they
do is feel honorable to the kind of
55
00:04:25.560 --> 00:04:30.600
donate to the church. There's no
schurch thing as no, I can't so
56
00:04:30.639 --> 00:04:34.279
as a crime. So as a
cyber criminal, you want to take advantage
57
00:04:34.319 --> 00:04:40.360
of the kindis of a person because
criminals are are not there to serve good,
58
00:04:41.000 --> 00:04:44.480
right because as a church member,
you're not thinking, uh that there's
59
00:04:44.519 --> 00:04:47.759
anything that theory is going on at
church, right you're in the religious home
60
00:04:47.920 --> 00:04:53.000
or you know how so to speak. And also those donors, um many
61
00:04:53.040 --> 00:04:56.399
times are retired and more wealthy,
so that many times they're giving a large
62
00:04:56.439 --> 00:05:01.079
portion of their wealth to that church
organization and they're not really questioning that there's
63
00:05:01.120 --> 00:05:06.079
going to be any um, you
know, the malware involved or somebody tracking
64
00:05:06.120 --> 00:05:10.759
that or having access to their account
and they think there may be donated to
65
00:05:10.800 --> 00:05:14.800
the church, but the cyber criminal
intercepts that potentially. Yes, let's just
66
00:05:15.160 --> 00:05:18.519
let's take a scenario, right,
Let's just say, for instance, if
67
00:05:18.600 --> 00:05:24.000
someone is a brand new member,
and let's say that they get an email
68
00:05:24.480 --> 00:05:28.680
that's stating that you need to go
to the church's website and you need to
69
00:05:28.720 --> 00:05:33.040
put your information here so that so
that you can have an automated draft that
70
00:05:33.120 --> 00:05:38.120
comes out of your bank account every
month to go go to the church.
71
00:05:38.680 --> 00:05:45.040
Oh yes, you know, I
feel good about getting church, but beneath
72
00:05:45.079 --> 00:05:51.519
that, it's a bogus link that
carries you to maybe a maybe a hacker's
73
00:05:51.560 --> 00:05:57.480
website or like whatever, and the
member put that personal information in there,
74
00:05:57.600 --> 00:06:00.759
and even that bank account information.
Okay, so you kind of covered a
75
00:06:00.759 --> 00:06:04.480
good bit of question number two I
head on my list about why hasn't there
76
00:06:04.480 --> 00:06:09.439
been extinct discussion on the topic.
So let's move number three, which would
77
00:06:09.480 --> 00:06:13.000
be what are some attacks scenarios?
Right, So we kind of talked about
78
00:06:13.079 --> 00:06:16.480
the cybersecurity perspective, but give me
some rapid fire answers to some of these
79
00:06:16.480 --> 00:06:23.160
types of scenarios that might occur.
Okay, So number number one up the
80
00:06:23.439 --> 00:06:30.040
top is a a person's account has
been compromised. Okay, so let's just
81
00:06:30.079 --> 00:06:32.879
talk about that because that's simple because
as it means that the count you used
82
00:06:32.959 --> 00:06:36.920
to log it into the choice of
website, or if it's members or staff
83
00:06:38.000 --> 00:06:42.439
that work for the church, you
think about your account being compromised. One
84
00:06:43.360 --> 00:06:47.120
two is a data breach, you
know. A data breach means that there's
85
00:06:47.120 --> 00:06:51.639
some personal information such as p I
that have been exposed to the public.
86
00:06:51.680 --> 00:06:56.560
It could be a social scurity the
number, it could be some financial information,
87
00:06:56.959 --> 00:07:01.519
all right. The other piece there, it's yes, information sharing pirit
88
00:07:02.000 --> 00:07:11.079
because although churches are faith of you
know, faith, churches still kind of
89
00:07:11.079 --> 00:07:15.759
have to follow that protection scheme of
saying that it's certain information that is shared
90
00:07:15.519 --> 00:07:21.720
maybe amongst the congregation, and there's
information that is not shared with the public
91
00:07:21.720 --> 00:07:28.399
because it could be private information,
all right. So so what happens is
92
00:07:28.439 --> 00:07:34.199
that information sharing is another problem as
well too. Even so if someone could
93
00:07:35.160 --> 00:07:43.680
probably how could I say, trick
trick and person into giving up some information
94
00:07:43.759 --> 00:07:48.079
that is private through like email,
even if a person is in the parking
95
00:07:48.120 --> 00:07:53.399
lot talking after they leave church or
something like that. And if it's some
96
00:07:53.600 --> 00:07:59.160
information, uh, such as finances
or something like that that is being distributed
97
00:07:59.199 --> 00:08:05.199
out to someone in a parking lot
that is probably wants to care about a
98
00:08:05.240 --> 00:08:11.480
cyber attack. See because in a
traditional church environment, before technology so to
99
00:08:11.480 --> 00:08:13.399
speak, those are private conversations,
right, they were tended to be reign
100
00:08:13.600 --> 00:08:20.439
private hacker, UM can clean some
of that information and use it, um
101
00:08:20.800 --> 00:08:22.480
in a way that was not intended
to be used. It also reminded me
102
00:08:22.560 --> 00:08:28.399
of talking about the data breach or
physical physical security in church was um,
103
00:08:28.439 --> 00:08:31.040
you know used to pass around.
I still do it, but um,
104
00:08:31.079 --> 00:08:35.639
the offline version was you know,
the donation the basket be passed around,
105
00:08:35.720 --> 00:08:37.639
people putting cash in the basket,
right, and somebody puts in a twenty
106
00:08:37.639 --> 00:08:41.519
dollar ability to get changed and they
put they pulled out thirty dollars right,
107
00:08:41.799 --> 00:08:45.799
Yes, they're changed. So that's
the digital version we're looking at now,
108
00:08:45.919 --> 00:08:48.639
right, Yes, yes, see
when a digital world now where where it's
109
00:08:48.639 --> 00:08:54.840
convenient to use website is conveyed,
to use your computers, and it's convenyan
110
00:08:54.960 --> 00:09:01.000
to um link your accounts into two
donors and institutions and so forth. So
111
00:09:01.039 --> 00:09:05.519
with that said, sobersecurity is under
that as a fabric that is opposed to
112
00:09:07.399 --> 00:09:11.720
be protecting much of the information for
us. But see, we have to
113
00:09:11.879 --> 00:09:16.919
always keep in mind that that if
we took a chain and if we look
114
00:09:16.960 --> 00:09:22.039
at all the all the components of
cyber security, and if one of those
115
00:09:22.120 --> 00:09:31.559
links was a human and knowing that
the UM knowing knowing and just knowing knowing
116
00:09:31.639 --> 00:09:37.960
that one of the threat vectors that
you have there isn't human and it's the
117
00:09:37.000 --> 00:09:43.279
weakest linked, then this is what
hack is gonna go. Okay, you
118
00:09:43.320 --> 00:09:46.919
know, I just want to make
a point here. It's because when we
119
00:09:46.000 --> 00:09:54.360
look at technology, all right,
it is a standard. Humans are flexible,
120
00:09:54.960 --> 00:10:00.279
very very flexible. So we have
to keep that in mind into raised
121
00:10:00.279 --> 00:10:05.279
the awareness because at the end of
the day, technology is going to serve
122
00:10:05.279 --> 00:10:09.279
its purpose. Humans are flexible and
they could say something and they could give
123
00:10:09.360 --> 00:10:16.240
information in the wrong context the way
it could be given assets to the accounts
124
00:10:16.279 --> 00:10:18.919
when they should not. Yeah,
that's the potential. Good news is technology
125
00:10:20.080 --> 00:10:24.919
used UM uh right with the right
intention, UM has less potential barriers to
126
00:10:26.080 --> 00:10:28.279
entry. As I mentioned, like
the basket being passed rout, it's been
127
00:10:28.559 --> 00:10:33.679
every person touches that basket, the
entire church, the likelihood of somebody,
128
00:10:33.720 --> 00:10:37.480
you know, fudging on some of
that money. UM is harder to monitor
129
00:10:37.480 --> 00:10:39.720
than it would be from a digital
perspective. But the last question on this
130
00:10:39.759 --> 00:10:43.639
topic we may cover a little bit
later in the show, but it's the
131
00:10:43.679 --> 00:10:46.279
top of my mind right now,
is ransomware. So I don't know if
132
00:10:46.320 --> 00:10:50.840
you've is that something that's um churches
or have incidents of we hear about,
133
00:10:52.240 --> 00:10:58.320
uh, you know, government agencies
and businesses being held ransom. Right has
134
00:10:58.360 --> 00:11:01.639
that something that you think has happened
to church or is on the horizon or
135
00:11:01.480 --> 00:11:05.120
it it has happened in the past, and it's a potential for it to
136
00:11:05.159 --> 00:11:09.759
happen in the future. And I'm
going to I mean, that could devastate
137
00:11:09.799 --> 00:11:13.320
that nonprofit, that church literally put
them out of business and uh, you
138
00:11:13.360 --> 00:11:16.840
know, stop the mission that they
are on. Right, Yes, yes,
139
00:11:16.919 --> 00:11:22.159
because ransomware will lockdown the system and
state that you need to give me
140
00:11:22.200 --> 00:11:26.120
a million dollars before you can have
ascess to your system again. So so
141
00:11:26.679 --> 00:11:31.960
so we have to understand is that
ransom amount of runs through elevated privileges,
142
00:11:31.159 --> 00:11:41.440
all right, because ransomware, it
actually takes advantage of your administrative accounts,
143
00:11:41.720 --> 00:11:46.519
all right, so so let's say
that if you have higher level assets to
144
00:11:46.559 --> 00:11:50.080
the system, right, Rich,
And let's say if that was a ransomware
145
00:11:50.120 --> 00:11:54.519
of tech and it was able to
use your account, well, it could
146
00:11:54.559 --> 00:11:58.480
use your account to lockdown the system. And if it locks down the system,
147
00:11:58.559 --> 00:12:01.720
then it put a little message up
there in states that I need six
148
00:12:01.799 --> 00:12:07.279
hundred thousand dollars before we unlock your
system. And they don't have the resources
149
00:12:07.600 --> 00:12:11.639
to make that happen in many cases. So you're talking about closing their doors.
150
00:12:11.279 --> 00:12:13.759
I know you got a couple of
couple of thoughts to stay on topic
151
00:12:13.759 --> 00:12:18.360
here, let's move on to question
number four. Topic number four, Uh,
152
00:12:18.600 --> 00:12:22.639
let's talk about some secret tips from
the sober security mindset. You literally
153
00:12:22.679 --> 00:12:24.440
wrote the book on that side,
right, that would help a church.
154
00:12:24.600 --> 00:12:28.360
So on the shortlist is talk about
educating their members and their staff. Right,
155
00:12:28.399 --> 00:12:33.799
what does that look like educating your
members and your staff. It is
156
00:12:33.840 --> 00:12:39.120
that is that we are in a
digital world. Members and staff needs to
157
00:12:39.159 --> 00:12:45.679
think about digital protection. Okay,
okay, don't just push the button because
158
00:12:45.840 --> 00:12:52.000
fifty years ago we were not using
computers. Although it's a faith based institution,
159
00:12:52.679 --> 00:12:58.720
people are doing crimes because of money. To every reasons and also opportunity
160
00:12:58.759 --> 00:13:01.720
to Right before the internet it so
to speak, you had to there was
161
00:13:01.799 --> 00:13:05.279
checks and balances in place to keep
people honest, right, So so you
162
00:13:05.360 --> 00:13:11.240
have to think about the fact is
that people have to perform as human firewalls
163
00:13:11.320 --> 00:13:18.159
because as a human firewall, you
you actually have a defency mindset. You
164
00:13:18.159 --> 00:13:22.320
you are saying that, I do
not think that this email here is real.
165
00:13:22.919 --> 00:13:26.679
I think that just a fake email. So I'm gonna ask someone on
166
00:13:26.720 --> 00:13:33.080
the staff about this first. That
is that is educating the staff, like
167
00:13:33.320 --> 00:13:37.519
to alert them to that, right, So it's almost basically I would imagine
168
00:13:37.519 --> 00:13:43.919
most churches are holding monthly, weekly, quarterly team meetings, right, so
169
00:13:43.960 --> 00:13:46.320
this should be on their agenda each
time. Let's review, just like your
170
00:13:46.399 --> 00:13:50.440
your minutes from the past meeting.
Um, what issues arise? You know
171
00:13:50.480 --> 00:13:54.320
what? What's the newest trends?
Yeah, you know what. I'm going
172
00:13:54.399 --> 00:14:00.159
to say this for sure, if
you're listening to this podcast session, if
173
00:14:00.159 --> 00:14:05.919
you want am from find information,
uh please please um reach out to me.
174
00:14:05.200 --> 00:14:11.320
I'd be more than glad to sit
down and to go into habits these
175
00:14:11.639 --> 00:14:15.480
discussions. You know, about a
couple of weeks I was I was invited
176
00:14:15.519 --> 00:14:20.360
to a job fair and um during
during that job fair, I spent about
177
00:14:20.519 --> 00:14:26.399
fifteen or twenty minutes talking to a
couple of church members, especially about cyber
178
00:14:26.600 --> 00:14:35.120
security, and they were alarmed at
how how this industry has changed. Okay,
179
00:14:35.360 --> 00:14:39.679
and you know, I didn't even
know that the pastors was sitting in
180
00:14:39.720 --> 00:14:43.240
the crowd here, so afterwards he
actually came up and said that was great.
181
00:14:43.639 --> 00:14:48.360
Okay, but hopefully in the future, UM I can meet with more
182
00:14:50.039 --> 00:14:54.519
people and to break sober security down
and to show them how having that human
183
00:14:54.559 --> 00:14:58.960
firewall and how increasing protection and lord
risk would go. After churches out,
184
00:15:00.519 --> 00:15:05.240
one of the errors is to create
a response plan, because what if a
185
00:15:05.279 --> 00:15:09.240
cyber attack happens, How does the
church know how to respond? How do
186
00:15:09.320 --> 00:15:16.039
you know who to call? Because
the number one on the list is nine
187
00:15:16.120 --> 00:15:22.080
one one, right, you're gonna
call five oh, but five old has
188
00:15:22.159 --> 00:15:26.399
to get their digital forensic people involved. But with most of these cases,
189
00:15:26.559 --> 00:15:31.000
you're gonna find the FBI, of
private DHS, of one of the larger
190
00:15:31.080 --> 00:15:37.759
government agencies is to come in and
to help out as well too. Last
191
00:15:37.759 --> 00:15:43.679
place, modernize your I T systems. Systems get old and Asian after time.
192
00:15:43.840 --> 00:15:50.039
If you're using Windows seven and Windows
um XP devices on your network.
193
00:15:50.399 --> 00:15:54.720
You need to get it off there
quick. Let's talk about the hackers hat.
194
00:15:54.080 --> 00:15:56.440
Okay, UM, you talked about
that lot in your book and your
195
00:15:56.440 --> 00:16:00.440
podcast at UM. So let's let's
talk about the hackers hat. And then
196
00:16:00.480 --> 00:16:06.320
also in terms of the hat,
what about insurance UM cybersecurity insurance for the
197
00:16:06.399 --> 00:16:11.639
churches as well? Right right,
because the hackers hat is about caring that
198
00:16:11.679 --> 00:16:18.919
hackers mindset. All right, Let's
let's just imagine, right me, I
199
00:16:18.960 --> 00:16:22.679
want to put on my hackers hat. Right Here's here's here's the way,
200
00:16:22.799 --> 00:16:26.399
and we need to get one we
talked about before the shows I'm wearing happen
201
00:16:26.799 --> 00:16:33.200
here the hackers. Here's the way
I think. I think defensively. I
202
00:16:33.320 --> 00:16:37.200
think about the same concept such as
when I give my key to my house
203
00:16:37.240 --> 00:16:41.960
to everyone, all right, when
I go walk into my house and if
204
00:16:41.159 --> 00:16:45.600
and if something is out of place, should that not raise my awareness?
205
00:16:45.639 --> 00:16:51.240
The same concept about cybersecurity. If
you're wearing that hackers hat, all right,
206
00:16:51.519 --> 00:16:56.480
you are always thinking about the weakest
link. How can someone make my
207
00:16:56.600 --> 00:17:03.480
life miserable? What is it that
I've done here that will probably sit off
208
00:17:03.480 --> 00:17:07.000
an alarm where you know a hacker
can have ease through the system, all
209
00:17:07.079 --> 00:17:11.799
right, because see you're carrying that
hackers mindset and you're thinking like a hacker
210
00:17:11.799 --> 00:17:15.200
would because the hacker is thinking about
this, Okay, I don't care about
211
00:17:15.200 --> 00:17:18.119
it being a church. I just
want that money, all right now.
212
00:17:18.559 --> 00:17:22.920
Now, this is the mental state
of a hacker. So if you involved
213
00:17:22.920 --> 00:17:29.319
with faith based institutions, then you're
gonna have to think the same way because
214
00:17:29.680 --> 00:17:34.119
they have cyber criminals, all right. That's that's the nature, that's the
215
00:17:34.119 --> 00:17:37.119
way they're wored. That's part of
the d n A. So speaking of
216
00:17:37.240 --> 00:17:41.079
red flags and alarms, that's our
next topic, and we're gonna hit three
217
00:17:41.119 --> 00:17:45.359
points or four points on that.
But I just want to remind our listeners
218
00:17:45.400 --> 00:17:51.400
you're listening to UH the podcast here
in our global podcastings Rich cast No alongside
219
00:17:51.839 --> 00:17:56.519
Dwayne Hart and UH a little informercial
for Dwayne. So if anything so far
220
00:17:56.799 --> 00:18:00.119
has triggered an alarm a red flag
for you, as the pastor or a
221
00:18:00.200 --> 00:18:03.440
church member, you need to check
out Dwayne Heart dot com. At Dwayne
222
00:18:03.480 --> 00:18:07.759
Heart dot com, you can check
out his book UM The Cybersecurity Mindset,
223
00:18:07.960 --> 00:18:12.440
and also his podcast Chief of Cybersecurity. UH podcast and also lots of other
224
00:18:12.480 --> 00:18:17.279
content. Right. Um, So, Dwayne, so let's talk about red
225
00:18:17.279 --> 00:18:21.759
flags before I have in mind are
Let's talk about web addresses, uh,
226
00:18:21.880 --> 00:18:25.319
links that don't go where they should
be, content that you want a contest
227
00:18:25.400 --> 00:18:29.519
and donation. So first up,
let's talk about website uh names and email
228
00:18:29.519 --> 00:18:33.319
addresses. What should be some red
flags there. Red flags is that if
229
00:18:33.359 --> 00:18:38.680
it's not a website address that was
given to you before to go register,
230
00:18:41.279 --> 00:18:44.759
you want to invoke you a hacker's
mindset, because this is what your situation
231
00:18:45.359 --> 00:18:52.519
situation whareness comes in. Okay,
exactly is uh? This is that if
232
00:18:52.559 --> 00:18:56.640
it's from an email I address of
somebody that you've seen before, or if
233
00:18:56.640 --> 00:19:00.480
it may just say, hey,
this is the past that words I just
234
00:19:00.599 --> 00:19:04.279
changed my email that dress and I
need for you to pastor first, yeah
235
00:19:04.319 --> 00:19:10.519
you better call. It's just it's
just the way she would operate, right,
236
00:19:10.960 --> 00:19:14.680
And and and those emails that are
misspelled by one character, yes,
237
00:19:15.119 --> 00:19:18.599
right, I've seen those, and
to me, it's a red flight.
238
00:19:18.759 --> 00:19:22.799
Also, if you're gonna do any
kind of e commerce or any transactions,
239
00:19:22.799 --> 00:19:26.759
you're looking for that magic HTTPS,
right, um. And then so let's
240
00:19:26.799 --> 00:19:30.400
talk about links that don't go where
they need to. When you hover over
241
00:19:30.440 --> 00:19:34.960
those, well when you horror only
these links, um, you know,
242
00:19:34.640 --> 00:19:40.519
you like, like you want to
really look at the source and where it
243
00:19:40.559 --> 00:19:44.359
came from. Look at this,
look at the spelling of the link.
244
00:19:44.680 --> 00:19:48.039
You know, it's not gonna take
a long time because most of the time,
245
00:19:48.119 --> 00:19:52.920
if you look at a link,
it's going to have have a web
246
00:19:52.960 --> 00:19:56.960
site that you're supposed to go to. Now. Now, if someone tells
247
00:19:56.000 --> 00:20:03.680
you that this is the link to
the to the church's online financial system and
248
00:20:03.799 --> 00:20:10.400
infinite link, it has church money
dot com that doesn't sign to leg it
249
00:20:10.640 --> 00:20:14.720
because it should have your church name
there or something right when you hover over
250
00:20:14.720 --> 00:20:19.039
it has an endless number of characters, right um, or it has the
251
00:20:19.599 --> 00:20:25.160
Gmail or unprofessional you know, not
a company email that's you know, not
252
00:20:25.279 --> 00:20:30.119
always you know, a factor,
but it should just be like raizer hackers
253
00:20:30.319 --> 00:20:33.240
hat right and mindset to like,
let me take a second look, let
254
00:20:33.240 --> 00:20:36.319
me take a closer look. Right, um, So, third on the
255
00:20:36.359 --> 00:20:41.920
list is the contest um scam if
you will, right, Oh, scamming
256
00:20:41.359 --> 00:20:47.880
Yeah, well, okay, scamming
is scam. Scamming is scamming. Let's
257
00:20:47.880 --> 00:20:52.000
just say for instance, right,
if someone was to post the probably go
258
00:20:52.119 --> 00:20:56.319
to the church for counseling or something
like that, right, And if it
259
00:20:56.440 --> 00:21:00.160
states that and they're okay, then
we're going to who sent a cab or
260
00:21:00.240 --> 00:21:04.599
somebody just to come and pick you
up or whatever? Um, you know,
261
00:21:04.880 --> 00:21:08.599
because you know you're at your cars
cars not working or something like that,
262
00:21:08.640 --> 00:21:11.880
so you gotta pay like ten ten
dollars. Well, it sounds like
263
00:21:11.920 --> 00:21:18.640
a scam, right or or so
Also if it's from a a church towards
264
00:21:18.680 --> 00:21:25.039
source claiming to be someone that is
a third party company that really represents the
265
00:21:25.119 --> 00:21:29.440
church, and and and they need
for you to supply some information or to
266
00:21:29.599 --> 00:21:33.799
go and to give some financial information
out, you may want to get on
267
00:21:33.839 --> 00:21:37.599
the phone and call people exactly and
check the sources. I agree. And
268
00:21:37.720 --> 00:21:42.160
last on the list of for this
topic better is donations for members of the
269
00:21:42.200 --> 00:21:47.200
congregation, right because you think that
that strings that that tugs your heart strings,
270
00:21:47.480 --> 00:21:49.880
thinking like, oh, somebody has
had a tragic situation with their family,
271
00:21:49.960 --> 00:21:53.400
let me and that the church is
asking for money or vice versa.
272
00:21:53.480 --> 00:21:56.839
A member of the church is reaching
out quote to the congregation, to the
273
00:21:57.440 --> 00:22:02.319
to the office and say I need
some help right here, goes. Here
274
00:22:02.319 --> 00:22:04.680
goes the way I like to look
at this. All right, Um,
275
00:22:04.720 --> 00:22:11.000
if you're going to be doing any
type of electronic transaction, what you need
276
00:22:11.039 --> 00:22:17.599
to do is to verify that it's
the church's website that is the legitimate website.
277
00:22:18.519 --> 00:22:22.200
And you have people that are old
schoolers, you know, say some
278
00:22:22.279 --> 00:22:26.000
of them would just drive up to
the church one day and just give cash
279
00:22:26.039 --> 00:22:29.559
away, okay, which is the
most safest way to do it. But
280
00:22:29.640 --> 00:22:33.400
you make sure you get cash to
the right people. And you have people
281
00:22:33.400 --> 00:22:37.880
that write right checks as well too. But you but you also to have
282
00:22:37.960 --> 00:22:41.200
to make sure that you write in
a check to the right source, all
283
00:22:41.240 --> 00:22:47.160
right. See See it's all kinds
of factors there that are electronic crimes,
284
00:22:47.279 --> 00:22:52.119
and there are some that are not
electronic crimes. So you just have to
285
00:22:52.160 --> 00:22:56.480
be careful. But but from a
digital format, if you're using the laptop,
286
00:22:56.839 --> 00:23:02.039
um, you want to make sure
that from the right link and the
287
00:23:03.000 --> 00:23:07.440
and the right source and the actual
right person because if you you aren't sure
288
00:23:07.519 --> 00:23:11.079
of the email, and if it
has somebody name and the blogs on there,
289
00:23:11.559 --> 00:23:15.599
you could always call that person to
say, hey, you know,
290
00:23:15.640 --> 00:23:22.880
I just received an email from the
church that stated that that my password has
291
00:23:22.920 --> 00:23:26.920
aspired or whatever, and you know
I need to update the information and see
292
00:23:26.920 --> 00:23:32.960
you as a person could actually uh
find out that maybe it's not from that
293
00:23:33.039 --> 00:23:34.519
church. You gotta call the source. I mean, my brother, I
294
00:23:34.559 --> 00:23:40.119
think at least once, if not
twice, has gotten email that's saying family
295
00:23:40.200 --> 00:23:44.759
member is in dire straits and uh
needs my uncle Paul. Right, is
296
00:23:44.880 --> 00:23:48.640
a real story. He my brother
got this email or text and said,
297
00:23:48.119 --> 00:23:52.160
um, you know he stranded this
or that needs money whatever. He calls
298
00:23:52.240 --> 00:23:53.759
my uncle and he's like, no, I'm fine, what are you talking
299
00:23:53.759 --> 00:23:59.400
about? Rats? Let's what's he? Rich? What you just said is
300
00:23:59.559 --> 00:24:03.039
someone going to give you a sad
story? And it sounds legit, and
301
00:24:03.039 --> 00:24:06.200
it sounds le because they've done a
data breach, so they know that rich
302
00:24:06.480 --> 00:24:10.559
and um so and so is involved
with it. Right, Let's just let's
303
00:24:10.559 --> 00:24:15.799
just look at the chain reaction here. Someone goes out and they perform some
304
00:24:15.920 --> 00:24:21.839
social engineering. Right, then they
find out that a person probably probably sad
305
00:24:22.039 --> 00:24:26.799
maybe about a situation or something,
right, Okay, and now they use
306
00:24:26.000 --> 00:24:33.240
that scenario to go get the funding. So they go and so they cracked
307
00:24:33.319 --> 00:24:37.000
up a fake email and they sent
it to the person and saying that we
308
00:24:37.119 --> 00:24:41.640
understand that millions millions of people out
of our jobs today and so forth.
309
00:24:42.079 --> 00:24:48.079
And we noticed that on on your
account with the church, you know it
310
00:24:48.079 --> 00:24:52.559
hasn't been updated in six months,
where we need for you to update it.
311
00:24:52.759 --> 00:24:56.319
Yeah, okay, we we are
here to help you out because we
312
00:24:56.440 --> 00:24:59.960
realized that you don't have a job. And the person goes online becau.
313
00:25:00.240 --> 00:25:03.000
Now see they feel good, and
we go on on and they start to
314
00:25:03.400 --> 00:25:11.440
put the information in. But what
happens is that they're thinking emotionally versus sober
315
00:25:11.480 --> 00:25:15.000
security. Okay, they have their
emotions, they have their emotional hat on,
316
00:25:15.079 --> 00:25:18.799
not their hackers hat. Okay,
we're almost out of time here,
317
00:25:18.799 --> 00:25:22.119
so we're gonna do our last segment
of the podcast, and now is what
318
00:25:22.160 --> 00:25:25.559
we call our top eight uh in
rapid fires. So in eight minutes or
319
00:25:25.640 --> 00:25:26.960
less, Dwayne, I'm gonna put
you on the spot. Uh So,
320
00:25:27.039 --> 00:25:30.400
first up is the common threats to
church, which we actually already covered,
321
00:25:30.680 --> 00:25:33.759
so good news, we're gonna skip
past that one. They're um and again
322
00:25:34.000 --> 00:25:37.480
in a minute or less, on
each of these topics, let's talk about
323
00:25:37.599 --> 00:25:41.319
educating their parishioners. UM and I
think any solution that would be hosting an
324
00:25:41.359 --> 00:25:45.720
event, right, Um, so
talking us about education education the parishoners in
325
00:25:45.720 --> 00:25:49.640
a minute or less, I'm gonna
tell you from the top, send them
326
00:25:49.680 --> 00:25:53.680
to my YouTube channel. Okay,
if they want to know anything about cybersecurity,
327
00:25:53.759 --> 00:25:57.160
you can send them to my YouTube
channel. What but if you choose
328
00:25:57.200 --> 00:26:03.400
not to do that, see down
and have a conversation and actually talk about
329
00:26:03.440 --> 00:26:07.839
it on a quality basis or somewhat
like that, right, you know,
330
00:26:07.880 --> 00:26:11.359
like every quarter Okay, yeah,
I think quarterly. That's actually wrote in
331
00:26:11.440 --> 00:26:15.279
my notes about most of these things
ongoing quarterly neck it Actually the third eye
332
00:26:15.279 --> 00:26:18.359
and we talked talked about is educating
the staff, right, So I think
333
00:26:18.559 --> 00:26:22.039
we talked about that earlier and that's
really building I think into a regular schedule
334
00:26:22.119 --> 00:26:26.920
meeting because most organizations, whether profit
nonprofit, are going to host team meetings
335
00:26:26.960 --> 00:26:30.079
on a pretty regular basis. Whenever
those team meetings happen, if they're weekly,
336
00:26:30.640 --> 00:26:33.440
you know, quarterly, monthly,
that should be on the agenda,
337
00:26:33.799 --> 00:26:37.000
right and it can be just a
couple of minutes. Well. Well,
338
00:26:37.119 --> 00:26:41.640
part of the educating your staff too
is to go understand the third party vendors,
339
00:26:41.680 --> 00:26:45.960
because if you have some third party
vendors that are doing business with the
340
00:26:47.039 --> 00:26:51.480
church. You know, your staff
need to know who they are because it
341
00:26:51.599 --> 00:26:55.240
can be as simple as someone stated, oh, I need to go to
342
00:26:55.400 --> 00:27:00.200
your telecommunication closet in here because I
need to do maintenance. But hey,
343
00:27:00.720 --> 00:27:06.079
was it scheduled? But did this? Did the third party vendors send over
344
00:27:06.119 --> 00:27:10.240
the name of the person that that
was supposed if you come in into the
345
00:27:10.319 --> 00:27:12.680
building. These these are the things
that need to be talked about because they
346
00:27:12.680 --> 00:27:15.960
can bring in a sniffer and they
can sniff that network and they could get
347
00:27:17.000 --> 00:27:21.160
all the data they want thing and
walk away. Number four rapid fire here.
348
00:27:21.440 --> 00:27:26.160
Um maintaining strong passwords. So this
is ongoing quartering. We've talked about
349
00:27:26.160 --> 00:27:27.759
this quite a bit on the podcast. I know you covered in your in
350
00:27:27.799 --> 00:27:33.599
your book. UM, so any
just a quick recap of some of the
351
00:27:33.640 --> 00:27:40.960
cardinal rules of maintaining a strong password. Simple the title means a lot.
352
00:27:41.640 --> 00:27:45.759
You just have to maintain the scrowing
password. There are different ways to maintain
353
00:27:45.759 --> 00:27:51.039
your scrowing password. But also too
you're gonna have to change your password at
354
00:27:51.319 --> 00:27:55.440
at a frequent basis. But I
would say that if you have a four
355
00:27:55.559 --> 00:28:00.240
character password, get rid of it
right Okay, even if you have eight
356
00:28:00.359 --> 00:28:03.680
character password, get rid of it. If you use your name in a
357
00:28:03.799 --> 00:28:08.359
password, you're so security number.
Well, if it's something like people really
358
00:28:08.440 --> 00:28:11.880
use it, so secured an effort
part of it. I'm just I'm just
359
00:28:11.920 --> 00:28:18.400
talking. If it's something like bob
Cat one right, bobcat one right,
360
00:28:19.200 --> 00:28:25.200
and especially if your middle name has
got bobcat or appears all across your website.
361
00:28:25.559 --> 00:28:26.880
Um yeah, quarterly, I think
it's a good rule of thumb there.
362
00:28:27.079 --> 00:28:30.559
Also, I remember a couple weeks
ago we had that amazing status still
363
00:28:32.119 --> 00:28:34.759
resonates with me today. I think
the stats said something to the effect of
364
00:28:36.160 --> 00:28:38.519
if your password this is almost like
a Jeff Foxworthy, right, you might
365
00:28:38.519 --> 00:28:42.799
be a redneck gift. So if
you're a password is uh seven words are
366
00:28:42.880 --> 00:28:48.160
less that can be hacked in three
seconds? Right, If it's sixteen characters,
367
00:28:48.519 --> 00:28:53.640
it will take at hacker three thousand
years to hack a sixteen word password.
368
00:28:55.160 --> 00:28:56.599
It's just staggering the difference. And
you think like, well, that
369
00:28:56.599 --> 00:29:00.160
seems like a pain for a sixteen
word pass. But if you save it
370
00:29:00.200 --> 00:29:03.640
once and you store it, um, you know in a secure place,
371
00:29:03.839 --> 00:29:07.960
you're covered. Okay, So uh, number five, because we're running out
372
00:29:07.960 --> 00:29:11.119
of time here. Uh, let's
talk again, rapid fire. Let's check
373
00:29:11.160 --> 00:29:15.880
this off the list. Insurance.
It's great forward. If church has a
374
00:29:15.000 --> 00:29:18.960
cyber attack and if there's a data
breach, you need to have insurance to
375
00:29:19.200 --> 00:29:23.759
cover the cost, all right,
because there's gonna be some people accounts that
376
00:29:23.799 --> 00:29:30.279
have been compromised because you need to
have cyber insurance. Cyber insurance is needed.
377
00:29:30.640 --> 00:29:34.759
I'm just gonna make that statement blanding
as it is. So put that
378
00:29:34.839 --> 00:29:38.519
on your list and check it off
right right. Next up of our remaining
379
00:29:38.519 --> 00:29:42.880
three items of updating your upgrading your
software. Um, that should be another
380
00:29:42.960 --> 00:29:48.079
checklist item. Is there anything that
jumps off the page? What that looks
381
00:29:48.119 --> 00:29:52.039
like? Well, if you're working
with a third party vendor of putty much
382
00:29:52.119 --> 00:29:56.839
Let's say you have a third party
company that comes in, it comes to
383
00:29:56.839 --> 00:30:02.240
your church and they do to install
tests, race and whatever. You need
384
00:30:02.279 --> 00:30:06.880
to know who they are and how
they practice business, and you need to
385
00:30:07.720 --> 00:30:15.000
have somebody around that really understands what
these corporations are doing. Because because you
386
00:30:15.039 --> 00:30:21.200
need to keep your software upgraded,
but you need to know whether others are
387
00:30:21.200 --> 00:30:27.160
practicing the same type of security marriages
as you would in your church. So
388
00:30:27.200 --> 00:30:32.319
that's uh, there's where trust but
verified comes into play. Right, Yes,
389
00:30:33.079 --> 00:30:37.039
At seven of the eight is securing
all devices. Uh, that's where
390
00:30:37.079 --> 00:30:40.920
you bring in an expert again as
well. Right, but um, and
391
00:30:41.000 --> 00:30:45.720
we're even talking about, um,
you know a lost phone. I had
392
00:30:45.759 --> 00:30:52.279
my phone, um lost or stolen, and it triggers a whole other things
393
00:30:52.319 --> 00:30:56.359
in terms of access to that data. Right, but where are some devices
394
00:30:56.359 --> 00:31:02.680
we talked about securing We're I don't
think Uh most churches are. I guess
395
00:31:02.720 --> 00:31:07.160
some of you are doing um off
site a remote their employees or work in
396
00:31:07.240 --> 00:31:08.960
remote, so that you know that
applies as well. Right, it goes
397
00:31:10.039 --> 00:31:15.759
there. I'm going to start.
I'm gonna start from the top. As
398
00:31:15.759 --> 00:31:18.359
soon as somebody comes through the front
door. What is it that what type
399
00:31:18.359 --> 00:31:22.480
of devices do you need to protect
when they come in through the front door?
400
00:31:22.119 --> 00:31:26.759
When they when you have laptops,
when you have phones, when you
401
00:31:26.799 --> 00:31:33.279
have websites? Okay, what about
physical assets to certain offices that you have
402
00:31:33.359 --> 00:31:38.039
in place? Okay that all of
all of those are places and devices that
403
00:31:38.119 --> 00:31:44.119
need to be protected. But but
in form of a hacker or a criminal,
404
00:31:44.640 --> 00:31:49.079
most of the times, uh,
your endpoint devices will go serve as
405
00:31:49.160 --> 00:31:55.440
a financial honey pot for them,
and usually those are gonna be your laptops
406
00:31:55.480 --> 00:32:00.720
and your cell phones in your taboos. So although that pastor minister may have
407
00:32:00.759 --> 00:32:04.960
an open door policy for their office, that shouldn't be open door to their
408
00:32:04.960 --> 00:32:07.519
technology. Right, That's that's true. That's true. Should be closed with
409
00:32:07.559 --> 00:32:10.039
that one. That was a good
one. Okay, So our last at
410
00:32:10.039 --> 00:32:14.279
the top eight as we wind things
down here, Um, what about a
411
00:32:14.319 --> 00:32:17.480
security alert? What does that look
like? Um? Obviously that's another ongoing,
412
00:32:17.920 --> 00:32:21.759
you know, quarterly process. But
what was a security audit? I'm
413
00:32:21.759 --> 00:32:23.720
sorry, a security audit look like? Okay, you know what the audit
414
00:32:23.880 --> 00:32:30.279
is. It's it's going through and
making sure that all the checks in the
415
00:32:30.359 --> 00:32:35.440
box are correct. You can go
and think of an audit as an assessment
416
00:32:36.359 --> 00:32:42.880
or pretty much a quality Uh.
Look, when you do a data quality
417
00:32:43.000 --> 00:32:49.119
analysis, when you start to look
and to verify that all the rules and
418
00:32:49.200 --> 00:32:52.279
all your controls are in place.
Let's let's just say, for instance,
419
00:32:52.720 --> 00:32:57.920
if like one of your type of
controls you have in place is that only
420
00:32:59.079 --> 00:33:04.799
only doesn't it staff members is going
to have assets to the churches financial account?
421
00:33:04.920 --> 00:33:08.519
Okay, maybe it's only three people. Now, as as new people
422
00:33:08.599 --> 00:33:12.519
come on board and start to work
for you, and let's say they get
423
00:33:12.599 --> 00:33:16.880
assets to your system where you need
to do artists and to make sure that
424
00:33:16.960 --> 00:33:22.759
on the designated people have assets to
that particular information. Those are your artists.
425
00:33:23.160 --> 00:33:30.279
Also to email, because you want
to make sure that only designated people
426
00:33:30.319 --> 00:33:35.799
can send out certain certain types of
emails. So you really have to do
427
00:33:35.880 --> 00:33:38.880
your artists because an audit it's just
there to actually make sure that everyone is
428
00:33:38.920 --> 00:33:44.960
doing exactly what they're supposed to do, including your third party vendors, because
429
00:33:45.039 --> 00:33:50.240
supplier management is very important. I
don't care if you have someone that comes
430
00:33:50.640 --> 00:33:55.119
comes in your building to go work
on your h VAC machines. Okay,
431
00:33:55.759 --> 00:34:00.440
they are walking through your front door, because it's clear it's for that,
432
00:34:00.559 --> 00:34:05.440
right yeah, yeah, yeah,
because it could be someone someone that is
433
00:34:05.480 --> 00:34:10.159
actually um using a wireless wilder sniffer. All right, let me let me
434
00:34:10.199 --> 00:34:14.679
see if I can scan in here
and find some cell phones? Right all
435
00:34:14.760 --> 00:34:19.519
right, yes, I mean crazy, there's um that will put kind of
436
00:34:19.599 --> 00:34:23.639
Pandora's box. I think we may
uh revisit that topic on a second edition,
437
00:34:24.039 --> 00:34:28.559
second session. Let's close things out
with um uh. These are all
438
00:34:28.639 --> 00:34:32.639
like great pointers, I mean red
flags awareness issues that churches should be on
439
00:34:32.679 --> 00:34:37.199
the forefront. I mean, it'd
be great if a church were able to
440
00:34:37.199 --> 00:34:40.280
contact a speaker to host a workshop
or seminar at this topic. If only
441
00:34:40.320 --> 00:34:45.519
we knew someone that could host those
for a church, Right, how about
442
00:34:45.559 --> 00:34:52.519
d Wade Hard. I can I
can host. I can host workshops,
443
00:34:52.880 --> 00:34:57.599
and I can sit down with the
members and I can go through and talk
444
00:34:57.599 --> 00:35:00.840
to them. But you know what's
so interesting, especially my workshops, is
445
00:35:00.880 --> 00:35:07.960
that they're fund and they are engaging, and I separate people into teams,
446
00:35:07.880 --> 00:35:12.719
and I do a lot of teach
back exercises, and I do some role
447
00:35:12.800 --> 00:35:17.880
plan where I would be the potential
bad guys, right okay, And so
448
00:35:19.239 --> 00:35:23.559
their job if to stop me from
doing the bad things. So so if
449
00:35:23.559 --> 00:35:28.079
you're interested and having me to come
by and to do a workshop, please
450
00:35:28.119 --> 00:35:30.360
go reach out to me. That'd
be great. And imagine you could do
451
00:35:30.400 --> 00:35:34.960
those within Atlanta or potentially remotely as
well. Some church around the country around
452
00:35:34.960 --> 00:35:38.679
the uh uh in in US for
for certain, can reach out. And
453
00:35:38.679 --> 00:35:42.880
that's again Dwayne Hart dot com.
Uh. There you'll find all the links,
454
00:35:43.079 --> 00:35:46.639
social media links, YouTube. You
can purchase his book. Uh,
455
00:35:46.679 --> 00:35:52.000
you can check out his content his
podcast. But yeah, I think this
456
00:35:52.039 --> 00:35:55.800
would be a great call to action. Uh if you're a member of a
457
00:35:55.840 --> 00:36:00.360
religious or church organization, uh,
member of the staff, the pastor,
458
00:36:00.360 --> 00:36:04.400
of the minister, and so forth, and this is something that maybe it
459
00:36:04.480 --> 00:36:07.960
happened to your church down the road. Um, you want to be proactive
460
00:36:07.000 --> 00:36:09.400
on this, right and get ahead
of the game. You can definitely reach
461
00:36:09.400 --> 00:36:14.480
out to Dwayne um and have a
conversation, right, yes, and guests,
462
00:36:15.119 --> 00:36:17.880
But if you're listening to this podcast, I want you to share this
463
00:36:19.000 --> 00:36:22.000
with as many church members that you
know, your friends that live in different
464
00:36:22.000 --> 00:36:28.400
states, so that everyone can at
least go online until listen to this podcast
465
00:36:28.480 --> 00:36:30.800
because it's very important. Yeah,
well said. All right, So we're
466
00:36:30.800 --> 00:36:35.599
gonna sign off for this episode again
Rich casting over here in the Global Podcasts
467
00:36:35.760 --> 00:36:39.519
Studios on behalf of Dwayne Hart.
We'll look for you online and be safe,
468
00:36:39.599 --> 00:36:44.199
right, be cool, be smart, right, and keep that hat
469
00:36:44.239 --> 00:36:47.440
on that We'll see you next time. Yeah, all right, see on
470
00:36:47.480 --> 00:36:50.239
the on the flip side, as
we like to say,