Cybersecurity Education: Best Practices

Intro  0:01  

Welcome to the She Said Privacy/ He Said Security Podcast. Like any good marriage we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.

 

Jodi Daniels  0:22  

Hi, Jodi Daniels here. I’m the founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified informational privacy professional providing practical privacy advice to overwhelmed companies.

 

Justin Daniels  0:36  

Hi, Justin Daniels. Here I am passionate about helping companies solve complex cyber and privacy challenges during the lifecycle of their business. I am the cyber quarterback helping clients design and implement cyber plans as well as help them manage and recover from data breaches.

 

Jodi Daniels  0:51  

This episode is brought to you by Red Clover Advisors. We help companies to comply with data privacy laws, and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, SAS, ecommerce, media, and professional and financial services. In short, we use data privacy to transform the way companies do business. Together, we’re creating a future where there’s greater trust between companies and consumers. To learn more, visit redcloveradvisors.com Are you feeling trans? My feeling transformed today? Why am I feeling trans? Like the word of the day to us? Oh, the word of the day is transform. I thought it might be chatty.

 

Justin Daniels  1:34  

Well, you’re very chatty everyday,

 

Jodi Daniels  1:37  

and we haven’t had any. Well, you don’t ever drink coffee. I haven’t had any coffee. Indeed, indeed. But we’re excited today because we’re gonna dive into a fun topic. Today we have Brandon Laur, who possesses a master’s degree in professional communication in his multi certified in Oh cent. for over 13 years he has been working with The White Hatter providing cybersecurity training. In 2018, he was awarded the Medal of good citizenship for efforts in schools addressing disturbing content, cyber bullying and critical incidents. Brandon, welcome to the show.

 

Brandon Laur  2:11  

Thank you for having me. It’s a pleasure to be here.

 

Jodi Daniels  2:14  

Well, we’re really excited to get started. This is such an important topic. We always like to cover protecting children and really everybody who can you know, be victims of disturbing content, cyber bullying and all these types of issues in our digital world. And why are you looking at me strangely,

 

Justin Daniels  2:33  

cuz I was thinking fondly about what you showed me yesterday that you got a text about I think you should share that with

 

Jodi Daniels  2:39  

the audience. When did I get yesterday as a text? Well,

 

Justin Daniels  2:43  

an organization with which you’re not familiar sent you a text update settings for an account for which you don’t have. Oh, well, then thank you, our friends from Metamask. And God has no Metamask account. Jodi, what’s metamath?

 

Jodi Daniels  2:57  

Well, I think we’re gonna dive into today’s topic for a discussion. My guess is it wasn’t actually from them. It was someone trying to pretend that it was them. Indeed. All right. So pulling it back. Brandon, tell us a little bit about your career arc and how you got to what you’re doing today with White Hatter. Oh, that

 

Brandon Laur  3:17  

takes a lot of twists and turns. And it’s developed quite a lot over I would say the past 14 ish years when I really started doing security information training and teaching and practicing. So I would say our organization is actually a family company. My family started the business who probably 29 ish years ago. And back then it was not so much cybersecurity, it was more physical personal protection, how to avoid dangerous physical situations. And then as a team, I began delving into the area of information security and privacy and understanding what the issues are and problems that exist in computers today. And with that knowledge, I was learning myself my family who are running a information organization, providing workshops and training to people of all ages began incorporating this cybersecurity information into programs. And now as the company stands today, it’s now pretty much exclusively cybersecurity privacy and digital literacy, and kind of cool from a teens perspective, how it all started and messing around technology, coding, programming and hacking.

 

Jodi Daniels  4:47  

Well, thank you for sharing. I think it’s always really interesting to see how you took you know, a family business that started in one era and continued to evolve as the digital age evolves. Who knows what we’re going to be training about in 10 years? Quantum Computing, I am competing. Yes. Metaverse how to be a different avatar. Yes,

 

Justin Daniels  5:07  

I could use the Jodi avatar,

 

Jodi Daniels  5:09  

Jodi doesn’t have an avatar.

 

Justin Daniels  5:12  

Indeed. So I guess, an interesting place to start would be, how has privacy and security education evolved because Jodi and I are both in these fields. And yet, when we went to school, there weren’t any courses. And now, of course, there are a lot of courses.

 

Brandon Laur  5:29  

It’s evolved a lot over the past 1310 years or so. But definitely, it’s, I’ve seen it being less so avoiding viruses, per se, and it’s more around phishing and scams, which always has been, but now with modern cybersecurity, quantum computing, and, and all these AI systems that kind of do a lot of security work for us. So though there still is a need for professionals to go in and manually fix problems. That’s why we’re all still employed. AI has not taken it all away from us. But we’ve seen a lot of when you buy a computer off the shelf. But nowadays it is more soon, I use air quotes here, it is more secure today than say 15 years ago. But what still is persistent are the scams and phishing. And that’s what I did my master’s degree on. And that that was very interesting. And when I have a whole cohort of these marketers, and I’m the one going, I want to study hackers, weird, dynamic, but really cool. And I think that’s our main focus in our organization and working with parents and caregivers and youth today, to kind of get them up to speed on when they get into a professional role. They have some of the fundamental basic understandings of how to deal with scams, phishing, and potential viruses and hacks.

 

Jodi Daniels  7:08  

So I’d love to learn a little bit more about where do you find people are coming in? So my assumption is, they’re coming in and don’t know a whole lot about this. And can you walk us through how you go about educating and training so that they are aware and prepared. We do a lot

 

Brandon Laur  7:25  

of work with youth we brought we broadcast we present to students all over North America, and students can come in with a very degrees of experience when dealing with phishing, and hacking. And there are some students who are quite literate in that area. And there are some who are not. The challenge that I find is when you’re looking at grade school, for example, you know, what kind of math level a student at grade seven should have and what kind of math level a grade 10 students should have. But you’re talking about cybersecurity is open, like there is no fundamental basis that at this age, a person should know the strategies and these tips and these tools. So it is very wide and an audiences I try to work with, which is a challenge as an educator, because I don’t want to talk about redundant stuff that most of my audience might know about. But then how, where’s that balance? And it is an incredibly difficult job, and it’s a balancing act. Can you

 

Jodi Daniels  8:37  

share a little bit more about what are some of the training tactics? How do you go about training? Let’s pick a seventh grader. As you mentioned, like someone in grade seven, what does that type of training look like? It’s generally

 

Brandon Laur  8:50  

examples. We I like to kind of run through kind of how websites are made up most scams and phishing links are usually the primary method of infiltrating and succeeding the hack is through a malicious web link. So showing the students what and even adults as well, you know, what is a top level domain? What’s a second level domain? What’s a sub domain, and it’s those subdomains that are always very tricky, because you got I show students examples on, here’s what a link looks like, on a mobile phone, which, generally a mobile phone is only a few inches or so in length. So a lot of scammers and hackers will hide long scammy links in super long web links. And as a user, you actually have to go click on the URL to see the full link. So I walk students through some of the fundamentals of how websites work, so that they can better be able to detect if there is a potential problem and actually some of that same training I do with business professionals. So again, people can come with various degrees. his experience in handling this stuff.

 

Justin Daniels  10:05  

One of the questions that I had was the privacy and security industry both have such fast paced evolution. What do you have any thoughts around? What are keys to keeping your knowledge up? Where are you seeing that there’s some real basic concepts that everybody needs to know that kind of stay the same. And then we can get into different fields like a blockchain autonomous vehicle and a drone, and then apply these ideas more specifically, to training in those areas.

 

Brandon Laur  10:33  

Principles stay the same, diverse in application. And that was a phrase my my father used for, and still does today. And that a lot of the common apps and scams that exists today mirrors similar examples of what we saw 2015 10 years ago. And in regards to the general population, there’s a lot of missing fundamentals that a lot of business professionals, workers don’t have at their disposal or haven’t had the opportunity to experience that makes them more susceptible. I mean, everyone’s going to receive a scam message or phishing phishing message at some point, if not multiple times in their career. But some people might not be more than others. But, you know, a lot of people don’t have those fundamentals. So we in our organization, we address the fundamentals. Because if you have those basic understandings, you can apply that to blockchain drones. And, you know, those technologies are made by people. And unfortunately, sometimes people can make mistakes. We see Facebook back in years and years ago, when it was first being developed and upgraded and all the mistakes in its infrastructure that existed. And today, it’s generally pretty secure against external hackers. Facebook, it’s a whole other topic point. But, you know, I think today, fundamentals are the same as they were 1015 years ago.

 

Jodi Daniels  12:21  

I have to imagine there’s probably a bit of a divide between let’s talk about parents, and kids, what might you say are the common misconceptions that parents have of what their kids might know? And is there anything that you’re teaching the kids that the adults listening need to know?

 

Brandon Laur  12:41  

The biggest misconception I think today is a lot of older adults might have the perception that youth today know all the tech answers or have the fundamental knowledge of how to fix every tech problem. And maybe in the millennial age, maybe when millennials were kind of developing with technology, and they were still at times needing to you say Windows command prompt. But today, we’re not really seeing that with all youth. It depends. There’s a variety of degrees of, of skill levels. But yeah, there are some youth today who have a tech problem, and they can’t figure it out. They may not have the digital literacy or critical thinking ability with technology to solve problems. And I think that’s a big misconception that we’re seeing today. And on the other side, it’s sometimes parents think that they don’t know anything, and that they are kind of absent from parenting and engaging with the Internet. And it’s not that hard. There’s a lot of abdication of responsibilities at times. And there’s a lot of challenges that exist in parenting on the internet that we also try to address because parents come again, with a wide variety of experiences, some parents who are looking at today’s parents, who are generally millennials, who are who grew up with technology and its development, and then you’re looking at maybe older parents, who maybe more in the boomer age, maybe from there you’re looking at less experience. So it’s a balancing act again.

 

Jodi Daniels  14:31  

We were like, We’re Yeah, we’re we’re homeless, or homeless.

 

Justin Daniels  14:36  

We’re the homeless Gen X, or

 

Jodi Daniels  14:38  

we’re, we’re the homeless Gen X or something always excluded from everything. Memes are completely accurate.

 

Justin Daniels  14:46  

Notice we went right from boomers, the millennials and their technology skills,

 

Jodi Daniels  14:50  

because we’re always the Xers are always always left that.

 

Brandon Laur  14:55  

It’s true. It’s true.

 

Jodi Daniels  14:57  

I mean, that was the argument even on the Super Bowl, half Time shows. One was for the actors, and everyone else was upset

 

Justin Daniels  15:04  

you have training specific for excellence.

 

Jodi Daniels  15:09  

I think we just were just so flexible. We can go in either direction. I was going to ask about tools, are there any particular apps or tools that you might recommend to help either the parents or the kiddos?

 

Brandon Laur  15:26  

For tools for kids, we like to address I think password management and early age now because you’re you’re looking at young people today. And everything you do on the internet somehow requires an account, everything needs an account. And account management is one of the biggest mistakes we see from youth today, we get messages on Instagram and Twitter or not so much Twitter, but other social networks, where useful message is going, Hey, White Hatter team, someone logged into my account, and somehow I forgot the password, or they have a bunch of throwaway emails, and they have forgotten to log in for those emails. And their accounts are attached to those emails. And now they can’t recover their password for their accounts, it can get pretty messy. So we like to address password management. So using password managers, all the major ones, you know, man, Google password manager, iCloud, LastPass, Dashlane, all the major ones that exist. And we work at that at a young age, because we want to make sure that young people today have a good starting point. So in later in life, when they realize there is a mistake, or they have to go back and enter all their accounts and find all these accounts, it’s less of a hassle

 

Jodi Daniels  16:43  

to get the results. Nope. Yeah, go ahead. Now, I was just gonna say good advice. I think the older adults also need password managers.

 

Brandon Laur  16:52  

Exec yep, yep. When we work with parents as well, and working professionals, password managers, I think account mismanagement, biggest mistake I see today, or, you know, classic, using the same password for all your accounts back classic. So password managers, wonderful, wonderful tool for really,

 

Jodi Daniels  17:13  

all ages ago here included password managers know better now.

 

Justin Daniels  17:22  

Just from your perspective, when you’re going to learn about new ideas, or more importantly, maybe about thought leaders in the space about how things are evolving? Where do you go to find that I

 

Brandon Laur  17:38  

have an extensive RSS feed that I get way too many notifications on every single day. But I like to try and stay up to speed on recent challenges and problems that exist. Obviously, my Google Alerts feed as well. So I don’t necessarily look for individual people per se, I’m more so looking for certain topics. And then there’s probably gonna be someone in that area that has experience and knowledge in that area I can draw upon. And that’s how I kind of expand my knowledge base.

 

Jodi Daniels  18:14  

Anyone in that RSS feed that you want to call out? Anyone on that RSS feed? Or topic or something?

 

Brandon Laur  18:23  

Like? Yeah, I can definitely fishing topics are top of my list there. We do a lot of work in regards to sextortion when it comes to cybercrime. So those are some of my top be lists. I think, Oh, my top of my head, who’s talking my head? Honestly, I’m completely drawing a blank on that one.

 

Jodi Daniels  18:53  

And that’s okay, if you remember it, just chime on in. We talked about password management as a really important tip. And we always ask everyone, what is your best privacy and security tip? So what might you offer that is not a password manager? Because we come with that. You have to pick a second one.

 

Brandon Laur  19:09  

Fair enough best password. Privacy. Password? Yep. Ooh, I would say best tip. I think I think that everything you do online is public in searchable even though you might have a private account. And obviously if you’re running a end to end encrypted network or something. I’m talking about the average users. Mostly everything can be searched can be copied if you send something to someone else, even though if you are using an end to end encrypted network, something stopped me that person was screenshotting it and posting it publicly dealing with high schoolers. That happens a lot. But it’s a private account or people think that they people are not allowed to screenshot the message they send I guess that would depend on the state that you’re living in. Um, but most places have one party consent laws. So, yeah, you send something privately, person can copy it and save it for later and repost it. And that was one of the biggest misconceptions that we see among people of really all ages is that everything online, think of it as public and searchable. If you do that, for less chances that problems might pop up for you. Yep, that’s

 

Jodi Daniels  20:27  

a great way to look at it. I know I, and educating our our daughters, we talk a lot about everything you put out there, it can be shared, it can be copied it can and be comfortable with every single thing that you’ve put out there.

 

Justin Daniels  20:41  

Well, when you’re not helping educate the millennials, and the boomers. And that to be determined people in between? What do you like to do for fun?

 

Brandon Laur  20:54  

For fun, honestly, I love relaxing, sitting back playing some games. Civilization five, one of my favorites. Just just play around in a sandbox and just relax and think the world outside my computer doesn’t really exist for a little bit.

 

Jodi Daniels  21:13  

Well, now if people would like to learn more about you and The White Hatter, or where should we send them?

 

Brandon Laur  21:19  

A website is probably the good starting point. So thewhitehatter.ca As we are a Canadian company, and we’re proud of that. So thewhitehatter.ca. And then we’re also on YouTube, and almost every social network you could possibly think of Twitter, Instagram, all those ones. So our handle is typically White Hatter team and you can find us on all the major platforms.

 

Jodi Daniels  21:46  

Well, we’re so grateful that you came here today to share about typical tips have a little fun and generational a conversation. And, and overall to really help emphasize that everything. I love what you said that everything that you put out there is public and searchable even if people think it’s in a private account. So thank you so much for the great work that you’re doing out there trying to help educate and protect people of all ages. Wonderful.

 

Brandon Laur  22:13  

Thank you for having me.

 

Jodi Daniels  22:14  

Absolutely.

 

Outro  22:20  

Thanks for listening to the She Said Privacy/He Said Security Podcast. If you haven’t already, be sure to click Subscribe to get future episodes and check us out on LinkedIn. See you next time.