Cyber Security

Show Notes

In this episode, we discuss how businesses can promote digital safety awareness and contribute to a safer digital community overall with Chris Gale. We also touch on the role of regulations, corporate responsibility, and education in enhancing cyber security. Join us as we navigate through the maze of cyber security, shedding light on challenges, solutions and their capacity to make a significant social impact. 


Chris Gale is a Business Development Director at We Are Group. Chris is a former Aviation electronics engineer who developed and facilitated human factors within the Aviation industry to improve human performance and reduce errors. With a passion for uplifting and empowering people, Chris left the Aviation industry and moved into the education sector.  It was here that he saw first-hand the disparity of digital skills throughout the community and was empowered to move into the social impact sector. Engineering still influences his thought process, and instead of now fixing aircraft, he is focused on fixing the digital divide. He believes that in 2024, it is a travesty that people are left behind and their situation worsened by the ever-increasing digital world driven by business and government; there must be a moral standpoint in which mechanisms are in place so that no person suffers from the digitisation services. 

Share your thoughts with us.

LinkedIn: @WeAreGroup.

X (formerly Twitter): @we_aregroup


Want to work with We Are Group? Contact us here or email: info@wearegroup.com


To find out more about We Are Group's services visit wearegroup.com


Social Footprint is brought to you by We Are Group

Transcript

0:06

Hello and welcome to today's episode of Social Footprint. We're joined today with Chris Gale, who's part of We Are Groups team and we'll be discussing the topic of cyber security. So in recent news, there's been a lot of talk about cyber security with the likes of Mark Zuckerberg and his contemporaries being made accountable for cybersecurity issues. So it's a really pivotal, pivotal topic that's highly reflected in news. So, Chris, can you tell me maybe the types of cybercrime that are common today? It varies very much dependent on the demographic base and subject area in particular. Fraud scams are evolving all the time and we have the generalisation type, which is phishing or spear phishing, which again, the random names can make people that are excluded from digital even more scared to kind of try and get engaged with it. I think the biggest thing for me when it comes to any cyber security issues is the constant evolution. Much like any disease that's out there, massively highlighted during the pandemic, the defences against them are only available retrospectively and the people that are creating these scams, frauds, viruses are evolving them faster than we can protect against them, which actually not only makes firms and organisations more vulnerable, but actually the grassroots people on the ground, the users even more vulnerable because they aren't able to, in their own individual way, think ahead and track the changes of things that could happen. So as a generalisation, we box them into sort of different compartmental types, but it's a constant evolution. The lines are blurred constantly and with the advent of AI, it's not just being used for good unfortunately. The distinguishing factors that would identify something like a fraud or a scam, the lines are being blurred even more heavily at the moment. Okay, no that's really interesting. I mean, even me, myself, I’ve seen loads of new scams that, like you said, the constant evolution of them. So QR codes scams in car parks, you know, robbing people of their money. I mean, what other ways are people affected and impacted by these kind of various types of cybercrime. There’s direct and indirect impact of these. Obviously the direct impact of it is someone can lose money, they can be affected emotionally. And psychologically because of the effect of what happens, a mistrust and therefore a push away from using the digital solution. Which in today's society impacts them even more. We know that someone that isn’t online is actually worse off than someone who is. So anything that pushes them away has a detrimental effect on them. And then if we look at the indirect impact of it, when we look at the people that are kind of on the fence digital, shall we say. Just cause someone's really prevalent on the social media does not mean that they're astutely able to use everything that's online, which is a common misconception. But it's the people that are on the fence, the people that are just starting their digital journey or just, just sort of dipping their toes into the digital world. Not quite really having the amazing benefits of the digital world that we we know are out there. Once they fall victim to scam, you tend to lose them. And it also has the effect, and I did see a statistic that was in the Lloyds Digital Consumer Index, which was 53% of those offline, not included in the digital world, choose to be offline out of fear. And it's that fear of having being scammed. It's that fear of having their identity stolen is a big thing and it is a rarity that is the extremity of what can happen. But unfortunately it's dramatised by the news because news sells and it's actually excluding people even further that were already excluded. So that would be the two types of impact of it, the direct, the people that get hit and then carry on, be that financially, be that emotionally and don't integrate. But also we've got the indirect, the fear of it stopping people wanting to be online. Okay, no that's really interesting. So I think, like you said, yeah, digital inclusion is definitely a spectrum. I think it's in the Consumer Index that 13 million are at the lowest digital capability. And then obviously you have a kind of an equal amount of 14 million at the highest and then you have the variation in between. So that's really interesting. So in terms of the solutions perhaps to those challenges, what can organisations or businesses do then to kind of resolve digital issues for individuals and really safeguard them against cybercrime? So that's a fantastic question. So if I look at any large organisation and it doesn't matter which sector it's from, they have essentially built their house of digital and the walls are particularly safe. They've got firewalls, but there will always be a vulnerability point to their system, which of a house is a front door. So the biggest vulnerability to an organisation is probably the customers that have to interact with it. If you think about any organisation that has to allow people either access to a portal and particularly uploading particular files and folders, not particularly prevalent yet. But I would argue that in years to come, that is how large scale cybercriminals are going to attack large organisations. So with that, for the organisations comes regulator fines for data breaches, compensation to their customers because their data has been taken. So I think when we're looking at support, we need to look at it in two different regions. It's the outward facing to the individual or the customer. But there is also a massive benefit to those organisations as well. So if we look at what's currently available, a lot of support for particularly online fraud and scam stuff and it's there's a lot of phone based stuff as well that comes from these organisations. And I think too often they're kind of separated out. So you got scammed online. Here's our online learning portfolio. Go and look at that. That will make you safer. Now, I know that firms and organisations are incurring massive cost because they're reimbursing the customer and it's a particularly good thing. I think it's great for the consumer because then they can understand that if they make a mistake, they're not going to lose out. So if we look at humans, for example, we can say that on average they’re 80% reliable, that would be considered the benchmark with no performance influencing factors. If you introduce a performance influencing factor and that could be anything illness, something that's going on in their life, a train that's late anything that puts them there, bearing in mind the majority of us do a lot of our digital solution via a smartphone. It's very easy to not interrogate the email correctly and click on the link when you're on a phone. Now, if you are that digitally capable? I would argue that, yeah, potentially an online solution would work and videos. And I will wholeheartedly say that the work that's been done with Experian in and around that that's being used by a lot of firms is particularly good for those 40 million people that you said. We're in the high end of digital. They're confident it was a minor error. If we look at the other demographic we need to look at, and particularly the lower end, we need to think about what puts them in that lower end. So the majority of stuff in this country will be in fairly technical English. English not as a first language how are they capable of becoming more secure? One of our websites are in English, so that's a performance influencing factor that can open them up to having fraud. So we need to overcome that barrier. Adult’s illiteracy as well, you'll be surprised how many people out there actually know a website and know a thing by literally feeling their way around it. So if a scammer replicates that website, it looks completely identical. They can't identify the different things. So what I feel is that is in the instance of fear with those people that have a lower digital skill and knowing that people that have potentially just started their journey are feeling vulnerable, we need to humanise the support without a shadow of a doubt. We need to continue to engage that individual when they're at their most vulnerable. Also, interestingly enough some organisations out there that have large regulating organisations, they have a duty of care for their vulnerable customers. So just signposting isn't enough. I would personally want to know and I know I always look at it with if something happened to my child, what would I want to know? I would want to know what happened. I’d want to get them the support they needed, and I would want to know that they got the support they need. So I think that's quite important for organisations. And if we take a step further and we look at full data breach, what we need to then know is not just safeguarding people in the moment. How can we safeguard people for a longer time? We know that in data breach and in scam that once a person has been identified to these scammers as a vulnerable, they've fallen victim. Often their information is sold on the dark web, which means they're more susceptible. So it's not just a safeguard in the first place. It's continuing support afterwards to make it more robust. Okay there's a lot to unpack there. Some really interesting comments. I think one of the interesting things you said that is that the onus a lot of the time is then put on the end user of the customer. It's kind of, you know, here's this resource pack that you can use to prevent, you know, falling victim to cyber crime. But like you said, the issue of kind of language barriers and whatnot. So kind of is there a way that maybe partnerships might be helpful in that in that kind of solution in terms of like, again, the humanising element, but also giving the end user that that kind of time and that care and that tailored support, is that possible? Yeah. Yeah, I think it is. There is if I think to some work that I'm aware of that we do, it's in partnership with other organisations and it's some it's in addition to service. So when we look at any large organisation, they will have a contact center. So you have the human element there, but it's more about, it's gaining trust of those individuals and it's having real time, real life resource that is actually able not just to impart information, but actually educate and upskill and encourage and build confidence in those individuals. And it's being able to have specialised people, not just in subject matter, but in people that are empathetic. And not everyone will need the same level of support. And I often think with potentially a good 99% of any customer support or a vulnerable support that's out there, we tend to find that it's very specific in general and it's X, Y and Z. In order to be able to physically help everyone, we need to be able to adjust that learning journey. Everyone's journey or anything is in different lengths from different starting points. So we need to adjust that journey to be able to get into their end destination. that's really interesting. So you also mentioned kind of regulatory fines for kind of large financial institutions. Obviously, whilst fines are an incentive for people to do things right and really support their customer base, what other legislation is out there that is really making organisations do what they can to support victims of fraud or cybercrime? Again, multiple across multiple different markets. So if we look at one that's quite prevalent at the moment would be the Financial Conduct Authority, Consumer Duty Act, which is designed to get fair outcomes for consumers across product based and these app. But it also mentions quite a bit about vulnerable customers. If we look at some Ofwat the water regulator, they've recently had an uplift in their legislation, which is heavily involved around vulnerable customers and, not updated yet, but previous Ofgem regulations stated in there that digital exclusion and low digital schemes are a vulnerability. So the regulators are aware of this. I think when we look at kind of different things, I think the part of the legislation which is really, really important is the regulatory reporting requirements, which is which is a really, really, really good thing. And for me it's really quite nice to see the regulators wanting to see those outcomes. It's not just lip service anymore, but on a humanistic basis. If you offer a service to someone that opens them up to be vulnerable, then as a human, do you not have a duty of care to be able to offer them support? That's there. And if you are then encouraging going digital first as firms are, I know that obviously a lot of firms have multi-channel or channel of choice, but with any scale in one direction you have a reduction in the other. If we’re going to continue with that trend and get that there, then people need the support. They need to be able to continue with that, with confidence. Really, I think there's the whole thing around this is confidence in the consumer. And when we talk about legislation and regulations, how much is it costing these organisations to effectively pay back fines and often multiple times with the same people, particularly if we look at particularly vulnerable individuals? Vulnerability is actually very transient. I think we label it too often. When we look at online, there's a misrepresentation that it's a certain age demographic that are vulnerable. It's not at all. If we look at some other vulnerabilities, mental health issues, for example, massively susceptible to cybercrime and manipulation. But as I said before, it's transient mental health. Can affect people in multiple different ways. It can be different in different times, in different scenarios. Therefore, we need support that’s there in the moment for the individual tailored to the individual, but also not necessarily a one and done. And it has a far reaching aspect for the firms themselves. I know that if I've had good customer service, I will feel loyal to that brand. I will continue to be with that brand and it's a competitive market out there. And if people feel loyal to that brand, they've had that support. They trust that company and that company’s digital solution as well. They're more likely to stay with that organisation as well. And I think that that's something that I think that will definitely change in the future as we move to almost a completely digital solution. But this is never going to go away. We haven't got to three, four or five years that it's not just 14 million that are completely digitally savvy at the high end of the scale spectrum, it will always be variable. There will always be a spectrum of people that are digital. There will always be a people that are transiently vulnerable, and there will be people that are completely vulnerable. So as much as it would be nice to say that we can put a timescale on this fraud and scam and online security issue because everyone will be at that point, we never can. And then we look to devices, for example, what do people use to access the Internet? We're in the middle of a cost of living crisis. People can't afford the latest tech with the latest antivirus software. People on the low end of digital skills. When they're on their first journey, they don't update their software on the phone because they're skeptical of it. I actually did a lecture. It was an old person's outreach, an MP event in Birmingham. And I spoke there about the benefits of being online. And we did a workshop afterwards and I said, if anyone needs any help with their device, come up. I'll be willing to do that. Fingerprint recognition, multi-factor authentication, just to try and break down some barriers and get them more secure. I would say a good almost 100% of them. I think there was one, had outstanding software updates on the mobile device that they were using. So they were all susceptible to some kind of attack. Well, that's really interesting. So, Chris, talking about education then as a form of kind of cyber security at what point do you think that should take place? Should it kind of be a preventative form of education before obviously the individual falls victim to cybercrime? Should it be kind of after the aftermath kind of thing and helping them and supporting them at that point of need? Or could it be should it be a combination of both? What are your thoughts? That's a really good question and it's very broad. I think if we talk in terms of an education piece, I think a lot more needs to be done at grassroots level in schools that they're making great inroads into that. However, we are becoming a very mobile phone app based culture, and children out there, believe it or not, would be considered partially digitally excluded because they're great on social media, but they couldn't interact with a an online form, things like that. So I think the education piece really starts at that grassroots level that's there. And I do think there is a place for advanced how to be safe online training. I think that would be quite an important piece. And I think with anyone who's currently digitally excluded and people with vulnerability that are sitting in that portion of the people that are not interacting with the digital solution because they have fear, I think that giving a big message on how to stay safe online is is definitely something that will be a catalyst for them to potentially get over their fear and get online. However, if we're looking at the people in the middle ground that are kind of flirting with digital, that are kind of using it, so what happens with them if they build a confidence level because it's never going to happen to them. They have their own digital footprint, their own things that they physically use and are used to. So and it's been proven in typical education that any sort of advanced learning or watch this it would benefit you has a very, very small take up. I think it's if it can be done through digital learning and if there is an option if people want it, I think when we look at any solution to anything, be proactive or reactive, we need to offer as many variable ways of that solution as possible to be able to help that individual in the way that they wish to be helped. I think that that's very, very important to pigeonhole it to a single solution. It is almost a definition of exclusion, if I'm honest. But that being said, we know that people aren't going to uptake an educational piece It is a fact. So not necessarily preventative because something has to happen in the first place to have some kind of after the event, care or support. What that then does is it allows people to get the knowledge that even the most susceptible, they're most open to it. Someone once said to me that you only go to the doctor's when you're sick. You don't think about the doctors when you're okay. Yeah, that's when you want the doctor. So when you're going to want this support and help is when something happens because it becomes a reality. It's no longer a thing that could happen to someone else. And I think that that is there, and I think it should be multiple different ways of doing things so stereotypically. If we look at a large organisation, the way that individuals make contact after they've fallen victim to online fraud or scam or any type of cyber attack is they pick up the phone. So that clearly identifies to me that's their channel of choice once something bad goes online they've lost trust with online at that point. They're vulnerable, they feel it. So they pick up the phone. That's why if you look at the financial sector, for example, their fraud teams, all have phone lines. So that shows that that is the preferred channel of choice. It becomes nice and safe for those individuals. That's what they want to do. So if someone is fearful in that instance, the fraud teams that are in financial sector think give some support, they refund the person. That's the big thing that people want. They make sure they're secure. But then is that just a hand off to here's some e-learning? Well, if they were confident online that they've been scammed, and then would they not contact through a digital channel? So I think we need to facilitate channel of choice, but more in this instance, channel of confidence for them to be able to do that. And I think that it needs to be in that incidents of palm off isn't really sort of helping your vulnerable customer. It's almost like a a go away to it so fully. We need to think about the person in the instance of where they are and how they feel. And that's true of any vulnerability. If I'm honest, if we look at anything and this goes along the line with there's support lines and help lines for absolutely everything out there. Take some of the great stuff done. Samaritans have got one, Mind have got one, Rethink have got one. They're all phone lines because we know that that's even more considered a vulnerable person, a channel of choice. And I think at that point, then we need to ask the question of the individual. First of all, do you want this support? Second of all, what kind of support do you want? In what format, in how, who, when, where and what? We need to as organisations support the customers when they're most vulnerable and the best method to them. And it will do numerous different things. It will have a dramatic increase in their confidence, which will keep that person engaged with the digital solution. It will definitely prevent it from happening again because we've given it in the methodology they want when they're most susceptible. So we know that they're going to take on more of that information. It will mitigate the fines that are potentially going to come out from organisations. It will mitigate them having to pay more fines again, because they would have had better education, better uptake and better retention of knowledge. So that is how I would say the two education pieces when we need both very different people are capable of different, but we can't choose one solution over another. Otherwise we exclude people. Okay, no, that's pretty that's I think a really nice summary from me there as well to end on really talking about bringing cyber security to the people, humanising it and you know, really giving people that that education to support them in the matter of cyber crime. So thank you so much for joining us today. Talking about cyber security. It's been a great conversation. I've learned a lot and I hope our listeners will have, too. It's been great. Great to have you. Thank you very much.