WEBVTT 00:00:00.000 --> 00:00:02.940 Cybersecurity is a topic that affects nearly every individual. 00:00:02.940 --> 00:00:06.000 Rich Baich, Wells Fargo’s Chief Information Security Officer, 00:00:06.000 --> 00:00:08.140 reviews the current state of cybersecurity. 00:00:08.140 --> 00:00:15.560 (music) 00:00:15.560 --> 00:00:18.600 To work towards a safer world, cybersecurity is kind of like a 00:00:18.600 --> 00:00:22.840 grassroots effort. I think we need to step back. We need to start 00:00:22.840 --> 00:00:27.620 early in our school systems and begin to help individuals learn how 00:00:27.620 --> 00:00:31.820 to be safe, what are the dangers associated with utilizing the 00:00:31.820 --> 00:00:35.160 Internet, but at the same time embracing the fact that our future 00:00:35.160 --> 00:00:39.480 is moving toward digitalization. And if we focus on ensuring the 00:00:39.480 --> 00:00:43.200 future generations understand the risks associated with it, they 00:00:43.200 --> 00:00:45.800 can further enhance and hopefully the Internet could continue to 00:00:45.800 --> 00:00:49.200 be a positive experience rather than a negative experience. When 00:00:49.200 --> 00:00:53.400 the Internet was built, it wasn’t built with security in mind. Now 00:00:53.400 --> 00:00:57.640 we’re kind of tracing our steps back to secure it. And it’s going 00:00:57.640 --> 00:01:01.000 to be a journey. But the first step is always the human element. 00:01:01.000 --> 00:01:04.820 The individual is always the weakest link because we are the ones 00:01:04.820 --> 00:01:08.980 that either fail to patch our systems, click on an email that we 00:01:08.980 --> 00:01:12.000 shouldn’t, or we notice something going wrong with our computer 00:01:12.000 --> 00:01:14.800 but we don’t necessarily understand it. So we keep doing what 00:01:14.800 --> 00:01:19.360 we’re doing. So through education and awareness, I think that we can 00:01:19.360 --> 00:01:22.400 reduce the threats that are associated with the environment today. 00:01:22.400 --> 00:01:28.400 (music) 00:01:28.400 --> 00:01:31.800 Well, I think they need to have a realization that everything that 00:01:31.800 --> 00:01:35.700 they do and everything they say and they put on the Internet can 00:01:35.700 --> 00:01:41.400 be viewed by most people. And if we look at social media, you know, 00:01:41.400 --> 00:01:44.800 there are protections for all the social media platforms, what you 00:01:44.800 --> 00:01:48.800 make private, what you make public. Understanding those things and 00:01:48.800 --> 00:01:52.400 adhering to them can help lessen, you know, kind of your cyber 00:01:52.400 --> 00:01:57.400 beacon on the Internet. And know that individuals and organizations 00:01:57.400 --> 00:02:02.000 that are potentially targeting you monitor those sites. You know, 00:02:02.000 --> 00:02:06.320 it is a wealth of intelligence collection. Many of those are used 00:02:06.320 --> 00:02:09.600 for counterespionage, but in addition to that, just the average 00:02:09.600 --> 00:02:13.600 normal criminal is surfing the Internet, looking for that individual 00:02:13.600 --> 00:02:17.600 who is smiling and posting because they’re on a 30-day cruise around 00:02:17.600 --> 00:02:21.600 the world and somebody figures out where they live. So, being very 00:02:21.600 --> 00:02:25.400 careful what you put on social media is one thing. In addition to 00:02:25.400 --> 00:02:31.260 that, I would say savvy home security type of features would be 00:02:31.260 --> 00:02:34.300 things like making sure you update all your patches on your 00:02:34.300 --> 00:02:39.480 platforms, whether that be mobile or laptops. In addition to that, 00:02:39.480 --> 00:02:44.040 making sure if you have vulnerabilities, or you have applications, 00:02:44.040 --> 00:02:47.800 those remain updated. And making sure that you have enabled your 00:02:47.800 --> 00:02:51.000 desktop firewall. And to help understand that, I’ll give you an 00:02:51.000 --> 00:02:54.900 analogy of a house. So when you think about a house, think about 00:02:54.900 --> 00:02:58.500 the front door being your firewall and think about your windows being 00:02:58.500 --> 00:03:03.000 your patches. So, if you’re living in a house in a neighborhood 00:03:03.000 --> 00:03:07.160 that anybody can walk by, which is what the Internet is, and you 00:03:07.160 --> 00:03:11.380 leave your front door open. Now, not everybody wants to come in 00:03:11.380 --> 00:03:15.000 and find out why that door is open or what might be in your house. 00:03:15.000 --> 00:03:18.200 But by keeping it open, you draw a little bit more attention to 00:03:18.200 --> 00:03:21.600 yourself. So if you don’t have a firewall enabled, you’re drawing 00:03:21.600 --> 00:03:24.800 attention to yourself. Now let’s say you had the door closed and 00:03:24.800 --> 00:03:27.900 then you look at your windows. Going to use your windows as your 00:03:27.900 --> 00:03:30.200 patches. Well, you know you’re supposed to keep your windows closed 00:03:30.200 --> 00:03:33.400 and you shouldn’t necessarily have holes in your windows or broken 00:03:33.400 --> 00:03:37.000 windows. So when a patch comes out, what’s that basically saying 00:03:37.000 --> 00:03:40.600 is the window’s now open, it doesn’t work. Or maybe it’s broken. 00:03:40.600 --> 00:03:44.000 And you need to call someone to fix it. So when you’re looking for 00:03:44.000 --> 00:03:48.000 the thought of potentially using an IT professional to help you 00:03:48.000 --> 00:03:51.000 secure your own personal environment, think of it just like it was 00:03:51.000 --> 00:03:54.400 a financial advisor, right? Are they skilled? Are they 00:03:54.400 --> 00:03:58.800 professionalized? Can you trust them? So utilizing somebody’s 00:03:58.800 --> 00:04:01.840 always a choice, and it’s not a bad thing to do. 00:04:01.840 --> 00:04:09.080 (music) 00:04:09.080 --> 00:04:13.240 Responsible information security oftentimes is a difficult 00:04:13.240 --> 00:04:17.000 definition because again we don’t have constitutional laws that 00:04:17.000 --> 00:04:20.400 say, this is good information security. And, you know, there’s not 00:04:20.400 --> 00:04:24.600 a framework, there’s not a checklist. So really the responsibility 00:04:24.600 --> 00:04:28.400 comes down to that organization. But in today’s environment, I 00:04:28.400 --> 00:04:33.200 think customers as well as just citizens expect and understand the 00:04:33.200 --> 00:04:37.400 simple things, which is, you know, having firewalls, making sure 00:04:37.400 --> 00:04:42.600 your equipment is healthy, making sure that you’ve got expertise 00:04:42.600 --> 00:04:46.200 working in your environment that could help you understand it. And, 00:04:46.200 --> 00:04:50.200 the most important thing is obviously transparency and the ability 00:04:50.200 --> 00:04:54.000 to have a comfort level that an appropriate amount of investment 00:04:54.000 --> 00:04:58.000 and an appropriate amount of skillsets are focused in this area, to, 00:04:58.000 --> 00:05:01.400 again, to ensure to keep that information that that particular 00:05:01.400 --> 00:05:05.600 organization is trusted with keeping safe. If more organizations 00:05:05.600 --> 00:05:09.580 focused and took pride on ensuring the trust of their customers are 00:05:09.580 --> 00:05:14.080 as important as the funds that they collect, I think ultimately the 00:05:14.080 --> 00:05:17.800 organization itself will be stronger, the customer will be happier 00:05:17.800 --> 00:05:19.560 and our nation will be stronger. 00:05:19.560 --> 00:05:27.800 (music)