Plot hole: Garriga shows a small thumb-sized device, claiming it changes his password every 15 minutes, thus protecting his servers against brute-force attacks. In real life, remote servers are resilient to brute-force attacks because they restrict wrong guesses. Worse, changing the password every 15 minutes means Garriga would never know a password that can be reused indefinitely within 15 minutes! In real life, we use time-based one-time passwords (TOTP) and 2FA instead.
Plot hole: Paul should have been shocked as he put his vibrating fork onto the live cable if it was conductive in order to shock the bad guy.