May 9, 2019
What do Insurance Companies say about Cyber Attacks? It might surprise you.
What is two-factor authentication and should you use it? Today I discuss my thoughts on this
What automatic feature has Google added, Listen in, for more info on this
Should we have government protected Tech monopolies? My thoughts about this and more
For more tech tips, news, and updates visit - CraigPeterson.com
---
Transcript:
Below is a rush transcript of this segment; it might contain errors.
Airing date: 05/11/2019
Cybersecurity Breaches Are Your Fault - Can't Make Insurance Claim - Google's New Automatic Feature - Facebook Is Government Protected Monopoly
Craig Peterson 0:04
Hello, everybody, Craig Peterson here, Hey, are you a business
owner? Do you work in a business? Are you may be a little concerned
about cybersecurity? And maybe you have insurance for a hack. I
know a lot of insurance companies have been kind of adding that
type of rider on lately. Well, I got some news for you today. The
whole thing here about two-factor authentication and Apple, you
know, the most security you can have the best security is something
you have along with something, you know. Well, that's what 2FA is
all about. And we're going to talk about that, what Apple's doing,
what you can do, and what we do ourselves and for our clients to
keep data safe. Google, Oh, my gosh, they are doing something good.
We'll tell you about that and how to take advantage of they're
forgetting a promise that they've just made. A really
interesting response here from this is a company we use called Duo
and their CEO talking about cybersecurity today. And he says the
businesses are doing a whole lot of it. But too much funding is
going into cybersecurity right now. Because there's so much money
that's getting into the whole cybersecurity realm. The CEO and
founder or co-founder of a company called Duo, D-U-O, Security.
They were bought recently by Cisco. And we were using them before
Cisco bought them. It's funny. That seems to happen a lot to us.
Meraki, we were Meraki guys. And then Cisco bought them. Duo guys,
and many others, Snort and the list goes on and on. But he said
that cybersecurity and the investments that funding going into them
is way overhyped in a lot of breaches because we're getting the
basics wrong. That is absolutely true. And I got to tell you that
now. It's not overhyped in that you're not at risk, because you are
we've seen the statistics, the hard statistics, even from people
admitting that their businesses were hacked. More than half of all
businesses say they have already been hacked. Okay. So that's not
what he's talking about. He's talking about the money that's going
into funding some of these cybersecurity startups. And I can really
see this, I understand what he's talking about here. Because so
much of the vulnerability that we have is pretty darn basic. And it
goes back to passwords. And in the case of Duo Security, the whole
concept of two-factor authentication. So here are the basics. In
case you're wondering, we're talking about fishing scams. A couple
more here. But phishing scams, of course, are those emails that
come in that make it look like whoa, wait a minute, now. This is a
legitimate email or it's not and then people fall for them. Right.
So the basics are phishing, scam, stolen password, and employees
using devices that are not up to date or patched. And that's what
we really, really emphasize with our clients. One of the biggest
services we offer is making sure the machines are all patched up.
We do it right. So something messes up. You know, it's our problem
and we take care of it.
Craig 3:42
Stolen user credentials leading cause of breaches. We know about,
for instance, Senator Maggie Hassan from New Hampshire and her
staff member who admitted to stealing passwords using a keylogger
apparently on this senators computer are they. I don't know could
even make a movie about this, it'd be pretty boring, wouldn't it
frankly. A good book about that, by the way, A Thousand Miles, look
it up if you haven't read it already. But smart attackers are going
after people now not just systems because that's where the money
is. It's kind of the basics. Now, this guy is a very interesting
guy. And let's talk about Duo here for a minute, we are the full
disclosure a Duo reseller. D-U-O, you can find them online. And
they have some very cool technology that we tie into these special
fobs, these special little USB keys that allow us to identify
ourselves and who we are. So here's what happens too. We have it
tied into, for instance, our iPhones. So if we try and log into a
system that's, that's privileged, you know, particularly something
that has any form of customer information on it, the system comes
up and says, Okay, I need to authenticate you. So it now sends a
special message to our iPhone. And the iPhone has a thumbprint
reader on it. So we have to unlock our iPhone. And then we're going
to Duo, and Duo's telling us because it popped up on our phone,
hey, somebody is trying to gain access. And then you accept it. You
say, yeah, that was me, it's fine. And you give it your thumbprint
and a code. And now you can log into that website, you can get on
to that computer, you can use that software. DUO is just absolutely
fantastic. And frankly, it is crazy important for you to have
something like this in your business. And that takes us back to
what Apple is doing right now. Some people are annoyed by this,
Apple's two-factor authentication. I don't know if you're using
anything but remember what I just said the most secure way? Well,
the most secure way of securing a computer is to unplug it, rip out
all the wires and put it in a vault, right with no electricity. But
if you needed to be able to use the computer, two-factor
authentication works. And that's part of what Duo is providing
here. And just texting, texting, phone numbers back and forth,
doesn't cut it, by the way. It sends you a message and you respond
because people can steal your phone number. And then life gets
really complicated, doesn't it? It gets really competent very
quickly. And we've seen that again. And again, people stealing, for
instance, Bitcoin accounts, but also stealing access to regular
bank accounts and tens of thousands of dollars have been stolen out
of it. So what Apple did is this is pre-Duo, pre-a lot of these
things, is Apple said well wait a minute, most of our customers
have multiple devices. So when I logged onto my computer sitting
right here in front of me today, it had a message because this is
an Apple computer. And it had a little message and the message
said, someone just started using your account on this day and time
at this location. And this is the type of computer, was that you?
And of course, it was me. So I said yeah, cool. But before I logged
into this computer, and I was installing a brand new wealth new to
me, right, it's actually kind of old MacBook Air. And I put my
account on there and I put my Apple credentials on there. Apple
sent a special message to my iPhone saying hey Craig somebody is
trying to log on creating an account, etc, etc is this you? So with
Apple's two-factor authentication turned on, every time you attempt
to sign into an account, you're going to enter your password. And
then you're going to receive a second security notification that
might come through on your desktop, on your laptop on your iPhone,
on your iPad on your iWatch right? Actually, Apple Watch, they
should have called it iWatch.
Craig 7:59
And then usually it looks like a text message. It's not a text
message. In this case, it's actually built-in, it's a utility part
of the operating system, it gives you this six to eight digit code,
and you entered into the website. Now in most cases, the websites
are going to send you a text I already explained why that's a bad
idea. And why it's a good idea to use Duo, it usually takes us a
few weeks from start to finish to get a company switched over to
Duo, because there's a lot of configuration that has to happen and
training that has to happen. And you have to get the right little
devices for people to use. But here's what you should do. If you
have an Apple device, you should be using their two-factor
authentication, because it gets around all of the problems you have
with Android devices, for instance, that are receiving SMS messages
again, that's what I use Duo, it works on Android as well. So make
sure you turn it on, don't turn it off, you're going to get it's
going to say Apple ID verification code. And you have to pull that
up from another Apple device where you're going to click Allow. But
what amazes me, frankly, is that there is a lawsuit going on right
now and some people are frustrated and upset about this if you can
believe it. So here are some claims in the lawsuit. Apple turned on
two-factor authentication without his approval. This guy's name is
Brodsky. Yeah. Well, he's trying to help you, you idiot. Two-factor
authentication takes too long to set up. No, it doesn't. It's
difficult to use. No, it's not. It can't be turned off. After using
it for 14 days what logging into a device can take up to five
minutes. Oh my gosh. So you might think that you shouldn't use it
or simply turn it off like this Brodsky guy that's brought this
lawsuit, and I'm sure it's just one of these deepest pockets
lawsuits, just like these lawsuits that we're hearing about all the
time. Oh, you offended me, you have to remove that because it
offends me. Really? One person, a dozen people out of how many
millions, we're not offended by that. Forget about it. Okay. But
you know, Brodsky is correct that you only have a 14 day trial
period. But that should be enough time to figure if you want to use
two-factor authentication. And after that's passed that 14 days,
you have to continue using it. So the bottom line to everybody out
there, use two-factor authentication. If you can, don't use your
cell phone for it.
Craig 10:35
Now, let me give you a little insider secret that I've never heard
anybody else talk about. But I think is really handy. You can get a
phone number from Google Voice. Have you seen this? Again, another
service that I used before Google bought it, Google Voice, they'll
give you a phone number, it's free. Now they're going to record
your phone calls and your voice messages. They take the voice
message, they turn it into text and they text it to you it comes up
in their app, it's really, really, really handy. Obviously, you
don't want anything too confidential on Google Voice. However,
here's the win, when it comes to a Google Voice phone number, or
within many cases with a VOIP provider Voice over IP provider, when
it comes to these numbers. They can't be stolen from you. Because
there's no Sim, there's no little chip, a little SIM card that you
put into the phone. That's how people get in around this. That's
how people are stealing phone numbers. So if you use your Google
Voice number for a website that does not support things, like Duo.
So it doesn't support full two-factor authentication, you're going
to be all set. It's going to be really nice. So little trick there,
right? It can't be stolen it not the normal way anyway, they can't
just do the cloning or duplication or try and get your sim move to
another phone because there was never a sim there in the first
place.
Craig 12:40
While we're on Google and before we get to our little warning here
about the insurance for cybersecurity and CIOs, I get another
Google thing. This is from the Associated Press and it was
published in Forbes magazine. This is a win I think for everybody.
But you have to know about it. In order to take advantage of this.
I'm glad they're doing this. Facebook here another story. They are
a government protected a monopoly. And they certainly are. I've had
problems with patent law for quite a while particularly
when it comes to software and processes. You know, way
back when there's a great story. It's up on my website, http://CraigPeterson.com. 1954,
you've heard this story, I'm sure if you've ever taken a business
class. Ray Kroc does that name ring a bell to you? Ray Kroc,
K-R-O-C. How about Illinois? How about just outside of Chicago?
Anyways, this guy Ray Kroc in 1954 visited a hamburger stand in
Southern California. And Ray was selling milkshake mixers and was
very interested in how these brothers Richard and Maurice, were
able to sell so many milkshakes, this small stand, and I think it
was they ordered a four milkshake mixer. So it did four milkshakes
at the same time. So he started to look into this about more, a
little bit more a little further. He was really impressed. freshly
cooked hamburgers delivered to the customers based on
an assembly line. Of course, we're talking about Richard
Maurice McDonald here in case you didn't know and Ray Kroc decided,
wait a minute now this looks absolutely amazing. It works, so well.
Ray Kroc stole the idea. You know, he tried to work out a licensing
deal and everything. We're not going to get into the whole story
here. But the success of McDonald's led to Burger King, Burger
Chef, Carl's Jr. Hardee's, Jack in the Box, that used to be one of
my favorites when I lived in California, and hundreds of other
small hamburger joints and of course, that led up to what we have
today with Quoba and other different types of fast food
restaurants. Well, the evolution of fast food in America would have
been completely different if the McDonald brothers could have
applied for a patent to claim exclusivity for the idea of using an
assembly line to make hamburgers.
Craig 14:44
Intellectual property, you know, look at article one section
eight of the Constitution. Congress was charged to promote the
progress of science and useful art by securing for limited times to
authors and inventors the exclusive right to their respective
writings and discoveries.
Craig 15:07
Well, the McDonalds brothers, McDonald brothers did not go for a
patent. They didn't apply for this federal protection for their
design because it was not a writing, or an invention. They just use
existing technology more reasonably and more efficiently than
others. And the way it's supposed to work in the patent office is
that if something is an obvious next step in the evolution of a
business evolution of a process, the evolution of a machine, it's
not patentable. However, because there are so many patents being
applied form because there's so much technology involved and so
much knowledge they need patents are being given willy nilly, it's
absolutely amazing. But the greater good was served by allowing
businesses to reverse engineer these clever ideas that they saw in
patents and spread it from sea to shining sea. Reverse engineer,
not just things in patents, because of course, you have a certain
amount of exclusivity. But people would take it, they look at the
patent, they would modify it enough so that they could start
producing something that wasn't covered by that patent. Well,
today, fast forward to Facebook and Google and other social media
platforms that are banning people for their political beliefs. And
in reality, in a healthy society, in a healthy economy where we
didn't have the type of crazy overextended patent laws that we have
here. Facebook would have been reverse engineered 20 times by now.
And people who were banned would have simply gone somewhere else.
Well, instead of that our government and the way these laws are set
up now is protecting Facebook and these other companies at the
point of a gun. Right? Because it breaks the law, see what
ultimately happens to those guys and gals that show up in your
door? Do they have a gun with them? Or don't they right? So
Facebook and other social media sites and other companies are
government protected monopolies. They've been able to convince the
patent office that their business and their business model is an
invention that should be protected by intellectual property laws.
Now we have the Department of Justice and the federal courts out
there acting as strong arms, strong men, making sure nobody
competes with them because they say, this is our business process.
We have our process patent on that.
Craig 17:41
And then, of course, they have enough lawyers to protect it.
Craig 17:44
You end up with people like Mark Zuckerberg, who has a crazy, crazy
wealth. But is he really helping to further even other
sites that are out there social media sites, of course not? He buys
them if they're doing fairly well. And he squeezes them, even when
he's buying them. So Zuckerberg didn't invent anything, he didn't
invent the computer, he didn't invent the microchip. All he did was
started messing around with Atari Basic programming when he was a
kid. to reward someone who's the first to use an invention to
arrive an inevitable function only crushes the competition. And
that's what we have today. So that's my word for today. Facebook is
a government protective monopoly. And we have to change our patent
laws. We've got to set it up so that these obvious inventions if
you will, just aren't covered by it anymore.
Craig 18:48
Okay, let's get into Google here, let's finished that one up. And
then we'll get into the insurance and our big warning to Chief
Information Officers and business owners. Google will now
automatically delete your data for you. This just came out about a
week or so ago. This was in front of the Google IO Developer
Festival. That was last week as well. But in their security blog,
the product managers for Google search and maps say that Google is
going to make managing your data privacy and security simpler. So
you can already go into your settings in your Google account, you
can get simple on-off controls for location history, web and app
activity, which I do I have that turned off. And you can choose to
delete all or part of that data manually, which I've also done.
First, I downloaded it because I wanted to see what Google had
about me, right. And what's going to be rolled out now is what's
called auto delete controls. So you can set time limits on how long
Google can save your data, that going to be huge. They're saying
that this is going to arrive within weeks and new controls are
going to apply to location history, web browsing, Google searches,
app activity data to start with, you're going to be able to choose
a time limit of between 3 and 18 months afterward, the data will be
automatically deleted on a rolling basis. So thank goodness. But
remember, you can already manually delete it if you want. But the
ability to delete automatically is long overdue, and I think it's
going to help us right. I don't mind them tracking my searches and
saying well Craig is looking for a new car, so I'm going to show
him this ad because this new car is going to fit. But I don't want
that following me for the rest of my life. I don't want to see the
car ads after I bought a new car right? So being able to have that
automatically purged I think is going to be absolutely
phenomenal.
Craig 20:53
You got to see this video. This I found this on Digg and I put it
up on my website http://CraigPeterson.com. Wow, this is a video
that was taken by a guy working inside a scam call center over in
India. This is a webcam view that he shows the software they're
using. You can listen in on some of the conversations. And this is
in a city called Kolkata. I guess. K-O-L-K-A-T-A.
Craig 21:21
I don't think that's Calcutta, Kolkata.
Craig 21:25
And there's a group of scammers hunting for victims to swindle and
what they do and how they do it. And you know what? You got to
watch this again http://CraigPeterson.com, it was a bit of a
shocker to me. But these guys think that that they have just as
much right to your money to your house to your belongings as you
do. And they do everything they can to steal it from you. And why
not? You're just a rich American. What do they care? Right?
Craig 21:50
Okay, on to this. This is from Forbes magazine. Again, up on
http://CraigPeterson.com. A new cybersecurity report is out there
warning CIOs if you're breached or hacked, it's your own fault. Now
think of that when it comes to cybersecurity insurance so many
businesses have been purchasing. In fact, this is one of
the topics I'm covering. UNH extension here to mastermind is the
insurance side of cybersecurity. And what does it mean to you? What
does it mean to me? The majority of businesses in the US and UK are
still leaving their doors wide open to attacks. I'm going to be
doing some training coming up here before summer. So keep an eye
out for that on what to do how to lock up your business before
summer comes okay.
Craig 22:41
But for all of this focus, we've had on cybersecurity, all of
this money that's getting invested. Most of us are still
incredibly overexposed. It's just crazy. These
attacks can wipe out your business entirely can stop it for maybe a
few hours or, or something somewhere in between. But there was this
new cybersecurity survey that was conducted by endpoint management
specialists. And also some market researchers Van Bourne, Vanson
Bourne. They questioned 690 operations and IT security
decision-makers across the US and UK found that 60% of the
organizations had been breached in the last two years. And 31% said
they'd been breached more than once. What's going on
people? Are you just confused?
Craig 23:36
Make sure you sign up, http://CraigPeterson.com/subscribe.
You can get my free training and I have completely free training,
not upselling. Okay, I have my paid courses as well. But I'm trying
to get the word out. Okay. The vast majority of the successful
attacks are using known vulnerabilities in well-known software that
has already had patches available by software vendors. The next one
down is people falling for email attacks, which can also be
prevented. No, they can't be prevented by going out and buying
Barracuda spam firewalls. And no, okay, you got to do this right.
But my goodness, my goodness, the CIO's team doesn't actually even
know in most of these cases here, what the hardware is, it's out
there, what software it's running on how they're going to patch it.
They don't even know the machines exist. And we see that even in
small businesses, you walk in how many computers you have, well, we
just have three. And then you start poking around, you find out Oh,
wow, they've got this Android tablet, an Android phone is
connecting to the business WiFi. And therefore now the business
computers are completely exposed. Plus people are working from
home, they're using their laptops, using computers right from home.
So now that whole network is exposing, that computers now exposed
to the home network to the business network, because they're
not using the VPN the way supposed to VPN is supposed to be
used because they're using the wrong software. Again, and
again and again and again. And again. You know, even the IT people,
you know, we run into brake fixed shops all the time and the
so-called managed services vendors that just have no idea what
they're doing. None. Because all they have to do is no more than
you know, listen, everybody, it's your responsibility to make sure
your business is safe and you cannot pass it off. Okay, here's a
quote again. This is from Samir, in the article you see up on my
website about CIOs, it's your responsibility. A Forrester industry
analyst who's tracking 150 or so security companies said that he's
hearing about 5 or 10 new ones almost every weekend security space.
And each one is talking of bigger and worse threats and the
rest.
Craig 26:09
It's just absolutely amazing. It's I see it again. And again.
People go when they take a course. they've got their course on
security. And now they think that they're an expert, right? No, a
two-week course, a six-month course does not make you an expert.
And I know there are a few of you guys because you've reached out
to me who listened to this on the radio or on iTunes or on YouTube,
who have signed up for cybersecurity classes. I think that's a
great thing. But also those people aren't thinking that, well, I've
got my shingle I'm now an expert right? No. Six months in an
intensive cybersecurity course is going to get your career
launched. And God bless you. You're in a great community. Great
career ahead of you. Okay, where there's going to be a five-year
career or lifetime career. But those people cannot be the people
who are running the cybersecurity for your business. You're the one
that has to take it. Take that bull by the horns. If you are one of
those people, reach out to me, me@CraigPeterson.com. I am more than
glad to share resources with you. Absolutely free ok.
Me@CraigPeterson.com. I can help you out. So frustrating because
remember, this happened to me 25 years ago, and I got it taken care
of back then. And so I understand where you're at, I was there. I
almost lost my business because of a hack. And I don't want you to
lose yours. Okay, or your job or your career. Anyhow, me@CraigPeterson.com. Make sure
you subscribe to my weekly newsletter. You'll get security updates
what's happening out there http://CraigPeterson.com/subscribe. Have
a great week everybody. We'll be back on Monday. Be back with Jack
Heath on Monday during drive time and the Jim Polito drink drive
time. Ken and Matt and much more. So keep an ear out. Or look me
up, http://CraigPeterson.com. Take care. Bye-bye.
---
Related articles:
Brain Scans Reveal A ‘Pokémon Region’ In Adults Who Played As Kids
Facebook Is A Government-Protected Monopoly
Google Confirms It Will Automatically Delete Your Data — What You Need To Know
Apple’s 2FA Might Be A Nuisance (But You Need To Turn It On Anyway)
New Cybersecurity Report Warns CIOs — ‘If You’re Breached Or Hacked, It’s Your Own Fault’
‘Too much funding going into cybersecurity today’: hacker turned CEO
What It’s Like In A Scam Call Center
Baltimore City Hall Computer Network Infected With Ransomware Virus, Officials Say
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553