Oct 17, 2018
The holidays are fast approaching, should you give android or Apple products for gifts?
Craig is on with Ken and Matt on WGAN discussing how should the government be coming down on things like data loss versus vulnerabilities if you have software that could be breached.
These and more tech tips, news, and updates visit - CraigPeterson.com
---
Related Articles:
Breach, Bug, Hack.
When Does A Business Have A Responsibility To Inform Its
Customers?
---
Transcript:
Below is a rush transcript of this segment, it might contain errors.
Airing date: 10/17/2018
Android vs iPhone For Gifts - How Much Security Do You Need - Breach vs Theft - Who Has Liability
Craig Peterson: 0:00 Good morning Craig Peterson here this morning with Ken and Matt we talked about well two different things first of all and these are different things too because you know oftentimes between all of those radio shows online there's some overlap but no overlap this morning so with Ken and Matt I got into some of the security stuff that we should be concerned about. Ken's gonna be getting a new Apple Watch for Christmas, he said a little earlier on his show. So if you're giving a gift this year, should you be giving Apple Android what's out there? What are the considerations? And then from a legal perspective, this is a different topic, but how should the government be coming down on things like data loss versus vulnerabilities if you have software that could be breached?
Unknown 1:00
Do you have an obligation to tell people that their data might have
been breached? Even though there's no evidence that data was
actually stolen? It's an interesting question. And it's a kind of a
question for the ages. So we get into that as well. This morning.
Matt brought that up. So here we go. We Craig Peterson on with Ken
and Matt 738 is the time and man is Craig Peterson. He's our tech
guru. He joins us every Wednesday at this time to tell us about
what is going on in the world of technology around the world. Greg,
How are you this morning?
Unknown 1:34
I am doing well. Yeah, what is going on crazy, crazy, crazy
Unknown 1:43
horse faces out there. Just saying.
Unknown 1:46
So I'm
Unknown 1:49
Mr. Peterson. Is it equitable that we can be is everybody going to
eventually someday be at no matter what we do? Well, I I kind of
say.
Unknown 2:00
So and it's interesting know you're talking about getting the new
Apple Watch for for Christmas and and a lot of people of course
over the holidays for various celebrations are going to be getting
all kinds of new gizmos and gadgets and I cannot emphasize enough
and I know Matt you're going to disagree with me on hits at least
to some degree but I cannot emphasize enough the importance of
trying to keep your information secure all of the data secure and
when it comes to devices and security there is no question Apple is
it it's where it's at and Google Android it's all well and good but
it is not secure not anywhere near as close to Apple's iOS
well if that's the case should not beating myself a blackberry I
mean
Unknown 2:56
you could go to a feature phone they I think they help
Unknown 3:00
Right. If you really want security, you don't put your data
anywhere, right. But you don't put your cursor and it'll, it'll be
secure and become the unabomber in the woods somewhere. Just kind
of unplug from society. That's my that's my option. That's your
Unknown 3:18
way. Yeah, that's what he did. It was.
Unknown 3:23
It was. Yeah, I was. I was somewhere. Yeah, it was a shack in the
woods,
Unknown 3:28
wind and rain. And but that's no way to live. Is it right? It's
just, you know, you can't survive today without technology. Which
leads us to what Ken was just kind of inferring here, which is that
you have to set up everything all of your financial accounts, all
of your equipment as though you're going to be hacked because you
may have already had your information stolen and then taking a look
at what happened here with the experience that was
Unknown 4:00
Very long ago, Facebook, hundreds of thousands of people apparently
lost all of their personal information from this Facebook breach
from what we're learning here just this week. So it's really good
practice, especially if you're a small business person. But you
know, heck, if you're a retiree, you've got money and accounts,
you've got money, hopefully, and investment accounts of 401k or
savings account. So types of accounts, that information is being
stolen all the time. We went into a restaurant chain just last
week, they asked us to come in and have a look. And they're using
Android tablets for all of their orders, right, and to process
credit cards, and they've got a whole system set up and it's quote,
cloud-based, unquote, point of sale system for restaurants. And so
we go in we have a quick look at it. The Android tablets are
Unknown 5:00
are completely wide open. They're in developer mode. They, they
have all kinds of different software on there, including the
ability to go out on the internet and visit the Facebook page,
which apparently when we did a little investigation, some of the
servers and even some of the management we're killing and there are
cases, known cases by the hundreds or someone who is malicious,
puts a little scraper on that machine. And now every credit card
fits one. Yeah, it's going up to the cloud. Yeah, it's being
processed. Yeah, it's it's secure when it gets to the cloud. But
every credit card swipe done, that Android point of sale system was
being captured by a little app that was installed on an Android
device and all that interaction was stolen. We had locally here
where I live in my town a restaurant that was shut down because the
police
Unknown 6:00
arrested the manager that a small restaurant right here my
hometown, the rest of the manager because that's exactly what they
were doing. They were grabbing all of the credit cards they were
reusing them, people were seeing charges and to wanna and other
places. So we've, we've got to consider that we are under attack.
The FBI just last week came up or two weeks ago, I think it was
come out with a new announcement saying managed services providers
are now becoming the number one target for thieves. So your IT
company is the target are they secure this this whole thing, just
some simple common sense stuff is going to save you a lot of time.
Never ever use Android. Don't use Windows if you can avoid it,
which means unfortunately, use Apple I don't own any apples to help
Okay, I was on animals born
Unknown 7:00
For three years on their advisory board for three years, maximum
term, okay, I'll tell you that but I did it because I wanted to
help them improve their products, but
Unknown 7:11
consider that as a business person as a retiree as just a regular
homebody. You've got to look at everything from a security
standpoint. Because even though Experian can survive a hack, 60% of
businesses are going to go out of business. If they're hacked, and
you and I have that money stolen, the odds are will never ever get
it back. So obviously, I've got my soapbox under me, or is it a
stump today, but this is a huge deal. I can I see it all the time,
people's lives destroyed.
Unknown 7:47
Speaking of hacks, of course, we're talking to Craig Peterson, our
tech guru Craig when something happens in a company which is what
we've seen happen over and over again, whether it's like you know,
one of the credit agencies being hacked or you see the day
Unknown 8:00
app get hacked or somebody has a bug somewhere or something happens
with a company or tech organization of some kind. What exactly are
the rules for telling people about that? I mean, can can
realistically, you know, if Facebook got hacked, like it just did,
and like if 50 million users had their their, their accounts
compromised in some fashion can ever keep that under wraps. Should
they ever keep it under wraps? Or what duty do they have to tell us
about this kind of thing? Yeah, that's a really good question.
Because it's, it's our information, right? It's our lives and you
know, what, what do they happen tell us when do they have to tell
it to us is really kind of the question and it varies from state to
state. And there are some federal laws about it, but there is a big
difference between having for instance of vulnerability in your
software and having had your systems breached right, so you
Unknown 9:00
Usually the line is, hey, if you know you were breached, you have a
duty to report it. And in some cases, you have to report it within
72 hours. Well, Matt, how many businesses know they've been
breached? The average time to figure out you've been breached to
six months right now. Okay. It's absolutely huge, huge, huge. We
had Google Plus Google. Just shut down. Google Plus, you guys. Did
either of you ever use Google? I was actually an early adopter
plus. No idea what it didn't believe it or not. Yeah, yeah. Well,
the thinking back then was, hey, listen, Google's going to do
social network it's going to be fake, fake. Fake. Right? And so you
tried to do it yeah, I gotta do it. But I started using it early
and then I you know, as as the participation in it kind of
declines, so did mine But yeah, it's still existed for years
afterwards, even though nobody used it. Yeah, it did it and I also
was one of the earlier chapters I thought while but just
Unknown 10:00
going to take off is just because it was Google, right? And there
was no real engagement there. And my friends weren't really there.
So I kind of dropped it. But to your point, man, Google Plus is now
get shut down. Because they had a problem with what's called an
API, which is what programmers use. This is an application program
interface to time to Google Plus. So you could use a developer to
develop some software for your Android phone, and you go into that
app on your phone, Mac, and you, you now are posting stuff into
Google Plus account. Well, that was found out that API was found
out to be extremely vulnerable. Now, there were only about 400
people who actually taught a license from Google and might have
used the API very few people actually used it. So in that case,
we're talking about a half a million users
Unknown 11:00
By the way, Matt back how many people have registered apparently
with Google Plus 500,000 people? So you're right. There was like,
no engagement, but 500,000 people's data that could have been
compromised because of that API. But should that be reported?
Should you be told, hey, listen, your data might have been stolen
by someone. But we're not sure. So fence the line. That's that's
the difficult part. But with technology, the law the rules or
regulations always like behind technology and where it's at, and
we've got to decide when this is a really big question. When should
businesses be reporting Do you report a vulnerability you report an
an absolute breach? Do you have a responsibility to be able to tell
which consumers what data was stolen? It's it's going to be well
before we figure this all out.
Unknown 12:00
Google's case they didn't bother to tell a soul. It was about six
months ago when they figured this out. And they, you know, they
closed up the whole of six months ago. And now they're shutting the
whole thing down. Should they have told us should they have told
regulators and Google's attorneys are saying, No, no, no, we didn't
need to tell anyone, because we're not certain that there was a
breach. We don't know that someone use this extremely vulnerable
API to still everybody's information. I don't know, right. I really
don't know if the laws that wrap around unauthorized access to user
information to personally identifiable information access versus
they've actually got it some of them are unclear and the lawyers
are certainly coming down on the side of Hey, we don't have to tell
nobody unless we know personal data was actually lost.
Unknown 12:56
Our tech guru Craig Peterson joins us every week on Wednesday at
730 and you can go to his website but peterson.com get all the
information you don't have to wait till Wednesday just go anytime
you want thanks for joining us Craig will talk to you next week
Unknown 13:11
all right Take care guys next
Unknown 13:15
we
Unknown 13:23
I wish I had noticed can make in that squeak sound I would have
made a little bit of fun at him and he now take care we'll be back
this weekend with my normal radio show as heard on the air am and
FM stations carried by I heart Take care. Bye bye.
---
Don't miss any episode from Craig. Visit http://CraigPeterson.com/itunes. Subscribe and give us a rating!
Thanks, everyone, for listening and sharing our podcasts. We're really hitting it out of the park. This will be a great year!
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553