Dec 7, 2019
Welcome!
Today there is a ton of stuff going on in the world of Technology and we are going to hit a number of topics from Facial Recognition, Hacks, Cyber Insurance, Privacy, and CyberSecurity Legislation, Incident Response, Warnings about Smart TV's and monitoring your pets. It is a busy show -- so stay tuned.
For more tech tips, news, and updates visit - CraigPeterson.com
---
Related Articles:
The Convenience of Facial Recognition is not All Its Cracked up to be
Call 611 Now -- Hackers Breach 1M Cellular Customers
Januaryโs Coming - Do You Have An Incident Response Plan?
Protecting Company Assets and Cybersecurity Insurance
Last Generation Legislators Trying to Solve Next-Generation Security Issues
Block 90 percent of Malware with this
Smart TVs, Security, and the FBI
---
Automated Machine-Generated Transcript:
Craig Peterson 0:05
Hello everybody, Craig Peterson here on WGIR and WGAN and other
stations. I am and FM still shout-out to everybody. Thanks for
joining me today and deciding to spend a little bit of your
Saturday with me. Hey, if you are new to the show a real quick
introduction I've been in the technology field for many decades. I
have been doing internet work in fact, since the early 80s helped
to develop a lot of the systems some of which are still in use
today. And I have been a victim of security problems with my
business. I built a big business it was doing pretty well
technically a small business, but it was doing pretty well had 50
employees and then we got nail now this was way back in the 90s.
But when we got into Nailed, I had quite the wake-up call about
what I really should be doing. And, and, man, it was scary. It was
really, really scary at the time I owned our own building, we had
our own data center. We were building some of the biggest
commercial properties on a line on the Internet at the time. And it
was a really scary thing.
Craig Peterson 1:26
It was like, you know, the bully in the yard right at school, and
they would suck you right in the solar plexus right in the gut,
right. And that feeling that you had you just you couldn't breathe,
the not really pain, but it was just shocking. And that's how I
felt. I didn't know what to do. I didn't know how to do it. We had
anti-virus software. Why didn't it protect us and it really
bothered me and took a couple of days now. I was very, very
technical. Well, of course, I still tend to be if I have a real
failure it is that it's kind of hard to remember what it was like
not to know any of this stuff. So you know, bear with me asking me
questions. Okay, I get it right. I can be very confusing sometimes.
But I was very technical. And it took about two days for me now
this is back of course before Google or AltaVista, or any of these
really great search engines. So I was using the stuff at the time,
like our chain Veronica gopher stuff, and trying to find out what
was going on. It was actually digging into the machine itself, that
revealed what the problem was, and I'd become a victim of what's
known as the Morris worm, crawling through my machines and some
other machines on the internet. It was a really scary time, and I
decided right then and there that I had to make cybersecurity
priority, and I had to be able to help people with their
cybersecurity and businesses as well. Now businesses you hope can
afford to pay and keep my lights on, right. And they've been very
good to me my clients over the years, you know, I've had some great
clients. And I've decided at this point in my life that I only want
to work with great clients only clients that really, really want to
work with me. But the same can't be said for consumers because you
retirees and other people just don't have the money to pay what it
costs to secure a business. You know, it kind of at a minimum,
you're talking about $50,000 investment, plus monthly and 2500
bucks a month is pretty standard. And you could certainly go out
and hire somebody to have somebody who's a quote it person unquote,
but they are not really going to be able to help you out very much
and they not going to keep up with it. And that's the biggest
problem we have right now. My people who are involved in this every
day, spend about a third of their time in classes. And in coaching
and conferences trying to keep up with what are the attacks? What
is the best software out there, what you're doing, you're using,
what are the techniques that we need to use nowadays. And so you as
a home user, there's no way you can afford it. And as a business
user, if you're running a Soho like a small office, Home Office,
you cannot afford to do all of the right things. And that's what
I'm trying to help out with. And that's why we talk a lot about
security here on the show, and that's why I do pop up training and
Facebook Lives where we kind of delve into one aspect or more. And
then I have paid courses as well, that tells you what the tools
are, how to use the tools where you can get the tools what are the
best ones my newsletter we talked about that a bit.
Craig Peterson 5:02
In fact, if you got this money as a newsletter, we add a new
section. And actually we have a new section that we're probably
going to do this monthly, but it is the number one through five
things patches you need to apply. Here are the five things you
absolutely have to take care of when it comes to patching this
month because there are extreme vulnerabilities and they are being
used by the bad guys right now. I can't think of anything more
valuable if you guys can let me know. For everybody, whether you
are big business, a small business, a home user, right it, make
sure these have been applied or you could be in a whole lot of
trouble. And now we're looking at the costs of recovering from one
of these breaches and a very large percentage of businesses today.
They're breached, they file bankruptcy the next day. Because that's
how bad it's gotten and ransomware attacks are up, and they're up
across the board no longer they necessarily aiming primarily at
these real big companies because they realize the smaller guys are
the ones that are going to be easier to compromise. And then when
you add into that equation, the fact that it takes about eight
months for a company to notice that it has been hacked. Wow, think
of the damage one of these guys could do. And it's everything from
stealing the intellectual property that you've developed and
designed. We have another client that we picked up, and she has a
business that was a cutthroat. I had no idea how crazy cutthroat it
is. She's in the design business for clothing. And purses, women's
wear shoes, various other things. And in this whole design thing
that she's doing, there is quite a bit of money and she had been
selling into these huge retailers and things are going really well.
And, you know, maybe one of these days we'll get deeper into that
story. But this is just a couple of weeks ago, I met with her and
she lost everything. And now at what, how old is she now? 55 I
think, or 50. She's starting over again, from scratch and I don't
want that to happen.
Craig Peterson 7:40
So the easiest, simplest, most straightforward and free thing you
can do, frankly, is to subscribe to my newsletter. Now you're going
to go to Craig Peterson comm slash subscribe, and I'm asking for
your name and your email. That's all I'm asking, for now. I don't
hound you, I'm not like one of these internet marketers that
sending you emails every day multiple sometimes, unless I've got
something that's big going on, like there's a training or
something, I might send you emails during the week. reminders, hey,
I'm starting this afternoon or whatever, right? That's the only
time you're going to get a bunch of emails from me. And that's for
the free training as well as some of the paid ones. But I am I
don't sell your name. I am not trying to target you or anything
else, right. So if you subscribe, you will get my weekly
newsletter. And in that newsletter, I have usually between eight
and 10 articles, we tend to write a short article that few
paragraphs long kind of describing what the problem is, what you
need to do give you some tips on what to do about it. And then we
will link also to a third-party article, you know, unlike Forbes
magazine, or so Newspaper out there, etc. Dark Reading is another
one that we get, we linked to quite a bit. But you get all of that
there is no charge for any of this. I don't want you to feel like I
did. And I got hit once that first time and I got hit once again a
few years later completely different way. And that's when I
decided, hey, listen to this, this low-end antivirus firewall thing
that you buy at Staples or from one of these brake fix shops, it
doesn't really know much about it. It just isn't going to cut it so
I upped my game after that. But you are going to understand what
you should do how you should do it. My recommendations I throw
those in there once in a while if somebody comes out with a new
product, as we did with Wi-Fi here recently, and with some of the
new Wi-Fi technology, what you should be looking for there and
segmenting Your network at your home or your small business, so
that your kids playing games who might be hacked, are not going to
affect your main network, they're not gonna be able to get onto
your computer, they're not gonna be able to get on your business
computer, none of that stuff. But the only way you're going to find
out about this is if you subscribe. Now, I have hundreds and
hundreds, probably 1000 recommendations from people who just really
appreciate all of this stuff that I'm doing. And, you know, there's
free stuff, hey, if you can afford it, I'd appreciate it if you get
the paid stuff because, you know, there's more, it's better because
you can afford to pay for it right? But I really don't hold
anything back. Right? I'm not trying to play secrets. It's the type
of software you use as a business. That for instance has some sort
of a military subcontract, you have defiers ITR regulations or a
doctor's office where you got HIPAA regulations. Or a business that
has to deal with FINRA or PCI regulations, financial transactions
and companies. Those guys hopefully have enough money to do it
mostly right. And as I said it, it gets expensive. We were just in
a company we did a proposal, just a What about a month ago, I guess
now, and to secure her stuff properly, would cost her about 80,000
a year. Now she had a number of employees but she decided she
wouldn't, didn't want to pay it wouldn't couldn't whatever. And you
know, I understand that too. But your best free advice you're going
to get by going to Craig peterson.com slash subscribe, and I will
be sending you my newsletter and I have three special things that
you're going to get as well. That will come in the email after you
confirm your subscription So you subscribe, look for my email,
click the link, and you're all set. So I want to talk right now
about what to do after the fact. If you've been hacked, what are
the right things to do?
Craig Peterson 12:17
Well, there are some things that you can do right away. I remember
back in the day if you noticed that your machine and this is true
today, it has run somewhere and is doing something odd, the best
thing to do is shut it off. And then have somebody take that disk
and put it on another machine that can analyze it, not just a
regular machine. You don't want to spread that ransomware but an
analysis machine uses Knoppix or one of these other tools in order
to have a look at it. But if you're a company, what do you do if
you're an individual, what do you do? A lot of people turn to
insurance in order to cover it. You may not be aware of it, but
your homeowners and Sharon's may have a writer that covers cyber
intrusions, on your computers. And if you're a business person, you
probably have already purchased some sort of a cyber insurance
policy. That makes a whole lot of sense, frankly. But it can be a
requirement for your company as well to have cyber insurance. So
I've got five things to know right now, about cyber insurance
because the attacks are increasing. It's becoming more and more
important for companies to protect themselves. And cyber insurance
may not cover you. And I have seen quite a number of times where
companies This is in the news, I think, goodness, I don't have
personal experience with this. But in the news, I've read articles
where companies filed for their cyber against their cyber insurance
policy and the policy didn't payout. Right now in the news, there's
a big story about a large company that going to sue their insurance
company because they wouldn't pay out all of the money that the
company thought should be paid out. Now, in this case, we're
talking about cyber insurance. That said, Hey, you have to take
reasonable steps. Now with the cyber insurance that we have. So for
instance, depending on the level of service you have from us, we
have a policy underwritten by Lloyds of London, whereby if you are
compromised, well, we're taking care of your systems. There is I
think it's a million dollars worth of insurance, so it'll cover the
smaller businesses typically. And then hopefully you have your own
cyber insurance, right? That's how this whole thing works. And
then, of course, our company we have our general insurance is our
liability and All of this stuff you would expect to have the right
key man type stuff, etc. But since the cyber attacks are now a top
business concern, we're seeing numbers from Microsoft that found
that cyber attacks beat out economic uncertainty, brand damage and
government regulation as the top concerns for business owners and C
level executives. So if you're sitting on the board of a company or
you're sitting on the board of a nonprofit that you're trying to
help out with, this is something that should be big on your mind. I
did a presentation for university, about insurance, cyber
insurance, how it all works, what the problems are, today, and let
me tell you, they were very, very interesting. I think that's good
47% of the organizations that were surveyed said they have cyber
insurance now. So that's good. That's pretty much half of all
organizations say that they have it, which is up a lot. It's up 15%
in the last couple of years. They're figuring that by next year,
the gross written premiums for cyber insurance is expected to be
around $8 billion. So a lot of companies signing up for it. 57% of
companies with revenues of more than $1 billion had a cyber
insurance policy. Now compare that to 36% of companies with
revenues less than 100 million. And if you get down to the small
guys, less than a million dollars in revenue, we're talking a
number in the teens, percentage-wise of businesses that have cyber
insurance. So if you don't have cyber insurance, you're not alone.
Hey, that's for certain. But the big problem I think you're going
to face is, if you do get hacked, how are you going to survive? I
mentioned earlier that it's about I think this just takes about
20%. It's a pretty large number of businesses that get hacked,
filed for bankruptcy the next day. But the majority of businesses
that get hacked, are bankrupt within six months. So keep that in
mind. Can you afford to lose the business? Is your business your
retirement? Do you hope to sell it or maybe milk it is a cash cow
for years to come? Big Questions, good questions. And if you do
what's going to happen if you lose that income, because the
business has gone under because you lost your client lists your
production schedule, your bank account information, your
intellectual property, very, very big deal and it's a very, very
special Everything to okay. The top risk covered by cyber insurance
seems to be a business email compromises. And that's actually kind
of a good thing. Because according to the FBI, we're talking over
$20 billion. And I've seen numbers, as high as $30 billion has been
lost to these email scams. So business email compromise is where
the fraudsters and maybe we can go into this in more detail some
time, but it's where the fraudsters get involved and a trick you or
somebody in your organization to sending the money. And you might
say, Oh, it's not gonna happen to me. It'll ever happen to me.
We're not that stupid when people pay attention to the email. No,
it happens because the fraudsters aren't just sending out an email
saying I'm a Nigerian prince. I need to use a bank account. They
have done some research on you. They've done some research on your
business. They know enough to be able to fool your financial people
into sending money. And one of the stories I tell pretty frequently
when I am last few months here while I'm doing presentations for
businesses and other organizations have to do with that exactly. It
has to do with the $45 million that was stolen out of an operating
account. I have another one that's a much smaller business that
came to us and we're securing them right now. And they lost $80,000
out of their operating account and to them. That's a lot of money.
How are you going to meet payroll if you don't have that money
sitting there? so busy mail compromise, good insurance to have. But
here's a big concern. We have two big companies out there we've got
drugmaker, Merck, you probably know about those guys. And a food
giant called Mandela's They're both suing their insurance providers
over non-payment for damages from not pet shop back in 2017.
Craig Peterson 20:12
So think about that, Not Peyya was considered by many insurance
companies as an act of war. And we think better, we're able to
protect all of our customers from that. But these big companies
weren't protected. I think they've retired us they would have been
but you know, they know better, right? But think of you as a small
business, or as a just a homeowner, how are you going to be able to
fight these big insurance companies? Merck and Mondelez are both
suing their insurance companies because the policies weren't paid.
So keep an eye on that one as well. Hey, one of the things I had
planned on doing and I may still do is Little free of pop up
training on DNS filtering now you know, what is that? What's that
all about? Basically, this is how you can defeat the bad guy's use
of a key and critical internet resource. Now they're using DNS in
order to mess with us. They use DNS when they have ransomware. The
wants to call home. They use DNS when they have a botnet that needs
to call home. So your computer might be unbeknownst to you may be
used by nation-states like our friends in Russia, or China or Iran
or North Korea. It may be used unbeknownst to you your computer to
attack the Kremlin or the White House or the Department of Defense
can be used to attack businesses, other innocent people in their
homes. And the only way it can really do this is with a lot of
coordination. And that's what a button that is all about. That's
what the coordination is all about. And if you have ransomware, and
if they want to make any money at all, they need to be able to tell
you how to decrypt your files that were taken ransom. Now the
ransomware guys don't always give you a good key. In fact, FBI
numbers show that even if you pay the ransom, there's only a 50%
chance that you'll get all of your files back. which is you know,
it's too bad. Too bad. So sad. But that is the way it is. Because
they are calling home they may not have called home properly. They
might not have the right keys. You can contact the tech support
people actually the ransomware guys, their tech support departments
to tend to be better than many of the tech support departments that
we have here when you call first software you bought right? But
anyhow be that is it may I put together a special on how you can
for free and basically in less than 90 seconds, how you can improve
your security on your computer. Whether you are a small business or
a home user, how you can secure your computer improve your security
by 90% that is a very, very big number and I know you know Craig
God really 90% Yes, really 90% because this technique, although it
only takes you 90 seconds is probably gonna take you 10 minutes to
sort of put together but this technique now allows you to basically
stop ransomware in its tracks and stop some of the busiest
compromised stuff in its tracks, which is huge right now,
especially if you're a business and also stops your computer from
being used as part of a botnet. It's huge, right? We're talking
about some very big stuff here. And you can do it for free. Now we
have software that we sell, a monthly basis per-seat basis.
Actually, it's a per user basis. You know, it varies but
gives-or-take 20 bucks a month that does basically the same thing.
It has more features, it gets updated more often there are a number
of different differences for it, but you can get it for free. And
so I go into some depth on and it's, it's about a 10-minute episode
that you'll find up on my website at Craig peterson.com. If you
have a hard time finding it, you can always email me just me at
Craig Peterson calm and I Walk through the whole thing with you.
Okay, we obviously don't have time today. I have three minutes left
today.
Craig Peterson 25:06
So we're not going to get into that. But it's really a very big
deal. You'll also find if you go to my website, I've got some
additional podcasts here. Congress is finally tackling privacy next
week, the Senate's going to take it up. And so I talked a little
bit about that, how it's gonna affect your cybersecurity, a very
cool little robot. You know, I'm always dripping on robots, but a
cool little robot for your cat. If you're a business person, this
is critical, but I also talked about it from a homeowner
standpoint, what do you need to do when it comes to cybersecurity
insurance and I go through some scenarios of what has actually been
happening out there in the world today, how to protect yourself
after t mobile's big data breach that nailed me as well. I go into
some detail about why I opt-out of facial recognition. And I think
that you should too, it's becoming more common and it does make
some things a little easier. And there are times when using facial
recognition is actually a plus. And so I discuss those as well.
Craig Peterson 26:18
And Samsung, man,
Craig Peterson 26:20
I'm, I'm sorry, but I really ripped on Samsung. And Android,
frankly, went into a lot of the reasons why I say you should never
ever, ever use Android. And there are some excellent reasons not
the least of which is Apple releases a security update and it
releases a security update for iPhones within usually a week or two
of the security problem being found. And then it's available for
everyone who owns an iPhone, the very next day. That's how fast it
is. Samsung, not so much you can take the better part of a year to
get the security updates for your Samsung android phone and can
take even longer. If you don't have a Samsung, you have another
manufacturer. Now some manufacturers are better Samsung's actually
one of the worst when it comes to security updates. But right now,
Android devices, if you bought a brand new one, and you updated it,
there are over 100 pre-installed security risks right there in
Android. So I go into a lot of detail on this. It's the holiday
shopping season. I go into how to buy or how to even get an iPhone
for free, and how to buy them inexpensively and which models you
should look at which is another big deal because Apple fully
supports these phones for at least five years. Samsung, who's the
biggest Android manufacturer only supports it for two. Yeah.
Anyways, all of that and more. Make sure you visit me online Craig
Peterson dot com slash subscribe, and you'll get all of this for
free. Take care, everyone.
Craig Peterson 0:03
Hey, welcome back. Craig Peterson here, WGAN, Hey, I'm already
getting, getting some feedback here about my last statement. So
let's straighten this out. I understand why a lot of people do buy
Samsung, you know, I get it, right. It's something that I've
thought about over the years I've had issues with over the years as
well in it, it kind of goes back to what to buy when it comes to
technology period, right. And I have always been the type that
says, get the best that you can afford to buy. Don't cheap out
because you will save a lot of money in the long run. If you can
afford that. You know that purchase price. You're going to save
money because the equipment can last longer. So for instance, just
this week, we have a client that decided that they were going to go
and because they had had a problem with a Dell computer that they
had purchased at just retail, regular old consumer Dell. So they
had had a problem with that they didn't want to buy anymore now
they're going to go by HP, but they went ahead and bought another
HP consumer-grade computer. Now that according to the statistics
that are out there, the average consumer-grade laptop and that's
what they bought last about seven months. So you pay 700 bucks for
a no half-decent, pretty crappy consumer-grade laptop. Versus let's
say that they got what re recommended which was a commercial DELL
LAPTOP or maybe even an HP, HP enterprise laptop and you may not be
aware of it. But Hewlett Packard split into and they have the
consumer division that just costs reduces things. You know, they'll
save a half a cent on a component by putting in something that's
cheaper and crappier. Right, they don't care. And then they have
their HP enterprise, which makes equipment for businesses
completely different companies now, okay, they were split off,
because there's no money to be made in that consumer space because
it frankly, it's a race for the bottom. So they decided, hey,
listen, we don't like Dell because the low-end Dell that we bought
broke, well, yeah, on average, not just Dell, but across the
industry. 7% they won't last seven months, okay, seven months is
average. And it was I think $100 more for the computer that we
recommended. That came with a three-year warranty that had better
components in it and everything else right, that a hundred bucks,
really makes a huge difference. But they decided they wanted to
quote save money and quote right and What does it cost? So for
instance, we, we ended up lending them a DELL LAPTOP. And that DELL
LAPTOP that we lent them was at least five years old, maybe six
years old. And it's still working. Because it's a commercial-grade
laptop, it's not a consumer. It's not what you buy at Walmart. It's
not what you can buy at Best Buy or staples. It is a
commercial-grade laptop. And as a general rule, if you're a really
small business and you want a commercial-grade, you'd either have
to go to a company like us, or you could buy Apple if Apple's gonna
work for you. So let's look at the apple stuff. So the apple laptop
might cost you two or $3,000. You can get them for now right now
about $800 for a little air, which is about the same price as you'd
pay for one of these consumer-grade Dells or HP's. But you go ahead
and you buy one of those apples. I have Apple computers that are 10
years old. We're still using. Okay, laptops included. So let's add
up the numbers here. Let's say they only last five years for that
Apple Computer. When is the breakeven point? Well, at about 18
months, and then for the next three and a half years, you have a
free computer. That also works really well because Apple is not
making major cuts in the quality of the components that you have.
So, where I come in to understand this is I know personally in my
business, I spend as much as I can on technology. But I do cut some
corners sometimes, right? You look at it, and you say, Well, let me
see. I can buy this laptop. It's a third of the price. So I can buy
three of these laptops. Instead of buying one of those more
expensive laptops. Right. I know you I know. You thought the same
thing, right? Because I think of that too. That's what I do. So you
look at it and you say, Well, I could buy three of these, yeah, but
you're not going to have a machine that's still it's going to last
it and you won't be able to buy three of those other computers,
they just aren't going to last. And you're going to have to move
all of your data when that computer fails, if you can move it if
what fails isn't the SSD, because, for instance, now SS DS are not
created equally. And these are the drive solid-state drives that
replace the spinning drives that are in our computers. And they
have a limited number of write cycles. In other words, they have a
predetermined life factor. We could tell you a story about that,
that we won't right now. There are some that just completely die
after a certain number of hours, they just shut themselves off. So
beware. So you can't even compare an SSD of a certain size. As a
regular consumer, you have to look at what's the technology inside
behind it. How long is it going to last? How many right cycles Is
it good to be able to handle How about the GPU? If you're doing
engineering work, you need a much better GPU that Yeah, okay,
there's a GPU built into that Intel CPU, but it's nowhere near as
good as having the next-gen CPU or GPU made by company x company y
company z.
Craig Peterson 6:16
So, even though I'm tempted to cheap out, I don't and I am much
happier because it lasts longer and it performs better the whole
time. So I'm not sitting there waiting constantly for something to
happen because it's so slow. And that's why I moved to Apple,
frankly. Now back to the phones. Why I said I don't understand why
people buy Samsung's Yeah, you know, in reality, I do understand.
And it's, it's primarily because you have been fooled. Right? They
the guys out there that are selling you that Samsung phone is
pretending Well, maybe they just don't know better, but frankly,
there are people in the organization that knew but do know better.
pretending that this Galaxy phone is just as every bit as good as
an iPhone 11 or an iPhone 10 and they are lying to you. And then
when your phone fails and I was on that Android bandwagon for a
while myself and my Android phones would fail, and they would not
get updates at all for even for security patches. I realized that
my suspicions were right, that these manufacturers are just trying
to crank out the phones as cheaply as they can, as many as they
can, and then move on to the next model to get us to buy the next
model. Because the whole smartphone industry right now is suffering
because of this whole big problem of people are just happy enough
with the phones they have. So there's something called planned
obsolescence as a part of this as well. Now I'm not saying that
Samsung isn't giving you security patches because of Planned
obsolescence. Although they might be I'm saying that Our friends at
Samsung are really playing some games with you. And they are
deceiving you. And they are really causing nothing but headaches.
But there are ways around it. If you are buying an Android phone
because you can't afford an iPhone, again, you've been fooled.
Because buying an older model, the iPhone is always a better
investment. And it's a better investment because it will still have
some resale value in a few years, unlike that Android phone and it
will be supported by Apple. Think about what's on your smartphone.
Do you do have your contacts there? That might be a problem. Do you
have any documents from your business, any text, any emails? That
might be a problem because if your phone is hacked, which Android
phones are, I just told you there's over there right now they're
shipping with over 100 vulnerabilities pre-installed okay. Think
about what else might be either to use your phone to check your
bank balances. Does your phone have an app from your bank from your
credit card company? Think about that for a minute. Apple gets
their fixes out within a day. Samsung as we just found out can take
up to even almost a year to get them out if they even provide them
for your phone. Because they're only providing them for the Samsung
the 10 and the S 10. And the S nine right now and that that will
change so five years versus a couple of years okay. Plus the fixes
they just come out from Apple. So do everybody a favor. Buy some of
these iPhones by right now I would say go out and buy an iPhone 10
Xr good value. Easy to get and it's going to last a while stick
around. We'll be right back with more you listening to Tech Talk
with Craig Peterson right here on WGAN
Craig Peterson 0:03
Hello everybody. Welcome back, Craig Peterson here on WGAN and
online at Craig Peterson dot com. You can get all of this week's
articles right there from me on my website and also the newsletter
I try and keep you up to date on all the latest tech news you need
to have. What are the important things and how should you be
handling them so all of that up and Craig Peterson dot com and you
can get my podcasts all over the place just in your favorite
podcast app I'm really am almost everywhere now. You will find me
please subscribe, and that helps our numbers and it helps get the
message out and I really appreciate it if you do this isn't a labor
of love. And I hope you can share this love with other people as
well as we try and help them out. We are seeing right now. A major
revolution in the world. And part of that has to do with our facial
recognition. So I want to talk about facial recognition what
department Homeland Security is doing right now, what China's doing
this whole thing with some of the Arab countries and, and really
why you should opt-out facial recognition. Department of Homeland
Security has been using facial recognition now at the gates of some
airports at some gates. And they've been trying to match your
national ID photo with the picture that's taken at the gate. And
they have arrested. I think it's almost 10,000 people who were here
illegally, who overstayed visas, etc. I went to the airport to hop
on a plane just have a domestic flight, not even International. And
as they hopped on that plane, We're about to they were arrested. I
mentioned illegal immigrants, which is certainly one qualification
of people. But it also arrested criminals that were wanted for
various crimes were, you know, independent of their legal status in
the United States? Well, we have seen now over in China, some very,
very scary uses of some of this facial recognition technology. And
I being basically here, mostly libertarian, certainly on when it
comes to our own privacy and security very libertarian. We've seen
in China, some serious problems and right now, like this week in
Iran, and I want to talk about what's coming here in the US within
the next six months in China. They have been using facial
recognition as part of their social credit system. So now in China,
if you buy a phone, smartphone or otherwise, the carrier is
required to take a picture of you
Craig Peterson 3:09
and send that photo on off to the central government. So now the
central government in Beijing has photos of everyone who's in the
country legally. And I guess the illegally as well. And then
they're using that to track you if you jaywalk, for instance, you
lose social credit. There's a great dark, I think it's dark mirror
right episode about this sort of thing. But if you jaywalk, you
lose social credit. If you lose enough social credit, you can't
vote. You can't even get on a train to go to work anymore. So
they're using that in those ways. They're also using it to suppress
religious minorities. Just this week on I think it was Wednesday.
De An article came out showing a secret document that was in China
that was part of their, you know, the Socialist Party over there.
And the socialists had decided that they wanted to be able to have
more reeducation camps. And the people that have gotten out of
these camps say these are internment camps. They are torturing
people. It's just insane what they're doing. And they're doing this
to ethnic minorities there in China. A lot of them are part of a
Muslim minority as well. So China has this facial recognition
technology that they are starting to export. And China is a major
driver in the United Nations now to have a facial recognition
standard that they can use, okay, and that they want to be spread
around the world and it's just absolutely amazing when you get
right down to it. So we have also heard just this week about what's
happening in Iran? Well, a couple of weeks, I guess. But there have
been protests in Iran, you know, our sanctions against Iran have
really been hurting them. They have a very hardline socialist
government over there. But again, it decides what rights people
should have and what they shouldn't have. They're not obeying any
sort of constitutional protections as we have in the United States
because they just don't exist, right. When it comes to a socialist
country doesn't matter. It's whatever the head of the Socialist
Party says whether it's a fascist government or communist
government, it just doesn't matter because everyone's equals under
their feet is kind of the bottom line. Right. Can you tell my
political leaning on this one? Yeah, it's I think it's a bad thing.
So in Iran, what they've started to do is they have been
positioning snipers on top of buildings and shooting and killing at
least hundreds. We don't get good reports on Iran, obviously. And
they pretty much shut down the internet over there of people who
have been protesting the government. Now it doesn't look like it's
gotten to that level yet in Hong Kong, where they're also protest
protesting the socialist government. But what China has started to
do now is they are selling fully autonomous killer drones in the
Middle East. And these drones are, are designed to decide by
themselves, who they should kill. So you could literally if you're
wrong, you could literally let these things loose in the streets.
And let's say the curfew is 6 pm just as an example from 6 pm to 6
am. And anyone that the drone sees in the streets that it does not
recognize either through the facial recognition or perhaps a
uniform or some other method. ology, if it doesn't recognize you
just shoots and kills you.
Craig Peterson 7:05
extensively, these are going to be used in warfare, which means if
we are battling over there in the Middle East, our troops could be
up against these drones. And it could be very, very bad for us and
for everybody else. Now let's talk about what's happening here in
the US. I was shocked when I went down to New York City. It's been
at least a decade, maybe 15 years ago. And I entered a building
because I wanted to visit someone who had invited me to their
business down there. So in I go, and I could not go into the
building without presenting some form of ID, which they scanned and
kept, and that really upset me, really upset me because it wasn't
what businesses of theirs and they said, Well, you know, no, no. We
need to be able to count the bodies that might be in here in case
there's, you know, another bombing and we want to keep track of
terrorists and every Now it's okay, well, wonderful. So there's a
great article that I have up on Craig peterson.far.com, Karen
peterson.com that came from Fortune magazine. And this is for
actually from their newsletter. And fortune moved into a new office
building in Manhattan a few months ago. And they had a new entry
system. So a lot of these buildings, you have to have a card, you
put the card up to the reader, and it might be something that you
just touch it and it reads it with RFID might have to slide it in.
But they put in a system that allows you just walk through because
they've scanned your face. Just smile at the camera and in you go
No more waiting, no more forgotten card keys or anything else. This
I think is a very big problem. And the problem that I see and there
are many of these, frankly surrounding this, but the biggest
problem is If you lose your badge, you can get a new one. What
happens if they lose the information about your face? What happens
if that stolen? You only have one face. And how can you be
sure whether it's this building in Manhattan or the Department of
Homeland Security that wants to scan your face at the airport? How
can you be sure that it's going to be kept safe? Because unlike a
John Travolta in the movie face-off, you just don't get to change
your face over time. Big, big problem. So don't let them scan your
face. And there are programs underway at the airports to try and
get you to do that. Because you can just walk through everything's
wonderful. All right, I disagree. So your next steps. Don't let
your face get scanned. iPhones a little bit of a different deal
when we talk about that when we get back. You're listening to Craig
Peterson WGAN.
Craig Peterson 0:04
Hi, everybody. Welcome back, Craig Peterson here on WGAN and online
at Craig Peterson dot com. Hey, let's finish up that last little
discussion here. I just told you to opt-out of facial recognition
systems whenever you can, you know, in some cases like what the
Homeland Security Department is doing right now at airports, you
can't really opt out of that. It's kind of like this. What do they
call this ID program that they have, where your ID is something
that the federal government recognizes and needed to fly. And the
states are sending all of this stuff off to the federal government,
which I think is a major violation of privacy, something that we've
got to protect against but you know, again, you can't really opt
out of that depends on the state. But I think as of next year,
every state all 50 of them are going to have this new secure ID is
part of your driver's license stuff I, I am really, really not
happy with that. But maybe, maybe that's just me. I don't know,
maybe it's just me I'm kind of paranoid in that regard. But let's
talk about your iPhone or heaven forbid your Samsung Galaxy phone.
here's, here's what's going on in the iPhone. The iPhone has had
for quite a while now ever since it started having the thumbprint
reader or the fingerprint reader. The iPhone has something called a
secure enclave. Now, this has caused some people some problems over
the years because if you replace the broken screen on your iPhone,
and you didn't do it correctly, that broken screen at the bottom
had that little fingerprint reader and if it's disturbed at all,
you you now lost access to the phone period because that secure
enclave was destroyed which is why so many people ended up going to
Apple to have their screens fixed and moaned and groaned about it
for very good reason If you ask me, so yeah, problems on that
front.
Craig Peterson 2:12
However now moving on to the next step,
Craig Peterson 2:15
What is the 10, I guess the iPhone 10 came out and it had facial
recognition built into it. And now the facial recognition not
perfect. And it's interesting with my I have identical twin
daughters. So my two daughters identical. One of them weighs a
little more than the other one does. And they both have iPhone tabs
with facial recognition turned on. And they can one of them can
always unlock the other one's phone and the other one can sometimes
unlock the other one's phone. But the facial recognition in the
iPhone was having problems with identifying Eastern faces like you
know oriental or whatever the culture holidays. But you know,
Chinese and even Indonesians and Pacific Islanders and all of those
people had some problems with. And China now with their facial
recognition is trying to get African faces because it's having
problems with African faces. So there are some problems with it.
But one problem that does not exist with the facial recognition on
the iPhone only is how is that data stored? Where's that data
stored? Is it going to be stolen? Could it be stolen, etc, etc? The
way Apple did it is the right way. And it stores your fingerprint
information locally in the phone in the secure enclave, which is
virtually 100%. No one has ever shown it to be anything less than a
hundred percent hack-proof. It's amazing what a job they've done.
So it stores the information about your face in this secure
enclave. So if the phone wants to know is this really you? It asks
a secure enclave. Hey, is this really him? This girl enclave says
yes. And that's it Apple never get your face and never get your
fingerprints. It's never sent up to the cloud. All of that is
handled in the phone in a special chip that has a special sealant
around it so it can even be physically broken into without
destroying it, called the secure enclave. Very, very, very big
deal. So when we're talking about facial recognition, and Apple I
do trust it. I do not, however, trust the way Samsung's doing it or
any of the other Android devices that I'm aware of right now. Now
they're getting better but still don't trust them. Definitely do
not use Samsung's fingerprint recognized recognition system. It is
very, very, very hackable. They may fix that in the future. I'm not
sure their facial recognition is actually better than the
fingerprint system, but I wouldn't use either. But then again, you
already know I wouldn't use an Android device, including any of the
Samsung's that are out there. So, there you go, opt-out when you
can have facial recognition. For the most part, it's a very bad
idea. And if you're using an Apple device, facial recognition is
okay. I still personally prefer the fingerprint as opposed to
facial recognition but maybe that's just me, but I have an iPhone
eight as well. And that's all it has on it on maybe I'd like facial
a little better if I had it on my phone. But I'm not planning on
changing from an iPhone eight, probably until next year, next
September when the iPhone 12 comes out. Although my age can be
supported for a while Apple just stopped supporting the iPhone six.
So after the iPhone six, there's the six s there's the seven I
think there was a seven as There's an eight, I don't think there
was an eight as there was some 10.
Craig Peterson 6:06
And now 11. So there you go, that six models that they're still
supporting iPhones vs. Samsung, which support which is probably the
best out there for support only supports two models versus six
models. And it takes some half a year to get security patches out
versus one day for Apple. Okay. All right. So let's talk about
security. You might know that I've used Verizon for a long time for
my cell phone plan. And then I switched over to T-Mobile because
they had a much better deal. And most of the time where I'm trying
to use the phone, I have coverage. It's rare that I don't Verizon
definitely had better coverage than T Mobile does. But I'm saving a
lot of money over on T Mobile. Well, T Mobile had a data breach,
they confirmed so I want to tell you what Do how to protect
yourself after this data breach. This isn't just for people who
might be T Mobile customers. This is true for almost anybody out
there. Okay, that just in general, when you have a cell phone, it's
estimated that there were more than a million accounts that were
breached according to Tech Crunch. So it is a big breach, but you
need don't freak out now. Okay, don't ignore but don't get too
nervous at the same time. Now, t-mobile has said that it has
notified people who had been hacked, basically who's dated been
hacked. And here's what they wrote. Our cybersecurity team
discovered in shut down malicious unauthorized access to some
information related to your team mobile prepaid wireless account.
We promptly reported this to the authorities. None of your
financial data including credit card information or social security
numbers was involved, and no passwords were compromised. The data
accessed was information associated with your prepaid service
account, including name and billing address if you provided one
when you establish your account, phone number, account number rate
plan and features such as whether you added an international
calling feature. Okay? So since the right planet features bit
requires T Mobile to notify anyone who's affected. If you haven't
heard anything yet, the odds are good that you're not in trouble
here. But let's be a little paranoid. Let's tell you what to do
right now. Okay. You're going to want to double-check your account
settings. You can call t mobile's customer service number if you
have at mobile phone, you can just tell 611 to confirm whether or
not your account is affected now 611 does not just work for T
Mobile. If your T Mobile customer that's what you dial in catch a T
Mobile if you're a Verizon customer new dial 611 it'll get you to
Verizon, etc, etc. Most of the carriers use six-one-one to get
customer service. So if you are worried that your data was stolen
here, you're lucky because really real critical information like
your payment details, passwords, so security number was not stolen
years, anyone can tell. So at best, they might be able to
impersonate to either at t mobile or in another service. But here's
what you should do. Set up a password or a pin with T Mobile. So
when you call them at 611, make sure you have your latest build
with you so that you have all of your account numbers all the
information that they will ask you for. And then you can set up
this password or a personal-identifiable number with TMobile. That
way whenever you contact customer support, they're gonna ask for
that specific information in order to proceed. Now don't forget the
pinner pass. Word Are you going to have to go to T Mobile store in
person and you have to verify you are, who you say you are, etc,
etc. But that's the bottom line here, just quickly set up a pin. If
you haven't done this with your carrier already a highly recommend
you do that. And we've done it with all of our accounts for a lot
of years. In some cases, there are also multi-factor authentication
or two-factor authentication that's available. So they'll send you
a message in their app that is much safer than sending an SMS
message.
Craig Peterson 10:37
So I want to talk to those of you. And I know many of you have done
this, but those of you who specifically have accounts that hold
Bitcoin, or any of these other cryptocurrencies, one of the ways
that 10s of millions of dollars have been stolen from you guys. Is
that your SMS has been hacked. So what the guys and gals are doing
they're trying to hack you is they use SMS portability. And they
pretend that they are you. They call up your carrier, they say hey,
I've got a new phone, they give them the numbers for the phone,
just an unlocked phone. And now all of your text messages and your
phone calls are going to be transferred to them instead of you. So
when you are trying to verify now, your payment, whether it's a
bank account, or more particularly right now we're talking about a
cryptocurrency account. When they try and confirm they're
gits
you going
to send a pin via text message via SMS to your phone but it's not
really going to go to your phone is going to go to the bad guy's
phone. So this is why you really want to have a pin or a password
so that when the bad guy calls up tries to steal your phone calls
and your pin. They can't. Because they don't have that important
information, the stuff they really need. So what I want you to do
right now is go ahead and call your carrier, set up a pin, set up a
password, so that you are safe here in the future. So we've talked
this hour about facial recognition about why you should never ever
buy an Android and some of the deals that are going on for iPhones,
even older ones, and how to protect yourself with T. T mobile's big
data breach. So coming up, we're going to talk about the five
things you need to know about cyber insurance. The robot This is
cute here for surveilling and playing with your cat Congress what
they're doing this week on privacy, and a whole lot more you
listening to Craig Peterson on WGAN online at Craig Peterson dot
com
Craig Peterson 0:04
Hey, everybody, Welcome back Craig Peterson here on WGAN of course
online at Craig peterson.com. Hey, if you are new to the show a
real quick introduction, I've been in the technology field for many
decades. I have been doing internetwork, in fact, since the early
80s helped to develop a lot of the systems, some of which are still
in use today. And I have been a victim of security problems with my
business. I built a big business it was doing pretty well Well,
technically a small business, but it was doing pretty well had 50
employees and then we got nailed now this was way back in the 90s.
But when we got nailed, I had quite the wake-up call about what I
really should be doing and, and, man, it was scary. It was really
Really, really scary at the time I owned our own building, we had
our own data center. It, we were building some of the biggest
commercial properties online on the Internet at the time. And it
was a really scary thing. It was like, you know, the bully in the
yard right at school, and they would suck you right in the solar
plexus right in the gut, right? And that feeling that you had you
just you couldn't breathe, the not really pain, but it's just
shocking. And that's how I felt. I didn't know what to do. I didn't
know how to do it. We had anti-virus software. Why didn't it
protect us? And it really bothered me and took a couple of days
now. I was very, very technical. Of course, I still tend to me. If
I have a real failure it is that it's kind of hard to remember what
it was like not to know when any of this stuff. So you know, bear
with me asking me questions. Okay, I get it right. I can be very
confusing sometimes.
Craig Peterson 2:09
But I was very technical. And it took about two days for me now
this is back of course before Google or AltaVista, or any of these
really great search engines. So I was using the stuff at the time,
like our chain Veronica gopher stuff, and trying to find out what
was going on. And it was actually digging into the machine itself,
that revealed what the problem was. And I'd become a victim of
what's known as the Morris worm. crawling through my machines and
some other machines on the internet. It was, it was a really scary
time. And I decided right then and there that I had to make
cybersecurity priority. And I had to be able to help people with
their cybersecurity and businesses as well. Now businesses you hope
can afford to pay and keep my life On the right. And they've been
very good to me my clients over the years, you know, I've had some
great clients. And I've decided at this point in my life that I
only want to work with great clients only clients that really,
really want to work with me. But the same can't be said for
consumers because you retirees and other people just don't have the
money to pay what it costs to secure a business. You know, it kind
of at a minimum, you're talking about $50,000 investment, plus
monthly and 2500 bucks a month is pretty standard. And you could
certainly go out and hire somebody to have somebody who's a quote
it person unquote, but they are not really going to be able to help
you out very much and they not going to keep up with it. And that's
the biggest problem we have right now. My people who are involved
in this every day spend about a third of their time in classes. And
in coaching and conferences trying to keep up with what are the
attacks? What is the best software out there? What should we be
using? What are the techniques that we need to use nowadays? And so
you as a home user, there's no way you can afford it. And as a
business user, if you're running a Soho like a small office, Home
Office, you cannot afford to do all of the right things. And that's
what I'm trying to help out with. And that's why we talk a lot
about security here on the show, and that's why I do pop up
training and Facebook Lives, where we kind of delve into one aspect
or more, and then I have paid courses as well, that tells you what
the tools are, how to use the tools where you can get the Tools
What, what are the best ones. And my newsletter, we talked about
that a bit. In fact, if you got this morning's newsletter, we add a
new section and actually, we have a new section that we're probably
going to do this monthly, but it is the number one through five
things patches you need to apply. Here are the five things you
absolutely have to take care of when it comes to patching this
month because there are extreme vulnerabilities and they are being
used by the bad guys right now. I can't think of anything more
valuable if you guys can let me know. For everybody, whether you
are big business, a small business, a home user, right, it's making
sure these have been applied or you could be in a whole lot of
trouble. And now we're looking at the costs of recovering from one
of these breaches and a very large percentage of businesses today.
If they're breached, they file bankruptcy The next day, because
that's how bad it's gotten and ransomware attacks are up and
They're up across the board no longer they necessarily aiming
primarily at these real big companies because they realize the
smaller guys are the ones that are going to be easier to
compromise. And then when you add into that equation, the fact that
it takes about eight months for a company to notice that it has
been hacked. Wow, think of the damage one of these guys could do.
And it's everything from stealing the intellectual property that
you've developed, whether it's designed, it can be a man, we have
another client that we picked up, and she has a business that was a
cutthroat, I had no idea how crazy cutthroat
Craig Peterson 6:47
it is. She's in the design business for clothing, and purses,
women's wear shoes, various other things. And in this whole design
thing that she's doing the is quite a bit of money, and she had
been selling into these huge retailers and things are going really
well. And, you know, maybe one of these days we'll get deeper into
that story. But this is just a couple of weeks ago, I met with her,
and she lost everything. And now at what, how old is she now? 55, I
think, or 50. She's starting over again, from scratch and I don't
want that to happen. So the easiest, simplest, most straightforward
and free thing you can do, frankly, is to subscribe to my
newsletter. Now you're going to go to Craig Peterson comm slash
subscribe, and I'm asking for your name and your email. That's all
I'm asking for. Now, I don't hound you. I'm not like one of these
internet marketers that sending you emails every day multiple
sometimes unless I've got something that's big going on. There's
training or something, I might send you emails during the week.
reminders, hey, I'm starting this afternoon or whatever, right?
That's the only time you're going to get a bunch of emails from me.
And that's for the free training as well as some of the paid ones.
But I am I don't sell your name, I am not trying to target you or
anything else, right? So, if you subscribe, you will get my weekly
newsletter. And in that newsletter, I have usually between eight
and 10 articles, we tend to write a short article that few
paragraphs long kind of describing what the problem is what you
need to do give you some tips of what to do about it. And then we
will link also to a third-party article, you know, unlike Forbes
magazine, or some newspaper out there, etc. Dark reading there's
another one that we get, we linked to quite a bit but you get all
of that there. is no charge for any of this, I don't want you to
feel like I did. And I got hit once that first time and I got hit
once again a few years later completely different way. And that's
when I decided, hey, listen to this, this low-end antivirus
firewall thing that you buy at Staples or from one of these brake
fixed shops, it doesn't really know much about it, it just isn't
going to cut it. So I upped my game after that. But you are going
to understand what you should do how you should do it. My
recommendations, I throw those in there once in a while if somebody
comes out with a new product, as we did with Wi-Fi here recently,
and with some of the new Wi-Fi technology, what you should be
looking for there and segmenting your network at your home or your
small business so that your kids playing games who might be hacked
are not going to affect your main network there, I can be able to
get onto your computer, they're not gonna be able to get on your
business computer, none of that stuff. But the only way you're
going to find out about this is if you subscribe. Now I have
hundreds and hundreds, probably 1000 recommendations from people
who just really appreciate all of the stuff that I'm doing. And,
you know, there's free stuff, hey, if you can afford it, I'd
appreciate it if you get the paid stuff because, you know, there's
more, it's better because you can afford to pay for it right? But I
really don't hold anything back. Right? I'm not trying to play
secrets. It's the type of software you use as a business. That for
instance has some sort of a military subcontract, you have defiers
it or regulations or a doctor's office where you got HIPAA
regulations, or a business that has to deal with FINRA or PCI
regulations, financial transactions and Companies, those guys
hopefully have enough money to do it mostly right. And as I said,
it gets expensive. We were just in a company, we did a proposal
just I want about a month ago, I guess now, and to secure her stuff
properly, it would cost her about 80,000 a year. Now she had a
number of employees, but she decided she wouldn't, didn't want to
pay it wouldn't couldn't, whatever. And you know, I understand that
too. But your best free advice you're going to get by going to
Craig Peterson dot com slash subscribe,
Craig Peterson 11:38
and I will be sending you my newsletter and I have three special
things that you're going to get as well. That will come in the
email after you confirm your subscription. So you subscribe, look
for my email, click the link and you're all set. You're listening
to Craig Peterson on WGAN and I'll be right back. Stick around
Craig Peterson 0:06
Hey, Craig Peterson here on WGAN. Thanks for spending part of your
day with me here. We're covering some of the topics that are really
of interest, I think to everybody, and are certainly of importance
to everybody. And that includes and I think in many ways is most
particularly cybersecurity. So I want to talk right now about what
to do after the fact. If you've been hacked, what are the right
things to do? Well, there are some things that you can do right
away. I remember back in the day if you noticed that your machine
and this is true today. It has run somewhere and is doing something
odd. The best thing to do is shut it off. And then have somebody
take that disk and put it on another machine that can analyze it.
Not just a regular machine, you don't want to spread that
ransomware, but an analysis machine uses Knoppix or one of these
other tools in order to have a look at it. But if you're a company,
what do you do? If you're an individual, what do you do? A lot of
people turn to insurance. In order to cover it, you may not be
aware of it, but your homeowners' insurance may have a rider that
covers cyber intrusions, on your computers. And if you're a
business person, you probably have already purchased some sort of a
cyber insurance policy. That makes a whole lot of sense, frankly,
but it can be a requirement for your company as well to have cyber
insurance. So I've got five things to know right now, about cyber
insurance because the attacks are increasing. It's becoming more
and more important for companies to protect themselves and Cyber
insurance may not cover you. And I have seen quite a number of
times where companies This is in the news, thank goodness, I don't
have personal experience with this. But in the news, I've read
articles where companies filed for their sideburn against their
cyber insurance policy. And their policy didn't payout. Right now
in the news, there's a big story about large companies that are
suing their insurance company because they wouldn't pay out all of
the money that the company thought should be paid out. Now, in this
case, we're talking about cyber insurance. That said, Hey, you have
to take reasonable steps. Now with the cyber insurance that we
have. So for instance, depending on the level of service you have
from us, we have a policy underwritten by Lloyds of London whereby
if you are compromised? Well, we're taking care of your systems.
There is I think it's a million dollars worth of insurance. So
it'll cover the smaller businesses typically. And then hopefully
you have your own cyber insurance, right? That's how this whole
thing works. And then, of course, our company, we have our general
insurances, our liability and all of the stuff you would expect to
have the right key man type stuff, etc. But since the cyber attacks
are now a top business concern, we're seeing numbers from Microsoft
that found that cyber attacks beat out economic uncertainty, brand
damage and government regulation as the top concerns for business
owners and C level executives. So if you're sitting on the board of
a company or you're sitting on the board of a nonprofit that you're
trying to help out with This is something that should be big on
your mind. I did a presentation for university, about insurance,
cyber insurance, how it all works, what the problems are today. And
let me tell you, they were very, very interesting. I think that's
good. 47% of the organizations that were surveyed said they have
cyber insurance now. So that's good. That's pretty much half of all
organizations say that they have it, which is up a lot. It's up 15%
in the last couple of years. They're figuring that by next year,
the gross written premiums for cyber insurance is expected to be
around $8 billion. So a lot of companies signing up for it. 57% of
companies with revenues of more than $1 billion had a cyber
insurance policy. Now compare that to 36%. companies with revenues
of less than 100 million. And if you get down to the small guys,
less than a million dollars in revenue, we're talking a number in
the teens, percentage-wise of businesses that have cyber insurance.
So if you don't have cyber insurance, you're not alone. Okay,
that's for certain. But the big problem I think you're going to
face is if you do get hacked, how are you going to survive? I
mentioned earlier that it's about I think this just takes about
20%. It's a pretty large number of businesses that get hacked,
filed for bankruptcy The next day, but the majority of businesses
that get hacked are bankrupt within six months. So keep that in
mind. Can you afford to lose the business is your business your
retirement? Do you hope to sell it or maybe milk it is an account
cash cow for years to come? Big Questions, good questions. And if
you do what's going to happen if you lose that income, because the
business has gone under because you lost your client lists your
production schedule your bank account information, your
intellectual property. Very, very big deal. And it's a very, very
scary thing to okay.
Craig Peterson 6:26
The top risk covered by cyber insurance seems to be a BEC's or
business email compromise. And that's actually kind of a good
thing. Because according to the FBI, we're talking over $20
billion, and I've seen numbers as high as $30 billion has been lost
to these email scams. So business email compromise is where the
fraudsters and maybe we can go into this in more detail some time,
but it's where the fraudsters get involved. And a trick you or
somebody new organism To sending the money, and you might say, Oh,
it's not gonna happen to me, it'll ever happen to me. We're not
that stupid when people pay attention to the email. No, it happens
because the fraudsters aren't just sending out an email saying, I'm
a Nigerian prince, I need to use your bank account. They have done
some research on you. They've done some research on your business.
They know enough to be able to fool your financial people into
sending money. And one of the stories I tell pretty frequently when
I am last few months here while I'm doing presentations for
businesses and other organizations have to do with that exactly. It
has to do with the $45 million that was stolen out of an operating
account. I have another one that's the much smaller business that
came to us and we're securing them right now. And they lost $80,000
out of their operating account and to them. That's a lot of money.
How are you? Get a meet payroll if you don't have that money
sitting there. So busy email compromise, good insurance to have.
But here's a big concern. We have two big companies out there,
we've got drugmaker, Merck, you probably know about those guys, and
a food giant called Mondelez, and they're both suing their
insurance providers over non-payment for damages from not pet shop
back in 2017. So think about that not Pecha was considered by many
insurance companies as an act of war. And we thank goodness we're
able to protect all of our customers from that. But these big
companies weren't protected. They've retired us they would have
been but you know, they know better, right? But think of you as a
small business or as a just a home How are you going to be able to
fight these big insurance companies? Merck and Mondelez are both
suing their insurance companies because the policies weren't paid.
So keep an eye on that one as well. Hey, when we get back, we've
got a fun story about robotics. You know, we talked a lot about
some of the real problems, with robots, the new killer drones that
are being sold by China to a number of Arab states. Now, and by the
way, all throughout the Middle East, but now we got a fun one. So
stick around, especially if you're a cat lover. You're listening to
Craig Peterson here on w GA. And we have another half hour left.
And we're going to get into Congress a little bit here. And I'm
going to talk about DNS filtering. What's that all about? Well, how
does that work and how are businesses using it? So stick around
Craig Peterson 0:03
Wow, we got about a half-hour left here. Thanks, everybody who's
listening in and spending part of their Saturday with me here. This
is Craig Peterson and you're listening to WGA and, and online at
Craig peterson.com. Hey, if you're a Facebook fan, you will find me
and Facebook Lives at Craig Peterson dot com slash Facebook. I have
some stuff up at Craig Peterson dot com slash YouTube. But if you
would, if you are a podcast listener, make sure you subscribe to my
podcasts that come out a few times a week. This whole show is
broadcast via a podcast as well after it airs here on the radio.
And you can listen to it anytime a lot of people tell me they
listen to it while they're doing yard work or background noise even
though one or two people that go to sleep to it and I don't know if
that means I'm kind of Sleep guy. I don't know, I heard about one
Podcast, where the guy is a history buff. And he puts out like a
five-hour podcast talking about historical events, you know, good
for him. But apparently, most of his listeners are asleep, because
they actually use it to go to sleep at night. So hopefully most of
you aren't doing that. But do subscribe. I'm on all the major
podcast platforms out there, you'll find me subscribe to the
podcast, I would really, really appreciate it. And if you are a
podcast listener to listen to my show, please take a minute to give
me a five-star rating, a little comment about what you like about
the show. I would really appreciate it. We talk a lot about robots
and some of the scary things that go along with it. And it's not
just robots. It's the artificial intelligence that might be
controlling them and various other things. Well, this is kind of a
fun one. I found this on one One of these funding sites as you can
go online, and it's called Kickstarter and I have done a few
Kickstarter fundings myself in the past, where it's a product that
I think I might like. And so I invest quote-unquote some amount of
money, which is basically just buying the product if and or when
they make it. So remember, there's a little bit of risk here. But
thanks to the changes at the Securities and Exchange Commission,
now, you don't have to be a qualified investor to put some money up
on Kickstarter. Anyhow, if you are a cat lover, you are going to
love this. I have it up on my website as well. It's called Ebo
E-B-O, and this is a robot that live-streams HD video of your pet
straight to your phone. Now, you say okay, Craig, what's the big
deal here? How is this exciting? How is this useful? Well, here's
what it is.
Craig Peterson 3:01
Bottom line
Craig Peterson 3:04
it's a toy for the cat. And it is so cool if you have seen one of
these feral toys and I have one my son in law got me one a few
years ago a Star Wars one is like the whatever that robots called,
I remember are to detail and C3PO and BB8, the little the ball one.
And I can hear you guys shouting at you at me here. Yeah, okay. But
it's kind of cool. It's a ball and it rolls around and it does fun
things. So this
Craig Peterson 3:34
Ebo E-B-O
Craig Peterson 3:37
that I have up on my website, Craig peterson.com. And you can find
Ebo as well on Kickstarter. whizzes around on a pair of self-riding
wheels, so it's not the same as this feral by any stretch. But it
can entertain your cat. It has a built-in laser and it shoots to
have the cat chase that And itself runs around and the cat can
chase it. And you can have it live stream to your phone. So you can
see what's happening in your house and kind of drive it around and
you can see what your cat is doing. It has a fair amount of
intelligence and it has facial recognition, or should I say cat
face recognition built-in and it recognizes furniture and other
obstacles around the room. And when it first comes off its charger
The first thing it does is it checks out the room to see if there's
enough space to play enough clear space because it just it zooms
around and the cats going to be chasing and it doesn't want
anything to get knocked over. It is so cool. a totally new concept
in pet tech frankly, it also in addition to streaming this live,
high def 1080 p video to your phone. You can take pictures with it,
you can save the video. And when you put a color on your cat, it
has a companion color. I think it's extra you pay for it. But it
also keeps track of how many steps your cat takes and how much
jumping around it does. So it's tracking the daily exercise. it's a
total pet surveillance package, which is what it says on
Kickstarter. You can set schedules for EBOs activity, and it will
automatically return to its dock to charge when a battery starts
running low. It is very, very cool. Frankly, I like this thing. We
have three cats, but they all belong to my kids. I'm not sure if
any of them are going to get it for their cats or not. But
according to a study from crowd crowdfunding that was done to
Kickstarter did this about four years ago now. So it's a little out
of date, but Probably not too far out. So they did a study and they
found that roughly one in 10 successful products I reach your
funding goals fail to actually deliver the rewards. Now that isn't
bad one in 10 does not deliver of the ones that do deliver delays
Miss deadlines are overpromised ideas mean that there's often
disappointment in store for those products that do get done. So if
you're thinking about putting some money on to something to
Kickstarter, you're not going to get rich, there are no dividends.
There's no stock that you can sell. But you have to think about it
is your money is totally at risk here okay. You pay 100 bucks for
something on Kickstarter and you may or may not get it and it may
or may not be exactly what was advertised. I've had very good luck.
Everything that I have done on Kickstarter has worked out it has
delivered and it has been working What I expected it to be, but
you're not necessarily going to see that. So bottom line, remember,
you're not necessarily buying a product when you get it on a
crowdfunding site. And I love this. I love this quote, I gotta read
this to you. Very, very short, that classic tweet. Sometimes I
wonder if I spoil the cat seen him with his iPad in his year.
Craig Peterson 7:24
So this is fun. A little fun thing about robots. Check it out.
You'll find it on Kickstarter is called Ebo. E-B-O, a little robot
for your cat.
Craig Peterson 7:36
See, let's get into this really quickly. We only got a couple of
minutes left in this segment. But Congress this coming week is
finally tackling privacy. I guess I don't know is the impeachment
going to be over? Are they actually going to do something we'll
see? But the National Security Agency is warning everybody that
cybercriminals becoming more sophisticated. incapable every day.
But it's taken a backseat to privacy. And there is a big difference
between cybersecurity and privacy.
Craig Peterson 8:11
So Congress is focused on passing this national privacy
Craig Peterson 8:14
law, which allows individuals to access correct and request
deletion of the personal information. So, generally speaking,
that's probably a good thing. There's a lot of different proposals.
There isn't a final bill yet. But the Senate Commerce Committee is
holding a privacy hearing on Wednesday. So yay, at least one of the
two houses is doing something Congress is far too busy with
impeachment for the last number of months. So the Senate's working
on this but we also have to consider that Yeah, okay. I'm national
privacy law is probably far overdue. But how about the other side
and how about cybersecurity? We need something to you know,
frankly, I feel sorry for the businesses that are spending the
money to do cybersecurity. Right. And having to compete with
companies that aren't doing cybersecurity at all. Yeah, okay.
Cybersecurity. And I argue this all the time. It's a business
advantage, right? Use it as an advantage, right? It's not an
expense. It's an asset. But in reality, they still have to deal
with it. Right. They still have to pay the bills their competitors
have slightly larger margins because they're not doing things
right. We need to have level footing. We need to have a good
cybersecurity bill. And hopefully, Congress will take that up.
Maybe next year, the Senate will do this. Who knows how some
probably still being impeachment talks here. You're listening to
Craig Peterson and WG and when we get back we're going to talk
about DNS.
Craig Peterson 0:05
My wife who tracks all of my social media accounts does a lot of
the postings for me, It has been telling me that a lot of you guys
really are liking the long podcast I put up every week I put the
whole show into one big podcast. Hey, you're listening to Craig
Peterson here on WGAN, and online at Craig Peterson dot com.
Craig Peterson 0:29
If you do listen to that podcast, I'd love to know because I, I put
up all my weekly appearances on my podcast as well. I saw him on
different radio stations. And sometimes I post different things as
well. And those are separate but I have the one big weekly podcast.
What do you guys think of that? Let me know just email me at Craig
peterson.com. Or you can certainly comment on my tech talk with
Craig Peterson page over on Facebook. Which you can find by going
to Craig Peters on.com slash Facebook as well. Let's talk about
something here that affects all of us and doing this one thing is
going to improve your security resistance against things like
ransomware by most likely 90% this one thing it really is a big
deal. Now I have had a lot of clients that I pick up after they've
been hacked and you know, I'd rather not do that. The other time I
get clients is they've just been audited and their insurance
carrier or maybe their customers have had the had them audited and
they need to do it now need to do it fast, right, which is not the
right way to do this because there are many aspects to security
beyond just plucking some hardware and there is your money. You
training there's a whole bunch of things. But when I look at these
companies that have been compromised by ransomware, primarily, so
by basically by a botnet, now, there's one thing in common. Now a
botnet is where there are a bunch of computers that have been
compromised, that are under remote control by a bad guy, or by a
bad community. And they are they exist all the number of them all
over the place. Russia has some button that's and Iran, North
Korea, as well as regular old criminals, and the FBI is constantly
shutting them down. So what happens is they gain control over your
computer, and instead of putting ransomware on your computer, what
they'll do is they will put a remote control on your computer so
that now they can have your computer do anything that they want it
to do. Many times what they'll do with remote control is they will
go ahead and look through your computer files for files of certain
names that like bank or account or payroll, things like that. And
then they will upload those files from your computer and use them.
Obviously. It's frankly one of the ways business email compromise
works. They've got all of that information. And I have seen it,
man, I've seen this more than once I think of it where they grab
invoices that are sitting there on the computer, you say, Well, why
would they care about an invoice for? Well, the invoice has the
customer information, right? It has the account number, it has your
logo, it has the exact format of your invoice because it is your
invoice and then the bad guys will change your invoice. Now in many
cases, the invoices will say submit payment to, and maybe there's
an address where they should send a check to but nowadays, in many
cases, the funds are just a CH, they basically they're wired. And
when the funds are wired to an account, they just go straight in a
CH just goes right in. And so what will happen is they will put the
AC h number on the bottom of the invoice. Now there are some banks
that have single time you say ch numbers, and that number may
change from time to time. So the person paying the invoice looks at
it and says okay, I'll just do a CH transaction and I'll send my
$40,000 payment to this account. Okay, great. Well, what happens
now, when the bad guys have control of your computer, they found an
invoice or more than one let's say and then they modify the invoice
which is so easy to do a PT invoice, they modify that invoice that
may be an email or wherever they found it and they send it off to
your customers. And they change the ACH number to a bank account
that they control. There's a whole ecosystem around this there are
murals. The FBI has just arrested a big gang of meals out in
California about a month ago. So the funds go into these meals
account, and then they meals immediately remove the funds and send
them all over the world and put them in different accounts and
everything else. Very, very bad. So if your computer is part of one
of these botnets what it's doing is it's calling home. So the bad
guys now have a connection that's open 24 seven for them to use
whatever they want, and they might use your computer to break into
the federal government. the facility, at which point, you get a
knock on your door. And it's the Secret Service or somebody else,
right? They might use to spread ransomware to send a business
email, compromise emails and use it for a lot of things. ransomware
itself if it gets onto your computer also calls home, because it's
going to register your computer with them. And it may send the
names of your files and other things to them as well. But
typically, it's just registering so that the ransomware guys know
what key to giving you if you pay the ransom. So here's where DNS
comes into all of us. The domain name system, it's a cornerstone of
the internet. If you go to a website, like if you go to Craig
peterson.com
Craig Peterson 6:51
how are you going to get there?
Craig Peterson 6:53
We're going to go to a browser, you're going to go to the URL and
you're going to type in Craig Peterson dot com That's not how your
computer gets to my website or any other website on the internet.
The way it gets to my website is it says, Gives me the address for
Craig Peterson dot com. It's kind of like having you know that,
that Donald Trump lives in Washington DC or you just drop a piece
of mail in the mailbox address to Donald Trump. Well, you know,
it'll actually probably get to him because the post office knows
who he is and where he lives. But if you just try and send mail to
Craig Peterson They have no idea who I am and you might do a
little bit better if you put the city I'm in you know the state I'm
in the city I'm in the street I'm on and or the street with the
full address. Well, the same thing is true on the internet. On the
internet, you can put in my name Craig Peterson, dot com, but that
doesn't mean you're going to be Be able to get to my website, it
needs to get the address. So that's what DNS is all about with the
domain name system. And it's been around for quite a while on the
internet, but it's not perfect. In fact, it's far from perfect. So
when you type in Craig Peterson, dot com your computer, then ask a
DNS server. Hey, what's the address for Craig Peterson dot com, and
it gives your computer that address. And there are a couple of
different types of addresses nowadays, but your computer then goes
to address and gets the web page. Okay, obviously simplifying this.
Well, when we're talking about a bottleneck room, we're talking
about ransomware. When the software gets on your computer that
wants to control it or wants to send information about the
encryption from the ransomware. It calls home. How does it call
home Well, in most cases it calls home by using a name. So these
names don't necessarily mean much, they may look like a real name,
it doesn't really matter. So there might be zero likes dot com, Bob
dot com, that it goes too well if your DNS is set up with one of
these DNS filtering systems, it'll recognize, Hey, wait a minute,
that is a known bad site or in some cases, it is not a known good
site, right. So bad news all the way around, and it'll send you the
address of a page that says, forget about it. This is not a valid
site. So that's why I said at the beginning here, that has a 90%
improved by just using DNS filtering is huge. Now we provide
commercial DNS filtering for our customers. But if you are a very
small business if you don't need to control the list of sites, if
you don't need it updated, like automatically right away, etc, etc.
You can get it for free as well. So get out your pencil right now
because I'm going to give you a domain that you can go to in order
to get this and it's pretty easy to do pretty easy to install. This
is part of my course that I have coming up as well. You have got
that pencil and paper. If you forget you can just email me at Craig
Peterson dot com or if you're driving the car. When you get back,
just email me at Craig Peterson dot com, and I can go ahead and
send that to you. But here's the trick. Okay. Go to OpenDNS.com I'm
going to go there right now just to make sure that it is correct
OpenDNS.com there is OpenDNS so it's open. And DNS stands for
Domain Name System. And they have enterprise products which are
what I sell. But they also have some consumer stuff available on
the site to an OpenDNS is now owned by Cisco. But they have a
couple of free packages that you can get that will improve your
security by a good 90%. They have an OpenDNS home version, which is
the free service they have OpenDNS family shield, which blocks
adult content and then they have a VIP version for home. And then
they have a small business umbrella prosumer version So the opening
as home VIP is 20 bucks a year. Small Business is 20 bucks a month
per user. And we use the enterprise version of Umbrella for all of
our customers. So there you go. Very simple. Go there. They have
instructions on how to use it, how to install it, and what to do if
it triggers if it gets triggered. I'm so triggered. Alright. I hope
you enjoyed today's show. Let me know to make sure you subscribe to
my email list to get all of the latest updates. Craig peterson.com
slash subscribe. You can get them all right there. I really
appreciate you guys being with me today and listening in. I hope
some of these tips and tricks I have given you are going to help
you out you got to do it. So right now go to OpenDNS.com and take
care listening to Craig Peterson on WGAN
Transcribed by https://otter.ai
Transcribed by https://otter.ai
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553