Craig discusses Why Cybersecurity is important and a must-not-forget item for your Back to School preparations. Listen in to find out.
For more tech tips, news, and updates visit – CraigPeterson.com
iOS 13.7 launched today with a new system for battling the pandemic
Hackers are exploiting a critical flaw affecting >350,000 WordPress sites
The accidental notary: Apple approves notorious malware to run on Macs
Most IoT Hardware Dangerously Easy to Crack
55% of Cybersquatted Domains are Malicious or Potentially Fraudulent
Feds Can’t Ask Google for Every Phone in a 100-meter Radius, Court Says
The Hidden Cost of Losing Security Talent
Automated Machine-Generated Transcript:
Craig Peterson: [00:00:00] Hey, it’s back to school time. We’re going to talk about cybersecurity on the back to school list for parents, for children, and for school administrators. And then what do you do if your credentials have been exposed online?
Hey everybody, Craig Peterson here. WGAN and online, of course, Craig peterson.com. You will find all kinds of great information there. We’ve got a new website, we’ve got a whole bunch of stuff coming up here. So keep an eye out for that. I think you’re going to really like it. So let’s get into cybersecurity.
Now we’re going back to school. Our kids are back at school. We’re probably working from home, right now that’s a majority of people in the United States that aren’t in, manufacturing jobs or hands-on jobs. That is a very big deal and it means some potentially bad things as well. So what are those bad things potentially that I’m talking about?
If we have computers in our homes and we have kids on those computers and those kids are going. Who knows where online, including to the school and a parent is at home. And that computer’s on the same day network is a kid’s computer. You’re in trouble. I’ve talked many times before about how these hacks and hackers bread, when it comes to a company, how they spread in your home, and what they do is.
Kind of think of it like the military, they get a beachhead. So they attack and they have now a footing inside the network and then they start spreading laterally. So if your kid’s computer does not have the advanced malware protection on it, that it needs, if it’s not configured properly, if that kid’s installing software on it and that software gets out or is hacked or is a hack, to begin with.
That computer can now be used to spread malware onto your computer. So whether you using a computer from the office at home, or maybe you are using your home computer. At home, the bad guys are now in your network and now start to spread within your network. Now think of that, multiplied out. Even further, kids are bringing computers into school.
If you go into school one or two days a week. You probably never brought a computer into school before because the kids who were there five days a week. But now they’re there one or two days a week and they bring the computer in so they can show the homework so they can get some assignments. Now things are spreading.
Do you think that the Wuhan virus spreads like crazy? what do you think happens when a child or a teacher brings an infected computer into a school while it’s going to spread like wildfire? And what do you think happens when you have an infected computer on your network at home? it’s going to try and spread like wildfire and it probably can, if you’re not doing all of the right things now, as I said in the last segment, I should probably do some more courses on this, but that’s part of what we’re aiming at here to really help you guys out.
Yeah, that gets to be a problem. Doesn’t it? It’s spreading. So if it spreads onto the computer you’re using from work, and let’s say that you’ve made the mistake of using a VPN into the office and that’s not properly firewalled at the office or on your computer. That mistake that VPN mistake could cost you dearly because now you are spreading that malware or you’re allowing the hacker access by piggybacking on your computer, into the business.
Now, I know that might sound complicated, but it is very easy to do. And the bad you guys have tools that they can buy for as little as 10 to $20 on the black market, it allowed them to do everything I just described very easily. So if you are a school administrator, You need cybersecurity. It drives me crazy.
I was on a zoom call earlier in the week and the only thing they use is zoom. I had to explain to them, Hey, I have clients that are. DOD subcontractors. They sell stuff to military installations. They sell stuff that used by DOD contractors. Therefore, I can not use zoom because Zoom is not secure. The same thing’s true when we’re talking about using zoom in schools and in regular businesses. We cannot use it. Schools have seen an increase in these debilitating ransomware attacks, even with the FBI alert this summer about it going on. I remember the first time I was speaking at an insurance conference and I was up there.
I was their keynote speaker and talking about the problems that we were seeing in business and in schools. With these ransomware attacks. And afterward, one of the attendees came up and told me about his entire school district had been hit with ransomware. What do you think’s going to happen when somebody brings a laptop into school, or somebody brings that laptop from home into work or they’re using VPNs. VPNs are providing a network, a path for that ransomware to spread and it spread to wherever it can. It’ll spread onto your file servers, spreads high and low across everything.
So be very careful. Okay. major problems with the remote desktop protocol. RDP from Microsoft, that I know a lot of you guys are using to connect to work, make sure it’s patched up.
Slap yourself on the back of the hand for using RDP, especially if it’s exposed to the internet, the same thing with a VPN. So we’re going to do training on this. I’m going to help you guys understand it. I don’t want you to feel bad about this. Okay. Cause you just didn’t know.
The vendors are lying to you. Okay. you’re using this stuff that you shouldn’t be using because they’re telling you should be using it. I was flabbergasted this week. I got an email from a security vendor that sells security hardware and software, and they said, the only thing you need is our one product. Which is not even close to being true.
What do you do right? I can tell you what I do. I let you guys know about it. Okay. So we’re going to be doing a lot of training on that starting next week. So I’ll make sure you are on my newsletter list. Newsletter members are the ones that are going to be getting this information, and it’s going to be short.
You can read it and just a few minutes and it’s going to be educational. Okay. Important stuff now. I’m going to talk about exposed credentials. What do you do if your username, your email, address your password, maybe some personally identifiable information? Is found out there on the internet. What do you do?
We’ve got over 15 billion exposed credentials available online, for free? In most cases, the bank has don’t have to pay for them. Did you little shadows conduct a study this year? And they found that nearly two-thirds of the credentials available on the dark and by the way, the open-source or the clear web markets duplicates and 80%, of them are in clear text format.
Many of these are employee credentials that pose a significant risk to organizations because they are in the hands of cybercriminals. So the security team needs to assess all of the things, exposed employee credentials to help make sure that everything’s taken care of.
So what should you do? first of all, I want you to go to a website. I should just put this Craig Peterson so you can find it easily, but go to a website called have I been pwned? You’ve probably heard me say this before, but it’s worth checking again. Check it frequently. Now have I been pwned dispelled, P W N E D. Have I been PW, D d.com. And you enter your email address and it’ll tell you what it finds.
So I used my Craig and mainstream.net email that I’ve had for 30 years now. And I, I know it’s been exposed and you already know, I use different passwords on every website. In fact, I tend to use. Different email addresses and there are some tricks to that. And I’ll do some training on that for you guys too.
What can you do? How can you do it? But, there are some tricks so that you can really, I have one mailbox, but to have what looked to be millions, if you wanted them of different email addresses, which is very good. Have I been pwned has seen my mainstream.net email. It has been found on 12 breached webs sites and one paste.
A paste by the way is a site where they just put all of this stuff together and upload it as one big file. Basically think of it a big zip file place. And so it lists through all of these. And I went through this a couple of weeks ago here on the air, but have I been poned.com? That’s where I want you guys to go.
Okay. So not all exposed usernames and passwords, present a threat. You have to look at them and figure out, okay, am I using that username? But it says on, have I been pwned as having in stolen? Am I using that anywhere else? Am I using that password anywhere else? Make sure that you have a password manager.
I like one password. That’s what we use. We also use something called Thycotic, but I also am really pretty happy now with the latest versions of LastPass. So look up LastPass as well. So use a password manager, always generate new passwords. let’s see the same stolen leaked employee credentials. Keep on surfacing online.
Have I been pwned is going to help you with some of that stuff. You got to get rid of all of that weed out. All of those duplicates, make sure the credentials are genuine and then go to those websites. Go ahead and change them. And use one password use last pass. It’s very important to do all of that stuff.
And then on an ongoing basis, make sure you monitor for stolen or elite credentials. So that means if you can go ahead and on, have I been pwned again, PWNED dot com on, notify me, put in your email address, it’s going to send you a confirmation email. Once you’ve confirmed. It’ll email you, anytime it find your email on any new hacks out on the dark web.
All right, everybody, have a great weekend. Make sure that you are on my list. Cause we’re starting this up this week, little kind of micro training, and we’re going to do other pieces of training as well, but there’s only one way to find out about it and that’s to be on my newsletter list. Craig peterson.com/subscribe.
Believe me. This is not going to harass you. This is going to help you learn even more. All right. Learn. And I always give you things that you can do just like to have I been pwned.
So have a great week. I will be back Wednesday, with Matt, at seven 30 in the morning.
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: