Cybersecurity Breaches Are Your Fault – Can’t Make Insurance Claim – Google’s New Automatic Feature – Facebook Is Government Protected Monopoly and more Today on TTWCP Radio Show: TTWCP [05-11-19]
What do Insurance Companies say about Cyber Attacks? It might surprise you.
What is two-factor authentication and should you use it? Today I discuss my thoughts on this
What automatic feature has Google added, Listen in, for more info on this
Should we have government protected Tech monopolies? My thoughts about this and more
- Brain Scans Reveal A ‘Pokémon Region’ In Adults Who Played As Kids
- Facebook Is A Government-Protected Monopoly
- Google Confirms It Will Automatically Delete Your Data — What You Need To Know
- Apple’s 2FA Might Be A Nuisance (But You Need To Turn It On Anyway)
- New Cybersecurity Report Warns CIOs — ‘If You’re Breached Or Hacked, It’s Your Own Fault’
- ‘Too much funding going into cybersecurity today’: hacker turned CEO
- What It’s Like In A Scam Call Center
- Baltimore City Hall Computer Network Infected With Ransomware Virus, Officials Say
Share This Episode
For Questions, Call or Text:
Below is a rush transcript of this segment; it might contain errors.
Airing date: 05/11/2019
Cybersecurity Breaches Are Your Fault – Can’t Make Insurance Claim – Google’s New Automatic Feature – Facebook Is Government Protected Monopoly
Craig Peterson 0:04
Hello, everybody, Craig Peterson here, Hey, are you a business owner? Do you work in a business? Are you may be a little concerned about cybersecurity? And maybe you have insurance for a hack. I know a lot of insurance companies have been kind of adding that type of rider on lately. Well, I got some news for you today. The whole thing here about two-factor authentication and Apple, you know, the most security you can have the best security is something you have along with something, you know. Well, that’s what 2FA is all about. And we’re going to talk about that, what Apple’s doing, what you can do, and what we do ourselves and for our clients to keep data safe. Google, Oh, my gosh, they are doing something good. We’ll tell you about that and how to take advantage of they’re forgetting a promise that they’ve just made. A really interesting response here from this is a company we use called Duo and their CEO talking about cybersecurity today. And he says the businesses are doing a whole lot of it. But too much funding is going into cybersecurity right now. Because there’s so much money that’s getting into the whole cybersecurity realm. The CEO and founder or co-founder of a company called Duo, D-U-O, Security. They were bought recently by Cisco. And we were using them before Cisco bought them. It’s funny. That seems to happen a lot to us. Meraki, we were Meraki guys. And then Cisco bought them. Duo guys, and many others, Snort and the list goes on and on. But he said that cybersecurity and the investments that funding going into them is way overhyped in a lot of breaches because we’re getting the basics wrong. That is absolutely true. And I got to tell you that now. It’s not overhyped in that you’re not at risk, because you are we’ve seen the statistics, the hard statistics, even from people admitting that their businesses were hacked. More than half of all businesses say they have already been hacked. Okay. So that’s not what he’s talking about. He’s talking about the money that’s going into funding some of these cybersecurity startups. And I can really see this, I understand what he’s talking about here. Because so much of the vulnerability that we have is pretty darn basic. And it goes back to passwords. And in the case of Duo Security, the whole concept of two-factor authentication. So here are the basics. In case you’re wondering, we’re talking about fishing scams. A couple more here. But phishing scams, of course, are those emails that come in that make it look like whoa, wait a minute, now. This is a legitimate email or it’s not and then people fall for them. Right. So the basics are phishing, scam, stolen password, and employees using devices that are not up to date or patched. And that’s what we really, really emphasize with our clients. One of the biggest services we offer is making sure the machines are all patched up. We do it right. So something messes up. You know, it’s our problem and we take care of it.
Stolen user credentials leading cause of breaches. We know about, for instance, Senator Maggie Hassan from New Hampshire and her staff member who admitted to stealing passwords using a keylogger apparently on this senators computer are they. I don’t know could even make a movie about this, it’d be pretty boring, wouldn’t it frankly. A good book about that, by the way, A Thousand Miles, look it up if you haven’t read it already. But smart attackers are going after people now not just systems because that’s where the money is. It’s kind of the basics. Now, this guy is a very interesting guy. And let’s talk about Duo here for a minute, we are the full disclosure a Duo reseller. D-U-O, you can find them online. And they have some very cool technology that we tie into these special fobs, these special little USB keys that allow us to identify ourselves and who we are. So here’s what happens too. We have it tied into, for instance, our iPhones. So if we try and log into a system that’s, that’s privileged, you know, particularly something that has any form of customer information on it, the system comes up and says, Okay, I need to authenticate you. So it now sends a special message to our iPhone. And the iPhone has a thumbprint reader on it. So we have to unlock our iPhone. And then we’re going to Duo, and Duo’s telling us because it popped up on our phone, hey, somebody is trying to gain access. And then you accept it. You say, yeah, that was me, it’s fine. And you give it your thumbprint and a code. And now you can log into that website, you can get on to that computer, you can use that software. DUO is just absolutely fantastic. And frankly, it is crazy important for you to have something like this in your business. And that takes us back to what Apple is doing right now. Some people are annoyed by this, Apple’s two-factor authentication. I don’t know if you’re using anything but remember what I just said the most secure way? Well, the most secure way of securing a computer is to unplug it, rip out all the wires and put it in a vault, right with no electricity. But if you needed to be able to use the computer, two-factor authentication works. And that’s part of what Duo is providing here. And just texting, texting, phone numbers back and forth, doesn’t cut it, by the way. It sends you a message and you respond because people can steal your phone number. And then life gets really complicated, doesn’t it? It gets really competent very quickly. And we’ve seen that again. And again, people stealing, for instance, Bitcoin accounts, but also stealing access to regular bank accounts and tens of thousands of dollars have been stolen out of it. So what Apple did is this is pre-Duo, pre-a lot of these things, is Apple said well wait a minute, most of our customers have multiple devices. So when I logged onto my computer sitting right here in front of me today, it had a message because this is an Apple computer. And it had a little message and the message said, someone just started using your account on this day and time at this location. And this is the type of computer, was that you? And of course, it was me. So I said yeah, cool. But before I logged into this computer, and I was installing a brand new wealth new to me, right, it’s actually kind of old MacBook Air. And I put my account on there and I put my Apple credentials on there. Apple sent a special message to my iPhone saying hey Craig somebody is trying to log on creating an account, etc, etc is this you? So with Apple’s two-factor authentication turned on, every time you attempt to sign into an account, you’re going to enter your password. And then you’re going to receive a second security notification that might come through on your desktop, on your laptop on your iPhone, on your iPad on your iWatch right? Actually, Apple Watch, they should have called it iWatch.
And then usually it looks like a text message. It’s not a text message. In this case, it’s actually built-in, it’s a utility part of the operating system, it gives you this six to eight digit code, and you entered into the website. Now in most cases, the websites are going to send you a text I already explained why that’s a bad idea. And why it’s a good idea to use Duo, it usually takes us a few weeks from start to finish to get a company switched over to Duo, because there’s a lot of configuration that has to happen and training that has to happen. And you have to get the right little devices for people to use. But here’s what you should do. If you have an Apple device, you should be using their two-factor authentication, because it gets around all of the problems you have with Android devices, for instance, that are receiving SMS messages again, that’s what I use Duo, it works on Android as well. So make sure you turn it on, don’t turn it off, you’re going to get it’s going to say Apple ID verification code. And you have to pull that up from another Apple device where you’re going to click Allow. But what amazes me, frankly, is that there is a lawsuit going on right now and some people are frustrated and upset about this if you can believe it. So here are some claims in the lawsuit. Apple turned on two-factor authentication without his approval. This guy’s name is Brodsky. Yeah. Well, he’s trying to help you, you idiot. Two-factor authentication takes too long to set up. No, it doesn’t. It’s difficult to use. No, it’s not. It can’t be turned off. After using it for 14 days what logging into a device can take up to five minutes. Oh my gosh. So you might think that you shouldn’t use it or simply turn it off like this Brodsky guy that’s brought this lawsuit, and I’m sure it’s just one of these deepest pockets lawsuits, just like these lawsuits that we’re hearing about all the time. Oh, you offended me, you have to remove that because it offends me. Really? One person, a dozen people out of how many millions, we’re not offended by that. Forget about it. Okay. But you know, Brodsky is correct that you only have a 14 day trial period. But that should be enough time to figure if you want to use two-factor authentication. And after that’s passed that 14 days, you have to continue using it. So the bottom line to everybody out there, use two-factor authentication. If you can, don’t use your cell phone for it.
Now, let me give you a little insider secret that I’ve never heard anybody else talk about. But I think is really handy. You can get a phone number from Google Voice. Have you seen this? Again, another service that I used before Google bought it, Google Voice, they’ll give you a phone number, it’s free. Now they’re going to record your phone calls and your voice messages. They take the voice message, they turn it into text and they text it to you it comes up in their app, it’s really, really, really handy. Obviously, you don’t want anything too confidential on Google Voice. However, here’s the win, when it comes to a Google Voice phone number, or within many cases with a VOIP provider Voice over IP provider, when it comes to these numbers. They can’t be stolen from you. Because there’s no Sim, there’s no little chip, a little SIM card that you put into the phone. That’s how people get in around this. That’s how people are stealing phone numbers. So if you use your Google Voice number for a website that does not support things, like Duo. So it doesn’t support full two-factor authentication, you’re going to be all set. It’s going to be really nice. So little trick there, right? It can’t be stolen it not the normal way anyway, they can’t just do the cloning or duplication or try and get your sim move to another phone because there was never a sim there in the first place.
While we’re on Google and before we get to our little warning here about the insurance for cybersecurity and CIOs, I get another Google thing. This is from the Associated Press and it was published in Forbes magazine. This is a win I think for everybody. But you have to know about it. In order to take advantage of this. I’m glad they’re doing this. Facebook here another story. They are a government protected a monopoly. And they certainly are. I’ve had problems with patent law for quite a while particularly when it comes to software and processes. You know, way back when there’s a great story. It’s up on my website, http://CraigPeterson.com. 1954, you’ve heard this story, I’m sure if you’ve ever taken a business class. Ray Kroc does that name ring a bell to you? Ray Kroc, K-R-O-C. How about Illinois? How about just outside of Chicago? Anyways, this guy Ray Kroc in 1954 visited a hamburger stand in Southern California. And Ray was selling milkshake mixers and was very interested in how these brothers Richard and Maurice, were able to sell so many milkshakes, this small stand, and I think it was they ordered a four milkshake mixer. So it did four milkshakes at the same time. So he started to look into this about more, a little bit more a little further. He was really impressed. freshly cooked hamburgers delivered to the customers based on an assembly line. Of course, we’re talking about Richard Maurice McDonald here in case you didn’t know and Ray Kroc decided, wait a minute now this looks absolutely amazing. It works, so well. Ray Kroc stole the idea. You know, he tried to work out a licensing deal and everything. We’re not going to get into the whole story here. But the success of McDonald’s led to Burger King, Burger Chef, Carl’s Jr. Hardee’s, Jack in the Box, that used to be one of my favorites when I lived in California, and hundreds of other small hamburger joints and of course, that led up to what we have today with Quoba and other different types of fast food restaurants. Well, the evolution of fast food in America would have been completely different if the McDonald brothers could have applied for a patent to claim exclusivity for the idea of using an assembly line to make hamburgers.
Intellectual property, you know, look at article one section eight of the Constitution. Congress was charged to promote the progress of science and useful art by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries.
Well, the McDonalds brothers, McDonald brothers did not go for a patent. They didn’t apply for this federal protection for their design because it was not a writing, or an invention. They just use existing technology more reasonably and more efficiently than others. And the way it’s supposed to work in the patent office is that if something is an obvious next step in the evolution of a business evolution of a process, the evolution of a machine, it’s not patentable. However, because there are so many patents being applied form because there’s so much technology involved and so much knowledge they need patents are being given willy nilly, it’s absolutely amazing. But the greater good was served by allowing businesses to reverse engineer these clever ideas that they saw in patents and spread it from sea to shining sea. Reverse engineer, not just things in patents, because of course, you have a certain amount of exclusivity. But people would take it, they look at the patent, they would modify it enough so that they could start producing something that wasn’t covered by that patent. Well, today, fast forward to Facebook and Google and other social media platforms that are banning people for their political beliefs. And in reality, in a healthy society, in a healthy economy where we didn’t have the type of crazy overextended patent laws that we have here. Facebook would have been reverse engineered 20 times by now. And people who were banned would have simply gone somewhere else. Well, instead of that our government and the way these laws are set up now is protecting Facebook and these other companies at the point of a gun. Right? Because it breaks the law, see what ultimately happens to those guys and gals that show up in your door? Do they have a gun with them? Or don’t they right? So Facebook and other social media sites and other companies are government protected monopolies. They’ve been able to convince the patent office that their business and their business model is an invention that should be protected by intellectual property laws. Now we have the Department of Justice and the federal courts out there acting as strong arms, strong men, making sure nobody competes with them because they say, this is our business process. We have our process patent on that.
And then, of course, they have enough lawyers to protect it.
You end up with people like Mark Zuckerberg, who has a crazy, crazy wealth. But is he really helping to further even other sites that are out there social media sites, of course not? He buys them if they’re doing fairly well. And he squeezes them, even when he’s buying them. So Zuckerberg didn’t invent anything, he didn’t invent the computer, he didn’t invent the microchip. All he did was started messing around with Atari Basic programming when he was a kid. to reward someone who’s the first to use an invention to arrive an inevitable function only crushes the competition. And that’s what we have today. So that’s my word for today. Facebook is a government protective monopoly. And we have to change our patent laws. We’ve got to set it up so that these obvious inventions if you will, just aren’t covered by it anymore.
Okay, let’s get into Google here, let’s finished that one up. And then we’ll get into the insurance and our big warning to Chief Information Officers and business owners. Google will now automatically delete your data for you. This just came out about a week or so ago. This was in front of the Google IO Developer Festival. That was last week as well. But in their security blog, the product managers for Google search and maps say that Google is going to make managing your data privacy and security simpler. So you can already go into your settings in your Google account, you can get simple on-off controls for location history, web and app activity, which I do I have that turned off. And you can choose to delete all or part of that data manually, which I’ve also done. First, I downloaded it because I wanted to see what Google had about me, right. And what’s going to be rolled out now is what’s called auto delete controls. So you can set time limits on how long Google can save your data, that going to be huge. They’re saying that this is going to arrive within weeks and new controls are going to apply to location history, web browsing, Google searches, app activity data to start with, you’re going to be able to choose a time limit of between 3 and 18 months afterward, the data will be automatically deleted on a rolling basis. So thank goodness. But remember, you can already manually delete it if you want. But the ability to delete automatically is long overdue, and I think it’s going to help us right. I don’t mind them tracking my searches and saying well Craig is looking for a new car, so I’m going to show him this ad because this new car is going to fit. But I don’t want that following me for the rest of my life. I don’t want to see the car ads after I bought a new car right? So being able to have that automatically purged I think is going to be absolutely phenomenal.
You got to see this video. This I found this on Digg and I put it up on my website http://CraigPeterson.com. Wow, this is a video that was taken by a guy working inside a scam call center over in India. This is a webcam view that he shows the software they’re using. You can listen in on some of the conversations. And this is in a city called Kolkata. I guess. K-O-L-K-A-T-A.
I don’t think that’s Calcutta, Kolkata.
And there’s a group of scammers hunting for victims to swindle and what they do and how they do it. And you know what? You got to watch this again http://CraigPeterson.com, it was a bit of a shocker to me. But these guys think that that they have just as much right to your money to your house to your belongings as you do. And they do everything they can to steal it from you. And why not? You’re just a rich American. What do they care? Right?
Okay, on to this. This is from Forbes magazine. Again, up on http://CraigPeterson.com. A new cybersecurity report is out there warning CIOs if you’re breached or hacked, it’s your own fault. Now think of that when it comes to cybersecurity insurance so many businesses have been purchasing. In fact, this is one of the topics I’m covering. UNH extension here to mastermind is the insurance side of cybersecurity. And what does it mean to you? What does it mean to me? The majority of businesses in the US and UK are still leaving their doors wide open to attacks. I’m going to be doing some training coming up here before summer. So keep an eye out for that on what to do how to lock up your business before summer comes okay.
But for all of this focus, we’ve had on cybersecurity, all of this money that’s getting invested. Most of us are still incredibly overexposed. It’s just crazy. These attacks can wipe out your business entirely can stop it for maybe a few hours or, or something somewhere in between. But there was this new cybersecurity survey that was conducted by endpoint management specialists. And also some market researchers Van Bourne, Vanson Bourne. They questioned 690 operations and IT security decision-makers across the US and UK found that 60% of the organizations had been breached in the last two years. And 31% said they’d been breached more than once. What’s going on people? Are you just confused?
Make sure you sign up, http://CraigPeterson.com/subscribe. You can get my free training and I have completely free training, not upselling. Okay, I have my paid courses as well. But I’m trying to get the word out. Okay. The vast majority of the successful attacks are using known vulnerabilities in well-known software that has already had patches available by software vendors. The next one down is people falling for email attacks, which can also be prevented. No, they can’t be prevented by going out and buying Barracuda spam firewalls. And no, okay, you got to do this right. But my goodness, my goodness, the CIO’s team doesn’t actually even know in most of these cases here, what the hardware is, it’s out there, what software it’s running on how they’re going to patch it. They don’t even know the machines exist. And we see that even in small businesses, you walk in how many computers you have, well, we just have three. And then you start poking around, you find out Oh, wow, they’ve got this Android tablet, an Android phone is connecting to the business WiFi. And therefore now the business computers are completely exposed. Plus people are working from home, they’re using their laptops, using computers right from home. So now that whole network is exposing, that computers now exposed to the home network to the business network, because they’re not using the VPN the way supposed to VPN is supposed to be used because they’re using the wrong software. Again, and again and again and again. And again. You know, even the IT people, you know, we run into brake fixed shops all the time and the so-called managed services vendors that just have no idea what they’re doing. None. Because all they have to do is no more than you know, listen, everybody, it’s your responsibility to make sure your business is safe and you cannot pass it off. Okay, here’s a quote again. This is from Samir, in the article you see up on my website about CIOs, it’s your responsibility. A Forrester industry analyst who’s tracking 150 or so security companies said that he’s hearing about 5 or 10 new ones almost every weekend security space. And each one is talking of bigger and worse threats and the rest.
It’s just absolutely amazing. It’s I see it again. And again. People go when they take a course. they’ve got their course on security. And now they think that they’re an expert, right? No, a two-week course, a six-month course does not make you an expert. And I know there are a few of you guys because you’ve reached out to me who listened to this on the radio or on iTunes or on YouTube, who have signed up for cybersecurity classes. I think that’s a great thing. But also those people aren’t thinking that, well, I’ve got my shingle I’m now an expert right? No. Six months in an intensive cybersecurity course is going to get your career launched. And God bless you. You’re in a great community. Great career ahead of you. Okay, where there’s going to be a five-year career or lifetime career. But those people cannot be the people who are running the cybersecurity for your business. You’re the one that has to take it. Take that bull by the horns. If you are one of those people, reach out to me, me@CraigPeterson.com. I am more than glad to share resources with you. Absolutely free ok. Me@CraigPeterson.com. I can help you out. So frustrating because remember, this happened to me 25 years ago, and I got it taken care of back then. And so I understand where you’re at, I was there. I almost lost my business because of a hack. And I don’t want you to lose yours. Okay, or your job or your career. Anyhow, me@CraigPeterson.com. Make sure you subscribe to my weekly newsletter. You’ll get security updates what’s happening out there http://CraigPeterson.com/subscribe. Have a great week everybody. We’ll be back on Monday. Be back with Jack Heath on Monday during drive time and the Jim Polito drink drive time. Ken and Matt and much more. So keep an ear out. Or look me up, http://CraigPeterson.com. Take care. Bye-bye.