loader from loading.io

WGAN Tech Talk with Craig Peterson: Malware upends signature-based A/V, 5G not ready for Primetime, Data Asset Inventory and more today on WGAN

Craig Peterson - America's Leading Security Coach

Release Date: 12/21/2019

AS HEARD ON: WGAN Mornings with Ken and Matt: Election Technology, FBI and Homeland Security Passwords and Passphrases show art AS HEARD ON: WGAN Mornings with Ken and Matt: Election Technology, FBI and Homeland Security Passwords and Passphrases

Craig Peterson - America's Leading Security Coach

Good morning everybody! I was on with Matt and Marty (who was sitting in for Ken.) We had a good discussion about election technology and what different states are doing to assure that they are secure.  We also talked about the FBI and Homeland Security about Passwords and Passphrases and security.  Here we go These and more tech tips, news, and updates visit - CraigPeterson.com --- Automated Machine Generated Transcript: Craig If the Secretaries of State get hacked, I'm not sure we can feel comfortable. Would they even know that hacking occurred? If they did, it would be much after...

info_outline
AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Passwords, Data Collection, Big Tech and more show art AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Passwords, Data Collection, Big Tech and more

Craig Peterson - America's Leading Security Coach

Welcome! Good morning, everybody. I was on with Mr. Jim Polito this morning and we discussed Passwords, huge databases, data collection by Big Tech and our schools, COPPA  and Google. So, here we go with Mr. Polito. For more tech tips, news, and updates visit - ---  Automated Machine Generated Transcript: Craig Now we've got the New Mexico Attorney General, who I'm sure will be joined by other attorneys general to file suit on this. We've got this children's online Privacy Protection Act, which has been around for quite a while that says any personal data for a child under the age...

info_outline
AS HEARD ON NH Today with Jack Heath WGIR-AM 610: The Technology and Spread of the Coronavirus and More show art AS HEARD ON NH Today with Jack Heath WGIR-AM 610: The Technology and Spread of the Coronavirus and More

Craig Peterson - America's Leading Security Coach

Welcome, Good Monday morning, everybody. Craig Peterson here. I was on with Jack Heath this morning. We discussed the Coronavirus, Covid-19 and its spread and how Technology is helping and hurting. Here we go with Jack. These and more tech tips, news, and updates visit -  ---  Automated Machine Generated Transcript: Craig So there we go this morning with Jack Heath Craig Peterson here, and let's get into it. We talked quite a bit about some different aspects of what's happening with technology and the Coronavirus, the Covid-19. Jack Joining us on the Autofair listener lines, our...

info_outline
Welcome!  Election and Voting and the use of Technology, Poorly written apps and Bad Chrome Extension and more on Tech Talk with Craig Peterson on WGAN show art Welcome! Election and Voting and the use of Technology, Poorly written apps and Bad Chrome Extension and more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome!   We are going to hit a number of topics today from the world of Technology. Primaries and Caucuses are underway and with that always comes the topic of technology and security and it is no different this year.  Apps are being developed and brought to market without being fully tested.  Extensions are being created that have ulterior purposes and are being downloaded by thousands and even more, on Tech Talk With Craig Peterson today on WGAN.  It is a busy show -- so stay tuned. For more tech tips, news, and updates visit - CraigPeterson.com --- Related Articles: ...

info_outline
AS HEARD ON: WGAN Mornings with Ken and Matt: Election and Voting Technology, Phishing and Coronavirus Covid-19  show art AS HEARD ON: WGAN Mornings with Ken and Matt: Election and Voting Technology, Phishing and Coronavirus Covid-19

Craig Peterson - America's Leading Security Coach

Good morning everybody! I was on with Ken and Matt. We had a good discussion about the upcoming Nevada Caucus and if they will experience some of the same issues as in Iowa. We also discussed the cybercriminal phishing emails being sent out with the warnings about the Coronavirus that if clicked on will infect your machine and network and also why you should delete apps that you do not use to protect your privacy. These and more tech tips, news, and updates visit - CraigPeterson.com --- Automated Machine Generated Transcript: Craig saying, Wow, cool new technology is going to be great. Hey, I...

info_outline
AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Apps, tracking, selling info and election security show art AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Apps, tracking, selling info and election security

Craig Peterson - America's Leading Security Coach

Welcome! Good morning, everybody. I was on with Mr. Jim Polito this morning and as you know today is Primary Day in New Hampshire it is the Big Day for our State Sport - Politics.  That means it is the day to address voter manipulation, voter fraud, low tech solutions and why apps are not the answer. So, here we go with Mr. Polito. For more tech tips, news, and updates visit - ---  Automated Machine Generated Transcript: Craig You've got this free little cute little game, isn't this fun to play? Well, that game is tracking you everywhere you're going. They sell that information to...

info_outline
Welcome!  Rampant Intellectual Property Theft by China, Scams - Airbnb, VRBO and CoronaVirus Phishing, ACLU and DHS and more on Tech Talk with Craig Peterson on WGAN show art Welcome! Rampant Intellectual Property Theft by China, Scams - Airbnb, VRBO and CoronaVirus Phishing, ACLU and DHS and more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading Security Coach

Welcome!   Today there is a ton of stuff going on in the world of Technology and we are going to hit a number of topics today. There are some scams that are getting more and more prevalent with Airbnb and VRBO that we will talk about. Also, phishing scams using the Coronavirus as a way to trick you into clicking.  The ACLU is filing suit against DHS. China is stealing our Intellectual Property.  Shadow IT becoming more and more of a problem and even more on Tech Talk With Craig Peterson today on WGAN.  It is a busy show -- so stay tuned. For more tech tips, news, and...

info_outline
AS HEARD ON - The Jim Polito Show - WTAG 580 AM: First in the Nation New Hampshire Primary Day and Election Hacking show art AS HEARD ON - The Jim Polito Show - WTAG 580 AM: First in the Nation New Hampshire Primary Day and Election Hacking

Craig Peterson - America's Leading Security Coach

Welcome! Good morning, everybody. I was on with Mr. Jim Polito this morning and as you know today is Primary Day in New Hampshire it is the Big Day for our State Sport - Politics.  That means it is the day to address voter manipulation, voter fraud, low tech solutions and why apps are not the answer. So, here we go with Mr. Polito. For more tech tips, news, and updates visit - ---  Automated Machine Generated Transcript: Craig You know, they don't release their source code, they hold everything close to the chest. They say, Well, you know, it's obscure people don't know what we're...

info_outline
AS HEARD ON: WGAN Mornings with Ken and Matt: Hacks, Deep Fakes, CEO, Business Email Compromise, IOWA caucuses and more show art AS HEARD ON: WGAN Mornings with Ken and Matt: Hacks, Deep Fakes, CEO, Business Email Compromise, IOWA caucuses and more

Craig Peterson - America's Leading Security Coach

Good morning everybody! I was on with Ken and Matt. We had a good discussion about The Iowa Caucus app fiasco, Business Email Compromise, and Deep Fakes what it is, who is at risk and what we can do about it. I went into detail about Passwords and Password Managers and even two-factor authentication and why you need to use them. So here we go with Ken and Matt. These and more tech tips, news, and updates visit - CraigPeterson.com --- Automated Machine Generated Transcript: Craig The problem we see this daily when I get notices from the FBI. It all boils down to personal hygiene, just keeping...

info_outline
AS HEARD ON - The Jim Polito Show - WTAG 580 AM: The problems with the Iowa Caucuses show art AS HEARD ON - The Jim Polito Show - WTAG 580 AM: The problems with the Iowa Caucuses

Craig Peterson - America's Leading Security Coach

Welcome! Good morning, everybody. I was on with Mr. Jim Polito this morning and we discussed the debacle that was the Iowa Caucuses and what it means to you as the election season moves forward. In short, test, test, test. So, here we go with Mr. Polito. For more tech tips, news, and updates visit - ---  Automated Machine Generated Transcript: Craig Tied into Hillary's campaign staffers that were paid 10s of thousands of dollars by the Iowa Democratic Party. $60,000 was paid to them by the Nevada Democratic Party, who was caucusing in a couple of weeks as well. Craig Morning everybody,...

info_outline
 
More Episodes

Welcome!  

The Holidays are almost here -- Hannakah begins tonight and the middle of next week is Christmas - Boy this year has flown by.  There is a lot of Tech in the News so let's get going!

For more tech tips, news, and updates visit - CraigPeterson.com

---

Related Articles:

Signature Anti-Virus does not adequately protect you from today's Malware

Lessons We Failed To Learn and Therefore Are Doomed To Repeat

Business Computers Should Only Be Used For Business

5G - Not Ready For PrimeTime...Yet!

Are You At Risk from Your Outsourced Software Provider

Security - Knowing What You Have Is Essential

Chrome 79 will continuously scan your passwords against public data breaches

Getting the Perfect Tech Gift for Your Special "Techie"

---

Automated Machine-Generated Transcript:

Craig Peterson

 

Hey, hello everybody, Craig Peters on here on w GAM and online at Craig peterson.com. Hopefully, you're able to join me on Wednesday mornings as well as I am on live with Ken and Matt, we always talk about the latest in technology and news and of course in security since that's primarily what I've been doing for the last 20 plus years here in the online world, man, just thinking back, it's, you know, I first got on the internet. Of course, it wasn't called that. But way back in the early 1980s. And I remember in fact when I first started doing networking professionally back in 75, and there was no worry about anything with you know, yeah, okay, we didn't want people to hack into so you'd have leased lines for your business and I was doing a bunch of work. from banks way back when right, one of my first jobs, and I was really enjoying it, I just learned a whole lot up to today. And we're going to cover this here because my gosh, it's it has changed. The Internet used to be very libertarian, everybody on it was very libertarian or conservative. Of course, that's because there were a whole ton of government contractors on the ARPANET as well as some colleges and universities. And you look at it today, and you think that really it's changed dramatically which it has. But I think the ratio is probably still about the same. You've got the silent majority that just doesn't say much about anything, right. And then you've got this hugely vocal minority who's just yelling and screaming all of the time. And then some of these tech companies that are trying to straddle somehow in the middle and not get everybody all upset with them. It's really a Much different world. But when we're talking about security, it is nothing at all like it used to be. You used to go online, and you'd have some fun you, you know, exchange emails with people, you'd share some files and some fun things. I remember this one whole thread on chases. That was just absolutely amazing. I think I came up this time of years while it was all these puns about different cheeses. It was a lot of fun. Now today, we've got a whole different internet out there and a great article by Robert Limos and he is looking at WatchGuard Technologies' latest quarterly report that was published just last week. And this network security firm found that the percentage of malware that successfully bypassed anti-virus scanners IT companies network gateways has increased Significantly, watch guard technology is saying that the amount of malware that signature-based antivirus software catches, has plummeted to about 50%. Now, I think their numbers are high because I think it's more like 20%. But they're getting specific here. They're talking about the amount of malware that comes into a network via an external source. In other words, people are accidentally pulling it from a website they visit, or perhaps it's been injected into their systems through someone who's visiting their network and using another vulnerability. But they're saying that antivirus software This is signature-based stuff, that's what you get from Norton Antivirus. That's what you get from, you know, the Symantec people from McAfee from all of these different antivirus companies out there. It is just horrific what's happening because of what's known as zero-day now you might have heard of this before you might not have but basically what zero-day malware is, is malware is nasty software and malware includes things like viruses, worms, Trojans, etc. It is this type of malicious software that has not been seen in the wild before. And what it used to me is they would, you know, some brilliant person who as my mother would say, Why don't they do something useful with their time, some brilliant PR person would come up with a piece of software, no one had ever seen a way of attacking that no one had ever seen before. And they would attack us and they would get through because there was no signature for it or the engines in the antivirus software just could not manage to handle. You know malware like this new piece of malware that just came out the problem we're having today is that the majority of malware act just like zero-day. So here's what happens with a signature-based attack. You can think of it just like your body's anti-virus system night than what you have in your body. And your body looks at something that it sees and says, Have I seen this before. And if it has seen it before, it knows to attack it before. It grows really big and kind of starts to get out of control, and then the body has to attack it after it's already really, you know, it's taken the beachhead if you will use a military term. I've been watching a lot of world war two movies lately, but it's taken that beachhead and now has control of the beach and is starting to get in further and it's very difficult to get out versus it recognizes it almost right away as a nasty virus. And goes ahead and end the Jackson You know you have more cells in inside your body inside your skin there are more cells that are foreign to your body then there are body cells when you start counting all the bacteria and everything that's in your system and on your skin. It's just incredible. So our body relies on a lot of these things. In order to keep us healthy, if we had no bacteria, you be in trouble. It's like you know if you go on antibiotics, which is an anti-bacterial, what does the doctor tell you to do? Well, you know, start eating yogurt and, and other things. Maybe take some Kombucha or various other things in order to try and stay healthy. Get that good bacteria going in your gut again. Well, when your body is attacked by something that hasn't seen before. That's what we would call in the computer world as a zero-day virus has never been seen by Your body or in the case of a computer's never been seen by this signature-based antivirus software. So what the bad guys have been doing is they figured out how Yes, indeed we are trying to block them. And they figured out that the majority of us are using these signature-based antivirus software packages. So they've designed the viruses and the malware to change itself every time. So no longer can the antivirus software, just look for certain signatures. So for instance, if you were always attacked by blonde-haired blue-eyed Norwegians, you might be cautious next time you see a blonde-haired blue-eyed Norwegian approaching towards you maybe with a baseball bat or whatever it is, they might have in their hands, right? So you get worried about it. What's the old expression? Once burn shame on me. You twice burn shame on me. Right? So we learn we respond based on how we've been attacked before. And so does the antivirus software now it can take them days or weeks, even months to get a signature out and get it all dispersed. You know, I'm talking about the old software, not the newest stuff, not the enterprise stuff we use for our business client. But the stuff that you use as a consumer and Heaven forbid if your business and you're using stuff like Norton Symantec, or McAfee or any of these other a VG antivirus software packages that are based on signatures because they just don't work. So what happens is they change themselves constantly. So it might be a Norwegian, but they dyed their hair they put on colored contact lenses, and they change their clothing. That's effectively what's happening with our computers nowadays. It may be that Viking that's approaching you but you Don't know it because it just doesn't look like they change everything about themselves at least most everything except the malicious intent and what they end up doing once they've got control of you. So watch guard is saying that this is a major change here. Now I'm going to quote directly from them. The big change is that more and more malware is becoming evasive. So the signature-based protection is no longer sufficient. There's nothing wrong with having it because it will catch 50% to two-thirds of the traffic but you definitely need something more. And that's why I've been recommending you guys do a few things you can do the free stuff. If you are not a business, you can go to my favorite right now. Open DNS and sign up for an account. They have some paid stuff. I think it's $20 a month per computer, for business to get the basic business service. It's free. For a regular home user, but it does not allow you to do any customization. And then there are a few packages in between open DNS. Now we use a commercial version of is an enterprise version called brawler. That's where the calling it now, but it's the highest level where we can, you know, watch it and maintain it. So that's step number one of what you need to do get open DNS so that if you do get one of these pieces of nastiness like ransomware, and it tries to call home, it can't get the phone number, right. He can't call home because there's another phone number. And I think that's a very important thing to do. It's free if you're home user, you might want to pay for the family plan would block certain scary sites and certain things you probably don't want your kids to see pornography and other things open dns.com and then the other thing to do, I had it in my big course this last year and that was how to harden Windows machine. It's rather involved. And I'll probably do a course early next year on this. But make sure you harden your machine, you're going to want to turn off stuff you don't need, you're going to want to make sure your firewall is set up properly to do the types of blocks that you need. You're going to want to make sure that you've got Microsoft's new malware software installed properly and running properly. So I'll have a course on this early next year that you can get. Because when you're talking about 50%, and I've seen numbers as low as 20% effectiveness with anti-virus software, you have to do something. Hey, if you're looking to buy some gifts, I'm going to be talking about some of them in today's show, including five g should you get that phone, you're listening to Craig Peterson on w GAN and online. Greg peterson.com. Stick around. We'll be right back.

 

Craig Peterson

 

Hey, are you thinking about buying a mobile phone? We're going to talk about that right now. You're listening to Craig Peterson on WGN and online at Craig Peterson calm. Now you've heard about 5g. You're probably using 4g LTE right now, on your phone and maybe mobile devices you may be your iPad or a tablet that you might have. Amazon has its Kindles. They do not, by the way, have 4g LTE on them, at least, for the most part, they're using some of the much older technology because frankly, all they're doing is sending books right? Which are pretty small. But it is that time of year that we're buying presents and there are only a few days left here for that holiday season, purchasing time. And we've got a lot of competition in the 5g world. So let's talk about what this is. And I'll give you some tips. But what is going on? 5g holds a lot of promise. Now I don't know if you remember I remember how shocked I was at how fast 4g was. I bought a phone. And it had 4g LTE in on it. It was an Android phone. And I vowed never again for so many reasons. And you've heard them on the show here before, but I had bought an Android phone, and I didn't have 4g up where I lived. And I drove down. We were heading down. I think it was till Pennsylvania take one of the kids to camp. And I was going through Valley and I noticed Wait a minute. There's a big city right there. I got 4g so I immediately went to speed test.net and I ran the test to see just how fast is for G. And I was just shocked. I was getting like 20 megabits a second, which was absolutely amazing. Because I've been using cell phones since they first came out. And you know, back in the day it was 14 for right? Oh, cell phone so fast. And now just to see 20 megabits was absolutely mind-blowing. But there are some major limitations to the 4g LTE network that we are using today. And those limitations are speed for one. And then the other thing is the number of devices that can be supported. And then the cost of the data and the data transfers. So 5g has been under development for quite a while. And this is not we're not going to get into Huawei and how they stole all their technology. It really appears to be from our friends up at Nortel and put the whole company out of business because of the spine that they did. And thank goodness finally, we've got a president who's trying to do something about it. But five G's real promise for us right now is that we will get two things will get a gigabit worth of data bandwidth, which means by the way, that we may not even bother with Wi-Fi in our homes if you live in an area that has full 4g or 5g coverage because it's just going to be just as fast as your cable is right now. Now the cable companies are probably going to try and compensate by lowering their prices and giving you faster and faster and faster internet. But for a lot of people, it's going to make economic sense because the cost isn't going to be high. And then the second thing that 5g is going to give us is the ability to have billions of devices connected to the 5g network. That means that everything from our cars Which really the next generation of cars self-driving cars really do need 5g so they can talk to each other. So they can continually upload data to the cloud to let all of the routing computers know about local weather conditions and, and road and where the potholes are and everything is just, it's going to be amazing, right? On the one hand, on the other hand, well, there might be some data leakage that we might not want. So the cars are going to have it but so is pretty much every device that you have. A couple of years ago, I talked about the new jacket, the new trucker jacket that Levi's hat out. And that trucker jacket was designed specifically to connect your phone to your phone and allow you to control your phone. So it had Bluetooth in it. You could touch these little wires that were embedded into the sleeve with your hand and use that to control your cell phone. You know, listen to music and Suddenly things are just kind of cool. So our clothes are going to have the internet in them. Our computers, of course, everything you buy a laptop, it's going to have 5g built-in, you're not going to need to have an external device anymore. Just list goes on and on and on. I've everything that's going to happen is going to be phenomenal. But it is not there yet. And Apple did not include 5g with the iPhone 11 this year, it will include it with the iPhone 12. That's coming out next year. And I saw a very, very good summary of what's probably going to be coming out of Apple in September next year. The guy that published it has been spot on with most everything that Apple was coming up with. And they are he's saying that they are going to be having 5G on the phone and it would make a lot of sense. But right now you can put in orders for the Samsung Galaxy Note 10 plus the one plus 70 that's There are other phones that are claimed to have 5g. But listen, everybody, it is still too early to buy a 5g phone. That is really my big tip when it comes to 5g right now, these networks have not fully standardized, they are not running, none of them are running full 5g anywhere except in a couple of major cities. The biggest problem with building out the 5g networks is that they need to have basically what we've come to know as cell towers everywhere. I mean, everywhere. These are little micro things that are not big towers like we have right now. You know, those fake trees that you see that are actually cell towers. Now, these are going to be small boxes and they're going to be on pretty much every street corner in the big cities. They'll be on the sides of buildings. They'll be on the sides of people's houses. Cell companies are going to pay us to put these on our homes so that we can now provide 5g to us and to our neighbors. And then there's going to be people who will be upset because of the radiation, even though it's non-ionizing, and it's not known to cause any harm, people will be upset about it. But these things are going to be everywhere. And that's because remember, I'm talking about one gigabit worth of bandwidth coming down to your device. Well, you cannot do gigabit service on lower frequency so they have moved to higher frequencies. The old UHF TV channels are pretty much I think they're all gone now throughout the country. And the FCC has bought back the bandwidth and has auctioned it off to all of these different companies that wanted to buy it. And it's just everything is going to change and with the high frequencies that they need in order to deliver these beads, they now have a problem and that is these higher frequencies do not penetrate glass. They don't penetrate walls very well at all. And they just don't penetrate metal at all basically, it's really bad. So it T Mobile has announced nationwide 5g available as of last Friday. That is pretty darn cool. It's got a 600 megahertz 5g network which is going to cover most of the country. That is pretty impressive. But the trade-off is it's using low band 5g which means it is good at providing slightly boosted speeds inside buildings and is available in a lot more places than what competitors offer 18 T and Verizon are offering the opposite. They have ultra-wideband networks right now superfast speeds, but very, very small footprints very small pocket, and you got to be standing near one of these towns

This is kinda cool T Mobile is expecting with theirs. That actually is p mag is PC Magazine, you can expect a boost of about 15 megabits with their new 5g nationwide. And you might see 150 megabits if you have a new 5g phone or 700 megabits if you have 4g LTE. So not a huge right now, but just wait. Okay, wait until next summer next fall, when things are really going to start happening. All right, stick around. We got a lot to cover still we're going to be talking about some guests who will talk about some of the big hacks of the year. What does it mean to us? What can we do? I'm going to give you some tips and some tricks, what not to do on your work computer third party security risks and some lessons from the National Security Agency. You're getting it right here from Craig Peterson on WGA and

Craig Peterson

Hello, welcome back. Greg Peterson here on w GAN will be enjoying the show today. We got a lot to cover here. Awesome. Good news, some gift ideas. I've got a very cool article from Ars Technica, about nine gift ideas for the tech enthusiasts in your life. And frankly, I am totally into this. It gave me a couple of ideas in fact of things that I'm going to be getting for people. So you might want to stick around and listen to that for the enthusiast in your life. And we're going to start right now with something that I think pretty much everyone's can be interested in. If you are, you know an employee, if you work at a company, and you use computers, there is a couple of words of caution here. In this segment, Now, first of all, the business computers are owned by the business. And that's kind of where this Bring Your Own Device thing has gotten everything a little bit fuzzy, you know, so if you are using your phone, for instance, your smartphone, and you're using it for work purposes, it's not the businesses phone. So there's not a whole lot that they can say about your phone and how you use your phone. However, the business has an absolute right to its data, and kinking troll, frankly, how you use your phone for the business data, right? Well, how about the computers that are actually owned by the computer? What can you do legally? And what can't you do? What can the business tell you that you should do with it and what can they not tell you what to do? Well, the bottom line is it depends. It depends on the business and what their policies are. So overall, that's kind of the first place you should check your employee handbook. Now we've provided a lot of businesses with employee handbook sections on this and you can certainly get them from your attorney from your corporate attorney, or from HR if you're an employee there. But if you're using a work-issued computer, now that includes a desktop computer includes a laptop, it's going to include things like iPads, even phones, you've probably checked your personal email on that device, you might have stored some files on there. You, you might have used it for a number of different things. Now in many cases, it's not a big deal as far as the company is concerned. You know, if you've got kids right to have a life outside the office, so for you to be able to send an email to the BBC. Or to make a few phone calls because babysitting didn't show up or a kid is sick or whatever. Most employers say that's absolutely fine if I died personally would not work for an employer. That said, That's not fine. I think that's a very, very big deal a very bad thing, the right companies that are like that. But when you start to store your private files on the company's computer, or maybe the company's Dropbox or Google Drive, or you are maybe going down a rabbit hole, as you started with something on Cora or you started with something somewhere else, and all of a sudden before you know it, it's an hour two hours later, or heaven for Ben, you are going to Facebook or some of these other sites to poke around. Then things change. Now many of us use messenger on Facebook in order to keep in contact with family and friends. So is it legit to have a messenger window open? Is it legit to do that, right? Well, the bottom line is you probably shouldn't do any of this on a computer provided by your employer. You're not necessarily breaking the law, but you could get fired if it's against your company's policies. And also, you need to remember that employers can install software to monitor what you do on your work-issued laptop or desktop. Now we do not monitor employees and what they're doing on a computer, except to watch for things that the employees might be doing that might harm the business directly. In other words, if an employee's bringing in a file from home, we're going to check that file. If they're downloading something from the internet. We're going to check that download. We're going to check their emails are going to clean them up, we're going to stop the ransomware we're going to stop the zero-day attacks that I talked about earlier. As well as all of the known types of vulnerabilities. But remember that not everybody is like us, right? We are not interested in getting involved in the businesses Workplace Relations, a lawsuit that a business might want to bring to against an employee, right? That's not what we do. Although we've certainly been pulled into those before in the past. And you need to keep that in mind as an employee because they can monitor what you do, they might put keyloggers on there to see what you're typing, they might have a software that takes a random screenshot. We've done that before with these workers that are doing a specific project. So we outsource something, there might be a graphic or might be writing an article or something, and we're paying by the hour for that contractor to do the work. So as part of the agreement, we have software that sits on the computer and randomly takes screenshots So we have an idea that yes, indeed, they are actually working on our stuff. And it took them five hours and we spent it to take one hour. And it's because they're slow, not because they were out wandering the internet and doing research on the party that's going to be coming up next week at the office or at their home, right. So be very careful about it. And the type of surveillance and security software that's installed on the company computer is usually based on two things, one, how large the company is, and what kind of resources they have to dedicate to watching you, and what type of information you deal within your role. Now, almost all of our clients in fact, now I think of it I think all of our clients are in what are called regulated industries. So if you're a car dealer, you're in a regulated industry, because you have payment card information, you have financing information on all kinds of personal information. So that has to be monitored, right? We have doctors' offices that have HIPAA requirements personal again, personally identifiable information, healthcare information. So security numbers, phone numbers, email addresses, and under the new regulations that are coming out right now, January one in California and Massachusetts in the European Union right now, and they are working on similar regulations on the federal level, even an email address is considered to be personally identifiable information. Until the list goes on and on if you have government contracts, we have clients that have DFARs or Defense Department requirements or FINRA, which is for financial organizations, right? That's what we do. So all of these heavily regulated businesses need to have software that is going to detect that someone is trying to exfiltrate data, shut it down immediately. We need to know that employees are trying to steal information. And in many of these cases, we will work with the company if there are lawsuits and ensue because of the regulation or because of other reasons out there. So if you're working with a company like this, which is frankly, in this day and age, every company, right, what, what employer does not have security numbers of employees? How do you pay them if you don't have the social security numbers, those are all falling under the regulations nowadays. And unfortunately, a lot of businesses don't pay attention to that. So a very small company, they're probably not doing this. But larger companies are definitely going to be doing this. And there's a great little quote here from Jesse crims. He's an Information Security Analyst over the New York Times and he said Without supporting evidence at this scale, at scale, it's pretty rare that people are not doing heavy surveillance and tends to generate a lot of useless data, roped employee into liability issues and generally make the team that monitors the surveillance systems miserable. In other words, you probably don't want to know. And that's the standard we take. We make sure that all of the regulations are complied with, but whether or not someone's sending an email to the babysitter or whatever, it's just not worth it. We're worried about espionage. Okay, so there you go. There are some tips for you. And using business security or using a business computer at work. Stick around. We'll be right back. We got some more stuff to talk about, including some major updates to the Google Chrome browser. Should you be using it anymore. We'll be right back.

Craig Peterson

Hello everybody, Craig Peterson here. Welcome back. We're listening Of course on WGAN or online at Craig Peterson dot com, you'll find me on pretty much every podcasting platform out there. And if you really enjoy the show, you know one of the best ways to let me know is to share it. I love to see all of the people who are listening and getting feedback from everybody so send me a note as well. But here's where you can go if you would like to give me a five-star review, just go to Craig Peterson comm slash iTunes. And right there, you can give me a five-star review. on Apple, they're still kind of the 800-pound gorilla in this space. Rumor has it that the next release of iOS is going to have some major improvement to this whole podcasting stuff. Apple really kind of started it with the iPod, which is where it got the name from. I still have one of my original iPods kicking around. It was frankly, it was my favorite device for listening to music. Anyhow, let's talk a little bit about some of the browser issues that are out there right now. Many people are concerned about the web browsers you're using. We know we're being monitored. We know we're being watched right now, by these big companies. Google makes its money by what? By selling our information. Facebook's the same way. Now Google is going to sell us advertising, and so is Facebook. And frankly, I would rather know about cars and see advertisements for cars. When it is the time I'm looking to buy a car right? And I'm never going to buy a lot of from Russia, right? So why would I want to see ads for that? So I am Pro, the monitoring in that space. Right. I, you know, you kind of go back and forth about that. You look at what President Obama's team did back when he was running for election the first time where they grabbed all of Facebook's data about everyone. And then they used highly targeted advertising. And then you saw what happened eight years later with President Trump and while the Cambridge Analytica scandal that was Child's Play compared to what President Obama's team did, but somehow President Obama's team didn't get in trouble for it. But President Trump's team certainly did even though Trump's don't get into that right now. But the browsers that we're using are tracking us. And remember, again, this old adage, it's old now, right? It's relatively new frankly. But if you do not pay for service, the odds are you are the product. And Google certainly considers that. And so does Facebook, that you are the product. So when you're looking at browsers, what should you be using the biggest browser out there right now the one that any software developers going to aim at is the Google Chrome browser. Because that's what most people use. It is really a great browser. From a functionality standpoint, people are using Google's Of course search engine, which has been very, very good here over the years. They, they've just done some wonderful things. And Google has added more and more features to their browser. Now, people ask me constantly, what is it that I use? What is it that I recommend? Well, I can tell you that Craig recommends that you don't use the Chrome browser when you can avoid it. Now I do use Chrome. When I am on a website, and I'm trying to do something and one of these other browsers doesn't work quite right. I go over to Chrome because it's not the worst thing in the world. It's not as though it has a direct backdoor into Russia, at least not that we're aware of, or into the CIA or the NSA. We know that Google doesn't like to cooperate with the US military, in some of its research projects, but Google also loves to cooperate with China and has three artificial intelligence labs in China. So it's giving China our next generation of computing technology for free but won't share it with our government. Yeah. Well, anyway, I guess I do get kind of political sometimes on the show. Google's Chrome version 79 just came up with a new feature. Now you know, when it comes to password, That I highly recommend you use some software called one password. They have some free stuff, they have some paid offerings. And what one password does is it keeps all of your passwords keeps them secure. You only have to remember one password, which is, frankly a huge win. And it was great in the business environment where you can set up vaults of passwords so that you know HR can have their own vault and this software development teams can all have their own vaults, and you can have your own personal vault, and it'll create passwords for you that are highly secure, that conform to the requirements for different websites and, and you can share them within vaults. There are just all kinds of wonderful things that you can do using one password. And then if you've been around a while, a couple of years ago, you know I offered a service that we were doing internally. We did this for free for over 1000 People, but we double-checked their password to see if not passwords but email address to see if their email addresses and passwords are out on the dark web. And you know, we checked it at least a month and generated reports for people. And that might be something we decided to do in the future. Well, there is a huge database out there that we've talked about on the show before. Google has now adopted in its Chrome browser. So Chrome 79 has what they're calling as a password checkup extension. So that was what how it all started. It was for desktop versions of Chrome, and it audited your passwords when you entered them, and took a look at them to see if those passwords were known to have been breached. Now, it's not necessarily that your account was breached, although it might have been it the password in the Heres why. Here's why they looked at the password itself. What the bad guys are doing nowadays is they are comparing your password against millions, hundreds of millions, in fact, billions of known passwords that people have used. And they start with the most common passwords and then work their way out from there. So if you're using a password that has been known to been breached in the past, it isn't something you should use. So I thought that was great. They had this password checkout extension. So now what they've done is they've integrated into every Google account and on-demand audit that you can run on all of your saved passwords. And in version 79. Google has a password checkout integrated into both the desktop and mobile versions of Chrome. So what will happen now is that if you are using Chrome to save your passwords, which I do not do as a rule, except for a few accounts I don't really care about because again, I'm using one password to keep my passwords and can keep them all straight? So it is built-in now. And anytime you enter in a password, it's going to check to see if that password has been breached anywhere online. Google is calling this private set intersection, which means you don't get to see Google's list of bad credentials. And Google doesn't get to learn your credentials. But the two can be compared four matches and basically what it's doing is it's doing mild encryption on your password and comparing it against this known setup password. So it's very, very good to do. One password has this feature already built-in password will warn you if I website that you're going to has been known to have been compromised. And Google's figuring here, that since it has a big encrypted database of all your passwords, I might as well compare against, compare them against this 4 billion strong public list of compromised usernames and passwords. They've been exposed in all kinds of security breaches over the years. And little on little later on today, we're going to talk about the top half dozen or so big security breaches, what caused them and then you might want to pay attention to to see if your information was exposed. But the main reason I like to talk about this stuff is so that you can look at your position, you know, at home or at work and ask yourself, hey, listen, there is this breach something that would have worked against us, right? I think it's very, very good. So Here we go. I'm not going to get any details here on what exactly what Google is doing and how they're doing it. If you are a chrome fan, you might want to use it. So let's talk about what the alternatives to Chrome or opera is a big one. And I have heard rumors that the Opera browser, which is kind of my primary browser, I have another one will tell you about in just a second, but opera very fast. It's designed to be secure. It also blocks a lot of spyware out there. Very good. But the rumors are that it is now in the hands of the Chinese government apparently owns it. I'm not sure that's entirely true. But, you know, it's up to you whether you want to take any risks. I'll tell you also about an extension I use in all of my browsers, which makes it much more secure much safer for me. We'll probably have to wait until after the top of the hour to get into that, but I'll tell about that.

So what do I use the most? And what do I trust the most? Well, Netscape, the Netscape browser. Mozilla is the next one that I use opera is number one, at least for the time being. I use Firefox as well. Both of them do a lot of blocking, oh, I have a lot of privacy enhancements. Those are the two I use the most. And then I also use Apple Safari. Apple, again, is not selling your information as Google does. So it's considered to be a little bit safer. So far, we haven't known Apple to really leak information. They've been relatively safe, they certainly aren't selling it to anyone. And that's what I use. And then if I have to all fall back to Google Now, if I wanted to be extra safe online, there is another browser out there that I do like, and it's called epic EP, I see the epic browser. And it is actually based on Google's Chrome browser underneath the hood, just as Microsoft's browser is based on Google's Chrome browser. And Google is actually using a base form from Apple's Safari browser, which is kind of interesting. They all share code nowadays. But the epic browser is the browser if you absolutely want to keep your data safe. It even has a built-in privacy VPN. So check it out as well. When we come back, I'll give you a little clue here. A couple of tips on what you can do to keep every browser just a little bit safer. We'll get into some gift ideas and more. So stick around you're listening to Craig Peterson on WGAN and online at Craig Peterson dot com. Stick around. We'll be right back.

Craig Peterson

Hello, everybody, Craig Peterson here. Welcome back and listening to me on WG A in an online, Craig peterson.com. Hey, if you are a new listener, I just want to let you know a little bit about my background I've been helping to develop the internet, they in fact, just called a pie in the air you the other day, which is kind of interesting to think about. But yes, indeed, I designed and made some of the very first routers and some of the very first firewalls and load balancers and stuff back in the day. Let me tell you back in the day, we had to write these things from scratch because they just didn't exist as commercial products. And, you know, there's a lot of products I could have sold over the years but I'm just wasn't that kind of guy. Anyhow, so now I do a lot of cybersecurity for businesses, government agencies, most particularly really, for anybody in a regulated business, which today in this day and age means any business because we are all regulators I talked about in the last segment. Well, we have some gift ideas. And let me just start with one here. And then we'll get into some more articles from this week. We've we're going to be talking about the NSA here and what their top recommendation is for businesses. But you know, I am a techie guy, and I love tech and tech gifts and it's all just a pretty darn cool thing. When you get right down to it, just like, you know, I just love playing with this stuff. I guess that's the way to put it. And using it and making my life a little easier and faster, more efficient, effective, etc. But I want to talk about the high-end tech gifts that you might want to give, and you might want to give for yourself. In fact, that's exactly what I'm doing with one of these this year. Well, if you have somebody who's a gaming enthusiast, there are so many things out there that you can get for them. There's this one particular mouse that is very highly rated for gamers. It's called the razor Viper. It has some very, very fast, maneuverability stuff built in. Because of course, when you're playing some of these video games interactive, you need to be able to move very quickly so anyhow, we'll leave it at that because I am not a game type person. I used to play some, some games way back when you're in a dungeon with twisty mages, mazes, remember right how things started. But let's get into this. Now. This is one of the things I think would be a great gift for almost anyone, it's great for a computer that has the USBC which is the newest version of the USB cable. It is what the new Mac books come with the new max do as well. It's the next generation of the high-speed stuff that the last generation max had. But it also works with regular USB cable has a little adapter that you can use with it. It's called SanDisk extreme portable SSD. This thing is very, very nice. It's a good option for data you need to have with you wherever you go. It's surprisingly small. It is rated for the extremely high shock it's like 500 G's or something crazy like that. And it will withstand water and dust as well as vibration. You can drop it from six feet in the air without suffering any damage at all. This thing is amazing. And right now it is half price. Over on Amazon. Just look it up there. SanDisk is the name of the company S-A-N-D-I-S-K, it's their extreme portable SSD fits in the palm of your hand that you're going to love this. It's available in 250 gig 500 gig one terabyte and two terabytes now, I would not get the 250 gig, not that it's too small. But for an extra $10 you double your space up to 500 gig. Now when you go up to the one terabyte, which again is twice the space, it's twice the cost. So the one terabyte you're gonna have to ask yourself what makes sense and two terabyte options. But this thing is so fast, or what I love this for is to have different virtual machines on it. It's the one I use when I am doing a demo or for when I need to do a client-side install.  I can have every version of Windows on my need to use Mac OS all the different versions of that a few versions of Linux all right there on the drive. It's very very convenient. And very, very fast you're going to love this thing. In fact, that's one of the fastest portable storage solutions that has ever been tested. It's kind of similar you know you can get Samsung T five SSD, they have very good SSDs. Okay, don't get me wrong here.  The Samsung t five is more affordable but the SanDisk extreme SSD is better. Now I got to tell you that the cost right now on Amazon for this portable drive, there's no moving parts in it. As I said it fits in the palm of your hand. The cost on that is lower on Amazon right now. It's half price is lower than I can buy it from my distributors at So just to give you an idea of what a great value that is, coming up, we're going to talk about, I think the coolest gift you can give to somebody that is truly a hobbyist in the computer world, you're going to love it. And then if you are that person when you go to someone's house for Hanukkah, Thanksgiving, Christmas birthdays, whatever it is, and they say, hey, Craig, come over here for a second. my computer's not working right can you have a look at it will will tell you about the best gift for somebody like that and maybe some need to get get for yourself as well. So I'm going to talk right now about some of the biggest security breaches we'll go over one and then we'll get to some others little later on in this our last hour. And by the way, if you want to listen to the whole show, my podcast and everything. You can just go to Craig Peterson comm slash iTunes or slash tune in if you'd like to listen to it. On tune in or slash pretty much anything well actually if you type in slash pretty much everything you need an error page right? But you'll find me Craig Peters on on most of the major podcast sites that are out there by just going to Craig Peterson comm slash, whatever it is like Sasha Hart or slash SoundCloud or slash tune in, etc, etc.

Well, data aggregators are big targets that are out there and who is a data aggregator? Well, let me tell you about what happened when I was at a wedding last week I was staying with my sister in law my wife and I, and there we got home and there was a card in the door and there's from an insurance company members like all state or something and, and it asked for one of my sisters in law, who had been living in that house to call so we thought okay, well, it's just a hoax thing. You know, they're they're trying to sell some insurance or something. So we just ignore that fact, I think we just threw the card in the trash. Well, the next night, we were sitting there at home and there's a knock at the door. And it's the same insurance agent. And she wants to talk to my deceased sister in law. And we get into this a little bit more and talking and talking to her trying to figure out what, what, what, why, what's going on. It turns out that someone was involved in a fatal car accident. And that person gave my deceased sister in-law's identity as her own. Yes, indeed, the dead are, quite frequently in fact, a victim of identity theft. Now we know about the dead voting right particularly in Chicago, and but in other places around the country. Well, in this case, apparently according to the report - she had been involved in a fatal car wreck about six months after she had died, and someone was dead. Obviously, this was a case of mistaken identity, but the insurance lady who's at the door, and she's obviously, some sort of an investigator used one of these skip trace databases in case you're not familiar with those. These are databases that are put together by data aggregators and data aggregators are these companies that suck up data from every public source they possibly can. And even some paid sources. And it includes records from credit card companies, and you name it, they pull it all together, they try and make heads or tails of it. So she had this report from a data aggregator and listed my long-deceased father in law's name is part of this and, and my kids, couple of my kids that had at one point staying for a visit with their grandmother, for a few months, while going to school, etc. and include my wife's name, my name just kind of went on and on. They got a lot of data wrong. And that's what I found to typically 25 to 50%, sometimes even more the data they have is incorrect. But enough of it was correct that she could kind of start piecing things together. And she was able to figure out that this was insurance fraud. Well, these data aggregators have massive databases as frankly, you might imagine. And they have these databases online. Yeah, you know where I'm going. This was a Mongo DB Mongo database, which is used, it's kind of it's called NO SEQUEL. It's an unformatted database. It's perfect for these data aggregators, and a company called verifications.io. That provided email verification services, had a Mongo database Continued over 800 million records publicly accessible to anyone in the world with an internet connection. And they had four sets of data. They'd had email addresses, dates of birth, phone numbers, physical addresses, employer information, IP addresses, business leads and other information. Not everything was sensitive. So when we get back we'll talk about what lessons should be learned what you can pick up from this a couple of tips for you. If you are a business person of any sort, or if you have data that might be in one of these databases, so we'll talk about these big verifications Mongo DB breach from this year and some more gift ideas right area listening to Craig Peters on online and here on WGAN terrestrial radio.

Craig Peterson

Hello everybody Greg Peterson back here on WG and online at Craig peterson.com. If you enjoy my show, by all means, make sure you subscribe to the podcast. Pretty much everything that I do goes up there my Wednesday mornings with Matt and can during their drive time show Wednesday morning that goes up there Other appearances go up there the whole radio show goes up there as well. Craig Peters on comm slash iTunes and do leave me a review if you wouldn't mind. You know those five-star reviews help get the message out. And we just passed another hundred thousand downloads, which is kind of cool. I appreciate it. Every one of you guys for listening. We try and get as much information as we can. So let's get back to our Well actually, you know There's something I forgot to button up from the last hour. Let's get to that. And then we'll get to some, some gifts and some more risks and what the NSA is saying right now, I had been talking earlier in the show about web browsers, and which browsers you should be using, which ones I recommend, then, you know, if you missed all of that, again, you will find it at Craig peterson.com, slash iTunes, you can listen to the whole thing right there. But I was talking a little bit about a plugin that I use. This is a plugin that works with pretty much any browser out there and works differently than any plugin that you might have been familiar with before. This is from the Electronic Frontier Foundation. Now I've had my disagreements with them in the past. Overall, I agree with a lot of what they're doing. But this is a plugin that goes into Chrome Opera or Firefox or pretty much anything that is called Privacy Badger Privacy Badger. So think about badgers if you know these things, they you'll find them a lot over in England, but they're over here too. They burrow underneath hedges and they like to live in the ground. And they are mean they will fight anything way bigger than they are. They don't care. They're going to win because they go all in. Well, that's what this is all about Privacy Badger. So I am on a website. Right now I'm looking at my browser and the Privacy Badger plugin, and it's got a nine on it right now. So what that means is that Privacy Badger detected nine potential trackers on this web page that I'm on right now. And it has sliders for them up there and it says you shouldn't need to adjust the sliders unless something is broken. So what Privacy Badger does is it watches you As you go to different websites, it looks at the cookies that are placed on your browser from these websites and determines, Hey, wait a minute. Now, this is a cross-site tracker. This is another type of tracker that we probably don't want to have. So it's showing them all to me. So here we go. Here's what I have right now on this website that I'm on. And the website is otter in case you don't use otter it is phenomenal transcription service, very inexpensive. 600 minutes for free every month. otter.ai but it turns out otter is using some tracker. So the first tracker showing me that Privacy Badger blocked is graph.facebook.com. So this is Facebook gathering data about me what I do where I go, the next one that's marked yellow, which is it has three different indications here on the slider. One is a blocks it entire The next one is that it could block cookies and then the far right one is to allow a domain to do it. So graph.facebook.com was blocked automatically static.facebook.com was allowed the regular facebook.com was allowed Google Analytics completely blocked API's Google com was allowed stripe checkout was allowed stripe as a payment service. JavaScript on stripe com was allowed and stripe network usually m dot means it's a mobile site. So that was blocked and Q dot stripe com was allowed but those are tagged the one these all of the ones I mentioned that were tagged, are considered to caution level.

So by adding Privacy Badger as a plugin to any of your browsers Basically is going to stop sites from tracking you and it does a very good job. It learns as you go. It is not something that is prefixed with I'm going to block this site or that site. It is absolutely dynamic. I really, really like it. So check that out. This is kind of a flashback, as I said to an earlier segment where I was talking about which browser to use, what the considerations are. And this will work with any of them out there. So just do a search for Privacy Badger, it should come up near the top of your DuckDuckGo search. And it's five the Electronic Frontier Foundation e FF, check it out online. Okay, so now let's get into gifts again. I mentioned my top gift recommendation in the last segment. This one is for total geeks. Now we are using this for actually keeping timing tracking It's called raspberry pi. So we have a special card that goes along with this that has a GPS antenna attached to it and GPS readers so that we can track the satellites in the sky. We use the timing that they provide us with, we do some advertising. So that one of the things we do for our clients is we have to track their logs and keep real detailed records on their logs. We need to know exactly when Did something happen? So that if after the fact heaven forbid, someone gets in, some piece of malware gets in when did it come in? Where did it go? What did it do, right? Because you want to be able to know after the fact Well, what does it get access to? unlike so many of these companies that have no idea what they lost? In fact, most businesses don't even know until six months later that they were even the hack versus what the best in the biz are doing right now is about six hours, not just to detected but to remediation, which is where we sit well, usually within that six-hour time frame. Well, this is called a Raspberry Pi. And they've got the newest version of Raspberry Pi four. This is a small Linux computer. So if anybody that you know likes to hack together science projects or you know, do a little bit of experimenting, this is phenomenal, absolutely phenomenal. You can turn it into a retro game console, it'll play a lot of these old video games. A smart speaker that's a DIY thing. You can build it into your Legos to make a real fancy remote-controlled car. Anything your hobbyist mind comes into mind. This is phenomenal. You can for 100 less than 100 bucks, you can get a complete kit. Okay? The Raspberry Pi fours a lot faster and the older Raspberry Pi three Model B plus faster CPU you can put up to four gigs of ram in this thing. It is a phenomenal USB 3.0 port. So if you are or you know somebody that's really into DIY hobbies, this is the way to go. Okay? The Raspberry Pi four does get closer to your general and genuine desktop PC performance. But it's not really there yet. It's not one running Windows, it does run Linux, as I mentioned. And you can write basic programs for it, which is a programming language Python. If you have a kid that wants to learn Python, this might be a nice way for them to learn because they can kind of hack it together but it's just it's basically just a motherboard, you're gonna have to put it in a case by a case forward, you're gonna have to put a keyboard on it. A mouse, you have to put a display on it, okay, all kinds of stuff, but you can get just the basic Raspberry Pi four For someone that that really, really is a total hacker here, for like 4050 bucks, it's absolutely amazing. Okay, plenty of power for your money. Very versatile. In fact, it's more versatile in many ways than your Windows PC is. And for the budding engineer in your life, they will love you for it. So stick around, we're going to come back, I've got some more ideas for tech gifts that you might like. And we're going to talk about a couple more big hacks this year, and what it means to you. We've got third party security risks, the NSA has some advice for business and we'll tell you about that too. When we get back, you're listening to Craig Peterson right here on w GAN and online at Craig Peter song.com. That's Peterson with an O. Stick around because we'll be right back.

Craig Peterson

Hello, everybody, welcome back, Craig Peters on here on WGAN. And we're talking about stuff we usually talk about, you know, some of the security things, some of the latest technology that's out there. We're also doing a bit of a recap here some great gift ideas for the techie people in your life, even frankly, some of the non-techie people. And the security side, which is, I think, very important, can't talk enough about that. Because it could destroy your company, it could ruin that, frankly, the rest of your life could be a bit of misery, depending on what the bad guys do to you. Oh, it's absolutely crazy. told the story a little earlier of what happened with my deceased sister in law's identity, and how it was used in a fatal car accident and it's just it's amazing what some of these people are. Doing nowadays. And by the way, one of the most valuable segments of our population. We are know already about the retired people, the older people, right, who might be a little confused, hopefully, have some assets. But one of the most valuable identities out there online is that they have a child because their social security number and their identity are going to be very useful for at least a decade, if not longer because those kids probably not going to use it until they get their first job. So keep that in mind as well. Well, I want to get into these two things before the last half hour, so we'll cover these fairly quickly. But the big one, and that is waking up to third party security risks. Now one of the big attacks this year was Capital One and that's on my list of the ones I wanted to talk about today. They had personal information blog into overall hundred million US individuals and 6 million Canadian residents. Now, this was exposed. And when a former employee at Amazon Web Services inappropriately accessed the data, we could get into all of the real details behind this but the compromised information included names addresses, dates of birth, credit scores, payment history, contact information, and other information on people who had applied for Capital One credit card dating back to 2005. also exposed where the social security numbers of 140,000 individuals and bank account data blogging belonging to 80,000 secured credit card customers. So think about this for a little minute here. How many of us are using a service like Amazon Web Services, how many of us are relying on cloud services to keep our information safe? Right? Frankly, that's most of us, isn't it? And when you're talking about somebody like Amazon Web Services, or now there's Microsoft Azure, those are kind of the two really big players. IBM also has its cloud online that they sell access to. Most businesses look at it as a way to save money. Most businesses consider, hey, I don't need to keep track of the security, because my vendor is keeping track of it for me. And what we found out is, that's not true. So the lessons learned here. We'll start with that here from Capital One is that cloud service may be attractive because it's cheaper than doing it yourself. And that's particularly true, frankly, throughout the whole range, but it's particularly true for large businesses, but even for small business. businesses, can you really afford the right kind of server? Now I know a lot of small businesses go to the local staples store and buy a computer and call it a server, right? And maybe $800,000 later, they're out of there. Whereas a real server that's going to be really reliable is going to last years, you should be looking at more like 15 to $20,000 for. So businesses say, well, I'll just do it in the cloud. I'll use Amazon Web Services for this and we'll hire a consultant who's going to help us set it up. And we're going to use maybe Dropbox for that and maybe office 365 for this and now all of a sudden, I'm safe. Well, you're not. And companies, you guys are putting your data at risk, because you haven't adopted a security infrastructure, with the vigor that you need to apply. It should be at least as good as what You're using for your on-premise stuff. But you know what so many SMEs aren't even doing it right for on-premise stuff. Okay? So you're ending up with all of the financial cost of the penalties that you rack up, and the lawsuit and the cost of those lawsuits, which will vastly outweigh any it savings that you might have down the road. So keep that in mind. And that's what Capital One just learned this year. The Why? Because we're not taking third party security risk to heart Ponemon Institute did a study here 2018 founded 60% of customers surveyed, had suffered a data breach caused by third parties or vendors in the last 12 months. So what's causing it? Well, these applications are being built very different than they were a decade ago. They are online. They're using APIs. And they are not considering the security risks. So all services are connecting internally and externally via these APIs, popular finance websites load on your browser mobile apps, you can see the results. Dozens of third party services, okay, web apps, middleware, other code. This is a real problem. So, protect your own infrastructure, Step number one. Step number two demanded the others protect their infrastructure, okay. And trust yet verify. What we do is we wrap special security software around all of these third party infrastructure Software-as-a-Service sites that are out there, okay. So be very, very careful and you have to test even more for third party sites and you know, businesses just aren't testing as much as they should. So there you go. There's a couple of tips here three tips on what to do. When you are talking about third party security risk, and that is with all of these guys, Okay, number one, make sure your infrastructure is protected that you have the right kinds of firewalls and you have the right kind of malware treatment that's in place. All the other security controls, make sure they're configured right? If you're using something like Amazon Web Services, or Sure, or office 365, make sure you have the right settings. You know, it's difficult I get it, Microsoft has over 10,000 skews 10,000 products that are available in they're all software and services. There are dozens and dozens just for office 365 based systems. So make sure you have the right stuff. Make sure that they have proper compliance and certifications. And remember too that the certifications they have just represented a point in time. Do they still have the right kind of security? And because we are running our technology in this new type of infrastructure, make sure, frankly, that we keep track of everything because a breach can happen quickly do millions of dollars of damages right away. And 20% of businesses will file for bankruptcy the very next day. All right, well, let's talk about another gift here real quick before we go to a quick break. And this is for those of us that we go to a family event, and we go anywhere, and it's a Craig come over here for a minute, I need some help and you go over there and of course, it's questions and problems about their computers. So here's what I recommend. Get that person in your life if they're fixing the computer for that for you.

I fix it. Great site painting Go online to find out how to fix physical problems. But they have something called the I fix it pro tech tool kit. I have one of these my kids have one of these. My technicians in my business have one of these. It's a 64-bit driver set that has all these weird types of sockets and everything on them. Because these parts and the computers that have the special locking screws and everything else, you need this Okay, the I fix it pro tech tool kit. Stick around. We'll be back with a wrap up for today's show. And we'll talk a little bit more about some gifts right here. You're listening to Craig Peterson on w GN. And the course online Craig Peterson calm. Stick around because we'll be right back.

Craig Peterson

Hello everybody Craig Peterson here WGAN and online at, of course, Craig Peterson dot com. Hope you've enjoyed the show today we have covered a lot of different things we talked about third party security risks for businesses which web browser you should be using. If you want to keep safe and some of the updates that Chrome has from Google, they'll keep you safer online. What not to do on your work computer. Why it's still too early to buy a 5g phone and signature antivirus and how it is at best catching 50% of the malware out there. It's getting really, really bad. And we've talked a little bit about some of the top breaches this year and there are some pretty scary Ones out there. But how does it apply to you? And how does it apply to your business as well? And we got one more that was brought up on the website at Craig Peterson calm, you can see all of these up there, a little bit of mind commentary and links to other articles online. But this is about the NSA and what the NSA, the National Security Agency is saying that we should be doing as businesses, but this applies 100% as well, to you as an individual. And the basics are to focus on your assets. And this is a very, very big deal. What are your assets and what should you be focusing on? And the things that come to mind very quickly for most people are things like your bank accounts, you know, the money that's in them, maybe your intellectual property, but companies just aren't keeping Tracking that well enough. earlier in the show, I talked about some of the problems with third parties and how some of these third party vulnerabilities have led to a massive problem in the business, right. And some very big businesses that got nailed pretty bad out there. Well, did you secure your assets properly, even when they're in the cloud? And you got to think this all the way through because people are bringing in their iPhone or their Android phones, heaven forbid, or other devices that have known security problems. And they're putting your corporate jewels on those devices. People are taking the laptops home, and maybe the VPN in the end. And that VPN is allowing the viruses that are on their kid's computer as they use for gaming and who knows what else, allowing those viruses to piggyback on to your network at the office via VPN is remember VPN aren't a panacea. And I talked a lot about that in some of my training, I did a pop-up training on VPN man, but about a month ago, you'll probably still find it over on my Facebook page at Craig peterson.com slash Facebook if you're interested in finding out more about VPN. But when you're looking at securing a company, this is something that takes a long time, a lot of experience to do. And it's not something that your nephew is going to be able to do. It's not something that your standard brake fix shop is going to be able to do. This is something that takes years and years of experience decades, frankly, in order to be able to do this right. And that's where it becomes a problem for the very small businesses. So I really would encourage you to look at some of the pop-up-trainings I've done. They're absolutely free to learn a little bit more. Keep an eye out because I will be doing more pop up Trains after the first of the year, we're going to do some great training. And I have also a couple of courses planned. And, you know, I gave away 120 pages of sheet cheat sheets this last summer, we may do something again like that later on next year. But we've got to be very, very careful, because these people who are trying to get at our assets, know what they want. And we've got nation-states who are trying to get at them to look at what China's doing. They, they just passed a law in China that makes it so that you cannot use encryption that the Chinese government cannot decrypt. And the law allows them to use any information that they find by any means. And give that to anyone that they want to including your competitors in China.

So if you are making anything in China, you know, quit it, stop it right away and many businesses already Have they moved into other parts of Southeast Asia, the manufacturing of Vietnam and of course, Korea, which is a little more expensive, but very, very good. Indonesia, the Philippines, there are a lot of places where intellectual property rights are honored. So if you are doing it, man, get it out of there. Don't do anything in China anymore, frankly here. But be careful with your cyber hygiene. Be careful with your assets. The first step you have to do in a business is to secure your assets in order to secure assets is to know what they are. All right. And we also talked about the big Capital One hack Mongo DB, a massive database used by verifications.io and the problems that came because of that as well. There are some other American Medical collection agencies, massive breach just bought disclosed in May of this year. We're talking about 12 million quest patients, almost 8 million LabCorp patients, all of their information was disclosed in the breach. This is a classic one, also, about third party risk about their data being in the hands of someone else who did not take care of it. And we already know you're going to take better care of your data, you're going to take better care of your customers in somebody else's. So you've got to watch the security posture of these other companies out there. insider threat. Another big one out there, which also hit these guys. The Federal Emergency Management Agency. 2.3 million survivors of California wildfires, Hurricane Harvey, Irma Maria, they were shared with a third party contractor, social security information of at least the last four digits went out there. All this stuff goes on and on. Right, Macy's, why pro many, many others in the last 12 months, we have to secure our businesses and I was talking to somebody of an idol of mine. And just an amazing man who has helped so many people. And he doesn't have his assets secured properly and he could really end up being and frankly, a whole bunch of problems. So be careful felt of this. So let's get back to a few more gifts here for the holiday season. And I'm really like this next one, I don't have one myself. This is something I never bought because I had some older versions made by other manufacturers. And I was never really happy with them. But this is the Apple Pencil. They've got a new one out. This is their second generation that works with all the newest iPad Pro models and has really built on top of that first generation pencil so we'll pay Apparently the latency problems you know, this is what I didn't like you draw and it would be about a half a second behind you. They've fixed a lot of that it's very smooth now very responsive. It is the smoothest writing tool for iPad pros it doesn't really like so keep an eye out for that one you might enjoy it and enjoy sharing that to see they are 120 bucks right now over at Walmart. There are some nice headphones these are really again kind of for gaming. It's called Cooler Master their headphones with a microphone built on to them. relatively neutral, well-balanced sound and it's great that locating sounds where they should be in the mix. So if you are more professional, a DJ if you're doing what I do here on the radio, a lot of people really like them. It has a detachable microphone as well and can do a very good job with me. The sound clear, they say exceptionally comfortable. And it's about 80 bucks online. How's that for cheap? If you have a Mac Book now of any sort, and an iPad now, Apple's OS and iOS, both natively support using that iPad as an extra screen for your computer. How's that for cool? Very, very neat. And Lenovo, a company I recommend against using it's a Chinese firm now has been for some years, and there's a lot of suspicions about what they're doing with spying and putting spyware on them. But Lenovo has this USBC portable monitor that I might actually have a look at as well. But it's 250 bucks, much cheaper than buying an iPad, and now gives you a portable 14-inch monitor that you can take with you anywhere. And now you've got your second screen. I use two screens. Least on all of my computers, I'm just thinking about that now. The one I'm in front of has two screens. And when I normally use has two screens, it's if you haven't used two screens, it's just absolutely marvelous to check out. So think vision m 14, it's USBC screen. And there's some other stuff that you can look at. And I've got all of these up online at Craig Peterson calm, as well as of course, a whole bunch more stuff I think that you might enjoy. This is a keyboard By the way, I'm thinking man, I think I really might want this. It's one of those old mechanical style ones, but it's 350 bucks. I can't. I haven't been able to bring myself to spend that much money on a keyboard but I have broken two of these big mechanical keyboards and other ones go click, click-click-click book, because I learned to type on a completely manual typewriter that no motors in it at all. Some of you might have learned that way too with no letters on the keys. You had to learn how to type and I got pretty good with that. And then that teletypes that TTY 30, threes, and on and on and on. So I really like those. Hey, I hope you guys have a phenomenal week. We've got Hanukkah coming up this week. We've got Christmas, of course, this week. And who could forget Seinfeld? Right? You know what I'm going to talk about here right? I have a real problem with you people. Yes, Festivus is coming up this week as well. And we've got family coming out to visit I hope you do too. I hope you have friends and relatives you can be with. Maybe if you don't, you can bump a little Christmas meal and Christmas cheer off of some friends. I know there's a lot of holiday office parties going on. including all the way through January this year. We may end up having hours then to just makes life a lot easier, frankly and tends to be a little cheaper to then trying to do it over the holidays here. I just want to share my love with everybody. Thanks for being with us. I'm probably going to end up doing a Best of Show this next weekend. So keep an eye open for that or an ear open for that as well as I am going to be kind of busy here during the holidays but it's going to be a wonderful time. And then after the first of the year, we have a ton of stuff coming up, pop-up-trainings like crazy and choruses and more cheat sheets everything to help make your 2020 a safer year than any you've had before. So have a great week. Have a great time New Year's as well. Make sure you visit me online Craig peterson.com. Take care, everybody. And I really, really hope that everything goes well for you and yours. You're listening to Craig Peters on WGAN and online Craig Peterson dot com.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553