loader from loading.io

Welcome! Password Requirements for Military Contractors and General Business Best Practices and more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading CyberSecurity Coach

Release Date: 06/13/2020

App Tracking Traps a Catholic Priest. How It Can Affect You, Too show art App Tracking Traps a Catholic Priest. How It Can Affect You, Too

Craig Peterson - America's Leading CyberSecurity Coach

App Tracking Traps a Catholic Priest. How It Can Affect You, Too Craig Peterson: I've got two hot topics for you this morning. One about this Catholic priest that ended up resigning and how that happened to tie into this Grindr account. And how it affects you because this type of technology used to convict him in the court of public opinion is something that. It could also easily be used against you. [00:00:25] And, by the way, it probably is. Now the next thing is this chip shortage. I've got a quote here from the Intel CEO. When is the chip shortage going to go away? When can we get...

info_outline
Intel Tells Us How Long the Shortage Will Last & Explosive Spyware Report show art Intel Tells Us How Long the Shortage Will Last & Explosive Spyware Report

Craig Peterson - America's Leading CyberSecurity Coach

Intel Tells Us How Long the Shortage Will Last [automated transcript] We're looking at a big chip shortage. You probably heard a little bit about it, but how long is it going to last? And we've got this explosive report out right now about spyware and some of the cyber hacking and what's happening with Android versus iOS. What should you be using, 50% of Americans are using Android, and the rest is split up mostly with Apple. iOS. So what's going on there? This is a research group that says, my goodness. The media outlets just aren't reporting the truth. So here we go with Mr. Chris Ryan....

info_outline
Google's Being Sued by the States -- And it doesn't look good for them show art Google's Being Sued by the States -- And it doesn't look good for them

Craig Peterson - America's Leading CyberSecurity Coach

Google's Being Sued by the States -- And it doesn't look good for them Craig Peterson: We talked earlier about Amazon and how much trouble they're in right now, Google apparently is in a similar boat. We had just this week, dozens of state attorneys, general suing Google on antitrust grounds. [00:00:16] You can reach me online. Just me. M E Craig peterson.com or what most people do is they just hit reply to my newsletter. [00:00:25] Hopefully you're on my newsletter, right? That goes out every week. If you're on that newsletter you can just hit reply and ask me questions. Any questions you...

info_outline
Recommendations to Turn Off Your Printers - eCar Fire Warning show art Recommendations to Turn Off Your Printers - eCar Fire Warning

Craig Peterson - America's Leading CyberSecurity Coach

Recommendations to Turn Off Your Printers - eCar Fire Warning Craig Peterson: Hey, we got another emergency patch out from our friends at Microsoft. And in this case, it has to do with printers and remote printer access. Do you have employees working from home? Microsoft has their big monthly patches that they release. They also have weekly patches that they released that are for slightly more critical vulnerabilities. And then they have. Patches that are released because there is a severe problem going on right now while that's what we are staring down. There is a vulnerability called print...

info_outline
COVID's Biggest Victim? The Traditional Workplace show art COVID's Biggest Victim? The Traditional Workplace

Craig Peterson - America's Leading CyberSecurity Coach

COVID's Biggest Victim? The Traditional Workplace Craig Peterson: Work from home is a huge deal, especially for a couple of segments of our society. And I want to talk a little bit about that now, as employees are returning to work, should they be returning to the office? There is a great article here this last week in Forbes magazine by Dana Brownley. And it was one of their editors' picks, and Forbes picked it, I think, for excellent reason. And that is so many of us have been working from home. And for many of us, it's been a godsend. I've worked from home now for over 20 years. And for me,...

info_outline
The FBI Weaponized Google Pixel Phones! show art The FBI Weaponized Google Pixel Phones!

Craig Peterson - America's Leading CyberSecurity Coach

The FBI Weaponized Google Pixel 4a Phones! If you look into buying a used Google Pixel 2a, I've got some news for you. The FBI has been very busy, and they've conned the con man. I love this story.  The FBI has been trying to track bad guys for a very long time, and there've been several ways they've done it. We know obviously about phone taps. We've seen those before the old days. I don't know if you've ever been to one of the original. Telephone switching stations were all not even original, but the types they had in the late sixties and early seventies. I remember going to see one, and...

info_outline
How Could Facebook Do a Better Job at Controlling Disinformation? show art How Could Facebook Do a Better Job at Controlling Disinformation?

Craig Peterson - America's Leading CyberSecurity Coach

How Could Facebook Do a Better Job at Controlling Disinformation? Hello, everybody. Great discussion this morning about Facebook and what is going on with their monitoring and controlling some of the topics. Should they have something in place that really stops false information? How could they do that? And what's their real motivation behind all of this. With Mr. Christopher Ryan, we also got into how the general services administration has completely messed up. Again, it's authorization, this FedRAMP authorization. Why are our federal agencies using some tools like zoom that have been proven...

info_outline
Amazon Is In For a Rough Ride show art Amazon Is In For a Rough Ride

Craig Peterson - America's Leading CyberSecurity Coach

Amazon Is In For a Rough Ride Did you know that Amazon has a new CEO? I remember back in the nineties; I pledge that I would never use Amazon again because they filed and were awarded a patent on technology everybody was using.  Jeff Bezos is out of a job. [00:00:19] This is a guy that grew a company that all they did initially really was book sales, and they had a warehouse the size of the Amazon, right? Because they wanted to represent everybody. They had every book ever published, and to a large degree. They did. They had a whole lot of bucks, and then I've expanded, of course, beyond...

info_outline
Kaseya and the Problem with Managed Service Providers show art Kaseya and the Problem with Managed Service Providers

Craig Peterson - America's Leading CyberSecurity Coach

Kaseya and the Problem with Managed Service Providers We have really in front of us, a critical warning. We're trying to figure out what should we do or to stop people from attacking us. That's a problem. What should we do? Many of us have gone out to managed services providers, and now they have let us down.  Did you hear about the Kaseya hack? It has had a huge impact on people. It's absolutely crazy. Or you heard about a thousand companies that got together and they have hired a negotiator in order to negotiate the ransom with the bad guys that have ransom there. It is huge. It's huge....

info_outline
Predictions About Olympic Cyberattacks show art Predictions About Olympic Cyberattacks

Craig Peterson - America's Leading CyberSecurity Coach

Predictions About Olympic Cyberattacks We're all excited about the upcoming Olympic games. And so are the hackers. Oh my goodness. I just finished reading a report by the cyber threat Alliance about what they're expecting to happen at these Olympic Games in Tokyo.  The Olympics have always been a huge target when it comes to the bad guys. [00:00:23] You might remember there have been abductions at the Olympics before where some of the Olympic competitors were held at gunpoint. Of course, we're not going to forget that one anytime soon. And looking back through the last few Olympics, there...

info_outline
 
More Episodes

Welcome!

Craig fills you in the Best Security Practices for Passwords and What is absolutely required by anyone who is contracting with the US Military.

For more tech tips, news, and updates visit - CraigPeterson.com

---

Read More:

What Government Contractors Need to Know About NIST, DFARS Password Reqs

---

Automated Machine-Generated Transcript:

Hey, does your business make something that might be used all ultimately by a government contractor? Did you know that all of the requirements that they have rolled downhill right into your lap? That's what we're going to talk about.

[00:00:22] Hey everybody. Welcome. This is Craig Peterson. I'm so glad you guys are here. There are so many things to understand in this whole world of security and technology is frankly, it's just very, very confusing. It's impossible to catch up on. I'll give you that. And it's very hard to keep up on. So what I've been trying to do here on the show, and then.

[00:00:44] And in the webinars that I've been putting on is to help you guys understand it, turn it into English, make it something that's workable. I had quite a week last week, very, very eyeopening to me because I've been working with a few different companies this justice last week that had major security problems and were completely unaware of it.

To me, that is just completely unreasonable, right? Well, I shouldn't say they weren't unaware of them. One of them was the pizza shop that I mentioned, and they knew something was up because the payment card industry guys knocked on their door and say, it said, Hey, we got to do an audit.

[00:01:27] And they came in, took one, look at the equipment that they had. Back in the, you know, computer room, if you want to call it that, you know, where the server is and immediately failed them. That's all they had to do was see that links us Rotter is sitting up on the wall because the link says is not good enough for businesses to keep your data safe.

[00:01:49] And frankly, the same thing is true for many of the other products out there. Now there's a lot of other levels that go beyond where. The payment card industry is requiring. And one of those is for government subcontractors. I have quite a few clients that are government subcontractors, and I think every one of them came to me because they had.

[00:02:14] Problems there they were trying to solve something was wrong. It was, it was, computers were slow emails. Weren't getting routed properly. Some of their customers were getting emails that actually weren't sent by them and yet had their return address on them. Right. Those sorts of problems. So we got involved and had a look and figured things out.

[00:02:36] And you've heard a few of those stories here. Well, this week was interesting because one of the listeners for the show reached out to me. He got a job. Helping out a business that is a small business. It is, you know, by small, small business standards, it's a decent-sized business, but they make components that are used by the federal government, by the military.

[00:03:03] And they were not doing what needed to be done. Not at all. And they think that they should be able to be ready in the next 18 months for the lowest level. And maybe they will, but based on what they do, uh, they got to get a lot more ready, a lot higher. Right. That's the basic definition here. Is, if you make something that either goes boom or at attaches to something that goes, boom, you have to comply with something called DFARs.

[00:03:40] And I tar now DFARs is the defense federal acquisition regulation supplement much easier to just say DFAR is isn't it. And this is a set of standards that apply to civilians. And defense agencies in the United States, ITAR gets even higher level and it requires compliance, but I tar basically means yeah.

[00:04:04] Yeah. Things go, boom. Okay. So if you make a component, so I have clients that make something as simple as power supplies. And those power supplies are used by military contractors and they go into various types of devices, another client, we went out to them and to help them out, they decided not to spend the money they needed to spend.

[00:04:28] I have no idea what they ended up doing, but they make cable harnesses that are used in military systems. And they weren't even close to being compliant, which is, you know, the typical thing that we see. So here's your problem, frankly, because of the new teeth that are in place now where they've taken and they moved it to something called CMMC and the CMMC is requiring them to do.

[00:04:58] Even more and it has even more teeth on it. It's absolutely amazing. So we've, this is in place to help protect federal contract information. And a lot of these manufacturers say, Hey, you know, it's not going to happen to me. I make power supplies. I make screws. I make assemblies. And in some cases they make much more fancy stuff, but.

[00:05:23] It does. It applies to all of you and organizations that failed to comply with these rules can get hit badly with massive fines, class, oxygen, lawsuits, and also jail time for the owners of the business, for the people who are supposed to be running the business. Real jail time. We're talking about 10-year terms for some of these things.

[00:05:50] So we have to be careful. We have to look at what we're doing and we have to understand if what we're doing is the right thing. So how does this apply to you? Well, if you are just a regular civilian, I think you should be happy that finally the federal government. Is trying to protect our information.

[00:06:14] Right. We've had the Chinese attacking us and we've been in these businesses where the Chinese had backdoors installed. And what does that mean? What's a backdoor while he imagines that your computers that contain your proprietary information are directly accessible by the Chinese. So that means whether or not it's military, your computer, the information on it is now in the hands of the Chinese.

[00:06:44] And in the case of one of our clients, what that means is all of his designs. All of his clients lists all of everything that he has worked his whole life for. He now gets to compete against a Chinese manufacturer that has been given all of that stuff. So imagine that happened to you. What does that mean?

[00:07:05] It, it means that our military isn't as secure as we had hoped it'd been. And we could go through all kinds of stories here. I, I really want to kind of stay focused, but what this means is we need to make sure, especially in this kind of post COVID world, that all of our systems are up to date. All of our systems are properly secured.

[00:07:31] So this, this company, this week, one of these companies this week, they had put in VPNs and they had used some slightly higher-end equipment. You can't just go and buy SonicWall off of the shelves over at staples, but it does not meet any of these federal guidelines. And what really, really upsets me here is that.

[00:07:57]They do a search online for the model of hardware, software, whatever it is they're using. And they're looking for an instance for compliance and it says, yeah, we're DFARs compliant when they are not compliant. It just. Ah, I don't know what to do about it. Maybe it's just me, right? Maybe I'm just a little bit too uptight here, but they're conning people.

[00:08:24] They're conning you. And if you've attended my webinars, you know how these VPN companies are, conning is how these privacy protection companies are. Conning how the antivirus vendors are calling you. And I'm also seeing this for our, our military subcontractors. All of them that I've been involved with have been conned.

[00:08:46] And now that's not true with the really big ones. Right. I deal with small businesses, 500 employees, and smaller, but. Man. They don't even know what they don't know. And that's part of the problem. Right? That's always part of the problem. So there are a few things I want you guys to, to understand and know, cause this applies to everybody.

[00:09:09] First of all. Nest. This is a government organization that comes out with standards. It's a national Institute of standards and technology. And remember, they used to advise that you have these super-duper fancy passwords that are hard to remember and a different password on every machine. And you had to change them every month or two.

[00:09:32] Well, they have relaxed that now, and they follow the same guidance that I've been preaching for years, which is. Have a passphrase, a set of words that you remember that you're not going to forget and that you can type in pretty quickly, but it may be 30, 40 characters long. And then use that in conjunction with a good password manager, like one password that is going to keep all of the passwords for you.

[00:09:59] So you have the one big, really good master password and then a whole bunch of. A password stored in your password manager. Now let's see multifactor authentication is the next one I have on my list. And it is not what it used to be. Unfortunately, a multifactor authentication. Now a lot of people are looking at it as well.

[00:10:22] Uh, it's just a text message. I'm gonna need a text message. Well, okay. That's, isn't that wonderful, but that is not true. Multifactor authentication, you know, multifactor authentication means something that, you know, along with something that you have, like a mobile app or security key. So be careful with this.

[00:10:41] And again, if you're government contractor, you've got to use. Special types of key chain storage like TPM or TEA. If you need more information, by all means, reach out to M E [email protected] But if you're looking at getting some of this federal government money, By being a contractor, or if your devices are used or materials are used by military contractors realize that your neck is really on the line.

[00:11:13] Now with CMMC long jail term, backbreaking fines, it will put you out of business. If you get audited, or if you lose some of this data, Hey, when we come back, we're going to talk about a lawsuit and, and I think this one's going somewhere. Google got sued for at least $5 billion because Incognito mode is not the incognito mode they've been advertising.

[00:11:42] Hey, how sad for fun? Make sure you sign up. You get all of the information for business for home. Craig peterson.com/subscribes to crown. I'll be right back.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553