Welcome! Password Requirements for Military Contractors and General Business Best Practices and more on Tech Talk with Craig Peterson on WGAN
Craig Peterson - America's Leading Technology News Commentator
Release Date: 06/13/2020
Craig Peterson - America's Leading Technology News Commentator
First up, I have some sobering news. Almost all of our personal information has likely been stolen at one point or another. This could include our names, addresses, phone numbers, email addresses, and even passwords. Cybercriminals are constantly searching for vulnerabilities in systems where this information is stored, and unfortunately, they often find them. However, there are steps we can take to protect ourselves. One tool that can help is called "haveibeenpwned." It's a website where you can check if your email address has been compromised in any data breaches. If it has been compromised,...
info_outlineCraig Peterson - America's Leading Technology News Commentator
Welcome to this week's episode of The AI Revolution! In this episode, join us as we explore the world of Artificial Intelligence and its potential to revolutionize business and life. We'll discuss how to use AI for free, what it can do well, and when and where you should never use it. We'll also talk about how to generate emails, blog posts, and content for Facebook, Twitter, LinkedIn, Instagram, and YouTube live! Tune in now to learn more about how AI is transforming the world. Discover the Secrets of Internet Anonymity and Protect Your Privacy The best way to protect yourself from...
info_outlineCraig Peterson - America's Leading Technology News Commentator
Cyber security is no longer an option for small business owners – it's a necessity. Cyber threats are rising, and small businesses must stay ahead of the curve to protect their data and networks from malicious actors. This show will uncover the most dangerous cyber threats to small businesses and what steps you can take to stay secure. Ransomware Attacks Ransomware attacks are one of the most dangerous cyber threats to small businesses. Ransomware is malicious software (malware) that's typically delivered via malicious links or email attachments. Once installed on a network, the...
info_outlineCraig Peterson - America's Leading Technology News Commentator
Artificial Intelligence Search Engines You Can Use For Free Today Robot Kicked Out of Court CNET and BuzzFeed Using AI Biden Signs Go-Ahead to Use Child Labor to Make E-Car Batteries The Biden administration has issued a 20-year ban on new mining claims in the upper Midwest's famed Iron Range, and it is turning to foreign supply chains as it pushes green energy projects. The move comes as the U.S. continues to rely on foreign suppliers for critical minerals used in wind turbines and electric vehicles. The ban is part of a broader effort by the White House to reduce reliance on imported...
info_outlineCraig Peterson - America's Leading Technology News Commentator
A Step-by-Step Guide to Clearing Your Browser History and Wipe Away Your Online Footprint The process for clearing your Internet browser history can vary depending on your browser. However, here are the general steps for removing your browser history on some popular browsers… Generation Z is the least cyber secure because they are the most tech-savvy generation but also the least experienced in cyber security. They are likelier to take risks online, such as clicking on suspicious links or downloading unknown files and are less likely to use strong passwords or two-factor...
info_outlineCraig Peterson - America's Leading Technology News Commentator
ChatGPT's Technology Will Be Part of Everything This Year ChatGPT is a new text-generation tool trained on 40GB of Reddit's data. It can generate long passages of text virtually indistinguishable from human-written prose, which could have enormous implications for everything from customer service chatbots to fake social media accounts. The company behind ChatGPT is also working on ways to detect if the text was generated by ChatGPT or a human—though some experts worry about how bad actors could misuse this technology. The technology has generated random plot descriptions for video games to...
info_outlineCraig Peterson - America's Leading Technology News Commentator
Google Ads were weaponized in a way that made them appear like any other ad – Allowed hackers to infect computers with malware via a single click. Hackers have weaponized Google Ads to spread malware to unsuspecting users by disguising them as regular ads. They do this by cloning the official websites of popular software products, such as Grammarly, Audacity, μTorrent, and OBS, and distributing trojanized versions of the software when users click the download button. This tactic allows hackers to infect users' computers with malware through a single click. Google Ads, also known as Google...
info_outlineCraig Peterson - America's Leading Technology News Commentator
Artificial Intelligence is changing the world. Right Now! In just a few years, it's possible that you might be chatting with a support agent who doesn't have a human body. You'll be able to ask them anything you want and get an answer immediately. Not only that, but they'll be able to help you with things like scheduling appointments, making payments, and booking flights—without any human intervention necessary. This is just one of the many ways that Artificial Intelligence will change our lives this year. We will see more businesses using AI technology to make their processes more efficient...
info_outlineCraig Peterson - America's Leading Technology News Commentator
Privacy… Ring Cameras Hacked in 'Swatting' Scheme Critics and researchers say the Ring cameras are used to surveil gig economy drivers and delivery people and that they give law enforcement too much power to survey everyday life. The pair would hack people's Yahoo email accounts, then their Ring accounts, find their addresses, call law enforcement to the home with a bogus story, and then stream police's response to the call. Often, they would harass the first responders at the same time using Ring device capabilities. ++++++++ LastPass finally admits: Those crooks who got in? They did steal...
info_outlineCraig Peterson - America's Leading Technology News Commentator
Craig Peterson Insider Show NotesDecember 5 to December 11, 2022 China… Apple Makes Plans to Move Production Out of China In recent weeks, Apple Inc. has accelerated plans to shift some of its production outside China, long the dominant country in the supply chain that built the world’s most valuable company, say people involved in the discussions. It is telling suppliers to plan more actively for assembling Apple products elsewhere in Asia, particularly India and Vietnam, they say and looking to reduce dependence on Taiwanese assemblers led by Foxconn Technology Group. After a year...
info_outlineWelcome!
Craig fills you in the Best Security Practices for Passwords and What is absolutely required by anyone who is contracting with the US Military.
For more tech tips, news, and updates visit - CraigPeterson.com
---
Read More:
What Government Contractors Need to Know About NIST, DFARS Password Reqs
---
Automated Machine-Generated Transcript:
Hey, does your business make something that might be used all ultimately by a government contractor? Did you know that all of the requirements that they have rolled downhill right into your lap? That's what we're going to talk about.
[00:00:22] Hey everybody. Welcome. This is Craig Peterson. I'm so glad you guys are here. There are so many things to understand in this whole world of security and technology is frankly, it's just very, very confusing. It's impossible to catch up on. I'll give you that. And it's very hard to keep up on. So what I've been trying to do here on the show, and then.
[00:00:44] And in the webinars that I've been putting on is to help you guys understand it, turn it into English, make it something that's workable. I had quite a week last week, very, very eyeopening to me because I've been working with a few different companies this justice last week that had major security problems and were completely unaware of it.
To me, that is just completely unreasonable, right? Well, I shouldn't say they weren't unaware of them. One of them was the pizza shop that I mentioned, and they knew something was up because the payment card industry guys knocked on their door and say, it said, Hey, we got to do an audit.
[00:01:27] And they came in, took one, look at the equipment that they had. Back in the, you know, computer room, if you want to call it that, you know, where the server is and immediately failed them. That's all they had to do was see that links us Rotter is sitting up on the wall because the link says is not good enough for businesses to keep your data safe.
[00:01:49] And frankly, the same thing is true for many of the other products out there. Now there's a lot of other levels that go beyond where. The payment card industry is requiring. And one of those is for government subcontractors. I have quite a few clients that are government subcontractors, and I think every one of them came to me because they had.
[00:02:14] Problems there they were trying to solve something was wrong. It was, it was, computers were slow emails. Weren't getting routed properly. Some of their customers were getting emails that actually weren't sent by them and yet had their return address on them. Right. Those sorts of problems. So we got involved and had a look and figured things out.
[00:02:36] And you've heard a few of those stories here. Well, this week was interesting because one of the listeners for the show reached out to me. He got a job. Helping out a business that is a small business. It is, you know, by small, small business standards, it's a decent-sized business, but they make components that are used by the federal government, by the military.
[00:03:03] And they were not doing what needed to be done. Not at all. And they think that they should be able to be ready in the next 18 months for the lowest level. And maybe they will, but based on what they do, uh, they got to get a lot more ready, a lot higher. Right. That's the basic definition here. Is, if you make something that either goes boom or at attaches to something that goes, boom, you have to comply with something called DFARs.
[00:03:40] And I tar now DFARs is the defense federal acquisition regulation supplement much easier to just say DFAR is isn't it. And this is a set of standards that apply to civilians. And defense agencies in the United States, ITAR gets even higher level and it requires compliance, but I tar basically means yeah.
[00:04:04] Yeah. Things go, boom. Okay. So if you make a component, so I have clients that make something as simple as power supplies. And those power supplies are used by military contractors and they go into various types of devices, another client, we went out to them and to help them out, they decided not to spend the money they needed to spend.
[00:04:28] I have no idea what they ended up doing, but they make cable harnesses that are used in military systems. And they weren't even close to being compliant, which is, you know, the typical thing that we see. So here's your problem, frankly, because of the new teeth that are in place now where they've taken and they moved it to something called CMMC and the CMMC is requiring them to do.
[00:04:58] Even more and it has even more teeth on it. It's absolutely amazing. So we've, this is in place to help protect federal contract information. And a lot of these manufacturers say, Hey, you know, it's not going to happen to me. I make power supplies. I make screws. I make assemblies. And in some cases they make much more fancy stuff, but.
[00:05:23] It does. It applies to all of you and organizations that failed to comply with these rules can get hit badly with massive fines, class, oxygen, lawsuits, and also jail time for the owners of the business, for the people who are supposed to be running the business. Real jail time. We're talking about 10-year terms for some of these things.
[00:05:50] So we have to be careful. We have to look at what we're doing and we have to understand if what we're doing is the right thing. So how does this apply to you? Well, if you are just a regular civilian, I think you should be happy that finally the federal government. Is trying to protect our information.
[00:06:14] Right. We've had the Chinese attacking us and we've been in these businesses where the Chinese had backdoors installed. And what does that mean? What's a backdoor while he imagines that your computers that contain your proprietary information are directly accessible by the Chinese. So that means whether or not it's military, your computer, the information on it is now in the hands of the Chinese.
[00:06:44] And in the case of one of our clients, what that means is all of his designs. All of his clients lists all of everything that he has worked his whole life for. He now gets to compete against a Chinese manufacturer that has been given all of that stuff. So imagine that happened to you. What does that mean?
[00:07:05] It, it means that our military isn't as secure as we had hoped it'd been. And we could go through all kinds of stories here. I, I really want to kind of stay focused, but what this means is we need to make sure, especially in this kind of post COVID world, that all of our systems are up to date. All of our systems are properly secured.
[00:07:31] So this, this company, this week, one of these companies this week, they had put in VPNs and they had used some slightly higher-end equipment. You can't just go and buy SonicWall off of the shelves over at staples, but it does not meet any of these federal guidelines. And what really, really upsets me here is that.
[00:07:57]They do a search online for the model of hardware, software, whatever it is they're using. And they're looking for an instance for compliance and it says, yeah, we're DFARs compliant when they are not compliant. It just. Ah, I don't know what to do about it. Maybe it's just me, right? Maybe I'm just a little bit too uptight here, but they're conning people.
[00:08:24] They're conning you. And if you've attended my webinars, you know how these VPN companies are, conning is how these privacy protection companies are. Conning how the antivirus vendors are calling you. And I'm also seeing this for our, our military subcontractors. All of them that I've been involved with have been conned.
[00:08:46] And now that's not true with the really big ones. Right. I deal with small businesses, 500 employees, and smaller, but. Man. They don't even know what they don't know. And that's part of the problem. Right? That's always part of the problem. So there are a few things I want you guys to, to understand and know, cause this applies to everybody.
[00:09:09] First of all. Nest. This is a government organization that comes out with standards. It's a national Institute of standards and technology. And remember, they used to advise that you have these super-duper fancy passwords that are hard to remember and a different password on every machine. And you had to change them every month or two.
[00:09:32] Well, they have relaxed that now, and they follow the same guidance that I've been preaching for years, which is. Have a passphrase, a set of words that you remember that you're not going to forget and that you can type in pretty quickly, but it may be 30, 40 characters long. And then use that in conjunction with a good password manager, like one password that is going to keep all of the passwords for you.
[00:09:59] So you have the one big, really good master password and then a whole bunch of. A password stored in your password manager. Now let's see multifactor authentication is the next one I have on my list. And it is not what it used to be. Unfortunately, a multifactor authentication. Now a lot of people are looking at it as well.
[00:10:22] Uh, it's just a text message. I'm gonna need a text message. Well, okay. That's, isn't that wonderful, but that is not true. Multifactor authentication, you know, multifactor authentication means something that, you know, along with something that you have, like a mobile app or security key. So be careful with this.
[00:10:41] And again, if you're government contractor, you've got to use. Special types of key chain storage like TPM or TEA. If you need more information, by all means, reach out to M E [email protected] But if you're looking at getting some of this federal government money, By being a contractor, or if your devices are used or materials are used by military contractors realize that your neck is really on the line.
[00:11:13] Now with CMMC long jail term, backbreaking fines, it will put you out of business. If you get audited, or if you lose some of this data, Hey, when we come back, we're going to talk about a lawsuit and, and I think this one's going somewhere. Google got sued for at least $5 billion because Incognito mode is not the incognito mode they've been advertising.
[00:11:42] Hey, how sad for fun? Make sure you sign up. You get all of the information for business for home. Craig peterson.com/subscribes to crown. I'll be right back.
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553