Cybersecurity with Craig Petronella - CMMC, NIST, DFARS, HIPAA, GDPR, ISO27001

Ten Cybersecurity Myths You Need to Forget Right Now

April 15, 2022 Petronella Cybersecurity
Cybersecurity with Craig Petronella - CMMC, NIST, DFARS, HIPAA, GDPR, ISO27001
Ten Cybersecurity Myths You Need to Forget Right Now
Cybersecurity with Craig Petronella - CMMC, NIST
Help us continue making great content for listeners everywhere.
Starting at $3/month
Support
Show Notes Transcript

We have seen and heard it all! On today's podcast, we discuss the most common cybersecurity myths and misconceptions that are out there.

You won't want to miss this!

Links:  10 cybersecurity myths you need to stop believing

Hosts: Blake, Dwight, & Erin

Support the showCall 877-468-2721 or visit https://petronellatech.com

Please visit YouTube and LinkedIn and be sure to like and subscribe!

Support the show

NO INVESTMENT ADVICE - The Content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained on our Site or podcast constitutes a solicitation, recommendation, endorsement, or offer by PTG.

Support the Show

Please visit https://compliancearmor.com and https://petronellatech.com for the latest in Cybersecurity and Training and be sure to like, subscribe and visit all of our properties at:

Erin:

So welcome to today's podcast. Today is April 13th and it's myself, Erin, along with Blake in Dwight. Unfortunately, Craig is unable to join us again. He is on vacation this week. Lucky guy. Lucky I know, especially, it's so nice right now. I'm in South Carolina and the past three days it's been in the upper seventies, low eighties with no humidity and I just want to be outside.

Blake:

It was 40 degrees here today and it was a frigid.

Erin:

what about where you are? Dwight?

Dwight:

Today we're at, 15 centigrade. 59 Fahrenheit..

Erin:

I feel really superior to people when my weather is better and really inferior, when the weather is colder. So I feel so superior to you guys. I got to feel good about something, right?

Blake:

I think all of our podcast listeners are going to be warm after today's topic.

Erin:

Yeah. Yeah. I can't wait to talk about This

Blake:

you liked that?

Erin:

This is blake's idea

Blake:

No, not really.

Erin:

It was your idea. You came up with it!

Blake:

You're too much credit.

Erin:

No. no. Don't be shy. We love a humble person. We're gonna go through some of the biggest misconceptions there are out there regarding cyber security and we'll also drop the link. This is actually from a USA today post. I'm sure we could come up with these on our own, but it's also nice to have something to go to.

Blake:

they simplify really well. We have a tendency, at least I do to over-complicate things.

Erin:

I never would in my lifedo such a thing, Blake.

Blake:

It doesn't seem that Dwight does that. so were grounded a little bit.

Erin:

That's funny you say that because I was thinking that to you. It's really great that Dwight's here you can help ground us and bring us back in. When we, start on our rambling,

Blake:

when we go off into fairytale land. Yeah.

Erin:

down rabbit holes. You can be there at the rope. Like here, come on, back up, guys.

Blake:

Yeah.

Erin:

kinda like what we're doing right now. I'm going down a rabbit hole about holes., oh, life is good.

Blake:

Let's knock them down.

Erin:

yeah, let's do it. Do you want to read that out?

Blake:

Oh gosh. Big responsibility.

Erin:

I think you can do it, Blake.

Blake:

The first one is that you don't have anything worth protecting

Erin:

There's so many people that think that,

Blake:

and that nobody cares about your data.

Erin:

oh, they do, they do. That's why they take it. When it comes to data, I always go back to Edward Snowden. And I remember back in 2013 when all that stuff happened. And people are like big deal. Who cares? I don't have anything to hide. I don't care that the government is, watching us, but I mean, it's a little creepy, there's some big brother stuff going on right there.

Blake:

All your data's important and you give that away, that is the digital currency today. Especially for companies like Facebook, Twitter, Instagram, Pinterest, Snapchat that is the currency to them,

Erin:

That data is power.

Blake:

Yeah. I think people should understand this. If you don't catch up!

Dwight:

Twitter and Snapchat all these places where it's free to sign up. Well, there's nothing that's free. Of course we know that they get that and they sell that information to the people that advertise to them so that basically supports the platform and all your information goes to the advertisers. And pretty soon you look at your, Facebook and start popping up, stuff that you're interested in

Erin:

It's

Dwight:

yeah, it is.

Blake:

I heard somewhere. The things that are free that cost the most. I heard that somewhere and it really stuck with me.

Erin:

I know we talked about it, Blake the Cambridge analytical,

Blake:

Cambridge Analytica as a data analytics company, and they were using data sets that were provided by Facebook of voters to create campaigns for their political. Fundees. for example there was rumor that Trump had used them and,

Erin:

There are people that actually went to court and testified about the ways that did

Blake:

Yeah. And so, um, Zach's had to answer, to Congress about that because how did Cambridge Analytica get these data points on Facebook users, if it wasn't provided by Facebook? that was the huge scandal because, people were using this as weapons, to create hate anger, fear and frustration at the political parties that they chose. It's pretty scary. I was actually talking about that today, ironically cause somebody asked me about it.

Erin:

I just looked it up. The documentary is called the great hack.

Blake:

Yeah, that's a good one.

Erin:

You do have data worth protecting is what it boils down to.

Blake:

for sure. Everything that, you give away is important and can be monetized. So take us seriously.

Erin:

And actually, if you don't mind, I'm going to read the second one because I like to make this point,

Blake:

Please take it off my shoulders.

Erin:

Yes. I'll unburden you.

Blake:

Yeah. Such a burden.

Erin:

So the second misconception is I use security software, so I'm fine.

Blake:

super fine. You're set you're golden. Nobody's going to mess with you cause you have secure.

Erin:

just use free antivirus and you have nothing to worry about. No, that's not true.

Blake:

That's like locking your doors, but not setting the alarm.

Erin:

good point.

Blake:

Yeah. Someone could smash, your windows open or somebody can kick your door down

Dwight:

crawling through your window,

Blake:

Yeah. And apparently there was a group of hackers that had breached servers of a, huge antivirus providers. I think there was a scandal with Scott Persky or however you say that

Dwight:

Russian company,

Blake:

Oh, sounds convenient right now.

Erin:

You know, we do have our XDR solution. it's amazing software. It's amazing AI. It's really great at protecting you. And I think sometimes people don't take it so seriously because they believe I have an antivirus. I'm fine. I have a firewall. I'm fine. They don't realize no, you're not fine because these companies are always keeping up. They're not blazing trails. It's the hackers that are doing the trailblazing. So, you know, if you have an antivirus it doesn't necessarily protect you because it can't protect you because it doesn't know what to protect you against when there's new threats out there. So it'd be like locking your doors, but having something like XDR would be like setting your security alarm.

Blake:

What about putting a key under your door mat?

Erin:

That's like leaving a sticky note with your password.

Blake:

everybody checks the doormats for keys, or maybe those nearby planter. Right. You know, under that planter, that's what you're doing. Don't be that guy or.

Erin:

Don't be that person. Yeah. It's important to know what your security software can and can't do, and it can do a lot, right. It's absolutely better than nothing, but it's not going to protect against new threats that we don't know about yet.

Dwight:

it's not going to protect you against going to a website security software is a layer and it can do so much, if you're going off to these different websites, passing out your information most security software catches, all from basic fishing stuff, but they're really kind of iffy on lot of that stuff. There's some more AI stuff, but when something hits your computer open, do something to counteract it. But it's all about education, and I think now with everything that's out there and people are doing everything digitally. Now there's so many people on board and they're doing all these different things as sales conferencing But the security, I think, front and center now, but it hasn't been for a long time. And so we're playing catch up. Everyone is playing catch up. That's why we're seeing all this stuff happening with regard to breaches and data gone missing.

Blake:

Yeah, let's keep the flow going. I like some of the ones that are at the bottom of the list. I feel like those are, the gold nuggets that people are listening for.

Erin:

We'll make Dwight do number four.

Blake:

Yeah, dwight's got a step up. With all these data breaches, I have nothing left to protect I,

Erin:

I think that kind of goes along with number one, right? In a way.

Blake:

I was looking through my spam folder one day and I got an email and in the email was a password that I had used, right. Like a long time ago. Yeah. Freaking me out. And of course, you're going to open that when it's in the subject line it was an old password, but besides the point and so I opened up the email and they're like, oh we have your contacts and we have all your emails and all your email exchange And if you don't send us, five Bitcoin, then, we're gonna send your explicit pictures to, your friends and your family. I was like, okay, if I had anything like that, I probably would be worried. So yeah, that was almost a good one,

Erin:

Sneaky man.

Blake:

But seriously, people like, imagine if somebody got ahold of your social security number, I could open a credit card in your name, seriously, this one's rudimentary.

Erin:

absolutely.

Dwight:

You have to protect your critical stuff. Your identity, your physical addresses, email, they usually can't do something serious with just one of all these things. But once they put together two or three and then they can start getting,

Erin:

that's a good point.

Blake:

Imagine someone opening, a credit card into your name and racking up 30 to$50,000 in debt. And you being financially responsible for that, that's life changing that may set back, your plans to buy a house or, your plans to move or your plans to do something with your life. There's solutions obviously ways, you can protect yourself. Cause like Dwight said, it's all about a layer, they have some pretty affordable solutions for identity protection, you could probably get it through your insurance provider

Dwight:

The best practices though, is to hold on very tightly to your personal information and only disclose it, like check, check, check, check, check, kind of thing. As you're doing something on a site, and it asks you for specific kinds of information if you don't feel comfortable with that, then get somebody else. Who's probably more computer savvy to help you with that. Just take the time because once it's out the door, it's gone.

Erin:

Yeah,

Blake:

I've heard of people who don't even use their personal debit cards online they go to Walgreens or CVS and they buy a prepaid debit card and they use online shopping for that. The, either, either you guys do that.

Erin:

no.

Dwight:

That's, so that's a good thing too.

Blake:

You don't want anybody having access to your money except for you,

Dwight:

all kinds of financial institutions, if you do deal online with online banking, credit, curves, whatnot, make sure you have your two factor stuff going on. definitely have that because if they need more than one place to authenticate to get you into an account and that's going to, chop them off at the head pretty much.

Erin:

don't know if you remember this Blake. In December somebody I guess stole my credit card information and I just gotten this new credit card, not even a month before they. Trying to take out$2,000 or something. One was like a betting place. How would you think I would notice that, you know, you just tried to steal$2,000 to me. Like, what is this?

Blake:

You know what I do. I lock my card 24 hours a day. It is permanently locked. And literally like right before, I'm about to go to checkout. I will turn it on and turn it back off.

Erin:

Oh,

Blake:

And the app a lot of banks can do that check with your bank. And sometimes my car will get declined. It'll be embarrassing for a second. I'm like, oops. Oh, I forgot to unlock it. A lot of times too, when these scammers, they purchased mass amounts of credit card numbers they're just running through them, so they're trying to buy something on Amazon and as soon as that card gets declined, what do they do? They delete that number. Cause they've got hundreds more. I don't want to give them a reason to keep my number around.

Erin:

So number four, Dwight, do you want to read us number boy?

Dwight:

For phishing scams are becoming more sophisticated as hackers, infiltrate, companies, CEO, personal accounts, and even government agencies, phishing scams have skyrocketed during the COVID-19 pandemic. Of course they have, anytime there's any kind of a major event going on around the world where it's a natural disaster or whatever scammers always pick up on that stuff, right. They pick up on people's compassion and passion and willingness to help others, and those times there's a lot of it. Very realistic looking extortion scams are making around the subject, contains your email address and a password builds familiar. The scammer says, unless you pay off they'll release the video view that you took in your webcam and do a worn site, don't buy it. The scammer got your email address and password from the date of breach. If we're still using the combination. It's best to change your password. At the very least, it's not always as simple as unfamiliar account, reaching out to you with the messages, trying to get you to click on a link. Sometimes they use familiar faces against you, which leads to the next minute. Phishing scams are getting a lot more, focused. It all depends on how much information they have on their address. If they have access to stuff like your Facebook, So the more information I have on the more legitimate of phishing attack they can put together on you. Right? So sometimes it would be very generic and looking though sustained. Or other times a lot of people will look at it. And it'll just dive right into it because it just looks so legitimate. And a lot of people don't know, but checking on links colleges looking at when you hover over with your mouse, right. To see where this thing is going, for instance, those very common ones are the bank ones, They'll send, oh, you need to contact your bank to do this. Please sign into your bank account. So everything looks legitimate. Then you look at it and you go, oh, okay, well this link, this is not going to Fargo. Well, this is going off to some number with a bunch of characters. So we can always check that. So there's ways to check ourselves in these situations, but they are getting very, more targeted, a lot more complex and a lot more legitimate looking.

Erin:

And that's one thing I've always wondered about it. especially now, seeing you get a smishing texts and it's like single girl, they spell single wrong you know, and you're like, you really couldn't just have somebody look that over real quick, you know, it's been like, it's been five minutes editing this, or meet somebody that, can speak English and like probably do a lot better.

Blake:

That's the thing you're scamming on such a large scale if this scam doesn't work, they already have 10 more in their back pocket,

Erin:

why not be as efficient as possible? I mean, if you're going to try to scam people, like, I mean, you're going to get a lot more people,

Blake:

I don't know. I would think that the same person that's looking at the grammar of the scam would be the person that doesn't click on it, or isn't, isn't going to be their target.

Erin:

Maybe they're like using it as a way to weed out people. Yeah. That might catch on.

Blake:

Could be. Yeah.

Erin:

Also he was reading. It sounds exactly what happened to you.

Blake:

Verbatim

Erin:

Yeah. So number five, this is another big one, I think. My friends on social media won't hurt me.

Blake:

Oh, but they do.

Erin:

My Facebook got hacked and it sent out inappropriate messages to like hundreds of people. and I, was watching, it also happened in real time. It was really crazy. And then it took me a while to get everything situated. They will hack your friend's account. And then when they hack that and they will send out like a link or something using your count and trying to get people to click on it or give them information, or, they send out these inappropriate, messages. If you want to see me click on this link, like, come on. I actually had a lot of people in front of me, which I don't blame them. You know? It's like, what is wrong with this girl? But I guess they didn't realize when I got hacked. I mean, I thought it was obvious, but

Dwight:

The biggest one I remember is the Facebook one, sending money I'm in trouble.

Erin:

If you take away anything from this, if any of your friends on any of your social media send you a message that is just completely out of the ordinary. You should, first of all, maybe be concerned about their mental health, but don't click on anything that they send you, Messaged them, send them a text to a phone number you know, that's what I do. I'll text my friend and be like, I think he got hacked

Dwight:

Yeah,

Erin:

But don't click on anything, especially if they're acting weird.

Blake:

If you haven't talked to that person in three years, and then all of a sudden they send you a message saying, Hey, look at my nudes click here. If you haven't seen them in 10 years and they're a high school acquaintance and all of a sudden they're trying to get super friendly.

Erin:

There's the other one that I get a lot from my friends, they've been hacked. this really you in the video? Oh man, this looks embarrassing. Anything that's trying to get a strong, emotional response out of you as likely to be a hack.

Blake:

My hidden inbox is full of Filipino or Asian women that are like, Hey, beautiful. Hey, sexy. Want to be friends? And I don't like, how do you even find me? I am just a normal guy and I'm not going to send your money, so don't try,

Erin:

Don't even, try, it.

Blake:

Number six. Yeah. Yeah. Hackers are mysterious and scary figure. Ooh. Yeah, I mean, it talks here about stock images of hooded people, hunched over computers with guy Fox masks and stuff like that. They're, coming for me. Yeah,

Erin:

that is true. They're normal people.

Blake:

5th of November, always to remember whatever they said. And I remember, you know, tomorrow.

Erin:

actually seen it.

Blake:

Oh, yeah, I have to see it. But no, no. So in one of our podcasts, it was super interesting. And we get a lot of calls from people that are like in frantic mode. Like, Hey, my Facebook was hacked and I think they're controlling my phone and they're controlling, my Google nest, my thermostat, and they're making a hot in my house and they're turning my TV on and you know, hacking is, more than gaining access to your systems or your data. There's a psychological side. Of hacking that nobody really talks about, you know, as a part of like, you know, like everybody knows about like, like, you know, like Jeffrey Epstein or something, or like, you know, some of these people that are like grooming, you know, their prey is it's the same thing. Like, you know, there is a psychological aspect to it and the person that is, you know, likely, you know, hacking you and wants to, if they have contact with you, right. Of course, you know, or some form of method or, to reach you, you know, there, there is a psychological side and they, they want you to feel helpless and they want you to feel scared and that, you know, all goes back to, you know, to them having an advantage over you. Right.

Dwight:

think in general as a term. So when I, when I think about a hacker, I think about someone that first of all, either wants to do you harm you know, in some way, like I said, it might involve like personal harm or not personal harm, isn't physical, but you know, in your immediate circle of influence or whatever, like with your job, your family. And then use usually some purpose for it sort of purpose, typically as a financial purpose, right? Like to gain financial, know some money to extract cash fund some financial revenue from person and or persons. But so let's look quickly what, the definition of your Webster or hacker,

Blake:

I sir, I certainly know with all the inflation that's going around is not in my budget to pay hackers. I'm sure a lot of people out there.

Dwight:

Correct.

Erin:

You have it. Wasn't nice to

Blake:

yeah. yeah. yeah. Drugs, drugs aside. But, yeah, but the eight and a half percent, you know, that could, that could have been for the hackers, but, but now not anymore.

Dwight:

I haven't gotten that yet. Carry on. Oh wait, here we go. I personally use computers to gain on our eyes on authorized access to. At core, cut-through so amazing. You had, you're getting through all the security levels and all like whatever. So somebody breaches or gets into on our all let's look at you know, the power grid or whatever, what are going to get in there and do that to disrupt the power. So there's usually a bad aggregator, usually dangerous, like, like typically, like, you know, like they're to be taken seriously. They get a into kind of disrespected disrupt network traffic, you know, across the internet. They can start to not have service attacks against major suppliers, vendors. And of course they were doing that. I think they were blaming it on the Russians or Eastern Europe for a lot of the logistics you know, transports in, in, in courier systems that were getting attacked like FedEx, I think. And I think there's a couple other ones. And so trying to hit the logistics chain or which is very critical to every country's ability to, you know, to, to, to function. Right. So they're, they're usually, like, I would say 98% of hackers attackers efforts are towards financial damage or, you know, some kind of disruption where it actually hurts or harms an individual organization. Oh yeah. It could be country. It could be a state in a town. It could be a school, it could be a bank, it could be a hospital. Again, I know a lot of hospitals that have been hit by ransomware and the hackers get in and done that. So that's ransomware is one thing that data as well, and gather all kinds of private information. So to have to put all this stuff. They launched these box in Charlie, once they've been hacked or once they're there ransomware or malware has taken effect from that, they gather up all the private data and send it away and then they sell it or they'll offer to say, well, look on ransomware case, they'll say, well, we'll give it all back to you for, you know, 10 million I've known the banks, a, a couple of hospitals around here. We've got Jack for millions of dollars. So.

Blake:

is probably sad to say that they're easy

Erin:

They are easy targets. That's why they they're easy targets. that have money. Like that's why wouldn't they go for that? You know, it's in the cybersecurity, hygiene is notoriously lax because, you know, especially like you think of an MRI machine, right. don't want to, you know, you might have like this old software on it and you're afraid to upgrade it or maybe not even upgrade, but uh, when you have the,

Dwight:

I like that.

Erin:

whenever you get like patches or whatever, you know, these updates, people, people just don't always update it. So, you know, because it also, it could also, it has the potential of making it not work. Right. So, you know, and they're not cybersecurity experts. They just, you know, a lot of people are in that industry to help people. They just want to do their job and they don't want to have to worry about that kind of stuff. And the hackers know that they use that against them. And I mean, yeah, there's literally so many that died. I think it was in Germany, but it was uh, a hospital patient died because of a hacker or because of an attack. And so they, they know, they know these things and so of course they're gonna get. After easy targets with money. I mean, and not only do they have money, but they have to have that working or people could literally die. So it's just,

Blake:

I think about all the data

Erin:

my

Blake:

that hospitals have to social

Erin:

If you get on that,

Blake:

I mean, medical

Erin:

oh man, like you're in there. you are in there. Cause they're not going to know that dwell time. And that's another thing too. This CA you know, talking about common misconceptions, I'm going to throw my own app out there. Um, is you know, well, maybe that's not a misconception, but something that I think people don't realize that aren't in the industry is just how important will time is. You know, if you've got a hacker in there. for months versus a day, think about how much more information that they're going to get. Just sitting there watching and observing

Blake:

Response is critical. You know, it's like, it's like, everybody's seeing the first 48, hopefully. Right. You know, the, for the first 48 is like the highest likelihood to, to capture a criminal or, you know, somebody that's missing or, you know what I mean? Like that's your window, you know, all the. All the evidence is fresh and you know, get on it, you know, you need to be on it, you know? So, so yeah, response time, you know, it's important, you know, people need to realize when something's missing, you know, or something's been hacked or something's been compromised. I mean, you have a very short window of time. Not only, not only that too, but in regulated spaces and different like legal obligations and software that you may sign up for, or that you utilize in your business. If there's been a breach of your data, you have to let your vendors now. And not only that too, but you have a responsibility to the customer and it's that you serve to let them know. And a lot of like regulated spaces, there is a window where if you've been hacked or you have any of your data, that's been breached, you have to send out an an alert or a notice your, your customers within a certain period of time.

Dwight:

Yep. Especially healthcare government agencies and, you know, I look at it and think about it. Okay. So all these agencies where they have typically, I mean, healthcare, I don't fear they have a lot of resources to do stuff, so there's a lot of financial resources. You should, their it departments are pretty well-staffed really, you know, wanted to go to show me, is that very, you know, it's basically a human error or human negligence internally that a lot of this stuff happens should because a lot of security stuff is just best practices. Right. And if you follow best practices with your operating systems, your network. Your transfer data you know, using passwords, you know, complex passwords, not leave a sticky notes in certain places, all these different things. You narrow the hole where people can breach your network tool time in whole or less. Right. So that's a lot of these. A lot of times it's just negligence and people are lazy. And, you know, when stuff like this happens I think, I don't know, but I'm sure a lot of people probably get fired out. There could be people that ended up going to jail because if you're in healthcare and you don't do your due diligence and somebody's information gets compromised or whatnot, I mean, because of your lack of performing your duties, I mean, that stat, I think that could be, I don't know, I'm not a criminal lawyer or anything, but I would think that there's probably some area there that they could probably ping you criminal negligence for sure.

Blake:

there is a vegetable that is really popular in cybersecurity. And I I'm sure. Maybe you guys can guess, but onions. Right. You know, like, layers, right. So onions have, have layers and layers and layers, and then you finally get to like the core of the onion. I don't know what it's called, but but yeah, you finally get to the core of the onion, every single layer, you cry, you cry, you cry. So, so yeah,

Dwight:

Yeah.

Blake:

yeah, yeah. I mean, eventually, you know, you know, hackers, you know, they're, some of them are persistent, you know, if you have, you know, data that they know is worth, you know, being persistent for, but you know, the average Joe, you know, me, or, you know, people that are, that I associated with. I mean, they're not gonna, they're not going to go through that onion to get my data because I have no. You

Erin:

That's it, you know, and that's the only important thing. I think when Dwight brought up, you know, about people being lazy, but also hackers are lazy. Hackers are lazy. Like

Blake:

sure.

Erin:

might be malicious, then they might have no shame, but they're also lazy and they want to be efficient. And that's, I think that that's important to understand is that if you do have at least some layers up. likely to get hacked that it mean you're for sure. Not like unhackable necessarily, but get bored if you don't

Blake:

Okay.

Erin:

have I feel like,

Blake:

I was just going to simply say don't be a low

Erin:

yes.

Blake:

vegetable.

Erin:

Be a root vegetable, be a root, be fruit.

Blake:

Yeah. Yeah,

Erin:

So we just new thing.

Blake:

Yeah, maybe.

Erin:

they'll move on. Like just, just be like join the thing, you know, just do these simple best practices. And again, you still

Blake:

Yeah.

Erin:

but it's a lot less likely to be compromise.

Dwight:

as a start, like, I mean, just best practices start and then, you know, any extras that need, we earn any extra, any precautions that need to be taken based upon your own, your, your field of you know, field of work or like government. So certain departments and agencies need extra work done right over and above, like, you know, certain ISO Sanders and IST stuff. Whatever the case may be. Right? So by just basic best, best practices, as far as hygiene goes, we'll keep 95% of the garbage. Yeah.

Erin:

read number seven?

Dwight:

Number seven. Oh, I only go to mainstream side, so I don't need security software. Now there take that. You need security software, no matter where you go. Remember what I said earlier about how social media apps sell your data to make their money. The more cookies you have in your browser, the more more your, every step was being followed and multiple sites have a detailed profile view that increases your chances of getting your data breach. Since all companies are vulnerable to a data breach security software keeps you safe. It's like two factor authentication, a necessary step towards protecting your privacy.

Blake:

You definitely mentioned. You definitely mentioned that one earlier and that's a huge one. Huge. And who, I mean, that's something that, that we don't think about. Like I try and go in every single day I have software on my apple computer where it cleans everything. It cleans my cookies, it cleans my browsing history, yada yada, yada it just to make my computer more optimized. And at the beginning of every day I run it into of day. I run it before I shut it. So, that's something that most

Erin:

No.

Blake:

You know, most people don't clean out their, their cookies and their web history.

Erin:

if you don't mind telling us to do that?

Blake:

called clean my Mac. I've been using it for a while and it's pretty solid, pretty affordable. I've been using it for a long time and yeah. I mean, there's other solutions out there. I think one is a CC cleaner for computers. Yeah. Yeah. I love that.

Dwight:

Yeah.

Blake:

super good. And yeah, I mean, something like that. I mean, most people don't think about,

Dwight:

True.

Blake:

Aaron, back to

Erin:

Oh, well, number

Blake:

on the spot.

Erin:

use complex passwords. gosh. There's so many things. so complicated or not complicated, but they're so they're so important. They're such, they're just so important. It's you And like, if you, if you use the same, even if you found a good complex passwords, I used to do this. Right. I found I'm like, nobody will ever guess this. Right. So of course I reuse my passwords, but then I learned why that's not a good idea. And I guess I kind of liken it to, it would out your keys, like making, making, like, uh, keys and just leaving around the city or so that, you know, like if you, if you don't, if you reuse your passwords, um, password,

Blake:

Okay.

Erin:

really, you're really asking for it.

Blake:

I saw this one. I'm like, I'm in this like little high team, like meme page on Facebook and you know, me and Jonathan loved to laugh at those, but there was this one video and it was like posted up on on like a little billboard or like, like a public notice board somewhere. And it said free wifi. And then, you know, at the bottom it had like a little area where you'd rip off, you know, the wifi password, like, you know, it had a little arrow said, Hey, take the wifi password. And then somebody would go to poll the, the password and then. I don't know, but like an endless roll of like numbers, letters, characters, there was maybe like 30 or 40 feet that would come out. And I was like, oh my gosh, that is so accurate. It needs to be accurate. Like we know this person like was, was crossing the street and the paper was still rolling in, you know? So, so yeah, I mean, complex past. Sure. It's like, there's such a, there's such a misinformation about what is a complex password. Of course. I hear it like, oh, the numbers, characters letters, and uppercase letter, a bunch of lowercase. Yeah, I mean, don't reuse passwords either, you know? But, but even, even if you are using complex passwords is still not enough to keep you safe sure. I mean,

Dwight:

And you can't leave them hanging around either. Even I'm in text files here and there even sticky notes or whatever, it can be so

Blake:

note.

Dwight:

long and look like gibberish. But if someone can pick it up and take it and go with it, then it's, doesn't matter if it's 23 characters long, right.

Blake:

Yes, sticky notes are not password managers. They are not

Erin:

Not Anyway,

Blake:

this. this through your head. Please do yourself a

Erin:

I need you to understand.

Blake:

Um,

Dwight:

Don't use a sticky on your computer either. Like, you know, you use make sure your passwords are other than a password manager, look last pass something, you know, you know, secure, right? yeah,

Blake:

gatekeeper.

Dwight:

Something, you know, nice and secure. And so, you know, that way you'll know. Right. That, okay. Yeah. I didn't say this. I mean, you feel each for, to feel a certain level of. But if you just like to say to, you're just casual, but the whole thing on just from reading a password here and just save it here on my desktop and you know, and then CA and it's called password file.

Blake:

Yeah, password dot TXT. it's, it's a shame to say, like whenever I do an onsite and we have customers that have been with us for years, years, I have to say it because people need to know. And I'll go in and, and they've done all of our security awareness training. Like they are up to speed, like they've passed, they've got their certifications and security awareness and yada, yada, the latest cyber security news and things they need to pay attention for. And then I go into their office and what do I see a sticky note on their monitor with their password?

Erin:

cry?

Blake:

And

Dwight:

And then you go over and look at them and wink at them, right?

Blake:

No, I, I do what I'm supposed to do. I take it and I rip it up and put it in there.

Dwight:

Yeah.

Blake:

And then I saw, I saw, I saw cause they know exactly what they're doing and it's like, I, I talk, we talk about this. Like we talk like we, we preach this. you can't do that in their, in regulated spaces too. Like, yeah, no, I mean, I will, I love this customer. They're one of my favorite, but yeah,

Erin:

need to do better.

Blake:

I'm disappointed. for sure.

Erin:

to do better.

Blake:

I hope they're not listening because they might know

Erin:

Well, we're not saying

Blake:

call me right after this airs.

Erin:

any names, but we are saying you need to stop that. Stop that nonsense.

Blake:

Yeah, no, no. I mean, I'm sure there's more than one, you know, and maybe I just don't go to, to do their on-sites or something, but I'm sure they're not the only one. They're just the only one that I know about. that's probably the sad part, you know?

Erin:

need that.

Blake:

So let's do number nine. know a fake voice when I hear one.

Erin:

Cause know what, I'm going to take over real quick when we did um, when our spoofing, right? And you did this to Blake, we, when we called the P the employees at the financial institution, well, actually, I didn't even call you made the calls, you, you and BJ made the calls. and you actually like talk somebody into like clicking on a download button, right?

Blake:

Yeah,

Erin:

Yup. And they have, they actually have really good training,

Blake:

some locations,

Erin:

better than others.

Blake:

some locations,

Erin:

some, some employees better than others as well. Um, they, you know, I mean, if you, if you're in a business with, you know, even just 10 employees, much less like 500 employees, you're going to be able to trick somebody. You're going to be able to trick somebody. You don't know if a voice is fake, you know, like listen especially Blake talking to his mic. You're you're not going to say no to that voice. Like, come on. Let's be real. You're

Blake:

It only, it only takes one person to compromise your whole business.

Dwight:

Absolutely.

Blake:

But no seriously, like imagine the 10 or the 10 or 15 years that you spend growing your business. Five, whatever, insert your tenure here, you know, your life here, it only takes one hack, one hack to take you

Erin:

Yeah, what's that statistic? How many? I think it's something like 95% of

Blake:

the

Erin:

are hit with like a successful

Blake:

S small businesses, small businesses in the average cost of remediation for that small business is around$3.6 million.

Erin:

million. And people complain about the price of cyber security, especially if it's not free,

Blake:

Oh

Erin:

but, but, it's so like, what is it? An ounce of prevention is worth a pound of cure.

Dwight:

Yeah.

Erin:

so true in this too. And people are like, it's not going to happen to me. You're not going to go after a small business. Yes they are because they know that you think that way. So

Blake:

cause you're, you're the low hanging fruit. You're not the vegetable. I mean, it's sad. It really is. I hate, I hate more than anybody to say. I told you so, You know, we've, I can tell you, we've put together, we've responded to RFPs, you know, requests for pricing, and we've accurately responded to them and given them a perfect solution. And then they go with another vendor and that's fine. That's fine. But when, and then later, I mean, years later, I mean, this is, this has happened on more than one occasion. They come back to us and say like, oh, I've either outgrown that it provider or. There was an incident, you know, and they weren't able to respond to that incident. And then we're at ground zero with them and you know, it is hard and it's frustrating. And I never, I never say I tell, I told you, so of course, I mean, that's the worst thing that, you know, you can say, but you know, is, so hard for us to pick up the pieces.

Erin:

It's so much easier to

Blake:

tragic.

Erin:

steady foundation than it is to, know, start trying you're, when it's already

Blake:

You, you are, you are not going to build a house without a foundation. Most people, they just build a house and they decorate it and yada, yada and furnish it and make it look beautiful and test your business. Right. there's no foundation there which needs to be cyber secure.

Erin:

And um, all Dwight, if you want to do number 10,

Dwight:

Number 10 and the finale, I will know when something bad gets in my device or computer.

Erin:

No, you won't.

Blake:

Okay. Yeah. Yeah.

Dwight:

I guess so anyway, it sounds the list. So cyber cyber criminals work is stealth. Whether they're doing deeds, there's nowhere, it's like a pops up. They have intricate ways of in trouble infiltrating your day. It would even be Trojan horses in the foreign viruses, looking at me, lurking in your cold right now, now that you're aware of the 10 most common foggerty Ms. Cybersecurity mints, sorry. You're better equipped to recognize misinformation spread by hackers. One to keep you vulnerable. Remember, your day is worth a lot of cyber criminals to take steps, to predict it, make sure all your gadgets are up to date with all the security patches needed, defend online attacks, make use of robust security software, password managers, and two factors in occasion. Most of all, fall news on recent breaches and hacking trends to keep your security tools reliable and timely. And of course, in the course on a promote a particular site. But yeah, so, and then in note, no you not, you won't know necessarily it's something, she chewed its bad. Sometimes you may, but you don't meet your things can stop popping up all over the place, but yes, that's using malware but when it comes to hacking in and then stuff like. Basically your whole voice will get encrypted. Right. And all of a sudden you can't do anything. You can't log in, you can do nothing. and, or all of a sudden you look at your bank account and there's no money left.

Erin:

Yep.

Dwight:

Right.

Blake:

Yeah.

Erin:

back to with the

Dwight:

yeah,

Erin:

time. Right. But The dwell time.

Blake:

response time. Yeah.

Erin:

How long is that person? You know, that criminal gonna be in your computer, just collecting all the.

Blake:

yeah. I mean, there's so much that can be said about this, but if somebody, if somebody, if somebody I'm trying to think of an analogy here, but if somebody is stealing money from somebody's wallet and they're taking$20, you know, let's just say they're taking$20 a day or$20 a week or something, then you know, that person. Overlooks it, you know, one day that person is not going to go in there and take everything right. Because they just burned their scam to the ground, you know, they're, they're, dishonesty. Yeah. I guess that's the right word to put it, you know, they're burning their scam to the ground. So, you know, what's more profitable, you know, to take$20 a day or$20 a week or whatever. Or to take a hundred dollars one time, you know, like what's more profitable. So, and then, I mean, how are you really going to know when somebody gets into your

Erin:

Not unless you have XTR.

Blake:

yeah,

Erin:

that's how, how you would find generally,

Dwight:

Some key guys, I know we've done some testing and stuff with Interline T in some, some sandbox, computer and whatnot, and sometimes you don't notice it other times you do it depends. What's. And no wonder acts as it can slow your computer down a lot. Like if they're transparent and if there's a lot of data transfer going on back and forth you know, like I said, it all depends on what type of activities are happening within your system. But typically for, for half are basically people that are stealing your financial information and want your information to gain financial gain. There are very fine tuned. Organizations are usually not just a single person, if it is, he's bought something from some other reliable group. Right. And and they have a well-renowned or a well oiled machine for going users. Once they've gotten into some kind of a security breach or whatever, and they go in and they're quick, they're usually pretty quick, right. They'll check them, they'll check something. And they target specifically usually to like, like banks credit, current companies health institutions, places like that, or places where they can gathering. Information at autonomy and or amount of financial at a time. So,

Blake:

It's not, it's not always a pop-up from from windows technical support, you know, and then, and then convenient. And then conveniently, when you call them, they have a super heavy accent and they're saying, oh my gosh, your, your system has been breached. Let us fix that. Okay. Run this software on your computer, you know, like, and then go buy a bunch of gift cards. You know, like, I mean, what's sad is it still works? If it,

Dwight:

I heard

Blake:

still works.

Dwight:

here or my relatives don't oh yeah. I got someone on to help of my computer other than ask, what do you mean? You got some line and helping you can do it all. Yeah. So, something popped up with Peter said that wasn't up to date. So this person jumped down remotely and helped me. They didn't.

Blake:

Microsoft doesn't have time to hop into your computer and fix. I don't know. I've never heard of that.

Dwight:

the way you do things that reg is protocol, probably just don't do things that way. I think, you know, your bank is not going to send you a request to update your online count information through an email. Right. And all it says that this is a protocol, so you're just not, and some people are just dumb. You know, they just, they just, I don't mean dumb as in a person, but a dumb as to like what's going on around them and they don't consider it or take it seriously and order just indifferent. Is that the word? But then again, usually what happens to them? Those type of individuals, organizations is they get burned bad.

Blake:

Yeah. And a lot of people aren't tech savvy, you know, they, they didn't grow up. They didn't grow up in technology like I did. Or you

Erin:

Oh, no, I am not tech savvy. not like I had to learn. I didn't learn about this stuff until I started writing about it. I mean, honestly, I mean, so I feel like sometimes I have the perspective of. A lot customers, because I was that person. So I get it. I mean, you just don't think about that kind of stuff. Like you're like, oh, what, what, why would they want to do that? Or whatever, you know, like I told you guys, the story about how probably got a virus on my ex-boyfriend's computer, because I just didn't know. you know, he's like, you probably like and I'm like, no, I didn't. But thinking back on it now, like Yeah. probably did. Just did not it.

Blake:

no. Aaron was clicking on those. One of those things that was like 10 things you don't know about these celebrities. Or like, you won't believe what happened to these these five celebrities

Erin:

like, like click, on this to get something free

Blake:

oh,

Erin:

whatever.

Blake:

oh, here. I literally I'm scroll down to the bottom of the website and I see some of them it's like, she was a legendary act actress today. She works at nine to five and it's like,

Erin:

fate.

Blake:

who, is it? I wonder, I wonder who that is, you know?

Dwight:

lots of things that drag.

Blake:

Or here's, here's, here's one. How would you react if Georgia got hacked this game, simulates geopolitical war, what would happen if another country invaded Georgia? And then on the map, it has a picture of France. So I think.

Erin:

these hackers can get their stuff together, man, we're all in trouble. Like.

Blake:

here's another good one. Look at this celebrity before and after their weight loss. then there's no pictures. It's just a blank one. So they want you to click on it and see who the celebrity was. Come on. Don't

Dwight:

Your whole computer blows up

Blake:

I'm sure. I'm sure it'll just explode and they see the only thing that'll be left is the keyboard. Absolutely. But, seriously. I mean, I think we definitely have a long way to go. Like as, as humans, w we're we all, we're all imperfect creatures. And there's nothing, there's nothing wrong. If you're doing any of these things, you just need to recognize it and change it.

Dwight:

Before it's too late.

Blake:

Yeah. I mean, here to help. I mean, we're not making fun of you.

Dwight:

No.

Blake:

we we genuinely care.

Erin:

because I get it. Totally.

Blake:

We, we genuinely care. And you know, the more onions, you know, the more layers, right? The, the more impenetrable, I guess, is the, no, nobody is unhackable entirely, of course, but, you know, hackers, they just want to go for the low hanging fruit

Dwight:

Yeah, don't want to spend hours and hours trying to get through 10, 15 walls of defense. Right now, there are some that do, and they're probably targeted and and financed by an organization that's very you know, deep pockets. And of course that's your job, right? But for people that are just out there on their own or small little groups or whatever the case may be, and then just have a list. Yeah. They're not going to spend, like you said, people are lazy, right. The path of least resistance. So, you know, big line here, I'm going to spend like an hour and a half or two hours trying to get it. It's going to be here when I can go through all these and probably get in. And they've been done in five minutes or less. Right. So,

Erin:

We don't I realized too over the years is that honestly, if you think about it, I feel like efficiency and laziness kind of go hand in hand, you try to increase your efficiency so that you can be more lazy or so that you can get more stuff done and get things, get things automated. And I'm sure it's exact same thing for, They're just trying to be. As efficient as possible when it comes to getting your data, because data, big data is big money. It is, it really is new currency. Like need the Bitcoin, let's get this data to all

Blake:

Every everybody wants to easy paycheck and nobody wants to work for it. That goes back to human condition. You know, if I could sit on the beach and, and and do not yeah. And live a life of leisure, that'd be great. And I wouldn't have to do anything for that'd be even greater. But, but yeah, everybody wants the easy paycheck. And are they, I mean, are they wrong? I mean, I don't think there's anybody out there that wants to work crazy hard for them. if you don't have to. Right. So, we should probably leave it off on that. I felt like that was you know, we really came full circle here. Do you think we should tease the next topic?

Erin:

do it. Let's tease the next topic. I like that.

Blake:

Oh, I'll leave that for you since you're the topic

Erin:

Well, I don't know if I'd call myself that, but this is another one of Blake's ideas, which I really like.

Blake:

Oh, come on.

Erin:

it up to me. So now the truth is out.

Blake:

You make it. You make it sound like I'm the only one working here.

Erin:

off work, right? So

Blake:

Craig, do you hear, do you hear that,

Erin:

no he's enjoying his vacation.

Blake:

He's he's on that beach that we were talking about.

Erin:

he's time with his kids listening to podcasts. Cause he's like, Um, So our next topic, we're going to talk about next. We are going to go through, it's going to be similar to this, right. But instead of talking about misconceptions, we're going to go the opposite way. We're going to talk about uh, some of the data and statistics that we found that it's just completely eye-opening that we think is really important for people to know. So actually, Blake, do you want to give maybe an example, spot now?

Blake:

uh, let's see here. So, identity theft is up 42% in 2020. Let's see, 6.95 new phishing in scam pages were created in one year. Three out of four companies experienced a phishing attack in 2020 and 25.6% of all web traffic was made up of malicious bots, 25.6%.

Erin:

That's

Blake:

And ransomware attacks grew by 40% just during COVID, which as if we don't have COVID enough to worry about. But and the huge ones, the hugest sectors, right, are finance and insurance and then manufacturing and energy, and then retail and then professional services. But 23% of the hacks make-up financial service providers. Yes. Oh, and this one's pretty important too. So we're going a little beyond the teaser here, but IBM says that your cybersecurity budget should be at least nine to 14% of your overall it budget.

Erin:

That makes sense.

Blake:

So then millions of dollars you're spending on computers

Erin:

Yeah. really good point. I mean, I think a lot of, and that's something I learned about with CMMC is that, you know, they make it a point to like, okay, in your policies and procedures, do you need to, I think it's after level a material level three. So actually this might be old, but anyways, they want you set aside an amount. They want you to write down the amount, like to show like we are taking this seriously. know, if you think that you're going to S you know, you spend all this money on, on gadgets and devices, but you're not going to protect it like, mm mm. You might have your priorities, a little askew there,

Blake:

Here's another one that I just, I have to say, it's just going to explode out of me if I don't say it, but there's going to be an estimated 3.5 million unfilled cybersecurity jobs by the end of 2025. there is a shortage of good guys that are protecting people like you. There's a shortage and hackers know that know that and

Erin:

there's not a lot that I regret or I try not to regret, but sometimes I think if I had to do it all over again, I might go into like it and cyber security, because is such a underserved.

Blake:

It's never too late.

Erin:

You're correct. But I already had my masters. I'm good for now. school a little bit.

Blake:

I think. I think judge Judy became a judge at like age 50, so you're good. Yeah. Yeah. she's PR seen her on, I've seen her on Instagram. She's pretty, she's pretty inspiring when she, when she's not being mean. Yeah. Yeah, for sure. She's

Erin:

but I find that hard to believe.

Blake:

she she's, she's getting me out. She's getting me motivated for sure. And yeah. Blink blink there, but the guy from what's his name? Steve Harvey.

Erin:

Yeah.

Blake:

inspiring too. So

Erin:

know. It's funny.

Blake:

we're going to save the rest of this for for next week. Is there some good stuff? Good, good, good stuff.

Erin:

for sure. Next week we need a whole week.

Blake:

Oh, I'm sorry. Next tomorrow. Next podcast. Next podcast.

Erin:

okay. was we doing? What are we doing? Where y'all taking a break? Are we all gonna go on vacation?

Blake:

go onto that beach?

Erin:

wherever

Blake:

I'll see it. I'll see you there. Hey Craig.

Erin:

missed you.

Blake:

Yeah. He'll be like, he'll be like where where's your microphone? Where's your podcast? Left it at home. Left it at home.

Erin:

All right. Well, yeah. Good, good talk.

Dwight:

Alright,

Blake:

This was a good one fun ones.

Dwight:

have a great rest of your day people

Erin:

All right.