Podcast 007 Quick Cyber Tips
In this episode, we celebrate Cybersecurity Month and provide you with 12 quick tips to help you be more secure online, plus a few quick questions you can ask yourself as a simple cyber risk assessment.
Episode 007 Quick Cyber Tips Transcript
Heather McKee: Welcome to The Modern Polymath, where we discuss topic in technology, economics, marketing, organizational behavior, market research, human resources, psychology, algorithms, higher education, cybersecurity …
Heather McKee: Hey, podcast universe! Thanks for tuning in. On today’s episode of The Modern Polymath, and in honor of cybersecurity month, we’re going to give you 12 quick tips on help to help yourself be more secure online, and avoid some of the easy traps that are out there. We’ll also give you some quick questions you can ask yourself as a simply cybersecurity risk assessment.
Heather McKee: Today, we have John David McKee, Will Callaway, and I am Heather McKee. Let’s get this podcast started!
Will Callaway: Today we’re going to talk about cybersecurity, and a couple of things you can do from an individual level to keep your data more secure. This is not an exhaustive list, but this is a good starting point.
John David M.: Yeah, this is a really a starting point, with some things that are going to seem like common sense once you’ve heard them. A lot of us just aren’t really aware, or aren’t thinking through a cyber lens, yet. We’re trying to give a perspective on ways you can modify everyday activity to make yourself much more secure, and start to get yourself in that mindset.
Will Callaway: Okay, so the first thing we’re going to talk about is just being realistic about your digital footprint, what data you have out there. Either on your social media, or in the accounts you’ve created with different companies. Just knowing what you have in cyberspace, per se, and being realistic about, if you get attacked what might happen to that data, how important it is to you.
John David M.: Part of that’s also what we’re going to cover in this, is understanding how people can use that data. It may not seem like something that’s all that valuable to you, if you’re thinking about it in an isolated lens. Once somebody starts building a profile of you from different sources, they start to see a lot bigger picture about sensitive information about who you are.
Will Callaway: Yeah. The criminals might not even care who you are.
John David M.: Right.
Will Callaway: They might just need one specific piece of data to compromise your password, to compromise somebody else in a chain of attacks. You’re not necessarily who they’re after, but yes, you’re the exploit that they’ll use to get what they’re after.
Will Callaway: So, just being realistic about your cyber presence, and knowing what you have out there. It’s just a good place to start.
Heather McKee: Our second tip is about shopping online safely. You can never be totally safe online, but here are three things that can help make you a little bit safer.
Heather McKee: Never shop from a device that isn’t yours, or that’s on a network you don’t own. That’s just opening yourself up for disaster.
Heather McKee: Don’t save your credit card details in an online account, which a lot of us do because it’s a lot more convenient to just hit, yeah, pay with that credit card. But, if you want to stay safe, best way to do that is not put your data out there.
Heather McKee: Then, lastly, verify your transactions and accounts weekly, to look for any fishy activity that may be going on.
Will Callaway: Yeah. That’s a good point, Heather, on the don’t save your credit card details in an online account. It’s tedious to have to reenter that every time. I’ve got a buddy who is extensive enough, to where he’s got a pre-paid credit card, and whenever he needs to buy something online, he puts money in that, and then pays with a pre-paid.
Heather McKee: That’s a smart idea.
Will Callaway: So that even if it does get leaked, they’re only getting however much he has on the pre-paid. It’s not hitting his actual accounts.
Heather McKee: That’s a really good idea.
John David M.: Here’s another one. Don’t plug random crap into your computer. Don’t throw stuff out there that you don’t want other people to see. And if you do, make sure you lock it down.
Will Callaway: Don’t connect to public WiFi, whether you’re in a coffee shop, or a hotel, train station, whatever it may be. If someone else is in control of the network, they can read your data. It’s a simple as that. Passing sensitive data, or your personal information, your credit card, whatever it may be, over a public network that aren’t in control of, that’s just a bad idea.
John David M.: Right. If I’m on a public network at a local coffee shop, and I pay for something online, I’m not saying that they would do it, but they have access to … It passes through that network.
Will Callaway: Sure.
John David M.: That could be ripped off by somebody, whether it’s them, or if they don’t protect their stuff well enough, that somebody else is sitting there and could grab it, and use it maliciously.
Will Callaway: Right.
Will Callaway: What’s another trendy thing is sending or getting friend requests and emails from people that are trying to connect with you, maybe from a business standpoint, or for Johnny’s soccer game, or something that you’re involved in because you’ve put it out there. Validate who that friend is, right. Who is this email coming from? Don’t click on any suspicious links.
Will Callaway: The goal of hackers when they’re trying to send those emails, they’re phishing emails, or trying to connect with you in some business standpoint, or over the phone, whatever … Their goal is to basically gather information from you. They’re using social engineering techniques to just gather information, hoping that you’ll leak some form of confidential information, or confidential data, that’ll help them escalate their attack. Or, take their attack to the next level, or really put that missing piece in their attack.
Will Callaway: So, you just have to be calculated and careful about what you’re willing to respond to, and what you’re willing to put out there when someone does reach out.
John David M.: All right, so, number five. Use strong passwords. Not a hard concept, we all know to do that. Don’t use your wife’s first name and the date you were married or something like that. Scrap that part.
Heather McKee: That’s not our password.
John David M.: No, I don’t know.
Will Callaway: Don’t do that!
John David M.: [crosstalk 00:06:12]
Heather McKee: That’s not our password.
John David M.: When you’re making a strong password, though … Will, you were saying earlier, use all the characters, right? 14 characters, use letters, use numbers, use punctuation. Don’t make it a word or a phrase or something. Make sure you can remember it, but don’t make it easy to guess. One, one, one, one, one, Judy is not a good one.
Will Callaway: Yeah, one, two, three, four, five, password, any default.
Will Callaway: Also, change the passwords. On your network router, your Internet provider is going to give you a default password. Change the password, make it a strong password. You don’t want your WiFi just wide open.
Heather McKee: So, even if they told us that PinkStreet73 was super random and secure?
Will Callaway: Yeah.
Heather McKee: I should change that?
Will Callaway: Yeah, change it.
John David M.: That’s a legit story. I was admonished by the person who set up the Internet that I wanted to change the password. He’s like, “This password was specifically generated to make it super unbreakable,” blah, blah, blah, blah, blah. I hadn’t seen it yet. The whole time I’m picturing, like, a whole bunch of randomly encrypted, no patter or anything at all.
Will Callaway: A 32-digit password, yeah.
John David M.: With no pattern, or anything you could recognize. I bring it up and it’s like what Heather just said, like, Pink Street. I’m like, pink street? What? That’s very breakable. That’s not a very strong password, and I’m not trying to keep a password that’s given to me by a company, that they can just jump in whenever they want.
Heather McKee: So, Will, I’ve heard you say something about looking out for shoulder surfers?
Will Callaway: Yeah. So, even if you do have strong passwords … you have to remember, there are disgruntled employees at where you work, or siting behind you at coffee shops. If you’re typing in passwords, be careful of people just staring at your password. It’s like we were fifth graders, and everyone was like, “Don’t cheat on the test,” and we were all starting at each other’s tests.
John David M.: Oh, what?
Will Callaway: You told me not to cheat, and now I can’t do anything but look at the other piece of paper. It’s like, you know, when you’re at a museum. Don’t touch this. It’s like, I’m touching that.
John David M.: I’m learning things about Will today.
Will Callaway: I mean, you know, people look at keyboards.
John David M.: Will, don’t give me $1000. Don’t give me $1000.
Heather McKee: No, you’re right. I think about, even on an airplane, because you’re in such close quarters.
Will Callaway: Mm-hmm (affirmative).
John David M.: Mm-hmm (affirmative).
Heather McKee: Sitting beside people. I’m not going to lie, I am totally guilty of staring at people’s laptops while they’re doing work. I’m not processing what they’re doing, but it’s something more interesting to look at than the back of the seat in front of me.
John David M.: Yeah.
Heather McKee: I can only imagine that if I’m doing that, somebody else, and someone who is specifically looking to get something, is really going to be an eagle eye on it.
Will Callaway: They’re purposely doing it.
Heather McKee: All right, next step, number six is two factor authentication, or multi-factor authentication. This is the thing that a lot of us see whenever we’re either creating an online account, setting a new device that we bought, or something where we have to provide a password, and it’s asks to check a box if you would like to try two, three, however many factors of authentication. You have to not only give a password, but also then a cell phone number so that they can text you some special code and you put it in, or email you a special code and you put it in, something like that.
Heather McKee: Basically, just more than one way or method that they use to authenticate that you are that actual person, and that user.
Heather McKee: Number seven should be pretty simple. Lock up your devices. Just as John David was saying, and Will was saying, don’t leave it open whenever you leave to go to the restroom, or whenever your phone is just sitting there and someone texts you, and if they look over they can read that message. Lock it. Make sure that you are the only one that can get in there and see what it is.
John David M.: Yeah. We’re not just talking about, like, locking from a virtual standpoint. We’re also talking, like, you know, lock your devices in your room, lock them up so no one can actually, physically access your machine, your tablet, your cell phone, whatever it may be.
Will Callaway: Number eight, prioritize your most sensitive accounts. This goes back to knowing what information you have stored in different accounts, and what that information can maybe be used to obtain in other accounts. Know your email, your online banking, any eCommerce, basically any account where you have used your credit card details. Secure the username and password, really strong password. Use two-factor authentication when you can. Then, keep track of them, right?
John David M.: Yeah.
Will Callaway: So, when I say prioritize your most used, and if you don’t use an account in the past six months or a year, get rid of it. Delete that account. If you need to use that service again, create a new one.
John David M.: Yeah, that’s a really good transition to number nine. Clean out your old apps, clean out old emails. Unsubscribe from unwanted emails, there are services that can do that, that you can do that en masse. The more that your information is out there, the more lists you’re on, the more you’re going to be exposed.
Will Callaway: Right, yeah. It’s almost like digital minimalism. Declutter your life.
John David M.: Yeah.
Will Callaway: By doing that, you’re lowering the attack surfaces that someone can get to you with.
John David M.: Yeah. You’re also saving yourself a bunch of annoying emails that come in that you don’t want.
Will Callaway: Yeah.
Will Callaway: So, you know, decluttering your phone, your email, your accounts, it’s just good practice.
John David M.: Which, that was news to me. You told me about that. I’ve been very guilty of downloading a ton of apps, and just leaving them there in case I ever need them. I didn’t realize that. It makes a lot of sense, once you really think about it.
Heather McKee: So, next tip, number 10, is that a little cyber paranoia can be good. You may be sitting there, shaking your heads, thinking that we are crazy people who are just super paranoid about all these cyber attacks, but it’s real. You have to protect yourself, even if just a little bit. Don’t think that you can’t be targeted just because you think you’re no one.
Will Callaway: Right.
Heather McKee: As Will said earlier, you could be part of a mass attack and not even know it. It doesn’t matter about you, necessarily, as the individual.
Heather McKee: Some good things to keep in mind whenever you’re being a little cyber paranoid is if it’s too good to be true, it’s probably not true.
John David M.: You mean that email I got about the relative who is leaving me a million dollars is not real?
Heather McKee: I hope so. But, yeah, probably not.
Heather McKee: If it looks fishy, stay away from it, because it probably is. Then, also, never give up confidential data. Don’t give it up unless you know that you’re giving it securely, or to someone who is definitely supposed to be taking in that information.
Will Callaway: Yeah. If anyone is asking you to give up confidential data, maybe say the wrong thing, right? Just give them one piece of data that’s wrong, and if they validate, sir, that’s wrong. Or, ma’am, that’s wrong, then, yeah, maybe it’s real. Get them to give up some information about themselves.
John David M.: All right, so, Will, number 11?
John David M.: Ransomware.
John David M.: Tell them what it is?
Will Callaway: Yeah, ransomware is just when somebody downloads some malicious software, some malware, and it, basically, encrypts all of your files. Whether you’re at home, or at some business, small business, large business, whatever, it just encrypts all the files. It basically asks you to pay a ransom, usually in the form of some digital currency, to some account. They won’t unencrypt it until you pay it. Sometimes they don’t unencrypt it, even if you do pay it.
Heather McKee: So, hang on. Back up. This is a hacker encrypting, or locking all your files down?
Will Callaway: Right, right, right, right.
Heather McKee: Then, you can’t get access to it?
Will Callaway: Yeah.
Heather McKee: Until they release it?
Will Callaway: Yeah. One of them –
John David M.: They’re holding ransom.
Will Callaway: Yeah. One attack that’s pretty clever is, let’s say, there’s a lawsuit. Really big lawsuit, millions and millions of dollars, blah, blah, blah. Right before the case is going to proceed, let’s say a week and a half before, ransomware attack. The hackers will just go after that law firm, they’ll lock all their files. What are the lawyers going to do?
Will Callaway: All of their stuff, all of their discovery, all of their everything locked up, can’t do anything.
Heather McKee: So, how can you protect against that, then?
John David M.: Hold on, I just want to interrupt, just because we’re going to do a whole episode on this, and go into a lot more detail, because it is very specific to the individual or to the organization, the organizational level, or even at the industry vertical level. Finance has many different requirements, then energy, than et cetera, et cetera. You get the idea.
John David M.: Let’s give some basic examples, just to illustrate the idea, and we’ll get into more of it later on.
Will Callaway: Yeah, so, some simple protection stuff. Obviously, you’ll never be 100% secure.
Will Callaway: You can do frequent data backups, don’t keep vital information, only on your computer, which kind of speaks to the backups. Never access any zip attachments in emails from unknown senders. Don’t click on links in emails from unknown users. Keep your OS and apps up-to-date, with patches, and use a reliable anti-virus. There are some other steps, but that’s, I guess I’d say from a small business end user standpoint –
Heather McKee: An individual user.
Will Callaway: Yeah. Like, a home user.
John David M.: You have to understand your personal before you can apply it to business.
Heather McKee: Yeah.
John David M.: Number 12?
Will Callaway: It brings us to disable your device from the Internet when you’re not using it, and same with your Bluetooth. Also, if your computer is not connected to the Internet, then you cannot be attacked unless someone physically touches your device. That’s just a good practice. Don’t walk around with your WiFi turned on your iPhone, don’t leave your Bluetooth wide open.
John David M.: I mean, it’s a pain to do it. Obviously, all of these are guidelines, nobody is going to do everything perfect all the time. You know, you can quickly right swipe from the top on a Mac OS, on your iPhone or whatever, and turn that off and turn it back on. They’re making it that much easier to do. Everyone of these practices you can put into place as often as possible is going to make you much more secure than you would otherwise be.
Heather McKee: So, then, lastly, we came up with a few questions that you can ask yourself, for just a quick security risk assessment. Again, this is on the individual level, not necessarily a business level.
Heather McKee: One of the questions is, what type of data do you have stored on your devices? Photos, work documents, passwords, account login credentials? Think about what you have on there, and what needs to be secure.
Will Callaway: On top of that, next one is, what backup solutions do you have in place? When was the last time you backed up that data you have on the devices? Are you storing it with a hard drive, an SSD? What are you doing, how often are you backing up, and then where are you storing that backup?
John David M.: Yeah.
Will Callaway: Also, evaluate how valuable the data is that you keep on your devices. What would happen if you lost access to them, or the information was lost, it was deleted, you smashed your phone, whatever? Obviously, the cloud is making it a little bit easier to restore some of that stuff, but in individual devices where it’s on the hard drive, and everything is lost or the whole device is stolen, think about how you’re going to recover that data? How are you going to recover your accounts, how are you going to recover your pictures? Whatever you may have that is important to you, you’re going to need to have a plan in place to be able to get up and running soon.
Will Callaway: As we say, the world is becoming more and more digitized, more and more connected, and you really can’t go an extended period of time without your devices that you probably use for day-to-day activities.
John David M.: Sometimes when you lose it, you never get it back.
Will Callaway: Yeah.
John David M.: That happened to us. We had our honeymoon pictures. This was years ago, before the cloud was really taking off. We had our pictures on a thumb drive, and it got broken. We never got it transferred over, and those are pictures we’ll never get back. They’re gone. That’s true of a lot of things. We see it happen all the time.
Heather McKee: To your point about the cloud not being around. So, not it is, obviously. I feel like a lot of people, and especially us, in our business, we share a lot of files on the cloud because we all need to access them, we all need to work on them. That’s another question to ask yourself, just for that quick risk assessment.
Heather McKee: What about your shared files and devices? Who else has access to that data? Making sure that only permitted users have access to the data, but then also, if there’s only certain files they need access to, or limited permissions, making sure that all of that is in place.
John David M.: Yeah. Which is like, you know, least privilege. If you have a sales team, and they have read and write access to the file, and they create the sales report, and they push it to the Marketing Director, right? That Marketing Director does not also, probably, need read and write, probably just read. We don’t want the marketing guy to change the sales report from the sales team. So, that’s just least privilege. But, yeah, that’s a great point, Heather.
Will Callaway: That brings us to more of a more complex topic, which we’re probably going to dedicate a podcast to, or a portion of a podcast in the future, which is just digital trust. What does it mean for digital trust? With supply chain attacks, phishing, deep faking, all these things where people are trying to basically spoof an identity to gain access to your life or your data, digital trust is becoming something that everyone needs to be aware of.
Will Callaway: It’s not necessarily a trust no one, but it’s a be very skeptical of who you’re trusting and why. It’s even one of those things where a relationship you had 10 years ago, and that person reaches out to you online. It’s like, what are their motives now? What do they need? Is that relationship still a thing?
Heather McKee: Right.
Will Callaway: Or, have they moved on? It’s just, you need to be aware and take a very cautious approach.
John David M.: Yeah, just picture worse case scenario.
Will Callaway: Yeah.
John David M.: That doesn’t mean you shouldn’t do it, but just do it with caution. With any of this, just give some thought to it, without just blindly sharing everything out there. I mean, one thing that we see a lot is real time check ins.
Will Callaway: Yeah.
John David M.: Whenever you’re somewhere and check in, well, that can be a good thing, and there are services where that’s great, but also you’re putting a digital footprint on where you spend your time, and where you are in that moment, the patterns and behaviors that you exhibit on a regular basis.
Heather McKee: Well, and also telling someone that you’re not at home right now.
John David M.: Oh, yeah, that too.
Heather McKee: If they’d like to come and rob you …
Will Callaway: Yeah.
John David M.: Yeah, that.
John David M.: Yeah, good example. And there’s a lot of these. What’s crazy, and what’s been crazy to me, and I think for all of us as we’ve learned more about this, is just how you start to think differently about all of this whenever you understand the risks that are out there. What’s possible, what’s not, and how you monitor and change your day-to-day behavior, and how you protect yourself. Little things, here and there, go a long way. They start to add up, and those incremental changes make you much more protected than many of your peers will be, if they don’t make the same moves.
Heather McKee: That’s it for today’s episode, but be sure to check back in this Thursday. Yes, in two days, for our next episode, explaining how AI and ML are impacting job hunting.
Heather McKee: You can always check our website, InsAndOuts.org, for more on the topics we cover here on the podcast. Please feel free to drop us a line if you have a topic that you’d like for us to explore.
Heather McKee: Thanks for tuning in. Catch you later.