SUMMARY KEYWORDS
people, password, backup, website, data, run, security, password manager, machine, virus, big, problem, computer, ransomware, pay, encrypted, lastpass, breaches, antivirus, malware
SPEAKERS
Dan Frederick, Amr The Internet Guy
Amr The Internet Guy 00:04
Hey guys, welcome to a new episode of the online podcast. I have Dan Frederick with me here. Hey, Dan.
Dan Frederick 00:11
Hi. How are you?
Amr The Internet Guy 00:13
Oh, good, thank you. So then I want you to tell people where you are. And what do you do?
Dan Frederick 00:20
I’m in cold Calgary, Alberta. We’re minus 25 today, so I’m not dressed up. I’m wearing my flannels. Yeah, it’s it’s beautiful and sunny. It’s just very cold. My run small business called Claire tech solutions Corp. We, we provide it managed services and data protection for small businesses in Calgary.
Amr The Internet Guy 00:44
So then there is an acronym that he used that I like, and I think he uses What is it?
Dan Frederick 00:54
A friend of mine and I coined it the other day. It’s the JSC framework. So when I was talking to him, I said, we’re just another IT company and he goes, he goes, you should work with that. So see. So it JSC j, ITC another it go for just another IT company. So, we find that that’s not a bad way to start a conversation. Because usually what happens is you try to differentiate yourself. And so you started all the differentiators. And meanwhile, people that you’re talking to her are kind of looking at you going, are these guys just another IT company? And if you if you start with the just another company, then you get that out of the way. And then you can say, okay, and this is how we differentiate ourselves. Yeah. So So the way we differentiate ourselves is more on the data protection side. So we we were kind of security First Data Protection first. And then from there, we we look at your, your use of your data and try to help you with your workflow and deficiencies and things like that. So we bring a lot of technical tools to the table, both from a security perspective, and from a data management perspective. So we find that we can reduce the costs and keep everybody protected, and get good functionality out of their systems through some of the systems we use.
Amr The Internet Guy 02:22
I feel that many of the small business owners, and not the too small because I don’t think the to like if you’re a business, if you’re a sole entrepreneur, and maybe you’re not doing any e commerce, you probably don’t see the value. But if you’re like an e commerce, if you’re even like a small company that sells I don’t know, you’re you’re let’s say you’re a business coach, and you have an online course, which means you have students signing up, and you probably have about five 600 students, and you have the data, right? You probably don’t know that you do need this specific, like even I’m not going to go on the legal framework like that, by law. In some places, you’re required to show what you’re doing to protect this data. But right, General, you probably aren’t aware that you need to do something about it, right.
Dan Frederick 03:17
Yeah, the biggest challenge with ransomware traditional ransomware was you can protect yourself by having a good backup. So you would make sure you have offline backups off site backups, redundant backups, so that if you ever get hit with ransomware, it could actually infect a local attached backup. But if you have an offline backup, then you can recover from that. One of the challenges these days is that ransomware is becoming more of a confidentiality privacy game that they’re playing. And if they they’ll threaten to release your data to the Yeah. Or unless you pay the ransom. And so it’s, it’s pretty hard to defend against that except to prevent it all. So let’s
Amr The Internet Guy 04:07
make it easy for our listeners to figure out what we’re talking about. So ransomware, usually, they used to hold your data ransom in the sense of locking you out have access to your data. So in the past, they’ll just look you that they take your data hostage, and then when you pay they give they restore your access. But that used to be the case, hey, I can’t access my data. So if I have it somewhere on a hard disk that is not connected to the Internet, and I have my backup till yesterday, I don’t really care i’m not going to pay them because I have my data somewhere else. So now what they do they take it and they really like they threaten to release it so that they’ll be releasing your your customers information online. And you know, guess how many angry calls you’re going to get if that happens? Exactly how many legal issues you may
Dan Frederick 05:01
If you’re keeping any financial data like credit card numbers or any private data,
Amr The Internet Guy 05:08
you’d have sometimes names and addresses. If you’re an e commerce and you’re delivering goods, you will have addresses right goes to deliver to these addresses now, and while the credit card data is mostly encrypted, so it doesn’t actually show like the full credit card number. But once you have somebody’s name, a few numbers of the credit card, their full address, you’ll be surprised to how much damage you can inflict. Not you and I but I mean, like for a person who set out to do this or to threaten to do this so they can gain financially.
Dan Frederick 05:45
Yeah, exactly. And so that’s the that’s the big threat that backups Don’t, don’t protect you against anymore. So we have to go beyond the backups and kind of keep people protected before they do the wrong thing.
Amr The Internet Guy 06:00
Yeah. So you, and I mean, I, as you know, I work with websites, right. And sometimes people don’t understand the risks involved, not only online, but your machine, like your own computer, the one you use at home, the one you use in the office, like you may have great security for your website, and your your system that you’re using, whether it’s WordPress or something else, but maybe something on your own machine can compromise your website as well. Like you click and open something you shouldn’t open. And the majority of people think, Oh, you know what I’ve got, I don’t know, McAfee software, like antivirus, or, or something else. Many people use McAfee because we get it if you show, you get it free, right? birth that bc mostly we use show and tell us and show and both of them would give you some kind of a free online protection. But that on its own is not enough. And many people don’t even know how to configure it correctly.
Dan Frederick 07:07
Great. And it’s marginally better than Windows Defender.
Amr The Internet Guy 07:11
Yeah, it’s marginally better than having nothing at all.
Dan Frederick 07:15
Yeah, exactly.
Amr The Internet Guy 07:16
So what does it entail? Like when when the first thing is not like what you do? Or how you do it? But how does somebody know that this is what they need? Because most people don’t know. Is the unconscious? You know, I don’t know what to call it. Is the the unconscious ignorant is it?
Dan Frederick 07:33
Yeah. unconscious, you don’t know what you don’t know kind of thing? Yeah, yeah. Yeah. And, and probably the biggest thing that we provide is security awareness training. So there’s training that’s available. And there’s there’s actually free home courses that you can provide to people that are working at home and to their kids and family members that basically teach you the tricks that the bad guys are using to try to get you to do the wrong thing. And these days, like between antivirus products, they it’s all been rebranded as Endpoint Protection now, because it’s beyond that when they do that, but
Amr The Internet Guy 08:17
that’s another conversation.
Dan Frederick 08:21
Again, it’s part of the Jake c framework.
Dan Frederick 08:23
Yeah.
Dan Frederick 08:24
Um, but so the endpoint protection helps to prevent the kind of the zero day attacks, the ones that have not been identified by the antivirus product. Yeah,
Amr The Internet Guy 08:36
they don’t have a signature yet that they can fraid to figure out that this is bad,
Dan Frederick 08:41
right? So what they will do is they’ll either sandbox it, or actually prevent it from running until somebody can physically analyze that software to make sure it’s not malicious. Okay,
Amr The Internet Guy 08:51
just to make sure the audience because some of my audience are not techies, well, maybe the majority are not techies. What we’re talking about here is is like, as simple as Think of it as a virus. And in order for your machine. Okay, we’re in COVID. I don’t want to say the word virus.
Dan Frederick 09:09
Everybody understands.
Amr The Internet Guy 09:11
Computers get COVID-19. That’s right. So yeah, so in order for your machine to get infected, there’s an action that you should take so bad people or bad actors would try to somehow either trick you coerce you do something usually trick you into clicking on that thing that you shouldn’t click or taking that action that you shouldn’t, in order to activate that infection on your machine. And if you’re if you have proper, proactive protection, that looks and examines all the files and the different things on your computer, when you do get a malicious file, if you click on it, it will just send box it so instead of run it Completely and getting all your machines splashed with these like virus like activities, it will run it in a sandbox, which is like a protected area of your operating system that doesn’t then spread the infection, it just runs separate from everything else and you can terminate that. Action. Look, I hope I, you know, I made it a little bit simpler, and it’s not too techie.
Dan Frederick 10:27
Yeah, and, and one of the products that we sell actually takes it even a step further, and it won’t even soundbox it. So it it, it won’t run the software period, it stops, it stops it from running, and gives you an alert saying that this software is unknown. And that you have to contact your administrator if you want to run it right away, or you have to wait for it to be analyzed. And usually, that takes a couple hours for the lab to analyze the software that you’ve just tried to run. And within a couple hours, it becomes whitelisted media it’s allowed to run. And then you can run it.
Amr The Internet Guy 11:09
Now if it was a that’s the false positive. That’s if if Yeah, so
Dan Frederick 11:16
the old antivirus was always based on a blacklist? Yeah, it would, it would take signatures of every piece of software that you’re running, and it would compare it to its blacklist, and if if what you were trying to run was on a on their list, and that was
Amr The Internet Guy 11:32
the virus XYZ because they know it. Exactly.
Dan Frederick 11:36
Um, but so many, like the zero day vulnerabilities are defined as they haven’t been identified as black
Amr The Internet Guy 11:44
of the name. Like, yeah, there was they were not known from yesterday. So it’s zero. Like we were just zero. Yeah.
Dan Frederick 11:54
And so zero day is another one of those JSC framework terms that everybody’s using, and it’s almost becoming too common. But it’s basically
Amr The Internet Guy 12:06
the one that was I was at a hospital, I don’t know, when there was a big ransomware attack somewhere, it was called zero day, right? And when you look at all the computer screens, everybody, like you have, I don’t know, three 500 employees. And all the screens are just showing the same thing.
Dan Frederick 12:24
Now, it could be pretty scary, for sure.
Dan Frederick 12:27
Yeah.
Dan Frederick 12:29
So yeah, these new products, they, they they’re based on a whitelist, where if it’s not specifically allowed, it won’t run that it won’t run. And so that’s, that’s kind of that next level of protection,
Amr The Internet Guy 12:43
does that slow down the machines performance?
Dan Frederick 12:48
Not only more than, than their traditional Av. In fact, you could argue that it’s probably quicker, because on a, on a typical PC, you might have, let’s say, 10,000 programs that you you run, and those 10,000 take up a lot less space than the 200 million out there that are there to blacklist, right. So you you kind of have to let you look at less signatures if you’re whitelisting. Right.
Amr The Internet Guy 13:25
Yeah, cuz like you. It’s kind of you told your machine, what programs it’s allowed to run. So you don’t have to check it every time. It’s there already knows these programs are good. Versus the traditional antivirus. For every time something runs, it has to go and check its own blacklisting, and figure out is it there? Or is it not there? So every time it has to ask the question, which takes a few seconds.
Dan Frederick 13:52
And, and some software is better at that than others, and they traditionally the they always have to update their signatures, they’re always downloading signature updates. And that might happen every hour, it might happen once a day. And that’s, that causes a lot of slowdown as well while it’s updating and then there’s the scanning. So if it updates its signature now it has to scan your entire
Amr The Internet Guy 14:20
according to the new Yeah,
Dan Frederick 14:22
yeah, sure. To make sure that nothing slipped through the cracks yesterday. Um, so yeah, it’s it’s a challenge. The newer the whitelisting technique is I think it’s a lot more efficient and probably a lot more secure. But beyond that, the security awareness training the the idea is to try to stop you from clicking on those Yeah, those malicious links or running the malicious files for the antivirus seeds on according to cover
Amr The Internet Guy 14:51
photo. That’s the Anna Kournikova. Yes,
Dan Frederick 14:56
exactly. This
Amr The Internet Guy 14:57
one back in the day But then I can’t remember which year was it? 2002? or something? I don’t know.
Dan Frederick 15:03
Yeah. Who can resist? Who can resist?
Amr The Internet Guy 15:07
I think she’s a bit too old now. But
Dan Frederick 15:09
Exactly.
Amr The Internet Guy 15:11
But yeah, I mean, that’s the thing is they used to hide this in different ways. And one of them was, it looks like a picture, and then you open the picture, you get infected with a virus. And it’s like, pretty hard to get rid of that virus without losing the problem is not just getting rid of the virus. I mean, I don’t know, if you think of it like medical terms, right? You’ve got someone who’s sick, got like, I don’t know, a tumor on the brain. If you hope or rate on the tumor, you could take a piece of the brain with it, which makes the person are able to function. And that’s pretty much the same way. Like, you could disinfect the machine but lose all the data or some of the data. And that’s not something you want. So it’s not about that the fix is easy. It’s about at what cost with this fix come? Right. And prevention is usually easier than, you know, treatment.
Dan Frederick 16:06
Yeah, the the whole back to the ransomware thing is, is paying the ransom is such a controversial. So there’s, there’s talk, I just read the other day about outline paying a ransom. So if you get hit with ransomware, it would be illegal for you to actually pay they Yeah, yeah. And they say that’s the only way that you’re ever going to be able to stop that. But in the meantime, you’ve got all of these. Yeah, that would be in severe pain.
Amr The Internet Guy 16:38
Governments, even I, I’m not talking about something as big as the federal government, but a city like you know, the city of x, y Zed, they get hit, they get a ransom demand, they’ve got some money, and they can be locked out of these machines, or they can’t risk all the information because like a city has, you know, your your city taxes. How much is your property worth? Where is it? They have the blueprint of your property? Like, you know, at the
Dan Frederick 17:10
The University of Calgary was hit a couple years ago. Yeah.
Amr The Internet Guy 17:13
Oh my god, all the students in the grades
Dan Frederick 17:16
file in the professors. And so you get a lot of professors that are paranoid about their own intellectual property,
Dan Frederick 17:24
of course, research there.
Dan Frederick 17:27
So they’re less likely to store it on a server, they’re less likely to have it backed out properly. And now the
Amr The Internet Guy 17:34
web today? Yeah, if they’re not gonna store it on the server, where would they store it? Just take it. Okay,
Dan Frederick 17:43
flash drives were there. But that’s funny,
Amr The Internet Guy 17:45
because like, if the same Professor communicates with someone who they think they know, maybe they don’t, but like, you know, someone posing as a student halfway around the world, doing research, wanting you to oversee the research, send your file, you open the file, and boom. It’s so the problem with what most people don’t know, is that most IT security issues are actually user related. Like, it’s, when we talk about hacking, yes, it does happen that somebody from completely outside of your realm, or network or location, can try and like crack your password or whatever. But that’s like, maybe 15 20% 80% or more, is something either you or another user within your network in that building or location, an action that they took, so it’s usually user related. And funnily enough, like when I studied security, back security back in the day in the 90s, we used to laugh about it, because it was mostly a social engineering sort of thing, which is what people are getting now. Like, you know, somebody calls you and tells you, Hey, I’m from the government, some I don’t know, sometimes it’s, I’m from CRA, and sometimes it’s your social security number has a problem or whatever. And of course, like when I get these calls, split of a second, I know it’s a fraud right away, like I don’t even think about it. But it’s surprising because when I speak with my colleagues and other business owners, the number of people who are duped, maybe they didn’t go all the way like at some point, they realize the person had an accent or whatever it is. But you know, we all do have accents here as well, like, yeah, have a government official, who does have an accent that’s normal in Canada.
Dan Frederick 19:39
Exactly.
Amr The Internet Guy 19:40
Normal is that they don’t demand whatever demands so if you’re unaware, the latest thing I read is like people are getting calls from people impersonating Amazon. They will say there’s a problem with your shipment and we need more information about your address and what I don’t know, like, you know, what’s the end goal? Like? What would they get when they know your address? And how would they use it? But it’s funny. Like we, I don’t know, the banking, for example, the online banking passwords ever, banks did not like special characters. So your E banking is less secure than your Facebook account. Like, why you guys like it is, you know, we want two things, we want a very complex password. And we want a second way of authentication so that it’s not a, you know, somebody gets one thing and they get access right away.
Dan Frederick 20:43
Right? I always, I always used to joke that. It doesn’t matter how long and how complex your password is. A computer can read it. Yeah, right? Yeah. So if if you’ve got malware on your computer, long, complex passwords aren’t gonna help you. Because they’re easier for the computer to remember than they are for you to remember.
Amr The Internet Guy 21:06
And for as long as the computer is on, it’s just, it can keep trying, it doesn’t matter. It’s got nothing to do.
Dan Frederick 21:12
Yeah, that too. So, yeah, training is a big one. And understanding how, what where you’re at risk and understanding how to recognize threats. And and stop it, in addition to some of these technical tools that we have.
Amr The Internet Guy 21:30
So when you mentioned the word framework, so I’m, I’m trying to ease this into like, a, it’s a set of processes and tools that work together. And the process is education. So that training will actually make people less vulnerable, because they know more. And I know they can easily identify the good, bad and the ugly.
Dan Frederick 21:57
One of the biggest challenges with the work from home model is that now it’s not a company device necessarily that I’m trying to protect. It’s your home device. And home devices are notoriously unprotected. Yes. People just don’t care.
Amr The Internet Guy 22:17
Yeah, it’s a computer in my house like so. My I don’t some of them don’t even have a password.
Dan Frederick 22:23
Yeah. And it came with a 60. Day
Dan Frederick 22:25
on
Dan Frederick 22:27
came with a 60 day eval of McAfee and
Dan Frederick 22:31
expired 10 years ago. Yeah,
Amr 22:33
exactly.
Dan Frederick 22:35
It keeps popping up. But I just hit cancel
Amr The Internet Guy 22:37
it’s like, yeah, yeah, I’m probably I’ll call for support, just to hide the message not to take the action. I don’t want to see this anymore. Can you get rid of it? Yeah,
Dan Frederick 22:48
exactly. And so. So home users are have been a challenge. And because they don’t have the security that they need. So the education becomes even more important at that point.
Amr The Internet Guy 23:00
Yeah. And we don’t load lots of stuff. I mean, we’re lucky now, at this day and age that, for example, for our entertainment, we’ve got streaming networks like Netflix, and the likes and Google, Google know, Amazon Prime. But in the past, we used to actually download songs to just, you know, take on the road. And there were at some point, peer to peer downloads, which were, at some point made illegal. But in the beginning, nobody knew any better. So you’re actually connecting to some home user halfway across the world, that you don’t even know the name doesn’t even appear, but you’re actually downloading something from their computer. And that thing, you may think it’s a song, but you’re probably downloading some malware with it, or, you know, we were kind of lucky that we didn’t have a major crisis back then. And, like, the worst that could happen at the time was just a virus, a computer virus, that either your antivirus would catch, because it’s in the list, or you go to a professional and they disinfect the machine for you. You pay like I don’t know, $100 or, you know, 150 or whatever. But nowadays is more complicated because the data, this is the thing, your, your laptop, let’s say you’re traveling with your laptop, and it’s your personal laptop, but you also use it for work. If you forget it in the airport hole. The hardware itself cost like $1,000 or less or more, a little bit less a little bit more roughly like $1,000. But the data on that thing is priceless. It depends on what data you have, you know, what type of industry you’re in. If you have intellectual property on it or not. It’s like so think always, how much is this data work? works. And if it does, it is worth a lot to you. But if you don’t know what it’s worth, you got to think so What is it worth to a criminal then? Like, if you don’t want to know what it’s worth for you like, okay, in the wrong hands, how much damage can be done? if somebody gets this data? Not only your yours and your clients?
Dan Frederick 25:23
Yeah, exactly. And so when we’re dealing with laptops, we always insist that it’s encrypted. And I don’t really care, like so many people say, Oh, I don’t store anything on my laptop. I don’t store anything on my laptop. And you’re like, come on, you do, but
Amr The Internet Guy 25:41
you don’t. You do, but
Dan Frederick 25:43
you don’t know. And, and if you lose your laptop, now, you’re like, what did I store on that thing? Yeah. And it’s, it’s not a conversation you want to have, it’s so much easier, just encrypted, out of the gate, and make sure that it stays encrypted. And it’s, it’s still not guaranteed that that data is what is better? Yeah, we’re
Amr The Internet Guy 26:05
making it harder for a criminal to get access. Because like, if it’s gonna take them a long time, they’ll just will we hope that just drop it and go, tried to find somebody else to attack, right? And because they’re not gonna waste two months trying to encrypt your hard disk, only to find your beach photos or whatever.
Dan Frederick 26:27
Or your 1999 taxes or something like that.
Amr The Internet Guy 26:30
Yeah. The one of the worst, actually breaches that happened was life labs. I don’t know if you have them in Alberta, but it was one of BCS biggest, you know, where you go to do your blood test? To figure out whether you have diabetes? Or you know, your your general health? Right. And it’s a big I think they had the date. I can’t remember the number but like millions of people, I think they don’t only operate in BC, um, I, I’m not 100% sure. But let’s say they’re only in BC, and they have 1 million British columbians. So it’s you like your name, your address? Probably your social security?
Dan Frederick 27:17
Number, your healthcare number? Yeah.
Amr The Internet Guy 27:18
And definitely your healthcare number. Right. And, of course, your test results. So if this, I I’m not 100% sure, if they pay the ransom, or what was the case, exactly. But we learned about the data breach three months later, after that company dealt with it already, like it wasn’t made public at the time. And I think they had to answer to the government as to why they didn’t tell us why they didn’t tell their customers that our data like was breached until three months after, which is by then too late. If somebody is acting badly on this obtain data. And what they did, they were forced to give us, I think, a credit monitoring service so that if somebody applies for a loan or a credit card using your details, you’d know, right? It doesn’t fix the problem, it just tells you something wrong is is happening there. And then you’re on your own pile trying to prove that it’s not you, but like, at least you can go to the you know, the credit unions and say, Hey, you know, I have this and I’ve been notified by this company. And I think that’s a result of their data breach. But it’s, it’s a nightmare. Like, I think their share went down. Like they lost a lot of their reputation. And now they’re trying to figure out how to get better. And they asked everyone to change their passwords on their online, you know, the system that used to book your tests, but it’s a nightmare. It is. It is if you think something is
Dan Frederick 28:57
getting much better. There’s the dark web scanning tools. Yeah, elbows. Well, the Have I been Oh, yeah, I’ve
Amr The Internet Guy 29:07
got my email. My email has been on the dark web for, I don’t know, seven, eight years. But luckily, the tools that I use, they only come up with my email, which is okay. It’s public anyway, like, you know, people write the website or different places. You write it? I don’t know. You go somewhere. You write it on a piece of paper. And yeah, like what is it with paper like that the government specially they love paper. They don’t do anything this well, they don’t do much that some of some of the departments are better now. I think also post COVID. Finally, they realize that they have to do stuff online. Like Imagine if the serve money that we’re paying, were checks that come through the post and not an electronic transfer to your bank account. Everybody would have been Queuing outside some federal government building, getting COVID instead of getting the check.
Dan Frederick 30:10
If this pandemic had hit 20 years ago, it would have been way more devastating. I know.
Amr The Internet Guy 30:16
Yeah. Oh, yeah, we couldn’t work from home. We got any support without going somewhere in queueing? The government wouldn’t have known what to do then. Yeah, true. But till today, like, you go and apply, I don’t know. You want to renew your passport, for example? Okay. So why do I have to fill in a big form? That’s a few pages long. When you already have my data? Why can’t I just go online? Select click, pay by cash? You already have my data? Like, what do you need? Now? Exactly. And then I keep thinking, Okay, with 34, or 35, or 36 million Canadians? How? Where are you going to store all these papers? Like what happens to these passport renewal and new passport application? forms? Where are they kept? They’ve got everything. They’ve got everything about you right now. So it do and what we I honestly have no clue was the government policy, when do they destroy these documents is that after they issue the passport right away? Or after a year after 10 years? Or like, what happens? Because at some point, you got to destroy it, or you run out of space?
Dan Frederick 31:41
Well, then you have a privacy issue on the back end, right? Yeah. Like we used to say, I always have this expression, you know, you can never have enough backups, right? And until I started working with medical doctors, and health clinics, and that kind of thing, and it’s like, okay, you can never have enough backups. But you can’t keep after seven years, or whatever the number is, we got to start purging those backups. Yes. And so now we’ve got too many backups. And so then there’s, there’s data challenges on the back end of that as well, right? Yeah, the government has it has it exponentially bigger challenge on that. So of course,
Amr The Internet Guy 32:25
like, you know, storing it, making sure it’s safe, because a lot of the breaches are also physical breaches, not online breaches. So you could have a facility that’s not connected to the internet. But if somebody enters was not supposed to be there, they can get something that they’re not supposed to get, or they’re not supposed to see. So is the level of clearances like there’s a lot that physical security as well, as is very important. And I don’t want to over complicated because we’re usually talking here, especially in our in this podcast, for an advocating for and on behalf of small businesses. So yeah, they don’t have this, but you got to think about it as a business as well, the data that you give, and the data that you receive, where is it gonna end? And this goes, like, you know, I talk a lot about website security, because many people kind of leave it alone, because it’s not a sexy subject, right? Like, I create a website, I pay the web designer, a sum of money, whatever it is, 5000 $3,000, whatever it is, I launched, it looks beautiful, it works. I forget about it, I go home. That’s it. I’ve got a working website, and I don’t really think about anything. And if it’s in WordPress, which is very versatile and very nice. And it’s really one of the best frameworks that you can use for a website. But it does need to be updated. And the problem was, is that usually people think, Oh, you know what, it updates itself? It auto updates. Yeah, the problem with that also that you have is not just the regular site, but you’ve got some plugins working and these plugins are made by different people, right. And sometimes they don’t play nicely together. So you end up with a conflict. That conflict can either be a security issue, like leave your website vulnerable to attack or malware, or simply just break the site itself like you accept the site and it looks broken like the look and feel isn’t what it’s supposed to be because some updates conflicted with each other. The other party says to their business owners do two things and both of them are wrong. If you leave everything on auto, it’s better than not doing the updates at all. But both of them are wrong. What you have to do is to get a professional to look into it any professional like a If you have an IT employee who’s good with web stuff amongst your staff, or someone you know, or your web designer or somebody, but you always have to have a professional looking into this as frequently as twice a month. And you know, I’m not saying go and pay someone by the hour to look into it twice a month, many people and many web design and development companies, they have a monthly maintenance plans. The problem is people don’t understand what therefore, this is exactly what they’re for, to have proactive security, to get your updates and upgrades on time, and most importantly, to have daily backups. So if a crisis hits, you can just revert to yesterday’s backup. And you’re up and running in minutes. If your website is really, really big, and it’s an ecommerce, one, with tons of products, you’ll be up and running in hours. But if you don’t have any of this, your website will be down for weeks. And sometimes, I’m not saying this to scare people. But sometimes it’s not even possible to get the stuff back anymore. It will all depend on where it was hosted, where the attack happened, how it happened, and what kind of attack. And I know that people think about hiring a second. Most of the hosting services are run on Linux, and Linux is safer than Windows. Why are their attacks? Well guess what? The majority of business owners have their WordPress username, admin. Right? And password 1234 or whatever or your birthday or, you know, exact complex enough and it doesn’t have a second authentication measure. So like if you leave it as admin, or Okay, there’s there’s another case, which is really nice. Security by obscurity. Many people just hide the login page. think oh, you know, attackers will not find it really, if you can find that they can like, it’s still very just called something else.
Dan Frederick 37:11
Yeah, exactly. Where
Amr The Internet Guy 37:12
do you log in yourself? Like, is there? So like, yeah, let’s just high the login page. And leave the the admin username as admin and have a weak password. Because I’m not bothered to remember a complex complex password. It’s just too much for me.
Dan Frederick 37:32
That brings up another point around the dark web scams, when you do find that you’ve got an email address that’s been violated, and potentially a password that’s been violated one of the one of the ones that I ran into the most, this was a few years back. People were getting emails saying, I’ve got your access here, your system, your email addresses this and your password is this. And I had clients phoning me saying, how do they know my password? Yeah. And I’m like, I think it’s probably your LinkedIn password. And they’re like, I don’t even go on LinkedIn. And so then I would go on to LinkedIn, and I would use their email address login password, they log into LinkedIn. Yeah. And I’d say, look, I just got into your LinkedIn. And so the the big lesson there is to a not use the same password on every site.
Amr The Internet Guy 38:34
Yes.
Dan Frederick 38:35
Use a password manager.
Amr The Internet Guy 38:37
Yeah, exactly. And that some of them are free, like you have no error.
Dan Frederick 38:43
Like password managers provide so much benefit. And so like some of the benefits are just a one place that you can securely record all of your passwords. I
Amr The Internet Guy 38:55
can’t remember anything like in general, if I don’t write things down, I forget. Exactly. Could be age, I could have some ADHD. I don’t know what. Yeah. So two, there are two applications I can never live without. And note taking application, whatever that is. It could be Google notes or Microsoft key. So why am I mixing stuff now Google Keep and Microsoft OneNote or Evernote like my favorite one is Evernote because it’s easy works on the phone. It’s just seamless, and a password manager. So I used to use last pass. And I used to recommend them. They’re quite good and they’re still good. My only issue with them was when I needed customer support. It wasn’t up to the mark. So I switched and I use something else now is something called dash lane. But there’s like so many of them. And some even some antivirus software now have a password manager embedded. And Google Chrome the browser does have a password manager. We used to tell people don’t use it because if you’re hacked or if you browser as a problem, the password used to be stored unencrypted. But I think Google now at fix that. And now the browser Password Manager is encrypted. But an application is really better than a browser Password Manager because you have it on multiple devices, and it synchronizes. So if you use a password on your machine, and then you go on the road, and you want to access the same website, using your phone, your password is you don’t need the same browser. Especially if you use Windows at home and an iPhone, you’re going to have Safari on your phone, and chrome or, or aura.
Dan Frederick 40:41
Exactly. The thing that Microsoft thing we like about LastPass is that we’re able to share passwords with
Amr The Internet Guy 40:48
without giving the password, yeah,
Dan Frederick 40:50
well, or we can give them a password as well. So we can have a particular vault that we share with our client. And so now our client has all the passwords stored securely. And we can share it without actually
Amr The Internet Guy 41:04
this is a great idea to share with web designers because I build a website for somebody. And then maybe I’m also taking care of the hosting. I create emails for that account on that server. And sometimes I create a new Google Mail for them so that we can have analytics for them to see who’s visiting the website, where they’re coming from, and whatever. So you have multiple passwords. What happens after we launch, we send an email to the client with all the usernames and passwords. Because like I as the designer, my job is done here. And I’m handing over the key to you, Mr. customer. And I I mean, I don’t like sending all this information in one email, if it’s if they get hacked, if their email gets hacked, someone can read this message, then they’ll end up hacking everything else that we created for them.
Dan Frederick 42:00
And nobody changes their password after they get no,
Amr The Internet Guy 42:03
no because they want if they forget, they want to go reopen that email, copy it from there. And yeah, I mean, I’m not saying people should be security paranoid, but but they should be security parents, we go for convenience. And it’s not always the best thing. So use a password manager is so easy, maybe if I do create a new LastPass account, and then share this group of password for this client, because this is the passwords for this specific client, that group of passwords for the next client and, and so on. And then it will keep them in silos, and at the same time, secure and then the only password I should share with them is how to log in to their own LastPass. Or maybe they can create their own account also on their own. And you can share with them with them without sharing any passwords. Yeah, and everything is encrypted. I know this to the listeners. We’re not trying to outtake you here. And basically we’re thinking out loud together to figure out the best way to share usernames and passwords because the best way is definitely not by email. And for those of you who say, yeah, you know what, I’m going to share it using WhatsApp or SMS. Same thing. If you lose your phone somewhere, somebody is going to get access to all of that.
Dan Frederick 43:33
What I usually do if I need to do an old school is a email you your username.
Amr The Internet Guy 43:39
Yeah, and then the password by SMS alone. I text you your password. I say string of gibberish takes that no one knows what it’s for. Yeah,
Dan Frederick 43:47
yeah, exactly.
Dan Frederick 43:48
I do like chain like split it.
Dan Frederick 43:50
Which is a pain when you’re trying to look that password up later.
Dan Frederick 43:54
But I got the email. I don’t have the text.
Amr The Internet Guy 43:59
Yeah, I mean, a password manager. As I’m saying like LastPass there’s a free version, you have no excuse. Okay, basically how it works, you create your own LastPass account, you create one master password to log into LastPass account, that password should be complex, but should be some things that you can never forget. But it’s it’s complex enough it’s not like your birthday or your pet’s name or whatever, right, then that’s the only password you need to remember everything else LastPass would remember for you. So or if you use another like different, you know, competing Password Manager.
Dan Frederick 44:40
Yeah, and the nice thing about those is that they provide autofill when you when you go to login into your WordPress website, it’ll automatically fill your username and passwords. You don’t have to remember it or look it up. The other thing it’ll do is create passwords for you. So when you’re creating a new account on the web, website, you don’t even have to think about it. It’s a generate password. And it creates a password. And it can be anywhere from eight characters all the way to like 75 characters. Yeah,
Amr The Internet Guy 45:10
I know, some clients would hate me because of the complex passwords, I send them. And they said, How do you remember that? And I say, Well, I don’t write a software that remembers it for me that that’s exactly the idea. It’s hard to crack because it’s like a string of, you know, capital small and characters and whatever. And it’s not, it’s not like some people think, okay, I’m just gonna go with a with a sentence like, I don’t know, the laser focused on over the lazy sheep or whatever.
Dan Frederick 45:39
Yeah, The quick brown fox jumped over.
Amr The Internet Guy 45:41
Exactly. Thank you. You have a better memory than I do.
Dan Frederick 45:47
I’ve typed that so many times.
Amr The Internet Guy 45:51
I only see this one I’m doing. I don’t know something in the screen in the display settings in my computer. I can’t even I think school clear type.
Dan Frederick 46:01
Yeah, clear. Yeah, or true type or something like that.
Amr The Internet Guy 46:04
Yeah. That the brown fox jumped over the lazy, whatever. Yeah, no, in in web design, we have lorem ipsum. Dolores, which is the Latin text. But yet, when you’re designing a website, and the client didn’t give you enough content yet, and
Dan Frederick 46:23
many insights and still have that on it.
Amr The Internet Guy 46:27
Me too. Yeah. But they’re not mine. But like, sometimes I see this. And they don’t even bother changing the text. You use this as a placeholder. So you know, every element of the design comes in the right space, because you know how much text you have? And how big is the image. And since you don’t have the right text, you just fill it with any dummy.
Dan Frederick 46:51
Lots. It’s classic. Yeah.
Amr The Internet Guy 46:53
And some people take the website pay for it. And they were meant to change it the next day, but they’ve never done it.
Dan Frederick 47:01
Oh, look at my site.
Amr The Internet Guy 47:03
Yeah, it’s funny. Sometimes it’s at the bottom of the page, like they’ve done the work. And it the site looks brilliant, until you scroll down, and you find like, one paragraph there, or the address when the address says 123 any street.
Dan Frederick 47:19
I’ve had that with MailChimp. you compose a MailChimp email, and you copy it from previous campaign. And there’s all of those songs. Oh,
Amr The Internet Guy 47:30
my God. Yeah, yeah,
Dan Frederick 47:31
I accidentally left a link on one of the sections that goes to an old campaign.
Amr The Internet Guy 47:39
Yeah, we’ve all been there. So yeah, so to sum it up, like guys, okay, we’re not scaring anyone here, we’re saying that you need to seriously think about your machine security, your website security, especially if your computer is like, if you’re working from home right now. And your computer wasn’t given to you by your company, if you if you work for a company, right. And if you’re, if you have a website, or you do anything online, anything, you know, as simple as somebody filling a form on your website, to contact you, you’ve got their name an email, so this data should be protected somehow. And by the way, this is not something that takes days and years or, or even hours. Like it’s just if you have somebody proactively looking at your overall security, they’ll get this done for you. And most of these services are on a kind of a monthly retainer, that’s not expensive. And there’s so much value that you get out of it. More importantly, you avert a big crisis. And even if it hits, God forbid, like, usually it wouldn’t, if you’re doing all your proactive stuff. But even if it does, let’s say your website has a problem from the hosting company, like you’ve done all your due diligence, and you’re protected very well, by your hosting company has a problem, right? From your backups, we can restore everything back again to working condition on a new web hosting. So you know, it’s not a big deal. And the automated thing, that’s the thing, because the antivirus people or the antivirus software companies would like to convince you that it’s a set it and forget it. And in all honesty, some of it is if you’re attacked by the old style viruses that already exists in the database. Fine, catch it, you know, but what they don’t tell you is that not everything is in the database, as we established today. And there is something and again, I’m going to use a technical term because there’s the name, and it’s a it’s a it’s a complicated name. I can’t pronounce it right. He ristic like there’s a heuristic type out of matter. viruses, which simply means they change the signature. So that the, as we’re talking that bad stuff, like viruses and malware have a distinct signature. And every time they infect the machine, they behave in a certain way. The heuristic ones, they don’t have any specific, distinct signature, they change. And, well, pretty much like COVID-19. Got a new variant? Yeah. Oh, God, like, I didn’t know that I’ll be saying this about human viruses as well as computer verses in the same sentence. So yeah, with these heuristics stuff and variance, you do need, again, pro active security, not the reactive one, the set it and forget it, one, you know, so you need a specific framework, you need a, you know, somebody human being not just software, software is a great tool. But sometimes it doesn’t work without a human behind it, that my experience tells me that.
Dan Frederick 51:07
Exactly. And it’s, you always get into trouble when there’s nobody paying any attention.
Amr The Internet Guy 51:15
Yeah, I mean, I know, like, I’m gonna get probably like bad comments for this. But like, think about something really, really bad, like 911. From all what I’ve read, post attacks, analysis from the FBI and the CIA, they had the information, it was just too much information. So they couldn’t analyze it on time. That was the big main issue. Like, the information is there, the intelligence was there, it was just too much of it, to the point that it was tons and tons of data, and the human beings were like, the, the resources weren’t there enough, you know, to decipher all this in time to prevent something bad like that. And again, I’m not drawing any relations between businesses and, or, but I’m just saying it’s a, an attack, that can happen somewhere, you know, and I’m, I’m saying that, after the crisis, they discovered that they’ve relied pretty much on AI alone, and machines alone and a few human beings, but not enough to the point that they couldn’t prevent it. So take this on a smaller scale, which is an attack on a website, on a business website, and you know, could be a restaurant could be a painting company, or a flooring company, or a lawyer or, you know, a yoga teacher or something like that. And imagine people come to your website every day to check your classes, or to check, you know, your posts, sometimes to interact with your posts, to learn something, to get some free training, download a file, whatever, like people like to come like, if you have customers who are loyal customers, they always check your website, you go to networking somewhere. The first thing anyone who’s interested to communicate with you or connect with you is going to do is to go and check your website out. Right, exactly. So imagine if this is off for a couple of weeks or a couple of days or even a couple of hours? Or if it’s too slow, because it’s under attack.
Dan Frederick 53:32
And your work has been flagged as malicious.
Amr The Internet Guy 53:35
Yeah. or God forbid, if it’s been completely defaced. And they go and find some, I don’t know, forbidden illegal stuff in there. And you could get a call from a security agency in your country, just because you got hacked and something appeared there. That is not something I’m like, Yeah, I don’t want to say keep repeating the same thing. I’m from the Middle East, originally. And that scares some people not about me, but about the word Middle East. But yeah, imagine if somebody from I don’t know ISIS would go and post propaganda on your website. How would that make you feel to the local authorities? Or again, we’re discussing security so I know that this specific episode could land us in hot water but like all the AI would now who are that are scanning specific words and oh my God, the Word ISIS appeared the word FBI appeared the word CIA, the word 911. Less. Hey, my American friends, I don’t mean any harm. We’re just telling people to be vigilant and actually be on the right side, you know, protecting their businesses protecting their reputation. And that’s, you know, I didn’t want to initially give such a dark and bad examples, but it when it happens, I, the numerous the numerous times I had, I wouldn’t call them clients, prospect clients because we didn’t end up working together, because there was not much that I could have done for them. Right? The amount of times I don’t know, I think like in 2020, probably 11 or 12 calls, asking me if I could help with a website that has been completely hacked, or has been infected with malware, and they have no backup. Okay, but there’s nothing, you know, I mean, yeah, there is something to be done. But the cost, and the effort of getting it done, will just be too much for small business to bear. You know, like, literally, if you have no backup, and you’ve been compromised that badly. It could take days to try and like, you know, the course first you have to get the data back, which is all the data including the infection, then you have to actually clean up the infection and bring back the good data only. And this could take weeks. So if you think of it, you know, the cost involved would be just too high for a small business to bear.
Dan Frederick 56:19
And it’s almost like starting over again.
Amr The Internet Guy 56:21
Yeah, it leaves is just to go and build a new website. In all honesty, just pay somebody like how much are you going to spend $3,000 is better than actually spending, I don’t know, three, four times, even five times that amount and waiting four or five, six weeks, or maybe sometimes longer for it for this to be done. So backups are very important, guys. And when you do have a backup, because I’m gonna say something really funny, actually try it, try to restore from a backup, don’t have a backup, throw it aside for the rainy day. And then when the rainy day comes, it doesn’t work because you haven’t tested it. So I’m not saying test every single backup. But if you put in a backup system into place, the first time you use it, test it, chances are it will continue to work as intended after that, but test it once. So you know what I do? I’m going to talk about a website, because that’s what I do. You create a clone of your website, put it on a staging server, not you know, not the original one. Use your backup so damaged this website, somehow go and delete the files from your WordPress folder or tamper with your database or something and then go and restore from the backup. If it works. And everything is back the way it should. That backup solution you have is good and it’s working. And that’s that’s what we do when we do our maintenance plans. Basically, we take your daily backups, and then we test the first time we don’t test it every day, of course, or we don’t test every single backup there will be too much work to do. But good idea, I assume you do the same thing with with backups, like you look at computer backups are a little bit easier. Because the operating system is the same. Like can when I backup a website, I’m using Windows, the website is on Linux, the so I can’t just look at the file structure, I have to restore it to a website in order to see that everything works. But on my PC, when I have my own backup on a hard drive, I can simply just go to the hard drive and open and see that all the fires are they open and they work. You encrypt it and then when you need it, you decrypt it and then you look there and you know, you look at the stuff and if everything is working, you’re able to open the documents, you’re able to save them, then your backup is a good one.
Dan Frederick 58:48
depending on the complexity of your backups,
Amr The Internet Guy 58:50
yeah. Yeah, sometimes you actually have to test to really tested like, yeah,
Dan Frederick 58:56
yeah, yeah, there’s there’s virtualization backups. Oh, yeah. Cloud backups, and you name it.
Amr The Internet Guy 59:04
Oh, you can? Yeah, that’s a great idea, then as well, like, you could you could put it on a virtual machine. And so like, you know, I it’s a big dog. So for the users at home, don’t attempt that on your own.
Dan Frederick 59:18
That’s right. That’s when he ain’t getting the professionals involved. I
Amr The Internet Guy 59:22
mean, okay, it’s not gonna damage anything if you want to get into virtualization, but it’s gonna consume a lot of your time that you should be spending with your clients instead. Unless, you know, you’re just doing it to learn and you want to get into it, then by all means, go and explore virtualization virtual. Something is wrong with my tongue today. virtualization, through virtualization, because it’s actually if you’re like tinkering around with stuff, it’s it’s actually very nice. The concept and how, how much you can get done with this and how many you know, you could Practically test anything on anything. You could have a Mac operating system running on a Windows computer or whatever I used to do that. Yeah, back in the day, like, I don’t know, when I was way younger. No, I don’t have the patience now that I do it if I have to because I want to test something. But like, all the we used to I don’t know, we used to run even Xbox software on a Windows computer before Microsoft made them compatible. Right? just for the heck of it. I don’t know why. Presumably at the time, computers were more powerful than consoles, gaming consoles. But now since the gaming console is dedicated to only do one job, it’s way better than a computer. Right and running your games unless you have a gaming. Greg.
Dan Frederick 1:00:50
Exactly.
Amr The Internet Guy 1:00:52
Yeah, so I think I’ve digressed a lot. But we’ve covered that, like we’ve covered the security part. And I just want to say to all the listeners, if you have any issues, you think you have issues, you need more information, you want to discuss things further. I’m going to post Dan’s links below this episode. If you want to have the same conversation about web websites, you can have a conversation with me. You know where to find me. Everything is posted below. And, Dan, do you have like any, like a consultation call or a free discovery? or anything? Yeah,
Dan Frederick 1:01:35
yeah, a free 30 minute consult. You can access my calendar off our website. So if you want to book something through my calendar, it’s, it’s available there. Yeah, I
Amr The Internet Guy 1:01:46
like that. Because I mean, in most cases, maybe you just have a question. Maybe someone just has a question. They’re not sure about something or they want to start they don’t know where to start, or they’re afraid. Some people think when we talk IT services that is going to cost an arm and a leg. It doesn’t. It costs an arm and a leg to fix it when the crisis happens. But there’s no crisis. The regular services is something that’s affordable, and it will be tailored to your specific needs. How many machines you have, you know, what are you trying to protect you have consumer data or not? You know,
Dan Frederick 1:02:19
I’m always happy to help. Yeah, to say it’s always good to have an IT guy in your back pocket.
Amr The Internet Guy 1:02:24
Exactly. is always have to have an IT guy and a genetic is a genetic. Jc jc jitsi just another IT company. I did see. I hope we didn’t scare people. And I hope the CIA is not going to be knocking on the door tomorrow after we publish the episode. Hey, guys, we love you, especially the movies that you make about yourself. Thank you very much, Dan, for being my guest today.
Dan Frederick 1:02:57
Thank you, Amber, it was great to be on.
Amr The Internet Guy 1:03:00
And I hope is not going to be the last time we speak I think, let’s see, like, what’s the feedback? We maybe take like, do like some mini series about one issue? Because I think, you know, talk about security digital in the digital age is not a one time thing.
Dan Frederick 1:03:20
Now like he could have an entire episode just on password managers.
Amr The Internet Guy 1:03:24
Yeah, exactly. I’m gonna I’m gonna post the links as well to LastPass and dash lanes and you know, the tools that I’ve used before that I know are reliable and good. Now maybe the next episode will be about VPN.
Dan Frederick 1:03:38
There you go.
Amr The Internet Guy 1:03:40
Thanks a lot, Dan. Have a great day. Thank you
Dan Frederick 1:03:42
Same to you