This is an Auto-Generated transcript, it will have some typos and mistakes 🙂
SUMMARY KEYWORDS
passwords, hacked, security, card skimmers, cybersecurity, websites, business, cybercriminals, stolen, safe, important, backups, cybercrime, two-factor authentication,
SPEAKERS
Announcer, Scott Schober, Amr The Internet Guy.
announcer
Online with Amr, the internet guy streaming today on your favorite podcast platforms. This podcast focuses on entrepreneurs and business owners helping them become more successful and conducting their business on the web without being stuck with technology, getting a headache, pulling their hairs out or buying expensive software.
Amr The Internet Guy
Hello, everyone, and welcome to episode number 31. From online, I have to apologize to you for not posting for some time, it’s been a hectic time, but it was all worth it. I had some new direction for my business as well as moving houses. So that took a lot of my time. And since that I would love nothing more than give you quality content. As you will see now, most of the episodes now, or actually, all of the new episodes are going to be no longer than 3540 minutes, max. And that is something that many of you are good listeners here, have asked me to do. Yes, I know that some of you enjoyed the one-hour-long episodes, but not everybody did. So my guest today is Mr. Scott shoberg. He’s from New Jersey, and he’s an expert on cybersecurity. And there’s a very interesting story that you will hear Scott mentioned in today’s episode, that he was actually his business or his dad’s business got hacked. And that was why he got interested in more and more in cybersecurity. And he started to actually write books on that go to speak at, you know, meetings and seminars and webinars and things like that, about cybersecurity, he started training people raising the awareness, we are what we’re trying to do during this episode is to make it easy for the business owner, the small and medium businesses, you know, most of us who either work alone or have somewhere between one and 10 employees do not think about cybersecurity that much. However, we do rely pretty much on the internet to run our businesses. So you know, think about your email safety, your email security, think about your website, your hosting, there are a lot of things that you don’t see until something bad happens. So having the awareness and knowing exactly where you stand and and how we can assess, sorry, how we can assess your cybersecurity is very important is not just for your business, but also for yourself. Because there’s a lot of you know, phishing attacks, there is identity theft. So it goes beyond business. And the more we are aware, the better and safer we are, especially with what’s going on in the world right now. So, without further ado, let’s meet Scott. Hey, guys, welcome to another episode of online today. I have Scott Schober. Did I say the name right, Scott.
Scott Schober
You did you got it, Schober
How’s it going Mr. Scott Schober?
It’s going good, going good. A little bit of snow last night. But we’re here in central New Jersey and Metatron. And it’s nice and bright and sunny. And it’s an enjoyable Fridays. Looking forward to the weekend.
Amr The Internet Guy
Nice. Yeah. Friday. The weekend is here. Yeah. So we I mean, I looked at you’ve been doing a lot of stuff. And there’s a story of what someone who was trapped in the French Alps, I think. Yeah. Yeah, there is cybersecurity. So I’m gonna let you just introduce yourself. Just tell people, you know, what you do? Where are you based? We’ve told them about Jersey right now. Did we know we did it? We just said east, right?
Yeah, in central New Jersey, right outside of New York City. About about 40 minutes or so. So I’m often in and out of the city, between doing between business and certainly interviews and things of brief background. I’ve been surrounded by tech all my life. This is a family business founded by my father. He’s still our CTO, but he’s retired. We’re actually celebrating 50 years as a small business. It’s kind of rare these days. And it’s kind of cool to have that combination of a business that’s been survived for 50 years, but then also I’m second generation running the business. And we’re a design company people come to us with problems we provide complete solution designs, which is really exciting. Some of our customers are large customers, NASA or Pepsi Cola, New York Times, but we also deal with a lot of small customers as well. We designed our own products. Most of them are tied in with wireless threat detection is kind of the the term that I’ve coined and it keeps people safe from wireless threats because Wireless is everywhere. We’re all glued for smartphones, our smart cars, smart homes, cameras, you name it. And often that’s the conduit that cyber criminals are using to hack us. And when we keep that space more secure, it hopefully will eliminate some of the Cybercrime we haven’t been successful in stopping it. And then again, nobody has because it’s such a big problem. And it’s it seems to be getting worse, despite all of our efforts. But we do have some success stories. I think that that make me feel good. And that keep me going from day to day. We do a lot of stuff lately with a skimmers, in gas pumps in money, machines, ATMs, huge problems, we actually develop some is that still going on? Oh, tremendous. I thought it would die down years ago, it’s actually gotten worse because the cyber criminals have migrated from traditional skimmers which is simply a second read head when you stick your credit card or debit card in the machine. Now they put Bluetooth skimmers inside of anything that does have to be in the vicinity. That’s it. So they drive within a 75 foot proximity of where that Bluetooth skimmer is and they sit there on their laptop in the car and their download
waiting for someone card. Oh my god.
I don’t say a beautiful crime. But it
Amr The Internet Guy
Yeah, I mean, it’s crime. It’s very smart. It’s still a crime. But it’s like
the I always I always like to share a story one one. Interesting, because I’m part of a the weights of national Weights and Measures has, you know, jurisdiction in all 50 states, and they regulate the petroleum the gas that’s dispensed at the pumps, and to make sure it’s accurate, and things are safe, so on and so forth. And they actually have a skimmer taskforce that I was asked to join. And so a lot of its education, helping business owners, those in the gas industry, convenience stores understand the risks of skimmers how to spot them. So I actually got trained work with law enforcement and then I in turn, have trained other groups on it. So it’s a fascinating area. And a lot of it’s just sharing knowledge, how to spot the skimmers, how to minimize the problem. And then of course, our tools are often sold to many of these, you know could be anywhere from a bank we sell to a lot of banks, a regional bank, and they’ll go out and test every morning their their ATM machines, that someone plays a skimmer and overnight and we do a simple Green light red light. If it’s green, there’s no scammer. If it lights up red and beeps, there’s a skimmer in there. So that’s exciting because we’re actually putting a dent in cybercrime by removing these skimmers and developing technology, and then a lot of stuff I do. I’m on great shows like this, hopefully educating and sharing little tidbits and tips with people. I did all through three books. The first one was hacked again, which is really the story that really got me involved in this where I was targeted. I’m educating people about security, how to stay safe. And I got a target on my back. So people started hacking my Twitter account repeatedly,
Amr The Internet Guy
because they want to show like yes, the guy was talking security. But here’s what we did to
him. Yep, look at this guy. He’s not very knowledgeable. He’s not very secure, we could hack into his account, my credit card, my debit card for the company, personally my credit card and debit card at the same time. Then they finally got $65,000 was stolen out of our checking account, became a federal investigation. Big process finally got all the money’s back, got business back on. But in the process of all that I realized, geez, we’re running a security company that focuses on cybersecurity yet we were victims. There were some basic things that we were missing. We didn’t do that we had to reinforce and vulnerabilities that we had to shore up to prevent it from happening again. And again, what that underlying message told me is, it can happen to anyone, which led me to my second book, cybersecurity is everybody’s business. And then finally I wrote a third book senior cyber it was kind of an underserved population of seniors in assisted living nursing home. Yeah, they’re being targeted by scammers by fraud. And that book speaks in simple language to empower them to use technology, but say stay away from scammers and cyber criminals.
Amr The Internet Guy
It’s just It breaks my heart as well because they’re there they are the biggest targeted group in at least in North America. Yeah. And the people who are targeting them, they’re unscrupulous and they use anything available, call them by phone, send email. Sometimes they pretend to be Microsoft and say oh, your computer needs an update or whatever. And it’s just like, what would you get? You know, like it’s how can people get so low like you get a pensioner on a fixed income, just you know, retiring and trying to enjoy their retirement and they don’t need you to try to scam them off the little money they make
It’s troubling and I had a very similar to your point, the Microsoft security team and oh, somebody and actually was targeting or office manager and she called me over and said some guy says he needs access to my computer. It was compromised. And I got to just enter something up in my in my browser hold on it should have Should I do it and like, stop. Let me talk. So I kind of stepped through the thing was kind of funny. I got to the point. And I clearly realized this guy’s a scammer when he’s asking. I was making a fake information this and that. Yeah. And then I told him, I said, I said, Sir, I said, I just want to tell you something, I realized you’re really not with Microsoft. And you’re not part of the fraudulent department. And while we were talking all this time, I actually traced you down through your IP address, and I reported you to the local authorities will be knocking on your door shortly. And instantly his nice little is his tone. Oh, yeah, like angle accent. Yeah, he got angry. He goes, Listen to me, Mr. I’m gonna find you. And I’m going to kill your wife, your daughter and your girlfriend. And then he hung up, it was so funny. Scary how they prey on just push and guilt and fear into just disclosing divulging a little bit of information that they could then use against you. It’s a mess.
Amr The Internet Guy
So I tell you like my little experience with security when I was younger, the first course the first it course that I did was networking. And at the time, we didn’t have Wi Fi. So it’s just like regular, you know, wired network, then when Wi Fi first started to surface, it wasn’t secure by default. And if you added any security to it, it becomes unusable. Like the signal degrades. I think. I can’t remember the acronym, but it was version one. Okay. And then that was obsolete after it has been completely hacked, of course, but but at the time, even when you added this encryption version one, I think it was at AES encryption.
Basically, yes, encryption. If it’s an early days, it was when it was 802 11. B was the kind of the only I triple E standard for Wi Fi protime. Yeah, when four gigahertz and then they expanded,
Amr The Internet Guy
it was slow by default. So once your security becomes slower, then you lose the signal. And but the fun that we were having at the time was to try to prove to people there, they need to have at least a basic, a basic encryption and a basic password for the Wi Fi network. So what we used to do, we used to log into somebody’s router, which would still have the default username and password, and then change their IP address like the main one, and then put a password, lock them out of the router. We were not doing this, like in any criminal fashion, which it would just like be a neighbor, right? And then you go knock on the neighbor and say like, you lost access to your Wi Fi, didn’t you? And they’re like, they have no clue why? That’s because Exactly. Hello. So we were doing it as an educational, a little bit of fun. And we were like, Why did I think I was what 22 something and you know, we grew up together like you know, the neighbors. So it’s not there’s no hard feeling, but you show them? Because if you tell them this without showing them what it is. They don’t know what you’re talking about and that they’re not bothered. Oh, it’s been working for years. Why change it now. So like, you leave your shop door unlocked for years, the fact that you haven’t been nothing has been stolen? doesn’t really say that it’s safe. It’s just like your you’ve been lucky for
some time. Yeah, yeah. It’s just a matter of time before somebody is going to exploit that that weakness there because you didn’t shore it up. That’s a good point. And I think that’s, that’s true with a lot of technology. Just because we use it doesn’t mean it’s safe. If we haven’t been compromised or hacked. It’s sometimes a matter of time. A lot of these breaches that I’ve done research on, all the way back to 2013 with a Target breach up till today. Sometimes passwords are compromised credit cards or compromised social security numbers. A year two years later, suddenly, yeah, what happened? I had this crazy charge on my card here. I’ve been so careful. Isn’t that well, maybe that card was compromised a while back? And that was put on the dark web. It was sold now a cyber criminal? Yes. Actually using
Amr The Internet Guy
a cyber criminal gets millions of them. So maybe they didn’t get to yours yet. Exactly. Either way through Yeah. But do people hate security? Because like most of my clients, if I attempt to put two factor authentication on their emails, they hate it. Oh, yeah. They don’t want two factor authentication.
Yep, it is. It is inconvenient sometimes, but it’s not. It’s not as inconvenient as being hacked. And that’s what I try to balance out to people I say. I tell you what, go through what I went through months and months of complete utter chaos. and paperwork and phone calls and emails and visits to the bank and law enforcement. When you go through it, you realize how disruptive it is, to a business, and to doing basic commerce each and every day and to selling products and you don’t know what you lost? That’s part of the problem. Yeah, yeah, we have an online store. Not every day, but almost every day, we’re getting sales, and it may be as low as $500 to maybe six or $7,000. That commerce is important to a small business. If you just turn the pipe off for a couple weeks, guess what? That affects your bottom line, your profitability, and your potential. Yeah. And your reputation and any
Amr The Internet Guy
money is spent on marketing. Yeah, because people come to website isn’t working that go elsewhere never come back?
Exactly. Yeah, I did a piece a couple years ago, I contributed an article to the Huffington Post. And I talked about different breaches, and I called it the sting of a cyber breach talking about brand reputation. And all of us as business owners, what do we do, we spend hard money marketing to your point and time and effort building a strong brand. It takes years to do that. However, it only takes minutes to undo all of that, when you’re a victim of cyber crime. So you have to put it in perspective. And it doesn’t mean you have to spend a lot of money. A lot of people know, oh, I got to spend you know what General Motors or JP Morgan does to keep my company secure? Not at all? No, not necessarily like
buying a padlock for your door.
Yeah, just just got to use common sense and be reasonable. All you want to do. And I always like it. If this when I talk about this in my book, I share the analogy. If you live in an apartment, you live in a home, you don’t just have a simple old fashioned toggle thing on your doorknob to lock it. You have a deadbolt, you have an alarm, you have cameras, maybe you put up the alarm stickers, all these different things are deterrence. So the thief a physical thief looks at your house and goes
not worth it. I’m going to spend so much time to try and get in. Yeah,
that’s it. So when you to your point, when you use multi factor two factor authentication, that’s brilliant, because it’s not that hard. Yes, it’s not always convenient. But it’s 10 times more secure than just using traditional login credentials, username and password. Use multi factor authentication, I use it for zoom. Is it a pain? Yeah, I got to get my phone off. Gotta get the passcode. But it takes a minute. Yeah, it’s a minute. But it’s better than losing 1000s of minutes, then and just spend one minute every once in a while. So put it put it in balance, I think. And then it gives you also a level of comfort, and you have a cybersecurity posture now that you can be comfortable with and not always live in fear, especially once you’re breached. It’s like, I share the story in my first book when I had my car stolen when I was in college years back. Ever since then, I’ve been paranoid about locking my car. And I bought a big giant physical padlock and a chain on the steering, brake and keep it in the garage and an alarm and you’re always worried about it, that it’s gonna it probably will never get stolen again. Once they stole it the first time things happen. You move on with life, I was just it was at the wrong place at the wrong time. And a thief happened to be there. Yeah, but if I had those things in place, then it wouldn’t have been stolen. So I think it’s just just kind of being more aware of things when we’re aware of things, then we could just be more cautious and be more secure.
Amr The Internet Guy
Would you say that education is the most important factor four to be? You know, I mean, when we say to be safe, it’s actually your physical safety sometimes even depends on it.
Yeah, I think I think I tie in education and security awareness kind of together. When you bundle those two things and think about it. If you if you if you’re looking to be I don’t know something as sad as imagine somebody pulls up in a mall dark at night, and they’re walking from the car to go inside. And they’re afraid they’re going to be abducted, or something crazy like that. If you’re aware of your surroundings, if you’re thinking about it, what are you going to do, you’re going to park closer to the entrance and exit, you’re going to park under a light you’re going to carry mace in your hand you’re gonna have your mobile phone on talking to someone or maybe you’ll go with a friend in and out just the awareness of it changes your sense of safety allowing you to go to and from a place without being victimized. All the all the criminals and cyber criminals, they’re looking for easy targets, low hanging fruit, get in there and get out of there without getting caught in that that’s why we were talking about earlier like skimmers. It’s kind of a victimless crime in a sense. They don’t see the person they’re stealing the credit card from. They don’t make that association and they don’t once they place a Bluetooth skimmer in a machine they don’t ever have to go back they just drive up in that 75 foot proximity. Download the stolen cards, go home burn Fresh cards, go sell them on the Darknet make a lot of money and move on and they’re laughing their way to the bank. So when there’s that disconnect, I think thieves are empowered. What are the old days? What do you do you go into a bank, if you were a bad guy, you put a mask on, you have a gun, but they can hear your voice. Maybe your mask comes off. They see you in the car. You have identified them before. Yeah, there’s so many tells now, and the money bag blows up and there’s blue ink in your face. So there’s there’s so many things yes, all security they’ve implemented. You don’t hear that many banks getting robbed anymore. But cybercrime, it’s it’s shooting? Yeah.
Amr The Internet Guy
Because it’s safer for the criminal as well. Like I could be halfway across the world like it doesn’t, you know, you can’t even enforce your logos on them in another country.
Exactly. And then think about two which, which I think is pretty amazing. You’ve got all the physical aspects of identifying an actual criminal. When you are a cyber criminal, and you steal something and it could be anything. It could be personal information, identity theft, social security number, it could be crypto bitcoins or whatever. You now have a marketplace that going on the dark web allows you to stay anonymous. They can’t find your location because the bouncing around the IP yes, you’re in India. No, no, I’m in Texas. Wait a minute, no man in Jersey, where is this guy coming from? Where’s this computer, he’s in his pajamas in the basement, you don’t know you catch them. And then you’re paying buying and selling things with cryptocurrency, which again, has a level of anonymity, things are encrypted. It’s just the perfect storm for cyber criminals to go to. And a lot of these traditional gangs, even criminal gangs, that orchestrated crime have migrated into the world of cybercrime, which I thought was kind of interesting.
Yeah, the old have to hire an IT guy.
If you’re an IT guy, or cybersecurity guy, you got a job on demand. Yeah, whether you’re hired working for the good guys, or the bad guys, there’s always a demand.
Amr The Internet Guy
So what do we like for the regular for the everyday person? What can they do? You know, without having to change how they live so much what they can do to increase their security, their cybersecurity awareness. You know, even if they don’t have E commerce, like, I’m pretty sure that nowadays, every business has a website, at least. So you do have some real estate on the site in the cyberspace.
Yeah, I think I think if you looked at it, say you’re a small business owner, and you want to have your own website and some e commerce and things, that’s great. I would say don’t try to write the website and build the E commerce site yourself. Hire a reputable third party. That’s my life. They understand security and they’ll regularly update the site, they’ll perform an audit, they’ll perform a vulnerability assessment for your business, you get a penetration test done, expose where your weaknesses are, don’t hide behind them, but expose them and then shore them up to keep your business strong, whether it’s on the web, your online commerce, when it comes to basic things. I always joke about people social media, we all love it. We all share and we overshare though you want to be social on social media, but not to so
Amr The Internet Guy
oh my god, you’re you’re helping people along the social attack against you
don’t give them any more ammunition to steal. Yeah, that’s what people do. And even simple things I do this. I think about social media I have accounts on all of them is probably all of your listeners do. And that’s okay. But when you’re setting up your social media account, one thing I did is every single account I set up they asked me for my birthday. I put a different birth date. Yeah, yeah. Simple. It’s free. What’s the only negative you get birthday wishes throughout the year at all these random dates cuz you’re fine. Yeah, that’s okay. However, I one time I was speaking at a show down in Virginia. So government show I had up before me giving the keynote was Kevin Mitnick, World’s Most Famous Hacker spent some time in federal prison in the past for his wrongdoings, but he’s reformed. He’s a white hat hacker educating people. He invited me up on stage, he pointed me out and says, I want to invite you up, come on up here, Scott and looked at my badge because I’m going to perform identity theft on you. And I’m like, but so it goes Okay, first goes on his computer. And there are two giant 30 foot screens behind me. So the whole audience of 1000s of people could see this. puts my name in and he says okay, first do you live at this residence? Yes. Do you have a second house here? Yes. Okay. Is that your mother’s maiden name? Yes. And I’m starting to sweat a little bit. Where is he getting his info? Yeah, he’s pulling it out. And it’s Donna computer over the internet. And then he goes, I have to for $1 I’m gonna put this credit card number in from this site and I could buy your social security number. Is that your social security number? I go? Yes. When was the last piece of information I need to put together my little puzzle to perform identity theft on you is get your birth date went up online and goes is actually Birthday they said, Nope. How about that one? Nope. And there’s like 20 entries across the screen because any of those your actual birthday, I said one of them is, but I’m not telling you which one. Yeah. And that just kind of shows the point. If you mix it up a little bit and misinformed people on social media, it makes it harder when somebody is trying to perform identity theft when somebody is trying to take credit out in your name, and they call the issuing bank. Yeah. And they say, Okay, Mr. chauffeur, what was your birth date? Again? One 768. No conversation over there, hang up the phone. So use that. Use it use information to your advantage. Same thing with security challenge questions. Many people have heard of this, but I never put the actual truth in what high school? Did you attend? Scott? I’m not going to tell him I went to Edison High School, I’m going to put password 1234 Guess what, that’s actually stronger than putting my actual high school name because anybody could look it up in 30 seconds on a Google search?
Amr The Internet Guy
What if you forget it, then when you want to reset you’re?
Then I’m in trouble? Yeah. You do have to have some good housekeeping when you do cybersecurity. In other words, create rules that work for you that are convenient. When you store passwords, this is a big one. For me. I have a lot of very secure passwords. When we do work for government for payment systems. I do old school and people laugh at me. In the world of cybersecurity, I write them down in a little black book. And I say guess what, though? Little Black Book in a safe behind my desk, in a locked office in a locked building with cameras, alarms, layers of physical security, protect my physical passwords, other passwords that I need when I travel and access to more routinely. I use a good password manager. I use das Yeah, like that. Yeah, I use this thing too. You know. So a lot of people have to look at the number of patents. I’m managing over 200 passwords. It’s hard. You need a system.
Amr The Internet Guy
Yeah, I know, when I was younger, I used to remember everything. Now I can’t like I don’t even know what I ate yesterday. So
yeah, so I think it’s important use what works for you. I even created a simple little password book a ledger I give to people when they when they buy my book, senior cyber. For older people, if they’re only managing five passwords or 10 passwords, I encourage them write it down, big giant font, spell it out on the page and take that and lock that up in your Safe at Home. That’s a lot safer than trying to remember your password because otherwise, it’ll be a simple password, your dog’s name your anniversary, thieves are gonna guess
Amr The Internet Guy
it on a program will just, you know, keep trying until they find the right combination.
Yeah, they’ll do a dictionary attack, we’ll use automated tools to guess the password. They’ll scarf, social media, anything they can to protect
Amr The Internet Guy
it. That’s the thing. Like I work predominantly, I build sites with WordPress, I used to build sites by hand before. And they were a little bit harder to secure because like there was no framework. Right. And now WordPress is much better as an ecosystem. But because it’s so popular, it’s also easy to hack if the website owner doesn’t have the proper security in place, and in most cases, like he tells them, okay, rule number one, your administrator account should not be called admin. Okay, now, most of the hosting companies, when you go to click to install WordPress, they don’t install that admin anymore, which is fine. But Rule number two, do not use your email that’s tied to this domain name. Because like for when somebody is trying to hack into a website, they need two pieces of info, username and password. Now you’ve already given them the username by using your [email protected] So it’s like and then only have to guess the password now.
Yeah. And then people tend to share that login credentials to their marketing company to sell Oh, yeah, maintain the website. So suddenly, it’s not one person that holds that the key to get in it’s two or three parties. They get disgruntled, they don’t get pay. Yeah, never. It gets out there that’s dangerous.
Amr The Internet Guy
And then if we’re going to security like plugin with a scanner or whatever and you do two factor authentication next thing you know the guy who’s doing SEO hates it, so hey, can you please disable this because I’m having complaints of people not able to log in it’s like
crazy I think back on and I wrote about this a few times and often talk about it cuz it stands out in my mind think about a number of years ago, two factor authentication was not being used hardly at all and yeah, the famous iCloud celebrity nude photos were hand everybody was up in arms this and that when I was doing research on it. It was a lot it was over 100 celebrities in every single instance. They all use simple login information. Not one of them had multi factor authentication yet it was available for free for all the accounts Yeah, no one used it. And that really, you know, rains in the point about, it’s there. It’s free use if you’re using Gmail if you’re going into your face. Yeah, like I said, Zoom anything, even if you don’t think it’s that secure. Yeah takes a little bit longer. But it keeps you so much more safe. Start using it, try it. Once you start using it, you’ll start to say, You know what, it’s not that bad. Now I’m accustomed to it and you feel so yeah,
Amr The Internet Guy
use, I think up until 2016. Scott, the online banking did not like complicated passwords, like you couldn’t. And I used to joke I used to say my facebook password is 10 times more complicated than my banking password. I mean, now, they all change eventually. But like it was, I it used to drive me nuts. Because it’s not hard to do is like, Guys, it’s just like, it’s a field on a form, where you just have to change it and make it accept anything. It’s like, it’s a two minute work, I can do it for you.
Yeah, and I think I think with simple passwords, when I talk to people, they always still use simple passwords for their accounts. And and I joke around stories a little bit, a couple years old, but I have a friend and he’s big into hockey, loves hockey, and follows it watches all the games, so and so forth, goes up to Canada often even to see many games there. And I know his favorite player anyway, he loves to travel to
His birthday is something
and I said, You know what he called me up and he annoyed me for something. He was traveling internationally and was coming in through Texas. And I said, Could you pick me up at Newark Airport? And I? And I said, Yeah, sure. And I didn’t look at the time and some crazy guy wanting him at night. And I’m like, Oh, why don’t I agree to this? I never looked at time not going to get up in the middle of the night. Go pick them up, sit in traffic, whatever, fine, I’ll do it. I said I’m going to fix him. So I said he’s coming in what he could decide his itinerary. Oh, united. All I see is a frequent flyer number here. Let me log in and see if I could hack into his account just for fooling around. I know it’s not legal. I wasn’t going to steal any frequent miles or this or that. Although I thought about you could send somebody flowers with the frequent miles. It’s that’d be really funny. transferred to my account. But any event. I said, let me just sit here and not type anything. Let me think I know what is his username is what would his password be? I thought for 30 seconds. I tried to end on the first guest. You got it. Yeah. And that was the scary part. But what was even scarier, he works for financial company. And I know some of his other things he does and the other sites he deals. So I said, let me go to these other sites. And guess what I was able to guess what? Every single one Oh, god, that was kind of funny. So then he he texts me and says I should be landing at such and such. I’m getting on the plane for Texas. So I wrote him back. And I said, I said no problem. I’ll be there. By the way. I said, or at some point, he said, I’m going to be reading your book, I finally have a chance to travel I’m going to be reading I said, Great. Go to the chapter that talks about passwords. And when you land, I’m going to tell you a story about somebody that got hacked. So he got off the plane, he’s like, alright, because you got me stressed out who got hacked. And I said, you said, I hacked into every one of your accounts. Laughing So we joke about it to this day. But it again, it shows if you use a simple password, and you’re going to tend to do maybe you’re setting up your Facebook and it’s going to be some password like your dog’s name. If you take that into the world of financial, and 401 K and all these other sites that you regularly log in, you’re gonna find it but it’s gonna be a disaster. So matters once
Amr The Internet Guy
it’s compromised, everything is compromised. It’s like everything comes crumbling down. Yeah, I mean, I I keep trying to push all my family like my wife and kids to be more secure and more safe with their past. So the first thing is be more safe and secure with your passwords. The second thing is don’t share everything, especially don’t share your location. And it’s not because you don’t want to be found at that specific moment. But at the funny story, there was an insurance company in the United Kingdom that had a clause in their insurance that says, if your house got robbed while you’re away on holiday, but we found out that you’ve posted your holiday photos on any social media, you cannot claim
that since I’ve never heard this basically,
Amr The Internet Guy
if you’re like I don’t know down in Thailand, and then you’re posting all your social media like real time, which tells the criminals that you’re away from home and your house got broken into. They’re not going to be clean because you kind of like help the criminals to know that no one is home. Like
in what I do is I do do a mix on that when I travel. I typically will not post for that. where I’m at, it’s when I get back a week later, I mix it
Amr The Internet Guy
up. That’s what I do. I do the same things out there, I get back, I’m home. And then like I say, Hey, guys, you know, here’s some photos from x country, even with my kids growing up, like when they were too young, like, and they could be cyber bullied or whatever, shamed into something. So I wouldn’t put their photos like now they’re, you know, teenagers and they’re old enough and strong enough to fend for themselves online at least. And but I never like, you know, output a photo that’s two or three years old. Like that. Now, they don’t look, they don’t look like this now.
Yeah, exactly. Don’t don’t educate the criminals. That’s what I say you’re making their job easier. And that’s not not not smart.
Amr The Internet Guy
So there’s something we touched on. And I just wanted to make it simple and clear for our listeners. So number one, when we say simple passwords, this means as you rightfully said, your dog’s name, or your first name of your eldest kid, and your his or her birthday, I don’t know the date of your marriage. All these things are simple passwords. And the first step is to have a complex password, which should have capital small and some symbols. And the problem was that that it’s not easy to remember. So the second thing that we probably touched on when we said to use Dashlane, is a password manager. And if I had to explain this, I had to explain this to my mom, who was about 80. Now, and I don’t think she’s using it, but I just had to explain it anyway. I say, Okay, you think of one complex password, but it’s one only you can write it on a piece of paper and keep it somewhere safe. You know, as you say, in your safe or in your I don’t know, in your sugar. Sugar box in the kitchen or
whatever. Yeah, under the mattress or in the icebox, yeah,
Amr The Internet Guy
as long as it’s not under the mat outside the door. Yeah. But it’s, it’s the one password, it has to be very complex, and you have to remember it. But if you don’t, at least you’ve written it down. And there will be a master password to the software, which is the password manager. Now, from that moment on, every other password is random, like your password manager would just create some very hard to crack passwords, and give them to you to use on your websites and on your social media, on your E banking and whatever. But no, you don’t have to remember any of them. So like they can be as complex and as bad as, as it can be like the people laugh sometimes. Because like Netflix, for example, my son sometimes when he goes to watch, for some reason the account is logged off. So he asked me to send him the password. Let me go to the password manager, copy it, send it to him by text message. And he says, I’m going to enter all that. I said, Well,
that’s what you get, buddy. Yeah.
Amr The Internet Guy
Because the first one manager will not work on like on the Smart TV. So you can have it, enter it for you but but pretty much on your phone on your computer, the password manager will enter the password for you. So you don’t even have to type it or copy paste it. So, you know, that’s the first thing.
Yeah, and I think people that are if they’re trying to create a password, and say you do have a good memory, say you’re younger and you have a good memory, just realize, sometimes we focus so much on complexity rather than length. To some degree. I’ve read some studies that longer passwords are actually statistically more secure. Yeah. Is it important to do uppercase lowercase numbers and something that’s basically randomized? Yes, it is important, but just to give you like,
Amr The Internet Guy
you can have like a sentence right? Like a full sentence. Yeah,
it like to your point you mentioned, like, let’s say I had numbers only and they were 10 numbers. And you know, 15793, whatever. 10 numbers, and somebody is trying to brute force hack it with the automated tools, it’s instant. The second that you now add a lowercase letter into those who have 10 numbers. Maybe it’s nine numbers one lowercase. Now suddenly, it’s an hour for brute force to hack it. That’s a huge difference. Yeah. So now if you mix it up a little put in one uppercase, one lowercase, that same 10 character password, so capital S, lowercase s, and then eight digits, now would take a month for brute force automated tools.
Amr The Internet Guy
Before you go I would like to remind you that if you have a WordPress based website, you need to be right really looking after its maintenance and security and having a professional looking after it. So if you’re feeling overwhelmed, or if you feel that this back end and boring stuff, is something that you don’t want to do, please do hire someone, but get it done. Do not delay this. Do not If your WordPress website, not updated, do not leave your plugins not updated 100% This will open it up for hacking and malware, and you don’t want that. If you’re unsure, head to my website, human talents.ca That’s human talents, one word, human talents.ca. And click there you’ll be able to book like a 30 minute consultation, we can discuss this together and see if we can help you. Thank you, I’ll see you the next episode. We are no with a with a finger scanner. Just
yeah, or facial facial, I have to say I use an iPhone, the facial recognition I was I was always using the fingerprint. But I actually feel more confident now that they’ve improved the algorithms and the security for the authentication with the facial recognition. What I’m not a fan of is that some of the newer phones, I think, that are coming out, I think Samsung has one of them the one of the galaxy ones, that has an always on facing camera, you don’t know what your camera’s always on. So when you get near the phone, it’ll automatically authenticate you. And you walk away and it shuts it off.
Amr The Internet Guy
Buddy steals your phone. It’s so easy for them to Yeah, I didn’t get all the
scary stuff. So you know, Baton security is always got to be a balanced look at your situation. What are you trying to protect, identify what’s valuable to you, is a data is it your photos, it’s your files, you have intellectual property, your emails, whatever it is, then find what’s the best that will allow you to protect that information. So you can balance convenience with security, when you can do that you can minimize the risks, and you can improve your cybersecurity posture, and not live in fear not spend a ton of money, but you can actually manage it realistically. And that’s what I think it is when it’s not realistic. When when people think about to hear JP Morgan spent $500 million toward improving their security after they were hacked, that sticks in their mind is saying well, I don’t have $500 million to secure my small business. No, you don’t have to do that. For small business, it may be only aware
you don’t have 200 million customers asecs
got 100 100 accounts and X number of vendors you got to protect maybe that’s gonna cost you a couple $1,000 bringing an expert in perform a vulnerability assessment or maybe a penetration test to identify and expose weak areas. I did that. And one of the things that they identified first thing we had, we didn’t update our WordPress site.
Yeah, very, very common.
We spent the money I had a third party do it, they did a great job this and that. However, to
Amr The Internet Guy
get into a maintenance contract, you got to get into exactly. And then when we call the website is done. We love it.
It’s ongoing to your point. That’s beautiful. That’s really important. So that’s what we had to do. We had to call them up and they said, Oh, yeah, we didn’t get to updating that yet. I said no, no, we agreed to this, that you have to go in there maintenance. And you have to go in there every so many weeks. Yes, update the security patch is very important. We do
Amr The Internet Guy
this twice a week. Yeah. So I mean, practically, I do it every day. But I can’t put it you know, as a promise that is going to be done on a daily basis. Because there’s a lot of work involved when you have a large number of websites to update and test. Because sometimes when you’re updated, one plug in doesn’t play nicely with the next plugin and it could wreck the site. Yeah, that’s true, you got to do the testing before and after that takes a little bit of time. It’s not just oh to everything. And the other thing is, is backups, people don’t understand the importance of backups, like I and this is the thing that I told you about in the beginning of the call. One of the most famous hacks very recently is GoDaddy. So GoDaddy, famous big company, everyone was hosting on their managed wordpress got hacked. The biggest problem that I’m hearing now from customers is GoDaddy, that they’re not getting the support. Okay, so I’m just saying one part of the story, there might be the GoDaddy part. So I don’t want to sound harsh, because we didn’t hear from GoDaddy. But what I’m hearing from my clients is that they call the support and the support, they say we’ve rectified it, there’s nothing they should worry about anymore, yet their sites are still behaving in an odd way or displaying something that is not thought of the page or are very slow, like different customers have different things. And the biggest issue is that they’re not getting help. And now this is another thing your hosting company is very important. And GoDaddy has a reputation a good like as a big provider so you’re not wrong by hosting with a big company like that. But you should also look into you know, they have different plans which plan is most suitable for you. And I think most of the people went for manage WordPress because they didn’t have to do anything. And they left all the responsibility 100% of it on the hosting company. And in my opinion, you should have some control,
you do need to have some control because the way I look at it a website, and we have multiple websites for our business, and then also on the media side of cybersecurity, you have to have a level of control over it. And you have to view it as that’s the heart of your business. If somebody wants to learn about your business or my business, what’s the first thing they’re going to do, they don’t go to a phone book and open it up, like the old days, they’re going to maybe hear from another person, possibly word of mouth, that’s very popular still. But probably nine out of 10 times they’re going to go on the internet. Yeah, I was on the phone call yesterday with somebody and they said, Tell me what your website is they wanted to find they wanted me to explain what our company does. But while I was explaining this, to tell me your website, go on, get it, they go look at it. Now they see visual videos, they see testimonials, they see products, they see designs, it kind of helps them understand the vision in 30 seconds. And that’s why your website, I think, is one of the most important things, not just to have a good website, but really the team behind the website that they could design it properly and maintain it going forward. That’ll give you a successful business. And people
Amr The Internet Guy
think it’s expensive as well, as one of these things. People always think like, Ah, it’s gonna cost me, you know, it’s nice, a few dollars a month just to have it maintained and looked at and backup. I mean, I can’t claim that we’re doing penetration testing. Because it’s it’s a bit more complicated than it sounds. But at least we’re just making sure that you know, you have complicated passwords, you have your backups in place. And it’s not just having the backup is also having access to someone who can restore the backup. Yeah. But what’s the point of having it if when crisis happens, you don’t know how to bring the website back to its original state?
Yeah, that’s a really good point. Because I read a stat a little more than 30 something percent of people’s backups when they try to restore that will not work. Yes. And that’s just, yeah, you got to test it, make sure it’s good. The other thing that’s important, I always encourage people consider doing an immutable backup, which is not connected to your computer or the Internet. It’s physically removed and alter Yeah. And so it can’t be it can be can’t be altered, deleted or modified. And keep that off site. I keep backups. And I keep them in a safe in my home for things here at work. So if the place blows up, yeah, ransomware file doesn’t matter. I have something I could grab resort to plug in and do a clean install as needed.
Amr The Internet Guy
It’s actually a great advice got Thank you. Because like I I have two different backups in two different places. But both of them are on the cloud. Yeah. So God forbid, if I lose access to the internet all together, I wouldn’t have access to my backups at all. Yeah, yeah. So it actually makes sense to have it in a physical disk in a physical location.
Yeah, sometimes old school things really do work well. I don’t do it for everything. But I try to have a sense of backup plan for all things. In other words, if the data is residing on my hard drive or in the cloud, my backup is not going to be either of those, it’s going to be something physical, disconnected, non modifiable, it’s also going to be secure. I use a lot of these secure USB sticks. You can get either a drive or a stick that could be three to six terabytes now for not that much money. And they have a code on them. You basically enter the code in it put a six or 10 Oh, you can edit or do anything without the code can’t touch and it’s movable between the PC world. The Apple world you don’t need drivers anything else. If someone else doesn’t know your code, they guess three times. It wipes it like like a Mission Impossible. Oh, it was the whole thing. Yeah. So and it’s encrypted. It’s got a Ees 256 bit encryption type two, which is a standard that the US DoD uses. It’s secure. Is it more challenged to unlock it? Lock it? Yes. Yeah, the
Amr The Internet Guy
first time on the market with a finger scanner to
Yep, those are two and again, there it makes it a little bit more convenient. Nothing’s 100% secure. However, it’s a lot more secure than just taking a regular flash drive USB Drive sticking it in copy files, you lose it, drop it in the parking lot someone acts is whatever so yeah, yeah. Important. And then you also control it, which allows it to to not be used to actually as a vehicle to put malware on cuz that’s often the time somebody will see a USB Exactly. Yeah, put malware on it, put it back and you don’t realize it you stick it into whatever Yeah, Yeah, I hear you’re a victim of ransomware or something else, a lot of scary things out there. I was
Amr The Internet Guy
doing some training a few years ago and the Saudi oil company, which is the biggest oil producer in the world. And it was then when I realized that they’re set up, for every single employee, I think they had about 50 or 60,000. Computers. Wow. And like for the whole company, and all its branches, but they bought these computers without any input, like there’s no USB port. It was kind of glued or something. And it’s not even connected to the motherboard. So even if you stick something you haven’t connected to anything, there’s no DVD drive, like there’s no way you can input anything.
Yeah, a lot of banks did that, too. I noticed. But now they saw the inconvenience of it. And now they’ve gone back to the back of their computer, you see USB ports exposed again. So it’s it’s hard.
Amr The Internet Guy
You could be as the customer sitting there, and they’re working on your application. And you could just stick something in and no notice. It’s very easy. Yeah, it’s always Yeah, it’s the I love what you went what you said on I think that’s a good parting wisdom. It’s a balance between security and convenience. It is that way said.
Security versus convenience. And at the same time, maybe maintaining sanity, because you could also get to the point where you’re so paranoid, to be paranoid. Yeah, that’s not good either. Because I got that way, after getting compromised and hacked and doing research and talking to all these people. You if you start to live in too much fear, you’ll do nothing. And that’s that’s part of the problem.
Usually, like it’s not achievable. Yeah,
it’s too much. It’s too technical. It’s too complicated. And I can assure everybody, I’m sure you can, too. It’s not that technical. It’s not that hard. It just takes a little bit of discipline. And common sense, doesn’t even take a ton of money, take some common sense and discipline, and you can get through and make it a lot more secure.
Amr The Internet Guy
It’s like locking your doors like I always tell people think of it think of cybersecurity as physical security, the same thing, you have what you have a website, it’s like you have a house, think of your website as your house, you want to lock the door and only give the key to somebody you trust, you’re not going to just go distribute your key all over the place. So if you hire somebody to do your SEO, or if you hire somebody to do graphics or whatever, you don’t have to give them admin access. They can be just a regular user. So you retain that admin you and you know, you’re your web person who’s looking after maintenance and updates, and whatever. So at least it’s just two people, and the rest of the employees of the company and everybody else who needs access. And a login, gets the user login. So they cannot, you know, even if they’re not seeing them as people, but if they’re compromised, your website isn’t because they’re just a user, not an admin. And things like that two factor authentication is like adding another bolt at your door to make it you know, a little bit harder to bring.
Yeah, yeah. And and it’s effective. It really is. I’ve talked to many people, once they’ve migrated over and started implementing especially multi factor authentication, they’ve noticed a difference. And I think it’s one thing you don’t want to do. And I hear a lot of cybersecurity experts in the world. And they say, oh, but that’s hackable. And somebody can do this with their sim and everything. And nothing’s 100%. But I tell you what, it’s 100 times more secure than what you’re doing right now, which is nothing, that means you will be hacked. But if you do something, it’s a lot less likely. It’s probably analogous to the stuff we talked about in this I don’t want to get off into a pit political challenge. But wear a mask, don’t wear a mask, save social distancing, don’t I think we have to be balanced and reasonable to reduce risks to stay healthy? And I think that
whatever that is, whatever works for you. Exactly.
Yeah. And don’t don’t don’t push it or force anybody to do anything. Let them make
Amr The Internet Guy
you don’t force anybody to do nothing. So yeah, exactly. Has to be a balance here to
be a doing nothing is the worst thing to do. That’s my opinion. That’s like saying just leave it admin and password 123 for login for everything, admin admin. That’s not good. Yeah.
Amr The Internet Guy
Yeah, I mean, one last thing before we go. And, for example, I give you an example of my kids when I say Okay, does your phone like you know, when you look at your phone, the look on your phone, is it hard to guess? Is it like a complex? You know, some of the phones that you have to draw something that oh, yeah, and um, or whatever. And then the answer that I used to get before was, well, there’s nothing on my phone. Yeah, I could always say think again, because it’s not about having photos. That will make you better If they go out there, but it’s also you use your phone to log into your account, you use your phone for a banking, you so there is a lot of on it that maybe there’s no images that that will embarrass you. But there’s a lot more than images. And people need to think about that. Because that’s a good thing that phone is lost. Think about what can be compromised? Is it your banking? Is it your? Is it just your social media? Is that your personal email is your work email?
Yeah, and I think a lot of those things, if you hopped onto the average person’s smartphone, you have access to it. And you want to now impersonate them. And maybe they do online banking, you could tell by looking at their apps, and you could log on, it fills in the password fills everything in for you automatically. Now, what’s the first thing you’re going to do as a hacker? Well, I’m going to change that password to lock them to only me. Yeah, now I can go back on and whatever. Yeah, take their money. So if you think like a hacker, you start to realize there, everybody has different levels of vulnerability. And that’s how hackers will start to think how can I exploit this one weakness or that weakness to get in, then they work across,
Amr The Internet Guy
they want the easy thing first, they’re not going to go first. But someone was going to take them three months only to get a couple of $1,000 from the account. So it’s either if it’s a high value, they spend months going after, like, if it’s a ransomware, against a big organization. Yeah. But if it’s something that they want to just do it quickly, to get like, you know, a couple of 100 bucks or 1000 bucks. If it takes them more than I don’t know, a week, they wouldn’t really, they’d go try somebody else was easier.
Yeah, yeah. Crazy.
Thank you very much, Scott. Oh, no
problem. Thank you. Thanks. This
Amr The Internet Guy
was a good eye opener. And I, I surely hope it helps people who are listening to us. And I’m gonna guys, I’m gonna stick the links for Scott’s website and books and stuff underneath their results. So if you want to just check them out, or contact God, if you have a question about cybersecurity or security, and you know, in general, I’m sure he’ll be happy to help.
Absolutely. I’m very active on social media. I proceed cautiously and safely. But if you shoot me a question or direct message, it’s me that’s responding. It’s not an actual chat bot or anything else. Same thing on my website. Scott shoberg COMM you can submit a question there. I get questions all the time. Pretty much a couple questions per week that I’m responding to good. And I’m happy to help. And it’s all about sharing and educating. To help keep us all safer. We’re all on the same mission here to fight the fight the cyber criminals.
Thank you very much, Scott. Have a great day. All right. Thank
you stay safe. Take care.