Jesse (00:00): RNZ National, It's Tech Tuesday and time to check in with our tech expert, Daniel Watson from Vertech IT Services. Hey there, Dan.
Daniel Watson (00:10): G'day, Jesse.
Jesse (00:11): Yeah. Tech expert or not, tell us about your interesting week.
Daniel Watson (00:17): Okay, I was once again reminded of the value of having updates in place for your key things. And regardless of insurance, some things are simply not going to get covered. So I was having a lovely Sunday afternoon listening to a podcast with my phone in my pocket of my Stubbies, buzzing about the lawn and had to bend over and shifted a dog toy so I didn't run over that.
Jesse (00:42): You're lawn mowing?
Daniel Watson (00:44): Yeah, on a ride-on. And then I was reversing up to get around some shrub and then I heard this clunk and I went, "Oh, not another dog toy." And I looked down and I went, "What the hell is this?" And it dawned on me that the parts I was looking at were the destroyed components of my cell phone and in absolute complete obliteration. It was one card remaining and that was my firearm's license and even that took a bit of a blow, but and then realized-
Jesse (01:12): Hang on a sec. What was it? Your phone or your wallet?
Daniel Watson (01:14): Well, I have one of those wallet phone combo case things, so it's all in one place, right?
Jesse (01:20): Yeah, okay. So it's easy to destroy it all at once. It's very convenient.
Daniel Watson (01:27): All at once, that's right. Yeah, very convenient for the lawn mower. And then you realize how much you depend upon it but like a good IT guy, I have everything on my phone backed up into the cloud, so it's just a piece of hardware. And then that's when you realize that actually the big problem is replacing all the cards in there, whether it's the driver's license or Visa cards, EFTPOS card. I went to the mall to go and buy a new phone and then I was like, "I don't have any means of doing a transaction. This is a problem." Yeah, I got around that eventually but [inaudible 00:02:05].
Jesse (02:05): It makes you think about those poor Aussies who got hacked in the Optus leak who have to replace their passport and driver's license and things, through no fault of their own. And unlike you being a bit of an idiot, no offense.
Daniel Watson (02:15): Thank you. Yeah, no. Yeah, I think probably the real idiot thing is I didn't take up that loss and damage offer when I went to the phone shop last, because I've been through four phones and I haven't even broken a screen. I'm usually pretty careful with that stuff and there's this one time.
Jesse (02:35): Yeah, I don't think I've been offered that before, but my default is to always say no to the extra things people try and sell you when you buy a product.
Daniel Watson (02:42): Yeah, there's certain things. And to be fair, phones these days are quite expensive items and you do carry them around with you. I mean, I live a fairly adventurous life and I think I've just been really, really lucky with them because I take them out on boats, diving through the bush, getting out there and doing all sorts. But they're worth protecting, especially having that backup. But one of the things that really made me miss it is when I went to order another driver's license and they say, "Hey, you can do this all online if you have a RealMe login, which means that you've been authenticated. And the problem is you log in straight away, it asks for two-factor authentication. "We've seen a text message to your cell phone." I went, "Oh." Okay, all right. I guess I got to go get a cell phone first.
(03:26): Anyway, but the thing I wanted to raise up today for everybody who's listening is that it's Cyber Security Awareness Week and there's a few things which everybody in the population could do to make their life a lot less troublesome in the event that somebody does have a crack at their logins and that. And this is actually something in the last six months, we've had a spate of increase of inquiries coming into our company website from people who have been running small businesses or side hustles, like one man bands. And pretty much all of their business takes place on either Facebook or Google My Business page or Instagram and that they're providing some kind of service or selling something through that portal, which means that they're very exposed. And then every case, they didn't have two-factor authentication turned on their social media accounts.
(04:25): And so every platform offers it, you absolutely must turn on that two-factor authentication for those critical accounts. If you're a small business especially, that's your livelihood. And even if you're not owning a business, but you know obviously work with one, what people do in their private lives can also affect their company's security in terms of if your personal email account is compromised and people know you through that, then they can start using that to email all the contacts, which might include your work colleagues and that, and sending them links to dodgy things to try and hack them. Once they get access to A, an account, usually what happens is there's a burst of outgoing messages from your account to try and get more people sucked in because it's all part of building a massive scalable asset for the cyber criminals. So that's one of the things..
Jesse (05:20): So yeah, your advice is if you are the business then you should treat all of your social media accounts, social or not, as, I guess, attack points for the business.
Daniel Watson (05:33): Yeah, they absolutely are. And they're easy. They're easy to attack. People don't treat it like it is an asset. Even if you're just a private individual, it's an asset that can be taken advantage of for the gain of the cyber criminals. It's not-
Jesse (05:49): If I was with Facebook or Google with my business stuff, I would assume that they had it in hand. They're big companies with sophisticated defenses. I would assume that if they were water tight then I'd be water tight.
Daniel Watson (06:03): No, generally company security tends to end at the front door. Although the change is coming there with respect to people recognizing that working from home at some percentage wise throughout an organization is here to stay. Nobody's really insisting that everybody goes back to work in the office full time all the time, now that people have had a taste of what it's like to work remotely and then going, "Actually, we like this. Let's carry this on." But I think businesses need to have a good think about how can they reduce the risk that people working from home create to the overall environment and that includes their personal security.
(06:45): If you can subvert an individual, then that individual can carry it across into your environment. It's very hard to have a very clear line across, especially small, medium, large enterprises. But the other key things is actually there's a lot of private identifying information. What we're seeing with that Pinnacle breach is that information is now out there and Pinnacle is now having to provide identity or credit monitoring services to those people that were affected. Now that's at that large scale.
(07:22): At the individual scale, everybody should make sure they're not just being way too public with their social media settings because it's a boon to somebody who wants to try and get into your information and then use that to social engineer an attack against either yourself or somebody you know, through either just copying all the information out of your account and then using that to try and attack your cell phone provider to say, "Hey," at the service desk on the cell phone provider, "Please put a block on my account. I think I've lost my phone," or something like that. These get combined into multifaceted scams. So the more information you have out there, the easier it is for an attacker, so set your social media settings to private or friends only. That way you can control who you're sharing information with.
Jesse (08:13): Yeah and by the way, in case that Pinnacle name doesn't ring a bell for people, this is the widespread sort of medical center health provider hack that happened last week, which made the news. Yeah. Any other tips?
Daniel Watson (08:27): Yeah, okay. So we've talked about two factor authentication and privacy settings. Passwords we've talked about in the past. If you tend to reuse the same password over and over again, try using password phrases. There's a website called useapassphrase.com and you can then simply click a button and it will produce a password with four words in it that are kind of random. I just clicked on it now. And it came up with stimulate brisket maternity garbage. That is a phrase that you could find memorable, which is a very, very long password and the time to crack that password would be in the order of 17 million centuries. Know what I mean? Next click, footman zone desolate camping. You just keep clicking the button till you find one that you find easy to remember or gives you a bit of a giggle and that can be a great password to use rather than just going with the same old password, 123, which everybody and the hackers dog knows.
(09:32): And the last one to round it all out is that whenever your devices are saying, "Please update me," please be kind to them and let them update. They want to be updated. They need to be updated. Please let them.
Jesse (09:47): Okay, good advice and it's the sort of thing that we all put off. So Cyber Security Awareness Week is a good week to sit down, put 20 minutes in your calendar and actually do it. Daniel Watson from Vertech IT Services, great to chat to you. Thanks very much for the advice and go easy on that lawn mower, hey?
Daniel Watson (10:08): No way.
Have you had a security incident in the past and you have a nagging feeling that not much has changed to prevent it from happening again?
See our cybersecurity services
Explore our co-managed IT services
Need help with process optimization?
Join our systems coaching