[00:00:00] Christopher Cice: Hey, everybody. Welcome to episode one of the GWH, Steps to Success podcast. I’m Chris Cice. I’m here with Mike Cice, along with Riley Masterson. And today, we wanted to do an episode about cybersecurity. Why? Because it affects not only our clients, ourselves, and our families, but just about everyone we know or we’re trying to help.

[00:00:25] Christopher Cice: So any kind of information that we can get out to everyone I think will be helpful to help protect themselves in this world of cyber threats and artificial intelligence and just where the world is going in terms of security. I’d like to turn it over to Mike who has some questions for me and Riley, and how we can get started.

[00:00:44] Mike Cice: Yeah, I guess, the best place to start with, let’s discuss some of the misconceptions that people have about their personal cybersecurity. If you guys can go over a couple of the misconceptions there.

[00:00:57] Christopher Cice: Yeah, I guess, the main one is most people think [00:01:00] that they’re not important enough or they don’t have enough money to be targeted. But in fact, that’s not the case. Cyber threats or hackers will go after just about anyone. They can steal your identity, they can steal your social security number, and your bank account information, open up accounts in your name that you don’t even know about, take out loans in your name that you don’t even know about, and vanish and leave you to deal with the mess.

[00:01:24] Christopher Cice: It doesn’t matter how rich you are, how much money you have, or just how unimportant you feel you may be, everyone’s a target. And it’s important for everyone to have a plan in place to keep themselves protected.

[00:01:36] Riley Masterson: Yeah, I agree, Chris. Actually, I know a lot of people that say something similar to that, as in, I don’t have any money in my bank account. What could they steal from me? Or my credit’s not that well. What are they going to open up a loan? They can’t, things like that. And they think that they’re not going to be targeted exactly like you just said, but it’s the low-hanging fruit that has to worry about it sometimes.

[00:01:56] Christopher Cice: Yeah. Especially, if you don’t have a lot of money and a cyber, [00:02:00] a hacker or a cyber security breach causes you to lose more money than you have, that’s an even bigger problem. It’s an important issue for everyone.

[00:02:09] Mike Cice: Let’s talk about, give me the top three habits, individuals should adopt to improve their personal cybersecurity. What do you think are the three things they should really concentrate on?

[00:02:20] Christopher Cice: Yeah, starting with the basics. Use strong, unique passwords for all of your different websites. And I know that sounds daunting because no one likes to remember passwords. But ideally, you can use a password manager app. The one that I personally use and we use here at GWH is called LastPass.

[00:02:39] Christopher Cice: It’s one of the best, but there are others out there as well. And we’ll provide some links after this podcast. But what that does is, you only have to remember one password and that’s your LastPass password. And then from there, it will automatically generate secure passwords for all of your bank logins, all of your credit card [00:03:00] companies, just anything that you need to keep secure, you should have a different password for. And LastPass or any kind of password app, a password manager will store all those for you. And automatically fill them in with your user ID. So whenever you go to log into your bank, it’ll just pre-fill that information so you don’t have to remember all these crazy daunting passwords. It does all that for you. Just don’t forget your LastPass password. That’s the key.

[00:03:25] Riley Masterson: And Chris, are these safe? Because you would think, that if a hacker only has to find one password and figure out one password to have access to all your passwords, that sounds a little

[00:03:34] Christopher Cice: Absolutely.

[00:03:35] Riley Masterson: I’m assuming that all these passwords are encrypted or there’s some extra security measures there in place so that they’re safe to use things like this.

[00:03:41] Christopher Cice: Yeah. So LastPass is safe, but it’s important to have a very good LastPass password. And I’m going to use LastPass just as an example. There are other password managers out there. But, let’s just say, you want to have your most secure password that you can remember or have written down somewhere should be your [00:04:00] LastPass password. And then there’s two-factor authentication. LastPass uses two-factor authentication. Most financial institutions and banks and credit card companies are all using two-factor authentication, and that’s the next step.

[00:04:13] Christopher Cice: Once you have all, you go in, you change all your passwords, and you want to make them crazier the better, using uppercase, lowercase, numbers, special characters, whatever they’ll allow, you want to use the most secure password you can because you don’t have to remember it.

[00:04:27] Mike Cice: Chris, what does something like that cost? What can people expect to pay on a monthly basis for LastPass or password manager?

[00:04:36] Christopher Cice: I think, it’s somewhere around $10-15 a month.

[00:04:40] Mike Cice: Okay.

[00:04:40] Christopher Cice: But it’s worth every penny.

[00:04:42] Mike Cice: It’s reasonable. Yeah.

[00:04:43] Christopher Cice: It’s absolutely reasonable, as opposed to having your identity stolen.

[00:04:46] Mike Cice: I guess the other question I have is individuals, how do they handle their personal data on social media to protect themselves from identity theft and cyberstalking?

[00:04:57] Christopher Cice: Everyone’s out there now on social [00:05:00] media, Facebook. When you set up your profile, they ask for things like your birthday, where you live, and where you went to school. The more data that is out there about you, those are all just clues and different ways for people to figure out how to get to you.

[00:05:17] Christopher Cice: And so I think, limiting the amount of personal information you have on social media websites and give that you allow apps to have is important as well because a hacker could easily figure out, a lot of people will use their personal information where they went to school or what their birthday as a password or a user ID.

[00:05:37] Christopher Cice: So I think, the less personal information that’s out there on the internet, the less chance you have of a hacker kind of figuring out how to get into your programs.

[00:05:46] Mike Cice: Why don’t you talk a little bit about the latest scams and threats that are out there to the individuals on the internet, and how people can protect themselves?

[00:05:54] Christopher Cice: Riley, why don’t you talk about the recent social security threat?

[00:05:57] Riley Masterson: Yeah, of course. Like we were talking about the other day [00:06:00] as you see in the news now, it’s just becoming more and more of a thing. In our local news channel, we have every week, two or three elderly individuals that are getting hit with these kinds of scams. And actually, it’s like you were just saying a more recent big article in the news this past couple of months over the summer is 272 million social security numbers were hacked from a Florida-based background check company called National Public Data.

[00:06:25] Riley Masterson: They estimate, there’s actually 2.9 billion records of personal information that were taken. Names, email addresses, phone numbers, social security numbers, everything. These could be from people that are already dead or still alive. But that just shows how nobody’s safe right now and there’s a lot going on.

[00:06:42] Riley Masterson: As far as things that are happening right now in the news, I’ve just seen in the news recently, they’re using new ways, like you were just saying, with protecting your family. So maybe you have a grandmother and you’re not even expecting it and you’re putting stuff out there about yourself, personal information online, these hackers will take your [00:07:00] information, go to your grandmother or somebody else in your family, pretending to be you and trying to get them to send the money.

[00:07:07] Riley Masterson: I know one example. I was just reading last week was, you get a phone call. It sounds like it’s a sheriff, and he says, you’ve had a worn out. You didn’t pay a ticket you had years ago. You have to send us money to get rid of this and then all will be okay. And more and more people are falling for these scams every day.

[00:07:24] Christopher Cice: Yeah, that’s the new element that’s being introduced into the cyber threat arena, and that’s artificial intelligence. Artificial intelligence, obviously can be used for good and for bad. And hackers are using artificial intelligence to recreate people’s voices. They can sound just like your kids, your grandkids, your parents, and your grandparents, and call you up and ask you for money. And once you send them money, it’s gone. So that’s going to continue to be a big threat, and that people should know about.

[00:07:58] Christopher Cice: Another threat is [00:08:00] phishing scams continue to be a major problem. You think you get an email from your bank. There’s a link in the email, you click on it, you enter in your personal information, thinking that you’re logging into your bank website, but in fact, you’re just logging into a hacker’s website and they’re stealing your information, and they’re gaining access to your personal data that way.

[00:08:21] Christopher Cice: You mentioned the social security breach. At this point, just assume that your social security number is out there. Hackers have access to it. You can only hope to control what they do with it. One of the ways to immediately stop a hacker from opening an account in your name using your social security number is by locking your credit reports. You can go to all three major credit bureaus and lock your credit report. So that way, if anyone tries to open an account in your name using your social security number, you’ll get an alert, and you can either say, hey, that’s me or no, that wasn’t [00:09:00] me. But the hacker won’t be able to open that account.

[00:09:03] Christopher Cice: There are companies out there like a company called LifeLock, which will do it for you. You could pay a monthly fee and they’ll monitor your credit reports and lock them and unlock them as you need to, in case you need to take out a loan.

[00:09:17] Christopher Cice: The other major thing too, about social security numbers, and we highly recommend, and that is going to SocialSecurity.Gov’s website. It’s SocialSecurity.Gov. And if you haven’t already set up an account with Social Security before somebody else does. Even if you’re 25 years old, Riley, go to SocialSecurity.Gov, open up an account, set up a password that only you’ll remember, and store it in your LastPass before somebody else does.

[00:09:45] Mike Cice: Otherwise, I’ll have your social security payments going to them in the future instead of you.

[00:09:49] Christopher Cice: Exactly.

[00:09:50] Mike Cice: More and more people are using mobile devices to do their banking, to pay bills, and what have you. What are some of the vulnerabilities, or are mobile devices [00:10:00] more vulnerable than your laptop, computer, or your desktop computer? What’s the different vulnerabilities there on the different technologies we use?

[00:10:09] Christopher Cice: It all depends. Really, it’s how your device is connected to the internet, right? If you are on a mobile device and you’re just connected to the internet through your personal Verizon or AT&T internet service, you’re fairly secure. However, if you’re in an airport or if you’re in a hotel room and you have your laptop or your iPad or your phone connected to, let’s say, Marriott’s, in hotel Wi-Fi, you are extremely exposed.

[00:10:37] Christopher Cice: Everything that you do on your device is out there, you’re on a public Wi-Fi network, and you’re certainly at risk. So what the experts recommend is having a VPN installed on all of your mobile devices, your laptops, your iPhone, your Android phone, tablets, iPads, etc.

[00:10:55] Christopher Cice: Again, it’s going to cost a little bit of money to set up a VPN, but you could go to [00:11:00] NordVPN or Norton or any of these other VPN services. And what a VPN does is it creates a private connection between your device and the internet. So even if you’re connected to the internet in an airport, or at a hotel, or in a coffee shop, if you have a VPN, it’s almost like a filter that blocks the public from getting to the information that you’re sending out via your mobile device.

[00:11:29] Christopher Cice: And we’ll include some links to some popular VPN services as well. And what VPN stands for is Virtual Private Network.

[00:11:36] Mike Cice: That was going to be my next question. VPN, Virtual Private Network.

[00:11:40] Riley Masterson: Yeah, I’ve noticed too. I have an iPhone and if you download new apps or on certain websites, it’ll actually ask you if you would like this website to track you or if they’re allowed to have your data, and things like that. And now I’ve come across them just immediately. No, I do not want them to be tracked. I do not want them to have my personal data. Cause [00:12:00] the more apps and subscriptions and places you put in your personal information, nowhere safe anymore, as we know. It’s just luck of the draw of who’s going to get hacked next and you just want to limit how often your information is out there.

[00:12:15] Christopher Cice: Yeah. Riley, you sent me that link to that. I’ve been pawning a website where you can actually put in your email address and see how many apps or how many breaches that your email address has been compromised in, and it’s pretty incredible. I’ve been using the same email address for 20 years, and it’s been exposed, or compromised in about 12 different breaches, including fitness apps, or LinkedIn, or just various websites that got breached.

[00:12:46] Christopher Cice: And now they have not only my email address, if I don’t have a secure password, there’s a good chance that they know my passwords for multiple websites, especially if you’re using the same one.

[00:12:58] Riley Masterson: Yeah, I agree. We’ll [00:13:00] definitely put some of those links below for those websites where you could put in your information and see where it’s been leaked onto the dark web and other things out there. And when I looked up mine, I’m the same boat as you. I’ve been using the same email for 15 years now. And there’s things on there from back in 2010 that I subscribed to for apps.

[00:13:19] Riley Masterson: I downloaded and put in my email, password, date of birth, and all my information that I haven’t used in 10, 15 years. And they leaked maybe five years ago. And it has my email, my password, and disturbing information right there. Just, I could look at it. I’m like, wow, that’s my password right there, just out in the open and on the internet.

[00:13:39] Riley Masterson: So those are some great sites. We’ll put some links below for those.

[00:13:42] Mike Cice: Wow. So, there’s a big rise in ransomware and businesses were affected at first and being held for ransom. How’s that affecting the everyday person now, not just businesses? And what do they have to be aware of?

[00:13:56] Christopher Cice: So for the most part, [00:14:00] ransomware is still targeting businesses, but even small businesses. So what ransomware is, a hacker will get into your computer network, you’re getting into your computer, and it’ll hold all of your information hostage. If you’re trying to run a business or a company, it could affect it.

[00:14:15] Christopher Cice: If a hacker really wants to go after an individual bad enough, and lock up all their personal information, and then they demand a ransom to unlock it, and it’s the only way to unlock it. You have to spend a lot of money. They most likely will only accept Bitcoin or some form of cryptocurrency to release your information back to you.

[00:14:36] Christopher Cice: So it’s pretty scary to have to pay tens of thousands of dollars as a business owner, a small business owner, just to get your information back. But that’s what’s happening.

[00:14:45] Riley Masterson: What was that a couple of years ago with the Vegas casinos? All the Vegas casinos. And I think there was one casino that was holding back, that they were waiting and they didn’t want to pay them, but all the other ones already did.

[00:14:55] Mike Cice: Yeah.

[00:14:55] Christopher Cice: Causes us a major lockup. You can’t run a business without your information.

[00:14:59] Riley Masterson: Yeah. They [00:15:00] were losing millions of dollars a day, not having them operational. And they were just forced to, do I just pay these people or lose more money? It’s tough.

[00:15:10] Mike Cice: Before we wrap it up, I have probably two more questions. One, I know you talked about this earlier, and that is two-factor authentication. Can you explain exactly what that is and how it works?

[00:15:22] Christopher Cice: Yeah, so two-factor authentication, sometimes you’ll see it referred to as 2FA is when you log into a website, and you put in your ID and password, I’m sure many people have used this every day is, they’ll send a text message to your phone with a six digit number, or a five-digit number that you have to enter in, for you to be able to log in. That’s two-factor authentication. It’s an additional step besides just using a user ID and password to allow you to log into a website or a service or an app.

[00:15:55] Christopher Cice: And it could be a text message. It could be an email. They have two factors [00:16:00] authentication apps, like Microsoft has one, Google has one, there’s a few other ones out there, where you enter in your user ID and password to log into a website, you have to open up an app on your phone, and pull up your Google authentication app. It has six numbers sitting there waiting for you. You plug those in before it’ll actually let you log into that website.

[00:16:21] Christopher Cice: So that’s just an additional layer of security. If a hacker does happen to get your user ID and password, somehow, if you’re not using LastPass, if you’re using the same password for every single website, chances are, a hacker has that information. They’re going to try it in other places. Two-factor authentication, at least puts an additional layer of security in the event that your password gets stolen.

[00:16:45] Mike Cice: So, how annoying, I find it. It’s still best for me to have two-factor authentication.

[00:16:50] Riley Masterson: Especially people like me. I’m definitely guilty of one of them who uses the same password for a lot of things. And I know just firsthand how bad that is to do, at least having [00:17:00] the second authentication gives me a little bit more peace of mind.

[00:17:02] Christopher Cice: And if you ever get a text message from a two-factor authentication text message from a website that you didn’t try to log into, chances are, that’s a hacker, trying to log into that website, using your information. So if you ever get a two-factor authentication password or code sent to your email address or your phone that you didn’t request, change your password.

[00:17:25] Riley Masterson: Yep. I almost feel like I wish they had.

[00:17:27] Mike Cice: How often should people change their passwords? That’s a great idea.

[00:17:31] Christopher Cice: It’s recommended to change it every six months or so. If you’re using ultra-strong passwords and saving them in a password manager like LastPass, you probably don’t have to do it every six months. Maybe every year would probably be sufficient. But if you’re one of those people that uses the same variations of passwords over and over again, probably want to change it more regularly.

[00:17:51] Mike Cice: Finally, should people be concerned about the companies that are collecting their personal data and using that? And what can they do to eliminate [00:18:00] that? Or at least, limit it, not eliminate it.

[00:18:02] Christopher Cice: They should be concerned. There are ways to opt out of your information being used. Every company, when you sign up for a product or service, of course, they’re going to hit you with the terms of service agreement that no one ever reads. But most likely in that fine print is how they’re using your personal information. And there are ways to opt-out.

[00:18:21] Christopher Cice: Without telling you to bore yourself to death, reading the fine print of all the terms and services of every single product or service that you sign up for, it may not be a bad idea because that’s how you could protect your information.

[00:18:34] Mike Cice: Thank you, Chris. Thank you, Riley. I think we covered a lot of territory today. There’s a lot more to cover. I know we’ll be posting some things on the website. I want to thank you for being here today and look forward to the next episode of Steps to Success.

[00:18:49] Christopher Cice: All right. Thanks guys.

[00:18:51] Riley Masterson: Okay.