#149 Online privacy, why cyber-security is everybody's business, and simple security practices for entrepreneurs & small businesses, with Scott Schober.

_____

Episode Transcript

_____

0:03  
Welcome to the personal development mastery podcast. I'm Agi Keramidas. And my mission is to inspire you to grow, stand out and take action towards the next level of your life. I interview leaders, authors, successful entrepreneurs, spiritual teachers, exceptional people who will inspire you to improve your life. Tune in for two episodes each week, and make sure you subscribe to get them as soon as they are released. In today's show, I'm delighted to speak with Scott Schober. Scott, who are a cyber security expert and the author of three best selling security books. You have dedicated yourself to educating as many people as possible by telling your own stories have been hacked with the hope that others can learn from your mistakes. You are a lifelong technology, innovator and inventor, and you are passionate about helping seniors seamlessly adapt to our ever technological world. And about making cybersecurity makes sense for everyone. Scott, it's a real pleasure to speak with you today. Welcome to the show.

1:22  
Oh, thank you so much for having me. I look forward to a nice conversation.

1:25  
So am I and as I was saying with you earlier, it is a completely different topic. After all the episodes that I've done in the podcast, I never discussed this topic, but I think it's of an extreme importance, because there are so many traps in Heaton thinks and many people are completely unaware of it. So I would like to start by asking you to give us a little bit of background about your journey. Can you tell me of that key defining moment? Maybe that 10 things around with you and made you so passionate about what you do?

2:13  
Yeah, absolutely. Well, to give you kind of the context and the backstory, I'm running a, a small privately held business, we've actually been in business for 49 years, there's a lot of people are kind of amazed that, but it's actually I'm second generation, my father founded the business 49 years ago. And we're a technology company, people come to us with problems, often very complex problems. And we try to provide a complete solution. And much of this surrounds wireless, that's really our background, we've designed wireless tools to build out the cell towers to make our cell phones work. In the process of doing all this design work. We learned how cellphones work and how people can manipulate cell phones and wireless for bad purposes. And hence, a number of years ago, approximately 10 years ago, we really started shift or pivot our business more and more towards security. And the more that you start working in the world of security, a very large part of it is just sharing your knowledge. So the more things that I came to know, the more that I would share with other people and teach them and speak at different seminars, write about it, so on and so forth, to the point where I guess the bad guys that the cybercriminal started to look at that and feel a little bit threatened. So what they actually did was start to target me to try to stop me from talking about how to keep people safe. And that was certainly troubling. And what they started with with some simple manipulating of things and my my credit card was compromised, my debit card was compromised this personally. And then also both my credit card and debit card at the same time good compromise for my business. I said Jesus is scary, coincidental, I don't know, went through the process of reissuing credit cards calling the bank's paperwork, big mess, so on so forth, it happens again. And then it happens again, I'm saying this is too strange. Next thing I know my Twitter account is hacked. This is crazy. Then all sudden we started receiving repeated DDoS attacks, distributed denial of service attacks where they flood your website with with just junk traffic. So now your online store doesn't work. And we do maybe anywhere from 40 to $50,000 a month in online commerce that's concerning. So now suddenly it's starting to paralyse a business. So one thing after the next started happening and I said this is too coincidental that this is happening to me. And some of the individuals that have targeted my Twitter account, I started to analyse I, I approached an Israeli firm that I was partnering with, and did some dark web searches to find out who these individuals and these different accounts were that we're targeting. means saying things against me. And they were notorious cyber criminals. And finally, the last straw that said, something's wrong was I came in one Monday morning, and I checked the online bank account and $65,000 was stolen out of our account. And I said, Wait a second, this is something seriously wrong. And it became a long investigation was a federal investigation because exceeded $50,000, I did get all my money back in the end. But it was a painful process. And it was a difficult process, because here we are a security company and focusing on cyber security heading and get I thought I was doing everything right. And what did I learn? I realised that, number one, everybody is not 100% safe, and nobody's safe, really, from cyber criminals if they set their target on you. And I've learned quickly that other researchers, in my field of cybersecurity, I started talking to them at conferences and other things. And they said the same thing. They were targeted, they were victims of different scams again, and again, and they're continually being targeted and hacked. So I started to realise maybe I'm in good company, in a sense, and maybe there's a sense, I'm flattered. And as a security practitioner, running a business, and again, we sell most of our tools. And these are wireless threat detection tools to stop any type of wireless to get into secure facilities, these are going to us do D agencies. So these are very important customers. And it ties in very closely with national security protecting confidential, classified information. So there's a huge concern there. What do I do, as a business owner, for my employees, for my customers for our reputation over the past almost 50 years? Well, I came off of an interview, I was actually on Bloomberg TV that day in New York City. And I got a phone call on my cell. And it was a call, I didn't recognise I looked down, it was the Associated Press, somebody was writing a story. And they heard that my business was compromised. And I sat there scratching my head, and I'm thinking, How in the world did they hear this? And I asked them, and they said, Well, we can't reveal our source. But we heard about it, we want to do a story we want to interview you go on the record and explain what happened, this and that. And I said, Well, I'm a little reluctant to do that as a security company. But But I will agree to do that if you share what happened and share my misgivings and misfortunes and the mistakes that I made in hopes that people could also hear some of the positive things that I've done since then. And they can improve their cyber posture. And they agreed to it, we did the interview. Once that hit, it really took off. More and more people started calling me for interviews via TV, radio, speaking, so on and so forth. Then it was approached, and someone says you really should write a book on this, Scott, this story is kind of interesting, what you went through, not just the physical things that happened, but understanding what you learned in the process, the emotional journey, how it affected you, personally, your business, your customers, your employees. And that's when my journey started in writing hacked again. And that's just my personal journey, my first book, and now again, just to let the audience know, cuz a lot of people hear like, Oh, we must be a writer. I was not a writer. I don't I'm actually I always consider myself fairly poor, in writing, and even speaking, which is kind of ironic, because what I do now is I write and I speak all the time, and I get compensated for it. And I say, wow, what what this journey taught me was it helps you do some personal reflection. And you realise if you have something inside you such in this case, as a story, and you realise if you share your story, the good and the bad, and others can relate to it, or they could benefit from it. It makes you feel good, you It helps fulfil a purpose in you. So in essence, when I share my story, and my passion, about cybersecurity and the things that I've learned, I get response back from people every day. Scott, I applied that tip, I read your book, I learned something, I shared this with my grandparents, I shared this with my friend, I brought the book to my boss in the company, and he's implementing things. So part of this is really a journey for me. And I think as I have things up here that I want to get out and share and put it to paper and share my story. I have to say the world especially the world of cybersecurity has been very generous back to me, sharing things that keep helping me learn. I think that's very important.

9:44  
Thank you, and this is a really, first of all, it's fascinating as a story and second is very, very worrying. If if you're telling me that someone can take money out of your bank account, the console your cards and show some how they can bypass whatever bank protocols there aren't. do those things. And you said something. And that's something that came up was a question that if the cybercriminals target you, then things are very difficult, if not totally fit, there's anything you can do anyway. My question is, is there someone that should be especially worried about being a target of this cyber criminals, obviously, you had a very unique position that you were doing something against them. But if we talk a bit of more broader audience of this conversation, who should be worried about cyber criminals, setting them as a target?

10:57  
Yeah, and you make a really interesting point there when I was compromised in hacks this this was pre 2016. It happened right around the time. If we think back to 2013 14, when target a very large retailer in the United States was compromised, as far as the number of credit cards that kind of made the headlines again and again, and again, because of the brand damage that was implemented there and the lack of security that was in place, that to me set a set kind of a dividing line in the sand for helping me always to reference where we were. So when I used to talk about it, back in 2013, to 2016 to audiences, I was primarily peeking, speaking to security people, and they got it. Anyone else I talked to about cybersecurity back then my relatives, my friends, co workers, others, they kind of were like this deer in the headlight. What are you talking about?

11:57  
Yeah, damn, cybersecurity sounds very, like it's not for me. It's for the professionals. Exactly. And

12:05  
so when I when I offered hacked again, the one thing that really stood out in my mind was because I was excited. I'm telling everybody my story talking all about it. And they're all giving me the deer in the headlights look like I don't know, understand what you're saying. I spent a lot of time putting together a glossary in the back defining these unfamiliar terms in the in this unique world of cybersecurity. Now, now, fast forward a couple of years later, the more people I started talking to, they're like, hey, Scott, I read your book a couple years ago, and I remember you telling me about this subject, you won't believe what happened to me. I have my credit card compromised. Another person comes along and says, our company was just targeted with this weird malware called ransomware. Have you ever heard about it? Yeah. So again, again, I'm getting phone calls friends reaching out to me, sending me newspaper clippings texting me stories from every breach day in day out, asking for advice. And then I sat back at one moment I thought about and I says, You know what, the world of cybersecurity has drastically changed to targeted focused attacks against individuals, to now cybersecurity has suddenly become all of our business. And at that moment, the light bulb clicked and I said, I'm going to write a book, cybersecurity is everybody's business, especially helping business owners. So they can understand that now they too, they can be running a small business could be a mom and pop flower shop on the corner. And that's okay. But they have to realise they have to take some best practice implementations within their business, so they could stay safe in this crazy world of cyber. Again, I'm a small business owner, I learned these things the hard way. And and that's why I shared my story. But in the process of educating myself and learning, I picked up tips along the journey. And I continue to do that. And that's what my hope is to share some of these best practices. And when I say best practices, oftentimes people roll their eyes and say, oh, cybersecurity best practices, does that mean I have to spend a tonne of money, I don't have a billion dollar cybersecurity budget. I'm a small business. That's not what's essential. Best practices are a lot of times, common sense things that you and I and your listeners can do. And that we can get it structured and pattern our business in our lives. So we think cyber and make it difficult to for the cyber criminal to keep targeting us and compromising our business. So I think that's important for people to realise it's not always about spending the money. If it is spending money, it's understanding where to spend the money in the proper areas, to keep a good cyber stance in your business.

14:55  
And I'm sure there are other steps that we can take the We don't need to spend a lot of money if anyone Yeah. Essential. So I suppose so I really know very much looking forward to hearing some of the tapes show. I will ask you, I do have some specific things that I wanted to talk to you about, like web use of web browser and things like that. But I want you to start with what you consider to be really the most essential. I think that the listener, someone that does have a small business that has maybe taken online, or they'd have a website or whatever, kind of intellectual property or rather, business. So tell me, what are those really essential things that someone needs to look after? Immediately? I mean, there's absolutely,

15:57  
I'll start with the one that I probably hate the most, and most people hate hearing about the most. But yet, it's still probably one of the number one problems despite repeated efforts that I've tried to educate people, and we talked about, we're beat to death about passwords. No one, I don't think anyone loves to manage passwords and constantly worry about them. Yet, if you go back to just about every single breach that there is out there, it usually starts out by cyber criminals or hackers exploiting weak passwords. So therefore, I always try to keep it simple. Because if we keep it simple, we can actually be successful in negotiating this, this this path of passwords. So what I've learned is, yes, having a long, strong password that is obscure, is hard to hack. Nothing is impossible. But the longer your password gets once you get above 810 12 characters alphanumeric. And having some symbols mixed in there, that makes absolutely no sense. It's not a common word in the dictionary, it has absolutely no association to you at all, it starts to become a strong password. I encourage people to take a few minutes to go on to the web. And there are free password security tools to check how strong your password level is. And just pick some random ones and quickly learn how long it would take to compromise a password. And again, realise passwords are not compromised by some cyber criminals sitting in his pyjamas in the basement or with a hoodie on sitting there at night trying to guess it. There are automated tools that will go out on social media and scrape everything about you. And they will then automatically try to guess all the passwords, they put every word in the dictionary, everything about you, your website, your blogs, this and that, to see if they could find that magical combination, and start chipping away at it. The other way they do it is they take these volumes of lists of previously compromised passwords. They go into the dark web, the the underbelly of the internet. And they'll take these lists. And these lists are millions upon millions of passwords. They'll feed that into these automated tools to try to guess your password. Once they get into one site that you log in with your username and your password. What do they do? Well, cyber criminals know the other second big problem with passwords is people reuse their password across multiple platforms. More than 50% of the people around the globe still do this. years ago, it was much higher, but it's down to about 50%. So you got a 50% plus chance of of get guessing that password another platform again, automated tools are used. So if they guess your password, and your password was password 1234, which is still in the Top Common passwords used every day, despite what we preach to teach. They will now try that same password and try to log in as Scott showed her password 1234 on hundreds and hundreds of sites to see if you reuse that password. So tip one long and strong password that nobody could ever hack into or make it difficult to hack into number two. Don't reuse that same password ever across multiple sites. third aspect of it to keep in mind is okay, Scott, you told me make a long password. I can't remember it. Exactly. That's a trick terrible problem. And I can't either. So what do I do? I have different stages of passwords and I associate them to what am I trying to secure. So whether you have five passwords, you're remembering or if you have over 200 passwords like myself, you need to have a discipline to To record these, so you can adjust them as you need to. Step one I like to use is obviously a good Password Manager, where you have one master password that you have to enter, remember, and that gives you access to all of your passwords. So I'll use dashlane. Myself, there are many good password managers out there that you could use, the data is encrypted. Again, you need to remember that one password and your different spots remotely, you could access that so it's convenient. But it's also security. So you're not trading one for the other very important.

20:33  
Can I ask you, that's incredibly Thank you, Scott. And I personally use LastPass. Sure, I've heard this. Every website has a random password, which is generated by LastPass. And it has like 12 characters, both numbers and symbols. So I really am very happy. I've been using it for years. And my question is, what is that systems vulnerabilities? So if someone hacks into that thing, you're really in deep trouble, isn't it? Because it's only one password? Maybe they have some kind of two factor authentication. But isn't it a bit dangerous to give everything to one place?

21:21  
Yes, you make an excellent point. And I'll counter it by balancing something that I do for very secure sites. So we do a lot of government work and we sell to the government. For those sites that I log into, I do not put those passwords into a password manager. I do something that's very untraditional and goes against everything that cybersecurity practitioners say I write them down. However, with the caveat, I write them down in a black book. That black book is locked in a safe, which is locked in my office, which is locked in a building that alarm and has cameras. So again, layers of security, ensure that my passwords will not be compromised. It's not convenient at all. And it's laborious to have to look them up and adjust those passwords. I do add in as you point up a brilliantly the importance of using multi factor authentication or two factor authentication. Most everything nowadays offers that if you're logging into a bank, if you're trading stocks or your retirement portfolio, utilise their multi factor authentication, if you use free email, Yahoo, or Google Gmail or whatever they offer built in security, multi factor authentication, use it if that if you're using that your chances are minimised that it will be compromised. So again, using some common sense tactics there really do make a difference. These are what I call the best practices to keep you to keep your business safe. But it does take discipline to implement some of these things.

23:04  
Hi, it's Maggie here, interrupting you with something you may find useful. The most frustrating feeling is when you're trying to focus. But you can't get your brain to concentrate and let you zone in on the important work in front of you. This happens to me all the time, especially the days that I feel, I have too many different things to do. And if it happens to you, you're not alone. 40% of people say they have to make a big effort to concentrate. This isn't some minor thing. But if you're having trouble getting focused, I have a solution for you. I'm so excited to be partnering with brain FM. Brain FM is a great app, and I use it to block out mental chatter and droning on my number one priority of the day. Brain FM uses functional music backed by science and research, which is designed to give us that extra edge when we need our undivided attention. But they also have relaxation, meditation and deep sleep modules that help you unwind and recharge. So if you want to be able to place your full attention exclusively in the activity you choose, whether that's meaningful work or relaxing or getting high quality sleep. Right now personal development mastery podcast listeners get 20% off brain FM slash ID. That's an amazing deal for such a great app. 1000s of people have given five star reviews to brain FM find out why brain.fm slash ID absolutely can ask you about some In different the use of a VPN, a virtual private network and how necessary it is, I won't say important because I think important work have gone beyond important now. But is it necessary to protect our, our privacy and security?

25:18  
Yes, I believe privacy is of utmost importance part of our problem as it is a as a human problem, I'll say, We're too trusting as individuals. And that's good. And in human nature, in conversation, we share things it comes from the heart, and that's wonderful that we could communicate. However, there are many unscrupulous individuals that prey on this information on the internet on the dark web. And we've also come accustomed to using social media to tell everybody everything we do, and it's a little too much at this point, I read some posts, people saying, they just went to the bathroom, they just ate a piece of cake, they're driving to work. I don't need to know these things. It's not important. We don't care. But but but even more importantly, is sometimes the tells the things we share on social media, are used by cyber criminals to socially engineer information out of us to compromise our account. I'll give you a case in point. When you sign up for Twitter, LinkedIn, Facebook, a lot of these social media platforms, what do they do as we're setting our configuration there for our account? We enter what our birthday? Yeah, no, no, I don't do that. So every social media account, I have entered a fake birthday on those accounts. And I'll give you a reason why. A couple years ago, I was presenting them to a number of government agencies cybersecurity show. I was brought up on stage by the world's most famous hacker to he was going to perform identity theft on me. I was like what fascinates? Oh, yeah. So this was, by the way, this was in front of hundreds and hundreds of people, high level ranking officials in the military. I was nervous. And he started out by looking at my badge. He goes, all I need is your name, Scott shoberg. He's on his computer at a couple computers. And by the way, there were giant screens behind me. They must have been 50 foot big so everybody can see what he was typing. Now I'm getting nervous. I'm sweating. And he says, okay, Scott show because oh, you have a house here. Correct? Yeah, you have another house here. Yeah. And he asked me a bunch of different questions and just kind of said, nod your head, yes or no to them. And every one of them was gas. Yes. That's your mother's maiden name. Yes. I'm getting nervous. The sweat starts coming down. Because I'm going to use this website and he pulls out a credit card to purchase your social security number. It's gonna cost me $1. Boom, he goes, is that your social security number? And I'm like, yeah, this is getting kitten scary, because the last piece of information. So now I can perform identity theft is I just need the simplest piece that everybody makes a mistake on and puts out there is your birthday. And he goes up on the screen all sudden, it had a list of about 20 to 30 different birth dates associated to Scott shover. Ah, and he stops and goes, this is weird. I've never seen this. He goes, is that your birthday? No, that one No, that no, is one of those on their birthday. Because I don't understand what's going on. I said, Well, I changed my birthday on every single thing that I register for social media. Therefore, when somebody picks up the phone, an issuing bank or somebody trying to perform identity theft, and they put the wrong birthday, guess what conversation over there is a simple example of a best security practice that any of us can implement, and prevent us from being a victim of identity theft. Now, you might ask, Well, why don't you just freeze your credit? Well, I did. I do do that I freeze my credit, the credit monitoring agencies and all of those other additional steps because again, nothing's 100% secure. But taking some of these best practice simple steps. That didn't cost me anything can make the difference between being a victim and keeping safe.

29:04  
That's really so interesting. And I can only imagine the way you were describing with someone hacking your identity. It's scary. Yes, yes. Very scary. There is one other aspects that I want your expert opinion on. Is email. A big thing again, so are there any best practice implementations shown a mail as general as the question is,

29:34  
yeah, there's actually a lot of them and again, what to me, what's always very important to do is ask yourself, what's the content of the email? That's a question is yes. Where's that email being stored? And probably you're going to find out most people, excuse me, say in general, I have nothing to hide. I have nothing really private. It's no big deal and I disagree with that. Typically Because I asked asked often I'll say, Well, have you ever shared a phone number, an email address, perhaps a credit card number, perhaps a security code, a pass code, a tax id form customer information with any personal information in any of your emails. And out of one of those, or all of those, they say, well, well, yeah, I guess so. Yeah, okay. Maybe I do share all that stuff, what, that's what cybercriminals want, they want that type of information. Because they could put that together to perform identity theft, compromise your credit hack into a system, take a Wi Fi password, and use that to get into a company or into your company. So we tend to all do these things. And we do it through the most convenient method, which is what email, we have it on our smartphone. So email is part of us now. So if we could use an encryption tools, again, not very convenient, but they're very secure. That that's important. We could put some good anti spam filtering on their junk mail filtering, it can be done at the server level with with hardware appliances, which is what we have in our company. And then it can also be done on your computer. And you can have it on your smartphone. I tried to do all of those. Is it a pain to manage it? Yeah, it is a little bit of a nuisance. Sometimes, you have to update it regularly. You have to make sure you vet and check these things, and that it stopped. But primarily you want to stop in email is all of the phishing schemes, where they're trying to lure you in to click onto something. Because these embedded attachments I share a stat and it's it's probably gotten larger than this. But out of the millions and millions and millions of emails every day that are sent out spam junk emails, over 80,000 people globally every day, click on those attachments, which downloads different strains of malware, resulting in ransomware attacks and everything else over 80,000 people every single day. That's scary, isn't it? When you think about it, there's over 4000 companies just in the US alone, every day that are now a victim of ransomware attack. Those are staggering numbers and the damage from a ransomware attack years ago was hundreds of dollars became 1000s of dollars, some some larger companies, the result in what they're paying out in this ransom exceeds $200,000. At averages. Those numbers are staggering. The largest ransomware recently paid out was an in excess of 40 million US dollars. So we see a problem that's doing what it's not getting better. It's actually getting worse. Because people are using weak passwords. They're not encrypting. They're not using multi factor authentication. They're not properly destroying sensitive documents. And what do I mean by that? Old school paper documents, shred them properly shred them with a micro cross cut shredder that will obliterate it to confetti. Very important. It's simple, you can buy a regular shredder that just shreds paper into long strips. And guess what I could take that garbage can lay it out on the floor, take a picture of it. And there are automated software tools that will actually piece it back together for you. That's how scary it is. So the only way to prevent that is to really shredding it into 1000s of tiny pieces. That's how NSA does it. That's how I do it. What is the shredder like that cost under $200 at any store like a staples or a Walmart target. Most people go for the $20 shredder that just shreds long paper pieces. So again, being a little bit more proactive with something as simple as that. I'll give you another example. A credit card. When you dispose of a credit card Do you properly destroy it? Burn it, cut it up into a million pieces or feed it into that Shredder. So it obliterates it. One day I had a card and it expired and I just cut it up into a bunch of pieces like most of us do. Try not to cut my fingers off and the sharp plastic through my garbage can. That was a Friday, Monday morning. Our building manager called me outside because you got to come outside and see this. on the curb. We have all our garbage cans lined up from sanitation picked it up, was a replaced credit card, my credit card somebody went in dumpster dive, they went in pulled out of our garbage they saw a piece of credit card and said Ooh, dumped it out, put it all together and probably took a picture of it. That was scary to me that somebody would go to that link Now fortunately for me the card was expired reported to the bank. I didn't have any problems with it. It told me right away the importance of properly doing things old school, completely destroying that junk mail. Credit card offers loan offers anything that's got your personal information on. Don't just rip it in half and throw it in the garbage. Burn it in a fire Replace, or shred it properly. Very important.

35:03  
It's very important. And it's very basic. And it's great to, you know, because many, many of us kind of hope or keep the fingers crossed that maybe shred the piece of paper in four. And hopefully, the four different parts of the paper will end up in different parts of the beam. So, but if people go into that kind of work to uncover it, yes, that's extremely useful to keep it in mind for the next time that we just chuck a bank document in the recycling, paper recycling. Can I ask you about government back to this, the security, the cyber security? So tell me about the use of a mobile phone? And is there something massively different in comparison to to a computer that someone needs to be aware of in terms of security, because many things with in my mind, and I suppose others as well, they will consider security, cyber security, something that has to do with computers, more than our phone? So what's the difference? What really, we need to be careful about when we use our phone?

36:29  
Yeah, excellent question. And in fact, what's important, I always tell people, you have to almost think like a hacker. And that's what you're doing. You're thinking like a hacker in a sense, and asking that question. We're all comfortable with computers, tablets, laptops, what's the migration now, as phones have gotten bigger with screens, more power, more memory, more wireless capabilities, we migrate to our phones to do business. Now. I can go on my smartphone, I could pull up an Excel document, a Word document a PDF, I can do a digital signature on it. I could do banking, if I want. I can buy things from my phone. My phone is now like the Swiss Army knife. That's the way I always kind of think of it as That being said, ask yourself, what precautions do you put on there to protect your phone? Or do you have antivirus software on there? Do you have something that can detect if if somebody is trying to put something to decrypt files or steal files on there, or spam on there? It's hard to load those type of things onto a phone and actively use it. So most of us just say, Well, no, is that even available? Well, that stuff is all available. And we need to be able to use it, we need to do something the most simple thing for phone This is again, best practices one on one, do you have a long, strong passcode to unlock your phone, I see people all the time that they just don't have that when either the phone manufacturer Yeah, 1234. The phone manufacturers realise it's such a problem that now they're putting some biometrics in there. So it might be our fingerprint, it might be facial, it might be a design that we scribble on there something to give a layer of security to make it difficult. But there are other things that you can use to look at a lot of these popular chatting applications, we share a fair amount of personal information when we chat with people via WhatsApp or many other popular ones. And the law brag and boast Yeah, they have end to end encryption. Some do some really don't. Some do not have it when the data is at rest or a data's transit in transit from this server to this server. And that's the point where hackers will exploit and get it. And they don't always implement the best encryption on there. So it can easily be deciphered decrypted. And then they will do is parse and pull that private information off there. So you got to be very careful. And ask yourself, who owns WhatsApp to Facebook? Do you trust Facebook? You know, that's a personal question. I have my own opinion about it. But I don't use WhatsApp. But there are other chatting applications that actually embed. They have encryption, they don't store the information, which is very important on a server anywhere. It's encrypted, while you're having that short conversation. And then after about 30 seconds, it wipes it. That's interesting. And more importantly, they don't require to know what your mobile phone is you can give them an alias. So now what does it do? It does not tie that chat to me. And of course, the other user has to have the same application on their phone so you can communicate. But what is that that's that's true security, again, trading convenience a little bit for more security. And that's how I do it with a chatting application. So I try to think out each use case, and especially with smartphone to your point. That's very important. Same thing with key loggers. There is anti keylogging software. So every time you're clicking on your screen or typing on the little keyboard that pops up on your screen. If there's malware on your smartphone, which is often dispensed through text, when you click onto the link there, it sits in the background, so you can't see it, it records every single tap on your phone every little keystroke. So an anti keylogger, every time you tap your phone and type SEO TT, it actually will encrypt each and every one of those specific characters. So the malware can't scarf that. And now use your email programme to send that to the cyber thief. So again, little simple tools, what is something like that costs under $30, for that application, to load a seed onto your phone, low cost, but very important to protect your phone. So again, simple best practices that we can implement into your point on our smartphone, which is our Swiss Army knife that we depend to run our business in our personal lives with very important to keep that protected as well.

40:56  
Absolutely, it's like Limbo, I think sometimes it's we went out of the house and had to come back because I forgot and it fits like I went out naked. It's scary how how we have become dependent over it. In some ways. It is scary. And even scarier is scarier is how it invades, or someone can invade our privacy without our knowledge. And we can get into very much trouble. And that's a whole different topic. And I think I could be asking you for many more. Okay,

41:39  
maybe I could share one thought because I want to share share the positive with what do I use? A lot of people ask me, can I ask you personally what you use? Sure, I use an Apple iPhone. Why Apple's ecosystem focuses on convenience with a balance of security, there is a cost more Yes, the Apple products we know cost a premium. That's probably why they're the wealthiest company in the world. One of the reasons why they are what they have inside an iPhone, those call to secure enclave, a specific circuit that helps with the encryption. So that's done at the hardware level, they're doing end to end encryption from a software level, but also At the hardware level, unlike a lot of other smartphone manufacturers that only do it on the software level, very important. In addition to that, I actually use the Apple Pay, which is used for purchasing things, instead of using a credit card that has a magstripe on it, that could easily be stolen. If I put a card into a gas pump or retail point of sale terminal, put it into an ATM machine, that credit card can easily be compromised with Apple Pay, you're using what's called near field communication, where you bring your phone close proximity. And instead of sending any personal information, my name, my address my credit card, it's sending a one time encrypted tokenized transmission that goes all the way back through their ecosystem back to the issuing bank that says yes, that Scott, this is his account, I authorised this transaction. So nowhere in that transmission is any of my personal information being able to be compromised, and it remains encrypted. That to me is secure proper payment. Unfortunately, it's not used everywhere. So when I can't use Apple Pay, I tend to use cash. I'm old school. So I try to avoid credit cards and debit cards, because of the inherent risks built into the credit card there with the mag stripe there, just because you have a chip and pin credit card. And if there's a mag stripe on the back of it, which most everybody's card has, does not mean that it's secure. You have to use caution there and still protect it very carefully. So to your point of migrating to the smartphone, yes, it is important if you have proper use of it and understanding of the security and respect it over some of the other traditional methods.

44:04  
That's a great point that you made there that Apple Pay is safer instead of using your your cards. I think there is a limitation on how much you can spend. Of course, it's like the contactless equivalent, but it's great to know that it is safer than I never liked personally, that idea of just taking my guards out and waving it into the air and whoever picks whatever. Yeah,

44:31  
there's some some added risks there that way. And I should add to that, too. I don't want to just say Apple is the only way to go not not trudel digital wallets and Google Wallet and others are very good and very safe. I just personally use Apple Pay because I find that for myself, my ecosystem. It's the safest.

44:52  
Sure. Can I ask you you mentioned about the the messaging app and whether something is is indeed encrypted, or what is your opinion about telegram? The app? Is that better than WhatsApp in terms of familiar security and privacy between the correspondents?

45:14  
Yes, I believe they are more secure. And WhatsApp had several breaches in the past. And since then they've gotten more secure. But I always often look back at the track record, and not not only were they compromised, and that's important, but what do they do after it? because everything's pretty much been compromised. myself, my company, you use LastPass, LastPass, I know has been compromised at least twice. So we have to pick our battles. And we have to do our research and be careful. Again, I'm not knocking any one provider, I just like to do my research. And make sure the part that I control be at a strong password, be it the content that I put out on any type of chatting application, I have to use use a lot of caution there. And I'm working actually with another company they actually announced yesterday, they do some interesting things for chatbot surveillance. So a lot of new products and things are coming out that I think it's important for users and business owners, test them, read about them. Don't forget to ask the important question like you are is how secure is this? What are the vulnerabilities? What are the trade offs that I will take on there? Because sometimes, if we get too close to one particular application or count on everything, and there is a breach or compromise, it affects our business, it affects our bottom line, it affects our personal safety. So I always try to say use balance there. But answer your question. Yeah, telegram. Do I feel more comfortable using that over WhatsApp or some of these other widespread adopted chat platforms? Absolutely. Why? A lot of it, I follow the money, what does what's app have, they have ability to use content that they say they keep secure and safe, that they could really use the metadata data about data associated to me that could be sold, that in turn could be used to push advertising on different platforms. Is that on? Absolutely will the big tech giants admit it, not 100% forthright, but reality it is again, again, when they go before and testify, and things come out. And this is all the big tech companies, I'm not going to hone in on any one of them. They take our data, our data has value your data has value, protect your data, protect your privacy, within reason. So you could still live in function, but don't give it away for free because when we give it away for free, it may come back and be used against us by cyber criminals to take more.

47:56  
That's again, a very, very valid point and to what you said about the convenience that we tend to prefer the convenience and in the name of that we give away all other things and what you were saying about our data being used or the metadata remember, there is so much information out there things are being exposed. I remember watching the social dilemma, which really explains those things. However, it's again, that thing that convenience that you said, which I think it leads to laziness, you have your your head chopped off, or the equivalent of it in whatever disasters digital disaster might happen. Scott, this is such a fascinating conversation. And I really enjoy that I have some quickfire questions to ask you as well to start wrapping things up. And I will start with with that thing. And my first question is in terms of personal development, because I'm sure we didn't have a chance to discuss about this but I'm sure looking at your the books behind you. I bet that there is a very intriguing journey, but what does personal development mean to you?

49:19  
Personal Development for me is learning as much as I can. And in that surrounds technology, wireless innovation, cybersecurity, business leaders, I try to constantly absorb and learn as much as I can apply that to my personal life, apply that within my business, and most importantly, is giving back and sharing and teaching. I think just to collect information, degrees to be smarter, award certificates, that's all wonderful and has its place. More important. is to share knowledge, when you share knowledge to others and educate them. I think that could do a big difference. And in particular, that's why I wrote my third book, senior cyber, I saw a missing area, nobody seemed to spend time educating seniors, those that are a little bit older, that maybe have a little more time on their hands that want to use technology that want to use computers, the internet smartphones, but they tend to shy away, because they're a little bit afraid. They're vulnerable. They're innocent. But they've kind of got this technology divide, and they feel like maybe it's a little too late in their life to adapt and learn these things. And I say no, that's not true at all. I said, we need to empower seniors, educate them, support them, be patient with them, and help them take that journey and appreciate technology for the good and not be afraid of scammers and cyber criminals and hackers implementing simple best practices and that get overwhelmed with all these acronyms and terms in the world of internet and computers and smartphones. I think that's really important because then they can see the good for technology, and use it for good and enjoy the time that they have in their golden years as a senior.

51:20  
Sure. And a hypothetical question. If you could go back in time and meet your 18 year old self, what one piece of advice would you give him?

51:31  
I would probably say do everything the way that you did do it. And why do I say that because from sixth grade on, I got excited with computers. My father surrounded me with technology. Growing up in the family business. I was the president of the Computer Club in the seventh grade, I love that my father worked for a number of years at Atari, the VP of the research lab, so I was surrounded by games. I also got into pirating software and hacking on computers, building systems, and hacking hardware and software and doing all these things I got into robotics, I enjoyed media. So whatever your passion is, I think if you go back in time I go back to when I was 18 years old, it was some of the most exciting times of my life, what I didn't realise is that would actually shaped me for who I am today, instead of wasting a lot of time as some of my other peers did, I was actually learning at a very young age and applying those things. So when I did go to college and study and, and continue learning through just life experience, I continually built on that information. And at the same time, I've always tried to give back and share. So what I learned in school and throughout college, and in days of cybersecurity. Now I go back to universities and speak. Now I advise companies and the world of cyber security. So whatever you are, whatever your passion is, don't just use that to make money. Use that to better the world. And whatever that is, in whatever area. I think that's really important. And I've tried to stick with that throughout my life. And hopefully we'll continue to do that. And that may hopefully inspire and educate and improve other's lives as well.

53:16  
And I think it comes through via your message and what you're telling him I said it, it comes up. Thanks. And how can people connect with you, Scott, what's the best place to find out more about you and your books and so on? Sure, absolutely.

53:33  
I have a website. It's simply My name's Scott shoberg, calm, you can go on there. It's got all the links also to all my social media. I'm very active on LinkedIn, Facebook, Twitter, Instagram, all the social media platforms but and I do respond as a person. If you send an email through my website and ask questions, and I enjoy that people will send me questions for advice, recommendations on different hardware, software security, cybersecurity related things. please reach out to me I'm here to hopefully help and educate and share information and share my contacts the other industry, industry leaders that I've learned from, I'm happy to share that information. So yeah, certainly reach reach out to me and I look forward to it. And of course, if you're interested in a book, any of the three books hacked again, cybersecurity is everybody's business or senior cyber, just go to Amazon and type them in there. And you could pull them up and read the reviews and certainly make a decision if you do decide to buy love to hear the feedback good, bad or ugly. I always welcome it because that helps me improve my craft in writing, as I'm learning to be a better writer. Now I'm starting on my fourth journey with my fourth book. I need all the help I can get something

54:46  
amazing. Thank you, Scott. Before I let you go, I want to ask one more, because you mentioned quite a few best practices to implement. Is there another one really important one that we skipped that we missed that we really need to mention it, even if it's a quick mention.

55:06  
Yeah, absolutely. So assuming you're signing on to your bank account, you're putting your your, you know, your username, your password, and you're at a different computer. So it senses you're at a different IP address. And what does it do? It pulls up an Sq, your security challenge questions. And my question to the viewers and listeners is, how do you answer those questions, but my advice is, don't answer them, honestly. In other words, if they ask Scott, what high school did you attend? That's an opportunity for me to enter something unique there.

55:40  
Yes, it

55:41  
could be anything and just entering something unique there will now mitigate the chances that I'm compromised. And what it did is add a layer of security similar to multi factor authentication. As crazy as this sounds, if I put in there instead of Edison High School, which was the high school that I attended, if I put password 1234, I would be 100 times more secure by putting that in than the actual High School. Why? Because I can go on the internet and I could search and in 30 seconds, I can determine any high school that anybody attended. That's not a good security challenge question. And that's true for all of them with a pet's name, high school attended mother's maiden name, use all those as opportunities for a unique password that only you know. And that really makes a difference.

56:24  
I think I probably need a couple of hours right now. So many things. Thank you, Scott, thank you very much. This was a truly fascinating and revealing conversation. I believe there were so many so much value given and I hope that the listener has picked a couple of things at least that they can implement. Make a big increase in security that digital security. Any last parting words, Scott,

56:58  
I usually like to end everything every book, every interview everything I do, and I say two words. Stay safe.

57:09  
I hope you enjoyed listening. If you have please share this episode with someone who you think would benefit from it. If you want more inspirational and actionable knowledge, join my facebook group personal development mastery. The link is in the show notes or you can type bit dot A y sluss PDM group. And until next time, stand out don't fit in

Transcribed by https://otter.ai