Before we begin, I would like to share the background of today's host, Jim Spellos. Mr. Spellos is the president of Meeting U, a company specializing in helping people become more productive and comfortable with technology. Jim is certified as a Microsoft office specialist. He delivers more than 100 seminars annually on how to use technology more efficiently and how technology is altering the nature of business. He was a faculty member at New York University, teaching in the School of Professional and Continuing Studies for more than 25 years. He was honored with both their Award for Teaching Excellence and their Outstanding Service Award. In 2014, Jim joined the Board of Directors for Rock and Wrap It Up, an anti-poverty, anti-hunger think tank, which supports food recovery for more than 43,000 agencies in North America by recovering excess food from events. Jim co-created their Whole Earth Calculator app, which helps organizations identify the quantity of food donated and carbon footprint reduced by an organization helping to recover excess food from events. Lastly, Jim's name may be familiar to many of you. He has presented at the Tech Bar at the Liver Meeting for the last few years. His sessions, which range from Social Media 101 to 30 Apps in 30 Minutes to Hot Tech, are always popular. Now I will turn this over to Jim. Wick, thank you so much and what I'm going to do right now is get my screen up there so we can take a look at what is happening and I've got a question for you. You know, the question is, are you secure? The answer to are you secure, unfortunately, is a spoiler alert, probably not, but in case you're not sure, I've got three questions for you to consider right now and these questions throughout the hour we're going to be together, we'll be able to focus on a little bit. So, for example, question one, are all of your devices protected with antivirus and anti-malware solutions? Pretty basic thing, but a lot of people don't think about all their devices. They think about their computers. Second question, do you use a unique password for every single website and app that you utilize? And I know what the answer is going to be. I know the answer is no and the answer is, well, I can't remember 100 or 200 different passwords, but we're going to deal with that because you better, because for you to open up and be exposed to the hacking environment that is out there, one of the most treacherous mistakes you can make is actually not having unique passwords. But if those two weren't enough, let's get a third question for you to put in the back of your mind. Do you always use a VPN, which stands for a virtual private network, anytime you're out of the office or out of your home? Why these things are asked initially is because this is the core of what is going to help keep you more secure. Now, if we would just look at what's happening in the world these days, hackers are going after cities. They're going after the healthcare industry. They're going after all sorts of companies, not just in the United States, but all over the world, and we seem defenseless. We seem that we are at a point where we just are giving up our ability to be able to keep ourselves safe from this, but it's not a myth. We can do it. You can actually do a lot because a lot of the issues that occur with digital security, they're not based on whether your IT department is doing a good job. It's based on the actions that you and me take when we are interacting with our devices. I consider this conversation, especially the conversation with privacy, it's a balancing act. We've gotten to a point where we are so used to the conveniences that are out there that being able to give our information online to a company can provide us. Just think about it. Amazon Prime and stuff like that, we've traded a lot of information and the fact they have all of our credit card information for the fact that we get great discounts. Almost any site that you go to, there's a tradeoff. We're actually going to be able to see some of those tradeoffs when we see some of the tools as we move forward in this conversation. I don't believe that you actually can do much about your digital privacy. That's a cynical thing to say, but the reality is we've given it away so much across all the digital platforms. It doesn't mean it's not important. It doesn't mean that we have to just throw our hands up because truly the conversation that we need to have is a conversation about privacy and a conversation about security. They are indeed two very different things. We're going to start this dialogue here talking about privacy, but we're going to end the conversation talking about security and in the middle somewhere, we're going to really get a sense of what needs to be focused on the most. Let's talk about privacy. In fact, what I want to talk about are some ways that your privacy is compromised that you see every day. We're going to start with an object, with an issue called retargeting. Any marketing person in the world will understand this immediately, but for you and I, this is a conversation about when we're visiting a website, what will happen. Let's get a definition on the table and let's get an example. Retargeting. Tracking a website and the visitors who come to the website so you can display ads to them as they visit the site. Think about it. Anytime you go on to Facebook, you're being tracked and you're getting an ad that's pertinent to something you may have searched for, something you might have typed in, maybe even a conversation that you've had. We'll get to that in a second, but that's the essence of retargeting. How does it happen? Well, from a very simplistic yet technical approach, when the user goes to your organization site, they put a code, a single dot that is placed in your particular file, and it's in the cookie that you have there that they have identified you so they can make sure they customize your experience. You leave the site, you go to a place like YouTube or Facebook or Google, all of a sudden the pixel allows for retargeting. What does that mean? That means that it's given to or sold to, actually, another organization that now wants to target your demographic or your interests. And then from a targeting and from a marketing perspective, they see that and all of a sudden you become a loyal buyer, a subscriber, you get extra points and benefits, all the stuff that you've seen on those loyalty cards, something that, again, we're going to talk about. Now from my perspective, I'm a tech guy, I'm a geek, okay, so I go to sites such as Road to VR. While this particular targeting is a couple of years old, I'm sure a website called Road to VR, which is a place I go oftentimes. The cool thing about this isn't the website, it's the bottom of the screen, because I, as a tech person, and as a huge baseball fan, get season's tickets for the Mets, which is usually a very difficult thing to have to even think about on a yearly basis, but that's another story. That's the essence of retargeting. We're able to actually see what is happening from a perspective of what interests I have showcased. So that's the essence of retargeting, very straightforward, very simple. A little bit creepy, gotcha, but that's what happens all the time, and I guess because of that privacy, convenience conundrum that we have, we're okay with that. I'd rather get an ad based on something of interest to me than something that doesn't have any interest to me. If I'm going to have to get ads at some point, they might as well be useful to some extent. Now how do companies know? How does a company understand and know how to get your information? That's the question that people always struggle with, and it happens in a multitude of ways. Anytime you're visiting a website, anytime you're going on social media, let's face it, you're being tracked. You're being identified, targeted. They might not know it's Wick Davis at AASLD and know a lot about him, but they have him in a bucket with other people who have similar interests or perhaps similar demographics. So anytime you're going on a website, you're getting tracked. Anytime you use a loyalty card, and this is something people don't realize, the convenience privacy trade-off on the loyalty card is enormous. You go to a store, you get those discounts on the loyalty card, but all that information is being aggregated and sold to companies who then can target you for ads effectively. Again, it's privacy, it's convenience. You can make an argument, it's not harmful. The reality is stuff like that really, really isn't, but there's a line that we need to draw at some point. Oh, by the way, we're not done here yet, because that phone of yours is absolutely a treasure trove of information that you're giving them at all times. The apps you're using, the IP address you're visiting, your phone location. If your location is always on, you're always transmitting where you are, the permissions that you give every app developer. And something you've got to realize is you can go into your settings, whether you're an i or Android, it does not matter, and be able to identify and unselect certain permissions. Now understand, you need to give, for example, an app that's doing some sort of photo work, you need to give it access to your camera. So you don't want to undo that permission. But do they really need to have the ability to make phone calls on your behalf? Some of the people don't think about it. It's one of those places you can explore if you're really concerned about this. And oh, by the way, once all this stuff is aggregated, now it's being sold. And you have a class of organizations known as data brokers, Axiom, Epsilon are two of the biggest ones, but there are hundreds of them out there that literally are the companies that have gotten these massive artificial intelligence databases organized. So if I wanted to, as a seller of a product, be able to find people who live in Omaha, Nebraska, and are scientists and are focused in liver diseases, I can buy that. Good or not, you know, we're still not going to give a lot of credibility to the fact that this isn't a good thing because we're getting stuff that is customized. Although I completely understand when people start saying, I don't want all my stuff out there. Now, the next part of this question is going to be a rhetorical question I want to ask everyone out there. Are they always listening? Now, in my home, I have Google Home and an Alexa, and I know people are really, really concerned about that. In fact, you know, do those two devices, do Facebook, listen and serve ads based on conversations? Not on what you're typing, not on what you're searching, but on what you're saying. And of course, Alexa had a real, real bad situation about a year and a half ago when a couple was talking about their house renovations, and they had an Amazon device. And the Amazon device not only recorded the conversation, but sent it by email to one of their friends. Now, there was lots of scrambling, lots of doubling back as to how that happened. And I think it just makes a very basic presence that we need to have. And the premise is, if we're using these devices, understand the tradeoff. Understand the privacy convenience tradeoff. Do I really want my conversations all recorded? No. But do I like to ask Google for information about my day? Yes. That's a personal decision we all need to make. Truly, you know, is there really privacy? I mean, think about that. I mean, are we really in an age right now where we have any privacy unless we completely eradicate all the devices and digital tools that we're using? And quite personally, I'm not sure if that's the case. But let's get even deeper in here. Your browser has a fingerprint. And you might not have even thought about this. Your browser can be identified with all the stuff in your computer so that they know, that the people who want this information know exactly not who you are but who you are, you know, on which demographic buckets you fall into. And in fact, I want to show you something right now. I want to go over to a site that is called Panopticlic. It is developed by the Electronic Frontier Foundation. And what they allow you to do is they allow you to test whether you are protected. So I ran a test just before we started here. It asked things. Is my browser blocking tracking ads? No, it's not. That's not a good thing. Is it blocking invisible trackers? No, it's not. Does it unblock the ones that promise to honor? This looks really bad, doesn't it? Now, obviously, I've done this in a way to make sure these results really look ugly. That fourth point, does your browser protect from fingerprinting? And it says no. It says that my browser is so unique and the information they can just get from my browser is so unique that they can extract that information without me giving it to them. And in fact, if you really wanted to dive deep into this data, this will show you all the different things that it's looking at from your browser, the plugins you're using, the time zone that you're in, the screen size, the fonts that are in there, and by having all this information, they have very simply made a determination that when I go online with this computer and this browser, they know who I am and it can be matched up to all the other tools that are out there. Ooh, that's pretty scary when you think about it. So have you turned off your cookies? Well, does it really matter? Because tools such as Panopticlic are out there that allow them to figure this out. So we're talking about browsers. Let's talk about options, and in fact, let's talk about browsers from what I would consider the least secure to the most secure. And again, we still have that security privacy conversation in a bucket together. The least secure of these seven browsers I'm going to talk about is Microsoft Edge. Now notice I didn't mention Internet Explorer. I will mention that in a second. Microsoft Edge, not a great browser to use. In fact, they have now gone on to essentially use Google Chrome's tools to be able to develop their next generation browser. Then we start getting into browsers you may or may not have heard of. Opera has been around for 20 years, but has slightly better privacy protection. Google Chrome has great security protection, but your privacy is at risk because of all the data that they're generating and what they're selling. Safari, you know, the thing with Safari and the problem with Macs is it's a false, it's a false confidence we have about our privacy and security. And no question, they do a far better job of protecting us and not allowing shady tools to be in their Apple Store. But at the same time, as we understand that the security and privacy issues are issues of us and not of the tools that we're downloading, you got to realize that's a false sense of confidence that we have there. Another really good browser, and I might just be able to bring it up right now, is one called Brave that people don't know about. It's more for the mobile device. And yeah, you can make some really good choices by getting good mobile browsers in addition to what you're using on your laptop and your desktop. What we see here, the settings, we're going to dig a little bit deeper into there in a few minutes. But an app tool like Brave is certainly a better option. And Firefox is an even better option, really the only one here that's completely designed by a nonprofit foundation. And at the very strongest end might be the weirdest browser out there. It's called Tor. And if you've ever heard the media talk about the dark web. Well, this is the browser that lets you on there. And while I'm not a big fan of telling you to go out there, I am going to tell you that because of how they scramble where your information is coming from, it becomes almost impossible, not completely, but almost impossible to be tracked. So we talked about those. What about Internet Explorer? Very simple. Stop using it now. Don't use it anymore. Very, very clear on this. Internet Explorer is not being supported by Microsoft. Microsoft's even telling people don't use this browser anymore. Yet I see so many people and organizations using it. You can use any one of these seven. I would probably have you more comfortable in the Chrome, Firefox, Safari area because you know them better. But any one of those is a better choice. So please, one of the things you can do for your privacy and security right now is if you are using IE, just stop today. Now, you got a browser like Chrome and Firefox, well, what can you do? You got to understand that it's our responsibility to be able to tweak away. So let me do something right here. I'm going to go into Firefox right now. And if you notice the top right of my screen, we have those three horizontal lines. That's where you're able to find tools such as privacy. In Google Chrome, it might be called settings. But this is where we can start using the browser to figure out how is it protecting us. And in fact, once we get there, one thing to notice here, you can determine your default search engine. A lot of people haven't heard of DuckDuckGo. And while it's not as universally, you know, grabbing all the information out there the way Google is, it is a search engine that doesn't sell your information. And if you need have a desire to make sure you are that much more private on the web, that's a really good choice for your default search engine. But while we're here in Brave, I can own Firefox, I should say, I can hit in privacy and security. And I can start fine tuning this. I know this is not the stuff that a lot of people want to deal with. But I got to tell you, you do it once or twice, you have those settings set up, and you're all of a sudden much less at risk than you were just five minutes before. So tweak away, go to any of the browsers that you get, find those parallel lines, or sometimes they're stacked dots, and just go in there and see what the privacy settings are, and make sure they are to your liking. One other thing about browsers, please never use your browser to save your password. And my analogy here is very, very simple. It's like going to urgent care to change your oil, you know, there might be a really good person in there who can change your oil effectively, but that's not what they do. That is not what they do on a regular basis. I want you to think about and as we get to the tools toward the end of this webinar, we'll talk specifically about some options that will be much more effective and much more safe for you to be able to change and save your password. So don't when the browser pops up saying you want me to save this? The answer is no, always. So we've talked about retargeting. We've mentioned are they always listening? We've talked about this browser fingerprinting. But let me show you a video. Okay. Anonymous data is really, really anonymous. There was an amazing woman by the name of Professor Latanya Sweeney, and I do thank her for allowing me to show this video. I'm going to just just show a little clip of it. But she was talking about when she was a grad student, that she was doing some research on technology and really exploring the field. We're talking 20 years ago, so it was burgeoning. And at that time, the governor of Massachusetts, William Weld, had a heart issue. And she wanted to find out whether because of all this HIPAA stuff being completely private, whether she can figure out what medication he was being given. Kind of interesting approach to think about it that way. So I'm gonna show you a video. I'm just going to show you about a minute of it. And this is Latanya talking about what that's like and what happened then and how easy it was for her to be able to connect those dots. And remember, she's doing this and talking about it 20 years ago. We're gonna stop it right there, because that gets you the essence of how simple it was 20 years ago, to be able to take anonymous information and clearly tie it to a particular person, even with the most generic of information that's out there. So pretty interesting stuff in the past. So how do we protect ourselves? So a couple of ideas to think about. You could use when you're browsing the Tor browser, which clearly will anonymize all of your traffic. But you can look really creepy if you do that. That's not the place you necessarily want to go. So what about disabling some stuff? You can disable Flash, but quite frankly, nobody uses it anymore. So probably even though there's a lot of infections and malware that comes that way, just disable it. And it's not going to really give you any more protection. You could disable JavaScript. Problem there is you're disabling the web. At that point, there's nothing that you're going to be able to see because almost every website is completely dependent on JavaScript calling routines to get information back from the server to the web. You can go into privacy mode, something that a lot of people don't realize, we'll do a quick check right here. If I go down to Google, and I'm on the bottom of my screen right now and right click, I can go into what they call incognito mode. Firefox calls it private mode. And that will sort of kind of protect you kind of scramble your information. But the bottom line really is, it's not going to do that much other than you know, prevent the people in your house from seeing what sites you visited, you don't want your spouse to see what Christmas presents you're buying or stuff like that. Plugins. Now we get into something interesting in particular, ad blockers, the conversation that we could have about all this, to me is still amazing. But an ad blocker, a download for your browser that will block ads. Now, we can get into a slippery slope conversation about this. But let me show you something I'm using a tool called Privacy Badger. And I'm on a site that's called major geeks. Now as a geek, for the past 25 years, this has always been a site that I was able to download information from, especially in the pre app days. And in fact, if I look at this main page right here, they're talking about stuff like malware bytes, which I'm going to share later, as one of the best anti malware tools you can get. However, we're going to go up to the top right of the screen, just take a look where my cursor circling right now, it's the icon for Privacy Badger. And when I click on it, that number 25 is indeed 25 different trackers on this one page alone. Wow, couple even that they don't even know about yet, that we're going to have to teach them whether they're good or not. You can change those sliders, you can not actually have it have yourself protected. But why would you get an app like this? Why would you get a tool like this, if you're not going to utilize it fully? So plugins such as Privacy Badger can give you some help. Other tools we're going to talk about later, it's really where we're going to go toward the end of this conversation. But we do have some protection, but it's not as simple as, as people make it out to be, I just don't go into private mode. And all of a sudden, I can't be seen. If you're a Firefox user, you absolutely should get the January 2020 update. Because one of the things other than increased functionality that they have delivered in that update, is the browser fingerprinting prevention. So they're now building that in to their browser. It's one of the reasons Firefox gets a far better rating than Google Chrome, if you're concerned with your browser is your privacy. So it can creepy isn't all the stuff that can happen. So what you can do in general, well, you can use a more secure browser, we've talked about that. And that's not a bad thing. Private Search Engine, DuckDuckGo, we mentioned earlier, also a good thing, although quite frankly, it's the privacy convenience conundrum. I go with DuckDuckGo, and I don't have the full extent of the information that Google is going to give me. So you got to test it out, see whether it works for yourself. You can lead a boring life, a friend of mine says that's the best way to be anonymous on the web. You can completely stop using social media, not that you're going to do that. But it's obvious that all those sites are tracking you incredibly well, Facebook, especially give up your smartphone. And by the way, just say bye bye to the internet. Guess what ain't happening. It's not happening for any of us. However, I think there's a bigger picture at hand. You see, we've been so obsessed with our privacy. And yet, we're letting our security be wide open. You know, I think we've made the point over the first 2025 minutes of this conversation, that privacy is something that we've been giving away, in part, for years, to be able to get benefits to be able to get tools to be able to get free shipping to be able to get a discounted price to be able to get out of the store quicker. My postulate is we're looking the wrong way. And what I want to spend the rest of the time on is what I deem to be truly important in this conversation. And that's the security conversation. Let's start with a couple of stats that will make you feel uncomfortable. Number one, a hacker attack every 39 seconds. That means every 39 seconds, someone is having the computer broken into, or a piece of codes being dropped, or other ways that they're doing it to create a problematic situation. Next up, third party app stores. If you don't understand this, let's get a quick explanation and where it's going to be an issue, possibly in your lives. If you have a phone, and you're downloading from Google Play, or the Apple Store, you're, I'm not going to say fine, because the Google Play Store does have a lot of malware in in the different apps that are there. But those are far safer locations than going to a site such as such as major geeks, which I just showed you. That's a third party, what's called is a side load. And if we want to bring this into a relevant conversation, if you were listening, what happened to Iowa a couple weeks ago in the primary, the problem with that app in part was it wasn't downloaded from a traditional site, it was side loaded. You want to avoid that because those are the locations that tend to harbor the malicious software. That's the conjunction malware. And that's what we're going to talk about a lot. The ransomware, which we'll define in a second, those attacks rose, look at that, that's 350% in 2018, haven't seen the final 2019 stats yet. And the average cost of ransomware attack on a business over $100,000. Most of those breaches occurred because of you and me. If you remember five or six years ago, the target breach, people go, how do they get the entire department store to have a breach? It was simple. Two guys walked into the corporate office on a Friday afternoon around 445. They went to the front desk, posed as heating, ventilation and air conditioning repair. And they said they're here for their quarterly update and their quarterly maintenance. They were let in, they got into the back, they affected the system. And target was down. Wow. So how do these attacks occur? Start by talking about a man in the middle attack. So I could show you a video on this. But if you go to YouTube, there are tons of them demonstrating. But let's get the basic essence. You're at your local coffee shop, you're logging on to the Wi Fi. And you're logging on there. And there's a guy sitting in the corner, you're not paying any attention to him. He has his computer there. But my question to you is, are you really logging on to the Wi Fi of the coffee shop, or hotel, or airport or any public place? Or has someone co opted that and is sending all their information through them. That means that everything you type, guess what, is going through their computer. You can watch any of these demos on YouTube to see how simple it is to do this, how it's done frequently. A matter of fact, when I talk at the ASLD conference, and we talk a little bit about this, not a lot, not as much as you're doing right now. I say you got to have a tool that's going to prevent that. And you got to be really, really aware. Every time you go on to any Wi Fi that you know is not completely protected. And please do me a favor. Don't believe what anybody says. Don't believe Oh, this is secure Wi Fi baloney. Everything is hackable. So security attack a man in the middle attack number one, old school, attack phishing. Got this probably a year ago. I don't know. You get so many in your spam folder right now. But here's the thing. FedEx doesn't send you this and doesn't say unfortunately, we were not able to deliver postal package and they misspell it and it's bad grammar in there. And then they want you to click on that link. So you click on that link, and it asks for your username and password. And then up pops the screen start with the service down, please come back again, it looks like a FedEx site, and you have been hacked. Because now the person who sent that to you has not only your FedEx or whatever company it is, username has your password. Remember this morning, not this morning, but the beginning of the session, talked about one of those three questions to think about is are you using your passwords? This is where that's coming in. At this point, if you've reused passwords, and I am now as a hacker, get your information, what am I going to do? Well, are you using that same combination for Amazon, for your banking for your mortgage for your auto payment for your travel? You get the idea, right? Kind of creepy. And in fact, this whole phishing thing has gotten so targeted that organizations now are targeting phishing attacks to a particular person, typically a high level person in the organization. By the way, and I know the C suite always hates when I say this, but the people who tend to make the biggest mistakes and clicking those things tend to be the people higher up in an organization. Just saying that those that's the data right now. Spear phishing. Think about this one. So you're in an organization, and the CFO all of a sudden gets a message from the CEO saying you better pay this bill $400,000. I just got a word from a lawyer. It's delinquent. We can't let that happen to our reputation. And if the CFO is not thinking, and goes and pays it right away. Well, guess what, the CEO was spear phished, got an erroneous, a false email that looks like it was from the CFO, but it wasn't. And all of a sudden, half a million dollars of the company's money goes down the drain. Don't think that's happened. You got to think again, happens more often than you want. And guess what the people who it happens to pretty much aren't talking about it. Four words. Think before you click, please, anytime you get an email that looks suspicious, that feels suspicious, and you're not 100% you're not 200% sure of, don't click on it. Really, really simple. Remember, it is not the savior here. This is about how you and I are using our abilities to be able to not get entrapped that way. Then there are tools file less attacks. These are really interesting. They oftentimes are called zero day attacks or non malware, because they're not putting any program, anything on your computer. It's using an already established weakness on your computer. Where are those you might ask? Well, macros in Microsoft Office, Adobe PDF Reader, JavaScript, browser extensions, huge number of areas that they don't even need to be able to put anything on there, but they're able to literally, because you've clicked on the wrong place and you've gone to a website that has this, they've been able to put it right into your system and let it expand on its own, man, scary stuff. And then there's ransomware. Ransomware is just what the name indicates. It's completely bringing your computer, your entire organization's system down to a standstill and then asking for money to get it back. If you look on the right, that was a screenshot from the Atlanta ransomware. Right now it says it paid 2.6 million for cybersecurity issues. I believe that number is closer to $4 million because their entire city website was attacked. How did it happen? Somebody clicked on a link. Think before you click. One link, boom, that red screen comes up to every single person in the organization and all files are encrypted. Wait a minute. You mean not only does that red screen come up, but now I don't have access to any file at all? That's correct. What do you have to do? Well, the organization has to pay ransom. Now, if you talk to the FBI, they're gonna say, don't pay it, don't pay it. It just makes them more brazen. But the reality is, if they haven't backed up their system properly, if they haven't been diligent about doing all their work, they're gonna have to pay it. But these folks don't want anything traceable. So you gotta pay it in Bitcoin. But, because you don't know how to pay with Bitcoin, that's not a problem either. Why? Because they have a Bitcoin help desk ready for you to call. 800 number, wow, incredible stuff. Ransomware not only can ask for money with a basic hack like this on the picture on the left, is a premium hotel in Austria that used a single click by somebody in their offices to not only put ransomware on the entire computer system, but because all the hotel room locks were part of this Internet of Things, it locked every guest out of their guest room. Guess who paid the ransom very quickly? And for a lot of people, that's not even as big a problem as this cryptocurrency mining, the Bitcoin and all that you're hearing about. The quick side conversation is how you get a Bitcoin is you have to have enough computing power to be able to solve a high level mathematical problem. Well, most individuals, whether they're normal geeks like me, whether they're normal folk like you, whether they're people who are techies, they don't have massive servers. But if I was to put a piece of malware in a lot of computers that acted as if all those computers were working in unison, then all of a sudden I do. Amazing stuff. So question now, rhetorical ones, because we're in this type of session, have you ever been hacked? And doing this a lot, I usually get about 20% of the people say they have and 80% say they haven't. But I'm going to take this a different way. I'm going to say there's two types of people out there. Those who've been hacked and those who don't know they've been hacked. Really puts a different spin on it, don't you agree? So whether you have or have not, the goal is not to be hacked again. And one of the easiest ways to do this is social engineering. What does that mean? Well, that means hacking you without any code. Hacking you by having, well, what happened at Target? Having human beings ask for access to your information. Don't believe me? I got to show you this. This is going to be a video. How hackers actually can break into a cell phone account. So set up on this very quickly. The guy who is the storyteller on this went to a hacking convention. There is a convention for everything, right? Called DEF CON. And ask one of their hackers there if they see if they could break into their cell phone account and really get him to believe that that hacking, this social engineering really was effective. Let's take a look and listen. And by the way, pay attention to the woman who you're going to see doing the work because she's pretty amazing. You deserve an Academy Award, don't you think? But that was scary. As a matter of fact, it's way creepy when you really think about it. But that was so incredibly efficient. Two minutes, all your stuff taken. So scared? Hope not. Hope we're just in a state where we know we can control it. But what are the solutions? And we're going to talk about five layers of protection. Want to make sure you're using them all. I'm not going to recommend a particular product. That's not what I do. I am going to tell you the products that I use and happy to share them because I think they've been embedded by me and a lot of other people. Number one, really simple. You have an antivirus, make sure you max it out. Typically, most computers come with them. And what I found is that it's very difficult, but everybody's found actually, it's incredibly difficult to uninstall and completely install an antivirus solution because they tend, if you don't do it properly, to make it look like you have a virus on your screen. However, I'm always doing searches. Here's a listing of some of the better antivirus softwares that are out there. I've used Kaspersky, I've used Trend, I've used WebRoot, all good. Got to use one, make sure you have it, make sure it's maxed out. And in fact, you might also want to identify if they have an anti-malware solution. But with malware, unlike with virus, you can get separate, independent, and duplicitous tools out there that can make you more safe. I use something called Malwarebytes. I'm a huge, huge fan of it. What it's going to do is, if any of you, make sure it's on, make sure it's always running, is that if you make that accidental click, all of a sudden it's going to pop out of the set an unwanted file trying to enter your system. It puts it in quarantine and it actually prevents the damage from occurring. None of the anti-malware are 100% perfect. That's why using more than one's a good thing, unlike the antivirus. And you might as well think about your anti-malware for your phone and your Mac, as well as your PC. Next up, a VPN, a virtual private network. Now, I'm not on one right now. I'm actually talking to you from my home, but anywhere I go, I use this particular tool called TunnelBear. Now, what does it do? A VPN creates a tunnel. It creates encryption between where you are and its surroundings. So you go to that coffee shop, you go to that conference, and there's that person who's trying to inject the man in the middle attack on you. Guess what? You have a VPN and they're able to see your information. All they're going to see is encrypted information, asterisk, asterisk, asterisk, instead of your username and password. VPN is critical. A lot of good ones out there. Always do your due diligence when you're looking for any of these tools because some things are masquerading as successful VPN tools when they're actually tools that are trying to take information from you. Go to, when you're looking for a particular product, this is what I do. I go to Google, I put in the name of the product, and I follow it with the word malware. What comes up, it's going to really tell me everything I need to know. If what comes up is, oh, I like this product, oh, I don't like this product, blah, blah, blah, I know it's fine. But if what comes up right away is this downloaded an amazing amount of spyware on my computer, I haven't been able to use it in two weeks or a month, that's a clear, clear sign. So make sure you have a virtual private network on all your devices. If your organization, if your university, if the company you're working with has one, great for your own personal device, make sure you do as well. Now let's get the passwords. Okay, so my guess is that most of you don't use password managers. Let me show you though. The top 10 passwords used last year. And please, just don't tell me if you do, but I hope none of these passwords are any of the ones that you use. Number 10 are the six digits. So one, two, three, one, two, three. Number nine, make it even simpler, six ones. Number eight, the words I love you all lowercase. I guess people won't figure that one out, right? Number seven is one, two, three, four, five. Number six goes up to eight. Number five goes up to seven. You get the point? These aren't good passwords. Number four is the word password indeed, down one slot from 2018, by the way. Number three is QWERTY, the top of the keyboard on your PC or Mac. Number two goes nine, and the top password last year was one, two, three, four, five, six. And I don't want to know if you're using any of those. And if you are, well, you better be listening for the next couple of seconds. By the way, I know your home router password because there are websites that are out there that can show me all the default usernames and passwords at your home. One thing to do tonight is to change the password of your router to something that's not just admin or whatever the default is given there. If you forget your Wi-Fi password on your computer, not a problem. I can go into your DOS and I can pull all that up from there. That's why you never want to share a computer with anybody else. Small passwords don't cut it at all. My passwords tend to be, well, I don't know my passwords and we're going to get to that in just a second. There's an organization called FIDO, all the big companies looking at how we can get beyond passwords, but really not even something to talk about now because it's not germane to today's conversation. However, before we get to the last of those, a password manager is, and let's just get this on here. I use a product called Dashlane. I have a master password. It is extensively long. They don't even know it. And that master password is the key to the kingdom. Why? Because Dashlane then stores all of my website and app passwords. And guess what? And I'm not going to show you mine, but they're 20, 25 characters random. I have no idea what they are, but guess what? Because I have that password manager, I don't need to reuse the same passwords over and over again. Lastly, on the five layers, two-factor authentication. You hear it from different ways, but you know it. You try to log in and the organization, maybe it's Facebook, maybe it's Google, sends you a text with a six-digit code that you have to enter. That's two-factor authentication. Why is it good? Because even if I steal your password, if I don't have your phone, it's not going to be a huge amount of value for me. By the way, Google has a product called Authenticator that you can use on Google. There are separate apps. One's called Authy that gives you mobile and desktop for almost any website that you're on. I'm using two-factor every time I go onto Facebook. Guess what? Pain in the butt. Takes me a little longer to log in, but I know I'm secure. Your restarts, your system updates, don't ignore them. That deals with what's called the zero-day problems that are out there. We're going to fly by this right now. You got to make sure you have protection on your phone as well. You're not eye-safe. Your hotspot is not secure because it's changing a cellular signal to a digital one. You got to have backup. Make sure even if all the data you're working on have two or three different types. I have a backup on Google. I have a backup on a hard drive. I have a backup on a product that I use called Carbonite, which backs up my computer every night. Make sure that if anything happens to your computer, you don't lose your data. So is this your approach? Was it an open back door? We're going to end this conversation with a quiz, and we'll just close this up just for a second, just so you can see. I want you to keep score. 70 is passing. We're going to go through this quickly. If you want to go back when you see this webinar again, do so, but I want to see where you are and rank everyone. So if you have an antivirus product always running, you get 10 points. With anti-malware, another 10 points. And a VPN, 15 points. That's 35 points. Now, if I was in front of you right now, I would ask how many people got 35 points and maybe three hands would go up. Sad. Wait a minute. Got more to do. It's 15 points. If you're only using Apple products, you get nothing. Remember, it's not about the product. One click on an email, and we've infected our device. Password manager, 10 points. Downloading apps only from official app stores. None of that third-party stuff. The problem there, your kids, because they oftentimes are going to third-party stores, so have this conversation with them as well. That email link, only if you're 100% certain it's authentic, 10 points. Think before you click. Update your browser will give you five points. Two-step authentication will give you 10 points. And if nobody else ever uses your device, it'll give you five more points. That's 100 points. 70's passing. Maybe in the text box in the Q&A, you might just put in what your score was. Don't put your name aside. We don't need to know that. But see how well you scored. By the way, since most of you probably didn't score well, some bonus points. Common sense, nothing, sorry. Not going to give it to you, not at all. We know that how easy it is to get past common sense. If you're using Internet Explorer, I want you to take away 10 points. If any kids under 21 use your computer, I want you to take away 25. If any of your parents use your computer, take away another 25. And if they both do, get a new computer, you're done. So how do you walk away from this? Well, your privacy is vulnerable, but you got to understand the privacy convenience conundrum. For all the other stuff, for the security stuff, you want a virtual private network to get you out of risky situations. You want a password manager so you're not reusing your passwords continually. You want to make sure you have antivirus and anti-malware solutions. And some of them now do have protection against ransomware and crypto mining and stuff like that. Your system updates always should be on. And while you might not want to do that update exactly when it comes in, do it at the end of the day. It's protecting you. Common sense does help sometimes too. You guys are awesome. I want to know if there's any questions out there. I hope you're able to take away stuff that's out there that's going to allow you to keep using digital tools, but using them safely. So Wick, let me turn it back to you, see if there's any questions, see if we have any other information that we can share. So Wick, are you using all these tools? I am using some of them, actually. A question came in, what about Ccleaner? You know, the Ccleaners are good to get your drive cleaned up. In the old days when defragmentation was a huge part of the problem, those Ccleaners were great. They're able to take all your files that are all in different places and put them all together to let your computer run better. Ccleaner tends to have a pretty good reputation, but I'm not sure how much you need it. The tools that we talked about here, and I'll just bring them back up in a second, the ones that I think are the most important for you to be able to access the information. So I have no issue with Ccleaner, I'm just not sure whether it's really as important as these five tools that are out there. That looks like all the questions we have right now. We may get some that are submitted after the fact, which I can certainly run by you, Jim. Wonderful. So if there aren't any other questions left for Jim, this is Dominique, the Manager of Online Learning and Professional Development here at AASLD. And I just want to thank each of you for attending today's webinar. And also another thank you to our presenter, Jim, and the Communications and Technology Committee.

privacy

security

digital age

phishing attacks

ransomware

antivirus software

VPN

cyber threats