Cyber Security Q&A with Expert John Lucich
THE BIG THING I WANT YOU TO KNOW:
When it comes to protecting your online information, convenience is not your friend! There are practical things you can do now to help protect yourself in the future, and though they may take a few extra seconds and clicks, they can save you thousands of dollars and months of headaches.
Listen to Chris’ conversation from 95.5 WSB and the Dynamic Money Podcast with John Lucich or read the top impactful highlights below.
One of the largest cyber security breaches EVER hit Capital One recently… and sadly we’ve become accustomed to this type of #BreakingNews.
The latest insane data breach compromised over 100 million Americans and 6 million Canadians. This isn’t something we can ignore anymore. That’s why we brought in the BEST security expert to give us practical security advice.
Can we still protect ourselves when it feels like privacy no longer exists? john lucich will tell us how during our interview below.
John Lucich is one the top cyber security experts in the country who joined the Dynamic Money show to share exactly what you and I can do to PREPARE and PROTECT our online information.
who else could give us a better dose of practical advice
John has been teaching companies and individuals how to keep their information secure and minimize the risk of cyber attacks for years…
Our goal is that you feel empowered to protect your information, aware of the risks, and know the choices you need to make to keep your future safe.
1. Dynamic Money Asks “the Equifax breach was massive in atlanta in 2017, and now we’re facing capital one. Is this just an inevitable reality or do you think there will be some sort of change in the future where this can be prevented?”
John Lucich: Breaches like this have been happening for a long time now — it’s nothing new, but what’s changed is that people are fed up.
If your information has been compromised, it can cost anywhere from $10,000-$30,000 to regain your identity and clean up that whole mess. I think what’s really going to cause change are the lawsuits being filed by the consumers whose information has been breached, because they are beginning to keep these corporations accountable for losing their data.
2. Dynamic Money Asks: “How can we, as consumers, best protect ourselves? What are some ways we can be proactively monitoring our own security?”
John Lucich: Mitigation. You should have some type of monitoring service. Life Lock, for example, gives you the ability to monitor your credit.
There are certain things that you can’t do anything about, like someone else losing your data, but you can mitigate that risk by monitoring your information so that when things start happening, you take notice and can shut it down immediately.
Keep your operating system up to date. Hackers are always one step ahead, but making sure your operating system is always up to date is a good, proactive step. It is important to note that Microsoft or Apple will never send you a link to update in an email. If you ever see an email that asks you to click the link to update, it’s a scam! Always update within the operating system.
2. Turn on User Access Control (or User Account Control). Most people turn this feature off because it’s inconvenient to always have to click “Yes” or “No” before opening something, but this is sort of the “last chance” at saving you from unknowingly downloading some program or software that’s hidden inside a link or document. If you go to click on a PDF and there’s an embedded executable inside, User Access Control will pop up and say “Are you sure you want to execute this program?” Then you’ll know and you can click “No”, but that only pops up if the User Access Control is turned on.
3. Stop browsing the web at work. If you are an employee of a large corporation, my advice is to go to work, do your job, and stop browsing the web. You could just be looking to buy new tires, but people put up false links for unbelievable tire sales that actually have an executable that’s going to install something onto your company’s computer. Even those funny joke links that people like to pass around online can be dangerous. It may seem safe because it came from your friend, but they are actually more often than not a trojan and your friend just didn’t know when they sent it.
3. Dynamic Money Asks “When those ‘Are you sure you want to do this’ questions pop up, is that like a blinking red warning light that something is up?”
John Luchich: Yes. In fact, instead of just clicking out of it I recommend going to the Task Manager and closing out of the entire application. You never know what they’ve written the code for and what actually will happen when you click “Okay” or “Close” — you could be giving it permission to install without even knowing it.
When those pop-ups come up, go into your Task Manager and click “End Task” just to be safe.
4. Dynamic Money Asks “For a large company like Capital One, what is the volume of cyber attacks they get on a daily basis?”
John Luchich: Depending on the size of the network, it could be around 10,000 at a time.
I was teaching at a conference a couple months ago and I wanted to demonstrate this, so I generated a test server that had some external IP addresses on it. I asked some of my guys over the next several days to try and log into this test server, and I figured maybe four or five attempted breaches would be enough to warn the people at the conference about security. Within an hour and a half of the server being online for the very first time, we had five countries attacking it and thousands of attempts to get in!
They were all probably automated processes of some sort trying to guess passwords, but I had made a very long and complex password so they couldn’t get in. I was surprised but happy to have this example to bring to the conference so people could get an idea of how quickly this happens.
5. Dynamic Money Asks “What do you think is the most effective way to create relatively complex passwords without losing your mind trying to remember them for all of your different accounts?”
John Luchich: I recommend coming up with one good password that you can remember and use it with Two-Factor Authentication.
When you use Two-Factor Authentication, every time you log into something with your password, you’ll also get a notification on your phone that contains a code. Then, before you can log in, the site will ask you what the code is and only you have it. No one else can get in without that code.
The big takeaway here is convenience is actually your enemy in terms of your security!
To recap, here’s what you can do right now:
1. Monitor, or more importantly FREEZE, your credit! All these companies are advertising their paid programs for freezing credit, but the government made it completely free. There are three places for you to go to freeze your credit.
Do all three options below (it should take 20 minutes) and this could significantly protect your future!
(More on that if you want to read into it here: Easy Ways to Stay Ahead of the Next (or Current) Data Breach)
2. Make sure you have really good anti-virus software and keep it up to date. That means stop clicking “remind me tomorrow”...make tomorrow today! Seriously.
3. Keep User Access Control ON because it can save you a whole lot of trouble later. Even though it’s annoying, don’t turn off the fail-safe that your computer is screaming at you.
4. Stop browsing the web at work. I know the joke is funny, and you want tickets to this weekend’s Atlanta United game, but you could be spreading a virus unknowingly.
5. ALWAYS Use Two-Factor Authentication along with a strong password — only you have the code, so only you can get in. #win
When we opt for convenience, we can open ourselves up to a world of hurt.
We need to be okay with a little bit of complexity, because it can save you thousands of dollars and months of time trying to regain your stolen information.
Once you’ve done all 5 things be sure to take John’s advice and follow-up with monitoring your credit to stay on top of your health and catch any stolen identity activity early!
THANK YOU, JOHN!
Stay in touch with john and his cyber-security conversAtions to stay sAFE!
John is the CEO of Network Security Group Inc. (NSGI) that provides network and security management services to large and small corporations, government agencies, and more. If you or your business want to work with the best in cyber-security he is where you need to go.
You can also hear John talk more about cyber security on his podcast Talking Technologies.
If someone found out one of your passwords what all could they gain access to?