Speaker 0
0:10 – 1:03
Welcome to Tech Talk. Bye. CT. Tea. Welcome to CDT's Tech Talk where we dish on tech and Internet policy and dig into what these policies mean to our daily lives. I'm Brian Waslowski, and it is time to talk tech. It's National Cyber Cybersecurity Awareness Month, which is a great opportunity for us all to think about our digital hygiene and what we are doing to stay safe online. While it's often the huge data breaches or cyberattacks that grab the headlines, some of the most important cybersecurity enhancements can in fact be done at the individual level. I'm joined today by the executive director of the National Cybersecurity Alliance, Michael Kaiser, who is going to share some practical tips with us for staying safe online. Welcome, Michael. Michael. Thanks for having me. It's a pleasure. So cybersecurity awareness month, it must be crazy for you. Can you tell us a bit about what's going on in October?
Speaker 1
1:04 – 1:46
Well, it's really a month full of activities. Our basic theme for the whole month is our shared responsibility. And we really talk about, you know, what everybody can do to make the Internet a little more safer, a little more secure, and more trusted. Those are really the elements that we're seeking to, enhance on the Internet. And we really focus on everybody at every level. Level. So it's the individual home user to the small and medium sized business to families. And this year, we're actually looking at the Internet of things as a whole new concept of, safety and security that people need to take into consideration, as well as cybersecurity careers. So how are we gonna fill this huge gap in the cybersecurity space, in the professional level that really, is a daunting problem for America? Wow. That's fantastic.
Speaker 0
1:46 – 2:10
A lot of the resources you just mentioned, they're on your website. I'm impressed by your website. It's staysafeonline.org. Everyone should check that one out. It's .org. Correct? .Org. Correct. Just making sure. So definitely check that out. So today, we're hoping that you'll share some of the basic tips with us. And let's let's start right up front. Your motto is stop, think, connect. What should the average person take from that?
Speaker 1
2:10 – 2:18
Well, really, stop, think, connect is based on the well, first of all, it's research based. We developed it with, 25 companies and seven federal agencies working together.
Speaker 0
2:19 – 2:21
That's no joke. Yeah. No joke. Working by consensus.
Speaker 1
2:23 – 3:03
To come up with a harmonized message, to have that kind of message that we have. You know, when you think of the other, social safety and security messaging, stop, drop, and roll, look both ways before crossing, stop, look, and listen. We wanted to have that kind of simple harmonized message that we could everybody could adopt, right, to be safer and more secure online. The message itself is pretty simple. Stop, take security precautions, things like software updates or passwords that are better. Think about what you're about to do online, and what might the potential consequences of that be. And then the connect piece is really about, connecting to the Internet and, with more peace of mind that you've done the things that at least make you somewhat safer and more
Speaker 0
3:04 – 3:21
secure. Alright. So let's unpack that a little bit. Let's get a little more specific. Sure. You know, at CBT, we talk all all the time about, the amount of personal information that we share online. What, you know, then that could be anything from pictures to, you know, long posts or, you know, stuff in dating profiles.
Speaker 1
3:22 – 5:00
What are some of the best ways to protect your personal information online? Well, I think that, you know, one of the best ways is to just be more aware of what you're actually sharing. Right? I mean, so and that happens at so many different levels on the Internet. It happens, you know, in some of the ways, you know, you've already suggested. Like, you know, I'm gonna put a picture up. Well, what is the content of that picture? I mean, does it have a does it show your car and the license plate? Is it being taken place, you know, in front of your the front door of your house that has the street address? Is it, you know, is it showing that you're, you know, going to classes at a certain university? I mean, what is the content of that picture? Some people don't think of, like, what they're actually sharing. So and that's pictures is just one element of that, of course. I mean, there are other ways that you share. You actually write things. You post things, whether it's on social. You respond to other people's posts with maybe personal information. So think about the personal information that you're putting out there. You can control what you post. Right? If you can't control what other people post very well. Right. And you sometimes can't control what other people collect about you. But, you should be aware of what you're sharing of your own. But in those other realms, there are issues too. I mean, I mean, you know, we give this advice all the time. I know that people don't take it, but you gotta read and look at the terms and policies, you know, the services and the devices that you're using. If you're really concerned about this, you need to understand, what is being collected and shared about you. And then also, you know, on the on the social side, and we see this a lot, you know, that people, sometimes are concerned about what other people share about them. So they should reach out, especially their friends, and say, you know, I really prefer that you wouldn't tell me tell people that I'm going to the family reunion next weekend or that I'm gonna be off, you know, in Hawaii.
Speaker 0
5:01 – 5:18
That's, I think, acceptable now, to stay and age. Absolutely. I think that, with, like, Facebook's detagging, it started to give you a sense that you could control what others posted a little bit. But you're right, a lot of that content doesn't have that sort of detagging feature. So just the conversation, the open honest conversation with your friends or those who post Yeah. Could be helpful.
Speaker 1
5:19 – 5:43
Yes. And and I think, you know, one of our other kind of ways that we talk about this is, like, you've got to take some own your online presence at some level. Right? And you can't do that a 100%. You know, that's impossible. But to the degree that you can use features like detagging on Facebook or change your security settings or safety settings or privacy settings, that you understand how the services that you use work and how they interact with you as a person in your personal information. I
Speaker 0
5:43 – 6:14
think those are things that just people have to pay attention to. You talked a little bit, about the pile the policies that companies have. Have you seen any great ones out there? I knew everyone says read them, look at them. You know, there's a lot of times I wouldn't say people are trying to get you, but, you know, there are kind of third party uses of data that sometimes surprise people. Are there any great models out there we should be looking for? Well, we don't really do that kind of, like, you know, analysis of those things. But I will say in our research that we've done with people, they tell us what a good policy would contain.
Speaker 1
6:14 – 6:27
And they're you know, most consumers aren't looking for the long legalese. No. They're looking for just a couple of basic pieces of information. What are you collecting about me? How are you using it? And are there any places where I can control that?
Speaker 0
6:28 – 6:49
And those are good questions that anyone should probably ask when they're thinking about using a service. Yeah. And we can reversing that and so Well, yeah. Reading through the legalese to try and see if they could suss out what that actually means. Someday, we'll get out of the legalese. Right? Alright. So let's shift a little bit. We talked about what you're posting online. What about your devices? Whether laptops or cell phones? What should we be thinking about in terms of securing those when we're using those
Speaker 1
6:49 – 7:48
in lots of different settings? Yeah. So it really you know, sometimes it's better to think about this as what's the goal in in protecting your device. And so we like to say keep a clean machine. Right? That the goal that you're trying to achieve is to keep all the devices that you have that connect to the Internet free from malware and infections. And that's gonna require a couple different things, at different levels. First of all, obviously, in the PC world, we're talking about security software. Every PC should have that, and I think most of them do at this point. But it also means updating your, other critical software. You know, if you're still, you know, back in Windows XP, that's not a good thing. Right? I mean, it's not just, you know, that it's about, like, a better operating system. It's about that that's no longer maintained, that, that every upgrade has security, better security built into it. So you need to think about that. It means passcode protecting both laptops and cell phones, or, you know, if you're using, like, an Apple device and even, I guess, with some other devices now, using the finger swipe, right,
Speaker 0
7:48 – 8:04
to protect yourself. It's it's about using multi factor authentication, which is, I know, a complicated word. But, We actually advocate for that at CDT. So feel free to to share what that is. Yeah. I mean, some are doing it great. I we could, you know, tout Twitter. They actually have a very nice two factor authentication
Speaker 1
8:05 – 10:18
for just logging in and making it very simple to make sure that it is, in fact, you. And all it really is from our side is you have the password but then you're also sent either to your email or to your phone a code and then you enter that and then you log in. So it's two factor. Yeah. So it's two factor and, you know, I think so when you think about the security of the device, it you can't separate it from the security of your accounts. Right? Because that's what you're accessing out of your device. You know, you're Good point. Going on your Facebook page, you're going into your Gmail, you're going into whatever it is that you're using. And so that second factor is usually something you know or you have. So you have your logon and your password. Those are kind of the common things. And then you get something else. It could be, like you're saying, an SMS text your phone. A lot of services use that. It could be, you know, Facebook has sort of what they call log on approvals, which maybe some people have seen when you log on to a new device. Sure. It will send you an email that says, hey, woah, somebody just logged into this device. Was that you? You know, if it wasn't, you know, quickly Notify us. Yeah. They have also, like, a social, authentication that you might see from time to time where they'll tell you if you're trying to do something different to, pick out of a group of pictures which one is your friend. I have seen that. Yeah. So these are all, like, really creative ways. That's tough on Facebook though because if you have too many friends, you can't remember if they're your friends. You're like, Well, the hardest one is when they show you, like, a picture of your friend from thirty years ago. Like, if you That's cruel. Yeah. That's true. You got a lot of choices. You know, you got a lot of options to change it. But, you know, so it's but at the heart of that is account security. Right? And so when you think about it from our perspective, the most important count that you have to protect is your email. And so implementing it on email, and it's really easy, all the major email accounts have it, you know, I mean, Google, you know, Outlook, Yahoo Mail, because your email is where you reset all your accounts. So when you forget your password It's a great point. It's a great point. Right? What do you do? Oh, you go to the site. I forgot my password. What do they do? They email you a link to reset your password. So securing that account I mean, and a lot people think, oh, my bank account. Well, yeah, your bank account's really important, and other accounts are really important. But your email is actually your control center for most people. So if you're gonna do it anywhere, do it on email. That is really, really good advice. So let's talk a little bit about,
Speaker 0
10:19 – 10:39
you know, attacks, like malicious attacks. Are there common ones that just a general person should be looking for, whether that be phishing or what are the ones we should be aware of? I still think that sort of the most common, you know, the regular home everyday user is going to face is the attempt by some bad guy to give them personal information
Speaker 1
10:39 – 12:53
in some way, shape, or form that would allow access to either their machine by putting, you know, malicious software cracking and getting personal information that might allow them to get into other accounts. So that's gonna happen through phishing a lot. Phishing is still a predominant way that these attacks happen. The phishers, you know, the the people sending out these emails are getting more sophisticated and more sophisticated. I wanna remind people that phishing does not just happen on email, however. It can happen in social. Right? Oh, absolutely. You know, people's accounts get taken over, somebody posts something. I mean, the classic one that everybody's seen, I think most people are defended are, you know, I'm stuck in London kind of post, you know, send me money. But they can be more much more sophisticated than that. I think we've all probably had friends who've had their accounts hacked. Absolutely. You know, one of the kinds you see is like, oh, I had to open a new account and I need to add you as a friend again. You know, that's a very common kind of phishing attack in the social space. They can happen in texts, right? You can get a text post, that looks like click on this link, right, on your phone. Could look like it comes from a legitimate source. You can even get a voice, you know, you can even get a call, right, you know, that tries to, voice fish you or, you know, in some way, shape, or form. So you gotta be on the lookout always for people who are trying to collect your personal information. And sort of our way we kind of like to frame this, we like to make things simple for people at the National Cybersecurity Alliance. We're like, when in doubt, throw it out. I think that's great advice. I mean, there's kind of this or the smell test. When you think about it, does this is this the way your friends would normally act? Is this an email you would normally get? It's really, really useful. It's helped saved me a few times, certainly. Yeah. And the traditional advice has been don't click on links, you know, don't click on attachments, don't click on these things. And so that's true. That's the best way to protect yourself, but that's how we use the Internet. Right. So so when you give people advice to don't do something that you know that they need to do, wanna do, and also makes their life better, like, you know, if you were to send me like, this is the great article I just saw in cybersecurity, you should really read it. I mean, I wanna click on that link. Right? I mean and so we have to you're right. The smell test, you know, the suspicion, you know, just have a a level of suspicion is is fine on the Internet. It's a good thing. Awesome. So let's shift to something that's very near and dear to me, travel.
Speaker 0
12:54 – 13:06
All of us, whether even when we're not traveling, sometimes we're just walking around town, you know, log in to that free Wi Fi. Any risks here? What should we be thinking about when you're on Wi Fi, whether on your cell phone or your laptop?
Speaker 1
13:07 – 15:16
So I would say that Wi Fi connections are really one of actually the biggest risk factors that most people, interact with every day. I'm sure they're getting emails and those kinds of things. But, you know, open you know, public Wi Fi is that. It's public. You don't know who else is on that network. You don't know what they can actually see of the traffic that you're transmitting across that network. You know, you don't know, what they might be trying to sniff out on your computer or to get onto your computer. So, this is, again, one of those issues that we face in the daily life with Internet. We wanna be connected all the time. We don't necessarily wanna be using our data plan on our phone if we don't wanna do it. Oh, especially if you're abroad. Oh my goodness. Yeah. Exactly. And so you wanna connect to the Internet. So there's a couple of things that people can do to be safer in that regard. First of all, remember that your cell phone, your mobile phone connection to the Internet is much safer than a regular Wi Fi connection. So, if you really need to connect to a critical account, while you're on the go, I would recommend that you do it right off your phone. It's always safer, even because just think of it that your cell phone is actually, like I mean, it's not dial up connection, but it is a phone number into the Internet, basically. And it is a direct connection up into the network as opposed to connecting to a broader, piece of the network like, you know, Wi Fi. Other ways that you can do this traveling more safely and securely include, if you need to so there's things called virtual public networks private networks, excuse me, VPNs. And, they create a private session even inside a public Wi Fi session into the Internet. Now some of those come with you know, cost money, but you in all of cybersecurity, it's always about risk management. Right? What am I doing? What do I need to do? What's the risk inherent in what I'm what I'm doing? And what would be the potential damage? Should I do this and it not go well? Right? So if you need to do banking on the go, then you need to consider, like, a virtual private network. Or, you know, some people have MiFi devices or they can use their phone to become a hotspot. Mhmm. Right? Again, this requires money if you have a data plan. But if security is important to you, then you need to take those into consideration.
Speaker 0
15:16 – 15:34
That's some great advice. So we're gonna wrap it up here, but I wanna wrap it up with your notion of a good online citizen. I love that notion. And your concept is that we all play a role in keeping everyone safe online. So can you unpack that for me a little bit? What does it mean to be a good online citizen?
Speaker 1
15:34 – 16:39
Well, I think for us, it starts with a really simple concept that everything you do to be safer online makes the Internet more secure for everyone else. And that notion is that we're only as strong as the weakest link on the Internet. And so if yours ends up being the computer that gets infected with a botnet and then is sending spam to the rest of the Internet or malicious software directing people to bad websites, you know, you're you're not really, being a good online citizen. But that also means being respectful. It means, you know, only posting about other people as you would have them post about you. It's the golden rule on the Internet just like it is off the Internet. Absolutely. It's thinking about, you know, the the kinds of ways that you treat people online, and respect people. And I think from our perspective, it also means being good online citizen means some and, you know, keeping up with the news. Right? Because this is a rapidly changing environment. And that doesn't mean that you have to follow every single scam that's out there because I think that's impossible. Right? And I think, you know, you can't know every single scam. But, you know, you need to be aware of the kinds of things and the kinds of risks that are changing, like, with things like IoT,
Speaker 0
16:40 – 17:29
the kinds of information that is, you know, being collected and used about you. And, you know, just, you know, participate in the digital community in a productive way. That's some great advice. Thank you so much for joining us, us, Michael. We'd love to have you back later in the month. Will you come back for us? Oh, I'd love to be back. Oh, great. Great conversation. I think there's so many tips. So we'll have him on later in October. Thank you so much. That was Michael Kaiser from the National Cyber Security Alliance. And, again, you should visit his wonderful website, staysafeonline.org. That's it for this week's CDT Tech Talk. You can find more information about today's topics at www.cdt.org. As always, tweet us any questions you have or topics you'd like us to cover to at SendemTech. Thanks for listening.