Cappuccino Chat - Episode 17 - Is someone trying to hack you?

welcome back to another episode of cappuccino chat this time we're going to discuss a question i frequently get asked and that is is someone really trying to hack me so grab a cup of coffee let's chat okay so often when i'm talking to clients or prospective clients um security comes up in our conversations and i'll either get asked hey so-and-so friend of mine received an email and they don't know if they were hacked or i may have been hacked at this point is why are people trying to hack me uh is someone trying to actively hack into my computer there's different variations of this question but um and the answer is kind of vague and can go it's not very helpful let's just put it that way so the answer is yes and no so most of us no one is actively trying to hack directly into our computers or into our businesses now there are exceptions to that rule those of us that have been breached or hacked and paid ransoms before the odds of you being actively gone after a second time do go up bigger businesses with more data hospitals local government those are actively being looked at due to all the breaches that you we know of from 2019 and so far this year in 2020. so there are the exceptions to the rule but for most small businesses the answer is no no one's directly trying to hack into your business but unfortunately they're trying to hack into all of our businesses so what that means is we all have to take responsibilities to educate our employees and ourselves and ensure that we're remaining safe so one of the ways i discuss this with clients is let's say i told you i had your password to your bank account what would you do well the answer that comes up is of course i would change my password so then the question that comes up is well how do you know if i have your password or not and the answer is you don't but there are ways for us to uh enable some monitoring of what's called the dark web we've had those conversations before if not uh please look back into some past cappuccino chats or contact us there's also um you know going back in and having good password hygiene multi-factor authentication changing your password frequently all these things will help in alleviate that but that doesn't mean that that password may not again be breached at some point because humans being human we're kind of lazy people we will tend to reuse or use a slight variation of the same password at multiple locations and with all of us doing a lot more business online these days both personal and in our businesses asking someone to remember 50 plus passwords and username combinations for all the different places we go to is honestly a little you know a little much for all of us so there are programs to help with that password managers and those types of things again though if someone ever got into your password manager you know they kind of have keys to the kingdom at that point so one of the best ways to do this is really with just educating yourself and your employees to be on the lookout for different things today i received an email from a vendor saying hey open this attachment click on this to about this new project you're going to want to work on it didn't sound like this particular vendor so i sent a separate email but never reply back to an email that you think is questionable because it really it may be spoofed so it looks like it's coming from the person you know but it's really not so you'll want to open up a brand new email in question so i opened up a brand new email uh sent this person an email saying hey did you mean to send me this email about this it just you know it seems weird and i got a reply back that again um did not sound like this person nor did it have this person's customary signature line in their email so to me that was kind of dead giveaways at that point i picked up the phone uh they weren't available left a voicemail and sure enough found out later on yes their email account was breached uh so they this person that breached it actually had active control over the email so they were actually viewing any replies so if people as my email replied to them they replied back saying yes that's a legitimate thing please click on that link and then put in your work credential so it was a phishing scheme trying to get my office 365 credentials basically so knowing that so again training your employees and yourselves on how to spot these different things will help in controlling these types of breaches and the only way to do that is to be constantly having that information put in front of us on a normal basis so just like with your business you guys are constantly learning different things in your professions whatever that might be uh professional services um you know if you're a cpa um if you do accounting in your business um you know heating and air conditioning and stuff you got to keep up on all that stuff you got to constantly be learning those different trades um and tools and software packages that you use but if no one ever trains you and you're not constantly keeping up on that something's going to slip through and issues are going to be caused it's the same with security we just need to stay on top of it what's the saying how many times you got to do something repetitive before it becomes ingrained in our brains uh the number seems to vary i've heard as low as seven times and i've heard as high as like 14 times so again just constantly being on top of those different things so getting back to the original question is someone trying to hack you yes just not directly we're all caught up in the everyone fishing net if you will so they are casting a wide net and trying to get everybody caught up into it so if they were to send out 10 million emails let's just say and 10 of those responded and were breached and let's say so that's a million and let's say the ransomware that they just did a straight ransomware so all one million people um got a hundred dollar ransomware which is way low uh the average is between three and five hundred on the personal level and i think it's upward of twenty thousand for the business is but let's just say it's only a hundred dollars so a hundred times one million is yes a hundred million so that's why this continues to happen uh so someone just made a hundred million dollars for sending out an email and a lot of these services can be done online they don't even nobody has to know what they're doing they can be that hacker that we all picture wearing the hoodie in their mother's basement they don't have to know anything about computers other than that they turn it on you can actually subscribe to a service for ransomware and somebody else who knows what they're doing will sell you everything you need give you written instructions and help on how to set it up and then all you do is throw it out there so and then they just keep throwing it out there over and over and over and over again so that's why this keep happening so keep up on your good hygiene continually talk to your employees about security always mention stuff to them as as things go on if you see things in the news we have a weekly cyber security tips that come up again if you'd like to sign up for those those are completely free they'll go to your email box just a simple tips that you can use in your personal and business lives uh to use um we'll put that link here on the page if you'd like to get those and pass that along to your friends family members and everyone else in the business um just really talk to everybody with this work from home and we're not i'm not sure when this is all going to end working from home adds another layer we don't know what our employees are doing on their home computers or home networks that could be causing even more of this so again having these conversations being careful of what people click on or open and attachments go to websites and so that's still the number one way all these things happen so if you have the the best firewall and the best this if an employee clicks on something they're gonna allow it in so just imagine uh employees someone's in your house um stranger knocks on your door and instead of uh you know teaching your kids how to look through the window or the um people in the in the door uh they just instantly open the door well you just let the bad guys in so that's what we want to do again with our email and our securities we want to make sure we train our employees to you know look through the window make sure you know who it is outside before you just open the door for them as always if you have any questions with any of this information that we've gone over or if you'd like for us to discuss or come on site and do a complimentary audit of your systems to kind of let you know where your security may be lacking or in in need please reach out to us the phone number is 760-770-5200 i haven't really talked about coffee in a while it's been a little different for us everything going on but you know i still like my coffee locally here in the palm springs area from ko ffe ffi sorry they do have new hours so if you are bi uh making some good stuff and as always we also appreciate our military and law enforcement supporters of black rifle coffee company and blue line roasting company so if you're looking for a good cup of coffee i highly recommend all three of those as always stay safe and be smart with your security till next time bye you