Palm Harbor Local

Cyber Security for Small Businesses What Actually Puts You at Risk

Donnie Hathaway Episode 215

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 59:54

Send us Fan Mail

Cybersecurity can feel complicated, but this conversation makes it practical. In Episode 215, Peter Jalaff breaks down what small business owners actually need to pay attention to, why local businesses are still at risk, and the simple steps that can make a big difference.

If you use email, a CRM, shared files, client records, or online tools to run your business, this one is worth your time.

What You’ll Learn:

  • Why small businesses are still a target for cybercrime
  • The biggest access and password mistakes business owners make
  • Why multi-factor authentication is the easiest first step
  • How phishing and AI-powered scams are getting more believable
  • What to do now so you are prepared if something goes wrong

About Peter Jalaff:
Peter Jalaff is the founder of Valdivia Solutions, a Tampa-based IT consulting firm focused on identity management, access control, and cybersecurity solutions for businesses. He brings decades of experience helping organizations manage security, compliance, and user access more effectively. 

Links:

If you enjoyed this episode, subscribe to Palm Harbor Local, leave a review, and share it with someone who runs a business or handles sensitive client information.

Stroll through the laid-back streets of the Palm Harbor community with this informative podcast, proudly brought to you by Donnie Hathaway with The Hathaway Group, your trusted guide and local expert in navigating the diverse and ever-changing property landscape of Palm Harbor.

Work with me + FREE Resources

Would you like help buying a home in Palm Harbor? - Buyer Consultation
Would you like help selling your house in Palm Harbor? - Seller Marketing Consultation
Download our free buyer's guide today - Buyer's Guide

Framing Security As Access;

SPEAKER_01

Security is about access, the access you have and the access that you don't have. The longer someone has been in any organization, the more of the access they have to everything because they'll go, they'll work on one project and another, and it never gets turned off.

SPEAKER_00

Right. It's just a numbers game for them. They're reaching out to as many people as they possibly can.

SPEAKER_01

If you could take the amount of money that cybercrime makes in a year as a GDP as if they were a country, you know, the United States would come in first, China would come in second, but they would come in third. Cybercrime would come in third. It's like a big web of it's a big house of cards, whatever you want to call it. But yeah. Just enable multi-factor authentication. Just by doing that alone will probably help 90% of the possibilities of someone breaking in. Yeah. Everything has a caveat that if someone really, really, really wants to get in, there's nothing we could do. If the NSA decides they wanted to turn on you, Donnie, and get all your secrets, yeah. Right? Yeah. If yeah, same thing with Korea or Russia, they're all really good at what they do, these guys. People who are experts in cybersecurity have the biggest egos, and they're the first ones to fall because they don't think they're gonna get hacked. Happens to everyone. It's just a human nature thing.

Show Intro And Guest Setup;

SPEAKER_00

It's really all it is. Welcome to Palm Harbor Local, the podcast dedicated to building community and sharing inspiring stories from the heart of Palm Harbor. I'm your host, Donnie Hathaway, and today we are joined by Peter Jaloff, who is the owner and founder of Valdiva Solutions. Now, Palm Harbor Local is all about spotlighting individuals and businesses who are making a difference, overcoming challenges, and fostering connections right here in our hometown. If you're passionate about growing together, getting involved, and celebrating the people who make Palm Harbor thrive, you're exactly where you need to be. In today's episode, we'll talk about some practical tips to protect yourself from a cybersecurity attack. We'll also talk about how Peter got started in the whole cybersecurity space. And finally, we'll talk about what actually happens when a large company is hacked. Now, don't forget to connect with us on Instagram at Palm Harbor Local for behind the scenes highlights and join our weekly newsletter at PalmHarborLocal.com. Now let's dive in and build community together.

SPEAKER_01

My son is uh is a financial advisor. Works by himself. Him and he has maybe another um three or four guys that work with him. Uh and they they work with a uh a bank. Uh you know, it's the back end piece that does all the the stocks and the you know all the buying and trading for them. And they were told that they're gonna need cyber insurance. And they're basically thought to themselves, like, well, what is that? Yeah, and how much is that, and what does that really mean for us? Right. So you know, they started looking into that, and and he remembered that I, you know, I I do security. And so he asked me, he said, Dad, you know what? I I have no idea what's going on. Can you help me with this? And then he said, There's if I'm looking for this, there's got to be another thousand people out there that are in the same boat as I am, that have no idea what we're, you know, what we're up against. And so I said, okay, well, you know, that's kind of a start of of really how I got into the cybersecurity for financial, you know, interests. Now, it could be any small business.

SPEAKER_00

Yeah.

SPEAKER_01

You know, it could be a uh doctor's office or a dentist or a lawyer. You've been doing doing cybersecurity before that, or I've been doing security before that. Okay. So IT security, cybersecurity has a special connotation where uh deals with you know a lot of emails and and hacking and things like that. Yeah. Security that I uh worked on was more around identity. Um, so how are you able to prove who you are? And typically we're talking large corporations, manufacturing, pharmaceuticals, uh, banks, right? Big, big corporations, 5,000 users and larger. And so they needed ways to be able to uh manage all of their employees and making sure that John Smith, who comes in the day and he has access to some accounting program, is actually John Smith, who says he is. And how do we make sure that that's correct? And how do we make sure that we reset his password and that there's an expiration and and that whatever policies are in place by the um by the board uh are actually being implemented correctly? You know, and then even for that matter, um, if you remember the whole uh piece with the oil company in Houston, gosh, I the one that actually caused the whole uh Sarbanes Oxley thing, uh it'll come to me in a minute.

SPEAKER_02

Yeah.

SPEAKER_01

How do we make sure that that John, who supposedly made some changes in some financial records, how do we know that that's audited somewhere, right? So you'll have some auditors come in and say, show me who made changes on July 2nd of 2005. Wow, okay, we got to go back. Yeah, how do we do that? You know, how do we how do we show that, you know, who made changes to certain records, right? So all that is part of a larger compliance piece. And that's that was really my specialty. I've been doing this for like 20 years. Crazy. Yeah, yeah.

SPEAKER_00

Yeah, I mean, just when hearing you speak about it um from that perspective, it I mean, it's there's a lot that goes into it.

Identity Management And Compliance;

SPEAKER_01

Yeah, there there really is. And most of it deals with public companies who have to prove to auditors and to their you know shareholders that they're doing what they say they're gonna do. Yeah, right. Whether it's the SEC or some other, you know, federal organization that that is actually making them do these things. Yeah. And also for their own shareholders, they want to be as transparent as possible nowadays. This is kind of a a new thing uh where um a lot of times shareholders are asking for this kind of stuff. Yeah. You know, like I said, I've been I've been doing this for for 20 years, but it all started, you know, way back when um I was, you know, uh if you want to, I'll tell you a little bit about the the origin of this whole thing. I was working at Microsoft for for a few years back in Seattle, and and uh I was um I uh my my particular position was to test exchange. Really, when we were using the word test in a software company, it's really break. My job was to break break it, right? So and I got really good at building it, fixing it, breaking it, doing all these kinds of things. And finally the family wanted to move out of the Seattle area. And uh we we chose Tampa, and that was great. But there were no real software jobs. The jobs they had out here were consulting jobs, which basically meant going to clients' places and you know, typically uh putting together and deploying exchange servers, right? So I did that for the Air Force for uh for many years. Uh it was actually in Mobile, Alabama, but uh they said, it's okay, you can live here in Tampa. I'm like, okay, I just take an air, you know, an airplane. So I did that, and then at some point, what happened was is that uh uh each organization, right? Uh the Air Force is broken up into I think like nine different what they call MAGCOMs, right? They're major commands, and each one of these, uh the Pentagon gives each one of these money. So because they have the money, they're gonna do what they want, right? So each one had their own sort of email system. Well, what happens when the general in one wants to get a hold of a general in the other one? Well, what he does is he tells the secretary, and the secretary calls the other uh general secretary and says, Hey, what's his email address? Uh, okay, great. So then he, you know, relays that back. And that was pretty inefficient. Yeah. So what they asked for at some point is how can we grab all the emails from one system and mix them up with the other systems, right? And so you have like a one big address book. Right. Wow, okay. And so luckily I was on the on the team that wanted to do this and ended up being like 750,000 users, right? Um, everyone in the Air Force at the time. I was the largest sort of uh what is now called GAL or uh global address list uh synchronization. Um, and it was it took us a long time to actually get something like this done. And that was sort of the impetus of me getting into what is now termed identity management, which is sort of right before the security uh piece of this whole thing. The idea was how do you take information from one place and throw it into another place and make sense of it all? So really I've been doing that since about 2003 uh with identity management. So I first started with the Air Force and then moved on and uh worked on manufacturing companies, financial companies. Everybody needed this information. And so it wasn't just, you know, two different organizations. You know, there was maybe Donnie, who was going to start a new job as an accountant, right, at a new company. It was the idea of automating that process, which sometimes could take two weeks. You know, imagine you'd show up one day and you're brand new and you got your little sack lunch with you, and you're all happy, and I'm gonna start a new job. And then so you show up and the lady, HR, says, Oh, yeah, there's your boss. John will help you out. And John says, Oh, that's right, you're starting today. What a where am I gonna sit you? Oh, why don't you sit over there at that desk and I'll be right back? You know, an hour goes by and you're kind of twiddling your thumbs, and and then he says, Oh, that's right, Donnie started today. And so he gets he makes a call down to somebody and says, Hey, we got this new guy's name is Donnie, and I we need to get him an email address. All right. So maybe a couple hours later go by, and now you have an email address. And but what are you gonna do with that? You you know, your job is to work on accounting. So, so by the afternoon, he'll make another call to the accounting department and say, We got this guy, Donnie. He's you know, accountant one, he needs access to XYZ projects. Yeah. All right, all right, sure, sure. If you're lucky, maybe two or three days later, you'll get the access you need, and then you can start working, right? So that's just start of it. Then imagine you move from accounting to marketing and and all these different things are going on, and now you need access to new things. Well, the whole idea of identity management and to automate that process is the day that you start, you actually have all the access you need because we were able to read the HR department database and says, oh, his name is is Donnie Hathaway. He's gonna be, you know, an accountant working on the project in Atlanta. He needs this access and write access and read access. You sit down and you can start working. You're ready to go. Yeah, yeah. And the day you, you know, you tell your boss, boss, I'm done with you know, uh accounting, I'm going to marketing. They make the switch in in the HR department, and immediately you have all the stuff you have.

SPEAKER_02

Yeah.

SPEAKER_01

And even more importantly, imagine the day you leave, you win the lottery, and you're out the door, it says, bye, everybody. How important is it to shut down all that? Yeah. Immediately, yeah. Yeah, immediately. Especially now that everything is you work from home. There are really no boundaries anymore, right? Before, you know, they just lock you out of your office and you were done. But now everything is it's it's it's you know, it's all permeable.

unknown

Right.

SPEAKER_00

And people are relocating or or switching jobs more often, too, right? So to have the ability to yeah, make that change. Yeah, yeah.

Air Force Global Address Book Story;

SPEAKER_01

So it's it's about in that sense, it's about access. So in this particular case, security is about access, the access you have and the access that you don't have. So there's a story here that that I heard a long time ago that somebody bought this house, and this was years ago. Somebody bought the house and and it had a, you know, the the the old style telephones, landlines, if anybody remembers what a landline is. And they had free international calls. And no one could figure out why they never got charged for international calls until one day they I think they called the telephone company and said, I think there's a problem here. And then they said, I'm not really sure. Let me think about it. Let me let me so they did some background work on it and they called him back. They said, Well, we used to have a VIP that owned that house that worked for the telephone company. So because of that, he had free international calling. Yeah. And when he left, that was never turned off. Yeah. Right? Right. So yeah, yeah. And and it that's basically what happens. And the, you know, there's another adage that the longer someone has been at any organization, the more the access they have to everything because they'll go, they'll work on one project and another, and it never gets turned off. Right. So it's that's all what identity management is really about. But really, that just from that point, it leads me on then to move forward with, you know, how do you deal with security in one place and then look to do cybersecurity for smaller firms, right? Yeah. I'm used to working in very, very large, and like I said, 5,000 plus. And now my my ideal client, you know, could be a solo entrepreneur, yeah, or two people, three people working in an office together, right? Typically for you know, for very large companies, they have a big IT team that they, you know, full-time people that pay them to take care of cybersecurity. Yeah.

SPEAKER_00

But has cybersecurity been an issue for smaller companies like solo real estate agents, solo financial uh advisors. Has it been an issue until as of like the last five years, 10 years? Or well, so that's a great question.

SPEAKER_01

From a governance perspective, two years ago, the SEC never even talked about cybersecurity when it came to this stuff. And this is all new. And now they're coming down. They're making people more people are pressured to have cyber insurance, right? Whether the SEC will mandate it is yet to be determined. But because of all these things, they're having to think about this. Like I said, two years ago, no one really even talked about it. It was not really an issue. That being said, from a hacker's position, they'll hack anybody. They don't really care. Okay. Yeah. I think of it as an opportunistic occurrence. Meaning, imagine a guy walking down the street and he is maybe cab burglar. He's gonna check the door right in front of him, then he's gonna go down, that one's locked, he's gonna check the next one down, he's gonna check the next one down. He doesn't know if you have, you know, Picasso, you know, art inside of your house, or maybe you have nothing. Yeah. But if he finds a door that's open, he'll go in.

SPEAKER_00

So they're it's just a numbers game for them. They're they're reaching out to as many people as as they possibly can to see Yeah. Yeah.

SPEAKER_01

Yeah, absolutely they are. Yeah. This is this is what they want to do. You know, as of as of lately, cyber crime is reaching all not all new highs. I mean, I I took a couple notes and I you know, I can certainly go over them, but really, if if you could take the amount of money that cybercrime makes in a year as a GDP, as if they were a country, you know, United States would come in first, China would come in second, but they would come in third. Cybercrime would come in third as the amount of um uh of money that they would make. And you know, there's news every day of different things going on, but from a very large perspective, there's a CRM company by the name of Salesforce. Yeah, most people know about, especially if you're uh you're an entrepreneur.

SPEAKER_00

Yeah.

SPEAKER_01

They were hacked back in, I think uh it was July, but really it all came out in August. They were able to get records for 700 different organizations, right? And these are large organizations Boeing, Qantas, McDonald's. They all yes, they all use Salesforce for everything. Right. And uh they they actually got a total of 1.5 billion customer records. Wow. 1.5 billion, right? And they found it really a great opportunity to start to try to exploit the companies, right? So they called Qantas and said, give us a bunch of money. If you don't, we're gonna take all your customer information and put it out on the internet. Well, Qantas basically called their bluff. They said, We're not paying you. And they did, they put out all the information on the internet.

Access Creep And Offboarding Risks;

SPEAKER_00

Is that all that is that what they're doing with the like so so Salesforce gets hacked, and now they are taking that information and going to each specific company, right? So you mentioned like Boeing. So they go to Boeing and say, hey, pay us much money, or we're gonna share your information to the to the public. Um, is that is there another way that they're that they're making money, or is that the only way that they're getting money in that scenario of like going to each individual company saying, before we continue with today's episode, I want to take a quick moment to thank Valley Bank for supporting Palm Harbor Local. I recently moved my business banking over to Valley, and what stood out to me right away was how relationship-driven their approach is. You're not calling a hotline, you're working with real people who understand local businesses and make decisions locally. This episode is supported by Chad Britz, first vice president at Valley Bank's countryside branch, who works closely with individuals and business owners throughout our entire community. If this kind of local relationship-driven banking matters to you, you can learn more at www.valley.com or email Chad directly at cbritts at valley.com.

SPEAKER_01

I think that's the most effective. I mean, if you put yourself in their shoes, what is the least amount of work I have to do to get the most money out? And I think that's one of them. I mean, ransomware is another way that they can get money. That wasn't what happened here, though, right? Here they actually had the customer records. Yeah. Right. Right. And it could be anyone from a state sponsored organization to, you know, just regular guys looking to make some extra money.

SPEAKER_00

So what happens when the so they're so let's say in that case where they the information was released, what happens in in that scenario?

Why Small Firms Face Big Threats;

SPEAKER_01

Oh gosh. I well, first thing that happens is that each individual, so what happens at that point, Qantas has to get a hold of every person that uh the information was released as uh as part of uh really regulation, right? SEC says that you have 30 days to notify individuals when there was a breach of uh service. And I'm sure you've got those emails before, whether it's from some you know, credit card company or something else saying, hey, there's this possibility, we'll pay one year for you to watch your credit, something like that. So it's gonna happen. And a lot of these companies, they're not individuals, they're other companies, right? That that they have information on. They're vendors, they're suppliers, there's all of these other things. So think about it from this perspective. If you're Qantas and you're making a deal on buying, I'm I'm just gonna put out there uh airplane tires, right? So you go to one company, you go to you know your company, Donnie, you say, hey, I want you to, I need some tires, and let's make a deal. You say, okay, I'll sell them to you for, I don't know, let's just say$100. But then you come to my company, and obviously I don't know what he what Donnie's charging you, but I'll say, oh yeah, well, I'll I'll charge in 95, right? And then this is kind of this is sort of competitive information, right? Now these guys put it all out on the on the internet. That's I don't know that a case, but I would think that's what they ended up doing. Okay. So now I'm mad that my information got out, that I had a special deal going on, and now you know how much it is. I'm gonna sue Qantas because this is all confidential information, right? And in return, I mean, they're not gonna sue one person. Every person is gonna sue Qantas for that. And in return, Qantas is gonna sue Salesforce for letting this happen. It's just gonna be it's a nightmare. It's just gonna be a big nightmare. It's like a big web of mess. It's a big house of cards, whatever you want to call it. But yeah, and then what it does is it reduces trust. Um, and so here's the thing that that it's important to note that if Salesforce can get hacked, small little financial there, there's we we don't really have much of a chance. I guess it's you know it's the same thing. I got I always liken all security to the most simplest thing, which is maybe security in your house, right? You can put a you can put a lock on it, you can get a dog, you can put bars on the window. If someone really, really, really wants to get in, they're gonna get in one way or another, right? So, but you you kind of think you can say, Well, who am I? I'm just I'm just a small fry, I don't really care. And that's true, but it's more opportunistic many times. If you had your information in Salesforce, and it just happens to be one of them that they picked up, they don't care about us. But I mean, if there was something that they could exploit, you bet I'd be getting a phone call from these guys saying, Hey, you know what? Yeah, I'm about to put the information out. So give me something.

SPEAKER_00

Yeah, yeah, it's it, it's it's crazy, and it and it's all it's just getting worse and and more common, right? Like how many times it's almost like you you hear about another you know, breach of data, and you're just like, okay, it's a it's another one.

SPEAKER_01

So it just so happens. I I read about this one. Let me read you this one. Yeah, this was just a couple days ago, as a matter of fact. So 5.6 million people exposed, there's their social security numbers and all their other credit information. There's a company by then a name of 700 credit, which is uh they do credit checks for car dealerships. So if you'd gone in and you said, Hey, how much is this car? And they said, Well, let's let's pull your yeah, it happens all the time. Yeah, you could have been part of that. And they they were hacked, they they confirmed a data breach. And again, it's it's great that they now they're telling people because before, before the government made You know, these companies tell they would try to keep it secret. Yeah. And then, you know, and basically what it does, it puts egg on the face of the company and everything else. But it's good to that people actually know what's happening out there, right? That's one. Then you had the U.S. Treasury had a data breach, right? This was a Chinese state uh sponsored hackers, uh, but by the name of Salt Typhoon is the name of these guys, but they come up with some really interesting names. Yeah. And it all had to do with some third-party uh remote support software that they had on there, right? Interesting. Yeah. Another massive uh healthcare breach with Ascension Health, a recently confirmed ransomware attack that exposed personal and medical data of approximately 5.6 million individuals.

SPEAKER_00

So this is just like uh uh every week, it seems like something happened. Every week.

SPEAKER_01

Yeah, I mean, these guys are working hard. Like I said, they're there they there were they were their own country, yeah, third place in GDP. Imagine that. Here's one final one. Uh SRP Federal Credit Union disclosed a breach impacting uh 240,000 members, while Lender Loan Depot had a massive attack affecting 17 million customers.

SPEAKER_00

Jeez. Right. So when when someone when a company like that gets hacked at at that scale, like what's what's happening? Like, how are they getting into their into their data? Is it somebody clicking on an email?

Salesforce Breach And Fallout;

SPEAKER_01

Oh, okay. So there's lots of different ways. Large companies have lots of doors, lots of computers that actually talk to the internet, right? Whether it be web servers or could be support, like what we just heard, you know, read about. It could be any number of places where there is a door to get in, somebody will be trying to get in. As a matter of fact, when you watch and monitor these, these these doors, you'll see that there are always someone trying to do something. Jiggle the handle, right? People from Ukraine or Korea or Russia, or it doesn't really matter. It's giving the side of the United States. And they will try uh lots of different ways to get in. Sometimes they'll try what they call uh brute brute password attack, which is they'll they have a dictionary of passwords, and they'll just try a whole bunch of them against the the server. At some point, they might, yeah, they might get it. So if your password is password one, yeah, right. You're probably gonna be hacked. Yeah. Well, I mean, yeah, I uh you know, I have a story about that myself. I mean, you know, but yeah, so that's one. There could be lots of different ways that actually people get in. Uh also, if you were if you are a vendor coming in, so here's another one that that happened to. There was a vendor that came into an organization, I don't remember who it was, but they were like an HVAC company.

SPEAKER_02

Okay.

SPEAKER_01

They hooked up their computer to the system, but what no one knew is that their system was infected with a virus. So it got in, it looked around, did whatever it was supposed to do, and then it caused to open up a door, a back door where other people could get in.

SPEAKER_00

Oh, wow.

SPEAKER_01

Right? There's all sorts of different ways that this can happen. Yeah. And people now they're logging in from home. So you are a person that you get your email, or you may log in on your computer or on your on your mobile device. Of course, and one day you're on vacation with your children and they're stuck at an airport, and your kid says, I let me play a game. Uh, well, I don't have any games. So you download a game on your computer, on your mobile device, so they can play. Some of these games could have viruses on it, and that's all it takes. Once it's in, then you connect to the system where you do something, or you go in to the office and you're you VPN in. This is really all it takes for these things to happen, right? Crazy.

SPEAKER_00

Crazy. So the name of your company now is and and I guess in like simple terms, what is it that you do?

SPEAKER_01

So, what I do is I'm doing cybersecurity services, right? I will help small businesses, uh, whether it be financial or it could be anyone else, I'll help them. First of all, we'll do a security assessment. We'll come in, we'll take a look at their computers, we'll look at their mobile devices, we'll make sure that they're up to date, that the if it's Windows, that the windows are being updated, that it has antivirus, that the antivirus is being updated. We'll take a look and see if they have printers or if they have a network, right? See if these things are being updated, make sure they don't have default passwords, right? Because most places just leave default passwords in. And then what we'll do is we'll we'll talk to them about whatever their processes are. Who are their clients, right? Do their clients actually log into their systems? If they do, then that obviously has more vectors for uh for attack. And then uh once we've kind of figured out uh what the land, uh what the lay of the land is, what what their footprint is, we'll come back with um things they could do to improve their security. Okay. Many times, and this is sort of, you know, I I've told this to everyone who will listen to me. Just enable multi-factor authentication. Just by doing that alone will probably help 90% of the possibility of someone breaking in. Yeah. Yeah. That's simple. It's just that simple. And I'm not talking about the one where you get a text message on your phone, though if you do that, it's still better than nothing.

SPEAKER_00

Yeah.

SPEAKER_01

There are applications that are authenticators, whether it's duo or Microsoft Authenticator or Google Authenticator, there's a ping authenticator. Basically, what it is is you install this on your phone, and then when you log in, it will, it will, it will, uh, a number will pop up on your phone many times. So what you do is you open up your phone, you put in that number, and that's how it knows that it's actually you. Okay. Because you logged in with your password. So that's so typically multi-factor authentication takes two pieces something you know and something you have. Okay. These are the important things. So what do you know? You know your password. What do you have? You have your phone. So these two things together increases the likelihood that it's really you and not a bad guy.

SPEAKER_00

And the chances of the authenticator being hacked? Very little. Okay.

Ransomware, Regulations, Notifications;

SPEAKER_01

Yeah, very little. Yeah. It's it's for now, like yeah, of course. Yes, yes. Let's uh what everything has a caveat that someone really, really, really wants to get in, yeah. There's nothing we could do. If the NSA decides they wanted to turn on you, Donnie, and get all your secrets, yeah. Right? Yeah. If, yeah, say they with Korea or Russia, they're all really good at what they do, these guys, in that particular sense. And this is what I tell my clients. I said, listen, it's not a matter if it happens, because it's gonna happen. The trick is how do we how do we reduce the blast radius? How do we do it in such a way that you've practiced any protocols? How do we do it that you can, that there's resilience and that you can you can stand back up on your feet and make sure your clients are are are well off. You know, there are things like backing up and restoring, and there is doing protocols, basically think of it as a as a fire drill, right? Yeah. Right? You sit down, it's called, it's called a table exercise, you might say. These are all things that I talk about when I talk to my clients. I says, let's do a table exercise. Well, what's a table exercise? We're gonna sit down at the table, we're gonna have pad and paper, and uh we're gonna go through scenarios. We're gonna say, All right, it's Monday morning, you try to log into your client's information, and it says that you get this thing on your screen that says, pay us 30 Bitcoin because we have all your information. What do you do? Right? And we'll talk about that. We'll talk about here's the first step you do, here's the second step. Well, what if, you know, let I call my IT guy. Well, what if your IT guy's on vacation? Oh, well, right, we got to get a backup of some sort. And I think by doing these things, you prepare people for the worst case scenario, but they're not running around with their with their hair on fire, right? Like, oh my God, like what's going on? Like, how am I gonna fire drill in California? We have earthquake drills, yeah, right. So it's the same thing. What do you do? You hear the fire drill, everyone goes down. So calm heads, right? But uh, so yeah, these are some of the things you do because it's gonna happen.

SPEAKER_02

Yeah, right.

SPEAKER_01

It happens. How do you deal with it? What if they do get all your information? Well, we have everything backed up, so we can we can come back from that, right? Yeah.

SPEAKER_00

So like the more tech that you have, like in real estate, like we typically, you know, I have a CRM, I have a website, and I have other tools and stuff that we use daily that we're logging into, right? So the the more tech that you have, the higher chance of you getting hacked, right? Because they could hack into any one of those those systems where you got multiple passwords. So then like having that authenticator helps eliminate that that risk, I guess, or or lessen that that risk.

SPEAKER_01

Yes, yeah. So to your point, the more things you have, the more attack vectors there are. We call it an attack vector vector, right? So your CRM system, does it do multi-factor authentication? It might. And these, and there's other third-party companies that you that you work with also that you know will will could possibly lead to a breach, also. Any one of these is an attack vector. And like I said, some of them you have no control over.

SPEAKER_00

Yeah, because I was just thinking that, right? They they might attack the the company and can then get my my data.

SPEAKER_01

Yeah, exactly. Right. I mean, um, it's the same way with the financial advisors. I'm not sure what CRMU use, but there are there's uh financial advisors, there's one called Wealth Box and one called Red Tail. And if they were to get into their these systems, they possibly could have account numbers, they could have birth dates and social security. I mean, really everything that they want are in these systems. Did the financial advisors do anything bad about it? No. What's but if if if their clients get hacked, guess what? They're gonna come after the financial advisor.

SPEAKER_02

Yeah.

SPEAKER_01

Why didn't you protect my data better? And I mean, at the end, it's I don't really know what's gonna happen, but it's gonna be a bad day for the client. You know, chances are they'll end up leaving the financial advisor. Or, you know, if there's always these things that could happen. And they're gonna, they're gonna, they're gonna sue them, and the financial advisor will probably sue the other person. All this stuff is sometimes can't be helped, but having cyber insurance covers them from getting sued. That's part of the idea of having the cyber insurance.

SPEAKER_00

Is cyber insurance that relatively new that that's been around?

SPEAKER_01

Or it's been around in some form for maybe 10 years, maybe a little bit longer, but back then it was just called like network security insurance.

SPEAKER_02

Okay.

How Breaches Actually Happen;

SPEAKER_01

So what happened if you had an employee who, you know, was disgruntled in some way, and you didn't turn off all the all the access that we talked about earlier. Well, now they can get in and they might do something, turn off your systems, millions of things that can happen. It covered those kinds of things. But now, let's say grandpa, one of your clients, uh clicks on a link and it it happens to be, you know, a phishing email, and they, you know, they're some bad guys get their credentials. You know, and the next thing you know, uh they're doing something, uh, and they may end up um you know having a breach in in your system because they give away some information of some sort, they will sue, right? Chances are they will. So did you have anything to do with it? Not at all, but you still have to be prepared for it. Yeah. What are you gonna do about it?

SPEAKER_00

Yeah, yeah, I like that. Just just having like a plan.

SPEAKER_01

Yeah, and and so some of the larger uh companies are are are requiring you to have it. SEC hasn't required you yet, but if you are custodian of large assets, a lot of these places will will require you. Sometimes if you're a client and you have if you're a large client, they they might request you to also have cyber insurance because they want to be protected also. Yeah, it makes sense. Yeah.

SPEAKER_00

If you're if if you're uh I think you you might have already kind of touched on this, right? But like a business owner or an individual, and there was just like one thing you could do to be more secure today, like what would that be? Multi-factor authentication. Yeah, it's so easy. So easy. Just try to turn it on where you can. How does that work?

SPEAKER_01

It's just like like a like an app you download, or well, so so first of all, let's say you're you're logging into email.

SPEAKER_00

Yeah.

SPEAKER_01

Easy, right? If you're logging into email, there should be someplace somewhere that says turn on multi-factor authentication. Yeah, right. If you have Google email, there is there'll be there might be two different options. One is a text message, which is the less secure but better than nothing. And the other one will probably say Google authenticator, right? So the text message is just as it is. You put in your phone number, and next time you go to log in, you'll put in your, you know, Donnie Hathaway at gmail.com, whatever, you put in your password, and then it'll say, I'm sending you a text. You get the text, you put in the numbers back on the computer, and you're all set. Now that's great. But there was some time back, if you remember, I'll just pause here for a second. We'll take a quick detour where there was this thing called uh sim cloning. Does that sound familiar? No. Okay. So through social engineering, which is someone will call the call ATT and said, Oh my God, I'm Donnie Hathaway. My I lost my phone, and I just got another one. I just need you to change the phone number to my new SIM. Oh, sure, what is it? Boom, boom, done. That's that's basically what it is. So I will I will call the phone company, said, I'm Donnie Hathaway, and I'll convince them in some way they're really good at it, and then they'll change it. So I will get your phone number. It'll be changed. All of a sudden your phone will stop working, and now I will have all your numbers. So I'll get your texts, I'll get your emails, whatever else that comes in, not really emails, but I'll get your texts. And then I'll go to your I'll go to your phone and I'll say, forgot my password. Or go to the email, forgot my password. Oh, no problem.

SPEAKER_00

I'll send you a text. Yeah. Yeah.

SPEAKER_01

All right. So that's the problem with that. So now we'll go back to the system, right? So you have text messaging, which is better than nothing, but still not very good. The second one, it'll say authenticator app, Google Authenticator, something like that. So then you what you do is you'll download it, go to uh Play Store or Apple Play. I think I'm I'm a Google guy, so I'm not really sure how that works on FM. And then you'll download it and then you'll follow the instructions, and it's super simple. And there you go. So what happens? If I were to take over your phone number, it doesn't matter. I don't have your app on the phone. Yeah. So I'm dead in the water.

Vendor And Home Network Weak Links;

SPEAKER_00

Are you creating a login for that app, for the authenticator app? Like you have your own login for that, or is it just you download it and it's attached to your phone number or something? Great, great question.

SPEAKER_01

So what happens is there's actually a QR code. Okay. Right. So what you'll do is the application will come up and it'll give you a QR code. And then what you'll do is you'll take your phone once you say, once you've like loaded up the application, and you'll take a picture of that. And it automatically what it does is it binds that application with your phone, right? And together it creates some sort of a key. So it only works with that phone, that not the phone number, but the phone itself, the device and that application. So for instance, now you've done that one. Now you're going to go into your CR system and you do it all over again. You'll have to do the process again because then it'll be the CR system with your device, your phone device. They'll bind together to make another key. So you I, you know, you could have 10 of them, yeah, one for each particular system that you might use. Yeah.

SPEAKER_00

Yeah. It's crazy to think. I mean, it's it's hard enough to remember all the different path passwords that you need to remember now too, right? And now to do this, like, you know, to be the most secure you possibly can be, like it's it's a lot of work, but it's obviously very necessary to do that.

Services For Small Businesses;

SPEAKER_01

What what's what's happening, at least Microsoft is doing something called passwordless authentication, right? So that's what they're working towards too. And basically what it is, is nowadays if you log into your laptop and you've turned this on, I think it's called Windows Hello, where you'll open, and I think Apple does this too. You open it up and it just sees your face and goes, Oh, that's Donnie, and you're in. No more passwords anymore, right? So you could do that. You could do your thumbprint, yeah, uh, you could do a pin on your on your computer. All of these things are now leading to to password lists, because in reality, the passwords was never a great security mechanism, better than nothing, right? And now that we have better technology, this is the next wave of going, you know, doing things. So now you don't have to worry about resetting your password, it expired, I forgot it, writing it down on you know, on the uh piece of paper somewhere.

SPEAKER_00

Yeah.

SPEAKER_01

So yeah, it's they're not all there yet, but slowly they're working on that.

SPEAKER_00

So what what do you think so is that the is that the future then was I was gonna ask you? Is like we we go away from passwords and it's just either like your thumbprint or a picture of your face. Yeah, and you know, that's pretty secure itself. I mean, there's some apps that do that now where you can log in.

SPEAKER_01

Yeah, yeah. Exactly, right? You put your thumbprint on it.

SPEAKER_00

Yeah.

SPEAKER_01

Is it secure? It's it's secure enough, right?

SPEAKER_00

Right.

SPEAKER_01

If you're like guarding you know nuclear secrets, then they'll add more security to it. Right, right. But yeah, for the normal apps, yeah. Yeah, yeah, it's good enough.

SPEAKER_00

Yeah, yeah. Yeah, that's it's man, it's crazy what it's what it's become. Yeah. You think it gets worse from from where we are now? Like well, like with a how does AI tie into that too, right?

MFA Explained And Why It Works;

SPEAKER_01

Well, okay, so AI is a whole new new piece in this because you know, it from a couple different perspectives. One that we haven't really talked about yet is some of the things that the bad guys are doing now around trying to get your information. And one of them is doing is basically cloning your voice. So it really doesn't take much all takes it is three or four seconds of your voice on any social media, and AI can now basically uh mimic someone. So there are now stories, I haven't seen it, but I've heard about it, where you know, grandpa will be called, and supposedly it's his grandson, he was in an accident or in Mexico, got you know, he's arrested. There's a million stories, and he needs money. Can you please go and send money uh to some you know, some account? So that that's one thing. Yeah. And you know, they're coming up also with AI video too, right? So they're getting better at what they do. So there's new strategies on how to work around that. And we'll talk about that uh, you know, uh in a little bit here when you're ready. But AI, that's the one piece of AI. And the other piece of AI is the bad guys now are using AI to figure out and very quickly try to try all the different ways of actually hacking into the system, right? Before it was some really smart guy who sat around and all right, we tried this. Oh, here's the latest thing. Let me try this new thing, and I try this new thing. Now AI is so much faster and you know, just so much better. Have you tried AI yet?

SPEAKER_00

Yeah, I I use it daily. Oh, really? Yeah, for lots of different stuff, right? Just help with with copy, um, ideas, brainstorming. Yeah, I use it for for all different aspects of the business and stuff, right? Right, right. I don't rely solely on it. I think, you know, I think you know, there's there's you know, issues there or whatever, but it's definitely it just helps automate things and speed things up. Like you were mentioning with the like to be able to, you know, automate a part, a section of your business for these hackers. It's like automating all the tasks that they would do and do it all at one time.

SPEAKER_01

Well, you know, it's funny you mentioned that. I'm started to work on a whole new piece of of service, which is all about uh automating um, you know, the the client sort of uh workflows that are going on. Yeah. Right. And it's it's it's pretty interesting. We'll come back and we'll do another, yeah, do another podcast, and I'll talk more about that. That's just like it's still cooking right now, yeah. But I think that that's gonna be a lot of fun.

SPEAKER_00

It's interesting too. Now I'm thinking about like the security issues with this too, but I've done it before where I said, hey, you know, here's here's some emails I want you to to create an email sequence, you know, I gave it all the templates or whatever, and here's you know, tone of voice, everything that I wanted to do. So it creates the the emails, and then um I forget what they called it on on uh on OpenAI, but it would log into my CRM and and then it would put them in the uh template section. So it would take the emails that it created and then do all the work to plug them all into the into the sequence in my CRM. Oh, it's pretty advanced. That's pretty good. Yeah. So, but now I'm thinking like there, well, I log in, you know, I I'm on OpenAI, but if OpenAI gets hacked, they have my login information for my CRM, right?

SPEAKER_01

Another attack vector. Yeah. That is has not even it's not fully known, right? Or well understood. How secure that is. Yeah, it's it's all new stuff.

SPEAKER_00

Yeah, yeah. That's and that's the scary part because everything like everything's moving so fast. Yeah, yeah.

SPEAKER_01

Yeah, yeah, it is. Yeah. Again, I think what it comes down to, not if, but when something happens. How are you going to how you're gonna deal with it? I think that's really what the important piece is here. Yeah. It's like California. It's not if you have an earthquake, it's when it happens. Where are you gonna go? What are you gonna do? Yeah. How are people gonna react to this whole thing? Yeah. I think that's the you just have to be ready, right?

SPEAKER_00

And it's uh I I feel like I had this thought earlier. It's becoming like more and more common that you're getting, you know, a spam email or spam text or something like that. It's more difficult to catch. Right. Well, they're getting better at it too, right? And you know Yeah, absolutely.

SPEAKER_01

They're getting better. So think of think of think of yourself as a castle. And in the castle, you have a moat and you have walls and you have all these things and they're attacking you. You have to defend against every attack. For them to be successful, all they need is one slip. One success. That's it. And it's the same way I'd look at it with phishing emails. All it's going to take is one day you got in a fight with your wife, you're coming home late from work, you're thinking of all these things, you're in a hurry, you gotta respond to someone before 5 p.m. It's 4 58, and you get in an email, and oh my God, this is it, or something, and you don't read it well. You're all just sort of in automatic mode, and you click something. It looks good and it sounded right, and you're expecting something, and you know, it happens to everybody. Yeah, people who are experts in cybersecurity have the biggest egos, and they're the they're the first ones to fall because they don't think they're gonna get hacked. Happens to everyone, it's just a human nature thing. It's really all it is.

Resilience And Tabletop Drills;

SPEAKER_00

Yeah, it happened to me the other uh recently. Uh some like I got an email from you know a friend and was like, click on this, you know, I sent you this document, created this for you, whatever. And I, you know, clicked on it and it was it was nothing. And and then it hacked. I later I noticed like, you know, I had a bunch of emails that were going like undeliverable or you know, bad email address, and and so it had hacked into my system and sent out a bunch of email, that same email to other people. And other people were emailing me back saying, hey, is this is this real or is this spam? Like it's not you know, just yeah, delete it.

SPEAKER_01

Yeah, it's it it's it's tough. And like you said, it happens to anyone. Yeah, that was that was fairly innocuous, right? That was kind of innocent, but you know, anything could have could have happened there. I'll tell you a quick story. I mean, speaking of having bad passwords, like I said, it happens to everyone, you know, my company and I do security. I had a fairly easy password on my email. And um, you know, I send out my invoices, I get paid typically 45 days after the invoice date and all that stuff. And like a couple days before, I get an email from an accountant, one of one of my uh uh vendors, and um and it says, Hey Peter, so I'm just confirming you want me to change your your your bank deposit to a bank in London. I'm like, what? I remember sending that. So I said, Hold on, uh, would you send me send me that email? I sent you an email. Indeed, it came from me with all this information two days before they were gonna make the deposit. This tells me that they've been in my account for a while, watching, just in the back, watching the timing of everything. So they were, you know, they knew that on the 15th, I was something they're gonna get a deposit, right? I was gonna get a deposit. They changed it like on the third thing, I requested to change it on the tape.

unknown

Wow.

More Tools, More Attack Vectors;

SPEAKER_01

They're good. Yeah, they're really good at this kind of stuff. And I of course I called them back, said no, don't do anything. Now it's not me. Thank you so much for calling me. I owe you, you know, a six pack of beer or whatever. And and I immediately changed my password. And guess who didn't have multi-factor authentication turned on? You didn't have it. That's right. I did not have it. You see, uh, it's but um yeah, it it happens that way. You know, just so you understand a little bit about the mentality of of these people who are doing this, there's a couple different levels of this. One of them is uh you, you know, you could you could have filled out a job application, you know, saw uh an ad, you know something about computers. In Russia, um they have huge businesses. And you're just some guy who does computer work. You you clock in eight o'clock in the morning, you take a one, you know, one-hour lunch break, and then you leave at five or six. It's a regular job. But your job is to hack into people. It's a legit job. My understanding is that in Russia, uh, it's not against the law to hack into other companies or other people as long as they're not Russian companies. That's against the law. But if it's a US or anywhere else, game off. Free game. Yeah. Yeah, exactly. So you get paid, I don't know, eight bucks an hour, ten bucks an hour, and they might give you a bonus if something works. That's what they do. They do the same thing in India. They have all these different places all over the world, which are just like sort of regular jobs. Yeah. Now it can get even more nefarious than that. You you see you live in Dubai or one of these other poor countries, and you get an email or you see an ad in the newspaper, come to, you know, Thailand, and we're looking for computer engineers. So you save up whatever money you can, you get on a plane, you go over there, and you meet the people who are supposed to, you know, you're thinking, oh, this is great, I'll just send money back to my family and all that. And they say, okay, fine, let me have your passport. And they hold you, grab your passport, and then they get you, they get you in the back of a truck and you drive for hours, only to end up in Cambodia or uh Laos or one of these other countries, and they end up putting you in one of these forced labor camps that are completely illegal. They take away your passport, and they by um threat of force, uh, they get you to do what they want you to do. So you are there and you are hacking. And these guys are typically, you know, uh it's it's funny. So this is what happens, right? There was uh recently a news article that the Chinese government worked with the Cambodian people or something like that, and they went in and they arrested like 11 people in this Chinese family. Yeah, they literally put them to death. These guys were running one of these things, you know. They went over there, they freed all these people. Now there's all these people running around, you know, Cambodia or Thailand have no money, no, because it literally took everything from them, right? I'm sure they're just happy to be alive.

SPEAKER_00

Out and alive. Yeah, but talk about horrible, you know. That's crazy. So it's not it's not going away anytime.

SPEAKER_01

No, it's it's not going away. I think it's just gonna continue, continue to get worse. Yeah, absolutely. And they'll try all sorts of things, you know, whether it's a romance scam. And if you think about it, this has been going on since the beginning of time.

SPEAKER_02

Yeah.

SPEAKER_01

I mean, this was a con, right? These are all con games. Yeah, you know, the old days we call them con men.

SPEAKER_00

Yeah, right. But now you just have technology. Yeah, that allows you to have a further reach, reach more people. Absolutely.

SPEAKER_01

Yeah, but it's the same thing. I mean, you know, the romance scam, you know? Yeah. Someone who's trying to fall, you know, that tells you how nice you are, and the poor lonely guy, you know, kind of falls for it and right place, right time.

SPEAKER_00

Yeah.

SPEAKER_01

You know, it's it's it's old. These are old tricks, just with new new techniques. New technology. Yeah.

SPEAKER_00

Yeah. It's crazy, it's scary. It's but I think, like you said, like the to keep it simple, um, the biggest thing is is, you know, to have a plan, use multi-factor authentication, and and have that plan in place.

SPEAKER_01

So yeah, so there's a couple other tips.

SPEAKER_00

Yeah. All right.

SPEAKER_01

Number one, right? Multi-factor authentication. That's the biggest one for you, right? We talked about the voice scam, right? So you get a call late at night, sounds like your wife or whatever. First thing you do uh is you they say, Oh, I, you know, someone lend me their phone or whatever. First thing you do is you is is hang up and you can call their phone. Chances are they're gonna answer their phone. And it's like, you're like, did you just call? No, I have no idea. It's like, okay, good, we're all good. If you can't do that, or as a second option, what you do is you set up a code word with your people, right? Yeah, with your loved ones, and they'll call, you know, someone will call, they'll call you on the phone and say, Oh my god, I'm in Mexico, I need money, or whatever, you know. And chances are they maybe did go to Mexico. Okay, what's the code word?

SPEAKER_00

Click.

SPEAKER_01

And there you go.

SPEAKER_00

Yeah. Yeah. Simple one there.

SPEAKER_01

Yeah, yeah, absolutely. So I have a story about that. It's kind of weird. My parents, when I was young, owned a liquor store. Okay. And sometimes my sister would work with my mom, and I'd call in whatever, I need this, mom, and this. And so I was like just whining about something. And their voices sound very similar. So sometimes I'd call, uh, mom, is this you? And my sister goes, Yeah, it's me. Well, what can I do for you? Blah, blah, blah, blah, blah. And then later I only caught on that she was doing this. So I told my mom, Oh man, mom, I have a code where it's if it's really you, you're gonna tell me. So I'll say, What's the code word? And you're gonna tell me it's Batman. Nice.

SPEAKER_02

So even I figured there's this little.

SPEAKER_01

The other thing that you might get is that there's going to be a sense of urgency. So in a lot of these emails, in any of these cons, there's always a rush. Oh my God, I need it right now. Uh, you you need to send the money, you know. Uh even especially with in these, you might get an there's a uh a lot of times you'll hear CEOs supposedly calling their assistant. Oh, I'm doing this deal. I need you to wire a million dollars right now to this other company. So there's always a sense of urgency that needs to happen. It's the police or or someone. There's this one that uh this lady got a call at work. It was supposedly the the county sheriff that she missed jury duty.

SPEAKER_00

Oh, yeah, that was my wife. Oh, that was talked about that exactly. Yeah, so they called her uh they called her employer and was like, can we speak to, you know, can we speak to her? And and and she's on the phone and and like you said, that sense of urgency, like don't hang up. You need to go down there immediately to the to the uh county county office and and tell us why you missed. And then, you know, they transferred the phone to a couple different people. They're like, Oh, I'll give we'll put you on our head sheriff, and and then at some point she starts to like question it, you know. They they made her sit in the car and like read this document that they emailed her or something, and uh they they wanted her to stay on the phone, probably for that reason, to like, you know, keep that sense of urgency or whatever, but they wanted her to drive down there. And then I think before they, I think the before she was gonna drive down there, they wanted her to to send money. You have to pay this money before you get down there.

SPEAKER_01

Yeah, you know, it's all about the sense of urgency. And we're no government agency is gonna ask for money over the phone, right? Right. And and the other thing is there's the gift card thing, right? So yeah, the the government doesn't ask you to send gift cards, right? Or they don't want you to go down to to the Bitcoin ATM and put money in the ATM. Yeah, those are all scams, right? So yeah, it's there's the red flags, sense of urgency, and and this the other thing that I would tell you is that if you if you get a call from someone and they say that they're from the fraud department or whatever, say, okay, great, I'm gonna call you right back. You turn over your card, you see the the number that's on your bank card, you call that number and ask for your fraud department, right? So that's important because they if they call you, then there's no way to actually authenticate that it was actually the bank. That's why they'll keep you on the phone a lot of times. Yeah, and there's also it's the sense of authority, right? I'm the sheriff. If you don't do this, we're going to arrest you. Yeah. And to a lot of people, I mean, just think about this. You know, now there's the whole immigration thing, and not to get political, but imagine these guys are now saying, I'm from ICE and I have your mother in custody, and I need you to send me, I need$500,$1,000 sent right now, or we're gonna deport her. That's a whole new vector that hasn't even been talked about.

SPEAKER_00

Right.

Turning On MFA Step By Step;

SPEAKER_01

Right. One final thing for you is that uh there's something called URL hygiene. Basically, what this means is as you're as you get an email and it says click on on this link, we'll take you whatever, and it looks like it might say Google or Microsoft or whatever, make sure it's spelt correctly, right? The other thing you can also do is you can take your mouse and hover over because a lot of times what they do is they hide it, right? It uh under a um there's there's I forget the word for this right now, but basically it'll say something like, uh, you know, the the the word is not the actual underlying link. Yeah. So but if you hover over it, it'll give you the underlying link. Make sure it's actually spelt correctly and it's it's well known. And like anything, if you get an email, the best thing to do is it says click here for your banks. Don't click there. Just log in directly on your bank account. That way you know it's real.

SPEAKER_00

Yeah. Yeah, that's all. I I got one recently that was it was a bad link. I forget, I forget what it was for, but it was clearly spelled wrong from or it was something that I had received before several times, so I knew what the link was, and this one was was not it, but they typed something out to try to make you think that it that it was it. But you're right, it's and it's going back to like you know, me slipping up on that email and downloading that document before. It's just like they keep you at the right place, right time. They're just like it's a numbers game. So it's like, how many times can we send this to this person? And at some point we'll get them.

SPEAKER_01

And and here's so talk about AI. AI can now scour the internet and know a lot of things about you. You're you're a public person, right? Yeah, you have LinkedIn, probably other social media. It can actually build a profile of you really quickly. And so not only is there something called phishing, but there's something called spear phishing so fishing is basically it's like think of it, you throw your line out in the water, and maybe you catch a fish. Spear phishing is much more directed towards one person, right? They will come after you. Typically, it's high profile people. This is really good in CEOs or people that work for the government. But the idea behind it is that they know the things you like, they know the things that you've been working on, the people you've been talking to, and they will find something that will make you feel that it's familiar, that you're doing something, right? Um, and and they will go maft you that way. As an example here, if you you know, there was a um actually I think he was he was like a judge, had something to do with like cybersecurity stuff. He was in the process of buying a house.

SPEAKER_02

Yeah.

SPEAKER_01

Right. And so what happens is the uh the lawyer will will say, okay, uh, for you to sign the paperwork, here is the bank account information for you to send, you know, the white, wire the money to the down payment. Well, now they do it a little bit differently, but in the old times they sent it once and that was it. Well, they were watching this particular person and knew that at some point an email was going to be sent out saying, Hey, well, here's the here's the here's the bank information. And they intercepted it and they actually sent out the wrong information. The guy who wires the money, it's gone. Gone. Right. Yeah. Right. Nowadays, right, they they have you call and verify it. So yeah, that's all it's all because of that.

SPEAKER_00

Yeah.

SPEAKER_01

That kind of stuff. Yeah.

SPEAKER_00

Yeah. I've I've heard a few stories uh of that scenario. Thankfully, none of my clients had had been in that situation. But yeah, I mean, I've I've had other agents where it's like they had clients that wired money, and sometimes it's a lot, sometimes it's not so much, but either way, yeah, you're not getting that back.

SPEAKER_01

No, a hundred bucks is is is a hundred dollars. Yeah, yeah.

SPEAKER_00

Crazy. Well, well, Peter, thanks for being here. Thanks for shedding some light on the uh on what you do and and the importance of it.

SPEAKER_01

So yeah, it's been a lot of fun. Yeah, yeah. I really appreciate uh you give me the opportunity to talk about this.

SPEAKER_00

Absolutely. Thank you.

SPEAKER_01

Absolutely.

SPEAKER_00

Thank you so much for tuning in to another episode of Palm Harbor Local. We are incredibly grateful for our sponsors who make this show possible. So be sure to support these local businesses and keep building community together. Until next time, stay connected, stay involved, and let's keep making Palm Harbor an amazing place to call home.

Head Shot

Donnie Hathaway

Host

Podcasts we love

Check out these other fine podcasts recommended by us, not an algorithm.

Palm Harbor Local Artwork

Palm Harbor Local

Donnie Hathaway
Welcome to Florida Artwork

Welcome to Florida

Chadd Scott