Cyber-Man, Cyber-Man, Protect Your Passwords, With Brett Gallant

Show Notes

Brett is a cyber security  expert that introduces us to some of the threats facing small businesses owners and individuals  today. Check this episode out  for a preliminary discussion on understanding things such as the dark web, and how easy or long it could take a computer algorithm  to guess your perfect password. 

Follow Brett on LInkedin for his weekly insights on Cybersecurity. https://ca.linkedin.com/in/brett-gallant-97805726

#cyber #cybersecurity #afternoonpint #cyberinsurance #password #darkweb #

Your Dream Home Does Not Have to Be Just A Dream. Today's show is brought to you by Kimia Nejat of Exit Reality Metro. Kimia is the realtor who knows how to get things done. Buying or Selling? Go to afternoonpint.ca/kimia and we will set up an introduction

Does Your Business Need a Boost With Foot traffic? Hosts for An Event? Or Even Actors For A Production? Or the Production itself? Go to https://www.afternoonpint.ca/services and see some of the services that the Afternoon Pint team offers. 

Find The Afternoon Pint on Youtube Facebook  Instagram & TikTok

Buy merch, get out newsletter, or book some of Afternoon Pints Media Talent on our website: www.afternoonpint.ca

#afternoonpint #entrepreneur #popculture #authors #actors #politics #money #music #popular #movies #canadalife #madeincanada

Your follows likes and subscribes help support Canadian Made Media. Please drop us a line and let us know if you are enjoying the show. 

Chapters

• 0:33: Cybersecurity and the Dark Web
• 11:03: Preventing Cybersecurity Risks in Businesses
• 20:31: Password Security Best Practices
• 26:17: Enhancing Password Security With Song Lyrics
• 37:36: Personal Insights and Reflections

Transcript

Speaker 1 0:33

Cheers Cyber Brent Cyber.

Speaker 3 0:35

Brent, I don't know, I thought it was going to be way more clever. That was it, way more clever.

Speaker 1 0:41

Pretty much the whole extent of it. Did it go any further?

Speaker 2 0:43

than that. Oh, I'm all about spinning a web man.

Speaker 1 0:45

Yeah.

Speaker 2 0:46

I guess maybe it was the web and cyber. Yeah, maybe it's the web, I don't know.

Speaker 3 0:49

Maybe it's secretly more clever than I thought it would be, but it's not.

Speaker 1 0:54

Okay, all right, well, anyway so you're a cybersecurity expert?

Speaker 3 0:57

No, problem.

Speaker 1 0:58

And you've been at it for a minute right.

Speaker 2 1:19

Yes, more than a minute. I've been in the industry for over 25 years and I pivoted our organization a little over four years ago hard to security, first, because what's going on? Things have changed and cyber attacks are way up and the one thing I really try to speak with people is what's your plan? Because it's not a matter of if, it's a matter of when something's going to happen. We have to be thinking about that when Spider-Man is spinning those webs you never know.

Speaker 1 1:38

You never know when you could be the next Nowadays. I mean and tell me if I'm wrong here it used to be cyber insurance. Was you thought it was something that the big guys had to look out for? Right, the big companies is who the hackers are after, but it's not really the case anymore. Is that correct?

Speaker 2 1:53

Oh, they don't care. Yeah, they don't care. They're going after everybody and it's just a numbers game and the whole landscape of what's going on today, the whole cyber crime landscape has become commoditized. So if you've heard about the dark web, that's where hackers are putting information, how to be a hacker, and it's not just the people in Russia and China you have to worry about. It could be your kid in downtown Halifax that went on the dark web, or even another part of the country.

Speaker 1 2:28

I can start right there if you don't mind, and first I get into that. So we'll come back to dark web in a moment, but we are at Great Roads Brewing.

Speaker 2 2:35

We are at Great Roads.

Speaker 1 2:36

Brewing Matt. I'm drinking the Cobblequid. Copper, right you are.

Speaker 3 2:39

And it's fantastic. I'm drinking the cider, yeah, and if you're a or not a cider, I mean a seltzer. If you're a seltzer fan, yes.

Speaker 1 2:47

Yeah, yeah, awesome Cool, so back, so dark web yeah. I don't either actually, I really don't. How does that even start?

Speaker 2 3:02

Interesting enough, I have tried to avoid even going there, but one time the one reason why I know how I've gotten on it before just because, oh, this was about seven years ago a small non-profit organization did get hacked and they wanted to pay the ransom at the time, which was scary. What I know now. I would never even have done that.

Speaker 1 3:32

I wouldn't even allow you remember how much money was a ransom roundabout.

Speaker 2 3:35

Back then it was crazy. It was cheap. With what's going on nowadays, it was like two thousand dollars oh wow.

Speaker 3 3:42

Yeah, that was like, these were like beginners.

Speaker 2 3:44

Yeah, these were like these were the nice hackers yeah, even back then. Yeah, yeah, so uh, so we got on the dark web to find out some information, how to get some of the information I needed and then back then we're trying to get uh bitcoin because they wanted bitcoin.

Speaker 3 3:59

Bitcoin because they wanted.

Speaker 2 4:00

Bitcoin. It was a nightmare. The good news is it didn't pay anyways. But it was back at the time that the CEO, the executive director, really wanted to do it, and I said are you sure?

Speaker 1 4:19

And are there vigilantes on the dark web? I mean, since we talked about Spider-Man here today, already. I mean I'm wondering are there people there on the dark web that are actually trying to do good and stop some of these cyber criminals? If that's where everybody's hanging out.

Speaker 2 4:34

There's interesting enough. I don't know an awful lot about that, but what I've done, the research, is sometimes I've heard a few stories where a cyber criminal syndicate has agreed to pay the partners to execute some damage and they didn't get paid. Then they went after each other. Oh, wow. Yeah, it was crazy.

Speaker 3 4:58

I guess also to rewind a little bit, just because there's probably some people who are going to be listening who don't know what is the difference between the web and the dark web uh, difference between the web and the dark web.

Speaker 2 5:09

Um, I I'd like to explain it just as easy as layman's terms as possible. Uh, dark web is, I call it the wild wild west of the internet. That's the best way of saying it, and that's where all the scary things are, where you don't want to. You don't really want to visit there. Like how to like, not just.

Speaker 1 5:34

But like I don't get it, okay, then help me really explain this Like I'm a four-year-old. So is it like, instead of a www, is it like a DDD for dark? I don't understand. How does somebody get into the dark web?

Speaker 2 5:45

There's a special browser you have to download to get access to it, and then you get tools to that scary digital kingdom.

Speaker 3 5:53

Okay, and it's just all unregulated internet.

Speaker 2 5:57

Unregulated, like things you don't even want it, like how to make bombs, yeah.

Speaker 1 6:02

So you can't find how to make a bomb on the regular internet, though, can't you just find it?

Speaker 2 6:06

on the horse? I'm sure you could, or is it more?

Speaker 1 6:08

like you know that the IPs are being watched and then the police are on your Right.

Speaker 2 6:12

It's not monitored.

Speaker 1 6:13

Yeah, okay, yeah.

Speaker 3 6:14

How do you get to a point where something is unregulated, because there always has to be a provider of internet, and what I mean by that is whether you have a company that provides it, but there's also just cables that connect and all that stuff you have to run through it. Would a hacker? Would they have I don't know one of the companies like Rogers Bell, eastlink, whatever? Would they have an internet provided by them and then have something like a vpn that throws them off or oh yeah, is that how it works, or can they?

Speaker 3 6:46

get in. How do they get internet?

Speaker 2 6:47

it's like they they can get on, but they cover their tracks. They're using vpns and aliases and hopping around servers so that they're covering their tracks, like the, the digital tracks, the crumbs I've used a VVM before, but all of them have to pay like the $100 for internet every month.

Speaker 3 7:03

Yeah, that's the case, right?

Speaker 2 7:05

And sometimes they're doing it. We were demoing a product recently that sometimes it's happening, like cybercrime is happening, even at a hotel or an airport. There's these little devices that you can use and you can turn on a hotspot that says free Wi-Fi.

Speaker 2 7:26

Right and then people and we were demoing this recently at an event turn it on and then people start they're at this big live event for the chamber or whatever, and they click free Wi-Fi assuming it's the provided, we've free wi-fi. And as soon as you come, soon as you click to sign in, it comes up with your gmail sign in and the moment you put your username and password in, it goes into the little device and the hackers on you.

Speaker 1 7:53

They have your information yeah, yeah, I've learned about that. I mean, I never used wi-fi in airports for that reason or stuff like that yeah. Get a better data package, if you can Right. You can be literally those hotel Wi-Fis when you're traveling Hotspot or have a VPN.

Speaker 1 8:08

Yeah, and I mean at home I have I mean again, I know very little about this and that's why we have you here yeah, but I do have like an aero wi-fi hotspots, like so eastlink set it up in the house. It's aero internet or aero wi-fi. Yeah, and I'm surprised when I look up, that it does a certain amount of scans for viruses and phishing and like every week at my house I mean that thing is is identifying, you know, basically phishing or whatever in my, you know, on our own internet connection. And wow, you know, we're not really using it for a whole lot, right, like we're using it primarily for, like, the netflix and the amazons and the stuff like that, right, the main social apps. I don't think anyone around is really going too far into the dark web, right no, no, but it's still like it's still out there.

Speaker 2 9:19

It's so prevalent on almost everything you look at well, it's nice that you have a device like that, because some of the providers, uh, that I've seen don't right. And and I like to explain when I'm talking about cyber, it's not just the, the main entry point. It can be what your colleague does remember that tv show, the weakest link? Yeah, well, it's just one person that can cause so much damage and and that person that normally would not do anything if they're having a bad day, how many times have we had a bad day and we've done something we normally wouldn't have done because we're tired, right, we're tired.

Speaker 1 9:57

Yep, yeah, yeah, yeah, a little lapse in judgment.

Preventing Cybersecurity Risks in Businesses

Speaker 3 9:59

Yeah, yeah, yeah so who, who, in your opinion? Who, would you say, is like kind of like the bigger target, like the big guys who have lots of technology and, you know, lots of money equally, but they have lots of tech, they have a staff to combat and all this stuff? Or the one person operation, or you know, like those smaller operations that may not have the resources, the tech and all that stuff behind them but don't have the money to quite be worth it to attack?

Speaker 2 10:27

See, a lot of times we think that the hackers are targeting a specific niche. And yes, they are.

Speaker 3 10:39

Because there's spear phishing and all that stuff.

Speaker 2 10:41

But a lot of times they're just casting a wide net out into the digital frontier and whoever clicks on it, they own you. I have an example of a man, a small business, that lost $30,000 because he fell victim to a scam. What happened? Because he fell victim to a scam? To what? What happened? It was a. He got this conversation that came up. He clicked on something hey, time to invest in bit mining Bitcoin. You can double your investment. He got on the phone and the person was really convincing. He knew a little bit about his investments and then he actually had him invest $20,000. And then he called again a week later hey, we have another opportunity for $10,000. When I found out about it, I was speaking with his daughter. I said tell him to stop. And when he tried to get the money removed, he had to pay $10,000 to get access to it.

Speaker 1 11:53

So it was gone, it's gone.

Speaker 2 11:55

Nothing, that's a man.

Speaker 1 11:57

So you just wired a stranger 30K. But I mean, the technologies are there now AI.

Speaker 2 12:03

You can impersonate someone. That's right.

Speaker 1 12:05

You can sound so knowledgeable over the phone, deep fake technology right Like you could really. And how hard is it to have a conversation with somebody and believe they're genuine?

Speaker 2 12:13

Oh, very easy. Yeah, ai is the new trend.

Speaker 1 12:19

And like social engineering I mean that word, I think, is underutilized, because it's now exponential how social engineering was 10 years ago. I remember when I was at a job I had before I was in the insurance business, I got an email one time and it was just a very generic spam one and it was like we've seen you, mr Tobin, doing things in front of your computer. Yeah, yeah yeah, and I was like whoa For a second of your computer. And.

Speaker 3 12:44

I was like whoa and I'm like wait a second, this is my work computer. I want to do nothing in front of this computer and then I wised up to the fact right.

Speaker 1 12:53

I was like there's no way. I've never done nothing in front of this computer. What am I worried about Then? It did not become an issue when I thought about it for a second, but this was where it was that moment of anxiety that moment of that

Speaker 2 13:05

moment when you're vulnerable and then you, and then you may do something in a few minutes where you do something, and then, if you walk away and you think about it half an hour or 10 minutes later, yeah, wait, yeah it doesn't, but now it's like the movie inception.

Speaker 1 13:19

so say that was a mild layer that I got through very quickly. I mean, today it's almost like you and I could have a total conversation, even when we introduced you and talked about you coming on to this podcast. I could have just done layers of deception by researching you and knowing who you were and then realized that I would say, oh geez, brett, yeah, just wire me $1,000 and we'll see you there. And the next thing you know, you got hoaxed.

Speaker 2 13:45

Oh yeah, and that's happening even on smaller scales. I mean, we all hear about people being taken advantage with Facebook Marketplace. Yeah yeah, pay me the $100 for deposit and then you go to the place to pick it up. Oh yeah.

Speaker 1 14:04

Nothing yeah.

Speaker 2 14:04

It's just not. Yeah, it's crazy.

Speaker 3 14:08

Yeah, nobody gets my money before I get the stuff. Yeah, that's smart yeah 100%.

Speaker 2 14:12

You always have to question everything, if there's anything that we can learn from drug dealers.

Speaker 3 14:18

Make sure that the money's there before you get the stuff.

Speaker 2 14:22

I want to see the goods before I give you the money. That's right.

Speaker 3 14:25

Yeah, so okay. So for yourself, maybe you can explain to people like what exactly is that you do and how you help people.

Speaker 2 14:35

So we really believe and this is our mantra security first and, like I was saying recently, you can't prescribe without a diagnosis. You know you don't go to a doctor and they just say I got a headache.

Speaker 1 14:54

Sorry not to interrupt, but do they come to see you when there's a problem or do you help with preventive measures?

Speaker 2 15:00

Both but, generally, I have a conversation with a business owner and say, hey, we need to talk, let's have a conversation. Sometimes they come to us and we say, look, let's look at what's going on here from a business perspective, because look what happened like pharmacy organizations that we support. Look what happened in Western Canada Abundant Drugs was down.

Speaker 3 15:29

And even.

Speaker 2 15:30

Sobeys was down. Okay, so it all starts with us doing a cybersecurity risk assessment and we do that engagement. We put some tools on the computers, we test and see if there's any vulnerabilities in the systems. We check the dark web, we phish their staff and we check for just the overall health and integrity of the network. How old are your computers? Are they patched?

Speaker 1 16:02

Updates being done on a regular basis. That's huge with corporate, because the corporate computers are usually behind even your home computer.

Speaker 2 16:10

How secure are they? I don't want to get too technical, but are you allowing everybody is at the wild west on your network? Are you allowing everything to run? Are your backups secured off-site? Because when you get hit the first thing, what do you think the hackers are going to go for? They're going to delete your backups, and then we check to see if your Office 365 or Google Workspace is actually being backed up, because a lot of times we think, oh, it's in the cloud, we're okay, but no, it's not. We need to have a layered, a multi-layered approach to cyber is the best way. It's the only way so would you.

Speaker 2 16:49

So you would encourage people like businesses to have, uh, not just update like backup in the cloud, but also backup on a hard drive uh, if you're doing backup on a hard drive, the reality is, if you're going to do that, you want to have an encrypted hard drive. I can't tell you how many times I've heard of somebody losing a hard drive. And you've had your digital kingdom and somebody can just come into your office and take that drive and get at everything.

Speaker 1 17:19

Yeah, and that's another cybersecurity, a more physical thing but, it's still cybersecurity 100%.

Speaker 2 17:24

Yeah, it's all related.

Speaker 3 17:25

What's the best way to back things up, Like if it's just in the cloud. But what's another way to back things up outside of backup on hard drive, backup on cloud? What's another way of doing it?

Speaker 2 17:34

Well, if it's emails, if you want to get really simple, for a second email if there's 10 or 20 emails that you want to really keep. Have another email that you forward that email to. Oh, okay, that's just a basic, but make sure the non-negotiable today that everybody needs to be aware of two-factor authentication on your email.

Speaker 1 17:58

Yes, yeah, I do that on everything. Some people are not. It's a pain in the ass, it's a pain but, it's a nice pain in the ass.

Speaker 3 18:06

Yeah. What's worse is what could happen if you don't have it Right.

Speaker 2 18:09

Right, well, and we know we have. We put tools on our clients that we know when somebody's trying to get in, and so we have a client in northern Canada, and when we first brought them on board, we saw that there was over 20 times a minute that somebody was trying to get into the mayor's email. Oh, whoa interesting, yeah, yeah. So what we did is we put the other layers on conditional access. Don't let anybody in from outside of Canada.

Speaker 1 18:39

Get two-factor authentication on yeah, and you guys provide software and stuff like that to help people along as well as practical kind of preventative measures. Is that kind of right?

Speaker 2 18:51

Yeah, yeah, we put the tools in and we manage it for the client and we provide help desk services. So if you're a manager and sometimes people are trying to do things themselves, fix issues, we take care of the help desk. The printer's not working, manage the cyber. If you need to get your Sage 50 updated, we help do that and the nature of one of our tools that we use actually the clients have to raise a ticket with us to allow the update to go in, because we have this special tool that blocks any updates from being installed in the first place, like third-party software, because sometimes these need to be tested and managed.

Password Security Best Practices

Speaker 1 19:36

Right. So yeah, your QuickTime or whatever it could be on your desktop trying to do an update, you prevent that.

Speaker 2 19:43

Yeah Well, quicktime generally goes through, but Sage 50, for example, some of these software vendors we actually make a window and allow that.

Speaker 3 19:52

That's smart, yeah. So I mean, like obviously this has changed over the last like 10, 20, 30, whatever years. Cybersecurity and everything what kind of inspired you to get into like this type of stuff? Like did you, you know, because you said you've been doing for 25 years? I think is what you said. So I mean we're talking like you would have got in if you know this would have been. Was it? Was it? Uh, y2k that got you inspired, because we're 25 years ago was like that kind of thing.

Speaker 2 20:20

So my journey, my journey in a nutshell. I was uh, I was working for a great company, a construction fabrication company, as their IT person.

Speaker 3 20:28

Okay.

Speaker 2 20:29

And regional leader in construction fabrication, great company Set the foundation for me. I saw elements of it back then, but when I started my company in 2010, I started seeing, okay, we need to do a little bit more. I started seeing, okay, we need to do a little bit more. But when I really looked deeper, a number of years four or five years ago I joined a network of cybersecurity professionals worldwide and we meet every day I actually have a meeting today, mastermind and we talk cyber.

Speaker 2 21:00

Oh cool and I was on a call last night talking about cyber at 9 pm, so you live this stuff every single day.

Speaker 1 21:07

We do, but you have to because it really catches up every single day, right?

Speaker 2 21:12

So we're constantly improving our skill set, but also knowing okay, what's the next threat. Right and so that's why I did it. I seen that what we were doing was not enough, that what we were doing was not enough, and when you see an antivirus on a server and something comes on and you thought you had the best protection and the vulnerability, just looked at that.

Speaker 3 21:37

Ha ha ha, spider-man boom and it just encrypt the hard drive.

Speaker 2 21:41

So, what we need now is these other layers, and so I was saying at a recent conference a security operations center is one of the things we use which augments our team. We had an organization in New Brunswick that had an attack on their production line and it encrypted the production line, shut it down. We were able to clean that up. That's when we came in and we started implementing the elements of cyber.

Speaker 1 22:09

Were you able to figure out where those folks were from?

Speaker 2 22:12

No, but I know how they came in. I'm quite confident they came in through the vendor's third party tool. This is why we have to check our vendors Interesting.

Speaker 1 22:22

This is awesome to know.

Speaker 2 22:23

TeamViewer. The vendor used TeamViewer and they had their aspect secured, but they didn't do the extra element of blocking it just so that they could do it. So somehow the hacker got access to the ID and the password and they got in Wow and they encrypted it. Now we put the elements of cyber in after that cleaned it up and we put it on everything.

Speaker 1 22:48

And that ID and that password. It's so simple to say. But think about this. Go back to the story of the human being that went home that weekend, uses the same password for their Netflix had their things shared and then they go to work that week later and they use that same password and they just connect. Oh dude, this guy works from here and he works with this big company, and they just copy paste and they can find out all that by researching you on facebook and linkedin, where you work so right I.

Speaker 3 23:32

I don't know if I shared this before or whatever, but my passwords that I use now. Did I ever tell you what I do with this, matt?

Speaker 1 23:38

conrad one, two, three, yeah, everything he does. Yeah, no, you know what you?

Speaker 3 23:42

you know, I decided to do like you know, we, you know we're in insurance and we are in cyber insurance and we have to face some things, and you hear some crazy horror stories, which we'll get to in a minute, yeah, um. So now what I do is every time I need to do an update, and what I've been doing this whole year is, uh, I've been putting in a lyric from song, from a song that I heard on the radio that morning. Tell them, it's a terrible idea.

Speaker 1 24:06

Yeah.

Speaker 3 24:07

It's not because it can be so random.

Speaker 2 24:10

I want you today to go to the website, use a passphrase and put one of those passwords in that you use and see how long it lasts.

Speaker 3 24:18

Okay, okay, yeah.

Speaker 2 24:19

What I recommend whenever you can.

Speaker 1 24:22

What if you go into the website? You've got a site where you can see how shitty your passwords are. Yeah, okay, but we train people, you guys have that.

Speaker 2 24:28

No, there's a website that we use as part of our onboarding. We recommend a password management tool.

Speaker 1 24:32

Yeah, yeah, yeah Okay.

Speaker 2 24:34

A keeper is one we like, but we train people with the password management tool to use a passphrase four letter, four words, and when you use four words like everybody loves spider-man dancing, that's a 600 century password to hack. Okay, okay. But if you use a password like what do you mean?

Enhancing Password Security With Song Lyrics

Speaker 1 24:56

600 century password, you mean, because it's so long, yeah, so long with the spaces and everything it would take 600 years to figure it like a computer because of the length of it, and the audience would take it.

Speaker 3 25:06

But here's the thing, though if you do that, though, but if I like, if I'm sitting there and, like you know, matt's driving, I gotta understand if I put, like you know, uh, you know my favorite song, or something like that, if I was like metallic girl yeah, or whatever like.

Speaker 3 25:17

If I put like metallica 1985 because it's like a favorite band of mine and my. That's different. But if I'm driving in on and I hear on the radio and I hear like a taylor swift song, I will sometimes and I don't, I don't like taylor swift, right, I like her music, okay, but I I might use that and I might. I'm you know, I don't know, I can't even think of a taylor swift song, but it's shaking off 2400 baby exclamation.

Speaker 2 25:42

yeah, guess how fast that Guess how fast that password would be. How fast? That would probably be hacked within two hours, really, yeah.

Speaker 3 25:49

Even though, like for me, like no one would ever guess that. For me, though, because it's not a song. But what if they're on your computer already and they've seen you putting the keystrokes.

Speaker 1 25:59

What if you?

Speaker 2 26:00

have like a phrase.

Speaker 1 26:01

Can't. They do that anyway, though, but you mix it with capital, lower letters and symbols. So if you say like I don't know, just like say okay, so drop it, like it's hot. But you go capital D, then lowercase r, then a zero for the o, then a p, then a three, and then you kind of redefine the language like a serial killer. That might get you to two weeks to three weeks.

Speaker 3 26:25

That would get you better. So why would like dance Spider-Man?

Speaker 1 26:29

Boogie. Whatever, don't use that password. Why would that be better, though it's better because, it's super long, super long spaces.

Speaker 3 26:35

Yeah, I know, but that's what I'm saying, though. When I do a song, so like I would go on there and I would do like Whitney Houston's, I Want to Dance with Somebody. Yep, isn't that a long password, though, put?

Speaker 2 26:46

some spaces in it and it'd be even better.

Speaker 3 26:48

Yeah, yeah, because no joke, that was a password of mine for like three months. I heard Whitney Houston on there and I was I want to dance with somebody.

Speaker 1 26:55

I know I used his Netflix. It's like I want to dance with somebody. That was my password. We were talking about it.

Speaker 2 27:04

What's your favorite song? Right my head, yeah exactly, but like that's.

Speaker 3 27:07

The thing is, like I would sit there and I like like the person who can sit there and hack in and sit there and go like matt's gonna like matt's passwords. I want to dance with somebody exclamation mark.

Speaker 1 27:16

But you gotta think of it less as like a person and more of a computer that can just do this right like. But it can, yeah, but if it does that.

Speaker 3 27:23

What's the difference if I use a a song lyric versus random whatever's? It's going to guess it anyway, yeah time, right I? I don't know this brett, but like my thought behind it is this I thought it was a good idea if I used a word.

Speaker 1 27:39

Words are easy. It would be easier for uh any kind of predictive algorithm to predict yes, right then then like a broken word. So if I said droid, the word you know, shout out to Star Wars right and said spelled the word droid peep poop as opposed to putting a zero one in the middle of droid Right Right. That would be harder to detect.

Speaker 2 28:00

I want to dance with somebody. Yes, five days.

Speaker 3 28:03

Five days Yep.

Speaker 1 28:04

Oh okay, put Five days. Yeah, oh okay, put it in there. Yeah, I want to dance with somebody. What's the name of this?

Speaker 2 28:08

website. Can you say it in a way Useapassphrasecom?

Speaker 3 28:12

Useapassphrase. I'm totally checking that out. I am going to like seriously.

Speaker 1 28:15

That'll be a good drinking game. I'm like.

Speaker 2 28:17

I got a 28-day password.

Speaker 3 28:20

Seriously, it's the first three pages. You'll never guess it. Leviticus 17, verse 20. I'm gonna try that later. That's cool that's a really cool thing yeah, okay, so yeah anyone listening. Definitely do that, because that's a, that's a whole lot of fun.

Speaker 1 28:40

So we're actually getting a shorter time, man, yeah, can we?

Speaker 3 28:44

like I like, maybe give like one like crazy horror story, that story that you have for cybersecurity, and then we'll get into our 10 questions.

Speaker 2 28:51

Sure, Okay so, this happened recently, so on average, hackers can be in your network for 120 days.

Speaker 3 29:01

Okay so remember that Okay.

Speaker 2 29:03

Whoa, okay. So I was at the gym and I was working out and I got a message from a client a former client need help. I called the person and you could sense it in them. Something happened. So I said look, I'm going to come and see you. They were five minutes away, so I came up. What happened? So the person had received a phone call and it was Gosha Bank and they said hey, I have the owner on the phone and we're talking about this deal. This deal and this deal had all the details. Okay, knew everything. All we need is the key fob so we can get into the bank. Okay, wow, okay. $400,000 later, woo, okay. By the time they realized it was the next day, called the bank. The bank was able to recover 200 000 um, and I don't know about you, but most businesses don't have that much money to lose no, that's, the banks do, but no, not not regular business and and and why I'm doing this.

Speaker 2 30:24

A lot of people you know, for the businesses I support, some of the people are living from two paychecks from going homeless, right, okay, so they got two hundred thousand dollars back. That was the horror story, the most recent horror story, and what I advise them to do with this organization is going forward. If you're going to do anything financial, have a code word between each other, okay, and don't do anything unless you see each other eyeballed.

Speaker 1 30:58

Like a safe word. A safe word, bluffy kitty.

Speaker 3 31:04

Like soft kitty.

Speaker 2 31:06

But that's the best piece of advice. Uh, if anybody all of you get that safe word, uh in your organization that's that one you take, because with ai now I used to say eyeball to eyeball, but now with deep fake right. Yeah, that's right so take that to heart everybody, please. Yeah, that's great advice.

Speaker 3 31:26

Yeah, the um, yeah, yeah I think that's really good advice, especially because I know some companies or some people, entrepreneurs and things like that. They'll think, oh, you know what, that's not going to happen to me, that happens to the other guys. Or they might think, oh, I can't afford cyber insurance, I can't afford a cyber expert insurance, I can't afford a cyber expert. But in the end, if it happens to you, you wish you could have afforded that, because even if it costs you $1,000, $2,000 or something like that to have cyber insurance, to have a cyber specialist, $200,000 is Well and what's happening, the trend that's happening.

Speaker 2 32:04

Your vendors are going to start coming at you and saying what are you doing to manage your cyber? That's right. And if you don't and you guys are in insurance, so you know if you did apply for cyber insurance and you're not doing what's necessary, they're going to deny the claim. And the insurance industry to get cyber insurance. Before it used to be two questions Do you have antivirus and backup? And now we're seeing cyber insurance.

Speaker 1 32:34

Oh gosh, not now.

Speaker 2 32:35

No, sometimes one vendor from one year. They went from three pages to 11 for getting cyber insurance 100%.

Speaker 1 32:43

Yeah, so that's the reality Way more understood now and the risk is way higher. Yes, right, so protecting the risk is way higher.

Speaker 2 32:48

Yes, right.

Speaker 1 32:49

So protecting yourself first is number one.

Speaker 2 32:51

Oh yeah, and if you're casual about this, you become a casualty.

Speaker 1 32:54

Yeah, and even at your home. Like you know, this is a show about. We talk about business a lot, but in your own home, right? Don't be too casual about your Netflix password.

Speaker 3 33:01

Don't be too casual about the 20-year-old Gmail, Because that has your credit card information Gmail password right.

Speaker 2 33:06

Two-factor authentication on your banking at home. Guys, everything you do now has so much information, so much more than you even know those cookies.

Speaker 1 33:12

they mean a lot right. They're not just delicious little morsels, but Brett back to you. If people follow you on LinkedIn, you do a webinar like almost every Thursday. Is that correct?

Speaker 2 33:24

We're launching. We're going to be launching again we Thursday, Is that correct? We're launching. We're going to be launching again. We've been just putting our best content out. Sure, I'm not only just talking about cyber, I'm just talking about things that are on my heart.

Speaker 1 33:35

Yeah, for sure yeah, and I took some time to follow you on LinkedIn and I mean it's pretty interesting right. I mean you know, Cyber Sweetest Chef.

Speaker 2 33:42

Did you see that? I saw this. You did a Cyrus.

Speaker 1 33:45

Rice chef one day. We actually. I've included some of that into my 10 questions here because you know I went on the dark web and researched you a bit there. But anyway. So, without any ado, let's kick off these questions here, and Matt, you want to do the first one.

Speaker 3 34:00

All right, I'll do the first one. All right, so we know you're a big Star Trek fan, so if you could spend an afternoon with Spock and you planned the day together, what would you do?

Speaker 2 34:12

I take him off into the woods to Peabody Lake. We go canoeing and fishing. All right, that would be pretty logical.

Speaker 3 34:18

No mind meld or anything that would be the day Spock found emotion.

Speaker 1 34:25

He'd be like this, is beautiful, that'd be great yeah. There you go. All right, that's a good answer. Okay, question two. Okay, question two.

Speaker 3 34:35

It is your last meal you're gonna die the next day. Sorry, uh, what would?

Speaker 2 34:38

you order like a last meal I would, or I would love to have my mother's hamburger goulash.

Speaker 1 34:46

Oh, okay, yeah.

Speaker 2 34:47

Amazing yeah.

Speaker 1 34:48

Good answer yeah, all right.

Speaker 2 34:50

Question number three yeah, of course.

Speaker 3 34:53

Question number three On your LinkedIn profile, you pride yourself on being a scout leader, yep. So what's the number one lesson you wish you could teach to all the youth growing up if you could?

Speaker 2 35:04

Be prepared and just be the best version of yourself and treat people with kindness. Be a better person, be, I tell kids. You have so much potential you don't know how much you're capable of and just push yourself a little bit and grow, because you can do it. Yeah, awesome.

Speaker 1 35:25

Okay, Scenario Yep A hacker gets your password vault. Hacker gets into your password vault, now having access to all your social media accounts, and they are posting terrible things, asking your colleagues for money and are damaging your character. What's your next step?

Speaker 2 35:44

Can I call a friend? No. Next step is because I had two-factor authentication on and I had my recovery. I immediately get in and try to reset my password, reset my 2FA and check and see if I can see who those guys contacted and I would call them.

Speaker 3 36:08

Okay, I would call them.

Speaker 2 36:11

I don't want them to have any damage.

Personal Insights and Reflections

Speaker 3 36:13

And before we ask the next questions, I got a little bit of a side question for this one. You see that often where people say, oh, I got hacked on Facebook and whatever, and then they send messages to people that you know and everything. Yeah, I like to waste those people's time Me too. Okay, so is there?

Speaker 1 36:26

I like to waste those people's time me too so okay.

Speaker 3 36:28

So is there any threat to me like doing that, because?

Speaker 1 36:29

like no, okay, good what does it get pissed off at you because you wasted their time?

Speaker 3 36:32

no, but like I had one person who was like heckling the hacker click, click this link and, like you can like apply for like ninety thousand dollars for funding or whatever, and it's non repayable, blah, blah. And I would say to these people it's like great, you know what, I know what I'll do, that you send me 20 grand and then when I get mine on here.

Speaker 2 36:50

I'll give you 40 grand. You'll double your money.

Speaker 3 36:53

And then they're like no, no, no, Just click on the link and you'll get it all. I'm like yeah, yeah, yeah, but you send me 20 grand now.

Speaker 2 37:09

And I'll talk to them, for like to do so. Wasting their time is not a bad thing. It's a nice pleasure sometimes.

Speaker 3 37:13

I agree, All right. Question number five. So who would you like to see win the next federal election?

Speaker 2 37:20

Oh, I learned a long time ago from David Foley, who I have a lot of respect for.

Speaker 3 37:26

Dave Foley, who I have, a lot of respect for.

Speaker 2 37:28

Dave Foley. All right, he owned a convenience store and he said Brett, I learned a long time ago never to talk about politics.

Speaker 1 37:33

Take a sip of your drink, my friend, yeah you can take a sip.

Speaker 3 37:35

You know what he goes, I learned that.

Speaker 2 37:38

but you know what I believe there's a need for change and every now and then it's time, it's time, need for change and every now and then, you know it's time, it's time for a change.

Speaker 3 37:51

That's fair. That's fair, I do feel it's 10 years. People get stale yeah.

Speaker 1 37:55

Okay. Next question If you had a rap name, like you were a rapper, okay, came out tomorrow. You had a name, what would your?

Speaker 2 38:02

rap name be DJ Jazzy Brett, the Hitman Guadalupe.

Speaker 1 38:10

It's not a password. His rap name is as long as his password Okay, dj Jazzy Skilt Master.

Speaker 3 38:17

Oh, I like that. Dj Jazzy Skilt Master, fantastic, all right.

Speaker 1 38:21

All right yeah.

Speaker 3 38:22

Okay, question number seven. So what is your or a favorite, or your favorite band or artist?

Speaker 2 38:32

you know, jeff daniels. Oh, okay, you know, did you the actor?

Speaker 3 38:39

yeah, yeah, of course I. He's a country singer or something, isn't he?

Speaker 2 38:42

I download. I heard him play on kelly clarkson, yeah, and I downloaded everything on spotify and my wife and I the music like I I. We drove through denver of colorado, my wife and I, this summer. Yeah, and I had that on my playlist. I listened to that twice and I listened to might listen to a bit on uh when I'm driving.

Speaker 3 39:02

It's great oh, it's great funny too, that's good.

Speaker 2 39:06

Question number eight Me yeah, if you could travel to any time, past, present or future. Where would you go and why 1955.?

Speaker 3 39:18

Marty, don't do it.

Speaker 1 39:21

That's a great answer.

Speaker 3 39:22

That's a great answer. Actually. That's great.

Speaker 1 39:24

You're knocking these out of the park, by the way.

Speaker 3 39:27

All right. Question number nine, mr Kids. Why do you have a clipboard cutout Of the Pope in your home?

Speaker 1 39:36

You have a cardboard cutout Of the Pope in your home.

Speaker 2 39:39

There's three things in my office.

Speaker 3 39:41

Behind me.

Speaker 2 39:43

Spock was put in my cart Seven times by my son and then I finally decided to buy it. And then I said Spock was put in my cart seven times by my son and then I finally decided to buy it. And then I said Spock needs a friend. So I decided I'd get the twin powers, spock and the Pope. And then another thing right behind me is I have an airplane, a model airplane from Mike. Mike was one of my greatest techs and he passed away over six years ago and he always wanted to be a pilot.

Speaker 1 40:14

And.

Speaker 2 40:14

I keep that playing and I think about Mike all the time and I'm so grateful for Mike Cool.

Speaker 1 40:20

Awesome, mike was great. That's nice, that's awesome. Last question you really kind of answered this in question three about the scout leaders, and I respected your answer. So you talked a little bit about kindness and that's actually the number one answer on this show for this question. But maybe you can give another version of that answer. So what is one thing everyone in the world can do to make it a better place? Like one thing everybody can do to make the world a better place.

Speaker 2 40:48

I really think and I've had so many instances of this reach out to somebody a loved one or even somebody you know and have a conversation and just do it today and say how are you doing? I was thinking about you and I appreciate you so much, who you are and what you do. You bring so much value. People need to hear that more. I've done that a few times and I'm trying to do it more often and the effect that it has on the person but not only on the person, but on yourself how you feel. Yeah, yeah, oh, my goodness.

Speaker 3 41:22

It's the greatest. It's a beautiful answer. Yeah, you know what I really like that. Because you know what I really like that? Because I heard a quote a couple years ago. It said all the nice things you say about somebody at their funeral. We should be saying that on their birthdays.

Speaker 2 41:35

Yes, right To tell them. And what you notice, there's a man that I buy placemat ads from and I decided I just started doing this randomly and I messaged him. I sent him an email. I said you know, james, I really appreciate what you do. You're always looking out for us. You do do so many great things and your heart's in it, and I appreciate what you do. Two days later he sent me back a message. He said, brett, you don't realize how much you've been used by God. I was feeling this a little bit of worthlessness and all that. And you sent me this beautiful message and I felt so great that I impacted his life, lifted his spirit.

Speaker 3 42:17

And I said what was true.

Speaker 2 42:19

And I felt good because I knew it was appreciated and made a difference in his day.

Speaker 1 42:23

So many people nasty this and they're transactional and you just went back and shared some love to somebody.

Speaker 2 42:28

Yeah, it made so much difference, man, let's all do that, you know Well, cheers to you, brett.

Speaker 1 42:33

Yeah, cheers, I've got to say man, I've really loved chatting with you.

Speaker 2 42:36

Yeah.

Speaker 3 42:36

This has been great. You're awesome, thank you.

Speaker 1 42:43

Cheers and I definitely welcome you on LinkedIn because you have a great following there and you put a lot of good info on there, so please do that if you're listening to the show. Thank you so much to Great Roads Brewing for having us here. Thank you for listening to our podcast, if you're still here listening. Yeah, that's it, man.

Speaker 3 43:00

Cheers.