SipCyber - Presented by IT Audit Labs
SipCyber: Where Great Coffee Meets Essential Cybersecurity
What happens when a former special education teacher turned Minnesota State Cybersecurity Coordinator sits down with a perfect cup of coffee? You get cybersecurity advice that's actually approachable.
Jen Lotze from IT Audit Labs brings you SipCyber — the podcast that pairs cozy coffee shop discoveries with decaffeinated cybersecurity tips. No jargon. No fear-mongering. Just practical ways to protect yourself, your family, and your organization from digital criminals who want to ruin your perfectly good day.
What You'll Get:
- Real-world cybersecurity advice anyone can follow
- Coffee shop reviews and community spotlights
- Stories from someone who's been in classrooms, boardrooms, and government coordination centers
- A mission to make security everyone's job, not just the IT team's
From teaching special needs students to coordinating statewide cyber defense, Jen proves that cybersecurity expertise comes from the most unexpected places. And the best conversations happen over great coffee.
Perfect for: Coffee lovers, small business owners, educators, parents, and anyone who wants to stay safe online without the technical overwhelm. Let's get brewing.
SipCyber - Presented by IT Audit Labs
The Hidden Dangers of App Permissions & Single Sign-On
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Ever clicked "Sign in with Google" without thinking twice? You're not alone—but that convenience might be your biggest security risk. In this episode of SipCyber, Jen Lotze breaks down the invisible web of permissions connecting your entire digital life, filmed at Black Sheep Coffee in St. Paul, MN.
This is Part 1 of a two-part series on managing your digital risk profile. We're exposing how single sign-on creates a domino effect that can topple your entire online presence if one account falls. Plus, we reveal what apps like TikTok are really accessing on your phone—and why you should care.
Your Action Items:
- Deny unnecessary permissions on new app downloads
- Audit your Google/Facebook connected apps today
- Use unique passwords for critical accounts (banking, email, retirement)
This isn't about fear—it's about informed decisions. Does a video app really need your contacts and GPS location? Probably not. Learn to spot the red flags before you hit "Accept All."
Don't let convenience compromise your security. Hit subscribe for Part 2, where we dive into the global threat landscape and how businesses use white papers to define risk. Your digital safety starts with one simple audit—let's get started.
#AppPermissions #SingleSignOn #CyberSecurityTips #DigitalPrivacy #PasswordManager #DataProtection #CyberAwareness #StaySafeOnline
Hey there, coffee lovers and internet explorers. Welcome back to Sip Cyber, the podcast that's on a quest for the perfect cup of coffee and the simplest way to keep your digital life safe. Today we're kicking off a two-part deep dive into managing your risk. But don't worry, it's still going to be short. I stopped by a favorite spot today, Black Sheep Coffee in St. Paul, Minnesota. I'm fueling up on their strong espresso, incredible croissants, and delectable seasonal specials. This peaceful setting is the perfect backdrop for talking about something critical: the invisible web of permissions that connect your entire digital life. We talked about app permissions before when we discussed staying safe online, but today we're digging in much, much further. So risk number one, talking about the digital domino, single sign-on risk. When you log into a new app, a website, or a game, it often asks if you want to sign in with Google or sign in with Facebook or sign in with Microsoft. That is single sign-on or SSO, and it is a massive convenience. Single sign-on works well when the information shared is limited, but here's the catch. It also creates a digital domino effect. If one account is compromised, the dominoes fall and every linked account is at risk. This means you have two separate risk points to manage, starting with your connected accounts. Risk number two, the smartphone spy. The second risk involves what the app is doing on your phone itself. Let's look at a concrete example like TikTok. When you download the TikTok app, it needs your permission or rights to access certain things to work properly. This is that system prompt where your phone asks you to grant or deny access. So what specifically are the defaults? Well, by default, and depending on your device, TikTok requests or may gain access to the following. Your camera and microphone, necessary for video and photo creation and recording audio, storage and media files on your device so you can upload your own photos and videos and access your gallery. Location data, GPS, or approximate location may be requested for content suggestions or ad targeting. Your contacts and phone info, the app may seek access to sync your contacts or find friends, internet and network state, device information and usage data for app functionality, analytics, and personalization. And finally, third-party app integrations. If you link TikTok to another service, that service may view some of your public TikTok information. The reality is that every time you grant one of these permissions, you are increasing your risk exposure. Does a short-form video app truly need access to your contacts and location while the app is closed? Likely no. We often hit accept all, I'm guilty too, because we're eager to get to the content, but that habit can be dangerous. It's true, some apps won't let you use them if you deny a core function. For example, a camera app can't take pictures without access to your camera. But most permissions requested, like access to your contacts or precise location, are for convenience or data mining. If you deny those permissions and the app still works, you've won the game. If it locks up, you know that permission is required for that function and you can decide if that app permission is worth the risk. So, for today, your cybersecurity tip is about taking control of that risk. We need to start thinking of every new app as a new business partner, one who you should only give the minimal information needed to do the job. We want you to use minimum access for app downloads. When an app asks for permission, grant the minimum access necessary. If a weather app asks for access to your camera, deny it. It only needs your location. Then we want you to audit your single sign-on connections. So go into the security settings of your main single sign-on provider, Google, Facebook, whatever, and review the third-party apps and services you've given permission to. Delete all the apps you no longer use. That old photo filter app you used three years ago might still have the keys to your email. And then lastly, use a password manager for crucial apps. For your most critical accounts, banking, retirement, primary email, stop using single sign-on and use a unique complex password stored in a password manager. If your single sign-on account has a breach, I hate that word, I never say it, has a breach, these critical accounts will remain isolated and safe. Example, I don't know any of my passwords. I use my password manager for everything and it creates those passwords for me. I just apply it. Managing your risk profile by auditing your permissions is the essential first step in protecting your data. And protecting that data is what links us to our next conversation. Next time, we'll take the concepts of risk and expertise and dive into the white paper. If today was about securing your personal risk profile, next week is about understanding the global threats that businesses and government use the white paper to define. Understanding them is a key to managing your risks. Well, that's all for today's episode. Thanks for joining me on this trip to Black Sheep Coffee. We'll be back soon with part two. Until then, stay safe and keep sipping.