I was recently interviewed by Vivian Gaspar on her TV show “Stop My Crisis.” In this segment we discuss staying safe online, how small businesses and individuals are also prone to attack. Some stories about ransomware and other malicious software, and the prevalence of identity theft, especially in healthcare.
Vivian: Welcome to Stop My Crisis, I’m your host, Vivian Gaspar. And today here with me, I have Raffi Jamgotchian. And Raffi is the president of Triada Networks where he services technology and cybersecurity needs of boutique asset managers and registered investment advisors. Raffi is a Certified Information Systems Security professional. Thank you for joining us here today.
Raffi: Thank you, Vivian.
Vivian: People who are not business owners are going to wonder why they need you and your expertise. So, tell me, what does the general public need to worry about when it comes to cybersecurity? A few years ago, didn’t Target have a massive breach, right?
Vivian: And there are many companies that have large breaches.
Raffi: Yeah. I mean, every day, you hear in the news about new breaches happening all across the country and throughout the world. And so, 2015, which is what you’re talking about, 2014, that was the year of the retail breach. This year is now shaping up to be the healthcare breach. So, we’re… it’s going beyond, it’s everyday life, it’s something we’re going to have to live with.
Vivian: So, has… when you say the healthcare breach, didn’t I hear that Horizon Blue Cross also had a breach and Social Security Numbers were leaked?
Raffi: Yeah, Anthem Blue Cross was a huge massive breach, the largest one in New Jersey history. But however, the… further breaches are occurring with especially the hospitals now. We had a hospital down in Washington, DC that was shut down for weeks.
Raffi: because of ransomware. So their data was being held ransom. They had… were required to pay a fine… not a fine but a fee to get their data back, and it actually shut the services down for the hospital.
Vivian: Would ransomware attackers only look seek to hurt large companies? And why should the individual care about that?
Raffi: Absolutely not. Ransomware actually started out mostly as a problem that individuals were facing; small mom-and-pop shops… your own personal computer at home.
Raffi: Absolutely, yeah.
Vivian: This is not just for the large multimillionaires? It’s not like a Trump problem?
Raffi: No, not at all. In fact, they do a spray and pray. They spread out their emails across multiple people, multiple just like you get everyday… any other kind of spam. All they need is a few people to click on it and then they can monetize it right away.
Vivian: What does that mean, ransomware?
Raffi: So, basically, what they do is you’ll get a notice on your computer that has a big red sign or whatever that says, “Your data… your data is secure.” And what they mean by secure is they’ve now encrypted your data, they’ve scrambled it with a key that only they have. And in order to get that key back, you have to pay them a ransom.
Vivian: Well, here’s my question. Let’s say someone utilizes something to the effect of Dropbox.
Vivian: Okay. And let’s say you’re really good and you keep everything let’s say your Google Drive or Dropbox… or Dropbox or something to that effect.
Vivian: Does that help protect you against that or not?
Raffi: Potentially. If you use a service like that, they tend to have the versions of your… of your programs. So, you will see, if you know you got hit at 2 o’clock, you can recover your data prior to 2 o’clock by going to Dropbox or Google Drive and recovering that information. So, good backups are the best way to protect yourself against that.
Vivian: Would that also stand to reason with another system such as a Carbonite or something to that effect? Is that the same thing?
Raffi: Absolutely. In that case, you would use Carbonite for the same way.
Vivian: So, you don’t have to worry about paying the ransom?
Raffi: Not necessarily, if you have good backups.
Vivian: Okay, so if you do it, you’re safe?
Raffi: Right. So, we have… I’ll give you a tale of 2 different companies. Both of them accounting departments, both of them with someone who clicked on the link in both cases. One had good backups and was able to recover their data and minutes. The other one contacted us and unfortunately, their backups hadn’t been working for 2 years. So, unless your…
Vivian: 2 years, no backups?
Raffi: No backups for 2 years.
Vivian: And this is a company?
Raffi: This is a company. And so unfortunately, they lost 10 years’ worth of records, not only just the 2 years that they weren’t backing up but even prior data for that.
Vivian: So, wait a second, I’m thinking if I’m the company, and they had all this information for 10 years, did this company have employees?
Raffi: Of course.
Vivian: So, how many employees did you happen to remember that they had?
Raffi: They had 12 employees.
Vivian: 12 employees. Couldn’t that bankrupt the company?
Raffi: Potentially, absolutely.
Vivian: So, now those 12 people could be out of work, and not to mention the owners of the company could bankrupting them and hurt their family.
Vivian: So, this is something that’s a problem for everyone to care about.
Raffi: No doubt, no doubt, small and large.
Vivian: Wow. I didn’t realize this is so prevalent. Give me another example of why a cyber-breach, for example, you had said Anthem Blue Cross Blue Shield. People who think, “Oh, well, that’s a huge company. Why should that affect my life?”
Raffi: Well, it’s…
Vivian: Why does it matter to a regular individual?
Raffi: The individuals are the ones that are affected in that case.
Raffi: Well, it’s their data that’s getting lost.
Vivian: So, what does that mean?
Raffi: What for example, if a… if Target gets breached…
Raffi: … we’ll use Target as an example. Target gets breach, it’s your payment card information, it’s your credit card information. That’s about 86 of what identity theft is, is… is payment card information.
Raffi: People who are taking over their accounts and then reusing it, creating new bank cards, etc. Healthcare records, can’t get new healthcare records because…
Vivian: That’s worse than.
Vivian: Because if someone pretends they’re you and they utilize your healthcare information… so, hypothetically, let’s say you’re a perfectly healthy individual.
Vivian: And the person who let’s say they have cancer or some kind of severe illness, wouldn’t they want to infiltrate and say they’re you and get now health insurance coverage that they couldn’t otherwise afford?
Raffi: Potentially. And not only that, they can use your information to get new pharmaceuticals…
Raffi: … and then resell that on the black market.
Vivian: Oh, it’s much worse than that.
Raffi: Absolutely. And now… or use that as potentially a way to extort you out of other information if they find out something that maybe you didn’t want other people to know about.
Vivian: Such as any other ideas?
Raffi: Well, if you… if you have certain illnesses, it may be something that you’re not… don’t want the public to know. And now they’re… now they’re potentially leaked and use that as a way to extort money out of you.
Vivian: Okay. So, is someone else… what other ways can someone have jeopardy from, you know, the malicious people in the world who are doing this kind of cybercrime?
Raffi: Well, I mean, there’s a couple of things that you can do. I mean, the first thing is to really do good hygiene, computer hygiene.
Vivian: What is computer hygiene, brushing your teeth?
Raffi: Absolutely. Everyone has to take… just like you take showers every day, you really should do certain things every day to keep your… yourself safe. One example is when you’re at a coffee shop, I was at a Starbucks up the street today, you don’t want to use that network to browse your banking information or even potentially going on Facebook because now, somebody else in that coffee shop can gather information about you.
Vivian: Why Facebook? How could that be a danger?
Raffi: Facebook has potentially a lot of information about you, personal information that they can use either to steal more identity information from you or potentially your loved ones.
Vivian: So, then my question is going to be, if you’re sitting at Starbucks, instead of using their internet or Wi-Fi, would it be better to use your hotspot that you get from your cell phone to connect that way? Is that more secure?
Raffi: Yeah, there’s 2 ways you can do that. Absolutely, a hotspot is 1 excellent way, which is a great, great example.
Vivian: And if you have to go check your banking, for example…
Vivian: … that’s more secure?
Raffi: Definitely. Yeah, that’s much, much more difficult to… to break into. Another possibility is to use something called a VPN software. They are free and inexpensive ones.
Vivian: That’s a good price tag.
Raffi: Free is always great. And that… that are available that people can use in order to cloak their activity while even in a public place.
Vivian: Is that easy to find out on? Like, for example, can you go on YouTube and find out how do you do that?
Raffi: Yeah. How do you use a VPN or a personal VPN.
Raffi: Yes, absolutely, yeah.
Vivian: So, this is great information. Well, my last thing is, is there something else that someone could do that’s not related to being on their computer but also protects their identity?
Raffi: Sure. I mean, we… just like you do online, there are lots of other things that you can do offline as well.
Vivian: Such as?
Raffi: For example, you actually gave me this idea, not using your own address on your bills… bills as a way to prevent people from finding out about you. Another thing is to make sure that you’re using… you don’t put in your address on your GPS, for example. So, one… one…
Vivian: As home.
Raffi: Yeah, exactly. You get in your car, you press home, you pull up, you hit the garage door opener and now you have full access to the person’s home.
Vivian: Oh, that… now you’re giving easy access to potential burglars.
Vivian: And who knows what else they could do if they surprise you when you’re home?
Raffi: Right. Give the address to the guy down the street.
Vivian: Or you’re even you’re 2 doors down next-door neighbor, you know where you live.
Vivian: And so, how about reverse lookups? So, if someone, they use a lot of your cell phone numbers for a store membership, you know, they always say, “Oh, for you discount it, buy the Barnes and Noble or Shoprite or whatever.” A lot of times, they could put it in the keypunch.
Vivian: But sometimes, they still ask you out loud, “Can you just give me your phone?
Raffi: “Give me your phone number,” right? And you don’t…
Vivian: The guy behind you online…
Vivian: … can hear about that as the reverse lookup.
Raffi: Your shop… right, and yours… you don’t have you… your price postcard or whatever, you give them the phone number, right?
Vivian: Whichever store, yeah.
Raffi: Exactly. So when… when you’re… that’s definitely a way that people can find out more information on, not only that but as well as email. People… you see all these forms out in the mall, “Sign up for this subscription or sweepstakes or win this boat or motorcycle or whatever.” Those are, first of all, you’re going to get spam. After you get that…
Vivian: They’re scammers, aren’t they?
Raffi: Absolutely. And then that’s a great way to get more information about you. There are entire books that you can find on Amazon on what’s called OSINT, which is open source intelligence, and it is a way to gather information. People use it for marketing purposes.
Vivian: Wait, say that word again?
Raffi: Open Source Intelligence.
Vivian: No, no the…
Raffi: OSINT. O S I…
Vivian: O C E N T?
Raffi: O S I N T.
Vivian: O S I N T.
Vivian: Oh, okay.
Raffi: So, these are ways that you can gather information about all sorts of people, whether it’s about cyber espionage, whether it’s about finding out how to market to somebody or steal their information.
Vivian: And of course, they say that cybercrime, as well as identity theft, is the number 1 growing theft in the country, simply because they no longer have to risk being bitten by the family dog…
Vivian: … to break in and steal from someone.
Vivian: Now, they can take everything you have without lifting, you know, more than their fingers.
Raffi:18 million people in 2014 were affected by identity theft.
Vivian: I wonder if the most famous people on the planet are more likely victims than…
Raffi: Not at all, not at all. Well, they are, as we saw a couple of years ago with people breaking into Apple accounts and stealing people’s photos. And all that was bad password use. Don’t use the same password in more than 1 website, people won’t be able to break in.
Vivian: But then where do you remember all the list of passwords? Think about it. The average person must have at least, what, 10 to 20 different places that need passwords for everyone you want to do, you need a password.
Raffi: If not more, but the… it’s key to encapsulate that into having different passwords. And how you manage that, there are many ways you could do it. You can do mnemonics, you can use a logbook.
Vivian: What does that mean? What are mnemonics?
Raffi: Like using a for example, perhaps you’re using your Gmail account, you would use maybe something like ‘gm’ inside some other word so that you know that’s a Gmail account, it’s different, but it’s… it’s a way to mix it up. Changing letters and numbers around, things that look the same as the ‘i’s to exclamation points. Another great way is to use a password manager like LastPass or…
Vivian: Is that safe?
Raffi: They are very safe, they’re very safe. They’re much safer than the way that most people are doing it today.
Vivian: As long as it’s not 1234.
Raffi: Exactly. And that’s actually the number 1 password, 123456.
Vivian: Now, you do know the reason I mentioned always about don’t get your mail at home is because of reverse lookups. Can you tell us about a second about what reverse lookups are? A lot of people still don’t know what a reverse lookup is.
Raffi: Yeah, reserve… reverse lookup is all it is, is they have a piece of information about the value and they find out who… who the person is that’s attached to that piece of information.
Vivian: So, if I’m online behind you at ShopRite…
Vivian: … and I hear that you gave up the… or whichever place, you’re at the clerk your phone number, the cashier your phone number, and I want to stalk you or hurt family, basically, somebody takes your phone number.
Vivian: … they write it down, they remember it.
Vivian: And then what happens?
Raffi: They put it into one of these reverse lookup websites, some are paid, some are free, and they find that information. And before, in the past, you had to go down to the town hall to look at all this information. Now, it’s all freely available to anybody.
Vivian: Now, how do you protect against that? I mean, I would think if you’re… it’s your cell phone number, a lot of people don’t have home phones anymore.
Vivian: Doesn’t that mean that it’s where your bill gets sent to? So, an example is, if I have my bills sent to a UPS Store address instead of a P.O. box…
Raffi: Right, or a P.O. box, yeah.
Vivian: … yeah, does that mean, “Oh look, the phone number,” and the phone number goes to this address because that’s where I get my phone bill? Now, the person finds themselves at the UPS Store instead of your home, right?
Raffi: Right. And most… more than likely, they know it’s a UPS store, so they’ll just skip it and go to somebody else.
Vivian: Well, I think that’s a very easy way to keep your family safe though.
Raffi: Absolutely, absolutely,
Vivian: Any last tips?
Raffi: What… just again, you know, good online hygiene is the way to go.
Vivian: I love that word.
Vivian: Just get that added to the list of dental checkups…
Raffi: That’s right.
Vivian: … and their annual checkup.
Vivian: You add your hygiene.
Raffi: And your checkup too.
Vivian: Now, can… we really trust places like, you know, Staples so that they service your computers? I that a good trustworthy place?
Raffi: For the most part. Most big box stores have trustworthy services. We’ve had issues. There are bad apples everywhere, and those are typically bad… bad actors, not anything… anything related to that store. So, my preference, use a good local computer shop rather than one of the big box stores. But that’s just because I like small businesses.
Vivian: We should all support small business such as yours. And thank you for sharing all your information here with my guests. Thank you, Raffi, very much.
Raffi: My pleasure, Vivian. Thank you.
Vivian: Thank you.