The #1 Online Security Habit That Changes Everything
It's time to update all of your software. Okay. When you are using older versions of software it's full of bugs, okay? Full of holes that hackers can crawl through all the time. When a company releases a new version of the software, they have fixed the previous bugs. And when it comes time to update, we do this already, in so many other areas of our life. Think about all the things that we update, right, we've updated our clothes and how we dress. We have updated our vehicles and what they look like. We've certainly updated our hairstyles, although not necessarily for the better. And I think now we should pause and pay homage to this poor gentleman. The fact of the matter is you need to update. And it's true with your software, as well, no offense, right, no offense for anybody in the audience with a man bun. But you need to update all of your software. And it's not just the software on your computer, you also need to update the software on all of your devices. From your phones to your...
televisions. We've all seen pop up notices like this before on our computers, right? They're telling you something and when you see something like this, it's a really very polite way of telling you something that you hadn't really thought of. Saying it's time to update Android, it's time to update iOS, is a very polite way of saying that our software has been riddled with bugs, security and otherwise, and we've finally gotten around to fix them. In other words, when you see software update, what they're telling you is, up until this point, you have been entirely screwed from a software perspective. But we've fixed it now, so update the software. And when you see these, they're kind of annoying when you get all of these updates, 'cause they usually arrive when you're in the middle of something else, but you basically have two choices: yes, I'm going to update my software or yes, I'm going to update my software. Now we all know updating software is not pleasant, it's time consuming, it can cause it's own problems, but the end of the day, if you don't update your software, you're hosed, right? You are walking around with unsafe software that is going to cause you more problems in the long run. And I've got some research to back this up. NTT Docomo in Japan, a big telecoms company there, did a study of six billion cyber attacks, so it was a huge study, and what they've found is that 76% of successful data breaches and cyber attacks were accomplished with malware, viruses, that were over two years old. In other words, if you haven't updated your software, viruses that are two years old are going to work 76% of the time. Put another way, update your software, and you've just avoided 76% of the threats out there. You won't be one of that 76% who haven't updated the software and can allow all of these old viruses to work against your machine. Criminals are both very into money, they are money-focused, and they are avaricious and they are also wise business men and women. So developing new viruses can be expensive. So as long as their old viruses work, there's no reason for them to develop new viruses. And this clearly shows you, that old viruses work 76% of the time. Just update your software, and you've now reduced your cyber security risk by 76%. So there's a clear and present danger to updating and it can be a little annoying, so I have a tip for you, turn on auto-update. Just about all of your digital devices have a feature that allow you to update in the background. Just set it and forget it, turn that on. You can do that with the most common operating systems, for example with both Mac and Windows. I'll just show you how with some quick screenshots. In Windows, it's generally turned on automatically updates but you can verify it where it says turn on automatic updating. And in Mac you just go into system settings and, for some of you, in the upper right hand corner of your screen you'll see the updates ready to install, and you can see turn on automatic software updates. Do that for your Mac computer. If you don't have this little pop up appear in your upper right hand corner of your screen, then you can go in and set it manually by going into settings, click on App Store, and then you'll see another screen that looks like this that says automatically check for updates. Just turn that on and your computer will remain up to date in the background. You also, of course, should do it for your cell phone. These are just little computers that we need to keep up to date. If you are an Android, just go to the settings, and go to auto-update apps. And if you're using iOS for your iPhone, in general you'll see a notification under general, in general, that tells you time to update. And that's how you update the phone software, but there's another setting that you can go into under settings, iTunes, and App Stores and just select those things, for example, updates and they will automatically update all your apps. And remember, apps can be easily hacked as well and we'll talk more about that later. Regardless of what internet browser you're using, Firefox, Chrome, you know, Opera, Safari, doesn't make a difference, all of those have to be updated. And it's really important to update your plugins. Many of you, particularly in Chrome world and others, use a ton of plugins, those are not updated very frequently and they are an extremely common target for criminals. Particularly things like Java and Flash, those are easy ways to break into your system, so I don't actually use those, but make sure that your browser settings and your plugins in particular are updated. If you use Microsoft Office, that too should be updated, and if you hit those several items, then you should be in a good position to do the thing, the number one thing that will make you safer in the world of digital security. Now would be a great time for some questions. Are there any questions?
Anybody here in the audience got anything so far? Too terrified? (laughs) I'm sure Marc's gonna help to break it down.
How would you update your Chrome plugins? Do you have to do it individually for each plugin or is there a more aggregate way?
Yeah, that's a great question, so if you go into Chrome under settings, you can see your plugins, or your add-ins, additions, extensions, they're called different things for different browsers, just look in there and there should be a notification telling you that it's time to update, and I believe you can turn them on to auto-update, but before you choose a particular browser plugin, research it, because believe it or not that is one of the most active areas of malware that the bad guys are using. Why? Because if they can convince you to buy their shopping comparison browser plugin, it sounds like a great idea, we're gonna give you this tool for free and every time you try to buy something on a website, our tool in the background will go ahead and automatically give you the latest prices at all the stores. That's a very common type of promise that they make. But what they don't tell you is once you download that plugin, what it's doing is it's giving the people who created the plugin, access to every single thing you do online. Every website that you've visited, it could possibly pass your passwords, it's definitely passing your location, so do due diligence on the company. Just because it has 10 million downloads does not mean that it's legit, and I can tell you, and we'll discuss later, the numerous, numerous number of times that organized criminals have gotten plugins, browser extensions, and many other tools into these official app stores. So do your research, Google them, see what they're all about. Try to figure out, the number one indicator that I use, is where are they located? Right, if you can't find an address for the company, be concerned. And if they're in a country that you've heard frequently attacks your country by cyber attacks, you may not want to go ahead and download that browser extension.
So, if you don't have everything moved over to be automatically updated yet, and you're getting the security update pop ups, how do you know your security update pop up is safe?
That is an awesome, awesome question. Look closely. It is amazing, criminals, and we'll talk about this later, most of the attacks against folks are not technological, they're psychological. And trickery has worked, going back millennia as a means of crime, right, deceit, and criminals do that really, really well. So if you see a pop up, one of the things that I do is, if I get a pop up that says it's time to update Flash from version 2.6.9 to 2.7.0, I'm going to not do anything, I'm going to use another browser, I'm going to go to the Adobe Flash website or I'm gonna go to the Apple website or the Google website or the Microsoft website, and say is there actually a version 2.7.0? Did they release it? When did they release it? Where am I downloading this from, right? And that's one thing that is really a problem with the browsers, some of you may wanna consider deleting your browsers, and starting from scratch. When I go visit certain relatives of mine, who may have given birth to me, but I won't say who. (audience laughs) I look at their browsers, and I'm like oh my god, what's going on in here because, first of all, their browser is, the part that they browse is about this big and there are ten add-on bars that they just clicked okay to. It's like oh, you have this extension and this extension and this extension and like the news extension. I'm like, what's going on? Every single one of them is tracking them. And once you get one of those infected Chrome add-ons, or one of those infected Firefox add-ons, or the browser itself is compromised, then they have the ability to go in there and put fake pop ups, right? People have made millions and millions of dollars by putting up a fake browser ad. One of them, I talked about this in my book, was done by a company in Ukraine called Innovative Marketing Solutions. And what they did is they popped up a browser alert that said, you have a virus! You need to fix it! Click here to download our antivirus and we will fix your life. Oh, and by the way it's 49 dollars for the regular version, 99 dollars for the premium version. And tens of thousands of people went ahead and did this. They downloaded what they thought what their anti-virus program was, but it turns out it wasn't an anti-virus program, it was actually a virus virus program. The people never really had a virus, all they had was a vulnerability in the browser that allowed the pop up to appear and then, not only did they go ahead and pay 99 dollars for the privilege of being infected, but they just gave their credit card to East European organized crime, as well. Innovative Marketing Solutions, when they were taken down by the FBI and Interpol, they actually kept really good records and they kept receipts, and it turns out for about the two and a half years that they were in business, they did 500 million dollars worth of sales selling infected, fake anti-virus. So it might be a good idea to start with your browser from scratch once you've implemented all of these steps and this way you have a clean slate and you can avoid a lot of those fake ones. But always go to the original site that is purporting to offer you the update and see if it's actually happening. And look very closely at where you're seeing the pop up. Rather than, if you see some strange random pop up, in the middle of your screen, that says, it's time to update your Mac software, you should know that's not how Mac software updates. They always put it in the upper right or you'll see it inside the settings feature. For any pop up that appears and takes over your whole screen, particularly one that screams at you, and we'll talk about this later, you must update or, you know, global Armageddon will ensue, don't fall for it. Excellent question. Yes, sir.
Is there a way to peacefully coexist on the web without Java or without Flash?
Peaceful for you or peaceful for somebody else? Yes, I do it, particularly for Flash. You can use certain browsers, where you've seen Apple, you know, Steve Jobs famously hated those programs, particularly Flash, he was like, no we're done with this, we're not using this, we're not supporting it. And there's a new standard called HTML5, so if you guys wanna be able to watch YouTube videos and the like you should be able to do that. I think the Chrome browser has that integrated automatically. So yes, I think you can, and you probably should, otherwise use at your own risk. They're highly, highly targeted by cyber criminals. The other thing that you can do, which is a great question that prompted me to think about this, run multiple browsers. This is the browser that I'm going to watch cat videos on, and possibly run Java, and this is the browser that I'm gonna do my banking and shopping on, right? So for more dodgy things you could possible do that. It's not a perfect solution, but it will provide some help.
I've just one question from online, it says, how do you know if you've been hacked and is there software to find this?
So it's really funny, criminals are so good at playing with our minds, and they will like, there's lots of websites that you can go to. Have I been hacked dot com, right? I'm making that URL domain up, but they create websites like that to try to trick you. Click here, and then of course they will say you have been infected. And then once it says you're infected, they will sell you, you know, Ukrainian Innovative Marketing Solutions for 99 dollars, the actual malware that will infect you. So, there's also another version of this, that you should be highly aware of this, test your password. There are so many sites out there that people fall for that says, and like you see these ads on Facebook all the time, do you wanna know how secure your password is? Come to our website, type in your login, we'll test your Bank of America password, just put in your login name and your details. And it's like, that's very strong, yeah it's strong for about two seconds until the bad guys take all that data and empty out your account. So again, you have to engage your brain and think about this. Two, how you can tell, there's a lot of tell tale signs of infections and, by the way, now we're seeing a lot of infections that are going after computer's processing powers, not just your data. So I'll give you the signs, and then we'll talk about why it's happening. Some of the signs are your computer is really hot, it is running really loud, the fan is really loud, it has slowed down significantly over time, right? You're seeing strange pop ups, you're seeing odd things happen in the background. Before you go to the site you want to go to, you quickly see another interim site. You're like uh oh, what the hell was that? So those are some of the most common ones. Theoretically, anti-virus from a reputable company, could uncover those, but I would look much more behaviorally at what's going on. The reason why I say we're seeing computers run slower, louder, and hotter these days is because there's a whole new class of computer malware out there, specifically for the purposes of mining Bitcoins. Now, for those of you who don't know what a Bitcoin is, it is a cryptocurrency. For those of you who don't know what a cryptocurrency is, it is a mathematically based form of currency, of value, that has kind of exploded in the past few years and people exchange money on the blockchain, or something like money on the blockchain, you may have heard of the most famous cryptocurrency, it's called Bitcoin. It was probably like 10 cents a couple years ago, and now I think it peaked at almost 20 thousand dollars a few weeks ago before crashing again. One of the ways that you earn Bitcoin is to buy it, but the other way that you earn Bitcoin and cryptocurrencies is by using your processing power to go ahead and solve really, really big mathematical problems. And that processing power is expensive, not only do you need lots of computers, you also need lots of energy, and amazingly, these Bitcoin farms are using a ton of energy, and so the criminals don't want to spend their own money, so what they are doing is infecting your browser, infecting your DVR, infecting your security camera, your mobile phone, and they're not stealing anything except for the CPU cycles on your computer, because you know, they'll have hundreds of thousands if not millions of these enslaved devices that are generating Bitcoin in the background for them, so that's a new threat that we need to look out for and those warnings and indicators that I mentioned are a good way to tell.