Blog

Acceptable Use Policy, Password Policy, Ransomware, Firewall, Web Content and Filtering

Mike:  We call it a tech Tuesday here because we’ve got our cybersecurity experts, Dave Hodgdon and Steve Ripper from the Portsmouth Computer Group with offices in Dover in Portsmouth and they’re here joining us this morning in studio to find out more about how businesses can be cyber secure. Dave, Steve, good morning. Welcome, good to have you both with us.

Steve: Good morning.

Dave: Good Morning Mike, you’ve heard on the weather it has been cold.

Mike:  It’s been weird, hasn’t it been weird? I mean it’s been like winter to summer no spring, spring has been always weird in New England all right? but Dave I want to talk a little bit before we get into some of our topics this morning, PCG founded in 1996 you founded the group talk a little bit about what you guys actually do.

Dave: Overtime, we started as a training company Mike and that’s back in the days when the Internet just got started, and the whole email with AOL. Our primary focus was training and consulting, but once that Internet hit and the early days of email, we found the need that businesses needed help tying that all together. So at that point, I hired our first technician and Steve was one of our first force back in 1997 and then we evolved as a kind of a PC repair shop to a full fledge, what is known as a managed service providers. So we serve over about 500 clients right now and business is roaring right now.

Mike:  That’s great and this is what people want to know about. Steve your background is pretty much what? Tell us a little about your background.

Steve: So like he said I started in 97, I’ve been doing it… I was that kid when I was growing up who could program the VCR, that’s how old I am and I’ve been doing it ever since. So yeah, it’s been good.

Mike:  Let’s talk a little bit about… we’ll talk a little about security, and I guess we’re focusing on businesses pretty much Dave?

Dave: Yes.

Mike:  Businesses. Let’s talk about password policy. We’ve heard about all this stuff about what constitutes a good password policy, let’s talk about that for a second.

Dave: I’m going to let my friend Steven answer that one, he’s great at this stuff.

Steve: No one wants to hear this out there, but it’s always a complex password, that’s what drives everybody crazy. You want to see passwords that have letters in them, numbers in them, good length and usually we recommend that somebody have a password management software. There’s a lot of different packages out there that helps them manage because everyone has hundreds of passwords of these days, it’s crazy.

Mike:  Yeah, usernames, passwords and I know I have an app on my phone that keeps all my usernames and passwords because I can’t remember from the love of me, I really just can understand that, but it’s so funny when we do surveys about passwords, people still put in 1234 or put password as password, which is just incredible.

Steve: Absolutely Mike-

Dave:  Incredibly stupid.

Steve: To make it easier too now, they have the fingerprint readers which really helped people a lot and we have an add on tool too that our clients can use is called MyGlue just to store your passwords, but our goal is you should be changing your password based upon your business every 30, 60 or 90 days and we can help automate that because it’s vital because they find one password that’s their way in the door and usually the user is the biggest problem for the security leak.

Mike:   So I want to ask you guys, this whole technology is changing minute by minute, second by second and I still think we’re at the baby level though, the entry level of what’s to come with the Internet and computers and everything else, but do you sense that the hackers are always one step ahead of us, you guys the experts sometimes?

Dave:  It feels that way at time, but we talk a lot internally and both in the industry about what’s doing so as much as they’re talking to each other, we’re talking as well and so it feels like we’re reactive but we’re seeing what they do, and we have a lot of… So if you put a lot of policies in place and a lot of things we’re going to talk about today, you can stay ahead of them.

Mike:   We’re speaking to a David Hodgdon did and Steve Ripper from a PCG Portsmouth of computer Group, cybersecurity experts. We’re talking about security 101 for business computers and business systems as well. So what does an acceptable use policy does, does for your Business? What does that all about? Let’s talk about that for a second.

Dave:  To first start of that Mike is the business has to have some form of what we can do or not do, and it’s important that they know what that is because that kind of sets the guideline is there a password policy? What can they do on the Internet? Can they bring their phone and use it at a personal level? What sites can they go to? So our goal is to help them have to understand what that acceptable uses so we can help them put the right tools in place to minimize that risk. You got to think of just like you on the road, you have the police officers, you have the speed limit, you have the toll gates, people still can abuse the law. We’re never going to absolutely stop the outside hackers, but we can minimize the risk and everyday there are new tools for us to use to help mitigate that risk.

Mike:   What’s the biggest risk to businesses?  What are businesses most concerned about when they come to you and they say, we need some security, we need some advice, we need some systems set up, what do people come to you first for?

Dave:  I think one of the first things I’ll let Steve answer is, is my business safe? And that kind of starts at the firewall level, what do we have to worry about from the outside users getting to us and there’s so many levels. I mean, before when we started it was really just antivirus and then malware bytes but now there’s like 15 layers it is getting more complex.

Mike:   Why is that? Why is it getting more complex?

Dave:  I just think the outside users, these hackers and all that [inaudible] they’re smart, they enjoy doing this. That’s these young kids from overseas, China, India, Russia, they just enjoy seeing what they can do.

Steve: Yeah I mean there’s money in it for them. They’re coming up with ways to make easy money by hacking into other companies and then… A lot of times what we see is we see ransomware where they’re actually holding the company hostage. They’ll encrypt their data and then contact them in some way, whether it’s email or a phone call or something like that because they’ve been investigating the company and then they’ll try to like blackmail them to get their data back and that’s really one of the biggest concerns that a lot of companies come to us for, are we safe from this kind of thing? Do we have a software in place? Do we have firewalls in place? Do we have policies in place? Do we have web filtering in place? So that we can prevent these kinds of things.

Mike:   So many things that people need to be concerned about that we tend to forget about it. Can you just explain, because I think people may not understand what exactly are firewalls? Because we hear about information not getting through them because your firewalls up and things like that on the personal side.

Steve: Sure. A firewall would be what we would consider the gateway to your network. For users at home they would see the ComCast cable modem or a BayRing cable modem, wherever they’re getting their Internet from, you would see that device would be considered both the firewall and the cable modem together. In a company we do larger and more specialized pieces of equipment for firewalls, but that’s basically what it does, it keeps people who are out on the Internet from getting into your network and lets everybody on your inside of your network get out of the network.

Dave:  I kind of think about why you have keys to the office or you have a fob key that allows you certain people, certain access. So the keys is allowing the people I want the office, but I might have the security or the HR room that has another key to get through that. So it’s just a way of locking down who has access or not.

Mike:   Yeah, we’re speaking to cybersecurity experts Dave Hodgdon, Steve Ripper from Portsmouth Computer group, they have offices in Portsmouth and the Dover’s. It’s 10 before eight on news talk 981WTSN. Let’s talk about web filtering and reporting, what does that mean and how can you enforce it? What is it all about?

Steve: So the idea is that a lot of employers will be worried about what their employees are surfing to, they have no control over that. Are My users just spending all their time on the Internet instead of doing their jobs? Web filtering is a way that they can say you can go to these websites but you can’t go to those websites, I don’t want to see you on TV, maybe block out some of the social media websites. On the user side of it, so it’s not always so bad for the users The user side of it, the web filtering just protects them because sometimes you can have bad things happen infected through websites you didn’t even mean to, you weren’t surfing badly, you were doing your job, but that website you went to was infected. So the web filtering will help protect both sides of the equation, both the employers and the employees.

Dave:  And we help the business owners that with Mike of kind of setting the guidelines for certain categories, and depending on that category and that business we will block that category down. Like some people social media, the average person spends about two and a half hours a day surfing on the Internet on the employer’s dime. We’re able to block certain sites, whether it’s sports, whether it’s gambling, whether… whatever it might be we have the ability to block those sites down. And as Steve said, I think the biggest one is the user getting an email, could’ve becoming from a friend it’s a joke and the goal they can’t open that if it’s a risk to the business.

Mike:   So the business is, when you talk about, you’ve looked at all the statistics and the people that are spending time on the company’s dime they’re losing productivity because they’re wasting the time and it’s so easy to access whether it’s on the computer or on the phone, they’re sneaking away and doing some things that they shouldn’t be doing really.

Dave:  We can report and see the average user, we’re able to show what users are on, what sites they’re going to, you report that to management and they’re just floored with what they say.

Mike:   Something else to worry about.

Steve: Bottom line is you can’t run your business without giving Internet to all your employees. So what do you do? You have to make sure that you’re watching what is actually happening when they’re on it, but you can’t take it away these days.

Mike:   Listen, we have time for one more category here in kind of our cybersecurity 101 here that we’re looking at from Portsmouth Computer Group. How about email filtering and management? People get tons of junk mail, we even get it here at the radio station I get into my box here, and it takes a lot of time to go through it and to manage it. What’s the best solution to this? Let’s talk about this for a second.

Steve: Most of the times we’ll advise a company to use what we call a cloud based spam system. We’re basically putting this cloud service in front of whatever their email system is the email can be anything Gmail, Microsoft mail, or any kind of web mail but we’ll put a cloud based spam system in front of it so that it will filter it out. They’ll get a message every day that tells them what spam God blocked and what didn’t get blocked and they can release it so that kind of really works well for them.

Dave:  And as you see that mail come through, you might get a domain or particular site that you don’t want to get to, you can block that at the higher level so that way all users won’t get that, but on an average, I’d been at this for a while I get about 400 in my junk mail a day. But you need to be smart when something comes in, you need to add it to the list that shouldn’t be there so you don’t see it again. It’s just like your mail it just takes time, it’s hard to deal with but job is to minimize that risk and get those employees working more.

Mike:   At one point I enjoyed email, at this point in my life I don’t know… I have a little bit less of an agreement with email nowadays.

Steve: I just stopped, I’m just like texting right now.

Mike:   It’s unbelievable how much junk and spam comes through, it’s incredible.

Steve: And then the stuff that does come through is just like a memo. It’s just like do I need that? Ah, man.

Mike:   Good point. Hey, thanks guys for coming in. Security 101 with Steve and Dave cybersecurity experts, Dave Hodgdon, Steve Ripper from Portsmouth  Computer Group on tech Tuesday. They’re going to join us for the next couple of Tuesday mornings at about 07:40 or so, thanks for the information. Let’s let us pass out the website for PCG as well.

Steve: I’m glad you asked, please contact us anytime our phone number is (603) 4314121 or visit our website  at pcgit.com we’re here to help you.

Mike:   All right, Thank you Steve. Thank you Dave. Good to see you guys. I appreciate it.

Dave:  Thank you.

Steve: Thanks.

Mike: See you next Tuesday, 7:54 on news talk 981WTSN weather and traffic, that’s next.