Blog

Facts about Phishing

Summary: You’ve likely heard the terms ‘phishing’, ‘the dark web’, and ‘firewalls’, but do you know what they mean and why they’re important? Dave Hodgdon and Lonnie Cherry from Portsmouth Computer Group define these terms for businesses owners. Listen or read more to find out how to protect your company from these online threats.

Mike:  It is a Tech Tuesday with our good friends from the Portsmouth Computer Group out of Portsmouth and Dover. Dave Hodgdon joins us and Lonnie’s here as well. Dave, good to see you. Welcome to the program again. Good to have you with us, how are you?

Dave Hodgdon: Good morning. Great to see again. What a day, all fired up today.

Mike:  Gorgeous day, yeah. Lonnie, welcome to the program.

Lonnie Cherry: Thank you.

Mike:  You are one of the security experts that Portsmouth Computer Group?

Lonnie: Yes, I am.

Mike:  Now what does that mean? I mean, when you’re a security expert, what have you learned in the past? How have you gotten to this point in life?

Lonnie: Just, you know, picking up a lot of different things that’s out there and just a lot of knowledge.

Password Security is a Priority

Mike:  Yeah, and Dave, let me ask you about it, I mean, how important, and we talk about security. We talked a little bit about passwords last week and stuff like that, but let’s just briefly talk about passwords. We’re going to talk about phishing. We’re going to talk about the dark web and find out what exactly what the dark web is. If people don’t understand what that is or understand what phishing is and we’re not talking about with the poles on the water here. We’re talking about P-H-I-S-H-I-N-G, but just briefly talk about the importance of passwords once again for businesses, how important that is to be changing them on a regular basis and how important that is to make sure that you’re not hacked into.

Dave: All good stuff. I’m glad you brought that up again Mike. We know that security is top of mind of our businesses and it’s a priority for PCG. There are so many layers to security, but one of the most important ones we spoke about was passwords. They’ve got to be complex, they got to be changing them because that’s usually about 60 to 70% of security leaks are through a very weak password. And I know we also went over the acceptable use policy. So, we feel that’s important that those are some very good layers that we need to minimize our risk.

Phishing and the Dark Web: What You Need to Know

Mike:  Right. Let’s talk a little bit about Lonnie, let’s talk about this. What exactly is phishing? And we’re talking about the P-H-I-S-H-I-N-G. People have heard the term, what exactly is phishing and what can businesses do about that and how detrimental is that for businesses?

Lonnie: Yeah. Phishing basically is an attempt to gain sensitive information such as your username, password, credit card details. It’s often for malicious reasons, they’re disguising themselves as trustworthy entities through electronic communication. And in a lot of cases they’re trying to sell your information to the dark web.

Mike:  Right. Okay. So, the dark web is exactly what now, for people who don’t understand that?

Lonnie: Well, the dark web is a tiny fraction of the web. It’s only accessible through specialized browsers such as a tor browser. Its main characteristic is its anonymity, excuse me. And it’s really appealing to a number of shady individuals because you know you’re anonymous.

Mike:  So, what actually happens on the dark web? I mean is it a secret place on the web where people do you know, nefarious things?

Lonnie: It actually is. Yeah. There’s all sorts of illegal activity that’s going on on the dark web.

Mike:  What type of illegal activity? And I guess why can’t that be stopped, I guess?

Lonnie: Drug sales.

Mike:  Right on the web?

Lonnie: On the web actually. Yeah. Drug sales, a lot of pornography, selling of individuals. It really a scary place actually.

Mike:  How does that get allowed? I mean, I know there’s not a lot of regulation on the Internet. It’s always been in a lot of talk about this. You know.

Lonnie: There is not a lot of regulation on the Internet. It’s kind of the wild west.

Dave: Yeah, I like that. The wild west, when they went in the wild west.

Lonnie: The dark web is just a small fraction of the Internet and it’s kind of built around technology so that you have to be able to gain access through these specialized browsers. There’s no other way in, and they’re very secure.

Protection Against Phishing

Mike:  So how do businesses prevent themselves from like, you know these phishing expeditions? How do I, as a business, prevent this?

Lonnie: You’ve got to recognize what you’re getting for email. A lot of the phishing stuff comes through email. It looks like everyday email. Like, you know, it could be your boss asking you for money and something like that. So, you’ve got to kind of recognize the trend that you know, it’s not your boss. He wouldn’t particularly ask you for money. Dave?

Dave: Right. We’ve had certain examples of our clients have gotten a request from their boss to wire $50,000 and you know, that’s just not the case to be.

Mike:  People will still open that up?

Dave: They still open up and they’re thinking about it. Is that because the email exactly is that person’s name. It looks exactly like it; they’ve got this down so well. A lot of us have seen the Amazon gift card scams, the Best Buy. You see a lot of FedEx shipping. There’s so many examples out there. And one more point to Lonnie on the dark web. It was an amazing statistic that approximately one third of your users’ passwords are known on the dark web. We have these tools that we’re learning recently and it’s staggering, Mike, of when you run it, because a lot of people only use two, three, four passwords. And once they’ve got it and they’re selling that to the people who are trying to get access, and Lonnie is going to talk about ransomware and that’s one of the reasons. They just want your passwords to start finding ways to get money out of you.

Mike:  But why do we fall for stuff like that? I mean . . .

Dave: We’re people. We’re just vulnerable. It’s just, you know —

Mike:  Well if your boss has asked you for $50,000, I mean wouldn’t you question your boss before you actually reply to the email?

Dave: Absolutely.

Lonnie: They’re getting really good, actually. They’re starting to basically learn trends of personalities, to be honest with you.

Mike:  Really?

Lonnie: Oh yeah absolutely. And some of the ones we’ve seen recently sound just like the people they’re dealing with. So, it sounds like that person’s boss, you know, Betty Sue’s boss sent the $50,000 email and the tone sounds like him, maybe because they’ve gotten a few of his emails before.

Dave: That’s a big point. They’ve had an access, they’re seeing your type of kind of emails and content you’re sending. So, once they have access to that, they are almost, as Lonnie just said, it feels like it’s coming from that person.

Mike:  I mean, is that along the same lines of the, you know, the Nigerian prince who wants 10 million bucks from me?

Dave: Yeah.

Mike:  Or is it along the same lines, I mean, because people fall for that stuff too.

Dave: Right. People are vulnerable. I mean we’re people, we’re genuine and if something comes to you, it looks legit. And you know, I think that people are becoming . . . so our whole goal is to educate people. And we have a tool in place that we actually put this phishing exercise in the network. We send out an example and we watched the people that fall for it.

Lonnie: Yeah.

Get Educated on Phishing Dangers

Dave: And then we do tools for educating them. It helps those people to do that. So, the more we can do the phishing exercise, we’re helping to allow that end user to become a little bit smarter before they click.

Mike:  That’s smart. That’s smart.

Dave: Great thing to do.

Mike:  We’re speaking to Dave and Lonnie from Portsmouth Computer Group. Their website is pcgit.com, pcgit.com

They’re of course in Portsmouth and Dover, is all part of Tech Tuesday. They join us every Tuesday morning about 7:40 or so. So, I’ve heard the term ‘firewall’ and I’ve also heard that my personal computer that sometimes things don’t get through because of a firewall up and I can put the firewall down. What are firewalls and how important is it for businesses to have firewalls on their systems? Let’s talk about that.

Why Are Firewalls Important?

Dave: Yeah. The purpose of a firewall is to control the, you know, to allow traffic to transfer us from one side to the other side of the businesses network. But you know, the great thing about them is they’re there to protect your network and your computers from unauthorized and unwanted access, content, and potential malicious software.

Mike:  So, the firewall is that smart? It will know what’s coming through and prevent certain malicious things from coming through?

Lonnie: Yeah. A lot of firewalls out of the box are designed not to allow any traffic so you actually have to go in and say, yeah, I trust this site. I trust this site. I trust this user; I trust this computer.

Mike:  So, firewalls can also prevent you from getting some from legit things as well sometimes?

Lonnie: Yeah, absolutely.

Mike:  How does the firewall know what to . . . how is it set up that it knows what to leave in and what to bring in and what not to bring in?

Lonnie: Well you, actually, hire one of us qualified technicians that come in and program it for you. You tell us what you want and we go into the firewall and say, “Hey, he wants XYZ allowed in and out of his network and the same thing goes for the firewalls on your computers, software based.”

Dave: I think the firewall is like who has keys to the kingdom or the key fob.

Lonnie: Yeah, yeah, yeah.

Dave: You’re driving down the road and you’ve got the fast pass lane. They’re allowing certain people to go through. Then you’ve got the toll gate with certain exact change and you’ve got the toll with the pass. It’s smart enough to know who you want in and out and each one of these firewalls become smarter because they need to be to stay ahead of the curve to allow what’s in and what’s out.

So, it’s still smart enough to get through the firewalls we need are the tools, but the firewall is the number one key to stop that gate.

Mike:  So PCG, I mean if a business is looking to set up firewalls, you can actually install firewalls. Is that how it works?

Dave: It’s a piece. It’s a hardware. It’s appliance. It sits at the edge of the network and all Internet comes through there and that determines what’s acceptable or not.

Mike:  I see.

Dave: Anything else to add to that Lonnie?

Backups: The Insurance of the IT World

Mike:  Okay. Let’s talk about, we’ve always talked about, you know, backing up your computer, backing up your information, backing up your documents. Why our backups important for business? Obviously, it’s got to be crucial, I would imagine.

Lonnie: Absolutely. It’s kind of an insurance policy for your business in today’s world, the growing trend of having you know, computer networks on you know your business, you need to protect your data because you know the financial implication could cripple your business.

Mike:  Yeah, Dave?

Dave: Everyone puts insurance on their car. They put insurance on their home. They don’t think about the data is one of the most important things for business because if they lose their data, there’s a 60% chance they’re not going to be back in business. Protect your data and backing up is the most important way, and we’ll talk about ransom here, but backing up is a very inexpensive thing to do. It’s critical. It should be part of every businesses policy.

Mike:  And how do you, what do you suggest people back that information on? What would they back it up to?

Dave: We typically had, depending on the business, we call it the recovery time objective. Mike, how soon does that customer want to be up? We’ll actually have a second server setting there. Think about the old tire, that donut tire that you lay flat and you put it on there. We put a second box there. Should the primary server go down, server number two turns on to run my business because I’m in healthcare. I’m in financial, I cannot be down so we actually have the backup running on a second box that can turn on instantly. It’s pretty cool stuff.

Mike:  And you can do it pretty quickly?

Dave: We can do it, it’s amazing. Yes.

Mike:  Yeah. We’re speaking to the folks from Portsmouth Computer Group, their website is pcgit.com. They’re in Portsmouth and Dover. They’ve got some great ways to keep your business data and your system secure. If you’re interested on how PCG can assist with your security needs or assess your current vulnerabilities, you can give them a call at 431-1421. That’s 431-1421, or visit their website. As we said, pcgit.com. That’s pcgit.com. Any final words this morning?

Dave H.: 431-4121.

Mike:  431-4121.

Dave: Yeah, 431-4121. PCG. Yeah. We’re just we’re here to help out securities on top the mind. If there’s anything we can do to help out. There’s many tools, many layers. Every business’ needs are a little bit different. We’re here to help. My friend Lonnie is one of our excellent senior engineers. Security is top of mind for all of us.

Mike:  Thank you guys. Appreciate you coming here. Tech Tuesday, it’s good to meet you. Thanks.