IT Security
Summary: There’s a lot about IT security that businesses need to know. Dave Hodgdon and Steve Ripper from Portsmouth Computer Group have been in the business for over 20 years. Listen or read more to find out what IT security measures are essential for your business.
Mike: We call it Tech Tuesday here because we’ve got our cyber security experts Dave Hodgdon and Steve Ripper from the Portsmouth Computer Group with offices in Dover and Portsmouth, and they’re here joining us this morning in the studio to find out more about how businesses can be cyber secure. Dave, Steve good morning. Welcome. Good to have you both with us.
Dave Hodgdon: Good morning Mike.
Mike: [crosstalk]
Dave: Good on the weather it has been cold.
Mike: It’s been weird, hasn’t it been weird? I mean it’s been like winter to summer and no spring. Spring has been always weird in New England. Alright. But Dave, I want to talk a little bit, before we get into some of our topics this morning, PCG founded in 1996, you’ve founded the group. Talk little about what you guys actually do.
Dave: Overtime, we started as a training company, Mike. And that’s back in the days when the internet just got started and the whole email with AOL, our primary focus was training and consulting. But once that internet hit, and the early days of email we found the need that businesses needed help tying that all together. So, at that point I hired our first technician and Steve was one of our first for us back in 1997. And we evolved as a kind of a PC repair shop to a full-fledge, which is known as a managed service provider. So, we served over about 500 clients right now. And business . . .
Mike: That’s great.
Dave: . . . business is roaring right now.
Mike: That’s great. And this is what people wanna know about. Steve, your background is pretty much what? Tell us a little bit about your background.
Steve Ripper: So, like he said I started in ‘97, I’ve been doing it . . . I was that kid when I was growing up who could program the VCR, that’s how old I am.
Mike: You were, you were the . . .
Steve: . . . and I’ve been doing it ever since. So, yeah, it’s been good.
Enhancing Your Company’s Tech Security
Mike: Let’s talk a little bit about, I mean we talked a little bit about security. I guess we’re focusing on businesses pretty much Dave?
Dave: Yes.
Mike: Businesses. Let’s talk about password policy. We’ve heard about all this stuff about what constitutes a good password policy. Let’s talk about that for a second.
Dave: I’m gonna let my friend Steve answer that one. He’s great at this stuff.
Steve: So, you know, no one wants to hear this out there but it’s always a complex password. That’s what drives everybody crazy. You want to see passwords that have letters in them, numbers in them. Good length and usually we recommend that somebody have a password management software. There’s a lot of different packages out there that helps them manage ‘cause everyone has hundreds of passwords these days. So, it’s crazy.
Mike: Yeah, usernames, passwords. And I know, I have an app on my phone that keeps all my usernames and passwords ‘cause I can’t remember for the life of me, I really just can’t understand that. But it’s so funny when we do surveys about passwords, people still put in ‘1234’ or put ‘password’ as [their] password, which is just incredible.
Steve: Absolutely Mike.
Mike: Incredibly stupid.
Steve: And to make it easier too now, they have the fingerprint readers which really help people a lot. And we have an add-on tool too [that] our clients can use, it’s called My Clue just to store your password. Our goal is you should be changing your password based on your business to every 30, 60 or 90 days. We can help automate that because it’s vital because they find one password — that’s their way in the door. It’s usually the user is the biggest problem for the security leak.
How to Avoid Hackers
Mike: So more on that, I want to ask you guys, this whole technology is changing minute by minute, second by second. And I still think we’re at the baby level, the entry level on what’s to come with the internet and computers and everything else. Do you sense that the hackers are one step ahead of us, you guys, the experts sometimes.
Steve: It feels that way at times, but we talk a lot internally and both in the industry about what’s doing, so as much as they’re talking to each other, we’re talking as well. And, so, it feels like we’re reactive but we’re seeing what they do. So, if you put a lot of policies in place, and a lot of things we’re going to talk about today, you can stay ahead of them.
What is an Acceptable Use Policy?
Mike: We’re speaking to Dave Hodgdon and Steve Ripper from the PCG Portsmouth Computer Group, cyber security experts. We’re talking about security 101 for business computers and business systems as well. So, what does an acceptable use policy does for your business, what is it all about? Let’s talk about that for a minute.
Dave: The first part of that, Mike, is the business has to have some form of what we can do or not do. And it’s important that they know what that is because that kind of sets the guideline. Is there a password policy? What can they do on the internet? Can they bring their phone in and use it on a personal level? What sites can they go to? So, our goal is to help them to understand what that acceptable use is so we can help them put the right tools in place to minimize that risk. You got to think, just like when you’re on the road. You have the police officer, you have the speed limit, you have the toll gates. People still can abuse the law. We’re never going to absolutely stop the outside hackers, but we can minimize the risk and every day there are new tools for us to use to help mitigate that risk.
First Step in Mitigating Tech Risks
Mike: What are the biggest risks to businesses? What are businesses most concerned about when they come to you when they say, “We need some security. We need some advice. We need some systems set up.” What do people come to you first for?
Dave: I think one of the first things, and I’m going to let Steve answer, ‘is my business safe?’ And it kind of starts at the firewall level. What do we have to worry about from the outside users getting to us. And there’s so many levels. Before when we started it was just anti-virus and malware bites. But now it’s like 15 layers. It is getting more complex.
Mike: Why is that? Why is it getting more complex?
Dave: I just think the outside users, these hackers, and I’m going to let Steve answer this one, they’re smart. They enjoy doing this. That’s these young kids from overseas, China, India, Russia, they just enjoy seeing what they can do.
Steve: There’s money in it for them. They’re coming up with ways to make easy money by hacking into other companies. A lot of time what we see, we see ransomware, where they are actually holding the company hostage. They’ll encrypt their data and then contact them in some way, whether it’s email or a phone call or something like that because they’ve been investigating the company, and then they’ll like try to blackmail them to get their data back. And that’s really one of the biggest concerns that a lot of the companies come to us for. Are we safe from this kind of thing? Do we have software in place? Do we have firewalls in place? Do we have policies in place? Do we have web filtering in place? So, we can prevent these kinds of things.
Firewall Definition
Mike: So many things that people need to be concerned about that, we tend to forget about. Can you explain, because I think people may not understand, what exactly are firewalls? Because we hear about information not getting through them because your firewall’s up, and things like that, even on the personal side.
Steve: So, sure, a firewall would be what we consider to be the gateway to your network. So, for like users at home they would see the Comcast cable modem, or a Bering cable modem, whatever they’re getting their internet from, you would see that device would be considered to both the firewall and the cable modem together. So, in a company we do larger, and more specialized pieces of equipment for firewalls. But that’s basically what it does, it keeps people that are out on the internet from getting into your network. And let’s everybody on the inside of your network get out of the network.
Dave: And I kind of think about why you have keys to the office or a fob key that allows you certain people certain access. The keys are allowing people I want in the office, or I might have just the security or the HR room that has another key to get to that. It’s just a way of locking down who has access or not.
Web Filtering and Reporting
Mike: Yeah. We’re speaking to cyber security experts Dave Hodgdon and Steve Ripper from the Portsmouth Computer Group. They have offices in Portsmouth and in Dover. It’s ten before eight at News Talk 981 WTSN. Let’s talk about web filtering and reporting. What does that mean and how can you enforce it? What is that all about?
Steve: So, the idea is that a lot of employers are worried about what their employees are surfing to, they have no control over that. Are my users spending all their time on the internet instead of doing their jobs. So, web filtering is a way they can say, “You can go to these websites, but you can’t go to those websites. I don’t see you on TV.” Maybe block out some of the social media websites. On the user side of it, it’s not always so bad for the users, the user side of web just filtering protects them. Because sometimes you can have bad things happen to you, infected through websites you didn’t even mean to. You weren’t surfing badly, you were doing your job, but that website you went to was infected so the web filtering will help protect both sides of the equations. Both the employers and the employees.
Dave: And we help the business owners with, Mike, setting the guidelines for certain categories. Depending on that category in that business, we’ll black that category down. For some people social media, the average person spends about 2 1/2 hours a day surfing on the internet on the employer’s dime. So, we’re able to block certain sites, whether it’s sports, whether it’s gambling, whatever it might be, we have the ability to block those sites down. As Steve said, I think the biggest one is the user getting an email, could be coming from a friend, it’s a joke and the goal is they can’t open that if it’s a risk to the business.
Mike: So, the businesses when you talk about it and look at all the statistics and the people that are spending time on the company dime, they’re losing productivity because . . .
Dave: Absolutely.
Mike: . . . because they’re wasting their time. And it’s so easy to access, whether it is on the computer or on the phone. They’re sneaking away and doing things they shouldn’t be doing really.
Dave: We can report and see the average user. We are able to show the what users on, what sites they’re going to, you report that to management and they’re just floored with what they see.
Mike: Something else to worry about.
Steve: Bottom line is you can’t run your business without giving internet to all your employees, so what do you do? You have to make sure that you’re watching what is actually happening when they’re on it. But you can’t take it away these days.
Email Filtering and Management
Mike: We have time for one more category here in our cyber security one-on-one here that we’re looking at form Portsmouth Security Group. How about email filtering and management. People get tons of junk mail, we even get it here at the radio station. I get in my box here. Takes a lot of time to go through it and manage it. What’s the best solution to this? Let’s talk about this for a second.
Steve: So, most of the times we’ll advise a company to use what we call a cloud-based spam system. So, we’re basically putting this cloud service in front of whatever their email system is. The email can be anything, Gmail, Microsoft mail or any kind of web mail. We’ll put a cloud-based spam system in front of it so that it will filter it out. They’ll get a message every day that tells them what spam got blocked and what didn’t get block and they can release it so that kind of works really well for them.
Mike: Yeah.
Dave: And as you see that mail come through, you might get a domain or a particular site that you want to get to, you can block at a higher level, that way all users won’t get that. But on average, I’ve been at this for a while, I get about 400 in my junk mail a day. But you need to be smart when something comes in, you need to add it to the list that shouldn’t be there so you don’t see it again. It’s just like your mail, it takes time. It’s hard to deal with it, but it’s our job to minimize the risk and get those employees working more.
Mike: You know at one point I enjoyed email. At this point of my life, I don’t know how, I have a little bit less of an agreement with email now.
Dave: Just like texting right now.
Mike: It’s unbelievable how much junk and spam comes through.
Steve: And then the stuff that comes through is just like a memo, it’s do I need that? Uh!
Mike: Good point, good point. Hey thanks guys for coming in Security 101 with Steve and Dave, cyber security experts Dave Hodgdon and Steve Ripper from the Portsmouth Computer Group on Tech Tuesday. They’re going to join us for the next couple of Tuesdays mornings at about 7:40 or so. Thanks for the information. Let’s pass out the website for PCG as well.
Dave: Our pleasure. Please contact us at any time. Our phone number is 603-431-4121 or visit our website at pcgit.com. We’re here to help you.
Mike: All right. Thank you, Steve. Thank you, Dave. Good to see you guys.