The Chris Voss Show - The Chris Voss Show 205 Kyle David, CEO of KDG
Episode Date: May 17, 2018Kyle David, CEO of KDG...
Transcript
Discussion (0)
Hello, this is Chris Voss here from thechrisvossshow.com.
Welcome to the pre-show for the podcast.
Today we're going to be talking to Kyle David.
He's the CEO of KDG.
It's a company that deals with IT security and helps corporations and individuals, and
he's going to share a lot of really cool details.
Our conversation we had today was pretty smart and gave me some great tips on how to protect yourself with security,
two-factor identification, et cetera, et cetera. Also, if you're a CEO or board of directors,
you know how to educate and work with programs to make your company more prevented against
malware attacks, ransomware, et cetera, et cetera. So we get into some of the ransomware stuff and
different hackable items that are coming up in today's world and how to protect yourself and everything else.
I think you'll love the conversation I did.
So let's get right into Kyle's podcast.
Hi, folks.
This is Voss here from thechrisvossshow.com, thechrisvossshow.com.
Hey, we're coming here with another exciting podcast.
We certainly appreciate you guys tuning in.
You guys are the bestest audience in the world. We certainly appreciate you guys tuning in. You guys are the best S audience in the
world. We certainly appreciate you guys being
here. Thanks for referring your friends, neighbors,
and relatives. Be sure to go to youtube.com
forward slash Chris Voss. Hit that bell notification
button. Tell them to go to
Google Play and iTunes and download
the show. We certainly appreciate all the
wonderful new subscribers we've been getting.
So thank you very much that way. And
be sure to listen to the end.
This show always gets the best at the end.
And our YouTube, we have the new Siberian Husky puppy.
You can check out those videos and more coming.
And also all the great reviews, including the new AT&T Samsung Galaxy S9.
I have a wonderful, super bestest guest ever.
We have the bestest.
Maybe I should call it the bestest podcast ever. That's probably
taken actually. So we have on the show Kyle David. Kyle is the CEO of KDG. He's made a career in
technology and entrepreneurship for nearly 20 years, all starting with a huge opportunity at age
14 when a multi-million dollar Philadelphia area IT consulting firm gave him a job.
In 2001, he formed KDG, and over the past 17 years, he's grown at a rapid pace, attracting
clients ranging from the United States Senate to major financial institutions, international
nonprofits, and Division one universities. KDG is rated the number one Fidel
Philadelphia area IT provider and the number two Philadelphia area customs software developer by Clutch.co and
KDG has just won the bronze American Business Award for the IT department of the year. Welcome to show Kyle
How are you doing bud? Doing well Chris. Thanks so much for having me.
Good, good. Thanks for coming on. And tell us, give us your plugs so people can look those up
during the show. Sure. And thank you. Thank you for the introduction. I assure you, it makes me
sound quite a bit better than I am. Just like, let's be honest, people are tuning into the show
to see the dogs. Hey, I have radio face, so my voice sounds much better than I look.
So we've got that going, of course.
And here we are.
We chose to be on video.
But, no, so you can find us at www.kyledavidgroup.com,
also on all of the relevant social media channels as well.
Certainly, if you're interested in sort of cutting edge,
small business and emerging enterprise technology,
the newsletter on our website is extraordinary.
And security is on all our minds lately
with all the different things that have happened,
the stuff in the election we'll get talking about
and everything else.
Your main focus is, you know,
we talked about leading causes of data breaches before the show
and how our audience can take and, you know,
understand what's going on in the world
when it comes to data breaches, security threats, hackers,
all that sort of good stuff,
and how to keep everyday accidents from turning into
unmanageable data breach disasters. so let's talk about some of that and what
you want to cover there sure so one of the things that we have been focused on
over the past year is really understanding the nexus of data
breaches inside of organizations and we are by no means pioneers on this. IBM is really one of the leading
pioneers in determining what really causes a data breach. And there's a lot of public misconception
that a data breach is something that happens to you by an external aggressor. I mean,
if you turn on the news, you're going to see that, you know, the Russians or the Chinese or some other country is an aggressor and they are, you know, viciously trying to penetrate the networks of all U.S. businesses and government and other enterprises.
And there is some truth to that.
But in actual fact, most of the time, the biggest threat is the person sitting next to you.
IBM reported that 75% of data breaches are caused by internal forces rather than external forces.
Now, anybody that's paid attention to the topic knows it takes two to tango.
And in many cases, it happens something like a phishing email.
You know, a hacker or a foreign entity sends an email to somebody pretending that they are
amazon.com and asks them to log in to their Amazon account in order to, you know, win a gift card or
something like that. There's always some
enticement. It's not just the Saudi oil prints anymore that is going to give you $50 million.
The hackers have gotten quite a bit more creative. But needless to say, the emails in our
experience are fairly easily detected. I mean, it doesn't take a discerning eye to see that the email is a fake.
Yet, without proper training, you've got a lot of people that will click that email,
they'll freely give out their password, and before you know it, a data breach happens.
And so there's a lot of data security issues that can really be mitigated with a strong attention to understanding the internal stakeholders within your organization with as much emphasis as many organizations place on their firewalls and antivirus and things of that nature.
Does that make sense?
Totally.
So you mentioned, you know, some of the phishing stuff. We saw some of that in the
Podesta emails, the hacking of the DNC server. There's a lot of stuff going on with the,
you know, I mean, you're talking about how the Russians and sometimes the person who's
doing the hacking is sitting right next to you. Is that sometimes like a disgruntled employee who's working inside the company and they're and they're and
they're helping assist the hacking of data from the company's stealing secrets
or whatnot maybe yeah I think I mean and to be clear you know again it takes two
to tango so the real focus here is on the fact that
while there are accidents you know always waiting to happen oftentimes you
know internal stakeholders walk right into them you know so if you think about
like driving a car you know we're perpetually focused on car safety and
defensive driving and making sure we do not get into an accident you know we
take driver's ed,
and hopefully that sticks for people and they go on in their driving career accident free.
When it comes to the workplace, most people don't get that with respect to cybersecurity.
They're in a car without a license. They have no idea how to operate the machine, you know,
but for driving in a straight line. And so, you know, when another car comes to collide with them, i.e. a phishing email or something like
that from a foreign entity, they don't know but to, you know, drive right into it. And that's,
you know, when problems happen. So you have, you know, employees who act with all of the best
intentions in the world, get organizations into hot water. But you also have disgruntled employees that know that they can certainly take advantage
of very lax internal security policy at an organization.
So it's a double-edged sword.
But I do want to come back to what you mentioned with the Podesta emails.
And this is a perfect example that we see time and time again. You know, for those that
don't know, it was alleged, and based on the news that I've seen, it was somewhat confirmed that
a foreign entity sent John Podesta, I believe he was the Clinton campaign manager at the time,
an email that said, click on this email to reset your Gmail password and again
this is the the case of the driver without a license he looked at that
email didn't have the acumen to be able to discern that that email was indeed a
fake and willingly gave away his email password no as a high-value target he
was probably getting pummeled with those sorts of emails all day long, but didn't take very, very basic security measures in order to make sure
that didn't happen. So for example, if he had, you know, had just rudimentary training in making
sure that emails are coming from verified senders, that probably never would have happened. But even
if he had had something as simple as two-factor email authentication turned on, it never would have happened. And for those
that aren't familiar with that term, that's when you log into a website and it sends a text message
to your phone for verification. It's that one extra step to make sure that the data is safe. In this case, you know, it's a perfect example of the insider did
the most damage. He's the one that drove, you know, 90 miles an hour into a brick wall.
In our minds, it's really not the brick wall's fault. I mean, they're giving, they're going to
be everywhere. And you really shouldn't run an organization saying, we're going to do our best job to eliminate brick walls, not train the driver better.
Yeah, it's interesting.
Even my mom, who's in her 70s, she's trained herself in how to look at a link.
And I've kind of helped to give her advice.
Even I've been guilty of almost quickly on a link I think in the old days like ten years ago I was guilty of
clicking a link every now and then realizing what I'd done going and
changing my password one thing I'm getting I mean this is this is really
becoming more and more a thing I'm sure as an IT professional you see this all
day long but one thing I've been getting recently is a text messages on my phone and their links to hack my Amazon seller account or
sometimes it's just my Amazon account and it's it's a constant thing that says
they'll say my Amazon seller account is locked because of some sort of you know
suspended or locked because of some sort of issue which you know Amazon used to do back in the day every now and then
if if you didn't keep a certain percentage or there was some sort of
issue maybe the computer triggered something but I've started get these
almost every day and I've been I've been whack-a-mole blocking the numbers and
I've had to call my mom who I share my Amazon
account with I let her use it she I probably just got in trouble with
Amazon but but you know I've had to let her know yeah hey don't click these
links if they come across your cell phone she's like why are they targeting
you and I'm like mom I'm pretty sure they're just targeting any phone number
because they pretty much know that you do business that you probably do some
Amazon you have an Amazon account and they're just looking to hack it and
make some money off of it.
Yeah, and mobile is the new frontier as computer users are becoming a little more
savvy, mobile users are usually distracted by virtue of the fact that it's a mobile
device.
Hopefully they're not driving.
But I've seen more than one person walk into a pole or a wall while trying to text on their
phone.
So there's attention elsewhere and there's a better potential that somebody's not going
to be discerning about what they click on.
Now, it's a falsehood to say you have to be weary of everything that comes through.
In actual fact, if you're using a trusted email provider, Gmail is a great one.
Usually they do a lot of the filtering for you.
So you don't worry that every email you get may not be from the sender that's sending
it.
But again, what we really work with organizations to do
is help their employees actually understand, you know, basic, basic, you know, security for
not just their data, but the company's data as well. It's becoming increasingly popular right
now to find the lowest person on the food chain in a law firm
and pummel them John Podesta style to get access to client files because you know they're
going to be there.
We were involved in a case where a low level office manager at a fairly nice sized law
firm was compromised and with it a lot of confidential you know attorney client
privilege files came with her email and the hackers what they did was they went
back to the law firm and said look if you'd like opposing counsel to have
these you know press one if you wouldn't like it it's gonna cost you a couple
thousand bucks yeah it's bad I mean because particularly with the attorneys
they have a standard of care that's higher than the average bear.
And these are the types of things that happen very commonly.
So what we really do is we break it out into two pieces.
You've got your human firewall, everybody that works for you, and you've got your hardware firewall.
Let's leave that one to the geeks.
And, of course, the hardware firewall is to take away as many opportunities
as possible for the human firewall to have to react.
But if that human firewall isn't there, they're going to win every time.
I mean, cybersecurity is a reactive game,
and if you don't know how to react appropriately,
you're just as strong as your weakest link.
And for most organizations, sophisticated ones included,
that does certainly include their employees.
Yeah, the chrisvossshow.com gets constantly pinged.
It's just insane, constantly pinged to try and,
I don't know if the word is brute force,
because I've only had one or two times where they've really made they're doing a system hit on it and and trying
to turn to find out the the brute force password I think is the term and and I'm
constantly just barraged with the things one time I turned on the email
notifications for to let me know you know How often someone try to fake login and it just fill up my email and I went okay this guy's
It's like I can't I can't have this sent to my email anymore it's good to know but holy crap it's
In fact, I'm trying to find the stuff now, you know
it's so let me ask you this because this has been a big question on my mind, because
I've heard of these criminals coming up with these systems that can fake your phone number.
How safe is it to be at two-step verification?
Two-step verification is by no means the pinnacle of safety, but it's better than nothing. Using authenticator applications, which are the systems
that effectively scramble a six-digit code every 15 to 20 seconds that allow you, again, to verify
you are you by using something, a dongle that you put on your key ring or something on your phone.
It gives you an added layer of security that doesn't have to go through
the mobile networks but actually it brings up an interesting point if you if
you pretty much work for any organization now if you don't have email
on your phone you're really not not an employee I mean every organization is a
24-hour organization to some degree at this point, and so many people prefer to communicate by text and email that it's only natural for your employees
to have their company email on their phones or use their personal phones for sending text messages to other employees.
However, only 30% of organizations have a BYOD.
That's a bring your own device policy.
And so BYOD is a huge issue because the law's
a little bit gray on this unless you have a policy in place.
Who really owns the data?
So everybody could probably imagine that one employee
in their office that probably has way too many games
and other sorts of garbage on their phone.
Hey, if they got their company email on there too, guess what might get compromised?
Having a BYOD policy is extremely important, even in a two-person organization,
because it sets rules on where company email can be used and what the company has the ability to do. So there's been more than a few
court cases where there's been no BYOD policy and the employee has the phone with a ton of very
valuable and sensitive data on it and the employer can't really do anything about it. They didn't
claim ownership over it when the employee became an employee.
So therefore the employee can walk off with it.
More importantly for an organization, if you leave your phone at the airport or your personal
computer for that matter that may have company files on it, if the company doesn't have the
legal authority to wipe that device out so that it doesn't get into the wrong hands
you've got a big liability on your hands yeah I'm surprised I work a lot with PR
agents over the years for a lot of the reviews that we do and it's interesting
as the turnover the the PR agents happen they'll leave their emails active and
it's very rare I get a ping back saying this email's been closed.
And so I'll be sending for, I don't know, six months,
emails saying, hey, anything to do with your review?
And then suddenly someone will pick it up after like a year or two
and be like, oh, hey, they're gone, by the way.
And I'm just like, you let those emails just pile up
and people are trying to contact you every year
and no one's minding that
business and that email is still live.
And imagine that causes some sort of security risk.
It's a huge security risk.
I mean you had the case of the, I believe it was an engineering firm in Tennessee that
same thing just kind of emails lumped up in a former employee's inbox and when that
computer was passed to a new employee,
about $400,000 worth of information was stolen right off of it immediately. So,
yeah, these things are massive issues. But again, the unfortunate perception in most organizations,
even very sophisticated organizations, is that the problem is out there. It's not in here.
We're all good people that work for the company.
It's the bad people on the outside that are coming for us.
In actual fact, it's not a cause to question the integrity of your coworkers, but it's
certainly a cause to question their data security literacy and whether or not they have the talents to be
able to spot potential vulnerabilities and things that just don't look right.
And companies, you're right.
Companies need to learn to take and train their employees on, you know, I've had people
send me blind links and I've had to be a jerk and go, I'm sorry, the link that you just
emailed me is blind. I can't see what's
behind it, and I'm not going to click it. I'm sorry to be a jerk, but that's the way I've got
to be. I'm looking at the WordFence monitors for the chrisvash.com, to give you an example.
Just in one week, we had over 251 IPs blocked from Russia alone and 322 block counts
and then it goes downhill from there of course with more IPs blocked and and
pings of people trying to do it now I use two-factor identification logging in
the site you mentioned some of the different services there's off the
there's last pass those are popular with me in protecting your
stuff.
But yeah, it's really hard.
Sometimes you get these emails look so sophisticated, like the real thing from PayPal or Amazon
or Walmart, and it's crazy what can happen nowadays.
In fact, you might have some things we want to talk about with the Twitter hack that just happened.
And it pretty much exposed everyone's password on Twitter.
Well, yes.
And, I mean, it just goes to show you that, you know, basic passwords are dead.
They're just not helpful anymore.
They really provide a sense of security that is not true.
And so, you know, when you have things like the Yahoo breach or you have Twitter, how
many people do you know?
I mean, you know, I'm not going to make fun of everybody's mother, but, you know, they
got one password they use for everything.
So when something as large as Twitter is hacked or Yahoo is hacked, think about how many other
accounts that person has that are, you know, are instantly compromised.
And all this information is for sale on the dark web.
And it's so bad at this point that, quite frankly,
a lot of organizations are getting something called crypto locked,
which you may be familiar with, where all their computers are shut down
until they pay a ransom to a hacker who gained
access to their systems and all of a sudden all their systems are shut down.
It was cause for a huge dip in earnings for Merck, the pharmaceutical company.
Merck, the shipping company, was out of business for a while.
In fact, they were tweeting during their outage that they were navigating ships with pen and paper, old school style.
They just didn't have, you know, computer systems at that point.
So, you know, these large scale hacks are a threat to everybody.
But it just emphasizes that password security isn't enough.
So if you're thinking to yourself, man, I get into all of my, my you know work systems or or you know organization
systems with just a password um there should be that tingling feeling in your stomach that
it's probably time to upgrade and educate yourself a little bit more on you know how to be a better
uh you know steward of your own data and and to that effect, it only takes one person to dump every file out. Again, we see
these things quite often.
Yeah, ransomware has become quite huge. We're hearing a lot about it. Some companies don't
even talk about it, so we don't even know it takes place. Uber was someone who hid it
for a while, and then the PR backlash was even wider.
I think Equifax was also someone who hit it for a while.
They come out and initially tell people that, hey, your password's been compromised.
Twitter's action by having a text file exposed.
A text file with passwords.
Like, who does that anymore?
But recently we heard about hospitals getting ransomware,
and I believe there was a 911 service center, a 911 service center that got hacked.
And, you know, I hear these people responding to emergencies, life and death of people and stuff.
And they actually rebuilt their software because they didn't want to pay the ransomware fee or something along those lines. Yeah. And again, this stuff is becoming more and more popular. It's becoming popular
because it works. And it works not because all of these organizations didn't have up-to-date
antivirus and fairly decent security protocols. they worked because people are not
always perfect and you know very little time is spent on training people hey
don't click that link hey this is a bad idea you know things of that nature one
of the services that we offer that's been wildly popular is something called
our HR help desk everybody is always afraid of IT.
You know, IT is that sort of corner part of the building
or that outside third party that you can only talk to
if there's a dire emergency or your computer's melting on your desk.
And what we've done instead is worked collaboratively with HR departments to help
onboard employees so that they're immediately set up for data hygiene success from the day they
start. And they also have somebody to call 24-7, 365, that's going to pick up the phone and help
them through a situation that they go, I don't know if this is actually real or not, or I'm not,
maybe I'm not doing the right thing with these files by storing them on my local drive instead
of a network drive. It's become wildly popular because it acts as a backstop for that human
firewall instead of asking people to kind of self-train themselves or go to a seminar and
then hope to God it actually sticks. The continual training
is really good at reinforcing good data security behaviors. And the other thing we do with that is
we actually monitor bad behavior. So with a little piece of software on the person's computer,
we can tell, hey, are they leaving their computer unlocked and unattended? Are they spending time on Facebook or Twitter or God knows what for non-company reasons?
We're not recording their screen and looking over their shoulder, but we're certainly able
to tell that, hey, Jenny in accounting spent two hours on Facebook the other day.
Maybe we should block that.
And that's kind of where the BPR component comes in because we can tell real quick who are
the weakest links in that human firewall and and facebook has a lot of um um i'm not i think i
forget the term of it but they have a lot of those clickbait links that can come to you across
messenger uh where if you click it it will give them access to the to at least your facebook
account and they can start messing with it and then hacking it through the app and they If you click it, it will give them access to at least your Facebook account,
and they can start messing with it and then hacking it through the app.
And I don't know what exposures they can do beyond that.
Yeah, I'm going to steal the quote from somebody whose name I can't remember.
But I was at a seminar somewhere, and somebody said, you know,
the every data security problem starts with the phrase, just this once.
Just this once.
Just this once, I'm'm gonna click that link you know maybe maybe I will win the $50 Amazon gift
card you know maybe this is legitimate or not before you know your toast yeah
and there and then there are people that they fall for that every time my sister
is one of them my sister will click every free coupon link I remember one
time I went and cleaned her computer and there was like 10,000 virus you know
whatever I mean it just her computer shut down and then she had like 10 tabs
of these you know these tab things that they give you and and you know different
different tabs and
clearly they're tracking tabs coupon tabs and all this sort and there's
people that they just love that stuff just she'll click on anything you know
free $50 gift card Amazon whatever it's a late click it you know and so yeah
you've got to have these these things for. And, you know, one of my problems that I have is I've been a part of the Walmart hack.
There's a whole list of them.
In fact, I forget the name of the service that I have.
It's a free service some guy made where he lets you know when your name goes up on the dark web and your password and stuff.
And he'll tell you,
well,
that's part of the Walmart hack.
In fact,
I can go into his thing and I can look up which companies hack my path or,
you know,
expose my password.
And the sad part is every time I get an email that says from him,
that says your login and password are now up on the dark web somewhere.
I get this pounding of those your password
reset emails of people that are clearly going oh hey what's is this guy's thing
and they're there they're they're testing to see if I never change that
password it happens like every time I see the thing go up I'm just like oh my
god I'm gonna get all the emails um pass or reset
emails I'll get every now and then and I'm just like oh my god one thing that
people don't realize and and maybe you'll give some information about this
is LinkedIn you know on LinkedIn you can give out your email and people get
access to your email when I when I take and interact with you on LinkedIn I get
access to your email sometimes your emails exposed on there or you put it out and, you know, that gives people a first step to try and hack you
in. Absolutely, Chris. And what is even, you know, even worse is that a lot of people, you know,
perhaps like your sister who are trying to get something on the web, usually for free, there's
always some enticements to give away
your personal information, but a lot of times the questions that are being asked are the
answers to challenge questions.
So a less than legitimate website may ask for things like your mother's maiden name,
what's your anniversary, what are your kids' names, and it may ask for them in a veiled
way instead of just saying, hey, what's your mother's maiden name?
It'll couch it in a bunch of other, you know, seemingly innocuous questions.
And all of a sudden, they've got all of your password challenge questions.
Those are just so common.
So when you see something on, you know, have I been pawned is perhaps one of the websites that you can find out if you're on the dark web.
Well, what happens is, again again these folks are not dumb they'll look and they'll say hey here's an email
i know that has a jp morgan chase account here are the 10 challenge questions for jp morgan chase
we're going to strategically pummel those people until we get their challenge questions and then
gain access and when you're dealing with a sample size of 100,000, you know, potential accounts,
all you need is, you know, a half percent and you're rolling the dough.
I suppose if you really want to get into someone's account too, you can look at like their Facebook
or Twitter and you can find things about them, like the names of their dogs, hometowns, where
they went to high school. I always kind of giggle anytime I see I think there's a couple companies that
annually publish the top bad passwords that you have and and it's just amazing
you know princess is one that people use and and and you know I always love that
I was reminding of that joke from the movie. What was the movie?
Spaceballs.
Spaceballs, yeah.
One, two, three, four, five.
That's the code for my luggage.
It's true.
I mean, you're dealing with the ultra-primitive as far as security is concerned
when you're using such rudimentary or
dictionary based passwords yeah and i've watched it i've seen the hashing computers that they have
that can process like you know i don't know what it is but it's like millions of of passwords and
and uh and and password combinations and they literally start from like i don't know one two
three four and then and then it just,
and it goes through every combination.
And I guess a lot of the hashing things,
they kind of know the most popular idiot passwords
that people use.
And it's, you know, it's interesting to me
what the future is going to be
because a lot of people have said
that there's not going to be world wars in the future
that we fight with guns and battles.
It's going to be cyber war.
And certainly, you know, we've heard of, I mean, most people have no idea that our nuclear systems right now,
our nuclear power plants are constantly barraged.
I mean, I think the Chris Voss show is barraged.
They're constantly barraged with hacking.
In fact, there was a report recently that
russian had gained some access to some of the areas of the computer stuff and if they could
throw a reactor offline and cause a nuclear meltdown especially in places like new york with
the i think it's the indian uh creek or indian river um nuclear system they could shut down
new york city that they'd turn off all the power and not only that they'd have a nuclear fallout situation which probably
would put us into some sort of economic tailspin when you fewer wipe out New
York City and the fact that they're trying to hack those so they can do
stuff like that it's just staggering scary oh I, most certainly. And, you know, for the most part, those are high value targets.
I mean, from a foreign national perspective, you know, trying to engage in war.
You know, usually the corner financial firm or mortgage companies is less of a value target.
So if you make it obnoxious, I mean, you know, human nature is human nature.
Hackers are lazy too. If you make it difficult for them, they'll just move on to the next weakest
link mortgage company or, you know, JP Morgan account or, you know, whatever, what have you.
And so that's why, you know, practicing good data hygiene is just so important. You know, I recently, it's interesting we're talking about this this morning.
I think a day or two ago, it was the morning after my puppy got stuck in the fence
because she tried to push her way through.
I woke up just with no sleep to people pounding me on Facebook
because someone had created
inside of messenger,
not inside of Facebook as a profile,
but they created in messenger a profile.
And I guess in some of these third world countries with free facebook.com,
you know,
Facebook's promotion,
try and be just sell their base because a lot of these countries are just
cellular base.
And,
and to have like a way for them to have an interaction with messenger and
Facebook without having a full Facebook profile I didn't even know you could set
this up without having a full Facebook profile and so what happened to me a few
days ago was someone clearly in some third world country use free facebook.com they they
they were able to they don't they didn't have to create a profile on Facebook
they literally just somehow had messenger using the text service and
they copied my photo and then they started contacting all my friends saying
that I was in trouble and I needed money.
And they were talking about the IMF fund, which is and how they're getting a loan from the IMF fund, which is the International Monetary Fund, which if you Google, it's a popular scam that these third world countries use.
And so I had all these people pounding me going, hey, Chris, you're sending me screenshots.
Is this you?
Because, you know, and the guy was speaking broken English.
So clearly it was probably a third world country.
And I think they do part of the broken English as a litmus test
or a sort of idiot pass.
Like if you don't notice the broken English,
that's kind of the way they save time.
It's just going right to the suckers.
And so fortunately my audience is pretty tech savvy and so they all
tell when
I don't think this is you Chris
some of the screenshots are like
this does not sound like Chris Voss
but
what was interesting was Facebook
hadn't done anything to prevent
this and the reporting of it was
impossible because normally you can report a profile on Facebook and you can Facebook hadn't done anything to prevent this, and the reporting of it was impossible.
Because normally you can report a profile on Facebook, and you can say, okay, here's this person's profile.
They're stealing my identity, you know, all that sort of good stuff.
This was just in Messenger, and I was really alarmed and shocked to find that people could do that just in Messenger without having a profile.
And there really was almost no way to report it. I couldn't go to his profile and find it and so what's really nice is some of my friends in Facebook they have have
made it so the reporting is easier now they just put out a post last night and
address this concern and I and they of course finally went after it finally one of my tech savvy friends took in
Finally got the messenger link profile thing for it. And so we were able to start reporting it that way
But now Facebook has got a thing there
But yeah
It's just it's just so scary how these guys can just work around any systems and they and they look for like you say they look
for vulnerable Either uneducated, people that, you know,
haven't been taught, like you say, through programs like yours,
that they need, you know, teach the employees not to do certain stuff.
Yeah, yeah, most certainly.
And, I mean, there's three basic things to follow that put you ahead of the pack.
One is always ensure you have two-factor authentication enabled for any account that will allow it, which is most these days.
The second is keep your work and your personal stuff separate.
You don't need to be on Facebook on your work computer.
And you don't need to download work files on your personal computer.
It shouldn't even be allowed. Just keep those two things separate. I mean, it's, you know,
the equivalent of, I've got a five-month-year-old daughter. It's the equivalent of me saying she's
very important to me. I want to protect her all the time. Ah, let's put her in a group of strangers
and see, you know, what happens. I mean, you know, hopefully all good things happen, but at the end of the day, that's really not something I want to test. So keep those
two things separate. Protect what is important. And if you want to go have fun, you know, go do
that on your own, but don't do it, you know, with high value information in front of you.
And the third thing is just be vigilant. You know, if something doesn't sound right, it's probably not right.
And, you know, time and time again, you know, it's that just this once.
It's too good to be true.
Oh, a 1% mortgage?
You know, the adversaries in these cases, they know.
They're not – they know that everybody's passed the $50 million lottery
winner in Nigeria. They're now on to providing you a deal that's a little bit better than the average.
And they're getting more and more suckers every day just by providing flat screen TVs at a couple
hundred bucks below market. So just be vigilant. And with those three things, most people do pretty
well. And we see this from just small employees. And of course, ransomware just must be a nightmare.
I can't imagine owning a company getting ransomware and suddenly your whole company's
on lockdown. But I mean, we see this without getting into the politics of it all the way up to,
you know, the Hillary Clinton classified emails.
I mean, they had classified emails or something like that on Anthony Weir's laptop.
So do you really recommend that companies have maybe a separate,
like you were mentioning earlier, a separate business,
separate personal, like separate phones, separate laptops,
maybe having a company laptops and phones so that they
can take that back, like you say, and wipe it and make sure there's not an access point there?
Yes. I mean, I don't think it's practical in this day and age to issue everybody a company
cell phone in addition to their personal one. But there's lots of software that you can put
on to protect company email, even if it's on somebody's personal device.
But certainly issue them a company-protected laptop if they're dealing with any data outside
of the office.
It's just good data practice 101 to make sure that somebody can't do something with all
the right intentions and take down your whole company.
And that brings to one really important point.
Buy insurance.
You never know what's going to happen,
but the right cyber insurance will save your business.
70% of businesses that are hacked
are out of business in six months.
70%.
It doesn't matter the size.
And we have seen some very large companies, they didn't go out of business.
In order to save face, they liquidated their company to another company.
And the press agents come out and they say that they were acquired and they make it sound nice.
But in actual fact, they couldn't sustain business anymore.
They had either lost the trust of their client base or some incredibly significant aspect
of their business was compromised beyond repair. So, buy insurance.
Yeah, I mean losing trust is so huge with companies and you know I was part of the Walmart
hack. I don't know when it happened but it was five or seven years ago or something like
that and it's still people ping that email. Uh,
a couple of years ago,
I,
uh,
I got an email that said,
uh,
Hey man,
uh,
in the album,
Walmart store,
your,
uh,
your new iPhone is,
uh,
going to be waiting at three o'clock today.
And we charge,
we're going to be charging a credit card.
And at first I thought it was a joke.
I thought it was like a hack,
uh, like a phishing hack or somebody was trying to make click link and so I I got a second one that they were preparing the order
and I went I better go check my thing so I went directly to my account because I
don't like clicking links obviously and sure enough some guy off the thing had gained access to my Walmart
account order himself an iPhone thank God all the credit cards that were on
the I don't think I stored credit cards on that but any credit card I had on
there was like really old and outdated and so I contacted the Walmart in
Alabama where the local Walmart where this iPhone was supposed to be picked up.
And I even Googled the guy's address that he put into my system.
And it was like 1 Millionth Main Street or something.
I mean, it was like Google Maps, like you're on drugs. And I talked to the manager there and I said, hey man, you're going to have
a guy walking in who's hacked my Walmart account and you need to have him arrested or something
because he's trying to fraudulently purchase something on my account. And you would think
they would care. You would think that Walmart would be like hey you know security's like a really important thing and of course this is just a
manager of a store he could care less number one and number two he had no idea
what to do with the information I was giving with it like when the guy comes
in just arrest him he hacked my account bought a phone fraudulently and he just
like you could tell that he had no training he had no idea what to do with
it and you know probably
no he's just gonna give guy the phone anyway that's that's kind of how it is
you know everybody has to be you know just like you Chris they got to be their
own policeman or woman yeah you you gotta be I mean every email I get where
it's like click this link you know half the time if I get an email from my big
accounts like Amazon or PayPal I don't even click the links I just go
open a new tab and put in the information
so I try and save as I try and save this stay as safe as possible but you know
when the problems is when you're in a computer you can kind of look at the
link in Gmail you can see where it computer, you can kind of look at the link in Gmail. You can see where it's going.
You can kind of get an assessment.
When you're on mobile, it's so easy to
either accidentally click a link or
you can't really see
where that link's going because
you've got just that little screen. Sometimes
you're half asleep or whatever.
You definitely bring up some really important
points when it comes to safety and security
of the company's assets.
Most positively.
I mean, you kind of hit it on the head there with the mobile thing.
And that's why you're getting more and more text messages every day.
Yeah, the text message thing is crazy.
I mean, there's been a couple days lately where I'm getting three of them.
And I use Google Voice, so I'm like whack-a-mole and then blocking
him there's the highest service that I'm using to help identify stuff but that
really doesn't help with the text messaging but yeah it's a constant
variation of there's an issue with your Amazon account your Amazon so our
accounts been suspended click here and I mean you just look at links and you're
just like new that's not gonna happen
And they're they're really good about making it tricky where they do the Amazon
You know it's like a code and then dot amazon.com they have these variations of it
and it's really crazy what
What's going on with the peeing of of you know people trying to hack into the emails and it's just crazy
I mean I first used to hate two-factor identification because I'm like oh god
pull my phone and enter the stupid code and blah blah blah and and now it's just
hey this is this is the world we live in this is what we got to do my eat my
password seems to be just getting exponentially longer.
I'm expecting it to be like 100 characters in,
in 2025.
Hopefully we come up with something better with passwords by that time.
We're certainly getting there,
but we're not there yet.
Yeah.
All that chip in my eye that goes under your iris.
Something like that. So what are some what are some best ways as we wrap up that companies can do to protect themselves? What are some top tips that you recommend? you know, that run organizations or in leadership positions and organizations to really enforce.
But a couple other things, you know, to keep note, if you just as an individual want to be a little
more vigilant, credit monitoring services are worth their weight in gold. A lot of homeowners
insurance policies now come with one, so you don't have to pay anything additional in order to get
that service. It's extremely valuable not just to monitor anything additional in order to get that service.
It's extremely valuable not just to monitor your credit, but to make sure that somebody
else isn't monitoring your credit or trying to open accounts in your name.
And the second thing is websites like Have I Been Pawned are very, very valuable.
Just as you've done, Chris, you can pop your email addresses in there and they will automatically
notify you if you have become part of a hack and services I think you mentioned your last pass fan
there's Dashlane there's lots of different tools out there to help you
manage passwords and keep them separate and that provides a very very high level
of security as well so you know protecting yourself as an individual is
indeed just as important as protecting your company but for any you know, protecting yourself as an individual is indeed just as important as protecting your company.
But for any business leaders that are listening with us today, really take a fine look at your human firewall.
The IT firewall is very important and it should be done.
That's in given.
But the human firewall is really the area where you have the most potential for breach.
I'm part of the human firewall.
Not only am I employed, but I imagine a lot of CEOs that are listening,
entrepreneurs, board of directors,
they need to take and talk to companies like yours
and find out what they've got set up,
what they need to protect themselves.
I think it's really interesting that you guys have a thing that monitors how long
people are on Facebook and all this sort of good stuff I just recently sent my
brother the Disney Circle and it does the same thing it's really it's pretty
amazing it it tracks what websites the kids are on how long they're on it how
long they're on Facebook it actually given them time limits for how they can do. I remember years ago, I guess I won't name the
company in this, but we get a lot of review units for phones. And years ago, we'd been given,
we get these phones and they're limited cards and all that sort of good stuff. And we asked one day
why a certain reviewer wasn't showing up to the review parties and the phone launches anymore.
And they said, oh, they were downloading massive amounts of data on their phones.
And we went, why would anyone, it was like 70 gigs or something they used on their phone.
And we're like, why would anybody use 70 gigs on a phone?
And, of course, we get the hotspots for them.
And they went, well, they were downloading porn.
So knowing, having a program like what you're talking about,
knowing what employees are doing on their computers,
how they're doing it, whether they're exposing themselves,
I think is really important because you can know, you know,
just from a productivity level on top of security.
And a lot of these, you know, illicit porn sites, they have different hacks too as well
where they can go in your systems.
And I remember back in the day, you'd see these endless screens that would go across
where they would keep opening browser windows and stuff.
My mom will call me.
I'm not saying she's on porn sites I'm just saying on website should be on a website
where this pop-up will come up and it will say you know you have a virus click
here to clean it that sort of thing and she'll call me and be like do I click
this thing for the virus and my sister course gets into those websites all the
time the coupon websites and they get free this and you know the Amazon free gift card
yada yada yada yeah again all all significant threats and all threats that
people should pay attention to sounds good so Kyle give us your plugs to your
website so people can check you out and see your company.
Sure. We are KDG. You can find us at www.kyledavidgroup.com.
And check out HR Help Desk for $10 per employee per month.
You can really have a service that will give you peace of mind,
but also bring your team to a higher level of data security literacy
without too much work on your end.
So we try and make it as friction-free as possible,
but it's really an extraordinary program.
We've saved a lot of security breaches from taking place.
Yeah, and all you need is that one employee
to expose and away you go.
And certainly education employees is much better.
I mean, they really, it's gotten to the point
where they really in school,
like high school or junior high
or elementary school with these kids
because they all have phones at elementary school.
Anyway, they have phones at two years old now.
But they always need to teach, you know,
cybersecurity in school,
which they're not, of course.
So companies have responsibility to take care of it.
Absolutely.
Yeah.
All right.
Well, thanks for being on the show.
We certainly appreciate the information, Kyle.
Be sure to check out Kyle's website and be sure to go to Google Play, iTunes,
so you can download and subscribe to the show.
Refer to your friends, neighbors, relatives, dogs, cats.
Get everyone to listen to the show because God knows we need more show and also go to youtube.com for
chest Chris Voss at that Bell notification button so you get all the
wonderful and notifications on your mobile device and they're actually ones
from YouTube but just check those links anyway that's probably a good idea
anyway guys thanks for tuning in we certainly appreciate you guys and I see
and thanks to you who listen this far. We certainly appreciate you as well.
Thanks for tuning in.