UNSECURITY Episode 72: COVID-19, Health, Bass vs. Barracuda

It’s hard not to talk about what’s going on with the COVID-19 pandemic right now. It’s impacting all of our daily lives on a monumental level. Information security is no different. Evan and Brad break down the current state of information security amidst the COVID-19 pandemic and working from home cybersecurity concerns. Check it out and let us know what you think at unsecurity@protonmail.com.

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:22] Evan Francen: All right. Hello listeners. This is another episode of the Unsecurity podcast. My name is Evan Francen. This is episode 72 the date is March 23rd 2020. Joining me in studio is my buddy Brad Nigh. Good morning Brad. We’re recording this video remotely. We’re not actually audio, video, recording it remotely through assume this year that this week.

[00:00:45] Brad Nigh: This week, yeah. This social distancing isolation thing is uh, throwing everyone for a loop. I think

[00:00:53] Evan Francen: I know man and I’m all out of sorts. I don’t know we’re gonna get to that. I want to hear kind of how you’re feeling and what’s going on in your mind. Uh, but last week was not you and I didn’t even get a chance to connect. Normally we see each other in the office and we introduce some things together. Not, uh, not so this go. Um, so I’m hosting again. I wrote the show notes. You didn’t get a chance to, we don’t get a chance to connect. Um, Lot to talk about this week. Of course. Top of mind is, is the COVID-19 and what that epidemic is a pandemic is doing to our daily lives. Uh, it’s sort of hard to talk about anything else. It’s everywhere.

[00:01:34] Brad Nigh: Yeah, fundamentally changing how we’re having to go about day to day activities, so yeah.

[00:01:43] Evan Francen: Right. Last week was crazy. So what uh you know, what did your what did your week look like, How did you cope this weekend and all that other good stuff?

[00:01:51] Brad Nigh: It was it was not. So my wife is in healthcare, so she’s still having to go in, so I had three kids at home and working, so it was uh it was exhausting right?

[00:02:04] Evan Francen: When it’s so different, I mean I’ve never dealt with anything like this before, so I’m a lot of sorts, I don’t know, did you have any problems focusing last week?

[00:02:15] Brad Nigh: Um You know, I mean I’ve worked from home before, you know, it we’re pretty lucky that that’s the case. So you know, I think there’s certain things you can do, you have to have a routine, you got to do, certain things take force yourself to take a break, so um it wasn’t too bad, I think the hardest part is has been like you just can’t go do anything. Right. Right, right. Mhm. Go into the store, you can’t just run to the store and pick something up. I mean, I guess you could, but you’re not, you shouldn’t. Right, so we’ve been uh doing like a daily walk with the kids um You know, at some point destroying the neighborhood, 2030 minute walk with them, get them out of the house, get me out of the house. Yeah and then you know, I have uh, an office that I work out of it has a door and when I’m in here I shut the door. So I’m kind of isolated in them. When I’m done with work, I shut the door. So I don’t walk by and keep seeing, you know, the computer and stuff. So there’s certain things you can do to, to kind of help because if you don’t, it just plans together, right? Everything is all just one. So,

[00:03:26] Evan Francen: and I’m one of those guys who were, you know, if life that doesn’t make sense for me, I find it hard to focus. So most times last week where I just, I was having trouble focusing, I could, and it took a while for me to sort of find my groove again,

[00:03:42] Brad Nigh: it’s easy to go down like, well, especially with there’s so many unknowns about it. Like I definitely found myself refreshing some, you know, like the Washington post or some of the other live update type sites that like what’s going on, you know, china understand and get a grasp of it. So

[00:04:06] Evan Francen: yeah, we come to work on monday, you know, kind of got through monday and we sort of made the decision that we were going to close the office Tuesday, you know, uh, Maybe 20 or so people that had come in just kind of grabbed their things and then we deactivated, all all all the cards, except for just a few right, when I figured well, since nobody is going to be in the office, might as well go in. I mean, it’s a safe place where I’m not gonna infect anybody. So Wednesday, thursday friday. I didn’t see anybody. I didn’t go to stores. I didn’t do anything. I just drove from, you know, from home to the office, you get to the office and it’s like what you used to a bunch of kind of hut buzz, you

[00:04:50] Brad Nigh: know, it’s

[00:04:52] Evan Francen: like holy crap, It’s just weird.

[00:04:56] Brad Nigh: Yeah, yeah. I had to had to work a couple Saturdays. Yeah. While or a year ago and had to come in and yes, nobody there. It’s just like, what’s going on,

[00:05:09] Evan Francen: Right? And I’m here today and I’ll be working here all week this week, it will be the same kind of thing, you know?

[00:05:15] Brad Nigh: Yeah. Yeah. And it’s tough. I know, even if they decide we’re going to open it up after, you know, next week, I’m still going to have to be remote through, Who knows, indefinite because kids don’t have, uh, physically at school, they’re going to start learning on like April six, right? So, yeah, I don’t know when I’ll be back in.

[00:05:39] Evan Francen: Yeah. Well, and I don’t know if you’ve been the first time I went to a store was saturday, my daughter and I, you know, we needed, believe it or not, we need a toilet paper and my wife had a chore for me that required me to go get some wood. So we went to Home Depot and I was first of all I was kind of expecting, I didn’t even know it was gonna be open. Yeah so you know we drove there and my daughter and I was like wow I’m surprised how many people are here like. Yeah, I mean the parking lot was probably half full, right? And we’re all kind of when you when you walk in through the aisles, you know it’s like yeah everybody just keeps their desk their distant. I told my daughter to keep her hands in her pocket. I don’t want her touching anything. Stay close to me. I just you know I don’t want to be I want to be respectful of kind of the rules that were living under. I get while we’re doing it. Um I finally found toilet paper. We stopped at four different places. Finally found toilet paper uh Walgreens, wal places I guess Walgreens gets there deliveries on saturday mornings. Well

[00:06:54] Brad Nigh: it’s it’s funny. Well yeah I had to go by uh Costco to pickup dog food Tuesday on the way home after we closed and we’re like up. Yeah we should probably get some, we’ve got two big dogs and you know they go through some food. It’s backed by like the toilet paper and the there’s some lady this was like 10 30 10 45 in the morning and they opened a 10 and all they do is like I was told you guys would get a delivery of toilet paper today. Where is it? And the Costco and places. Yeah, we got 22 pallets of toilet paper and We had people lined up at 8:30. They were sold out in like 15 minutes. I don’t get it. But uh yeah, I had to I went to I didn’t have to, I did go to the home depot as well because they are working at the home office. It was like that builder beige just a generic block color and you know for one opposites okay. But it was like if I’m gonna be stuck in this, you know eight x 8 or whatever room for a month or longer. I need to to do something. So yeah, that was my weekend is I painted my office.

[00:08:05] Evan Francen: Well we’re coping right?

[00:08:07] Brad Nigh: Yeah. That’s what you gotta do. It’s really weird

[00:08:10] Evan Francen: for it’s kind of everything at home too. I mean I saw my daughter more you know in the last probably 48 hours than I’ve seen her in the last six months. She’s 15. So she’s always out and about. It’s kind of nice to spend some time ago. I wonder how long it’s going to be before we get tired of each other.

[00:08:30] Brad Nigh: Yeah. You know

[00:08:33] Evan Francen: maybe today’s the

[00:08:34] Brad Nigh: day. I don’t know. Yeah my kids are, you are excited that it looks like it’s gonna start warming up so you can go outside and play and just get burn off some energy that it’s been kind of cold and rainy. Right? So

[00:08:51] Evan Francen: things I want to talk about, you know, in this podcast is just priorities. You know, uh you know, as we’re working through covid, you know, we’re information security people. And you know, it seems like sometimes information security might take a back seat and all this and maybe it should, you know, I don’t know. Uh you know, everybody’s got their own, you know, sort of priority. So the things I wanted to talk about were, you know, mental and physical health. You know, how we’re dealing with that, you know, um I don’t know if I’m probably not qualified to give, you know, any kind of in depth advice, but I can share like my own,

[00:09:26] Brad Nigh: as I said, I think just just having that conversation and being out there and open and available is is a huge thing. Right? I think a lot of people struggle about just talking about it. So it’s a good step in the right direction.

[00:09:43] Evan Francen: Yeah. And then, you know, talk about, you know, we’ll talk about protecting our self yourself myself, you know, and then protecting your loved ones and then, uh, you know, business, you know, in survival. So you’ve got those things that are really priorities. Where does security kind of fit in with all that, you know, in terms of talking about mental health, you know, do you know anybody who’s struggling. Are you struggling? Uh

[00:10:07] Brad Nigh: uh Not not yet. We’ll see. We’ll see if this goes on. No. Um you know, I think it’s something that everybody is going to go through because we are social beans that even being an introvert that we like, we are still like there you do get some energy from that close group right in work and all that. So you’re now not able to see or go out and do things that it definitely can, can weigh on you. So, you know, there’s like, we like one of the things that we’re doing is every one of our internal meetings were turning on our cameras, right? Everybody has their camera on. At least you’re having an interaction. Like there’s a face there. Even right now, you and I have our zone. So you know, it makes it does make a difference.

[00:11:03] Evan Francen: Yeah, I agree. I mean, and I shared a little bit, um, you know, last week, uh I really, I really struggled with just focus. You know, it was it was difficult. I was everything was a shock to me. So I was trying to figure out just kind of put things into its boxes. Now. That’s the kind of thinker I am, where it’s not like everything needs to make sense. It’s just I need to be able to put it in a box somewhere and I have a don’t make sense box And it was like everything was kind of fitting in that don’t make sense box and so I felt sort of uh you know felt sort of lost um certainly when I came into the office uh you know you worked, I would say on friday about in the morning, it kind of hit me that I started to feel lonely, I started to feel some of the effects I think of being isolated.

[00:11:59] Brad Nigh: Well yeah, that would definitely be even harder because at least yeah, I’m isolated and get this shit, but I go out and say hi to my kids and you know, my son loves Oscar director of tech services, so I was on a call with him and he heard them and came running in and I want to say hi, right, so at least I had that interaction which is nice, you can imagine.

[00:12:23] Evan Francen: Yeah, it was just weird and I want to be you know and I just want to be transparent that I think it given you know, kind of this, everything is new, it’s okay to not be okay.

[00:12:36] Brad Nigh: Mhm. Right. Yeah and when you’re in an environment where like you said, you’re you’re used to the team being there and walking around, so you’re it’s not only a new experience, it’s a it’s completely different in familiar surroundings, right? So you’ve kind of got two things going on

[00:12:59] Evan Francen: and I think it’s important just for people to be self aware, you know um it’s kind of normal to have anxiety. I was reading something. Um I think it was maybe this morning about, you know, people will suffer from post traumatic stress disorder here. This um so I think the mental effects may not probably not fully known yet or fully felt, but you know, I think they’ll be long lasting. I mean, this this is a big, huge change for us for everybody.

[00:13:31] Brad Nigh: Oh yeah, my daughters were talking about, but just how much different it is and that they’ll be joking about this or looking back on it in years. I’m like, not just years, this is something you’ll remember. Like it’s going to change how we have to operate for the rest of your life.

[00:13:50] Evan Francen: Right? Yeah. It’s funny, I was talking to my daughter, you know, she’s 15 and um I have other kids, but they’re all out of the house now. But you know, my 15 year old I on her way to Home Depot, I asked her, you know, how you feeling? You know, are you stressed out about this? Are you concerned? Like, no, I’m not not worried at all. I’m like, well, why not? I’m 15. You know, right now, nobody has died in the United States, I don’t know about worldwide, but there has been no death for anybody under the age of 19 related to Covid. So she’s like, she’s pretty aware. She’s just not all that concerned. So I told her, you know, it’s important that you still be respectful, you know, as you go about your day, you can still be a carrier. You could look at other people sick, there are higher risk. Um you know, age groups stay away from, you know, the older people. I think that the mortality rate for 85 plus is like 27%.

[00:14:54] Brad Nigh: It’s crazy as you get older.

[00:14:56] Evan Francen: So we’re not going to see grandma for a while. I mean, this is, you know, you may not be concerned. That doesn’t mean that other people aren’t concerned and you know, we need to show respect for them.

[00:15:07] Brad Nigh: Right? Right. How bad would you feel if if you didn’t saw her and you’re the only interaction she got sick. It changes how you have to think.

[00:15:17] Evan Francen: It certainly does. Uh So physical health are you, what are you doing? You know what’s changed there for you?

[00:15:24] Brad Nigh: Yeah, I think the hardest part working at home, um is you, is that separation. It’s really easy to just stay. Like I noticed kind of Tuesday Wednesday, I hadn’t moved. Right, That’s closer to the bathroom is closer to get a drink. I don’t have to walk as much. I’m not walking around to see people. Um So making it a concerted effort to go, like I said, on a daily walk, I don’t, this kind of snowy and gross out right now. So I’m not sure that will happen today, but you know, you got to make an effort. You’ve got to set aside time to say I’m going to get out and go stretch my legs, I’m gonna go walk the neighborhood um and I’ve been doing it with the kids just uh you know, it’s kind of fun. It’s goodbye meantime. Uh better, you know, 14, 12 and Uh huh. 5.5. So you know, it’s fun to watch them play and interact and

[00:16:22] Evan Francen: so I suppose it’s it’s creating a new routine, right? You have this whole routine just a couple of weeks ago and now you have to create a whole new routine and I think it will be because I’m going to get through kind of the same thing. It’s awkward right now and you have to be intentional what our health behaviors and intentionally and forcefully. Even if you have to get into those good behavior so you can establish a new routine right?

[00:16:50] Brad Nigh: Yeah, otherwise it’s it’s if you don’t, I think if you don’t keep your physical health up, if you’re not doing that, it’s going to negatively impact your mental health minute tied so closely together. If you’re not right, you’re not leaving to go get lunch anymore, you’re not getting that break, I’m gonna go make a sandwich in the night Eaton, sit back down, it’s 15 minutes right? Force yourself to take that break, get out, stretch your legs and honestly coming back from those, you just feel like I feel so much more focused and like a where you start to, you know, sit here and just stare at the screen and you’re in a tiny room and we’ll get out, get some, get some blood flowing and it definitely makes a difference.

[00:17:36] Evan Francen: Yeah. So what about business? You know, one of the things I was talking to a buddy of mine because I’ve been trying to reach out, more you know, to friends and 11 friend of mine, he’s uh see so for a large travel company, you know, 20,000 issue employees and the travel company or the travel industry has just been decimated, you know, and he’s dealing with, they’re going to probably have to lay off half of their staff. So 10,000 people, you know, hitting, you know, losing their jobs and for how long, you know, who knows? And so he’s dealing with not only, you know, all the things that come with Covid and having to do his daily work, but now he’s got to deal with the stress of laying off himself, you know, half of his work force, This is 10,000 employees, but he’s got about 60 employees that he’s responsible for. He needs to last 30 of those you know.

[00:18:38] Brad Nigh: Yeah, I mean you got to do what you gotta do to try and make it through. Not always a, you know, pleasant thing. Um you know, the issue is you can’t let security lapse at that time because if you do and then you get an incident. But now you’re even worse off than you were.

[00:19:06] Evan Francen: It’s

[00:19:06] Brad Nigh: true, right? So now you’re dealing with an incident response with half of your staff and you already struggling for worried about cash flow and you can’t let it go by the wayside,

[00:19:19] Evan Francen: you bring up a good point. So, you know, in some instances, you know, if you’re not keeping your eye on the ball right, um it could be the final nail in the coffin for businesses. You know, I think there’s a certain percentage of businesses that just with information, with information security without they’re just not going to make it. Um you know, you think of, you know retail, um restaurants, bars, you know, americans, not to those people, I don’t, you know, there’s nothing we can really do other than, you know, be supportive. You know, if we know people personally pick up the phone, reach out to them, talk to them because they’re dealing with all those that other stuff too right? Like the isolation, the loneliness, the anxiety, the everything else that comes with them with it and then to lose your business to your dream, uh you know, maybe not being able to pay. I mean where you gonna get food, where you gonna get, I complain about getting toilet paper walk, at least I can afford it when I find it.

[00:20:26] Brad Nigh: Yeah,

[00:20:28] Evan Francen: these people, you know. So if, you know those people reach out to me, you’ve seen what jim nash has been doing, mm, everybody, Jim nash. So he, uh, you know, for the listeners, he works at fr secure. He’s kind of a one of their evangelists. He’s also a state Minnesota state representative and what he’s been doing, I’ve been following him on facebook is visiting all all these local small businesses and patronizing them, maintaining social distance, right? Being responsible. But also, You know, visiting with them, you know, keeping your six ft or whatever, uh, and and buying, you know, food and whatever, you know, trying to figure out what he can do to help. Uh, and then he’s been posting these videos on, yeah, he stopped by my house yesterday. I was went outside and here comes. You know, this car pulls up and I’m like, who the hell is this? And jim nash, what’s going on? Like I’m just working. Yeah, I get a selfie and yeah, he posted on twitter or whatever he does.

[00:21:35] Brad Nigh: That’s funny.

[00:21:38] Evan Francen: But we’re all in this together, man. I’m hoping what will emerge out of all of this will be goodness and not, you know, just the crap penis, you know?

[00:21:48] Brad Nigh: Yes,

[00:21:50] Evan Francen: So security fits into all of this. Uh, it does fit and, you know, imagine okay, he, you know, we’re already dealing with mental and physical health, you know, potential issues changes for sure. Um, the Attackers are increasing, you know, their frequency of attacks. They’re potentially the impact of these attacks. So they’re looking for weaknesses here to take advantage of people and it only exacerbate potentially exacerbates the problem. Right?

[00:22:27] Brad Nigh: Yeah.

[00:22:29] Evan Francen: So I know sometimes we think, you know, well, information security, when I talk about, you know, mental health or physical health and you know, security just not that important. Now, I gotta take care of my family. This is part of taking care of your family, isn’t it?

[00:22:44] Brad Nigh: I think so. I mean, you know, we know anytime there’s a disaster that the attacks pick up and now we’ve got, you know, a worldwide disaster, not just localized. Yeah, it’s not surprising to see this happen. Right? Sad, but not surprising

[00:23:05] Evan Francen: one. There’s nothing, there’s truly nothing to Whoa. For criminals. You know what I mean? There’s nothing that would stop that they’ll do anything for a buck. Is there anything for power And so you know, when you’re not watching? Yeah, they’ll, they’ll certainly take advantage of it. So businesses people. So one of the things and we’ll get to that in a little bit, but I created a diagram, you see the Bass and the barracuda thing,

[00:23:32] Brad Nigh: yep. Yeah, that I did see before, uh, yeah, that Tuesday morning. So I did it to look at that. I like it.

[00:23:44] Evan Francen: Well, hopefully something that sticks out, right? You want to be a barracuda, don’t be a bass. And if you want to know what we’re talking about. If you go to my go to my website heaven francine dot com and look at the show notes for today, there’s two diagrams. One is the bass and the other is the barracuda. In the diagram of the theory here is, well, you’re attention to information security may be dwindling or you’re distracted. The number of attacks is rising so it creates this gap and when you diagram it out, it looks like a bass fish. Yeah. You want to narrow that gap and to make it more look like one of those slender barracudas. Can you eat a barracuda?

[00:24:26] Brad Nigh: I don’t know, probably, I don’t know if I would

[00:24:31] Evan Francen: kind of bastard edible and I like you. Yeah, no, I’m weird, you know that. So, so we’ve got all these things, all these issues. And another thing, you know, the World Economic Forum released some really good guidance. I thought, uh, this, uh, if you go to we forum dot org and look for why cybersecurity matters more than ever during the coronavirus pandemic. It’s a good article that came out on friday.

[00:25:01] Brad Nigh: Yeah, it’s really good. I liked it.

[00:25:05] Evan Francen: Yeah. And you know, number one, heightened dependency on digital infrastructure raises the cost of failure now that we’re all separate. You know, we’re all, we’re all, we’re all relying on like you and I right now we’re relying on zoom relying on all these electronics. If there’s a big denial service attack right now that knocks us off line,

[00:25:28] Brad Nigh: Yeah, we had, we were seeing issues with overloading from zoom and teams and some like we, you know, we had some people that just couldn’t do the video and had to close the video streaming window where we had, we all had to turn it off because it was overloading their internet because it’s so stressed. So yeah, we’re already seeing that.

[00:25:51] Evan Francen: So being, we have this height heightened dependency, any significant attack just makes our problems worse. And I think what we’re all trying to do right now is limit damage. That’s the whole reason why we’re isolating and we’re doing this social things. We’re trying to limit the damage,

[00:26:08] Brad Nigh: spread it out, flatten it. So we don’t overload health care. I yeah, that’s part of the issue. People don’t get if you already, if you’re overloading that and then having security issues and you know, everything just kind of snowballs if you’re not if you’re not careful,

[00:26:26] Evan Francen: right? So what are things that people can do? We tell them to maintain their awareness? Don’t take the eye off the ball. What are things that we could advise people to do? You know, I think one of the things that came out last week during our two podcasts or to webinar, uh, we had a question, one of the people asked was, we have these projects, these information security projects planned, Should we postpone them or cancel them?

[00:26:53] Brad Nigh: Yeah. You know, it’s a business decision obviously at the end of the day, the same with anything else where an information security, they’re going to have to, you know, assess the risk of not doing it versus right? Doing it, but having other issues, it depends on what the project is, right. It’s like you said, if it’s like, you know, flashy lights and whatever, maybe that’s not quite as important right now as doing an assessment and making sure that, you know, where the holes are. Right? So, so it kind of depends on what you’re working on.

[00:27:33] Evan Francen: Right? Yeah, I agree. And I think just a lot of the basics, a lot of the fundamentals where I think you’ll find, you know, most real risk don’t take investments. They don’t take huge investment, Right? I mean, reaching out to your workers at home, uh, helping them secure their home networks or helping them secure there, uh, their home pcs or whatever it is that doesn’t cost a lot of money, He may not cost anything.

[00:28:01] Brad Nigh: Right. Right. I mean, well, it’s, well, throw it out there. That’s why security studio did this to me. And it’s two teams right now And we’re working on some stuff for businesses that small to midsize, like up to 500 employees. It’s very cost effective, too validate some of those things and look for the holes and make recommendations. And, you know, you’re doing what we can to try and help and not be part of the money grab this sales. Everybody’s getting so many sales calls right now from all the different software and hardware vendors about what they can do to help cool here there, but try to make something useful and Yeah,

[00:28:50] Evan Francen: well for us, for us it’s always been mission before money, right? So helping people providing value always comes before, you know, how much money we can make. You know, I’ve been thinking about, you know, since this started coming about is you know, once we’re through this once because we will get through this right, we will survive the world will continue to turn or whatever it does. The sun will continue to rise. What will that be like, what, what will that day look like and how will we be remembered in it? Mhm. You know how fr secure how well security studio will be remembered after this is all over. We’re the ones that kept pounding them with phone calls were the ones that kept spamming their inboxes, trying to get them to buy some kind of blinky light or whatever it is we’re trying to do or did we actually take a minute or more many minutes to try to help people?

[00:29:47] Brad Nigh: Yeah. Well I think that that goes to like you said the mission, it’s well, hey, you tell us, I know you’re getting hammered. You tell us how we can help you like what do you need? What are you struggling with, how can we help you address that as opposed to hey, here’s something that you need to buy a Oh yeah. Get rid of your risk and it’s got a I machine learning its next jim

[00:30:16] Evan Francen: right next gen we should all just wipe that from our memories forever. That word. Next gen

[00:30:23] Brad Nigh: yes. Out of an abundance of caution. You should buy this next

[00:30:26] Evan Francen: abundance of caution. All right. So from the world economic forum, number one was a heightened dependency and digital infrastructure raises the cost of failure. Number two was cybercrime exploit fear and uncertainty. Yeah. But not only does not only does cybercrime the criminals take advantage of fear and uncertainty. So do vendors.

[00:30:55] Brad Nigh: Oh, so much. That’s kind of where I was going with that is preying on that to sell. And I think that goes back on my, from the webinar last week. Yeah, there at this point being positive. But you can’t over communicate at this point with your employees who are in this super unique situation they have never been in before for the majority of them over communicate. Be clear in your message. Stay on point. Don’t, you know, constant zigzagging with your messaging isn’t isn’t going to help. So

[00:31:30] Evan Francen: right. And talk openly about fear. Talk openly about uncertainty. We’re all living with uncertainty right now. How many articles I’ve read about, you know, well how bad will it get. When will we recover all those things and everything, truly everything is speculation. There are no answers. We’re all dealing with the uncertainty. The only thing I’m certain about is that I’m alive right now. Yeah, I’m talking to you on this podcast. You know, I mean just back it up to the things I can stand on and you know, um, but don’t let fear and uncertainty. Don’t let panic because you to make poor choices right? If you’re about something, reach out to somebody, uh get opinions, it’s okay to be weak.

[00:32:18] Brad Nigh: Yeah, exactly. And t fits second. Take a breath. Okay, wait a minute. Right? Like you get that email that comes in and it’s got the fight in it. Don’t just click it. Take a second, be like, wait a minute. All right. I know that the attacks are going to be up. This is where communication for for security to the employees. It’s going to be key. Right? Take a second to think about these emails. Don’t just click links. Be careful what websites maybe even send out some valid websites to go to. I know that there was the one that was spoofing the johns Hopkins page that was downloading malware. Right? We’ll give people some links to go to because you know, they’re going to look for it. So maybe find some valid safe lengths in it out so they can bookmark them.

[00:33:08] Evan Francen: Yeah. And take your time to write. I mean that’s one of the things I see all the time with. You know, whether it being an incident response or whether it being something as big as this is people rushing, they panic, they rushed, they don’t make good decisions. That’s one of the reasons why we were out of toilet paper and we’re out of all these other things. People panicked and panicked, They don’t think and when they don’t think they go and do things quickly, a lot of that’s rooted in fear and uncertainty. So if you just take a minute, yeah, I think things through, um, I think you’re being a lot better, lot better position. Uh, number three from the world economic forum was more time online could lead to riskier behavior. Yeah.

[00:33:51] Brad Nigh: Well, yeah,

[00:33:56] Evan Francen: Yeah. So back to my own devices and hook them up.

[00:34:00] Brad Nigh: Well not only that, but you know, images in there. Are they going to be streaming shows? So they downloading things that they shouldn’t be doing right. There were no longer having that protection that you have at the office around your most likely or how are you, how are they connecting in? Is there a VPN that’s all allowing only your traffic through? It’s not right. Yeah.

[00:34:29] Evan Francen: Well, and somebody’s got to do something with their time. You know, I know one of the most dangerous things for me as a man is when I’m bored, I do stupid things.

[00:34:40] Brad Nigh: Right? Yeah.

[00:34:41] Evan Francen: Keep me on board and my wife knows that. So it’s nice to have somebody who holds me accountable close to me. Uh, so saturday. She gave me a whole list of things that I need to do around the house because she knew that I was probably going to be bored and when I’m bored I do dumb things. Um, and then I complained about it on twitter,

[00:35:02] Brad Nigh: about

[00:35:03] Evan Francen: my long listening things to do.

[00:35:05] Brad Nigh: Yeah, but you know, he said it keeps you out of trouble.

[00:35:09] Evan Francen: It does, it does man and I, and I thank God for her, you know, thank God for friends. You know, who know me well enough to say, hey man, some a little bit different. You all right. I think we need that with each other more. Check with your teams and ask that stuff. Uh, some of their things for, you know, in the world economic forum for things you can do. So what can we do number one to step up your cyber hygiene standards and talks about, I know Ryan RC cola for security studio wrote a nice article about keeping your work station clean. Like sanitized, like physically clean. Huh? Yeah. I’ve got hand sanitizers now in my office at home, in my office, here in my truck and, and I think in the kitchen at home. So what are you stepping up your sanitization stuff.

[00:36:05] Brad Nigh: Yeah. Like it’s a couple of times if I could go to the store, like one thing people don’t think about is, yeah, you wash your hands or use it. But did you do anything with your phone? Right. So you went to the store, you touch the cards, you’re on your phone, wash your hands, you pick up your phone give now just feel potentially re infected or exposed yourself. So I’ve actually been using those um you know the cart wipes, you wipe down the cart and then I’ll wipe down my phone like the case. Right? And so just what? Just little things,

[00:36:39] Evan Francen: What’s the guy that’s got to be 60% plus alcohol, alcohol.

[00:36:45] Brad Nigh: Yeah. And those are, you know, they have the pure l antiseptic wipes or whatever. So I’m hoping those are, I’m assuming those are going to do it. They say they do so

[00:36:57] Evan Francen: Well the good thing is is you and I are both under the age of 50 and the mortality rate For us less than 1% or fatality rate. So, but you know, again, I just I don’t mind so much me getting infected. I don’t want to get other people infected,

[00:37:14] Brad Nigh: right? I’ve got family, you know, to have our immune compromised, right? Not immediately or within my family siblings. Uh So I know the fear that my sister is going through on a daily basis because I mean it’s a legitimate like she’s young, she’s in her thirties and it’s a it’s a legitimate risk for her because she’s of what she’s going through. And so I guess being respectful and knowing what she’s going through and trying to be respectful to others that may be in a similar situation,

[00:37:49] Evan Francen: right?

[00:37:49] Brad Nigh: You know, everybody’s parents or grandparents that have to go out and get stuff you want to be respectful for them because you know, they are enhanced risk at the older age. Yeah. Why wouldn’t I do something simple to help others? Yeah.

[00:38:07] Evan Francen: It’s funny on saturday. One of the places that we checked out for toilet paper was uh J J. Kolstad from care 11 used to be with character news guy. Uh He said that there was newspaper, newspaper, toilet paper at all the, I was like, all right. So we went to all the nope wasn’t any, but then my daughter was hungry because I’m hungry. Dad, can we stop somewhere. I’m like, yeah, but before we leave all day, we’re going to wash our hands. She’s like, really? Yes, yeah, we’re

[00:38:42] Brad Nigh: gonna go eat, right?

[00:38:44] Evan Francen: I mean we were already we already we were already pretty good at hygiene and I washed my hands kind of regularly and stuff like that. But now he’s going to step it up. Right? It’s like top of mind.

[00:38:55] Brad Nigh: Yeah. I think the funny thing was somebody saying after this, the next step is going to be the wave of hoarding on lotion from all the hand washing that nobody had been doing

[00:39:06] Evan Francen: before. Yeah. People that stuff to take advantage. I don’t want to get into that. It just makes me off the cool thing is when I finally did find toilet paper at Walgreens, there was a lady in front of me uh And there was probably 10 left and there wasn’t a line or anything. Uh So she took two packages and I took two packages, you know what I mean? To package is not like

[00:39:33] Brad Nigh: The four packs or whatever.

[00:39:34] Evan Francen: Yeah, just enough. This will probably be enough to get us through the week, you know, unless I eat a lot of food or

[00:39:43] Brad Nigh: something.

[00:39:45] Evan Francen: Uh Yeah, I mean, and then I asked, you know the Walgreens lady, when do you, when do you get new shipments in? Because if I run out by saturday or whatever next week, will you have another shipment? So I can come back? So yeah, they, their shipments come in the Walgreens where I’m at anyway, the shipments come in saturday morning. Yeah, I’ll be ready. All right. So that’s one thing. Uh it is important to keep your workstation clean. Right? The things that you touch your laptop or

[00:40:14] Brad Nigh: your keyboard.

[00:40:16] Evan Francen: Right. Absolutely. So, And there’s lots of good tips on how to do that. I was mentioning, you know, Cola wrote something on the security studio. He’s been creating content primarily for K through 12. Right? They’re going to have a big issue because they’re going to have to repurpose systems, Right? They’re going to, students are gonna come to pick up computers and then when computers are broken, potentially. Love to bring to the school and tech people off to fix them and they’re gonna be transferring computers will be really important every time you transfer a computer to wash it and wash it down, but sanitize it

[00:40:49] Brad Nigh: right? Yeah, it’s interesting, you know, my daughters have ipads through the school, so they’re used to doing that. So the E learning for them won’t be that big a deal I don’t think. But it was interesting to read the schools communication on if you have a hardware failure, here’s what’s going to happen, basically have to schedule a drop off and then they’ll, they’ll get a new one and they have a process in place to, you know, wipe it down and make sure it’s clean. But yeah, it’s going to be for the school districts that didn’t have this, we were seeing it there, it’s going to be really tough.

[00:41:26] Evan Francen: Well in a shout out to, so I know the school district you’re talking about Minnetonka school district, you know, shoutout to also, you know, my school, the school district that I, my kids for one kid goes to now is bocconi school district, shout out to them to I know shout out to all our teachers man. I mean those those people, they don’t do it for the pay

[00:41:48] Brad Nigh: right,

[00:41:49] Evan Francen: right, because they love our Children, they do it because they want to create the next generation of greatness and uh, you know, my heart goes out to them, heart goes out to all the first responders. The people working in healthcare people that are putting their lives in danger every day for all this stuff man. I complain about, oh, I got to stay at home and uh, you know, watch netflix, you know, I mean seriously?

[00:42:14] Brad Nigh: Yeah, it’s easy to forget how good you have it sometimes when you get, like if you don’t look at the big picture, right? Just understanding

[00:42:23] Evan Francen: I was talking about and I was talking to my wife about that too, about how I think we were spoiled in America. We took a lot of things for granted. We were privileged, you know, have this uh, whatever that what’s that word when he, when you’re privileged, uh

[00:42:41] Brad Nigh: whatever,

[00:42:44] Evan Francen: it’s kind of, it’s almost kinda nice for us for some of us, some of us are really, truly suffering right now, but for the others get over it I guess.

[00:42:54] Brad Nigh: Yeah, well, like, like I said, I was mentioning how like I was by friday afternoon, I was fried, right? I got three kids at home. My daughters are amazing watching our son. I mean, overall very little issue, they were very respectful. Hey, I’ve got a phone call, whatever they were quiet. They were, you know, when we did the webinar on friday, they all went upstairs and we’re playing quietly in one of the rooms because they know like not to interrupt and you know, it was kind of uh being over the weekend. I said, oh my gosh, she’s talking to my wife, I’m done like I have nothing. This was exhausting. I had it so good. I’m not worried about right. Think about the restaurant workers are all these others that are like, I don’t know if I might even be able to make payments or have a job tomorrow and I’m complaining that I had to like Juggle work and three kids, you know, it kind of puts it in perspective and you know, makes you, I realized how lucky. Yeah, we are.

[00:44:07] Evan Francen: Exactly yeah, exactly. So the other two things from the world economic forum on the cybersecurity things is to be extra vigilant on verification. So you hit on, you know, real well bred where take your time, verify, validate links. If you don’t know how to do that, ask somebody verify and validate the source of emails, the sources of phone calls, texts, all those things. My rule of thumb has always been um if I didn’t initiate the communication, I don’t give out sensitive information if I want rather than the bank calling me and asking me for information or money, I will look up the banks phone numbers and and calling myself right, I’ll initiate that communication. Same thing with email. Yeah,

[00:44:57] Brad Nigh: I’ve done that with the bank. I use it rather not mention about they’re good but they called when we were looking to buy the house, they call them and say, okay, I appreciate it. What’s the reference number and I’ll call back and but no totally understand here’s how you get a hold of me and call the main number on you know on the card or the website and then got through to him. Nice. So yeah the good ones will will be used to that or should support it.

[00:45:26] Evan Francen: Yeah. Pay attention and if you do make a mistake uh contact somebody you can certainly contact us. We don’t work you know we can contact our secure or security studio or contact somebody you know who can help you. I’m not going to be in this situation so because we all make mistakes man. I mean we click on things that we didn’t mean to click on oh crap I you know fell for a phishing attack contact somebody and have them help you or you know if you know how to react if you know how to deal with it and deal change your password whatever you need to do. Yeah. The last thing was to follow official updates you know with all the misinformation. Disinformation going on in the world today. Um find official. You may not agree with all the things that they’re saying but they are reporting facts, right? Is reporting facts. The World Health Organization is reporting facts as they understand them. I would be able to discern fact from you know other things opinions but follow the official.

[00:46:39] Brad Nigh: Yeah yeah I think um like I said set out some good links like the Washington post has made there’s free. I’ve seen really good reporting from them. The world Health Organization uh in the C. D. C. Right? But whatever it is, make sure it’s it’s good. Right?

[00:47:03] Evan Francen: And I asked the I asked Brandon and uh Andy en fr security trade up this uh the covid resource age on fr secure site. Yeah. Because we’ve already got resources to put their we’ve got our open letter to um I guess the world I guess it’s all. Yeah. We’ve got our two webinars we did last week with some really good helpful tips were really well attended. Um We’re starting, you know this daily insanity check in which I think will be more content. We just yeah that would be a resource where you could go uh you know to kind of uh and if there’s something you want or something you need let us know.

[00:47:49] Brad Nigh: Yeah that’s what we’re doing that. Unfortunately I’m not gonna be able to make the one today. But the daily uh insanity. Yeah. Live live chats.

[00:48:01] Evan Francen: Yeah. I mean 30 minutes, right? 30 60 minutes a night. And and there will be times when I won’t be able to make it to and Ryan won’t be able to make it but we’re just getting together and trying to talk some sanity in this crapshoot. Right? Right? So that’s that another plug for us to me is on the agenda I do want to, you know there is no catch as to me is free if you’ve got time on your hands, There’s two things that S to me does, I think really? Well one is uh it quantifies what information security risks you have at home. Uh and I think it’s also a great education tool, right? If there are questions on the s to me that you don’t understand or don’t know how to answer, that’s a great education opportunity because there are questions you should be able to answer. Mhm. Yeah. And then the S2 team peace is just help organizations who have this remote workforce. Now how do they quantify all the estimates? Right? People at home uh in a way that’s not going to violate their privacy, Right? Right. So we can’t share individual responses for people at home with their employer, but what we can share is aggregate responses right out of your 50 employees, they 39 of them answered this way, it gives you some good and what you need to train them on, you know what I mean?

[00:49:28] Brad Nigh: Absolutely.

[00:49:30] Evan Francen: So if you don’t know uh it’s https colon slash class is to me and me dot io that’s where you want to go get it. And that’s one and that’s for me that’s one thing, you know, I want to help as many people as we possibly can with it, but I also want people’s feedback, I want people’s input. One of the things I got this uh weekend on twitter was a guy wanted to go and try it and he got to the registration page and said no I don’t want to register you know he disagrees with the fact that you have to register to get the assessment.

[00:50:08] Brad Nigh: Mhm. Well yeah I can see that but at the same time the user five minute email use one of the disposable emails. The only reason it’s registered is so that you can go back and

[00:50:21] Evan Francen: exactly we want to create a absolutely because we know that people are creatures of habit right? You don’t build habits after doing an assessment once so we do want people to come back on a regular basis because and the world is changing. New threats are emerging. Yeah

[00:50:41] Brad Nigh: the assessment is going to change

[00:50:43] Evan Francen: for sure actually I was working on that earlier this morning just trying to figure out some new qualification things. And then Also thinking about you know how the S. two orig you know the traditional S. Tuareg assessment had everybody in the office.

[00:50:58] Brad Nigh: Yeah. Oh yeah that’s been a

[00:51:00] Evan Francen: now it’s changed. How do we account for that?

[00:51:03] Brad Nigh: Yeah that’s been a huge thing that we’ve been going through and I know we’ve gotten things from you know the pc I. Counsel and some others on how do you address it? So it’s it’s different.

[00:51:15] Evan Francen: Absolutely and you have to account for that. So all right so next week I’ve got some things. I’d like to you know just kind of lay some ideas out there for next week. Maybe a guest. I talked to a guy last week who does Executive protection, Executive physical protection. And I thought you know, the guys really interesting and one of the things, you know, we talk about physical protection versus digital protection. You know, you can’t separate those really.

[00:51:46] Brad Nigh: Yeah.

[00:51:47] Evan Francen: Your advice he’s given.

[00:51:50] Brad Nigh: Well, we’ve had some conversations with with some executives on like, you know, what could you guys come in? We’ve got somebody who does the physical right? They do that. Could you guys come in and do An hour or two walking through and checking things and making some recommendations. So there’s definitely started to be more excusing interest there. And we’ve had it even from just parents at the school talks I do. Right. What should we be doing? There’s nothing out there. Help. Right. Right.

[00:52:23] Evan Francen: So maybe a guest next week I would like to talk maybe next week. And you know, it will be your show unless we don’t get a chance to and then I can write the notes to I don’t mind. You know, there’ll be days when I won’t be able to do it too and you’ll we load the need for each other. But I’d like to talk about what happens on the other side. What do we think the world looks like once we’re through this uh you know, one of the things that I believe is there’ll be a some percentage of people that will never come back to the office. There’ll always be work remote now. Yeah, I agree. I don’t know. Yeah, we’ll talk about that and then we’ll talk about the daily and sanity checking update because our first one is uh, today we’ll, you know, we’ll do them every day. It’ll be five this week. Let’s talk about how that’s going. What are we learning from people? Yeah. Uh, yeah. What do you think?

[00:53:17] Brad Nigh: I like it? It will be interesting to say I’m looking forward to those to see. Hopefully there’s good participation and uh, I want to, yeah, I want to hear what other people are struggling with or what their thoughts are.

[00:53:32] Evan Francen: Yeah, me too. And I figured if nobody shows up eventually, people will. I think we’ve already got quite a few people signed up, but I figured when we started, worst case it’s just me and you or me, you and cola Mhm.

[00:53:50] Brad Nigh: This is whoever just get

[00:53:52] Evan Francen: going. Yeah, I mean, that’s good for me too, man. You know what I mean? Therapy fucking to you guys

[00:53:57] Brad Nigh: agreed.

[00:53:58] Evan Francen: Alright. So the world hardly any crazier than it is today. I think, uh, you all you seriously for all the listeners do everything you can to maintain your health or restore your health. If you’re not feeling well if you’re sick. Um, let’s get some non covid related news I’ve only got three stories and then we can wrap up this episode.

[00:54:20] Brad Nigh: Sounds good.

[00:54:21] Evan Francen: So the first one I’ve got is google addresses high severity bugs in chrome. All right. Chrome I think is the most popular web browser today, I’m pretty sure it is.

[00:54:34] Brad Nigh: Probably.

[00:54:36] Evan Francen: And and the point here, the reason why I wanted to point this out is just because, you know, we’re dealing with, you know, Covid and everything else going on. Uh You got a patch?

[00:54:47] Brad Nigh: Uh Yeah, how are you going to accidentally?

[00:54:50] Evan Francen: Right. So these security updates, this is version 80.0.3987.149 now available for download. Uh And google also has announced in Microsoft followed suit with their browser that they’re pausing any upcoming releases, google in this case chrome and chrome os due to the outbreak, so they’re only going to be doing maintenance essentially. And fixing bugs. Right. Yeah. So no new versions really coming, wow. This this released 13 security vulnerabilities. The most severe one um is one that affects web G. L. This one was identified by David can’t say his last name, but it was part of the bug bounty programs. So bug bounties do pay off. Mhm. You know, in my opinion, if you if you are writing software uh create a bug bounty program. Uh Yeah because the one thing it does get for you as it gets the good guys usually are participating in bug bounties but it also gets this responsible disclosure, you know, when when an attacker does find something and they’re interested in that bounty. They’ll notify the company and you’ve got a process to follow for that as opposed to I won’t know unless tom hacked.

[00:56:17] Brad Nigh: Right? Yeah, that’s not fun. No.

[00:56:22] Evan Francen: So anyway, that’s that’s google. Patrick google. Pastor chrome chrome chrome os Patrick google be funny. We’ll go. The next one is Russian intel Agency FsB contractor is hacked sensitive data late online. So it’s not just americans. Mhm. It’s not just the NSA that gets this.

[00:56:48] Brad Nigh: Yeah.

[00:56:49] Evan Francen: So third party uh information risk management is also important for Russians

[00:56:57] Brad Nigh: shocking for everyone who could have predicted that. Right?

[00:57:04] Evan Francen: Uh Well in this case um Yeah, it’s kind of nice. I mean I’m not anti anybody per se but you know, Russia, United States um china we’re not friends, right? I mean we’re sort of cordial, we have to live together, but it’s sort of nice to see that, you know, it’s not just us. So and where we found that is hack read dot com. The title is Russian intel agency FsB’s contractor hacked sensitive data leaked online. What was the data, you get a chance to read this article? I

[00:57:45] Brad Nigh: didn’t I didn’t go into it. I just read through it. But I didn’t look too deep. That’s one of the things that I would do is I uh the mental health not trying to not focus on work and have some separation.

[00:58:03] Evan Francen: Exactly way there’s that. And then uh the last is a brand new virus that incorporates a hacking and back door modules.

[00:58:14] Brad Nigh: Yeah. Uh I could say we’ve worked on some double pulse are or ultra pulse are incidents and it is it’s nasty. Uh So this doesn’t make me very excited.

[00:58:30] Evan Francen: No, not at all. It’s called Crazy coin. The crazy coin. The leverage is eternal blue. Uh that exploit kit, it’s got it’s not just a virus but it’s also got a worm sort of capability to spread across targets. So this is the hacking. Use the title is a brand new virus that incorporates mining, hacking and backdoor modules. Crazy coin. No, to say about that. Uh you just got to keep your eyes open. I’m sure you know, the number one way to get malware into your system today is still email. Mhm. Right, so opening attachments, um clicking links, you know, things like that. So it’s your normal sort of basic hygiene things that oftentimes will protect you most of the time. Yeah, the it does use the double pulse, our back door so you can patch your system if you’re up to date on your patches.

[00:59:33] Brad Nigh: Right? It’s amazing how many people still have it open, you know,

[00:59:37] Evan Francen: and don’t run your system as uh you know, as a privileged user, right? Being non edmund? That’ll help a lot too. But those are basic hygiene things uh Follow those basic hygiene things. Take your ass to me follow the things in the S to me that will protect you from 90% of these things. But anyway, it’s a nasty one. You’re right if you get it, I don’t know who break. Yeah, I don’t know if I saw this. I mean, I don’t know what I do on my own system. I think I’d just be all right. We’re done for the day,

[01:00:17] Brad Nigh: yep. Personal system just nuke it. You’re done

[01:00:20] Evan Francen: Exactly. The corporate system, I guess. I don’t know if I was at home. I guess I’d shut my system down because I’m probably not going to get somebody on support quick and I can’t one going on.

[01:00:34] Brad Nigh: I can’t afford you can’t afford it. Right, that person. But well,

[01:00:40] Evan Francen: that’s the Attackers though, man. I mean, it just proves our point that the attack are getting the tax aren’t going away. They’re becoming more common and they’re getting worse. Right? So pay attention. All right. So, they have an episode 72. Thanks for listening. Uh, we’re wishing everything every wishing everyone uh certainly health and sanity. Uh we love hearing from you if you’ve got something to say you want to be a guest on the show. We got, you know, whatever email us at unsecurity@protonmail.com. If you’d rather do the whole social thing like twitter, I’m @EvanFrancen and brad’s at @BradNigh check out @StudioSecurity and add up our security, we’re trying to do everything we can to help without causing panic, without causing fear, without causing it. You were trying to bring certainty without taking advantage of people without spending, you know, people having to spend money if possible. Uh but they’re always posting good things, he’s safe. That’s it. We’ll talk to you again next week.

Working From Home Cybersecurity Concerns

UNSECURITY Episode 72: COVID-19, Health, Bass vs. Barracuda

About

Work with Us

Resources

Contact