So Jeanne, would you like to introduce our guest today?

I do.

I'm so excited.

We just touched on some things right before we got live.

We have Natalie Berthe with cybersecurity for humans.

It was really interesting 'cause we were talking about like general

cybersecurity and things that people think that they need.

Nathalie is going to enlighten us on what we actually need.

So I'm gonna tell you a little bit about her.

Her company, they take a people-centered approach to cybersecurity.

They teach people what they need to know to help mitigate the 95%

of cyber breaches that are caused by humans and their bad habits.

We do this in a way that's fun, interesting, accessible, so that regular

humans can understand and apply what they learn, which I can honestly tell you

is so valuable, and so needed because it's a big black hole for some people.

So welcome, Nathalie.

Lovely.

Thank you.

Yay.

So when people think of cybersecurity, they think it's

really complex and expensive.

And to be fair, right?

This is what the industry, like, everyone that's been worried about it

has always worried about the backend.

And so we're like, oh, we've got our McAfee, our Norton Utilities or

whatever running on our computers, and that's all we needed to do.

Past tense, right?

That's all we needed to do.

And so when we think of cyber, it's always separate from us, right?

We've got cyber warfare, we've got cyber this, we've got

cyber that and cyber breaches.

It's all talking about the backside technology side of it.

But the reality is that every study every year that I have looked at for the

last, I don't even know how many years that I've been studying and working in.

As mentioned that the number one problem, the number one

problem is the human element.

Human.

We call it the human factor, the human element, the human errors, right?

It is.

And by number one, that's where the 95% comes from.

It is literally the number one cause.

95% of all breaches can be literally traced back to something

that somebody did or did not do, they shouldn't or should have.

My password, should that be password?

1, 2, 3, 4.

Yeah, that's a big one.

That's a big one.

Like we laugh, right?

Yeah.

So tell us what is the secret to having a very solid password?

Well, the secret is actually is that you don't create them . You don't create them.

Every password needs to be unique and long, and conventional wisdom says at

least, I mean, some will say as few as 8 characters, but, or 12 characters, but

really it should be 16 or more characters.

The random combination of lower and uppercase letters,

numbers, and characters.

And honestly, one of the most frustrating thing is they're like, "use a character".

And you're using a character and they're like, "not that character".

So you use another character and they're like, "Nope, not that character either".

I was like, could you just tell me the characters I need to use?

Right.

Yeah.

And it's hard, right?

Because people wanna remember their passwords so that they

don't have to think about them.

But this is why I recommend that you use a password manager, which

literally manages all of your passwords.

I have, between my kids and me, I probably have, I don't know, 300 plus accounts,

like it's a gazillion accounts, so many, and I don't know any of those passwords

because we always use the password generator and then it gets stored in last

pass, and so I don't have to think about.

That's what we use too.

We recommend it to all of our clients and I probably, we should probably be

talking about not only is this really good for your business, but it saves you time

because you don't have to type anything.

It pops in.

So that's the trick is you don't create them at all and don't use

the browser password manager like Chrome and whatever that saves it.

I would do a third party 'cause that's really how you end up.

You do need several layers of separation just to make it a little

bit more complicated for the bad guys.

Because what I hear from hackers is that if you can stay, unless they really

wanna come after you for some reason, which that's a different issue, right?

That's personal, but I'll explain what the problem would be.

If, for example, you use Chrome, which most of us do, and you have a Gmail

account, which most of us do, and a lot of us keep our Gmail accounts open

because we're constantly going back to them throughout the day because

your Gmail isn't just your Gmail.

Your Gmail opens up everything with Google.

And so what ends up happening is if you start saving things, there's

a dual thing issue going on here.

If you start saving things into your browser, right?

Not only may you be, you might be saving them in the wrong account.

So now you've got separate accounts and I'm like, "oh God, which one did

I put in my password for something?"

But because you have your email open, essentially your browser is open.

And so that now, if somebody wants to, because some of the malware that's

coming down and the ransomware that's coming, well, it's mostly malware

that's coming down, is figuring out how to hide in the browser.

And so even though Google has an actual team that goes out and looks for a

vulnerabilities in different companies and different places, literally

that's what, that's all they do.

It's Google Zero, what they call.

Or something similar to that.

And you know, there's still problems.

So not that long ago, actually, maybe two months ago, they just announced

that North Korea had developed a malware that was targeted to people who studied

North Korea, nuclear disarmament, and anything that might be of interest.

And then they would send really official looking documents and

somebody would click it open and it would go and hide in the browser.

But the way that it was set up is that because it was coming from the

inside, scans would miss it because scans are looking for, scans are

looking out, they're not looking in, and so it hid in a special way.

And so people were having their emails hacked.

and if North Korea is figuring out how to do that, specifically targeting

people that they wanna do, who's to say that somebody else isn't

gonna figure out the same thing?

To just do it generally.

Right.

So we just need to be really careful what we put and where.

Does that make sense?

Yeah.

Am I making sense?

Absolutely.

Yeah.

What would you say would be the second thing that people need to do?

So safe passwords, use LastPass, multifactor authentic.

Oh, absolutely.

Now I'm a fan of LastPass.

We were all talking about LastPass ahead of time.

I found out I had a great conversation with somebody who

does the tech side of this stuff.

But the thing that we wanna do is as many accounts as we

can, do two factor multifactor authentication as we possibly can.

We don't wanna use the LastPass authenticator.

The reason is you don't want somebody to have every access to everything, right?

So this is where I was talking about multiple layers, right?

So you use LastPass and then you use multifactor authentication.

There's a whole bunch of apps that are free.

So instead of going to your sms, your text messages, it goes to this account.

And oftentimes what they do is they'll change the code

every 60 or 30 seconds, right?

So it's really hard to kind of get in there.

But MFA will take care of about 90% of the problems that if somebody is

trying to break into your account.

And then there's so many lots of little things that we can do.

You know, phishing is a really big thing.

Like be careful who your friend online and who you receive emails.

I always tell people, if you're a business person, you need at least 4 emails.

One for your personal stuff, one for your personal junk, and that would

be everything from paying bills and newsletters and all that other stuff.

Sometimes you split it up and then one for business and one for business junk, right?

So for some reason, and one of my accounts all of a sudden just started

getting a ton of like random kind of junk emails about EFPs and crypto and

stocks, and I would unsubscribe, like no one I hadn't subscribed or unsubscribe.

So today I just started blocking them.

Is that a good thing to do?

Yeah, you can.

The problem is that if you actually go through and see they're from, they're

from a whole bunch of different accounts.

So I would keep unsubscribing and blocking them, reporting them

to Gmail or whomever you've got.

Cause there's actually now a, a way that you can do that.

But if you block it, it'll automatically get reported.

And so they'll start filtering out on the other end.

The problem is those guys just keep, they make, you know, cause

it's all done by robots now, right?

Yeah.

So they're making up accounts as fast as you can block them.

But if you don't respond for a certain amount of time, eventually, they'll just

realize that you're not exciting for them.

But I have my junk email address.

The problem is that once it gets onto a breached account,

it's, it's a legitimate email.

And the best way to check on this, is people always get a real kick

out of this, is you go to a website called, "have i been pwned"?

It's H A V E P have I number?

The letter I pond is P W N E D.com and if you go into that and you put in your email

address, you'll see all of the breaches your email address has been involved in.

So what if your work email ends up getting in tons of breaches?

. That's a tough one.

That's one of the reasons that I recommend that people have

multiple work email addresses.

Even if you don't wanna pay the six or eight or whatever,

$10 a month for each one.

So depending on your options, you can just use a regular Gmail account,

you know, that would work as well.

And then you just have to be really patient and just clean it

and make sure, like at that point you unsubscribe with everything.

The other thing that people don't think about is that we should not

be using our primary email address for most of our social media.

It's easier to log in, but social media, um, there are, the problem with a lot of

social media is it's really easy to hack.

Well, Instagram, Facebook, and TikTok get a lot of accounts get hacked because they

have third party apps that are attached.

And what the third party apps do is like, hey, here's, and some of them are

just like fun games and stuff like that.

But some of them feel like they're supposed to be important and they're not.

And so like the real cleanup comes in, remove all those third party apps, right?

Change that email address to just a Gmail account because

you're not checking that account.

And then you can put in passive, and then you put it in LastPass, right?

That says, Hey, all my social media are on this account.

Right?

That's a secure notes for yourself to remember which one has what, and that's

how you end up starting to clean that out.

It's a process.

It's sort of like going through your junk room of 20 years of

stuff in the garage, right?

It's time to start cleaning this shit out.

Yeah.

How often do you recommend changing passwords from

your email and social media?

You don't need to.

It's a fallacy that you need to change them regularly.

LastPass recommends about once a year.

Okay, that seems fair, but I don't always change it once a year.

But there, there are a couple times you really, really wanna change it.

As soon as you find out that your email address has been involved in a breach

with that account, that account should get the password changed right away.

For example, They're two good examples.

Like DoorDash got hit this summer, Twitter, DoorDash, they were

all getting hit this summer.

And if even though they didn't get away with a whole lot of stuff, I would say

you changed the password just in case.

Right.

The guy who, or the person who broke into Uber, I don't know

if you heard about that breach.

The guy he breached.

He or she?

They?

I'll just use they.

used breach Uber and they literally managed to get into

the hard coded section of Uber.

They could have taken care, they could have taken over everything.

There hasn't been an announcement that they actually stole anything.

And considering that they broke in, figure out how to get through everything, and

then announced themselves on the employee slack channel that they had broken.

And what Uber did, is it because it was hard coded into their system, was

essentially when this person broke in, it was like they had the master key to every

door of every building that Uber had.

Wow.

It was major for that reason because there should have been several firewalls.

My favorite is this person, the hacker actually, also managed to take control

of hacker one, which is what people when, so what a lot of these large

companies will do is they'll pay money for what they call bounty money for when

somebody finds a breach or a problem.

And so it says, "Hey, we didn't know about this vulnerability.

We're gonna pay you for it."

And some of these pay thousands and thousands of dollars.

Right, because these are breaches that could potentially

cost the company millions.

Yeah.

He took that one over too like he literally had everything.

Wow.

Okay.

Wow.

So is there a, like a central place that lists all the breaches that happen?

Or right now the best thing to do, just check your email address?

Well, that actually, that website has a lot of stuff that's going on.

There are some websites that are listing them.

The problem is that there are so many, and some of them are just small.

Like if you've had somebody ransomware your computer, right?

And let's say that you've had a thousand clients over the last 10

years, that's technically a breach.

They've breached your system, right?

Depending on where your clients are, you are required by law to inform them

that your computer's been breached.

The truth of the matter is that most small businesses would never

do that because they know that their reputation is at stake.

Do I really wanna be doing business with somebody?

Do you wanna do business with me?

If I have to tell you that my accounts have been hacked, right?

Even if it's my, even if it's my bank accounts, right?

If you can't even manage to keep your bank accounts safe,

then what about the rest of it?

There's just a huge stigma on that.

55% of Americans said that they would not do business with a company

that has been breached, although I doubt that's actually true.

But it's what they say.

So are Macs or PCs different in the way that they, security wise.

So that's a really interesting question because everybody assumes

that being on a Mac is so much safer.

And when you're talking about viruses, it really was for a very long time

because viruses, they like to track in through whatever you're doing and start

hitting up the operating system and there were not as many Macs as there are PCs.

So everybody, just like the hackers, if you really wanna be, be a big

slash, you're gonna go for the biggest opportunity to make something a hot mess.

And then Linux is another one that's also had problems.

But the fact of the matter is that all, everything now has problems that maybe

still there's, it's outweighed towards pc.

The bigger issue today, like we still all have to worry about viruses.

But that's not the number one issue.

The number one issue is actually phishing.

And that doesn't matter whether you have a PC or an Apple

because you have invited them in.

Right.

How does that work?

What is phishing?

Phishing is when a somebody sends something.

I send you something, you didn't ask for it, and it's a fake link.

It's like you click open, either an attachment or there's a link

that sends you to a page that you think is legitimate but isn't.

So say for example, you have an account with Bank of America and Bank of America

says, "Hey, you've been breached.

You need to go and change your information.

Here's the link."

and you click on the link and you go to the page and the

page looks totally different.

I mean, so the exact same thing as you would go in.

So you go in and you start changing information.

What you didn't notice is that it says Bank on America, because you

quickly looked at that it looked, it looked almost exactly the same.

Right?

Yeah.

And so that's what the phishing does.

It starts collecting information or stealing things, and sometimes it

adds ransomware to your computer, which then freezes it all up.

It says, "Hey, you have to pay X amount of dollars in cryptocurrency

before you know we release it."

Although apparently the ransomware people out there.

they've gotten very polite and they're now giving people time to collect the

money because the ransoms are much, much bigger than they used to be.

Right?

Like we won't even tell anybody that we did this if you just give us the money.

The problem is that everybody is getting involved and this is what people don't

understand, but is everybody involved?

Governments organized crime, hugely involved.

It is way easier, way cheaper, and much more profitable to do

ransomware and cyber attacks than it is trying to get drugs over the over

country lines and sex trafficking.

Right?

That's still happening cuz there's a demand, but it's ways easier to hire a

bunch of out of unemployed hackers to just go start stealing money from people.

Why not?

Right?

Mm-hmm.

So, yeah, so everybody's involved in it and it's a really, really big thing.

It's like, don't even take it personally, they're just coming after me.

A person.

Yeah.

Right.

So I guess my next question was about credit cards.

Yes.

So whether it is, if you're a business owner and you're getting someone to

buy something and you're like, oh, well give me your credit card number,

you're gonna repeat that number.

And what happens is if you have Alexa or what app your phone's listening, or

even you, you give your, your credit card information to someone over the phone.

So what kind of security issues does that entail?

Well, you mentioned them all, like those are some of the big things.

And the theory is that, well, it's Alexa, that Alexa's not gonna be Alexa.

Alexa's listening to everything.

Right?

I am not a fan of the Alexa, Echo, kind of thing.

I can press the extra button on my computer if I really want.

On my phone, if I really wanna listen to music.

I think it's Stripe made the announcement that they are going to up

the charges for, they used to do this, but then they stopped for a while.

like all of them.

If I manually enter a credit card versus if you put in the credit card.

So for example, when I work with people, I don't take their credit cards and

everyone's like, and every coach is like, you should take the credit cards, make

sure that you're getting paid, right.

Oh, no, I will not do that.

I'm going to send them an invoice and I'm happy to stay on the, you know,

my invoice is ready to go while I'm on the phone with them and I will send it

to them and I will wait the extra five minutes for them to go, oh yeah, I got it.

Paying it right now.

Here it is.

Yes.

But I haven't had a problem with anybody doing that.

But then this way I never touched their credit card.

Exactly.

I don't see it.

Yeah.

A lot of companies will now offer one-time credit card numbers.

I know Amex does it.

I'm pretty sure City Bank does it.

Like everybody wants to be able to do that because if there is fraud,

they're the ones who were out and it is a multi-billion dollar problem.

We do the same thing.

We send an invoice and I know that everybody out here is like, while you've

got 'em on the phone and you solved their problem and they're excited,

take their credit card information.

Well, my background is mortgage, and I'm like, do you know

how much liability you have?

I mean, you know, if they, if they're hacked, they can blame it on you.

Well, I use my credit card since I gave it to you, and now then

I've got all these expenses.

Or again, you, all these devices in people's homes are listening.

And so I just feel like it's such a big risk.

So everything for us is either, through a PayPal invoice or a Stripe invoice,

because we don't even wanna be able to see their credit card information

in the back end of our software.

Sure.

We want that layer of protection for them and for us.

Right?

Absolutely.

Absolutely.

I completely agree with that.

It's a, it's an interesting problem, but it's a problem nonetheless.

Yeah.

Um, and we just have to like, if someone's just not gonna pay you,

they're just not gonna pay you.

You just not kind of need to suck it up.

But the fact of the matter is, most of us are not certified as PCI compliant, right?

So we should actually have no physical records of their credit card numbers.

Yeah, my, the whole Alexa thing and Echo breaks my heart 'cause I love the idea of

it and the technology behind it and just asking Alexa to play this or turn that

up or turn that down, it's terrifying.

Yeah.

Yeah.

And I think about all the security systems that people are putting into their houses.

I don't think any of that would make me feel safer.

I think it would make me feel less.

Like the doorbell thing and all that's wireless.

You have issues with all of that?

Well, there's several problems with that.

Have you heard of the term IOT or Internet of Things?

Mm-hmm.

? I have not.

Okay.

So this is, this is one of the things I really like to do and why I like to

talk about cybersecurity is because IOT sounds really complicated.

Internet of things.

It was like I, you know, I thought it was a lot more complicated than it was.

It turns out it's simply everything that's connected to the internet,

that's not your computer.

Right?

So that could be your coffee maker that you press a button

that says, Hey, you're ready.

I'm ready.

I'm upstairs in my bedroom, start making my coffee.

So it's done by the time I come downstairs to your alarm system to Echo and

Alexa and all of those things, that's all called the Internet of things.

And what happens is that most people do not change the factory settings

for the internet of things, which is what makes them vulnerable.

And so they don't even change the factory settings on their routers.

They're like, well, my router says it's got this really

great complicated password.

Yeah.

But anybody who comes by can take a picture of that.

And now you've got someone who can use your router as they want to, or they'll

put in their thing, Hey, Smith home.

No, you don't Put Smith home on the, the name of the router.

One of the things we wanna do is that we have people coming to our home and they're

like, "Hey, can they use your wifi?"

Always set up a separate network.

If you've got kids, strongly recommend that you set up the separate network

and they use the guest one, especially if you're working from home.

So I heard the phishing things happens more on my cell phone

than it does in my email.

That's new.

That's actually called smishing.

There's whalephishing, smishing, and phishing, phishing is P H I S H I N G.

And so and so there's catfishing and phising.

And there's whalephishing and spearphishing.

Spearphishing is someone's going after someone, specifically whalephishing, is

trying to get somebody who's like really rich or super influential for some reason.

The Smishing is the newest, latest craze.

I get it all the time.

I get a ton from Amazon, but of course, if you look at it, it is not actually

from Amazon, and they call it Smishing because it comes through s m s.

Yes, that's new.

That's a new thing.

You know, making sure that you're getting rid of emails that you don't think are

secure, changing your email addresses using LastPass, these are all things

that, like you said, it's a process.

But if you start now, each time you implement something, you're

just making yourself safer and safer and safer from having issues.

And I think as a business owner, we have so much to worry about.

It's nice to know that you're doing all that you can do to keep everything else.

If you've got good security, that's actually a competitive advantage.

I was talking to a friend of mine who owns a large accounting firm here in DC.

And he was like, most of my peers don't do this, so is there an easy way I'm

hoping to go into Chrome and just go into passwords and just delete everything.

When you go into the little, you hit the three little dots on the side,

and then I think it's going on to.

Settings.

Yeah, you go to help.

And then if you go to privacy and security, and that's gonna be a list

to clear your browsing security.

And I think one of these has the website, the passwords in it, and then you can

see it and you can see the ones and make sure they have it in LastPass.

And then you can ask Google to stop asking and Chrome to stop asking you to save it.

You should do it on your phone too.

Excellent.

Great.

This has been amazing.

I am so excited that you are our guest here.

Thank you.

I'm hoping you'll come back and have this conversation with us again next

year, because I feel like Yeah, I do.

It's so important.

It's something that we constantly need to always be conscious of and

then always look to improve on.

Yeah, absolutely.

Absolutely it is.

It is only going to get worse.

Yeah.

And people just don't think it's that big of a deal.

But I actually was kind of joking, but it wasn't really like, how much money

have you lost because you're spending time having to fix it over because people

are not going to do business with you.

Maybe there's business that you can't do, so now you have to refund people.

You start adding all that stuff up and all of a sudden, even my business

that's not making a lot of money is worth a hell of a lot more to me

than what it is for other people.

Right.

And what's so tragic about all of this is that when my stuff, like it

takes hours and hours and hours of time for me to clean up a mess and

you know, somebody is picking it up for free or for pennies on the dollar,

on the black, on the black market.

Right.

You know, and you're sort of going on the on the dark web and

going, damn, like I'm only worth.

3 cents . It's so tragic.

So well, we so appreciate you sharing all these amazing tips and ideas and

smart ways to just stay safe online and.

Like she said, do it now because you're gonna be a lot safer, you

know, in the upcoming months and years when things change a little bit.

So special thanks to Natalie.