Best Life Podcast | Altra Federal Credit Union
Best Life Podcast | Altra Federal Credit Union
Episode 15: Information Security
/

In this episode of the Best Life Podcast, Tony sits with a familiar guest, the one that started it all, computer security expert Ian Nicholson from Altra Federal Credit Union. Tony and Ian talk about data breaches, password managers, password authenticators, securing your text messages, tinfoil hats, and Tony being OK with turning group text messages green for some users.

Note: The views and recommendations provided in this podcast are based on the knowledge and experience of the guest and do not represent the opinion of Altra Federal Credit Union.

(Tony Beyer)
Hello and welcome to the Best Life Podcast where we here at Altra Federal Credit Union are helping you live your best life. I’m your host, Tony Beyer, thank you so much for tuning in and we have a great show for you, a very important one today and we are talking all things about computer, online, Internet, mobile, I don’t think we’re gonna get into fax machines too much but I’m sure there’s fraud that happens there but we’re going to welcome back our very first guest that we ever had here on the Best Life Podcast when I was recording this from my basement. I’m still recording it from my basement, but it’s not similar circumstances, but anyway, we are welcoming back Ian Nicholson, he is our Senior Information Security Administrator for Altra Federal Credit Union. Thanks for taking the time to join the podcast, Ian.

 

(Ian Nicholson)
Glad to be here Tony

 

(Tony Beyer)
Excellent

 

(Ian Nicholson)
What questions do you have for me today?

(Tony Beyer)
Well, I know that the last time we spoke on the podcast, and that was the first episode of the Best Life Podcast, the one that started it all, we talked about password managers and how important they are…you don’t have to remember a whole bunch of passwords, you just have to remember one and it can help you verify some websites making sure you’re at the right spot. We also talked about protecting your accounts through two-factor authentication. We talked a little bit about some scams, talking about, tech support scams or people saying they’ve got pictures of you from your webcam and they’re going to send it to everybody unless you pay them a whole bunch of money….oooooh…and also end of the podcast, we were talking about how there’s just good people in the world, keeping the internet going and they don’t do it for money, they just do it because it’s the right thing to do. So that’s what we talked about on episode 1, but Ian, what I wanted to ask you about right off the bat here, talking about data breaches, we hear about them in the news, you know, all the time, it seems like I do recently, There’s been a breach at a, you know, a major password manager…doesn’t sound like passwords were leaked it at all whatsoever, but if somebody learns that there’s a program or  application, website, whatever that they have information on that’s been breached, what should somebody do in that situation?

 

(Ian Nicholson)
Well, the first piece of advice I have is simply to take a breath, you know, remain calm. By the time you’ve learned about the breach, it does not matter if you take action now or in five minutes. So, go make yourself some tea, some coffee, take a breath, and just relax and try to think things through. Breaches are actually very common, unfortunately. There are a lot of websites out there that are getting breached and so it’s very likely that whether or not, you know about it, you may already have been the victim of one. Once you’ve taken a few moments to collect yourself though, absolutely the first thing you should do is to change your password. If you have used the password that was breached in any other website. I would really hope based on the first Best Live Podcast episode, of course, that you’re using a password manager. And if So, excellent, there’s not really anything else you have to do with your password, if however, you do not have a password manager and you are reusing passwords, which is not uncommon, you should figure out what password you were using on that breached website and figure out where else who were using it and just start changing it. And then once you’ve once you’ve done that, that is 99% of the effort right there. What it comes down to after that is very dependent on what kind of website it was. If we’re talking medical data, you might have to do something different than if it’s your social security number or, you know, your college transcripts or any number of other websites.

 

(Tony Beyer)
Yeah, that’s great information and not only talking about the password, but when it comes to security Ian, I was hoping you could talk a little bit more about the importance of having, you know, multiple steps using multi-factor authentication to get into accounts that have important information, how important is that?

 

(Ian Nicholson)
Well, Tony, you get the gold star for the day

 

(Tony Beyer)
Woo-Hoo!

 

(Ian Nicholson)
…because you’ve been paying attention to all of my security notices that I’ve been putting out for the last several years.

You’re right, multi-factor authentication wherever it’s offered, you should be taking advantage of that. Facebook, Google….I don’t do social media myself so I don’t really know what other social media sites, use it. But yes, always be taking advantage of multi-factor authentication because in the event that you do have, you know, a hacker get your password, whether they guess it, or whether they get a shared password that you’ve shared on a different website from a breach, they are going to try to use that password to login to other websites, and if you have multi-factor authentication enabled that is the last line of defense there and if they unfortunately, you know, get your password that can very frequently save you all whole lot of stress and work.

 

(Tony Beyer)
Sure, absolutely, and when it comes to securing your information and protecting your money, are there any scams or any fraud that you’ve heard of that have been happening recently? I know with Covid and everything, there’s been a lot out there, but as far as different online scams or maybe what people are getting, you know, on their, you know, on their cell phone, or things like that, what are some things you’ve heard about Ian and what are some ways people can protect themselves from these scams?

 

(Ian Nicholson)
Well, the one that I’ve heard of most recently is actually related to the death of Queen Elizabeth II. There has been a lot of phishing emails going out using that information in trying to entice people to click links to maybe learn about information related to her passing. The Russian invasion of Ukraine is another one that we saw very heavily used by hackers to try and entice people to click on links that they shouldn’t, and give up your username and password.

 

(Tony Beyer)
Yeah that seems to be a common scam. I know that scam that will pop up whenever there’s a big major event or something happening in the world. Some of those different, charity scams are just showing the importance of doing your homework and making sure you know where you’re donating money to it is a legitimate site and it’s something that’s absolutely going to help with what you are donating to. And when it comes to information, you know, coming back and forth, one of the things that we use quite a bit Ian, it’s our cellphone, and right before we fired up the microphones we were having a discussion and I was very surprised to find out that just regular text messages, you know how we how we get information, how we communicate with others, how we get passwords at times how you know, just regular SMS texts, aren’t very secure, I was really surprised to find that out.

 

(Ian Nicholson)
Yeah, that’s right. SMS text messages are not inherently secure for a few thousand dollars somebody can read any text message sent within a half-mile radius, let’s say. You know, I realistically for the average listener of this podcast you probably don’t have a lot to worry about. It’s very unlikely that somebody is going to try and steal your Facebook one-time password that sent to you via text message. There are people for who that is a concern. Those people generally know that it’s a concern for them. Those are people who, let’s say, high level, high ranking people in the government, throughout the world, in the military, those people might be a little more at risk.

 

(Tony Beyer)
Sure, sure.

 

(Ian Nicholson)
I highly doubt that any of them are listening to my beautiful voice right now, you know, if you are concerned about that, you know, one thing that I do tell people, is that text messages are not guaranteed to be delivered. Generally, they are very quickly delivered your phone but I know everybody has, you know, an experience where they’re waiting for a text message and it just takes minutes, you know to come through. There are one-time password applications. There are a few that I tend to you know have a great deal of trust in, Microsoft Authenticator, Google Authenticator, Duo, those are all excellent one-time password applications that live on your phone and you don’t have to depend on having cellular service in order to get a one-time password. So, if that’s something that concerns you very highly recommend looking into that.

 

(Tony Beyer)
Excellent. And if, you know, people like I don’t want anybody seeing any of my text messages or even taking that chance, are there other programs or services, that that someone might be able to use that can protect their, you know, their text messages a little bit better?

 

(Ian Nicholson)
Yeah. You know, it really depends on what you’re worried about. Security and usability tends to be in conflict to some extent. I will tell you that, I personally use the messaging application Signal for my communication with my friends and family. It works over Wi-Fi, which is great because, you know, sometimes I’ll be in a location with bad cell service but I do have Wi-Fi access then he’ll be able to get my get my messages. WhatsApp is also pretty, pretty secure and is very commonly used, the same with Apple iMessage, Google’s own messaging service, the name of which escapes me at the moment…

 

(Tony Beyer)
it’s just Messages.

 

(Ian Nicholson)
All of those are very I would say, trustworthy.

 

(Tony Beyer)
All I know that I have an Android and I make the, the text bubbles, green or blue, I can’t remember what it is on Apple phones, I don’t know. Excellent. So that’s just another great way to protect your information and keep things a little bit more safe and secure. So those are the big topics that I wanted to talk to you about Ian and just kind of get a little bit of update because it’s been a little bit since we since we spoke. Is there anything else that you wanted to talk about when it comes to computer you know safety security or of there any like just general things to keep in mind in order to protect yourself?

 

(Tony Beyer)
I don’t think there’s anything else but I’d really say other than use a password manager, you can have unique passwords for every website, I will hammer that into the ground as many times as I have to. Always when you’re getting an email or a text message, always be careful about what you’re clicking on and make sure that it 100% is going to the website that you think it’s going to if you get a link in email.

 

(Tony Beyer)
Yeah, so always be on guard, just have your…not saying a tinfoil hat or anything but just, you know, to be on guard and hopefully you learn to trust again as well. Well, again, I know that you are incredibly busy, Ian and we really appreciate you taking the time to be on the podcast.

 

(Ian Nicholson)
Yeah, thank you for having me and I’ll be in the office in a couple weeks, so, if you do want to get fitted for a tinfoil hat, I think I have one in your size.

 

(Tony Beyer)
(Laughing) That sounds good Ian and we appreciate it again.

 

(Ian Nicholson)
Yeah. Thank you. Have a great day.

(♪ Music ♪)

 

(Tony Beyer)
In this episode of the Best Life Podcast, we spoke with Ian Nicholson, who is the Senior Information Security Administrator for Altra Federal Credit Union.

Well, that’s going to do it for this episode of the Best Life Podcast presented by Altra Federal Credit Union. We appreciate you taking a moment to learn how you can live your best life. If you have a topic or a question, you’d like us to cover, send me an email at [email protected] and who knows, it may even make it into a future episode. Don’t forget to follow the Best Life Podcast pretty much wherever you get your podcasts or find it on our website at altra.org.

Thanks again, be well, and we’ll talk to you again soon.

(♪ Music ♪)