Jan. 4, 2021

Cyber Security Part Two with Charles Phillips

Cyber Security Part Two with Charles Phillips

In this the second part of my cyber security special, I have a chat with Charles Phillips.

In this episode we discuss what is a hacker and why the definition matters. 

We also discuss how to spot a scam, reduce your risk of being hacked, anti virus and other essential topics so you can stay safe and secure online.

To stay up to date on all future content from The Curious Ulsterman here are the various social media links.

Instagram: https://www.instagram.com/the_curious_ulsterman/?hl=en

Twitter: https://twitter.com/TCUlsterman

Facebook: https://www.facebook.com/thecuriousulsterman

Twitch: https://www.twitch.tv/thecuriousulsterman

This podcast is ad free and community supported. If you find value in the content I provide then please consider donating a one time or recurring donation on Patreon or Pay Pal so I can invest in new equipment and maintain running costs to provide a consistent and higher quality podcast for you the audience.

Patreon: https://www.patreon.com/user?u=45920206&fan_landing=true

Pay Pal: https://paypal.me/eskomoejoe?locale.x=en_GB

Thanks for tuning in folks, all the best!










Support the show (https://www.patreon.com/user?u=45920206&fan_landing=true)

Transcript
Speaker 1:

[inaudible]

Speaker 2:

Hello everyone. And welcome to the curious Ulsterman podcast. The podcast designed to give you the tools you need to thrive as an adult. And welcome back to part two of the server security special and today's episode. My guest is Charles Phillips and in today's episode, we discuss what is a hacker? How can you stay CF online, especially with social media. And we also go in depth on the actionable steps you can take to avoid scams and making yourself less likely to have a target to be hacked. So I learned a lot from this episode today, and hopefully you will too, and it will be enjoyable as well. And here's my interview with Charles Phillips. Hi Charles. Thank you very much for coming on the podcast today. Thank you for having me. Yeah. So for the audience, this is the second part of our cyber security special, and I'm really looking forward to it . Cause you have an , at least in our previous conversations , have some very unique things to say about it, especially in the realm of social media, but for those in the audience who don't know you, could you just give a brief introduction about who you are and what led you into the career in cybersecurity?

Speaker 3:

Okay . I'm Charles Phillips. I'm a cybersecurity analyst. Uh, I've been in the profession now for about three years prior to that. I was in it. Um, and what led me into security is actually kind of a funny story. Uh , while I was working at a university, I met our cybersecurity guru , um, grit , and I renamed the name of Carl . Uh, we spoke a lot, he got me interested in kind of, you know , the ins and outs. He showed me some of the really like dark secret black magic kind of things that you could do with really piqued my interest. It's like , well, you know, that's what you can actually do with it. What else can you do? And just kind of spur me down that path.

Speaker 2:

Very that's quite cool actually. Yeah. I mean, I've heard of, is it the dark web I think, is that the correct term? Yeah, so , um , it's just , I know it exists, but that's really the limit of my knowledge on it. So yeah, there's, there's a lot of things that I think day-to-day , we , we really don't know, you know, with this, you know, for lack of a better term, this monster, that is the internet it's going to be used very well and it can also be used very badly. Um, and that's why you're on today. Cause you're gonna tell, so I had to be CF. Uh, do you use it more like a tool, but something I want to clear up and you know, this question was asked to me, but w w by definition, what is a hacker?

Speaker 3:

The little hackers got kind of two different definitions of , I think you ask , um, if you talk about some, are you speaking with somebody in cybersecurity, a hacker is a person likes to take things, break things, rearrange them, put them together in new ways to do new things. For example, a child that likes to take apart the remote and try to figure out how it works, that could potentially a hacker. Um, I remember reading an article in one of the hacker quarterlies about a guy who was hacking is low flow toilets, so that you'd actually get a high flow toilet out of it that could be potentially considered hacker as well. Then you get on kind of the negative connotation of it, which was mainly spurred on by the news where a hacker is a fif or a crook or some kind of criminal trying to data , steal money, you know, anything that's a very disrupted node yet . So when you , when you speak about hackers, it's kind of a double-edged sword, it's either you're kind of on the camp. That it's a good thing to have. It's like a good, good , um, mentality to possess. You curious, you're wondering, or you're just a malicious bad guy. So

Speaker 2:

That's really interesting because like I'm in the engineering profession myself and I love taking things apart. I love understanding why things work and you know, how it all meshes together. Uh, obviously I would never use it for, you know, a horrible purposes. You know, I'd like the whole point of me being an engineer is I love the build and fix things. Um, but it's interesting then that, that for me, and this is my own ignorance here, that hacker, I always assumed was a very negative word. And it was something that, you know, I , I did hear in the news and, you know, it's the next big companies, but the hacked or , uh, you know, this has happened. And it's like, well, we never hear anything positive about hackers or this, or even, I don't want to say maybe positive, but neutral term of hacker. Um, uh, I have started to hear about though. Um, is it , um, I can't remember the name exactly, but it's essentially hackers here are the good guys. They deliberately try to break into systems to make them stronger. Is what's that called again?

Speaker 3:

Uh, there's a couple of different terms for it. Um, you could call them a white hat hacker versus a black hat hacker. Uh , if you go back to the old wild West movies from like the fifties and sixties, and even beyond that , um , where the good guy always wore a white hat and the bad guy was wear a black hat. Um, you can also, as a profession, that's considered penetration testers where a individual is hired by a company or organization to hack into their systems and then report on how they did it out of shore up security, how to fix the problems that they discovered. Yeah .

Speaker 2:

Okay. Uh , actually I've just remembered the name of NY ethical hacker. That was the word ethical hacking, I think , is that a separate term again? Or is that just the umbrella term for that?

Speaker 3:

That's just another term for the same thing. Um , and speaking of ethical hacking, that's really what defines the two between a good day , a good guy, hacker versus a bad guy. Hacker is ethics. You know, I, I would potentially have the same skill set that a hacker trying to break into a system would have to do nefarious things, but it's the ethics that really define the two of us. I would do it and say, this is how I broke in. This is what you need to do to fix things. Whereas the bad guy hacker would use that for whatever ends that they want to do to be it's stealing data is stealing money, you know , doing damage, whatever they want , whatever they're after.

Speaker 2:

So, okay, so these, these, these people exist. Why did they hack?

Speaker 3:

That's an interesting question. There's a lot of different reasons and some of them you wouldn't even think about. Um, so if we're speaking about bad guy hackers , uh, Seoul lane, they obviously the obvious ones there there's money, there's fame, that's reputation. There's also curiosity. Um, a lot of hackers will start out trying to break something and then end up falling in with the wrong crowd or getting caught by some organization that then tries to employ them to do not. So not so legal things, but you also have other hackers that just do it for the walls. They just really want to just do it to cause chaos or for their own entertainment. You also have hacktivists that do it for a political purpose. For example, anonymous is a hacktivist organization where they hack and break things , um , to, to pursue their, what they consider political ends. Uh, for example, when they decided to go after Scientology , um, they did a lot of different things against that organization that they felt was justified based off of what Scientology has done to other people.

Speaker 2:

Oh, right. Okay. But is , I didn't expect the fear and just for the , the laws part of it , you know, I thought it was all very, you know, for lack of a better way to describe it efficient. It was we , we want money and rather than the traditional robbing a bank, this is how we're going to do it. We're going to , you know, punch in a few lines of code brick stuff, steal people's money. I didn't realize that there's an entirely new element to it of, I want to be famous. I want to have my , uh , you know , a lot reputation of being the ultimate hacker or even, yeah. The on-board like that's, you know, all of them are pretty nasty, but at the same time, I didn't, I didn't expect that. But , uh, yeah, that's interesting. So we've all with the knowledge we've got so far on, you know , what hacker is by definition and why they do it when people go on the internet every single day, because it is such a big part of our lives. Now, what catches people out the most and what is an easy fix that they can do so that they're , they're safe today.

Speaker 3:

Oh , that's kind of depend on what they're accessing. Cause like you said, the internet is a very vast thing and it includes a lot of different pieces of our lives. Now. Um , if we're talking about say social media , um, a lot of that can be used for social engineering or trying to fool you into doing something that you shouldn't be doing. What I usually define that is a hacker is trying to fool a target into doing something against their best interests, the hacker's personal gain, and that could be financial. It could be informational. Um, they could be any number of things. So for the case of social media users, privacy controls locked down your profile, make sure that it's not easily accessible and also police what you put on social media. You know, you don't need to post about every single thing in your day. You don't need to do things like post about vacations until after you get home because a robber might be looking for people that are on vacation to break into. And it's a lot easier when you're in Cancun versus when you're going to the store.

Speaker 2:

Yeah . Yeah.

Speaker 3:

If we're talking about something a little more secure as a , uh , health records , uh, uh, financial data, things like that that are a little more, more , uh, sensitive use, strong passwords, you know, don't use just a simple little eight character password use the , it use as long as you can. Uh, don't use common words or phrases or even something that's, you know, common to you. For example, birth dates are a big no-no because anyone who's got access to your social media knows your birth date.

Speaker 2:

Oh crap. Yeah , that's true . And they also

Speaker 3:

Know the name of your dog and your sister or your mother's maiden name, so on and so on. So that's where he kind of tend to be, be careful with what you post to choose security questions that are hard , hard to answer done through things that are easily found on social media. Like what's your dog's name. Um, and going back to the passwords , uh , use secure passwords , um, uh, hackers have a ways to break into systems called brute force attacks where they just try hundreds of hundreds of passwords at a time. And they'll do very common ones first, like password one, which is the most common password out there, which is nerve wracking for me. And you know , the person's going to hear this, you know , Oh wait, that's my password. I'll change it to password to , well, that's not good. What you should do is take a phrase. So for example, let's say Mary had a little lamb take the first letter of each one of those words, capitalized, lowercase, whatever you want to do, replace with a number or a special character. For example, example, instead of using L for love, you can use the, a greater than a three to make a little heart. Oh yeah. I'm added an exclamation point or a question at the end of it or something like that, or just add something else to it , the randomize, it you'll remember what, what your phrase is. And obviously don't pick one that's common. Like Mary had a little lamb or something you find in , uh , literature, like say, you know , to be, or not to be your , you know, it's part of the Gettysburg address or something like that. You use something that's going to be meaningful to you. That's not easily guessed. Yeah . And that'll give you a pretty good secure password then of course, the longer, the better.

Speaker 2:

Oh yeah, of course. Yeah. And what advice of what actionable steps could you also tick when it comes to email? Because I know we certainly, it's only a matter of time before, like you can create a brand new email and before you know it , you know, you'll use the sign with the certain things, your information will be sold and it'll probably be on at the dump somewhere or, you know , it will be inundated with spam and phishing . Is that the correct term? Yep. Yep. So, you know, what actionable steps can you take in regard to email that a lot of people don't know about it . It's just, it's an easy thing to do, but it'll keep you safe.

Speaker 3:

Okay. Well, let's start with fishing cause that one's kind of the big fish, pardon the pun. Um, you will want to be very cautious about any email that you come across because phishing emails look very legitimate. Um , and my organization, I actually test their staff members on, on a monthly basis for fishing deaths . And I'm pretty, pretty bad about it. I had my name cursed a few times and stuff I've used has been very legit looking very , um , very hard to detect unless, you know, the kind of the key things to look for. So you're going to want to look for things like what's the content of the message. Is it alarming, but like detail. So for example, you get an email saying, Hey, your password just expired, click this, like the fix it . Well, what account is it talking about? That'd be details usually left out. Um, the hackers will often try to short circuit your brain going, Oh, I need to panic and deal with this right now, as opposed to taking the second thing about it. So they'll do other things like, you know, click here or you're gonna lose your paycheck or your tax return or click here, or you're going to lose access to something else important. Uh , commonly with work emails or phishing emails targeting the organization is going to be clear. You're gonna lose access or click here to sign a new policy or you gonna get fired. You know, that kind of thing. They always imply some kind of , uh, Travis, Travis , uh, Travis, to your really bad actions going to happen if you don't click on that link to so be cautious on that. Look at the email sender hackers will often hack into other people's accounts to send out their phishing emails as opposed to starting their own. So if you get a email saying it's from Microsoft, but the email addresses , you know, Bob at acne autos, obviously that's not something Microsoft would use. Then you should also look closely at the email address because it will also do things like look alike domains. If you get an email from Microsoft, it's always going to be microsoft.com or maybe office.com or outlook.com. It's not going to be Bob at Acme autos, or it's not going to be Microsoft with an R and an end, as opposed to an M or a zero instead of an O or Microsoft spilled with , uh , two apps. Things that can make it look like it should be legit, but it's just a little off nice to be on the lookout for that. Um , if you check the links in the messages, this will also give you a good little indicators of what's going on. If you hover your mouse over any link, it'll pop up and tell you exactly where it's going to go, as opposed to what it says in the link. So for example, get an email saying it's from Yahoo, but the link is pointing it to Gmail. Obviously there's something quite right there. Also look for kind of randomization in there, look for content that is, as it make sense, you know, if it's supposed to be an email talking about, can you show and it's taking you to a television station that would make a little more sense than it's taking you to a water park .

Speaker 2:

Yeah. Yeah. Very, yeah, very well said. So , uh, you did touch on it briefly , um, earlier in the episode, but continuing with the theme of actionable steps you can take to be safe. What about social media? I know a lot of people just no social media and that's probably the best way to go, but you already have social media. What's what actionable steps can you take to make sure you're as , as safe as reasonably possible?

Speaker 3:

Okay. Well start with walking down your account. Um, every social media platform has some kind of set of security tools that you can do. Um, you want to do things like that, showing you what the public would say, share with only friends and family, or just friends, be cautious who you invite into your circle. Um, you will have hackers that will try to use , uh , catfishing accounts where they, where they will download pictures and make it look like your , say your uncle Bob's account. And they'll respond with messages saying, Hey, I got locked out of my account. So I started a new one. He cautious and stuff like that. Always reach out to the person and , you know, be a different mean , say by phone , uh, verify that , Hey, did you actually get locked out of your account just to make sure that's safe , be very cautious about what you put in social media. Uh, there's a lot of different reasons for doing that, be it from hackers, using it, to get security questions, to potential employers, looking for a key indicators that you might not be a , uh , a responsible employee. For example, I knew one individual you used to search through social media pictures for red solo cups, the little campaign called , uh , because if the person's under age and there's a lot of those photos there , chances are, they're probably potential alcoholics or they party too much and they wouldn't be responsible. So employers will look at social media whenever they can. So be cautious what you post there. Um, remember that if it's on the internet, it's there for life. So it would be very cautious on what you do into putting on the internet , uh, sensitive details about your life, you know, medical information, anything that you put up there, it could be potentially used or abused.

Speaker 2:

Yeah. Um, so , so you did say something there and I've heard, I've heard this free is a hundred times, but I've never stopped to actually think about it. And I just want to get your opinion on it when it's on the internet, it's own for life. So like, well , hi , is that because if I, for example, let's say I delayed a picture or an old email kind kind , or, you know, take your pick of whatever I put on the internet or anybody puts you on the internet. Why is it all on the internet forever? Is it locked away in a deep dark server somewhere? Is it somebody could download it? Like what , what, what can you define what you mean once it's on the internet? It's on there forever.

Speaker 3:

Okay. Well, with the way the Internet's laid out, it's not just simple, kind of a, to B communications, it's in a route through different networks to get the different places. And any one of those hops in the network could potentially store the data. You also have things like cache servers where say, if you'll upload a picture to Facebook, it's not just on one server and Facebook, it's on multiple servers of Facebook. And even if you deleted that doesn't necessarily mean it's been deleted from backups or shadow copies where they're just holding it in case you decide to republish the image. If you want to , uh , you also have people that'll scrape the internet for images and text . Um , there was actually a lawsuit in the us a few years ago regarding scraping a LinkedIn , uh , LinkedIn didn't like it. And I was trying to claim copyright for it. And the , the, the organization that was doing the scraping actually won because it was considered public information. So they would grab that and store it. Um, you'll have , uh , organizations like imager, Google, Facebook, that'll take those photos and store them and then use them for other purposes. Facebook notoriously has been using it for facial recognition, which is why when you post a photo of one of your friends, it'll pop up and say, you know , is this so-and-so? Yeah , it's all photo recognition from there. And you never know who else might've sold, saved a copy along the way and have it on their local hard drive that they could post up later.

Speaker 2:

Yeah. So maybe perhaps take a pause before you clicked , submit on anything on the internet, especially social media. Yeah. See that's so I'm perhaps going off on a slight tangent here. So when it's on the internet, it's on there forever. Um , if , um, you know, unless you have some big lawyers or something like that, you know, even if you could, you know, argue with a company and say, Facebook, I'm not happy with you, you know, using my photos and facial recognition and having that sort of, you know, I feel a lot, my privacy has been infringed upon, you know, arguably yes. Uh , from what I'm getting here, you could, you know, make a lawsuit and all that kind of thing, but it doesn't matter because like you said , between each hop it's, it's potentially been stored on multiple servers and on somebody somewhere for whatever reason could have saved it to a local computer. Yeah .

Speaker 3:

And then you also have the issue of international law to where , uh , sure . If it's an us organization, I could potentially Sue to get that information taken down, but what happens if it's in, you know , some other country and might have some, some legal , uh , ways go about it, per se , for example, Britain or Scotland or Ireland where we actually have treaties that allow us to go back and forth like that. But what if it's say Cambodia or Nigeria or that we don't have that representative in law?

Speaker 2:

Yeah. So the easiest thing to do is probably just to not post it, like I'm probably probably the best case scenario is not the how social media, but at the same time, social media is here to stay. And if you're going to have it, it's probably just the best to take all the advice that you've just said. And if you are going to post anything that a little bit of common sense, but also, you know, a little bit of a pause, does this need to be posted? Cause once I post this, this is on the internet forever. Yup . Yeah. But it's quite sobering, but that's worth having a chat and, you know, being brutally honest, especially, you know, with myself and you know, the audience as well. Um, it's better to , to know that rather than have our heads in the sand about it.

Speaker 3:

Definitely. And you never know what a hacker is going to use that information for or not even just hackers, just the organizations. I want to use that data to .

Speaker 2:

Yeah. That , that brings up comes on perfectly to my next question actually. And that is what makes you a less attractive target to a hacker.

Speaker 3:

That's going to depend on what the hacker's after and you never know what the hackers actually, after I'm actually just give you an example of this. Um , a honeypot is a device that sits on the internet that looks for people to break into. It records everything that they do so they can learn about the hacker's tools, the techniques that they use, stuff like that. Researchers use this all the time. I was at a conference a couple years ago where a researcher came in and gave it a talk on what their experience was , uh, putting up a honeypot. And it was just, it was a windows machine. It had remote desktop enabled on it, which is a very big no-no in security. And within about five, 10 minutes, someone broke in and this , this , uh , researcher put on all sorts of fake data, everything from medical records to trade secrets and stuff, financial records, all the fake data, but it looked real. What do you think the hacker actually did once he broke into the system?

Speaker 2:

Um , well, to me, I , I , for me, I would just be copy and paste and take the whole lot and decide whether it's valuable. There is that I don't know,

Speaker 3:

Even look at it. It didn't touch it at all, what he did or I should say he or she, we don't know what the gender of this person was, was open up dating websites. Wow. And Erin, what they were doing was they were catfishing people, a lot of money, you know, using what we call a lonely heart scams or just catfishing in general and saying, Hey, you know, I'll come visit you. But if you send me X amount of money, that'll help me with hoard and plane ticket and just never happens. And then just fleecing you for more and more money. Well, dating websites will block IP addresses , uh , left and right for people that are doing this. So this hacker was looking for where they considered clean IP addresses or IP addresses that the dating websites had blocked yet. And that's the only thing that they did while they were on that system.

Speaker 2:

I mean, like all that , what , what, you know, I'm on educated in it, but all the , what you would argue would be valuable information and all they wanted was a clean IP address. That's, hasn't seen, I mean, this is a whole new world. Like, you know, I'll be honest, my only experience with anything, cyber security information security. It is what I see in the movies, you know , uh , bar and the occasional, like if I happened to stumble upon something on YouTube, which says, you know, catchy title, don't do this to get hacked or something. I think I may have watched one years ago, but I've never actually dedicated any real time to say, you know, high secure are my online high secure is my data. And I have to be fair. I do. I miss as a question, actually, I wanted to get your opinion on. And , but not to get into specifics because they don't know what the legalities of it are . Is that like, I'm very keen on antivirus. I know a lot of people aren't, they just either just aren't bothered to pay the money for it. But for me, I like my own Nevarez. Um, but in your opinion, regardless of brand, and I don't want to name any , cause I'm not sure what the galleries of that, or if you are allowed to do it , but like what, what is a, what's a set , a good standard in your mind that says that's a good antivirus brand. And like what, what do they sell? Or what, what are they advertising that you go, okay, that, that makes us good because then people can go, okay, now that I'm informed in this decision, regardless of brand, whoever, if as long as they're selling this particular , um, this particular protection or this particular way to protect your information, then I can, I'm happy to pay that price or whatever. Okay .

Speaker 3:

Yeah . I think some of that's going to depend also on what you're trying to protect , um , security, isn't a catch , all , do all these things to fix things kind of situation and say, what do we need to do? That's reasonable to protect what's on the system. And I'll give you an example of that. So for example, let's say a financial institution, their core system that houses all the financial data. That's a very high target. That's something you want to spend a lot of money on protecting. Now, if you've got a server that hosts the , uh, you know, billboard for the cafeteria, you really don't care too much about that. You'll put on basic protection space . That system can't be abused, but you don't want to pay the extra money to protect the data because who cares what's the menu is going to be for Tuesday. So when it comes to antivirus use, what's reasonable for you. You don't need to spend an arm and a leg on it, but use a, a well-known brand. Don't just pick some random one off the internet. And there are some pretty decent free ones out there to AVG. And the vast both come to mind as being free alternatives that give you the same kind of protection that a more, a larger name brand would. Uh , but they are afraid they will bombard you with ads, but that's the con the cost words , so to speak , uh, you use a major antivirus. If you can, I'd recommend an antivirus. It also protects against the time of malware. Um, most of them do these days, and if you want to spend the money on it and look for one, that's also behavior based as opposed to signature based . So signature based , uh, virus detection is basically, okay. Here's a list of things that I know were viruses. I'm going to look for these things. Every time I see a file or a program opens up, or whatever activity happens that triggers that behavior based, we'll examine what you do on a regular basis, and then act based on that. So, for example, let's say on an average day, you encrypt maybe two or three files tops. Well, what happens if you start encrypting thousands of files a minute? Well, that's a ransomware attack. A behavior based antivirus would stop that activity.

Speaker 2:

Wow . I did not even know that existed. Like, you know, I just press scan on my computer and off it goes. And, you know, it says it's doing all this weird and wonderful thing by then. I never knew to look for them to potential different ways to protect. So that's, that's quite interesting. I'll actually look into my own on Nevarez and see if it does that .

Speaker 3:

Yeah, most of the other consumer level ones don't, but it doesn't mean that signature-based virus detection is bad. In fact, the, the , um , advanced protections will also do signature based attacks because , you know , sometimes they signature base doesn't have a weird behavior associated with it. Um, the behavior based stuff is more for what we considered a zero days or taxing better in the wild that no one knows about that. No one else has seen. Um , they're usually bigger targets for organizations or companies say, you know, depends contractors, banks, medical firms. So like that usually get targeted with that or nation States too .

Speaker 2:

Fair enough then. Okay. Um, also a lot to think about it, at least for me personally. And , uh , my next question then would be what resources would you recommend for the average person that, you know, they can either read up on an educate themselves or even , you know, I don't know if there's like software, like you've already recommended there's free antivirus . And while perhaps while it does do just as good as perhaps some of the big paid brands , you know, it's probably not as good as others, but it's better than nothing. You know , what resources are available that you can use to better protect yourself.

Speaker 3:

Antivirus is pretty much a must at this point. Um, cause you never know what you potentially might catch other resources. Uh, education is always a good one. There is a lot of good free education out there that you can just use to educate yourself. And it can be a little scary depending on where you go, but a good place to start would be say, Reddit, there are a ton of different subreddits that actually , uh , how's either simple information about server security or training information. YouTube is another great resource. If you want to learn about security in general , um, all of the major conventions or , um, or hack hack hacking cons , uh, poster videos online for anyone to view. Uh, so you have things like black hat schmoo Def con, which is probably the more famous of the lot , uh , Derby con , uh, besides all of these things, posted videos online for free that you can then go and learn more about cybersecurity, be cautious of social engineering, cause most has had most of our attacks. Do you start with a site or with a personal element? So learn the cues for social engineering or the more common term that I've heard is con men . Um, same basic thing of, they're trying to fool you into doing something it's your best interests. So being strong in , in social engineering game would probably be a good start just to get an idea and feel for what they're going to do and what they're going to try to do to trick you into doing what they want. Um, there's also tons of books that you could read as you name a medium. There's probably something out there, tons of podcasts and so on.

Speaker 2:

Well happy days. And just my final question would be , uh, you've given me the audience a lot to think about and a lot of really useful information, but do you have any final advice or, you know, if you could do it all again, like your first time going on the internet, knowing what you know now, would you have done anything different?

Speaker 3:

Oh, very much. So I would have been a little more cautious on the information I posted. Um, I actually had a , a live journal on the internet for quite a while . That was just an old journaling site before blogs became blogs. Um, and that information ended up getting housed in Russia. So be careful where your data lives. Um, you never know what any nation state actors going to do with that data, be cautious. What you post on social media, just in general, you don't want to share too much information or anything that could potentially be embarrassing for you later on in life. And overall, just be cautious. Don't take anything at face value on the internet. You don't know if the information is fake news or it could be malicious. You don't know if that person on the other end of the computer is there to actually help you or hurt you. Let's stick with reputable companies wherever you can be cautious if it's a smaller organization or entity, because you never know what they might end up doing anything from stealing your credit card to stealing information and selling it. Definitely get a good antivirus, get good protections in place, running regular scans to make sure everything is safe and secure. And if it does taking a thing, be cautious about it and use good strong passwords. That's probably the biggest one is cancer. A lot harder to break into if your password is, you know , safe and secure versus, you know, something simple that anyone can guess. And I guess one thing I would like to add on that is , um, if you want to spend the extra little bit , a little bit of cash on it, and there are free options for this to use a password vault password hazard volts are our software that will store passwords for you. And, and how's it under a one S secure password that you have to remember. They'll also generate very, very secure passwords that are just random characters, you know , any length that you want, keep the password for the vault safe. Don't share it with anybody, make sure it's nice and secure and nice long, and that'll take care of your passwords for you real easy.

Speaker 2:

Yeah. That's , that's amazing advice. Thank you so much for that. Um, so that's all my questions for the day and I got a lot of value out of this. I know that the audience will as well. So Charles Edison to say massive Frankie for coming on again today. And with any luck, we'll have you back on the podcast again sometime soon. So thank you very much.

Speaker 3:

No problem. Anytime it was a pleasure.

Speaker 2:

There you go, folks. That was my interview with Charles Phillips and hopefully you enjoyed it as much as I did. And I certainly took a lot away from that interview and some actionable steps I can take in my own life and to improve my own cybersecurity. Thank you very much for taking the time out of your day to listen to this. And I really appreciate you as always, if you want to hear more content from the curious Ulsterman, please do subscribe on all the social media platforms. Uh , the curious Ulsterman and look forward to having you back on the podcast again soon, all the best bye.