The 2017 Guide to Identity Security: 12 Do’s and 12 Don’ts and Number 5 – 8 of the Do’s plus thoughts from Fox News interviews on Russia.
Welcome, Warrior Nation. Next installment of Morgan Wright, that’s me, your host, your guide, your warrior today. Then also I’m going to talk to you today about my site, and what I’m talking about today the Identity Security Guide, the 2017 Guide to Identity Security. How do you find me? This is how you find me. My professional site, MorganWright.us. Yes, I know there’s a misspelling here. Capitalization. IdentitySecurity.com, on Twitter @morganwright_us. If you can’t find me, as I always say, you’re not trying hard enough.
What am I here to talk today about? The 2017 Guide to Identity Security, the 12 do’s and 12 don’ts to help you crush hackers, scammers, and thieves. I mean like Arnold we’re going to crush hackers, scammers, and thieves. How do you get that? This is how you get it. Look, guys, take a screenshot, rewind the video later, IdentitySecurity.com/Guide. It’s a freebie, download it for free, all I ask is an email address. I’m going to show you 12 do’s, 12 don’ts taken from the masters. I’ve stolen all of these ideas fair and square from the Russians. I’m going to show you guys how to protect us.
Diving In – #5
The last time … I’m going to talk about two things today. I’m going to talk about do’s today, number five through eight, and then I’m going to tell you about some of my recent appearances on Fox, give you guys some quick insight of what’s going on with the Russians. Last time when I talked, I talked about the do’s one through four. It was use two-factor authentication, update your security software, put a pin or a passcode on everything and encrypt your home wireless network. Today what I want to talk about, and yes, I’ve printed these out backward so they would show up right on this. Today when you download the guide, and you can do that, again, IdentitySecurity.com/Guide, and then if you look on here right now we’re going to talk about number five, which is getting identity theft protection that has comprehensive restoration.
Why is that so important when I talk about identity security? The morons out there who are stealing your stuff, and yes, they’re morons, they’re criminals, they’re hackers, scammers and thieves, you’ve got to make sure that you’ve got comprehensive restoration. The way I ask it is, do you want half of your identity back or 100% of your identity back?
Get identity theft with comprehensive restoration, not just resolution. There’s a difference between resolution and restoration. Restoration is when they put your identity back to the same way it was the day before the incident happened.
Making A Mistake
There’s a lot of competitors out there. You guys have heard about Symantec just bought LifeLock, big mistake. I’ll tell you a story later but I was the one who did the primary market research. I and some folks from ID Shield went out and presented to Symantec. That was my project, my responsibility. I pulled that all together, did the market research and here’s what I found, and this is one of the things that got them interested. I interviewed 2300 small business owners, we talked about … People. We said, “What is the one thing you’re concerned about online, your primary thing?”
It wasn’t credit card hacking or stealing your credit card, it wasn’t hacking, it was identity theft. Number one thing people are worried about online. Make sure you guys … If you don’t know where to get it download my free guide, IdentitySecurity.com/Guide, and there on number five is a link, it shows you what I use and why I believe in it. Remember, get identity theft protection.
Encryption – #6
Number six, encrypt your data, period, all of it. Whether it’s at rest, whether it’s in motion, it does not matter. If it has a 1 and 0 in it, it should be encrypted. Part of the guide … What you can do is find if you’re on a Mac or on Windows, all you have to do is go to Google, go look in there. Turn on file vault, which is in Mac, and turn on Bit Locker inside of Microsoft which shows you how to encrypt all your data. All of your data should be encrypted.
If you guys don’t know what a VPN is, a virtual private network, do a little bit of research. I show you there’s a link in the guide, click on it, I give you a little instructional video about what a VPN is and where you can go get it. What a VPN is is secure transport, it’s your armored car that takes your data from your home to your bank and from the bank to the home.
It’s in an armored car between when it’s created and when it’s deposited and returned. That’s your data going over the internet. If you don’t, you’re putting your money in the backpack of an 80-year-old guy who doesn’t know where he’s going, he’s going to get rolled by the local neighborhood thug and all your money is going to be taken. That’s what a VPN isn’t. What a VPN is it’s that armored car. Make sure you get a VPN.
Remote Control – #7
Number seven, make sure that you enable, whether you’re an Android or an iPhone, I’m not so sure about Windows, you’d have to check on it, but make sure you enable remote wiping. On here, remote wiping, number seven, enable remote wiping or erase data features on all your smartphones and tablets. Number three, if it’s stolen turn it into a brick, a very expensive brick. It happened to me in Malaysia, that’s one of the stories I tell in my upcoming book, “Identity Predators: Win the War Against Hackers, Scammers, and Thieves.” You can go to IdentityPredators.com and register. If you’re one of the first that registers, and you’re there when I announce it, you’ll get the book free for the first 24 hours. Make sure you go there, IdentityPredators.com.
I had my phone stolen at the airport in Malaysia. I had just landed, put my phone down to pull out my itinerary to get a taxi, guess what? Somebody steals it. In the book still, I have the Malaysian police report. I tracked it down, I knew where it was, I was getting ready to kick in the door just like I used to do back when I was a trooper and a detective. I was going to kick that door in and go get it but for some reason being arrested in an international location without the protection of a diplomatic passport, which I used to have a while back, just didn’t want to do it.
What that does, even if somebody steals it, you can put a message out there, you can talk about here’s what’s happened, you can make sure that … You can send a message to the phone on most of those and say, “Hey, look, if you found this, return it to me. I’ll pay you a reward.” If the worst thing happens to turn that darn thing into a brick. You don’t want people getting your information, which they shouldn’t be able to get into anyway if you put a pin or a passcode on it, which I talk to you about as do number three.
Go Secure Or Go Home – #8
What’s number eight? This is one I just had recent experience with. I won’t tell you the name of the site but this is a site that caters to a lot of people who do digital marketing. One of the things they did is when you went through the process, I thought it was pretty good, it was a subscription per month. When I got to the end I looked at it and they asked me for my credit card number and I went to fill it in. I said, “Before I do that, what’s the one thing I check?” Check to see if it had SSL on it, secure socket layer, if it had a digital certificate to encrypt all of my information including my credit card information from the browser to the back site.
Guess what? These are folks who say they have 15,000 customers and they do not … Kelly, sure, all that’s correct, IdentityPredator … Might be predators, IdentityPredators.com. Yeah, IdentityPredators, with an S, IdentityPredators.com. If not, I’ll put the link in the Facebook thing when I’m done.
I went to that, it did not have the https, in fact, most of the browsers, whether it’s Google or Chrome or Safari, will not allow you to do auto-fill if you’ve got your credit card number saved with a page that’s insecure. Here’s a company generating millions of dollars, does not have a secure link on their site. Sorry folks, they lost my business, I will not … It’s been two weeks now and they still haven’t got it fixed so I’m moving on.
Look For The ‘S’
Make sure that if it doesn’t have https … If you don’t know what it is, download the guide right there, there’s a link. I’ve made this interactive. Those are links inside the guide. You can go get the guide. Where can you get the guide? Right here, IdentitySecurity.com/Guide. I made it very easy /Guide, G-U-I-D-E. Go down and get it.
Anyway, those are Do’s number five through eight. I’ll talk about nine through 12 in a couple days. Let me fill you in quick, I’ve had a lot of requests for my interviews with Fox over the last five days, a lot of the Russian hacking, the election and what’s going on in this recent joint analysis report that I put out. I thought I’d give you a couple insights. In fact, if you guys didn’t see me this morning, if you watch Fox News tonight special report, 6:00 PM eastern time, I did an interview with Catherine Herridge, she’ll pull out some of my quotes out of that or some of the interviews we had there.
Here’s what it boils down to folks, and this is just my take. First of all, that report was a complete joke. It did not do anything, it was 3,900-some odd words long, only 398 words went to the analysis of what happened. If you’re basing throwing 35 diplomats out of the country on this report, we should have turned out the entire Chinese delegation when OPM, the Office of Personnel Management, was breached. We should have thrown out the Russian delegation when they invaded Crimea or shot down the airliner in Ukraine. I told them it’s completely disproportionate, does not meet the severity and if you’re basing it on this report it … They conflated things, which means they mixed things up.
They said, “Here are all the groups involved.” They started listing APT 28, advanced persistent threat 28, advanced persistent threat 29, which are things like GRU, which is the main intelligence directorate of the Russian army, the GRU is the military intelligence, FSV and SVR are the old KGB. When the KGB was split up it split up into an internal security group, which was called FSV, and then the external people who do the espionage, which is SVR. They talked about these groups and then they put Black Energy in there.
BlackEnergy – The Package
Black Energy is a malware package, it is not a group, it is a piece of software like Windows 10. Then they conflated it again with a tactic, which is Powershell is a tactic, it’s a way I get privileges and do things so that I can deploy things like Black Energy based on if I’m a group or not.
That’s the equivalent of conflating confusing the Girl Scouts with Windows 10 with the I formation. It’s college football season, there are still some games on … Irish didn’t make it into the playoffs this year, 4-8, you’re never going to make it into the playoffs with that record. Let’s go next year, Irish.
Deny, Deny, Deny
That was part of the issue and that’s one of the things I talked about. I said, “If there is information behind there that they have not released to us yet then that is another Russian tactic where they deny and then they cause us to release more information to prove our point.” We get stuck in this thing, we say, “The Russians did it, we can prove it.”
Then everybody goes, “Prove it.”
What do we end up doing? We end up declassifying stuff that should never be declassified in order to prove our point. Do you want to know how long this has been going on? Cuban Missile Crisis, that’s right. We, fortunately, had somebody, I think it was Polyakov, was spying for us and that’s how we got access to the information. It took us going to the UN and John Kennedy saying, “Release the SR-71,” the Blackbird reconnaissance photos we had to show. What did the Russians find out? They knew our capability. They knew how good at least our resolution was.
Figuring It Out
In this case, if we tell them what we know they will figure it out, they will figure out what countries we’ve been cooperating with, what signals intelligence we’ve been getting and who we’ve been getting from. It is a failed strategy to do this. My biggest concern folks, and I’ll close with this, it’s the way we’ve politicized the intelligence process. Intelligence is meant to help people create policy so we can do a better job with our military, with our diplomacy, with our law enforcement.
Intelligence should never be politicized. In other words, you should not serve a political objective of any party, I don’t care who it is. It’s designed to keep America safe, not get somebody elected to office. If that’s what’s going on it’s an absolute shame, it’s a sham, it should never happen.
I’ll post some of those videos, you’ll see them on my Facebook page. I’ll do this too. Remember, get the 12 do’s, the 12 don’ts. Go here, this is your 2017 Interactive Guide to Identity Security: How to Defeat Hackers, Scammers, and Thieves, 12 do’s, 12 don’ts. Here’s where you go get it, IdentitySecurity.com/Guide. Where else can you find me, folks? Here’s where you can find me … Where did I just put that? I’ve got so much stuff going on out here. Here it is, IdentitySecurity.com, you can find me here, MorganWright.us, IdentitySecurity.com, @morganwright_us.
Get your guide, the 12 Do’s, the 12 Don’ts. We will cover more later this week. Until then, remember, shields up, get your identity theft protection, I’ll show you how to do that. If you have any questions, drop me a note. Great to see you guys. Catch me on Fox again probably this week. I’ll put out some notes. Until then, my warriors, stay safe and shields up.