This transcript has been lightly edited for context and clarity. Today, we’ll be discussing the essential technology terms every business leader should at least be familiar with. Are you?
Ruthy You’re listening to the Team Nerd Tech Show with your hosts, Tim Gillen and Ruthy Kirwan.
Tim Hello nerds. Tim Gillen here, Terrapin Networks, Traverse City, Michigan. Thanking you for joining us for the Team Nerd Tech Show, our weekly tech digest for the small business owner on technology issues of the day.
We like to talk about a lot of different things on this show, and it all relates to the small business, the small office. And by small we at Terrapin Networks do small stuff. Sometimes people think of a small business having a hundred employees, and when you compare it to General Motors, that’s true.
But when you compare it to a lot of us, 100 employees is pretty big. So, on this show, we talk about stuff that really relates to if your company if you’re genuinely small. We’re talking 5-10 computer users. There’s really neat stuff we can do nowadays with technology and setting up a tech system to give a small office a lot of power.
If you were a small business back in the day, you didn’t have the ability to use technology in order to stay small yet profitable, but we do now. And that’s what we specialize here in at Terrapin Networks, and on this show, the Team Nerd Tech Show. We come on every week and put it out here on WTCM NewsTalk 580 in Traverse City, Michigan, every Sunday morning at 8:30 am. And we have this as a podcast! So you can catch it on all formats that suit you.
So, now we turn to our illustrious cohost in Queens, New York. Let me introduce Ruthy Kirwan and bring her on in. Hello, Ruthy!
Ruthy Hello, Tim, how are you this week?
Tim I’m good, thank you!
Ruthy Good, good. We’ve got a fun show here this week! We’re getting geared up for the holidays. This is episode number 43.
This week, for Tech News, is about it IoT items people may be receiving or giving away for the holidays. Things like Google Home, Nest, that kind of stuff. Recently, the FBI put out a warning for people who are using those IoT items, concerning the safety of their home networks. So we’ll get into that.
For our Tech Tip segment this week, we found this cool article on msn.com, all geared towards helping business owners understand specific technology terms they might hear their tech team bring up. It’s a really helpful, comprehensive list, just 10 common technology terms you may not be familiar with that you definitely should be. So we’ll be going through those term by term.
And then lastly, for Tech Gadget, we’re talking about something you should be aware of if you’re doing any holiday travel this year, and also some business travel into the new year. Because if you’ve not been doing this one specific thing with your boarding pass, you’re setting yourself up for a real privacy danger.
So let’s get into it with Tech News!
Tech News: FBI warns IoT users to safeguard their home network
Ruthy Welcome back to the Team Nerd Tech Show with your host, Tim Gillen. I’m Ruthy Kirwan. Right now we’re going to be moving into Tech News here on the Team Nerd Tech Show. We talk about tech news once a week, and it’s usually something that relates to the world of technology, a news piece that also relates to how you are running your business.
So let’s talk about this FBI warning about IoT, Tim. What are they warning, exactly?
Tim So as a reminder to listeners, IoT is the acronym for the Internet of Things. It’s a term that relates to devices in your home or business that are on the internet. For example, a Ring doorbell camera, a refrigerator with a screen on the front that brings up your calendar and has the weather on it, that sort of thing. Any kind of smart home stuff.
If you’re able to drive up to your house and hit an app on your phone and it turns the lights on, that’s something attached to the internet.
Now, here’s the issue here, and here’s what they’re talking about.
If some of those smart TVs have a camera, so you can say, FaceTime or Skype or whatever it might be with your children and grandchildren, that kind of thing, the problem is the security for that access. It means that someone else can get inside your network.
The FBI warning is essentially letting you know that the security of your home network is your first defense.
I’m 100% behind this warning, by the way. This is what we’ve done at our home, and it’s what I recommend for all of our customers who I’m the tech manager for. Anything that’s on the IoT side of things should be set up on a separate network within your home, separate from your regular private home network.
So here’s what we mean by that: You have a network inside your home or business. It’s got its own IP addressing scheme. And it’s different from what’s out on the internet and your cable modem. This is the device that handles how your devices inside your home connect to and talk with the Internet. What the FBI is recommending is that you keep them separate- your phone, your laptop, that sort of personal device, is kept separate from IoT devices on a different network inside your home.
So in other words, the camera that’s on the doorbell can’t directly talk to something inside the home. They’re not on the same network- they’re separate.
In order to do this successfully, you need to have a good wireless router. You can also use those mesh devices that you plug in around your home and do a mashup, to expand the range of your wireless network.
In these, you have the ability to set up a guest network. And believe me when I say, you always want a guest network. Then, the private network gives you full access to everything, that’s for the family.
In business, the private network is what’s for the staff, while the guest network is for customers and Internet-enabled items. Truly, it’s not necessary for everyone to have full access inside that network, except people who live in that house or who work in that business.
You’ll need a router with a good interface to set this up or make sure you have a member of your tech team do it for you. You might have seen the option for a guest network when you were setting up your router and though, I don’t need to do that, but you do. Go back and do it.
The default setting for any of these set-ups is that the people on the guest network cannot see inside the private network. That’s the whole point. So friends or family come over to visit, give them the guest when all they can see is the internet, not your private network.
They don’t need to see anything that’s inside your house, including your TV or your media server or anything like that. They don’t need it. They don’t need to be able to print. I mean, they can live without printing in most cases and frankly is that’s what you want to work around.
Now, once you’ve done that, set up both a private and a guest network, you’re going to want to make sure your IoT devices are situated on that guest network. that’s where you want to put your IoT devices.
And one of the first things you want to do after that point is put some basic security in place for your IoT devices. All they needed access to was the internet. They do not need to see your inside network. That’s a good way to start out with some basic level of security, especially for someone who’s not a real expert in this.
Just make sure that the guest network is all by itself, that all it can see is the internet, and then attach all of those kinds of devices, your IoT devices, to that guest network and only to the guest network. That’s a great first level of security. The next level of security is to put an actual firewall in place and have some nerd like me set it up.
People who do what I do will set that up with a VLAN. In a business, it’s mandatory, and in a home, it’s really highly recommended.
Ruthy So to recap real quickly: The FBI is saying that you need to make sure that all of your IoT devices are on a separate network. And you’re saying that the easiest way to do that is to set up a guest network, through your router.
Tim Correct. And then make sure that not only are your guests accessing the guest network, but also your IoT stuff is connected to your guest, and all of your private things are connected to the home network.
Ruthy Okay. I think I have it! Thanks!
So we’re going to move now into our Tech Tip segment, which is when we talk about something that small business owners can use in their businesses right away.
Tech Tip: 10 essential technology terms every business owner should know
We found the perfect article that segues into what we want to talk about this week. This article on msn.com actually links from Inc.com, and it’s the 10 Technology Tips Business Owners Should Know. There are a handful of technology terms here that we’re familiar with if you’re a listener of the Team Nerd Tech Show, but there are a few others that I definitely don’t know, so I’d like you to break down for us a bit more in detail.
Can you read them out for me real quick and then we’ll go back and we’ll talk about the ones that I think we need to dive a little bit deeper into.
Tim Yes, this article, as Ruthy mentioned, is on msn.com but it’s really a rundown from Inc.com, which is a great business magazine and they always have a really helpful article and features. This list is a good starting off point in terms of technology terms for business owners.
The technology terms are:
Ruthy So what’s a, what’s a botnet?
Tim A Botnet is a kind of a robot network. It comes from the word “robot”, and where you have some malicious software that you inadvertently installed on a workstation or laptop. That malicious software will then connect to other computers around the world that had the same software.
Ruthy What’s a CMS content management system?
Tim CMS stands for ‘content management system’. If you have a website you designed yourself using, say, Weebly or Wix or even Squarespace, or even if you hired a web developer who puts together a site for you and gives you access where you can go in and change the content, that’s a content management system.
And, and here’s the takeaway for the small business owner, and this is sort of a non-issue now, although it didn’t use to be, if you’re hiring someone to do some web development for your company’s website, make sure they have some kind of CMS in place so you can make your own minor adjustments. If you need to change your hours of operation, for example, you don’t want to have to call up your web developer every time and have him switch things out. You want to have control yourself. So making sure that whoever creates your website also hands you control of the CMS, that’s pretty important.
Ruthy The next technology term we have is ‘data breach’, and I think we’re all pretty familiar with what that is and the implications of it, so I’m going to skip to the next one.
The next technology term is “DDoS”, which I’m not familiar with. Can you tell me what that is?
Tim DDoS stands for ‘distributed denial of service’. That’s when bad guys take down a website by flooding it with traffic.
An example of that would be, someone thinking, I’m really mad at your store, I want to get back at you for something, so I’m going to hire a thousand people to cram the front door or something, so no one can get in.
And this goes back to Number One as well, in that they might use a botnet to flood the server. Essentially, the botnet or whoever is orchestrating the service interruption, they create fake traffic that overwhelms the server and shuts it down. Which can be really disasterous for a commerce site or something similar.
Ruthy The next three words on the list, I think that you and I, and our listeners would be a little bit more familiar with:
But the next technology term that I didn’t know is SQLi. Can you describe that for me?
Tim SQL stands for Structured Query Language, and SQLi is Structured Query Language Injection. It’s when bad code is injected into SQL.
SQL makes up a database engine protocol, like a code. You use it as a way to build a database.
Let’s take the phone book, which is basically a big database. In the old days, those were in what’s called a flat-file database, which was just one great big honker database.
When you did a search on this big database, it just starts at the top and works its way down. It took a lot longer to find a ‘Q’ than it did to find an ‘F’. It used what is known as ‘sequential query language’. All your data are kept in different tables. So all the addresses are together, all the names are together.
You do a query search to see what’s there, a backend query to the sequel database setting.
“How many of this widget do we have in stock? How many this shirt, how many of these, this pair of boots, how many is in stock and what warehouse are they in?”
The problem becomes, a bad actor may, unbeknownst to the e-commerce site, be able to see what or who is buying stuff from that site, who is searching using that database. This means they can see say, the boots you bought. Or your credit card details. Maybe your phone number.
It’s a nasty thing that websites dealing with commerce need to be aware of.
Ruthy The next thing on our list is a VPN, which we covered in a whole episode a few episodes ago, so we’ll skip that one.
The other one that I didn’t know was an XSS, or ‘cross-site scripting’. Can you explain to me what that is?
Tim So cross-site scripting, as a term, os really more for the person who develops your website. If they have not updated everything on schedule, they might leave a vulnerability in different parts of the website.
If those different pieces of the site are not written well or not updated properly, you can have trouble. Meaning when the vulnerability comes out, it’s left open and the vulnerability is not immediately patched. At that point, bad actors can go in there, grab a piece of code, and have one part of the site talk to another part of the site to bring data back to them.
So that’s called cross-site scripting. It’s pretending to be something that it’s not, and it all happens in the background. And so as a small business owner, this is the conversation you’d need to have with your, with your web developer.
Now, here’s the biggest vulnerability for most small business owners.
Whether you had a developer make your site, or you designed it yourself using Squarespace or WordPress or similar, you have to make sure it stays updated. One thing that can happen is, say bad guys make a bot. Okay? A robot that goes out and crawls the web and finds all the WordPress sites it can find, and then starts looking at their versions so they can tell very quickly the ones that are vulnerable. And from that point, they just let themselves in via the vulnerability.
Ruthy I’ve been a WordPress user for a long time, and it’s the same thing you gotta be aware of when you’re using plugins on your WordPress site. They need to stay updated, too. Because that’s another backdoor entry that bad actors can use to get into your site. You could have WordPress updated, but if you’re not keeping your plugins updated regularly and cleaning them out and making sure that they’re up to date, that can do the same thing.
Tim Very good point. And so what does that mean, if I’m a small business owner? Probably shouldn’t be doing web development yourself, because if you’re running any kind of business, you’re not going to have time to keep up with the updates all the time. So you need to hire someone who knows what they’re doing, whose job is to do that for you.
That’s just part of the deal. And if you don’t want to screw around with that, which makes sense. Plugins get out of date too, because they ended up having security vulnerabilities that some bad guy finds and the creators of the plugin go, oops, we see that some bad guy found that. We didn’t know it was there, but yet it turns out it is. Here’s the patch, but you got to go in and apply the patch, which might break what you set up. So you’ve gotta be willing to apply the patch and then fix it if it breaks.
Ruthy Yes! It feels like it’s all a delicate balance when it comes to my WordPress site.
Tim So here’s the mistake that a small business owner might make. They say, “Listen, it’s up and running. That’s all I care about.”
And what do you always hear old Tim say? Don’t use that as your threshold. Don’t send that message. Don’t think of it that way cause it’s working. When everything’s running, all data breaches happen. When it’s running, it’s still vulnerable.
Tech Gadget: Don’t give thieves access to your boarding pass information!
Ruthy The Tech Gadget piece of info I have for you today was a really eye-opening thing for me, if I’m being honest. I want people to be aware of this before a lot of holiday traveling starts. Or, if you’re doing a lot of business traveling in the new year, make sure you keep this in mind: don’t print your boarding pass!
Can you tell me why, Tim? I ALWAYS print my boarding pass, but why should I stop doing that immediately?
Tim Well. You’re fine to print your boarding pass as long as you carry a portable shredder with you. Then you’ll be fine.
The whole point is, is these boarding passes get floated around. They might end up in your suitcase and then you’re at your destination and you shove it in a magazine and now you don’t care about it because you’re on that last flight, so whatever, and you leave it in a magazine, leave it in the seatback, you do whatever. Or you take it to the hotel and just toss it into the end of the wastebasket.
The thing is, your boarding pass has got a lot of data on it. Sometimes they will asterisk part of it, but not too much. The design it has to be able to say who you are, so you can use it to get into your flight. It might have your frequent flyer number, your address, the last four numbers of your credit card, all sorts of information about you might be on that pass.
Ruthy I have never actually even thought about this. And now it’s giving me anxiety and I’m thinking about every boarding pass I’ve left in seatbacks over the years.
And the reason shredders exists is that tearing it up after you use it isn’t good enough. I mean, who’s going to try to put it together?
Tim Well, you don’t want to think that. And because some knucklehead will do that and. You want to assume that someone will want this information. That’s your assumption. That should always be your assumption.
Ruthy There’s this other thing that people have been doing with their boarding passes, which is getting excited about wherever they’re traveling to and snapping a photo of their boarding pass, putting that photo on Instagram with the hashtag #boardingpass and scammers are going through that hashtag feed and stealing info off photos.
Tim I mean, here’s where I just go, “Who in the world…??”
Ruthy You do it because you’re excited! You’re like, “check me out, I’m going to Cancun! Nobody’s going to steal my boarding pass info!”
Tim It’s just, you can do a little braggy thing some other way. Don’t put it up on Instagram. That’s braggy.
I mean, I guess when you get your new Capital One card and you could take a picture of the front and the back and put on Instagram, say, Hey, look, I’ve got a new card and there’s $20,000 a credit out here.
I mean, that’s kind of the same thing. It’s just kind of braggy, and it’s a massive security hole while you’re bragging. So probably not a good idea.
I mean, you’re not going to post a picture of you standing on your front porch with $10,000 in cash and the photo geotagged, saying “Here I am in realtime on my porch and I have $10,000, isn’t this great!?”
This is kind of the same thing.
Ruthy They’re taking the frequent flyer miles from your frequent flyer accounts that they steal off the boarding pass. Then they keep the information off your frequent flyer miles account to exchange for cash, for other airline flights, transferring miles, all sorts of things. They get this info off your boarding pass and we’re just letting them!
So yeah, it’s a bad idea. Just be very careful with your boarding passes, especially if you’re going to be flying this holiday season.
Tim So, yes. Very good advice.
Ruthy All right, Tim. Well, I think that has to wrap up our show this week. We have solved enough of the world’s tech problems. I will see you next week.
Tim Sounds good. Have a good one.
3:43 Tech News segment: FBI recommends IoT devices on a separate network
8:12 How to go about setting up the separate networks in your home or business
12:23 Tech Tip: 10 essential business terms every business owner should know
25:38 Tech Gadget: stop printing your boarding passes (here’s why)