Host: Jeremy Cherny interviews Duane Maas, President of MC Services
“I started doing computer consulting in ‘96 so I ended up doing a lot of stuff with the internet because nobody knew how to do it – learning DNS and all the networking stuff. We do a lot of Apple and a lot of Windows, especially moving into networking environments. We’ve also done some app development as that’s exploded with iOS and Android. But really, Mac is becoming a more accepted device for a large company, so we work a lot on integrating Macs into corporate networks. At MC Services we range from one to two people companies to $12 billion dollar private companies where we do all their Mac and Windows support. In the course of that we’ve worked a lot with security.”
Why is security important and when did you get really interested in it?
I think I wrote the first eCommerce site in Wisconsin back in 1997. The first year of Christmas for this company, they got 10 orders a day. The next year they got about 100 orders a day and my code couldn’t handle it. As the internet sprung up learning about SSL and TLS became more important because it became a lot easier to steal from people. It’s amazing to me now how people are “fat, dumb and happy” out on the internet. The important thing is to have different levels of security for different reasons. There are always different levels. It’s kind of like buying insurance – how much insurance do you buy on a car.
How do you stay on top of the latest security threats?
You have to have trusted experts to talk to. There’s a Slack Mac admins channel that I probably look at every day. The other thing is Twitter. I look at people talking about threats and stuff like that. The big discussion going on now is about the vulnerabilities of Zoom. It isn’t something that my wife or kids would care about, but if you’re using it for corporate stuff, then you need to know about it.
How do you address security awareness training for your end users and the different stakeholders that you work with?
It seems like the biggest thing right now is in corporate email phishing. It’s combined with what they call spear phishing. For example, they see that you and I talked and have had communication so they could send you an email with my name on it and you’d be apt to click it. We’re doing a little webinar on what you should be aware of and how to check the email sender by rolling your mouse over it and seeing if it is what you think it is. People have been pretty open to these webinars. The other thing is just to discuss with the corporate team their strategy for blocking emails. We also do penetration tests on our clients networks where we act as the hacker and see where their vulnerabilities are.
What are the most important things that people can do to protect their online information?
I think the biggest thing is to use a password generator. Another thing I do is tell people to take two random, common words and put a character and number in between them – it makes for a very secure password. But there are plenty of online generators or places to check the strengths of your passwords. When you get into something that’s further up, I think of two-factor authentication where you enter your password and then it texts you a code to put in.
What do you see as the future of information security?
Unfortunately I think it’ll get worse as far as the attacks. One of the other things I think about is cyber currency. It’s the only place where people can transfer money without being tracked. Also with faster computers the old types of encryption become less effective. So it’s definitely scary. Once you get something blocked, they just come around the other way.