Subscribe
Share
Share
Embed
In this episode of The Sandwich Generation Survival Guide, host Candace Dellacona welcomes Dan Krutoy, a tech industry expert who shares advice for seniors who are often targeted by scammers using social engineering tactics, as well as tips for parents on securing their children's devices. Their conversation dives into the critical topic of cybersecurity for families, the importance of awareness, training, and multifactor authentication to protect against cyber threats. Dan also shares the steps to take if a cybersecurity breach occurs. This insightful episode highlights the balance between technological convenience and the necessity of protective measures.
00:00 Introduction to the Sandwich Generation Survival Guide
00:59 Meet Dan Krutoy: Cybersecurity Expert
02:10 Understanding Cyber Threats in the Modern World
05:08 Protecting Seniors from Cyber Scams
08:35 Social Media Safety Tips
17:17 Cybersecurity for Children and Teens
23:00 What to Do If You've Been Hacked
25:20 Final Thoughts and Future Concerns
To learn more about Pro4ia, visit their website at https://pro4ia.com/
Connect with Dan on LinkedIn: https://www.linkedin.com/in/danielkrutoy/
Creators and Guests
What is The Sandwich Generation Survival Guide?
Welcome to The Sandwich Generation Survival Guide, where we explore the challenges and strategies of navigating life caught between work demands and supporting our loved ones while maintaining our own well-being. Join us in this dynamic podcast series as we uncover the complexities individuals face balancing multiple roles in the modern world. Our host, Candace Dellacona, shares personal experiences and professional insights to guide listeners through this complex journey.
Candace Dellacona: Welcome to the
Sandwich Generation Survival Guide.
I am your host, Candace Dellacona,
and I am so glad to welcome fellow
sandwich generation member Dan Krutoy,
who is here to talk about all things
security related to cyberspace.
Welcome, Dan.
Daniel Krutoy: Thank you so
much for having me, Candace.
Real excited to be here.
Candace Dellacona: Yeah, I'm so excited
too, so for our listeners, Dan and I
work together with our clients and, we
had a really interesting conversation
that I thought would be useful to
everyone out there as we navigate the
world of cybersecurity and all of the
things that we should and should not be
doing for every level of our sandwich
generation quagmire that we have.
So Dan, you're the guy
to talk to about that.
So maybe just fill us in a bit about
who you are, who you work for and
then we'll get into kind of the
nuts and bolts of the topic today.
Daniel Krutoy: Awesome.
Thank you again, Candace.
As mentioned, Dan Krutoy.
So my title is Principal for a technology
firm called Pro4ia and I've been in every
seat from a technology standpoint, from
the support side, help desk, to more
client facing, to strategic and whatnot.
And as you can imagine, technology
has evolved so much and changed.
And that's what's exciting about being in
this profession is it never gets stale.
And that's what gets me excited
in the morning, is talking about
these different technologies.
Candace Dellacona: So having that
bird's eye view I think it's really
important for people to understand
is that, you work with executives
but you work with families as well.
And the families that you
work with are often concerned
about privacy and security.
And even though many people think
that that issue only impacts a
family of wealth, I think one of
the things that we talked about
as sandwich generation members is
that it really impacts all of us.
So what I would love to talk about
today is because of the changing
landscape and all of this incredibly
rapid increase in technology and
the scams that go along with it.
What are the best words of advice
and tips that you can provide to us
to protect ourselves at every level?
So can you talk a little
bit about that in general?
Maybe let's talk about what the
dangers are and then how we kind of
prevent being a victim of those scams.
So what are you seeing out
there as kind of a trend?
Daniel Krutoy: Yeah.
And it's a great point.
And talking about families and
talking about kind of personal
outside of work technology it's so
prevalent in, in every aspect of it.
And there's so much
overlap as well, right?
You have your personal life that
overlaps with your business.
But, going back to my earlier comment, how
technology has evolved cyber threats used
to really be focused on, the office space
and, people would try to steal data there
and you'd always have to lock your IT room
or lock your computer or things like that.
But now with everything being
in the cloud now with everything
being mobile and accessible.
Your homes and your families
and I'll use my mom as a perfect
example, being that tech guy.
I get a call, at least once a day
or every couple days or a screenshot
sent via text of, what is this?
Or should I be clicking this?
It's an update on my computer.
Is this real or not?
And yeah, I think to answer your question
is ask a question or ask questions.
That's the number one thing is when
we implement and ask clients or even,
families to invest in cybersecurity,
the number one thing outside of
multifactor authentication, which
obviously adds that human element,
is awareness, training, and being
aware of what you're clicking on, what
you're doing who you're doing it with.
That's the number one thing I would
stress is making sure people are aware.
Because you're so distracted by, your
kids' homework and yelling at you while
you're also working at the same time.
That's the time that you click
on something accidentally and now
money's being transferred to another
account, or now unauthorized access
is happening to your computer.
Candace Dellacona: So let's
talk about that and obviously
those phishing expeditions that
the scammers send to all of us.
But I think you bring up a really
important point that, there used to be
a focus in the professional world and
a concern about cybersecurity in the
professional world, but it's really
bled into everyone's personal life
because we're all so technology minded.
We all are looking for ways to be more
efficient and have all of our information
in our phones and on our computers.
And while it has made
our lives I think better.
And I don't think most
people would argue with that.
In terms of efficiency, it has opened
ourselves up from a personal perspective
of not having the tech guy, your mom
is very lucky to have someone like
you to be able to call at the drop
of a hat and say, Dan, what do I do?
But are the scams that you're seeing?
And let's maybe start with
the senior population.
In terms of what people are dealing with,
I'll just tell you quickly that I was
a victim of a cybersecurity issue where
someone somehow got a hold of my social
security number and filed an unemployment
claim, and I had packages apparently
being delivered everywhere, and there
were four credit cards open in my name.
But are you seeing any
particular trends that are being
perpetrated against seniors?
Daniel Krutoy: Yeah, I'd say seniors
specifically that you've probably heard
in the news, there's scenarios where
they get a phone call saying, one of
your children is in jail and you need to
wire this money to get them out or they
get texts to their phone saying, here's
a UPS delivery, you need to confirm your
password so that it gets to your home.
And things like that.
Things that you know, look
like day-to-day scenarios that
they may not be educated on.
And it happens in the moment and you
don't really have time to think about
it, is where they're targeting it.
And social engineering is like a buzz term
in the industry because of technology.
Information is available
everywhere, right?
So if I Google someone's first and
last name, I can find their address,
I can find their phone number, I can
find so much information about them.
And what they do is they use
that as an opportunity to learn.
What are their tendencies?
What day of the week or what day of
the month do they pay their bills?
What once they get into their systems,
it's not a matter of if it's when, right?
So a lot of times we hear about
attacks that have happened and
it happened on, a certain day.
They've been in the system for
like six months just watching
what you're doing because they
wanna understand the tendencies.
That's what's happening.
And also you've probably heard of
solutions like software as a service
or hardware as a service where you can
pay, it's an operating expense where you
could pay for solutions for a business.
There's now cyber security hacking
as a service, so a bad actor can go
online and for minimal amount of money
they can buy a piece of software or a
package or a tool that empowers them
to go out and, go after people, right?
It's a numbers game.
If they send out this campaign or
whatnot to thousands of people,
all it takes is one to click on
it and now you're in trouble.
Candace Dellacona: Yeah.
So when you talk about social engineering
you're essentially saying these bad
actors are mining our social media
profiles to get information on us.
Is that it?
Daniel Krutoy: That's exactly it.
You've also heard in the news, right?
Facebook was selling people's information
and all of these other websites.
Now, when you go on any website,
they ask you about cookies and do
you have to accept or you can't
move forward until you accept a
certain amount of data to be allowed.
That's how these websites make money.
They sell your data to all these
third party, broker sites or
whatnot, that now, it's used for
marketing tools, but it's also used
for, bad activities, so to speak.
Yeah, that's exactly it.
When you're on Facebook, when you're
on Instagram, when you're on social
media, when you're shopping online,
all your information is now out there.
And at some point it's gonna
eventually be available to somebody
that wants to do something.
Candace Dellacona: And look, we
all like to be connected through
social media, whether it's, Facebook
or Instagram or what have you.
But let's talk specifically about
the social media profiles and I
think most of the listeners would
agree that most people feel that they
enjoy that part of connectivity with
their loved ones or their friends
that perhaps don't live close by.
And, maybe for this, the home bound
seniors, that's a way that they can
keep up with their grandkids or keep
up with family members who live across
the country or out of the country.
So how would you suggest just taking
it from a social media perspective?
That you would come in and help a
client, quote unquote clean up what's
in their social media profile to give
less opportunity to those bad actors.
What are the tips for us?
Daniel Krutoy: Sure.
It's hard to say.
But I think the common
knowledge around it is, the less
information, the better, right?
If you wanna post a picture of
something, that's great, but when you
post a picture of something and where
you are and what you're doing right,
that gives people kind of an idea
of, oh, they're in Cancun this week.
That means they're not home.
And I can Google this person's
address and next thing you know,
there's theft at they're home.
It's a double-edged sword, right?
You use social media because you
wanna socialize and you wanna share
what's happening in your world.
But people also use that against you
because now you're sharing a little
bit too much information that they
otherwise would've not known is happening.
There's two aspects of it, right?
You can secure your data
and your information, right?
You don't want somebody going into
your Instagram account and hacking
it and then sending things there
so that you can do that's, put
multifactor authentication on it.
Make a complex password, change
your password every six months,
because a lot of people use the same
passwords for multiple platforms.
So if they get into one system,
they're most likely gonna
try all the other systems.
So while that's a bit of a nuisance but
it takes 10 seconds versus if someone
hacked into your account, now you're
spending countless hours trying to
get back into it or things like that.
So that's the data aspect of it.
But now the social kind of engineering
that we talked about it is, that's really
a conscious decision on the individual.
How much information do you really wanna
give that you're, traveling somewhere
or that you're doing something or that
you bought a new piece of jewelry and
you'll see random things of people
sharing things that they're doing.
And that's really that's
up to that, the individual.
Candace Dellacona: Yeah, I
think that a lot of people
struggle with that in general.
And I think that, oftentimes we think
of the outside world in ways that why
would anybody care what I'm doing?
I couldn't possibly be
the one to be hacked.
And having gone through it it
definitely was a wake up call for me.
And I will also add, that the tagging
of other people, I think should
be thought about with some care.
A because other people might not
want to be tagged in a particular
location or at a particular event.
But I think, based on the situation
that you bring up where the phone call
comes in for the senior and it's, the
caller on the other end is saying, your
grandchild is in jail and they know
your grandchild's name because you've
mentioned them and the social media post.
It is a hard lesson to, to learn.
And there is a tension there between
the connectivity and, feeling
like you're up on the events of
your loved ones and your friends.
And also being mindful that unfortunately
there could be people lurking in
the background that perhaps don't
have your best intentions at heart.
When you think about cybersecurity
for those who are in that older
generation, and you talked about
your mom, so not clicking on things
is one of your words of wisdom.
And I think that's a good one.
I've also been guilty of doing that
once in a while, being distracted
and just trying to multitask what are
the other things that as children of
the older generation or the nieces,
nephews, the quote younger for those
of us in the middle, how can we set
our parents up in such a way to protect
them even if they're out on, social
media and they're posting things.
What are the things that you share
with your older clients as it
relates to their own cybersecurity?
Daniel Krutoy: Yeah.
Great question, and I'd go back to
the core function of it is education.
You gotta educate them on what
they're exposing themselves
to by doing all these things.
So I'll give a perfect example.
I'm sure everyone you speak to
in the older generations like,
AI this thing is coming and I'm
definitely not touching, I'm not
getting involved, yada, yada, yada.
But next thing you know,
they're using Waze, right?
Waze is their GPS and that's AI.
They're using AI and then
they say, alright, fine.
That's not a big deal.
And then they log into their bank account
and they're doing facial recognition.
That's part of AI and that's
part of biometrics and technology
and all these different things.
So whether you like it or not, or
whether you wanna accept it or not,
all these different technologies that
are available to you and that you're
playing with are have some form of all
these new things that are involved.
So you have to educate them on it.
The other thing I would say is, sit
down with them and every single app
that you use or your iPhone or things
like that, you have to really drill
into the settings and the cyber
and security aspects of it, right?
Because it's not just one button on
or off, like, Hey, I want cookies, or,
Hey, I don't wanna share my information.
There's so many different settings,
like location like tracking your
information, all that other stuff.
So sitting down with them and, if
they're using Facebook, go through
all the Facebook settings and
one by one, go through all these.
Do you wanna turn this on?
Turn this off.
That helps from that standpoint.
Someone shared with me Gmail recently
was exposed or information was
shared that you have to go into Gmail
and turn off a bunch of settings.
Otherwise they're gonna share all of
your, personal information as well.
So, educating them staying up to date
on the new threats that are out there.
I think that's the number one thing.
And then I'd say on a bare minimum, I
mentioned this a little bit earlier,
so multifactor authentication,
Candace Dellacona: Yeah.
Can you go into that a little bit about
what multifactor authentication is for,
a lot of people I think don't know that.
Daniel Krutoy: Sure.
So multifactor authentication's
kind of the full terminology a lot.
It also goes as 2FA or MFA.
So two-factor authentication
or multifactor authentication.
So when you type in your password, if
you don't have MFA turned on, then if
somebody gets your password, they type it
in from anywhere and then they can log in.
What multifactor adds is that second
element, that human element of,
okay, I got your password, but now
I need to authenticate a second way
that requires human intervention.
So let's say that bad
actor stole your password.
You're located in New York and
they're logging in from, Russia.
They need your phone or they
need that code to be able
to go into it to get there.
Or there's other methods to
just have that second factor.
So turning that on and you'll see
majority of the websites, like banks and
whatnot, they required at this point,
you can't even turn that feature off
because, over 90% of breaches are because
of password compromise and someone
let somebody in through the back door.
So, I'd say make sure that that's
turned on for everything, and
that helps a lot of the ways.
And then the awareness that I mentioned,
just making sure they're educated on, if
something doesn't look right just call,
call your grandson or your daughter or
whoever and ask them did you send me this?
Or should I click on this?
Should I open this?
And it's links.
Don't click on links that
you're not familiar with.
Even attachments can have,
some kind of thread in it.
Even if it's from somebody that you know,
that person could have been compromised.
And what they do is a trickle down
effect is they try to compromise everyone
within that person's contact list.
So then they send a link.
So you have to be careful no matter what.
And then as part of phishing
campaigns it's very simple to,
change one letter or one digit in
someone's email address, right?
So, if you have Candace in your email
instead of an E, sometimes they put
a three at the end of your name.
Or let's say you own a .com,
they can change the Gmail.
Obviously that's a bigger one,
but they could change an I
to a one or things like that.
So they try to manipulate
you in different ways.
So it's really just trying to
be aware as much as possible.
Candace Dellacona: As with any
sandwich generation issue, I
think, communication is really key.
And as we embark on this holiday season,
you bring up a really good bit of advice,
Dan, which is to sit down with your aging
loved one and go through their phone
with them and really take a look at the
settings on every app that they have.
And it sounds like there is a way to
go through and make sure that the app
isn't tracking and that there is only
necessary cookies and things like that.
I think as a novice myself, I didn't
actually realize that the cookies
request was not only for marketing,
but also to sell your information.
I really did think it was
just for marketing purposes.
I'm proud to say that I always
say no, but you're right.
Like even these little sort of
subtle click and dialogue boxes
that come up, we all have a tendency
to just kind of rush through them.
So slowing down, taking a look at
the phone, looking at the settings
with your loved one, and having the
conversation about not clicking.
And I think that leads us to the next
generation, which is okay now our kids,
where in many cases, maybe not yours,
but our kids are more technologically
savvy than a lot of the parents.
So can you talk about what you've seen in
terms of, influences and things that we
should be looking out for or tips that you
can provide for parents looking to secure
their children in the world of technology?
Daniel Krutoy: That opens up a
whole other can of worms, right?
It, once again, it becomes a choice.
And the challenge is, I'm a parent
of a 9-year-old and a 7-year-old,
and the conversations are already
starting of, when can I get a
phone or can I have a phone?
And you have the holiday season coming
up and birthdays and it's tough, right?
Because it's not just the individual
conversation between you and your
child, it's also, the peer pressure
of, I'm in school and some parents
allow kids to have phones at a
certain age and some parents don't.
And now you're fighting two
different battles of that.
So I don't want to go down the
road of, what's right or wrong.
'Cause there is no right or wrong answer.
But what I would say is back to a similar
answer for the elderly is if you do get
a phone for your child, Apple and iPhone,
I could speak to that specifically.
I'm not a big Samsung
or Android phone user.
I'm sure they have similar settings.
You have sort of that parent child mode.
And we actually did use that when
we did send my kids away to camp and
they were gone for the entire day.
We did want to track them, we did want
to be able to communicate with them.
We were able to lock the phone down
completely so that they could only
send and received phone calls and
texts from people in the contact list.
So myself, my wife,
grandparents and whatnot.
So if anyone tried to contact them from
the outside, it wouldn't go through.
And then also if they were
communicating, with a grandparent,
I could also see that text as well.
So let's say, God forbid a
grandparent's phone was stolen
and now you're communicating with
a child, you're at least seeing
everything that's coming through.
And it allows you to, authorize
any apps that they download, right?
If they want to play a game,
you have to approve it.
If they want to go to a website
it's locked down by default.
You may wanna open up a certain
link that they can go to.
So Apple definitely has all of
those features that you can employ.
Candace Dellacona: And that's amazing
because as a parent of older kids to
my knowledge that was not available all
the years ago when my kids got a phone.
I mean, certainly the rule
in our house and as you point
out, there is no right way.
So, I don't wanna get any emails about,
my way is definitely not the right way.
It was just worked for my family is we
would take the phones often at night.
And plug them in and certain things
were not private in our house.
And so that was sort of the way, it
was like maybe the old fashioned way
of going through things, but I didn't
realize that there was an actual
setting with certain providers that
would allow that kind of ability to
put a protection around your kids.
So the phone is one thing.
What about being on the computer?
Are there similar settings, Dan, that
you recommend in your house where you
say, okay, the kids can do X, Y, and
Z, and how do you go about doing that?
Daniel Krutoy: So whole other challenge
and something that comes up all the time.
My kids personally get Chromebooks through
their school that allows them to, they
use it in the classrooms for, various
activities and learning and whatnot.
And for the most part it's locked down,
so they can't really do too much outside
of what that platform is allowed.
But without speaking with too much
knowledge, I hear my son and some of
his friends talking about, there's.
VPNs and special ways that they try to
work around and try to get to certain
websites outside of just the ecosystem
that the Chromebook has allowed.
So I think once again,
awareness and watching what
they do it, it's tough, right?
You can't sit there and watch every single
moment that while you are working and
maybe they're on their Chromebook and
have a certain amount of screen time.
Making sure that it's locked down and
making sure that you're observing.
So when they're done for the day,
like you mentioned, you would take
your kid's phone and charge them.
You have the ability to go in and
look at the history if they went
to certain websites or getting
redirected to certain websites.
But that's the school version of it.
If you have personal devices, the one
thing I would definitely say is, work
computers should be completely separate
from, personal computers because
there's a line of delineation there.
You don't want to mix
and match, but it's hard.
I know it happens and a lot of companies
actually employ, bring your own device, so
you can't really stop that from happening.
But if I could give you a best
practice or recommendation, I
would say your work computers,
your work computer, your personal
computers, your personal computer.
And I'm not saying you
can't shop on Amazon.
I'm not saying you can't go on websites,
but if your kids are gonna be using it and
they're gonna be going to certain games
and gaming sites and things like that,
you just don't want to take that risk.
So if you do have that device where
they're using it just for personal
use, there are settings in there for
sure that you can lock it down and
windows or Apple allows you to say,
all right, this is a child of this
age and there's a bunch of options you
can toggle to say, certain category
websites they definitely can't go to.
Or they predefine them for you.
If they're within a certain age range,
they can go to certain websites.
And then it's up to you as a parent if you
want to granularly say, all right, this
site's okay, but that site is not okay.
Candace Dellacona: No, I love that there
is the infrastructure already that sort
of set forth within the technology,
whether it's, Apple or Android, that
you do have the ability to reign it in.
I think you probably have seen the
news that Australia, I think is the
first country that has now locked
down social media sites for kids under
16, which, I think is pretty bold.
And I really admire the
intention behind it.
It'll be interesting to see if it is
able to be enforced and if something
like that is possible in our country.
But until then, having the mechanism
in the device to try to control those
outside features, so that you can
protect your kids or your elderly
loved ones as much as possible.
I guess my final question for you is,
let's say, the horse is out of the barn,
as they say, and you have been hacked.
What are the measures that you
recommend as an IT professional to
try to repair and set yourself up for
success so that it doesn't happen again?
Daniel Krutoy: Sure.
I guess there's a couple
parts to this question.
From a business perspective, if
we're looking at it, if something,
a compromise has happened, let's say
to a computer, first thing you do,
unplug it from the internet, right?
Get it offline so it
doesn't spread any further.
If it's an account, like a
user account email account or
something that you log in with.
Immediately try to secure that account.
And when you say secure is change
the password, make sure if you don't
have multifactor put it on there or
reset it so that it's just, locked in.
From a personal standpoint same thing.
If it's a computer, I would
unplug it from the internet and
isolate it from that standpoint.
If it's your email accounts
or some kind of login.
First thing you need to do is
change your password immediately.
Even if it's like a randomly
generated password of like 16
characters with symbols and whatnot.
Make it as complex as possible.
A lot of these tools and systems
when you go in, they have
some kind of logging feature.
So you want to see who's logged in or kick
them out if you can or things like that.
And then I would obviously
call a professional.
And when I say professional, it could
be, a child, it could, or your son
or daughter, I don't mean a little
child, but someone that, has some tech
background or ability and work with them.
And then, yeah you basically
have to find the root cause.
Is it just isolated to
my Facebook account?
Is it my bank account?
Once you figure that out, then
you gotta make the phone calls
to those places to make sure that
it hasn't spread any further.
Run scans on those machines
with antivirus and whatnot.
But if it's something bigger where it's
financial impact or others, I would
probably get a professional involved.
Candace Dellacona: Yeah, I
think that that's great advice.
Look, as we said at the top of the
episode, technology is pretty amazing
because it can offer us efficiency, it can
allow us to connect with people who aren't
around the corner or in the same house.
But there are also pitfalls
that we have to be aware of.
And as with most issues that we
deal with, the sandwich generation,
communication I think is key.
So I'm really grateful for you
sharing the inside scoop today.
I know that you deal with many more
complex things, so I appreciate
you breaking down the simple
things for our audience today.
Daniel Krutoy: Yeah.
And can I give one more piece with AI
and someone actually mentioned this in
one of the business groups, actually
a similar group that you and I are in.
That with AI, your voice recording
within three seconds would be able
to use that as a voice recognition
for a multifactor authentication
that allows you to unlock an account.
And I think three minutes
is what they said.
If they record you for three minutes,
they can basically replicate your voice
to do a full conversation and whatnot.
And that's just today.
So imagine a year from now and further on.
So not only to break into accounts,
but those phone calls to the
elderly, they can be using the
voice of their child or grandchild
saying, Hey, send me this money.
And that's a really scary thing and
I don't know what the right answer
is today, but I'll leave you at that.
Candace Dellacona: Yeah, So thanks for
leaving us with the most frightening
thing I've heard in a really long time,
and particularly because, as a podcaster,
I think my voice is out there, i'm
gonna end up having to hire your company
when something like this happens again.
But, I'm really grateful for all of
your advice and even if it's troubling
to know what's out there, I think half
the battle is knowing what's out there
so that we can protect ourselves.
So thank you so much,
Dan, for joining us today.
And all of your contact
information will be in our show
notes for all of our listeners.
Thanks everyone.
Daniel Krutoy: It was great to be here.
Thanks so much.