Episode 170

Jul 20, 2018

We are increasingly dependent on technology to operate our businesses and our lives. While this can be a positive thing, it can also increase the risk that our personal information will be compromised. If you would like to tighten up your online security and protect your personal information, this is the episode for you.

Listen to "E170: The Massage Therapist s Guide to Online Security" on Spreaker.
Image for E170: The Massage Therapist’s Guide to Online Security


We are increasingly dependent on technology to operate our businesses and our lives. While this can be a positive thing, it can also increase the risk that our personal information will be compromised. If you would like to tighten up your online security and protect your personal information, this is the episode for you.

Sponsored by: Gift Up! and The Jojoba Company.


Sponsor message This episode is sponsored by giftUP. giftUP allows you to sell your own digital gift cards and gift certificates on your website with no setup fee and no monthly fee. Built with massage therapists in mind, giftUP is easy to install on your website and Facebook page and easy for clients to use. Clients can email the gift certificate or print it out for in-person gifting, and it’s easy for you to redeem with the iPhone or Android app. There’s a special offer for our podcast listeners. Visit massagebusinessblueprint.com/giftup to get the first 10 gift cards sold completely fee-free and no monthly cost ever. Visit massagebusinessblueprint.com/giftup.

Allissa Haines Hello, everyone. Welcome to the Massage Business Blueprint podcast, where we discuss the business side of massage therapy. I am half of your hosts, Allissa Haines. 

Michael Reynolds [laughs] And I am the worse half, Michael Reynolds.

AH I did not qualify my half. I just said that I am half.

MR You’re clearly the better half of our little endeavor here.

AH I don’t think that that’s true. I’m the one who takes 10 minutes to get my microphone working properly.

MR [laughs] There is that. There is that.

AH So that’s not true at all. Michael, how are you today?

MR I am doing well. It’s a beautiful day here, having a great summer here in Indianapolis, and the temperature is not in the 90s. It is actually in the low 80s today, so we can go outside without melting, and I’m excited about that.

AH Sweet. I’m sitting here in my — I think this is the first recording session from my new home office, which maybe explains the microphone issue. And it is a breezy 72 degrees, so I have my little home office windows open, which is good because it still kind of smells like paint and new carpeting in here so —

MR Love it.

AH — and I’m looking out into this backyard of — well, it’s a little bit of a mess right now. But it’s all woodsy, and I saw a cardinal this morning, and it is delightful, Michael, delightful.

MR Wow. It’s like a Normal Rockwell painting or something out there.

AH It’s a little more rustic than that, but yeah. We’re calling it my Blueprint backyard.

MR Love it.

AH Because I have this cute little home office. Anyhow, what are we covering today?

MR So I am excited about this because I am a total nerd, and the title of our topic today is The Massage Therapist’s Guide to Online Security. I picked a nice meaty, kind of impressive-sounding title. Because it is a pretty meaty topic. I would love to talk about security today. What do you think?

AH Bring it, man. Bring it.

MR All right, so, I want to talk about security because, well, it’s really relevant to everybody. But a lot of our community — in the past, we’ve had conversations with them, and they’ve said certain things that kind of prompted me to think we need to cover this. Some of those things include Hey, I don’t like using my credit card online, or I don’t like using this or that, or I don’t like storing information in the cloud. On the flip side — those are kind of the paranoid conversations we have — and on the other side of the spectrum is people saying things like Well, I don’t trust the cloud; I like to store all my personal information on my laptop. There’s just kind of this smorgasbord of information and fear and pseudo-correct and pseudo-incorrect facts and beliefs about security that I want to kind of really address today.

This is really good for everybody, but obviously for our community, especially, I want to really help our audience understand how to exist on the internet with confidence when it comes to safety and security and how to tighten up your general security practices so that you feel even more confident and you’re safe and you’re protected from online breaches. And so I predict — we’re going to go pretty deep. I predict that at least one of the things we cover today will be something that you’re not doing that you can start doing and feel a lot better about your security and be a lot more protected and stay safe. Because we want all of our listeners to stay safe. We want to be protected, we don’t want you to get hacked, we don’t want your banking information out there, so we want to make sure that you’re protected and safe. That is our goal today.

I’m going to break it up into two sections. Part one, I’m going to talk a little bit more about behaviors and kind of general ways of doing things. And then we’re going to have our halftime sponsor. After that, we’re going to talk about specific tools, apps, and settings, and things you can do from a technical standpoint to stay safe. So, Allissa, jump in anytime you have questions because I tend to kind of soap-box and throw out jargon, and if I get to jargon-y, stop me. I know you will.

AH Okay.

MR But let’s start with behaviors here.

AH Well, I do like that you’ve already started off with calling people paranoid, so that’s a good start.

MR Hey, it’s good to be paranoid. I’m paranoid, and I think it keeps me safe.

AH All right, bring it.

MR But I think healthy paranoia involves being educated as well, so we’re going to cover that. Some of the stuff — I’m going to start with the easy stuff that a lot of us probably already know, but just to kind of set the stage and make sure we’re on the same page here, most security breaches occur through what’s called “social engineering.” A lot of people think that hacking and security breaches occur by putting your credit card online or using the internet or things like that. In reality, most security issues come from social engineering, which means people actually are faking who they are and trying to get you to do something to reveal a password or to reveal personal information.

An example of this would be phishing scams — phishing with a P-H — phishing scams are very, very common. They’ve been around forever. An example of this is you might get an email that has a Chase bank logo on it, the email address has the word “Chase bank” in it, it looks very official, and it says Hey, your password has been compromised, you need to log in and change your password right away. And it asks you to click a link in the email and it sends you to a website that kind of looks like the Chase bank website: it’s got the logo, it’s kind of a replica. But it’s really not; it’s a site that is designed to phish for your passwords. And by “phish,” it means get people to pretend to log in on what they think is the Chase bank website putting in their own username and password when, in reality, it’s just a site collecting those passwords so the hackers can log in as you and get your information. That is an example of a phishing scam.

Phishing scams can come via email a lot of times or via Facebook. They can also come via phone. A lot of us are probably getting these phishing scams that are these phone calls where there’s a recoding pretending to be the IRS, and it’s saying Hey you’re going to go to jail because you owe all these taxes. Call us back at this number. And what they do is ask for all sorts of personal information like your address, your social security number, all sorts of stuff that they can use to hijack your identity or log in to online sites using those credentials. So phishing can happen via phone, via email, via texting, via Facebook. So social engineering is the number one way people get access to your information.

So be very vigilant, be aware of these scams. Be aware that, for example, the IRS will never call you about stuff like this. They will always send you a letter in the mail. So if you’re getting something from the IRS and it’s legitimate, it’s going to be in the mail. That’s one example of being aware of how these agencies operate and being aware of how things work. Banks will never ask you for your password, for example. So anytime a site or a person or a supposed business or organization is asking for your password, 99.999% of the time, it is a scam. You should never give your password out. If you’re ever in doubt, hang up or delete the email or whatever and then go directly to the website or look up on the website the IRS phone number and call them directly and ask them to verify this thing they’re asking you for. Never respond to something that is pretending. Most of us, I think, are aware of this stuff, but sometimes these scammers are getting pretty good and they can be pretty convincing and scary, and so it’s important that we stay very calm and very vigilant about this stuff. So social engineering is number one.

Moving on, don’t ever email sensitive information. Email is inherently an insecure medium of communication. Email is great for general correspondence, it’s great for sending messages back and forth, but you should never send things like your social security number, an image of your driver’s license, credit card information. Anything that is sensitive information should never be sent via email. The reason for that is email sends information in plain text. What that means is, it just sends the information in regular, plain old text across the internet. And it is very easy for people who can get on the same network as you, they can log into certain routers or points along the way that transfer the information along the internet, and they log in, and it’s called “sniffing” the information. And they have tools that can actually intercept the data as it goes by, and if it’s in plain text, they’re going to see this nice, plain-text message of all this information; it’s not encrypted. Never send sensitive information via regular email. We’ll talk about secure methods of sending it a little bit later. But never send stuff like that via email.

Next, don’t store sensitive information on your computer. I see this a lot. A lot of people say Well, I don’t like storing stuff in the cloud because I can’t see it or touch it, and I like putting all my tax returns and everything on my computer on my laptop and it’s safe there. That’s really much less safe than storing it somewhere off site. If you have to — if you just are going to store information on your computer, make sure it’s fully password protected; make sure your computer has a password on it. But, in reality, I’d rather see you not store anything like a tax return or credit card information or anything on your computer. All that should be stored in cloud-based tools, which we’ll talk about a little bit later.

Let’s talk about passwords. This is a big one. This is one of the biggest things that I think a lot of us can improve on and that’s passwords and how we create and manage passwords. So the behavior part of this is how to actually create passwords and what types of passwords to use. There’s a myth out there — there’s a kind of misnomer out there that passwords are secure if they some some weird combination of uppercase letters, lowercase letters, and numbers. For a while, we’ve been coaching people and telling people — by “we,” I just mean people that ask for passwords in general or banks or whatever, we’ve been coaching people that that’s the way you make a password. It has to be 6 to 8 characters, numbers and letters, and that sounds secure. It’s actually really not. The length of the password is what matters most.

Here’s an example. A lot of people would look at this password as secure — I’m going to just read this out loud. I just made up a random number here: 1J4*97K. So if you look at that on paper, it looks like a very secure password because it’s this random string of letters, numbers, and characters. But it is 1, 2, 3, 4, 5, 6, 7 characters long. That is extremely short when it comes to password security. That is actually going to be an easier breach than a longer password. Contrast that to an example of a strong password. A strong password would be something like four random words in a row. These can be all lowercase. So here’s an example: correcthorsebatterystaple. I just grabbed that — there’s an example site that gives you examples, so I just grabbed it from that site. Four random words in a row, this is over 20 characters long. And despite the fact that it does not have number in it or uppercase letters or special characters, this is a much more secure password than the previous one simply because it has more characters in it. Keep in mind the length of the password is what makes it more secure. You can have repeated characters in a row, you can have plain old dictionary words, you can have pretty bland actual words in the password, but the password has to be long in order to be secure. We want at least 20 characters in your password.

Now, some of you may be rolling your eyes saying Oh, how am I going to remember a password that’s 20 characters? Well, we’ll get to that. We have ways of doing this. We’ll get to that after the halftime, but you want to make sure that your passwords is at least 20 characters long.

Also, don’t use the same password on multiple sites. Never use the same password twice. A lot of us are in the habit of picking a password we can remember, and then we use that password across our online banking, in our email, on Facebook, on our payroll system, on all sorts of thing. We just use that same password over and over everywhere we log in. The downside of that is if someone breaches your password on one of the sites, they’re going to try everything else and they’re going to get onto all those other sites too. So limit your exposure by never using the same password twice. And again, a lot of you are thinking Well, how am I going to remember a million passwords? Well, we’re going to talk about password managers in the second half here, so be aware; it’s okay. There are ways to do this.

Next, don’t ever write passwords down. I know a lot of people that are notorious for writing their passwords on a Post-it note and sticking it on their computer. This is one of the worst things you can do. People could walk by and see it if you’re at a coffee shop. If someone breaks in and gets access to your computer, there’s your Post-it note right there with your password. Anybody could walk by and see it; it could fall off and get lost on the ground somewhere; there’s just so many ways someone could just get this piece of paper, and it’s just a terrible way to store your password. Never ever write your password down in a notebook, on a Post-it note or anywhere. Passwords should never be written down on paper.

Next, change your password every 90 days. Some people say 6 months; some people say 90 days. I like to err on the side of more frequently because on the off-chance someone does get your password, then you’re going to be able to change it often enough that if it does end up in one of those password databases that gets shared around in hacker community, by the time it gets shared and used, it’s probably outdated. So that’s a good way to make sure that your password expires after a certain period of time as well.

So all of this probably sounds like a huge burden at this point. Don’t worry, we’re going to talk about password managers after the halftime. But be aware that if you do these things, your chances of getting hacked goes way, way, way down. Keep that in mind.

Next, keep your software up to date. That means your operating system, your web browsers, everything on your computer. So if you’re using a Mac, for example, make sure automatic updates are turned on. Same thing on Windows, make sure automatic updates are enabled so it always prompts you to update your operating system. Use a web browser like Chrome or Firefox that has automatic updates built in. If your using IE, just stop. It’s very insecure by default so —

AH Wait, what does IE stand for?

MR Thank you. Thank you. Internet Explorer. It’s on Windows; it’s usually the default browser, so use Chrome or Firefox. In my recommendation, those are going to be much more secure web browsers.

Use anti-virus software as well. This is more of an issue on Windows. If you’re on a Mac, I don’t really worry too much about anti-virus, but if you’re on Windows, definitely use anti-virus software. That’s going to help you stay up to date as well.

Another behavior thing, don’t connect to an unknown WI-FI network. There are ways of getting access to people’s computers and that involves setting up what’s called a “dummy” or a “spoof” WI-FI network. So the way this works is, if you’re at a Starbucks and if there is someone there that wants to get access to Starbucks customers’ information, they will sit down there with their computer, and they will set up their own little private WI-FI network and they’ll call it something like Starbucksguest1, and it’ll look like a Starbucks network. If you join that network thinking it’s Starbucks WI-FI, you’re probably going to figure it out pretty soon because you’re not going to get access to the internet, but in that short time, that one or two minutes, you are on that hacker’s network. They can actually see your computer, they can attempt to log in to your computer, and they can get access to your files if you’re on that same network that they’ve created. So never use an unknown WI-FI network; always use a WI-FI network where you know exactly what it is and who’s providing it. So for example, at Starbucks, if you want to go there and you see multiple Starbucks WI-FI networks, ask Starbucks which one is theirs. Make sure they know and can point to exactly which one is the official Starbucks network so always you know you are logging in to a trusted or a known WI-FI network.

Next, last thing before the halftime, back up your data. Most people are terrible at this. They are absolutely terrible. Including myself; I am sometimes terrible at this as well. Back up your data. This is not so much preventative of keeping you from getting hacked. It is if you do get hacked, the best way to recover your information is to wipe everything out and restore it from backup. So one of my favorite — actually, we’ll talk about my favorite backup tools after the halftime here. But be sure you’re backing up your data, preferably, on a cloud-based system. And that means using an online backup service that automatically backs up your computer every night or just on a continuous basis. And that way you can always know that if worse comes to worst, you can completely reformat your computer, wipe everything out, and start over with your backup files.

So before we go to halftime, Allissa, I know some of that was a little bit heavy. Anything I’ve covered that we want to go back and explain in further detail or anything not make sense?

AH I’m feeling a little exhausted, but I’m excited to hear your — the tools to make this happen without me having to spend six hours a week at my computer creating and changing passwords.

MR Right on. Let’s take a break and go to halftime. [laughs] Who’s our halftime, Allissa?

AH Jojoba.

MR Jojoba.

AH I got to say it so it was exciting.

Sponsor message Let’s talk a little bit about jojoba. We’re so grateful to The Jojoba Company for making an amazing product that does not oxidize or turn rancid and has an indefinite shelf life, which means heat does not affect it. Massage therapists in Florida, California, and other warm climates prefer Jojoba Care jojoba to triglyceride oils like almond, grapeseed, macadamia, and other fragile products which deteriorate and get gross in the heat. So if you do hot stone massage or you just warm your oil a lot, jojoba can stand up to heating and reheating and does not require refrigeration. It is awesome, which means I can put it in my hot car here in the summer and not worry about it sitting there for a couple hours until I get to my office. Yay. You can learn more about Jojoba Care jojoba at massagebusinessblueprint.com /jojoba, that’s J-O-J-O-B-A. Thanks, jojoba.

MR We love jojoba.

AH We really do.

MR All right. You ready —

AH Ready?

MR — to feel overwhelmed again?

AH Bring it, baby. Bring it.

MR [laughs] Okay. So let’s talk about specific tools, apps, and settings that a lot of us may want to adjust, change, or adopt to be more secure here. Some of this — actually, most of this ties to the behavior stuff. Since we ended before the halftime talking about backing up data, I’m going to share a couple of my favorite backup tools. These are very inexpensive and easy to use. My favorite is called Backblaze; it’s at backblaze.com. It is $5 a month, and it will back up all the files on your computer, and it will do it automatically in the cloud. What that means is it takes your files in your computer and it backs it up to Backblaze’s data centers and stores it securely on their servers. So if something happens to your computer, you lose your computer, you have to wipe it out, it just dies altogether, then all you have to do is whatever new computer your using or whatever fresh computer you are starting with, you can download your data, or they’ll even mail you a USB drive if it’s a lot of data, and you can restore your files from Backblaze. Carbonite is another one I’ve heard of that seems to be pretty popular as well. Do you have any favorite backup tools, Allissa, besides Backblaze or Carbonite?

AH You know back when I had a PC I used Carbonite and it worked fairly well; I didn’t have any problem with it. And back a long time ago when I was dating that software developer for a couple years, he swore by Carbonite and really, really loved it.

MR Yeah, it’s pretty popular. So those two are probably your best bet. But I like Backblaze and use that personally.

Next, we talked about passwords already. Just a reminder, set a strong password for your computer and your phone. Again, a strong password for your computer is going to be a long password. Again, ideally 20 characters is your target or your goal. You can get away with give or take a little bit, but don’t make it like 8 characters. That’s too easy to get.

AH Wait, hold up. Go back on that. The password to get into my computer should be like 20 characters?

MR Ideally, yes.

AH Dang, girl. Okay.

MR [laughs] Now that — we get into kind of a territory where you can probably get away with something a little bit easier to remember on your computer if you’re following all of these other practices. I would say you can probably cheat by getting away with something easier on your computer as long as everything else is stronger. I mean, ideally, do your best.

AH All right, so a 47-digit password on my computer. Done.

MR There you go. There you go. Also, on your phone, be sure that you set a PIN for your phone, a 4- or ideally 6-digit PIN for your phone. That way if someone gets ahold of your phone, they have to put the PIN or number in to get in. And make sure that it wipes the phone after, I think, it’s like 10 attempts, you can set it so if someone tries 10 times, it’ll just wipe your phone out. Make sure you set that as well so if someone keeps trying, they won’t eventually get in; it’ll just wipe out all your data.

Next, on your computer, set your screensaver to require a password to unlock it, and set it to activate after 5 minutes. That way if you leave your computer out accidentally or get called away quickly or your just forget and leave it open, that no more than 5 minutes will go by where your computer is unprotected. The screensaver will kick in after 5 minutes; you’ll have to put in your computer password to unlock it. That will, ideally, keep your computer fairly secure.

All right, next, this is — the last few things I’m going to cover are — actually, I’m going to pull one thing out because it’s not one of the big ones. When we talk about sending stuff via email, I mentioned earlier that you should never send secure information via email because it’s plain text. There is a service I really like that helps you get around this. It’s called Sendinc. Sendinc.com, and it has a free, secure email system. So you can basically set up an account with Sendinc, and it lets you send secure emails to people. So if you ever have to send a social security number to someone via email or an image of your driver’s license for a new job or something or whatever it is and you need to email that, you can set up an account with Sendinc, send it securely, it will encrypt it, and that keeps your information safe, secure, and encrypted. So I wanted to put that out real quick.

So the last few things here are the big ones. These are things that are going to be most effective in keeping you secure. One of these is two-step verification. A lot of people hate two-step verification because it’s annoying. It is annoying. But, you know what’s annoying? Getting hacked. So two-step verification is a small price to pay to really, really provide extra security for your accounts. The way two-step verification works is when you put in your password, if it’s the first time you’ve logged in via that computer or within a certain time period, it will send a code to your phone and you’ll have to enter that code in to the site you’re logging in to before it will let you in. What that means is, if someone in some other country, or even some other state or something, gets access to your password for your bank, for example, and they try to log in as you, the bank will require them to receive a text message with that code and use that code to log in, which means the message will get sent to you, not to them. This is a fairly secure way of keeping your information safe.

Any site at all that you ever log in to that offers two-step verification, enable that. Accept that option and enable it and make sure you are using it. Absolutely on your email. Absolutely on Facebook. Absolutely on your bank, your mortgage site. Everything that offers it. Most sites that are handling secure information will offer two-step verification. If they don’t, it’s probably coming pretty soon, but I think every bank in the world offers it now. All email services offer it. Facebook offers it. Any social media site’s going to offer it. You have to activate it sometimes, though. If it’s not active on these sites, go to your settings and activate that and make sure that it’s enabled for every single site you log in to. Does that make sense, Allissa? Two-step — did I explain that well enough?

AH Yeah, I’ll take it.

MR [laughs] Allissa’s just feeling exhausted already from —

AH No, it’s one of those things where once you experience it, it’s a lot easier to understand.

MR And I’m just going to be a little more annoying here and go a step further —

AH Oh, dear God.

MR — I know, I know. You all hate me already, I know. But there has been proof and data showing that text messaging two-step verification is less secure than authenticator-based two-step verification. So there are two ways of doing two-step verification: you can get a text message to your phone with a code, or you can set up what’s called an authenticator app. There are apps like the Google authenticator app, the LastPass authenticator app, which we’ll talk about in a minute. Some services have their own authenticator apps. The way it works is there’s an app on your phone and it generates a new code every 60 seconds. And what you do is you have to open the app, get the code, and use that to log in to the site. The reason it’s more secure is because occasionally, text messages can also be intercepted. It’s pretty rare; it’s pretty difficult to do, but it is possible. I will say that the chances of your text message getting hacked is fairly low, but if you want to be really paranoid and super secure about it, the more secure method of two-step verification is to use the authenticator app option over the text message option. If you’re completely overwhelmed, ignore that last bit of advice. For those who care, though, I just wanted to share that. So there you go.

How the heck do you manage this stuff, and how the heck do you stay secure and use all these passwords without going absolutely insane? Well, there is an app that I love — there are multiple password manager apps out there. The one I love is called LastPass. Conceptually, let’s talk about what a password manage app does. A password manager app manages all your passwords, just like the name implies. The way it works is you set up what’s called a “password vault,” and the password vault contains all of the usernames and passwords for all the sites you log in to. Then, you have a master password and a master log in account that you’re going to use for that password manager app. That is what you’re going to use to log in and authenticate into your password vault. And then your password vault is what allows you to access all the other site like your online banking, like your email, like your Facebook, etc.

So this is a really good way to manage all of these long, hard to remember passwords. Again, the app that I love best of all is called LastPass. Lastpass.com is the site. Fair warning, it does have a cost to it, but it is extremely inexpensive. It is $2 a month. I know a lot of us are fatigued by Oh, one more monthly fee to pay and one more thing. But I put this right up there with life insurance. I mean, it’s that important. A lot of us are Oh, the premium for paying life insurance is whatever. When you need it, you’re glad you have it. LastPass same way. $2 a month is not a lot of money to pay for the security and the peace of mind and the organization that comes with managing all these passwords.

The way it works, again, is LastPass will generate secure passwords for you really easily. It has a browser plug in, it’s got an iPhone and and Android app. When you’re on the web, all you have to do is go to the site you want to log in to, and your LastPass extension on your browser will autofill the login information for that site. So if you go to Chase bank, for example, go to chase.com, LastPass will let you autofill your username and password in there, and you can log in using LastPass’s authentication. This is a really elegant way to handle all of these sites that you have to have passwords for. The key for all this is to make sure that you have a very secure password as your master password for LastPass and you enable two-step verification for it. If you do that, then the password vault itself is going to be very secure, it’s encrypted, and then it lets you log in to everything else very easily. I’ve been using LastPass for years; I absolutely love it. Do you use LastPass or any kind of password manager, Allissa?

AH I don’t. I just opened the website. I’m going to do it now.

MR [laughs] Now here’s the thing. A lot of people use the browser’s built-in password managers. Those are not as secure. I highly recommend against that. A lot of browsers, even Chrome, will say — I mean, it’s better than nothing — but they will say Hey, would you like to store your password in the browser so the next time you log in it’s saved. Everybody does that; they just let the browser save it. If someone gets access to your computer, they can get access to your browser password database as well, which is not going to be as secure as something like LastPass. Don’t ever let your browser store passwords. In fact, set your browser settings so that feature is off. Make sure that it never asks you, it never offers to save passwords, and it never stores passwords in the browser. Always go through an extension like LastPass.

That is the end of my list. Now that you are all extremely exhausted, I’d love to hear — Allissa, maybe help me out. What is not clear? What is sounding too overwhelming to deal with? What do you need some extra attention on? What should we talk about?

AH Tell me — because this is crazy overwhelming, tell me what the first thing is I should do.

MR Change all your passwords to secure passwords and use LastPass.

AH So do I have to change my passwords first, or should I set up my LastPass first and then —

MR LastPass first.

AH Okay. Okay so —

MR Because LastPass will handle your passwords for you. It can generate secure passwords for you.

AH So I’m going to set up my LastPass, and then it’s going to take care of generating all of those secure passwords for me as I begin to browse and go about my daily routine and anytime I get to a website that requires password?

MR Yes. That is correct.

AH Okay. Excellent. Then what do I do?

MR Make sure two-step verification is enabled on everything.

AH Okay. And I can do that —

MR If you can do those two things, that is a huge step.

AH Okay, and I already have two-step verification set up on most accounts. As I work through generating new passwords with LastPass, I will let that be a reminder to also set up that two-step verification anywhere I don’t have it.

MR Right on.

AH That is what I’m going to do. Then I will come back and relisten to this podcast and hope for the best.

MR [laughs] Here’s the thing. A couple things I want to end with here. One is if you follow these security practices and you’re aware of how breaches happen, for example social engineering, etc., you’re going to be a lot more confident just making payments online and using the internet for transactions. You’re going to be a lot more confident about it, and your paranoia will be informed paranoia versus uninformed paranoia. Keep that in mind. The other thing is a lot of people think Well, I am not a big target; people are hacking big companies and things like that. Actually, everybody’s a target. Hackers and people that are looking for personal information are not — they don’t discriminate on any particular factor other than how easy it is to get to. Whether you’re at a coffee shop or scanning online services or whatever, everyone’s a target. Don’t feel like it can’t happen to you because it can, and it most likely will at some point in your life if you’re not being vigilant about your security.

I know I’m sounding scary, but I want to scare you. [laughs] I really do want to scare people because getting hacked is no fun.

AH It’s exhausting. And the hours and hours and hours it takes to recover accounts that you need access to and to repair any damage that was done is just a nightmare.

MR Yeah. Right on. Anything —

AH That’s it, Michael. I mean, you got anything else because I’m overwhelmed.

MR [laughs] No, I think that’s a good overview. I would recommend if you didn’t take notes this time, maybe relisten, take some notes, gradually implement these practices as you go, and you will be very glad you did.

AH And that’ll wrap us up, everybody. If you have a topic that you want us to cover or beat to death until you’re exhausted, you can send that to us at podcast@massagebusinessblueprint.com. If you love podcasts and you love our podcast, you should totally review us on whatever platform that you listen to us on and maybe show one of your best friends how to listen to podcasts and show one of your massage colleagues how to listen to the Massage Business Blueprint and help them subscribe. Tell a friend if you still love us after this long episode, and if you don’t, don’t tell anybody please.

MR [laughs]

AH That is about all I have to say. Thank you for listening and have a wonderful day.

MR Thanks, everyone.

Logo for Acuity
Logo for Yomassage
Logo for Jojoba
Logo for Pure Pro Massage Products
Logo for ABMP