 So working in IT puts you at the foremost, frontmost dealing with cybersecurity issues all the time. So keeping everything secure is just mission impossible, so to speak, but you do everything you can and hope that nothing that you use is ever vulnerable, which is why we're so careful about any applications we use or any new things we try because it's security first before features. That's an important aspect for the job we do. Lots of consumers and end users can try all kinds of things, but we only like to use well vetted, well documented or security audited applications and that's an important aspect to think about when you're doing this, because in reality of IT, you're in information management in some way or another. We have to maintain all the information we have about our clients, their firewalls, their settings, their logins for things, all those different things that we have to maintain of course means the utmost secrecy is needed. And I'm a big fan of the Talos security team and I'll leave a link to their blog. It's a great reader, there's always interesting things on there, but they had something that I thought was a little bit softer and some people are spinning it as less secure and I've brought up before, we use signal for private communications. So all of my staff, we all have signal on our phones and on our desktops and this is a way that we can securely communicate. Couple things we do, the way we use signal is we keep all the messages expiring within an hour. We never have them set for more than that. And one of the ways that signal works is one, it's open source, it's very well vetted by top security researchers and because it's open source it can be. Close source ones, you have to trust that the security researcher was given all the code that was actually implemented. That's why I prefer things that are open source like signal for doing security and that's the problem I have with like WhatsApp and Telegram not having fully documented protocols that are well vetted and well audited by security researchers. That doesn't mean they're insecure, it just means they have not been audited. When the Taylor security blog talks about some of the problems and ways to hijack them. Now the thing the Taylor security blog really highlights though in the crux of their entire problem is people not being secure and it's all about session hijacking and this is one of the important aspects of how we do things and how we avoid that. First, all of our drives are encrypted. Second, all of our phones encrypted. Nice thing is with the new phones even if you're an end user you'd probably have it encrypted because the new models such as the pixel I'm holding in my hand right here I will pixel two, they come with encryption turned on by default which is wonderful. We also make sure we use good not slide around your finger passwords but actual passwords on the phone longer numeric ones. And this is where Cisco talks about how you can session hijack. In reality is it's kind of a weak article or a weak point, good point for the consumers but if you're doing any type of proper security hygiene you don't get up from your computer you salute your computer as you get up as I call it. So you grab the control super key L and that locks my computer every time I get up that locks my laptop every time I get up because session hijacking being able to steal your logged in credentials and then duplicate the session is the method that they cover in this blog for WhatsApp, for telegram and for signal. And these are obviously truly issues because if you were to have access to my computer you would be able to session hijack and then assume that it's secure. But they're focusing on those apps. Reality is once you have access direct access to my computer we have a whole new set of problems because that's obviously where my SSH keys live encrypted on my computer. So if you have access to steal session keys for WhatsApp that is truly the least of the things that I would worry about because my computer is authenticated and has logins to other things that are critical to our infrastructure here at my company. And any hacker knows the Holy Grail is not breaking the firewall like every Hollywood drama would like us to believe but the goal is to gain access to someone who is authenticated credentials. If you can become them or you have direct access to their machine through the remote access through physical access through a key log or something you physically have plugged into the machine or somehow compromised you now have the keys to the kingdom because that is gonna be the authenticated system that's already on the trusted list and then it's just arbitrary at that point to get their passwords or many people and myself included it's not like I have to log in to everything I do use OTP one time passwords via the TOTP protocol so I do have a ton of rolling numbers so you still have to have both my phone which also needs to have the logins which also has to have a password to get into any of those systems that we protect but this is just incredibly important I know sometimes it seems obvious but if you care about security the physical access to your machine is where it's at that is where you have to really concentrate and we have a lot of consumers because we do computer retail repair that get very concerned with this and rightfully so this is a real problem for them and yes they often let people in their computers and we tell them once you've let them in there's no way I can guarantee what they did or didn't take I don't know what they did once you've connected them to TeamViewer or some other remote application all bets are off you should probably be on that computer it's just too many risks to say it's clean it's one of those things it's I hate to use the word new can pave but yeah we do recommend it and once you've let someone get in your computer you have now violated the integrity of it and I know friends who work at higher levels of DevOps and cybersecurity for large large companies and they have protocols for all of this they have a wiping protocol they go and change everyone's keys if any one person even though the laptop's encrypted they will still wipe everything but this is important it's just something to think about and it's not that signal because someone tagged me this on Twitter because another company took the Taylor's blog and of course spins it insecure messaging apps which they're not really insecure we haven't found a flaw in them we have found flaws in people which are often the weakest point and where you really have to focus on for your cybersecurity is people training and making sure that people can do things or not do things based on really good policies but training is key understanding security hygiene not leaving computers unlocked in the office that is just a big no-no I'm going to recommend if you want to hear some great talks I'll leave one of the talks from Jay Street he does some of the greatest physical security talks he's a pen tester he's just I can't say enough good things which you will learn by watching a couple of his security talks because the guy knows what he's talking about and really can highlight some of the problems with physical security that people often overlook so definitely get everything encrypted that way if it does wander off you don't have to worry about the data with it there is no worry about signal or they didn't find any glaring flaws at least in the Taylor's particular post I'm talking about in some of the other ones signals still are go-to there's nothing wrong with signal but you do have to practice good security hygiene in order to keep it secure so like I said it's not secure if you're not secure alright thanks thanks for watching if you enjoyed this video go ahead and hit the thumbs up if you want to see more content from my channel go ahead and hit subscribe and the bell icon and hopefully YouTube will send you a notice if you're interested in contracting launch systems for any type of IT services work or consulting work go ahead and head over to launch systems.com and fill out our contact and get in touch with us if you would like to help the channel in other ways you can use our affiliate links below in the description or we have a link directly to our launch systems page we have a list of different affiliate offers and it's very appreciated if you use any of those for signing up any of the services and many of them offer you discounts if you want to head over to our forums there'll be a link in the description for our forums wherever they may be because we've been looking at different forum platforms but they'll always be relevantly linked right there alright once again thanks leave some feedback and comments below on this video if you loved it if you hated it I try to reply to everyone the people who hate and the people who love them so thank you very much and see you next time