[0:22] Hello everyone, I'm Jonathan. I'm Crystal. And this is Haunt Weekly,

[0:27] a weekly podcast for the honored attraction entertainment community. Whether you're an actor, owner, or playing aficionado, we aim to be a podcast for you. And we return to you this week, obviously having missed because of the holidays and some other things we'll get into in a minute. Yeah. But yes, indeed, we're returning to you this week to talk about something that impacts all businesses, but we're going to talk about some ways Hansa are especially vulnerable and I'm going to tell a very embarrassing story about myself getting really drunk at a bar I was right there with you. I know but I was the one that was the actual idiot in the story that's fair. That's fair enough so if that sounds entertaining to you, listen on if you don't want to hear that I don't know why because that's the best intro I've ever done for a podcast, you know when I fuck, go to HauntWeekly.com, HauntWeekly on Twitter, HauntWeekly on Facebook, and YouTube.com, HauntWeekly. Pick another episode. There's like 469 of them. Nice.

[1:27] So please, definitely check those out. But yes, indeed, we are talking this week about Haunt Digital Security. Some great tips, not only for people and persons in some cases, but businesses in particular, and some special focus, like I said,

[1:43] on the haunted attraction industry and ways that they are vulnerable. Now, before we get into the fun stuff, once again, we did note that we are behind. And we were actually going to record New Year's Day and just have a late episode last week. Right. And, well, I suppose a lot of you heard what happened in New Orleans early New Year's Day morning. Mm-hmm. And we, I'll be honest, we didn't feel like recording. We didn't have the spoons. We're still...

[2:19] Reeling with the rest of the city. Yeah, we're fortunate we were not impacted and we don't know anyone directly who was impacted, but we do know people who know people. Right. If that makes sense. Yeah, second degree. Yeah, so yeah, but obviously our thought, I mean, New Year's morning was apparently a rough time for many cities. Yeah. It's been very rough in the very first parts of this year so thoughts out to everyone who either were victims or know the victims were impacted by this in any way um it's rough and like i said so what we're going to do is since we're recording this on thursday the uh the second um we've decided since that'd be really late in the week we're just going to move it to sunday we're recording it now we're going to publish it sunday and just sort of resume there and hopefully pick back up but yeah so we're fine everyone we know directly is fine but yeah it's it was very very chilling is the word i would use yeah well and it's bad because so we're in a text group with a lot of our crafty friends that are in the area And Haunty Friends, too. And Haunty Friends, too.

[3:42] And they were all talking about it when I woke up. Yeah. But none of them were saying what had actually happened or where it actually happened. They were just saying, look at the news. Oh, my God, can you believe blah, blah, blah, blah. And it took a while to piece things together. Yeah. It's always frustrating when something like this happens. Yeah. How information...

[4:07] Doesn't flow right i mean it's so weird especially in our highly digital environment how everyone assumes you're already caught up even though like motherfuckers got to sleep and shit so yeah it's so good it was a very difficult time and i'm very glad that we were able to confirm everyone we know is fine um we were saved by the fact we're old and the odds of us being on bourbon street 3 a.m any morning is functionally nil yeah and we've actually only done um new year's eve in the city once out with everybody and i wound up getting sick because a lot of people burn their christmas trees so or at least they did at that time which again was like 20 years ago yeah we were inside asleep on the other side of the river from when it happened yeah anyways so that's our plan for getting called back up we're going to just pick back up on sundays we still may move to fridays if that does work when we get our rhythm going again yeah but that's a conversation we're gonna have for later trying to pick a date in the middle of the holiday season was just stupid right and i really regret even thinking that yeah and we may you know give ourselves some grace next year because we have trips planned where we may take a week off or intentionally, like with warning and stuff.

[5:31] We've got some St. Louis trips coming up to see the grandbaby. Yeah.

[5:36] And other neat stuff coming up. But anyways, let's jump into this week's episode. First things first, every week we try to ask a question a week. And last week, we asked you, everybody, how do you keep Halloween alive or haunt spirit alive during the winter holidays? Whatever winter holidays, you observe it.

[5:56] And basically, everyone fell into three camps. Yes. Broadly. So I decided just to break up the camps. Yeah. I thought that was the easiest and fastest way. That makes sense, yeah.

[6:05] First were people who were doing holiday-themed events. That included Chris Gay, who did photos with Krampus, which sounds awesome. Yeah. And Christian Risto, who did his first Krampus Nod parade. Which is very fun, too. Yeah. There's a crew of Krampus here that does it. I've never actually seen the parade. No, we were kind of... And they've reached out to us to actually join the crew once or twice. Yeah, we're going to go a couple of times, but it's a lot of people. We're not parade peoples. No, I'm sorry. We're getting our New Orleans card revoked already. We were parade people when we moved here, more so at least. Yeah, we were. And I enjoyed being the photographer in the parade. So if I have something to do in a parade, it is better. It is a different experience. It is. And I'll say this. I was marching band as a kid, as a high schooler, and I hated marching band and parades. So the task cannot be marching band. Because marching band and a parade sucks. You don't want one of the big drums around you? Fuck you and everything you stand for right now. Not a goddamn chance. Moving on. So the second camp was work on their haunt. That included Roberta McClellan, Greg Packard, and Sabra Pretty. And then finally were those that just did horror movies and decorations. That included Amanda Hughes, who did a Halloween-themed Christmas tree. Shane Hemsworth.

[7:34] Hemstatter, Jesus, Murphy, John. I should be able to pronounce that, but I am tripping on my own words. Did a cool photo of a Santa skeleton strapped to his car. That was really neat. Mm-hmm. Derek Milberger, Daniel Barnett, Ryan Greger, and many more of you wrote in to say this is your favorite way to celebrate. And there were several photos of Halloween, Christmas trees and things like that. So, yeah, a lot of very creative solutions there. Yeah, we also watched our share of horror holiday-themed movies. We do have two that are tradition every year. They have to be seen at some point. Yes. The first is Rare Exports, which is a Finnish film. And if you haven't seen it, definitely check it out.

[8:13] Technically three if you count Thanksgiving as a winter holiday. Oh, that's true. That's true, because we had a Thanksgiving, too. Yes. So it's Thanksgiving followed by Rare Exports, usually. Than A Christmas Horror Story, which is just an amazing horror holiday anthology with one of the greatest endings. Yeah. And also, drunk William Shatner. Yeah. Yes. That is one that you watch the credits. Yeah. Do not skip the credits. Do not skip the stingers at the end are worth it, because apparently you will note that William Shatner's character is consuming, I think it was bourbon?

[8:50] Yeah. Bourbon and his eggnog. Yeah. Bourbon eggnog. Apparently, the amount he drank was actually legit. Yes. Okay. So, he started out with eggnog to mix it with. Yeah. I don't think that... That didn't stick around very long. Eggnog went to one side. The bourbon bottle came to the front. That's going to be a theme tonight. Yeah. But anyways, so on that note, it is an even number episode. Time to do the conference reminders. Crystal. We need to ask a question this week. Oh, God. Oh, I got off rhythm. Yes, do ask them. Okay, so our question this week is, because it is New Year's, do you make New Year's resolutions? And if you do, what's your haunt-related one for 2025?

[9:35] I'm not big on New Year's resolutions. No. I mean, the only thing I can say is that I hope we do a better job than we did last year of getting stuff done. Yeah. That's all. We're not going to get much done. It's not really a resolution. We're not going to get much done this weekend. No. Because you've got a trip. Yeah. But next weekend, especially with the cold weather, it's supposed to be coming. Yeah, it's supposed to be in the 20s and 30s. We might have a really good opportunity here. Yeah. All right. Now, can we do conference? I can ask conference reminder.

[10:05] Yeah. Go ahead, then. Okay.

[10:08] January 13th. That's not very far away. Nope. It is Halloween and Party Expo in Los Angeles. Vegas nevada at the world market center hundreds of vendors must have qualified business it is not open to the public halloweenpartyexpo.com for more info and coming up february 27th through march 2nd in st louis missouri it's trans world halloween and attraction show at the america centers i don't have to give you the details on this you probably know them already dude though if you go spend a little time at the Christmas show. It actually was really nice and really interesting, too. And one ticket gets you access to everything. Learn more at the Ha Show. H-A-A-S-H-O-W dot com. And if it's as cold as it was when we were there, the Christmas show has the hot chocolate. Damn right. And they also had the good corn doll. The giant corn doll. Yeah. So, anyway, April 4th and... Go to the Transworld. The food is good.

[11:08] I don't know that that's...

[11:13] The organizers are trans, we're going, Jesus Christ, these assholes. Check out the dark room. Yes. That was cool. That was genuinely cool. All right. Moving on. All right. In April, we've got April's ghouls. April 4th through the 6th, Athens, Georgia. So it's going to be at Southern Brewing, Haunted Trail, Bands, Vendors, and more.

[11:36] HauntFest.net for more info. And finally, it's the East Coast Haunters Convention, April 24th through the 27th at the Oaks, Pennsylvania, at the Greater Philadelphia Expos. See, it's not just one person's name. It's everything longer than five letters. Yeah, we're both tripping over ourselves today.

[11:56] But yes, indeed, you can learn more about that at EastCoastHauntersConvention.com. That's a long fucking domain. But yes, indeed, you can check out more information there so that's what's upcoming in haunted attraction related conferences so now it's story time yes it is story time with sober jonathan at least for the moment yes but okay so this happened about two years ago yeah because we were still going to this bar and the yarn store just opened yeah and it was about this time of year too it was because we just celebrated our anniversary yes actually it was our anniversary celebration day yes so we went to a bar that's near ellie's yarn store to kind of end the night and just we were killing time there so ellie could take us home after the store closed because we've been both drinking for quite some time here yeah and we should explain that that the tradition at that time it's not anymore was to do day drinking in the French Quarter and be tourist for a little bit, because it's part of the reason we live here. What's the point of living in New Orleans if you can't play tourist once in a while? Yeah, exactly. And we gave ourselves permission to do it on our anniversary. We didn't do it this year. Anniversary is December 28th. We decided not to do it this year, just neither of us felt like it.

[13:17] Honestly, it's been kind of a blah holiday season in general, and recent events haven't helped that. No. But anyway, so we ended the night at the bar nearest. By the way, everything was done completely safe. Uber lifts everywhere. Yeah. I think the Uber bill was higher than our bar tab by the time it was done. Probably. So anyways, we ended up at this bar, and we were hanging out, and the Pelicans were playing. I can't remember if it was the Pelicans playing to go into the playoffs or if it was the early playoffs. I think it was a playoff. It was definitely a playoff game. But they were not doing well. Yeah, and I didn't remember it as the Pelicans. I remembered it as some kind of sports ball. It was a sports event. I thought it was the Pelicans. But then again, I'm literally an unreliable narrator here. Yes. I could be unintentionally lying. We both are. Yes.

[14:06] And basically, I was paying no attention. I kept trying to put music into the touch tunes, because the bar has a touch tunes. Right. But my drunk ass was using the wrong app. my drunk ass kept doing it in the YouTube app and what I was doing was I was hitting the little Chromecast button and connecting to the TV because it was the only thing that would show up and then completely crashing the TV in the middle of the Pelicans game and starting music videos that nobody else knows yeah because when I get my drink and I play music videos I pull out some obscure shit yes, and this is something that we do often in his video battles at home. Yeah. So this totally makes sense if you're not completely aware of your surroundings. Now, and needless to say, the people that were there, and it was quite a crowd. It was. It was like a big game. Were not happy about this. No. And they could not figure out for the life of them what was going on. No. And so, eventually, Ellie, who was who had joined us, figured it out and took my phone away from me. Good move. Yeah. Until the game finished.

[15:16] But, yeah, it was really frustrating. But here's the thing. While I did something really stupid, I was also, I don't really blame myself that much because if the bar had had an iota of precaution in this situation, it would have been prevented. Exactly. And, in fact, I did this drunk and on accident. Can you imagine what someone sober and with malicious intent could do? Yes, we have thought about taking over the TVs again because we know they did not fix the issue. Yeah. We have not done it. No. We have not abused this knowledge. No. But we absolutely could. And we want to teach you guys how to avoid similar issues. And this brings us into our first point, basically, doesn't it? Yes. Pretty smoothly. Which is Wi-Fi.

[16:06] Um haunts have a really weird relationship with wi-fi in my experience no like you need wi-fi to run a haunt a modern haunt even we do yeah even our haunt is bathed in wi-fi because it's what our security cameras operate on it's what our music operates on sometimes no um and other elements all live and breathe on our wi-fi so we need wi-fi um and it's also if your haunt's big enough and like radios aren't particularly useful especially if you're trying to communicate indoors long distances and regular walkie-talkies can't reach um you can either buy willy more powerful walkie-talkies or use the wi-fi as the communication system you know i've seen both done effectively uh but yeah it has to cover the whole haunt and you also probably do want to provide wi-fi access to your actors yes our actors would be furious if they could not play on their phones during downtime yeah whatever little downtime there is on halloween night they still want to play on their phone and so we do have a network set up for them yes uh specifically for them and giving customers access.

[17:18] To wi-fi is a thing i don't really know how i've gone back and forth on this so many times since i wrote this yeah i i appreciate it as a customer because that means if i'm sitting there in line i can look up and see you know what else is in the area to do after i'm done yeah and you can play with google i mean and to be clear most in a lot of haunts are in places where cell phone signal is naff right like the one haunt that i really really wish it had white white for us was winkler's bottom yeah yeah that one we actually had to download maps in order to get there and get out of there because there was no cell service no none at all and it wasn't just like any one company it was nobody served that area it was so rural was in the upstate louisiana it was so far outside of coverage that didn't matter if it was verizon at&t whatever you couldn't find it and exactly getting out of there a pain in the ass yeah it It was fairly close to what my parents were living in at the time, which was not enough Skype or even satellite internet. Yeah. It was interesting. And if they had Wi-Fi, it would have enabled us to pull up our map before we left the parking lot. Yeah.

[18:37] Luckily, they had good road signs, and we just kind of went over reverse. Yeah, exactly. We just reversed them. And it did work. We got back to civilization without any mis-turns or any problems. I can't say it was a terrible experience, but I really would have felt a lot more confident with an actual map in my hand. Yeah. And like I said, I think it was three or four turns we had to make before we got enough signal to even get like Google or Apple Maps working.

[19:04] So, yeah. And the other thing is if you're offering like an AR or other inline experience that relies upon data in people's phones, you really do need to offer Wi-Fi. Because even if you have good cell signal, get enough people there, that cell signal ain't going to be worth shit. Right. And so you're going to need, Wi-Fi can handle a lot more traffic and a lot more data than cell signal can in a tight space like that. Yeah, and that's one of those things that that's just helpful everywhere because I know that, like, there's the bar and the point. And if you've been to the point to New Orleans and met us at Crown & Anchor, you'll know that they do have a guest Wi-Fi. But as soon as there's more than 20 people in the area for any event, that's out the window. Yeah, it's frustrating. Yeah, I'm just saying that people do overwhelm even. Oh, yeah, Wi-Fi's going to be overwhelmed. Now, this is why you need to get something consumer-grade. I'm very sure, knowing Neil and Crown and Hank, they probably do not have a consumer-grade Wi-Fi unit in that bar. They're like, look, we have it. Just deal with it. You get what you get, you fuckers. Well, yeah, and you have to use it because everything else is down. Yeah, once you're inside the building especially. Well, inside the building, but even outside, all of the cell networks will become overwhelmed in times of Mardi Gras. Well, and even if they don't become overwhelmed, you're at the tip of the point. And since there ain't a Wi-Fi tower in the middle of the Mississippi River.

[20:33] I mean, a cell tower in the middle of the Mississippi River, you're not going to get a particularly good... They should just turn it into the bridge. They should just put it on the bridge. Put cell towers up there. You know, that is not the dumbest thing. I have wondered why, because that bridge is really high up. It is. I have wondered why there aren't any... I'm guessing there's a reason for it, and I don't know it. Aesthetics. I don't think it's just... Okay, look, you've seen the tree near the Home Depot, the quote-unquote tree.

[21:00] Because I've got to get a photo of this next time I'm out there. But there's a little wooded patch here at Home Depot closest to us. And all the trees are like 40 or 50 feet tall. Yeah. And standing above all of them is a cell phone tower wrapped in a tree that's 120 feet tall. It's hilarious. It's like, I'm a tree! I'm a tree! Well, the bad thing is that we didn't even realize it for a long time. Because your brain just fills it in as a tree. Until you notice it and then you can't unsee it. And the thing is, if it had been just a cell tower, I probably never would have seen it because those fuckers are everywhere. Yeah. They don't draw attention to themselves anymore. But no, they had to make it a fucking tree, and now there's just this one giant pink tree in it amongst the others. Okay, if I were not afraid of heights and would climb it, I would totally put googly eyes on the top of that thing. They'd get a monster tree. You'd get little fangs. Yeah. Or just paint them on or get the giant ones and stick them up there. Well, now we know what we have to do, what our dying act has to be.

[22:00] But yes, what the fuck were we talking about? But yeah, if you're offering digital experiences, you need to have Wi-Fi for the customers. Now, the mistake the aforementioned bar made was simple. They ran their TVs, in fact, they ran everything at that bar, I find out later, on the same Wi-Fi that guests use. Yes. And we have learned since then, like within the past couple of weeks, that the bar we frequent most frequently now does the same damn thing. Yeah. So here's your first tip for digital security. Segregate your fucking Wi-Fi people. Otherwise, drunk Jonathan's going to play obscure Bonnie Tyler songs on all your fucking TVs.

[22:48] Wish I were making that one up. but no okay there i would recommend at least three tiers if you're going to go all in the first is your core wi-fi this is your haunt communications all of your equipment your security cameras anything that needs an internet connection to run the haunt it's yours and it is literally just for equipment maybe top level management can use it too but no one else yeah, honestly you know how much this needs to be connected to the internet is kind of dubious but it needs a strong password and a nondescript name. Yes, and I think that we should define what a strong password is because some people still don't know. Don't put the name of the haunt as the password. Or the ID on this one either. Make it something, you know, discrept like, you know, like our Wi-Fi at home, and I'm giving the ghost away here, but a lot of you have already seen it, is Caboose. Yeah. Now, we named it after the Red vs. Blue character. By the way, rest in peace, Rooster Teeth. Yeah.

[23:51] Don't take him from us too soon but, It's been a great name because it's very nondescript. Yeah. It doesn't say anything about whose Wi-Fi it is, what it's used for. It's just Caboose, and you connect to it. And we have a really strong password that has lots of capitals, lots of symbols, lots of lower cases, and other weird stuff in it. And it's more than a character slot. Yeah. So get a really strong password with a nondescript name for your core haunt functions. Then get the Wi-Fi for your staff as one tier below that. Friendly name, haunt actors, Wi-Fi, whatever. Give it a password. Make it password protected, but make it easy to access and remember. Put it up in the actor area or whatever. And basically, make sure that no LAN connections take place on it. It's just for getting to the Internet. This is, like I said, this is a good use for your, quote unquote, guest mode on your Wi-Fi system. No. Because this can be a really good way to segregate it. And if you're going to have Wi-Fi for customers, I actually recommend getting a completely separate Wi-Fi system.

[24:59] That makes a lot of sense, because then there's no way to get into that. Complete gap between the two. Yeah, into that core system there. Yeah, exactly. Open Wi-Fi, separate physical system, clear name, probably not going to use a password on it at all. But a lot of Wi-Fi systems, especially commercial ones, will let you put on, like, hey, you agree to our terms and all that stuff. That's fine. But it's nothing but a connection to the Internet, and it gets low priority when it comes to bandwidth. With um basically separate these three things out because you do not want your cut your actors much less your customers on your core wi-fi right that is just dumb and the thing is like what i described at that bar people can fuck it up by accident what happens when all the tvs and the queue line that you're using to display the rules or all the led displays that connect to the internet are suddenly displaying obscure 80s music videos. Or something worse like porn. Yeah, or something worse like porn. And as we found out, our projector also has Chromecast ability. Yeah, exactly.

[26:07] So if you're using TVs for your rules and things, and I know that lots of you do that, or for your promotional videos. Or if you're using just projectors in the Haunt for effects. Exactly. Make sure that nobody can connect to those. And also, if you're not using that feature, disable it.

[26:26] Yeah. I mean, just trust me, it will make your life so much easier in the long run. And the thing is, if you've seen those photos of, like, road signs that have been hacked, this is one of the ways it happens. They're super easy to connect to and manipulate because there's very limited security. They didn't imagine anyone would ever want to hack a road sign. Oh, imagine that. All right. Area 2. All right. I probably should have taken Area 1. Yeah, realistically. But, okay. Good. No, it's cool. Yeah. Data. Not the guy from Star Trek. No. Although that is a very fun character data data.

[27:06] Whichever pronunciation you prefer I'm going to sing the data song now, anyway, don't ever handle, handle or store yeah handle or store data that you don't have to there you go, basic shit but it's important yeah it is really basic Like, if you don't have to keep that data on your customers, don't do it. Every item of data, every scrap of information you have on your systems in particular can become a bigger threat to whoever that data belongs to if it gets stolen. Yes, and if it gets stolen and they know it was stolen at your place, they're going to be pissed. And that could even lead to lawsuits. Now, obviously, the first thing to concern about is consumer data. Right. Because basically what you should be doing is using a proper credit card processor. I'm not going to tell you which one. There are 8 million out there. But you, as in the haunt owner, should never have access to the credit card info. Right.

[28:17] Not directly, especially. No. So, yeah, never store credit card info on your system's, Because if you get hacked and that information gets leaked, guess who could be found liable for it legally? Hmm. Hmm. I wonder. You've stroked my beard here. Hang on. You know? Yeah. So, yeah. But other low-priority information, just names and email addresses, should be stored ideally with providers that you partner with that have security measures in place. Like use MailChimp or something to send out email or something like that. Um but yeah these are lower value targets and aren't nearly as serious as like banking or credit card information but yeah be mindful with those ideally you should not have on your physical computers any data from your customers at the end of the day no they should all be in places that have proper security and i'm sorry the server that dave set up in your back room ain't going to have the proper security problem. It's on the open Wi-Fi because you're going to lock it down.

[29:23] But then there's the kicker, employee data. Yeah. Now, if only we had an expert in HR policy that could explain to us the proper procedures. Oh, we don't have one, though. No. Well, and so I'm going to preface this with that this is from when I was in HR, not necessarily what it is now. Okay. But keep all personnel files, if you have to keep paper ones, if you're a retention policy and you have to have a retention policy, people, if you have paper files, keep them in a locked filing cabinet.

[30:04] And, yes, those locks are shit, but it's important. Yeah, it's at least something that shows that you tried. And now, because this actually came out in a slander case, there's a difference legally between a drawer that you can just open and look at and a drawer that they have to do something, even if that something is just jimmying the lock. Yeah. There's a legal difference there. Now, when I was in HR, we still had the I-9 forms, and I think that you still have to fill those out, but they also do a check online. So the thing with I-9 forms is you don't have to keep the physical copy, A. If you have a scan of it, you can keep that only. You're not required to keep the paper copy. You're also not required to keep the copies of the ID that you look at.

[30:58] And it's very you know i don't know why people do that because it's very easy to say oh there are employee files there oh there's copies of all of these social security numbers and shit let's just take those pages they'll never know because there's other paper in there you know so you don't have to keep it yeah and and while you were saying earlier about the retention policy may be the most important thing especially if your haunt has been around a while yeah because you you tell the story yeah well basically the company that i i worked as head of hr for um had a retention policy of five years and had just made the transition to digital only files yeah that transition wasn't super anyway you give them too much credit but okay they were working on going digital and then they forgot and made me make paper copies. That's more accurate. Yes. It was anyway.

[32:02] The retention policy was five years after the employee left perfectly fine but they never got rid of their files so whenever they come in and they asked me because we had an attorney who called and said hey i need the files for this employee i know he was there a while ago could Could you see if you still have anything? Like, well, I have a subpoena. I have to follow these rules. Got the, told the boss about it. Got the permission. Looked in the files. He hadn't been there in 25 fucking years. But they still had the paperwork. Yeah. They should have been shredded 20 years ago.

[32:50] Man. You know, you tell me that story and my heart sinks. This is not the first time I've heard it, obviously. No. And I always go, because, okay, this was a subpoena, there was some kind of court case going on, whatever, that's one thing. But imagine now if someone had found a way to gain access to those files, or if they had been disposed of improperly, or if something had happened. Now, everybody you've got an I-9 on going back a quarter of a fucking century just had their SSN leaked. Yeah. And other very important information. So, yeah, have a retention policy and fucking follow it. Yeah, it is much safer to get rid of paperwork you don't need than to keep it. Yeah. Well, this goes back to the whole do not keep data you do not need. Exactly. Points right back to the top. And if you are going paperless, make sure that you have that in two places because you have to keep your retention policy. So you want to make sure that you have a backup that's a physical backup somewhere on like a hard disk that's in that locked cabinet, preferably a locked fire cabinet for this particular thing. The paper, you know, who cares? It'll burn up. But the other one you may not want.

[34:13] Yeah. And, you know, make sure it's on a secured server C above. Yeah. Basically, this all goes right back to don't keep any data. You don't have to. Yeah. And what you do keep, lock

[34:26] it up, secure it, both physically and electronically, the best you can. Yeah. It's really that simple. Which brings us to our third item, your accounts. This includes social media, which is one of the more big ones lately. Yeah.

[34:40] We're going to get into that. Uh-huh. But it also includes banking, any management services, like if you use services to schedule people and things like that, those types of schools. And also services like we talked about, Canva, messaging apps, things like that that you use to run a HOD. And there are a ton of these. First rule, every fucking account gets a different password. Yes. Now, look, you're going to say, I can't remember all those passwords. No shit, Sherlock, I can't either. That's why I use a password manager. Now, I don't really give a shit which one. You know, you've got like one password, you've got iCloud keychain, you've got Bitwarden, you've got LastPass, you've got all these. And this is different from the passwords that are saved in browsers. Oh, God, yes. don't save that never okay if you take anything from this make it do not save your passwords to your browser yeah boom yes i know it's convenient oh it's so convenient it fills it in and you just push the button and it's there now i do use the password manager in my browser to save my address and other phone number and all that yeah so i can auto fill forms yeah that's fine that's all public data pretty much anyway but your passwords fuck off exactly it's got to be in a password manager that itself is password protected, ideally two-factor protected, which brings us to the second rule.

[36:06] Use two-factor authentication whenever and wherever you can. And I'm not going to be one of those people who never use text messages. Those are unsecured. They are of limited security, but it's still better than nothing. If the place only offers text messages, grumble and then just accept it. It's still better than nothing. yeah um but use an authentication app um i personally use nte and the reason for that is simply because it has some neat features like letting me see the next numbers coming up so i don't have to sit and wait for the old one to expire to start entering yeah it has some neat features but it doesn't matter what you use there's microsoft authenticator google authenticator duo whatever you also have the option for your two-factor of using biometrics so-called pass keys um if you have a laptop with a touch id or a face id a fingerprint reader stuff like that you can use those as your second factor um i know google is pushing its users in that direction that's fine too because the goal is something you know the password plus something you have.

[37:10] Physically which if in the case of an authenticator is your phone but in the case of a pass key is your fingerprint your face scan whatever but i burn all my fingerprints off yeah uh sorry one word of warning is if you do two-factor be sure to keep your backup keys safe i recommend storing those somewhere carefully yeah um and the third rule i would give for your accounts is and this is one i fucked up and this is definitely a do as i say not as i do a moment if i had everything to do over again, I would change this, but now it's just too much, is do not have a public-facing email be your sign-up for these accounts.

[37:53] For most accounts if you can because you do not because so if you sign up for a service have an email that's dedicated to signing up for services for even for potentially for each individual services you can use them to forward into one place um but the main thing is is don't have it so that the email address everybody already knows is your login right so the email address that people send invoices to should be different than the email address that you use to sign up for services and the email it should be different from the email address people used to write you about information for your haunted house right it should be different from the one you give out to the press when you're doing press releases yeah and you should have a separate invoice one that is private and not publicly known yes because then it's harder for people to send you those invoice scams we were talking about last time. Yes, absolutely. So that's when I fucked up. My public email is my email in a lot of logins. That's because I set a lot of this shit up 20 years ago. I didn't know better then. I know better now. If my online presence got totally nuked tomorrow, this is one of the first things I would change.

[39:06] Item four physical security yeah this is a fun one this includes your laptops your cell phones your other devices and the data and information on them um enable the find my or similar device if it's available if you can't pretty much every android or iphone has some kind of service like those um so absolutely enable that yeah and laptops get more dubious but like i know macbooks come with find my i don't know as much about windows laptops yeah but yeah sorry yeah if you, can't do that tether an air tag to it or a tile or similar device we actually got some extras to put on our tools because we're always misplacing them and now we can just make them beep yeah Yeah, honestly, we've become kind of AirTag junkies around here. Well, I want to get extra ones and throw them in the trunks of the car so that if they're ever stolen, we can just go find it. Yeah, or you don't even have to necessarily throw it in the trunk of the car. You can just slide it under a seat or something, too. Yeah, exactly. Or put it in some place that isn't likely to be found.

[40:15] Because it's absolutely amazing how well these things work. And I do think AirTags are better than Tile, simply because there are more iPhones out there than there are Tile customers. And we have used both and we've used both. The thing that was really good about tile was the size and how easy they were to just Stick on things. Air tags have a lot more bulk and heft to them But like I said something like a car we got these special.

[40:43] Like metal cables with yeah to hold them to the tools You just open up the little container and put the air tag in and then cinch it around the handle of the tool Bish bash bash, you'll never lose it again. It's great. It's so great. I'm like, why didn't we do this when AirTags first came out? I know. Well, at that point, they were still fairly expensive. But then we lost a whole freaking saw for like a year and a half. We didn't find it, though. A year. Yeah, it was a year. And I know it was a year because it was underneath all the bodies that I'd taken down from the Halloween before and had not cleaned out until this year. Yeah, so we did find it. But you're absolutely right. So, yeah, basically, make sure that you can track the physical location of all the stuff that you have, your physical devices. And the other step to make sure is that you have some kind of kill switch on them. Yeah. Once again, Apple Find My has the ability to erase laptops and cell phones. I'm sure Android has something similar. I've never used it. This is just basically trivial security now. And the other step is to make sure that those hard drives are encrypted. Now, most are now. I remember back in ye olden times, encrypting your hard drive meant you were taking a huge performance hit, and you only did it if it was really, truly necessary. Now, fuck that shit. Encrypt your hard drives. Yeah. Make sure they're encrypted.

[42:10] You have no reason to have unencrypted data anywhere, basically. Mm-hmm. So, yeah, just think about what happens if these physical devices are stolen and make preparations to either recover them or at the very least neutralize the data on them.

[42:28] Makes sense, right? It does. And the fifth and final area we're looking at is your brand. Because this is everything about your haunt. And Crystal knows where this is going. Oh, and real fast, when we're talking about two-factor, I forgot to tell a story. Okay. We have a Venmo account that is tied to Bernie Baxter. Yes. Now i set up that venmo account like eons ago and never used it and just moved it to a pretty baxter one i don't even remember what password i used on it when i originally set it up but apparently it wasn't a very fucking good one because someone got into the venmo account now here's the thing i had two factor i was alerted to it when i got the request for the two factor a little email from venmo saying someone's trying to access your account is this huge i think and But since Two Factor was on, they never got in. Yeah. I just changed the password to something that was not stupid. And the problem hasn't happened since. But yeah, think about that. Think about how bad that could have been for us if someone had gotten to that Venmo account. And that would have given them full access to our credit cards, our bank accounts. Yeah. Theoretically, everything. Yeah.

[43:45] Two Factor saved our ass is what I'm saying. And it can save yours, too. Exactly. And if you're a professional haunt, you should have your account separate from your personal Yeah, obviously we're home haunt. This is why things get... Exactly. But then again, you know, you're going to have company credit cards and company bank accounts. You still could have been hosed. Oh yeah. No, you definitely could.

[44:03] Like two factor is the way to go.

[44:06] I'm not saying don't do that. No, no, no. Absolutely do two-factor. It's one of the best things you can do for your security. And it pisses me off that even today so few people do it. Now, do you think that people should change their passwords often? Or how often should they change? I'm not a believer in changing passwords after a random amount of time, especially if you've got good passwords that you don't even know, like with the password. Yeah. Now, you might want to change the password to your password manager every so often. But honestly, the best defense is having a unique password for every service you use and having two-factor. Yeah. Because I honestly, there's a lot of cases where I think changing your password too often creates new security issues. Because now people can't remember them or they get lost. I can't count the number of times I've changed a password in something only to have my password manager fuck up saving it. Yes. And then I can't get into it. They've got to reset the fucking thing again. Exactly. And then you make sure that it gets into the password. And then you copy and paste it. You put it on the fucking clipboard. Yep. And I got a clipboard manager so I can watch it be in the fucking clipboard and make sure it's there. That way I can dump it into my password manager by hand if I have to. And that has come up a few times. But, yeah, basically, yeah.

[45:24] I don't think there's much benefit to changing your password every month, six months, year, whatever, especially if you've already got hardcore passwords that you don't know and haven't been leaked. I think it'd be more important to look at sites like, have I been pwned? Yeah. And see if your passwords have been compromised.

[45:44] If they haven't, then absolutely change them. But if they haven't been compromised, you're probably fine. And I don't really think there's much merit in changing them every so often. Just creating a lot of extra work for you. And it actually pushes some people to use shittier passwords so they can remember them. Yeah. So, yeah, just do them right the first time, basically.

[46:09] All right. But moving on to our fifth one now, the brand. This is everything that represents your haunt. And so much of this is digital these days. Yeah. Outside, think about it. Outside of your physical ads you run in, like, newspapers and magazines or billboards or whatnot, your brand is purely digital. Everything that's not at your location and not in physical media that's your digital brand. I have a feeling that's going to make up an overwhelming majority of it. And it too can be. Hijack. First, see all the above shit we talked about for protecting your social media accounts. Seriously, there's a local business bar slash wine house.

[46:56] Oh, we're getting into the places that we know that have had their hijacked, their accounts hijacked. Yeah. So, yeah. We know a place that had their... We know three places. Really? I thought we only knew one. No, we know three places at least because we have the Winehouse, which somebody hacked their accounts and... By sending one of those fake copyright notices, no less. Yep. Yes. Don't click on those. Those aren't real.

[47:27] If in doubt, ask me. Yeah. I'm not a lawyer, but I can go, no, that's a fucking scam, dude. And because they were running ads on social media, they had their bank account or credit card, whatever they were using to pay for those ads, saved in that social media account. So when they were hijacked, the people were able to go in and steal $15,000. Jesus, I knew they'd gotten hijacked, but I didn't realize it was a 15K loss. Yes, and they lost their social media presence because there was no way to get it back. Like, Facebook especially is really bad about handing accounts back over. All of them are bad. Facebook X. I don't know. I think Blue Sky is a little too young to know. LinkedIn. They're all terrible at it, though. Yeah, and then there's the lady who runs a local craft chat. Oh, I do. Okay. I do remember this one. So, she had her bank account tied to her. She's in children's books. She publishes children's books. She is a publisher. She had her bank account drained of $26,000. And since there was children in her publishing title name, all of her social media accounts were now covered in child pornography.

[48:56] You know, I'm really glad this is not a monetized podcast, and I don't have to say PDF files to cover their account. We can just say fucking child pornography. Yeah. And one of the reasons they do that, for the record, is not just because children were involved, but because it ensures that the account will get permanently deleted, also removing evidence of what they did.

[49:21] Yeah. It also shockingly helps them cover their tracks. You would think it'd make things worse but it often doesn't yeah and then we know we have a friend who her business was her personal account her personal account got hacked she didn't have money stolen but it actually made it to where she had to um create a business page that was a whole brand new brand for her she had to change her branding completely yeah so yeah step one follow the instructions above be secure about these things but also don't also make sure that you register your domain name for your haunt yeah and if you can register any significant or common misspellings of it because what scammers will do is what's called typo squatting where they'll build a site that looks a lot like yours smells a lot like yours and is maybe just one letter off from yours and that way get people to give information this is especially important if you sell tickets online because scammers will do things like this to try to get money from your.

[50:26] Potential customers and it will create havoc on your end because people will show up thinking they bought tickets when they fucking hadn't yep and if you've ever heard your name miss said um not also misspelled but like so with whenever we open helped ellie open yarn nola uh people kept going, NOLA YARN, right? NOLA YARN. It's not Yarnola. It's NOLA YARN. Well, no. Thank you for letting us know that we've got to grab that domain. Yeah, exactly. Now we have both. We have all iterations of it. Yeah, exactly. So, buy any domains you can. This will help reduce that. The further away from your domain you can push the scammers, the better. You can't necessarily stop them all.

[51:16] And I used Yarnola because that was easier than plagiarism today because you have so many freaking iterations of that word i have got there's i don't think there's a misspelling of the word plagiarism i don't know the domain of right now yeah i don't have legit like 10 domains and that is dot com dot co dot net dot us dot io is a big one these days.

[51:41] With your social media accounts, do consider getting verification on the X. It's a fucking joke right now. So maybe that one isn't doing good. But Facebook verification can mean something and can help. Because they'll be looking for that checkmark. And it still means something on Facebook and Instagram, at the very least. So if you can get verified, do that. Blue Sky, I think, has one of the best ways to handle verification. Because it doesn't cost money. You have to edit DNS records or upload a file to your website. And then you can just use your website name. Like, I'm not plagiarismtoday.bluesky, whatever. I'm at plagiarismtoday.com.

[52:20] That's really fucking me. And you know it's fucking me because it's there. Yeah. Yeah, so getting verification. And Mastodon has their own variation of how to do this verification. But verifying your accounts when it's reasonable, when you can, is also a big help. I think that's about it for now. Obviously, this isn't like the most thorough covering of digital security from launch, but I hope something in this helped because... This is like the low-hanging fruit here. Yeah. And honestly, there's an old adage that you don't have to outrun the bear. You just have to outrun the person next to you. Yep. This will help you outrun the person next to you because, in fact, I'm going to play a game. We're going to go to my site right now, my WordPress backend. We're going to go into it right now. And we're going to see how many people today have tried to access it without permission.

[53:11] Actually, I can't ask you because the list doesn't go back far enough. Oh. Wow. That's over 30 today. Let's see. How much more? Okay. It's basically a shit ton of people have tried to do it. And the thing is, they're just simply trying to log in. And they're trying common names and passwords. And if they don't work, they're going to move on. So that's me not outrunning the bear, but outrunning the idiot next to me. Yeah. Don't have your login as admin. Yeah. Especially on WordPress. Yeah. Another simple trick. Yeah. Anyways, hopefully this helps you outrun the person next to you. That's my hope. On that note, everyone, thank you very much for spending the past hour with us. Hope something in this was useful. Please check out more at Haunt Weekly Content at hauntweekly.com. Haunt Weekly on X slash Twitter. Haunt Weekly on Facebook and YouTube.com slash Haunt Weekly. Get us wherever you get your podcasts from. We're pretty much everywhere. Until next time, I'm Jonathan. I'm Crystal. And we'll see you all next week.