Avatar

On or Off the Clock, Staying Cyber Secure is a New Fact of Life

 Cybersecurity has always been a major concern for workplace networks. But, increasingly, it is top of mind for home networks as well. Take a quick guess at how many mobile devices are automatically connecting with your home Wi-Fi once in range? If you guessed two or three, guess again. If your household consist of two or more persons, that number could easily reach a dozen. Add children and, well, your calculations can quickly explode exponentially. Portable devices such as smartphones, tablets, laptops and more stationary end points like smart TVs, security systems and even appliances are the reality promised by the Internet of Things. And as you extend your home’s network fabric beyond the traditional laptop it is critical that you consider implementing a threat-centric approach at home as well as in the workplace.

While anyone can fall victim to the vast array of malware, phishing emails and other sordid schemes, you should, given commonsense precautions, feel perfectly safe and secure using the Internet. The huge gains the internet has provided to interconnect the world far outweigh the crime that has come with it. As National Cyber Security Awareness Month (October) approaches, this is the perfect time to reflect on our own personal cybersecurity. While managing cyber incident response teams for both public and private sector organizations, I have personally witnessed countless individuals having their entire digital life torn apart and pillaged. Because of this real-world experience, I consider (and suggest you do as well) that every connected device in your personal life is a potential target in the eyes of an attacker.

Hacking has become a big business and the currency it trades in is accounts and systems. Think of an old bank account you may have but no longer use. You might think it isn’t at risk or a target since there is no money it. But to hackers, it is a valuable resource, one well established and accessible. Attackers can gain control of the account and use it to transfer illegal funds – leaving you to answer a lot of unwelcome questions from authorities. In 2016 it is more important than ever for all of us to realize we must take precautionary steps to keep our online accounts, systems and presence secure. Unfortunately social media, online applications and operating systems are not going to do it for you.  So let’s take a few minutes to go over some simple steps you can take to protect your family and assets from cyberattack:

  • Secure your main email account(s): You may not have thought about it, but your email account is the key link to a variety of things in your life. For example, if someone hacks your email account they can force a password change for online retailers linked to that email (Like Amazon or iTunes). Similarly, your bank and many other systems may use your email as a way to allow for password resets. As a result, the security of your email account plays a central role in your overall internet safety. It is very important you set a strong password and enable two-factor authentication. All of the major players have ways to set this up. For example, with Gmail you can:
    • Login to your Gmail account then go-to the following URL: https://www.google.com/landing/2step/
    • Click on “Get Started” then “Start Setup.” Enter your phone number and verify it by entering the numeric code that Google sends by either text message or voice call to that number.
    • You could instead choose to use the smart phone app “Google Authenticator”, which you would register through the same wizard shown above. Either option works and will help prevent attackers from taking over your personal email (and of course your online identity!).
  • Secure your bank account(s): Similarly to email, your bank accounts are high-value targets. This is especially true with online services like EBay and PayPal, the latter of which links directly to your bank account. EBay accounts are often hijacked to fraudulently sell high-dollar items (like iPhones), leaving the account owner responsible. If you use either, it is critical that you setup two factor authentication. Also do the same with your bank accounts. This will help ensure that a simple password crack, guess or reuse will not lead to account compromise.
  • Run the most current software: Even though your personal systems and accounts are targets, it is very unlikely an attacker will spend significant resources, using an unknown or 0-day attack, to break in if your software is up to date. Why? Because the number of unpatched, older operating systems and applications is so huge that the hackers have found it much more efficient to create automated tools capable of finding and exploiting holes in them. So you can be 100% more secure than almost everyone else on the Internet by merely updating to the latest operating systems & applications. But make sure to enable automated patching and force updates if you run any software that doesn’t offer automated updates.
  • Lastly, use a password manager and set unique passwords for each site you visit. All it takes is for one site to be compromised and then hackers will use that same email/password combination in an attempt to log onto other sites. Attackers have automated that part of the hacking process, so any successful email/password combination will quickly be run on potentially thousands of random sites. I realize trying to remember multiple complex passwords is both difficult and time consuming. So I suggest checking out the latest password tools to help: 1Password and Roboform. Both can offer you and your family a high quality, automated method to securely store and track your passwords.

So remember, as the Internet of Things expands the WiFi fabric within your home, it is critical that you also consider implementing a threat-centric approach to stay cyber secure. I encourage you to take some time during October’s National Cyber Security Awareness Month to take the first steps in doing so by researching and implementing your own personal cybersecurity solutions.

 

 

 



Authors

Gavin Reid

CyberCzar/Director

Public Sector