In line with Cybersecurity Awareness Month we’re going to look at a few topics, with a focus on Internet of Things devices. In fact, that’s the theme this year. Protecting devices. Not just IoT devices, of course. We have laptops, desktops, phones, tablets, smart appliances, and TV’s that run Android under the hood, and a host of other kit that’s internet enabled. They are all connected and, thus, need to be protected.
Taking responsibility for our own cybersecurity starts at home. While these days many of us are working from home, our company’s IT department can’t take responsibility for the security in our home office. It’s not practical and, in all honesty, do you want Carol from IT poking around your home network? No. Home network security is our own responsibility, as it is for all the connected devices that live in our home environment.
For “computing” assets, it’s pretty straightforward. And by computing assets I’m talking about any devices we use and interact with as if they are a computer. That includes the obvious connected devices like laptops, desktops, tablets, and smart phones we use every day to do work, play games, answer email, and watch cat videos. These are all computers. The only real difference is the form factor and user interface. But it also means they can be targeted and used by malicious actors to do bad things – inside our home environment.
We may slack a little on locking our screens and doing multi-factor authentication when we’re at home using our home equipment, and that’s understandable. But that doesn’t mean we shouldn’t use good password hygiene and not reuse the same passwords for everything in the house. We also need to make sure we have all the basic defenses in place. Even if anti-virus and anti-malware software won’t stop everything, they’re better than nothing and can blunt a lot of common attacks.
The best defense against malware attack is to use all the Commonsense Security practices we’ve been talking about for years. Don’t go to suspicious websites. Don’t open random email attachments. Don’t download random files or install random programs just because they look cool or you saw a popup advertisement for it.
Teach The Children Well
At home, we need to keep our kids in that loop too. That’s even more important now, with so many of us working at home and our kids doing school remotely. While the schools are still trying to figure out how to deliver classes at all, doing it securely is still a challenge. Though the fact that they are pulling it off is a tribute to our teachers. School aside, children are an easy target for Social Engineering schemes and a broad range of related attacks. When it was just Junior’s Chromebook, it was more of an annoyance than a serious threat. But now, that infected device may be the springboard an attacker uses to infect your work laptop, and from there, springboard into your organization’s work environment.
Bottom line: best practices apply to all your computing devices, no matter the platform.
Something a lot of people neglect is their network edge. In the office that’s probably a chunky router or three and the matching firewall. At home, that’s more likely to be a cable modem, DSL box, Satellite link, or even an LTE connection. None of them are going to have the same level of built-in security features that comes with a commercial router. But that doesn’t mean you don’t need to keep an eye on them.
Patch, and Patch Again
When was the last time you checked for firmware updates or security patches for your device? I know some people will answer “Tuesday,” but most will have an answer somewhere between “June 2018” and “we can do that?” While some of these connected devices are black boxes managed by your ISP, you can still do your part to make sure they are up to date, secured, and configured so they’re not wide open to attack.
The same applies to your WiFi Access Point. While a lot of cable modems and DSL routers come with a built in WiFi capability, a lot of us use separate AP’s that give us better coverage, more capability, and more customization than the ISP provided kit. But if we drop it on the network, it’s our responsibility to keep it secure. Up to date firmware? Good password? Unneeded services turned off?
Not Too Small to Matter
The part that most people ignore is the “little” connected devices in their environment. Some of which aren’t actually so little. Smart TV’s and Smart Appliances often have far more computing power than people realize. That smart fridge that can keep track of when you last bought broccoli and can show you recipes while you cook? It’s basically an Android tablet permanently mounted to the refrigerator door. Which means they can suffer from the same vulnerabilities and potential attacks your actual tablet faces. So, the same applies here. Keep them patched. Keep them secure. Likewise, the Smart TV and, probably, a couple of other connected devices in your entertainment stack all need to be kept as up to date as possible.
The challenge with some of these connected devices, which is a challenge that extends into other smart appliances (why do my dishwasher and range hood have WiFi? Seriously.), is that a lot of them don’t get firmware updates or security patches. While a name-brand smart light switch or thermostat may have that kind of support, chances are those cheap off-brand connected devices will never see a firmware update during their useful lives. However, it falls on you to remember to check for firmware updates and make sure they’re up to date.
Even when you can’t do anything to update those little IoT devices, you can configure your environment so they can’t do much if they do get compromised. And, of course, all that account hygiene we talked about before applies to the Cloud accounts you’re probably using to manage all those smart lights and other IoT devices scattered around your home.
So, there you have it. It’s up to all of us to keep our home environments secure, and keep our connected devices protected. It may take a little work, but it needs to be done.