One fact that has hit home during the coronavirus pandemic: Technology is central to our ability to stay connected.
You might stay in touch with family and friends via video chat and use online tools to do your job. You might live in a smarter home. Areas of your life that used to be divided into neat categories — online and offline, work and home — have merged.
That’s why now is a good time to boost your online security. October is National Cybersecurity Awareness Month (also known as NCSAM, pronounced N-C-SAM), which asks you to do your part to promote cyber safety. This year marks the 17th NCSAM from the U.S. Cybersecurity & Infrastructure Security Agency and the National Cyber Security Alliance.
This year’s theme: “Do Your Part. #BeCyberSmart.” It’s hashtag ready, so you might consider posting on social media to encourage your friends to join you. One message to get across: “If you connect it, protect it.”
If You Connect It, Protect It
The phrase “If You Connect It, Protect It” is a call to secure any object that’s connected to the internet. This applies to the Internet of Things — IoT, for short — everyday objects that can connect to the internet and share data with each other.
For instance, you may have a smart speaker that can tell you how to make a perfect boiled egg, a digital doorbell that lets you look at your smartphone to see who’s on your porch, or home lights you can flip on at night while you’re on vacation.
It is anticipated that more than 55 billion IoT devices will be connected to the internet by 2025, according to the technology market research firm IDC. All this connectivity opens up plenty of opportunity for cybercriminals who want to spy on you from your baby monitor, break into your home through your digital door lock or recruit your old device to carry out a cyberattack.
That’s why “If You Connect It, Protect It” is a good rule to live by. Here are a few IoT security tips for protecting your connected items:
Do an IoT survey of your home.
Start by taking a look around your house and making a list of all your IoT devices. Consider replacing old or questionable devices. For example, you may want to get rid of that novelty camera you bought to see what your dog does while you’re away. It could be vulnerable to hackers who could spy on you and your family.
When you buy a new smart device, take these steps.
- Choose a device from a reputable manufacturer.
- Make sure the device can be protected with a password you set.
- Find out what kinds of data the device will transmit and store, and whether that data will be encrypted.
- Determine how long the company will provide regular software updates for the device.
- Check to see if the manufacturer offers two-factor authentication, which typically requires you to enter your password plus a one-time passcode to log in. One example: Amazon-owned Ring, a maker of video doorbells and security cameras, recently made two-factor authentication mandatory after hackers took over cameras in U.S. homes to yell threats at residents. One hacker told a little girl he was Santa Claus and ordered her to smash items in her bedroom.
Take the secure route(r).
A Wi-Fi router offers an entry point that could allow a cybercriminal to access your IoT and home network. Setting up your router with security in mind is like putting a good lock on that door.
Here are some tips on setting up a router securely.
- Choose the right router for your needs. Make sure your router comes from a reputable company and has a firewall, which monitors and allows or blocks users trying to access your Wi-Fi network. This will help protect you against cybercriminals and nosy neighbors.
- Swap the name and password. Routers often come with standard names and default passwords that you should change immediately. Choose a name not associated with you in any way. For example, never include your last name or street address. Add a unique and strong password.
- Choose the best kind of encryption. Choose WPA2 encryption if available because it’s the most secure kind. If you have the option, also add AES (Advanced Encryption Standard) for extra security.
- Stick to an update schedule. Set up notifications for firmware updates if necessary and make sure to run regular updates on your router.
Make your accounts hard to crack.
Use unique strong passwords or passphrases on all of your IoT apps and devices, and consider using a password manager to help you keep track of your login credentials. Also enable two-factor authentication if you have IoT accounts that offer this as an option.
Just like with other apps and software, it’s important to keep your IoT devices current with the latest updates to close security loopholes that could leave you vulnerable to hackers.
Securing devices at home and work.
The pandemic brought unexpected changes, and many people are now working from home. The lines between our home and work lives and technology are less distinct than ever, so it’s key to secure your personal devices, however you use them.
Keep your system secure.
Start by protecting the accounts and personal devices you use for personal and work purposes.
- Safeguard your devices. Install security software from a reputable company on all devices, including computers, smartphones and tablets, to block malware and viruses. Security software also can help prevent spoofing attacks, in which a criminal sends you a communication disguised to look like it came from a trusted sender. If you use a personal device to conduct business activities, check with your boss or IT department to see if your company has a preferred provider of security software that works well with your company network.
- Get regular updates. Make sure to perform regular updates on your apps, software and operating systems. These updates often patch security glitches that could allow hackers to gain entry.
- Turn on multifactor authentication. Just as you want this added protection on your IoT accounts, you also should add it to your email account and any other personal or work accounts you want to secure.
Double down on data protection.
It’s important to protect both your personal and work data on personal devices. This may help keep identity thieves and other cyberthieves from getting your personal information and other sensitive data.
- Get video-chat savvy. You may be using video chat technology to meet with your team and have happy hour with your best friends. Make sure to get familiar with any security problems with video chat tools you use. Also learn the privacy rules of the tool and how to use it in the most secure way.
- Follow corporate data security rules. Make sure you’re clear on your company’s data security policies and that you follow them whenever you’re working from home.
- Call for back up. It’s important to regularly back up your data so valuable information doesn’t get lost. You can back up your personal data to a hard drive or to the cloud. Check with your company about whether and how to back up work data to make sure you’re not violating company policies designed to keep data safe.
- Shield extra sensitive information. Check with your boss and IT department about using extra protection for very private documents or other information. For example, you can add passwords and encryption for added security.
Stop phishing, vishing and smishing attacks.
In a phishing scam, a cybercriminal sends an email to get you to click on a link, provide private information, or send money.
Cybercriminals have stolen $3 billion from businesses through email phishing scams since 2016, according to a Better Business Bureau study. These crooks may try to exploit the fact that you can’t run down the hall to ask your boss a question when you’re working from home.
- Get wise to phishing. Learn about phishing scams and how they work — as well as their counterparts, vishing (which involves voice) and smishing (which involves SMS text messaging) so you don’t get tricked.
- Verify requests. A common phishing tactic: send a fake email from “the boss” asking an employee to deposit money into a new bank or send over sensitive information. Double check on any email, text or other message that asks you to take an unexpected action.
Keep your health between you and your doctor.
Another sudden change brought by COVID-19 is an increase in telehealth appointments. As you juggle home and work, you may be seeing your doctor by video chat. Here are steps you can take to avoid privacy and security issues with telemedicine.
- Quiz your doctor. Ask whether the provider saves the video of telemedicine sessions with patients. If so, ask how this data is stored and how long it will be kept.
- Don't overshare. Don’t send private information about your health or anything else via email or text. Save your sharing for the actual telemedicine appointment.
- Do a tech checkup. Find out if the video chat technology being used for the appointment uses end-to-end encryption, which mixes up the data while it’s being transmitted and greatly increases your privacy and security.
So remember to #DoYourPart, #BeCyberSmart. Connected devices may be a big part of your life, and technology advances will offer new opportunities and present new security challenges. So set a time to review your tech, get up to date, and make sure you have protection for everything you connect now and in the future.