I bought my dad an Amazon Alexa device for his birthday. He surprised me when he asked, “Aren’t these smart devices the kind of thing that brought the Internet down last week?” Now that cyber criminals are targeting connected household items, people that weren’t necessarily aware of the importance of cyber security are taking more notice. Per @samthielman in his article “Can we secure the internet of things in time to prevent another cyber-attack?” the attacks appear to have been caused by hijacked DVRs and Web enabled cameras that did not have the default passwords changed.
This attack has been widely covered by the media and is bringing cyber security to the attention of a much broader audience. A great way to make “lemonade” out of the “cyber-attack lemons” is to use this situation to further reinforce to your end users the importance of being cyber vigilant at both home and work. Cyber security requires end users to incorporate vigilance into every aspect of their life; from access of work systems to their smart fitness watch.
When my father asked that question it opened a great opportunity for me to provide him with some advice and guidance on how to make sure that he protects himself as much as possible. In the business world, this could translate into a training opportunity or, as I’ve mentioned in past blogs, incorporating a security moment into meetings. By using real-life cyber-attacks as training examples, you will be more effective in educating and preparing your end users. So, what advice did I give my dad? Well, what I told him applies to anything that connects to the Internet, from your laptop to your Alexa.
- Make Sure Your Password is Secure: There are two key elements to this; password creation and password security. We should all know by now that you should not use a password that is easy to guess (like your daughter’s name). I explained to my dad that one way he could create a secure password that he could remember is to create a phrase for each device and replace some of the letters with symbols. For example, and don’t use this one, the phrase, “Alexa is my friend.” could turn into a unique password like “@l3x@1smyFr13nd!”. The other issue is password security. If you type that password into a Word DOC or write it down on a post-it, it is no longer secure. If you have a hard time remembering your passwords there are password manager applications that you can purchase and use to safe-keep your passwords. This article in PC Magazine rates the top password managers of 2016.
- Use Different Passwords for Each Device and Account: I know, it is hard enough to remember the passwords that you already have, let alone the thought of trying to remember a unique password for every single device and account that you have on the Internet. The fact is, no matter how secure your password is, you have no control over the companies that hold your data. I mentioned the Yahoo! breach earlier but there are breaches almost every single day. Just check out the site com which publishes lists of all reported cyber-attacks. If you have a unique password for each device and site, you are in much better shape should one of the companies or devices that you use get hacked. Consider using a password manager if the thought of trying to remember on your own is too daunting.
- Never Leave a Password at the Factory Default Setting: The easiest way to hack a system is to try the factory default passwords. The very first thing you should do when setting up a new device is to reset the default password to one that is secure and that is unique to that device.
- Always Update Your Devices: Cybercriminals are always working to find holes that can be exploited. Corporations do their best to keep up with these issues through the release of software updates. If you don’t have the latest software (also called firmware for devices) you may be vulnerable to the latest exploits. Even before buying you can do research into how the manufacturer handles security. Contact the manufacturer and ask them about how they handle security and device updates.
- Only Connect Your Devices to Known, Secure Networks: Do not connect your home security cameras to your neighbors open wi-fi. That is kind of obvious, but you also need to make sure that your network is secure. Make sure to secure your router by turning on WPA2 and selecting a secure password. You should also make sure that your router is always updated with the latest firmware.
- When a Breach Happens – Discard That Password: In September Yahoo! Had a massive breach potentially affecting over five million users. As soon as you hear about a breach, immediately change your password and if you use that password for any other sites, get rid of it. (See the second bullet above!)
I am glad that I could discuss cyber security best practices with my dad. I think that if we look at this as an opportunity to further educate and reinforce cyber security vigilance with our end users we can help reinforce positive behavioral change!