Are your routers safe from the Russians, the Chinese, your neighbor’s kid living in the basement? It’s time to find out. It’s internet safety month and the perfect time to brush up on your cyber hygiene. Our lives, home, and work are always-connected, but are we always protected? Not so much.
Here are a few must-do cybersecurity best practices for our connected-lives:
- Avoid neighbors WiFi piggy-backing– You get what you pay for. Piggy-backing on WiFi means you have no idea what security measures your neighbors have taken, if any. Conversely, if they jump onto your network and do illicit things online, the authorities will track the activity back to your IP address and hold you responsible. Many home routers are left in default or “open” settings. Several internet providers have a default setting that leaves routers open to passers-by labeled as “free” when they’re actually connected to your home network. This means you don’t know who else can see or intercept your traffic — potentially even install malware and snag your passwords. If you work from home, this is even more important. You could be responsible for data loss or theft if your home network isn’t secure. Will your IT/security department help if your computer is compromised outside the office? Find out!
- Sharing is not caring. Social media can lead to disastrous security headaches. The EU GDPR is now in effect and companies have been forced to update their privacy policies to show what information they collect, how it’s used and how long they keep it. Take advantage of this and check ALL the permissions your social media accounts have, what they share with other platforms, and what data they collect about you from your profile and viewing or sharing preferences. Are you friends with co-workers on Facebook? Make sure you’re sharing work-appropriate content! Reduce what content they can see or unfriend them. 😉 Companies and regulators will proactively notify you of policy changes, but they will rarely ask you to give or update your personal information directly. Out-of-the-blue phone calls or emails are, most likely, scams. To confirm, go directly to known websites (e.g. IRS.gov) to see if any updates are necessary or requested.
- Protect non-tech-savvy and elderly family members online. Have a family check-in to ensure everyone is up-to-date on the latest security best practices, including updating passwords and checking social profiles for appropriate privacy and security controls. Make sure people who aren’t “friends” can’t see your private information. Don’t post about vacations until after you’re home. Does your company issue blog posts (like this one!) or internal memos about security best practices or concerns to be aware of? Share them with your family! Don’t post anything that you use as a security challenge like pets’ names, your mother’s maiden name, birthdays, the street you grew up on, and so on.
- Data security starts at home. The convenience of a connected home is unparalleled — I love having the lights turn on when I pull into the driveway and being able to tell my Smart Home to turn the alarm on at night. But not all “smart”gadgets are created equal. Most manufacturers feel that security is the user’s problem and consumers should be more responsible for their own security. In part, they’re right — we need to take more responsibility and accountability of knowing where our data is and who has access to it. However, the responsibility should be shared. The number of home-connected devices is exploding. These technologies are designed to be easy to install with lots of default or administrator settings, which are easily available on the internet. Protect your home — change default settings and passwords!
- Who’s knocking on your router’s door? More than half a million routers have been compromised by Russian malware — VPNFilter — which targets small home and office routers, according to Talos, Cisco’s security arm. Their report found that routers manufactured by Linksys, MikroTik, Netgear and TP-Link were affected. Many of these devices are vulnerable because they are known to have public exploits, have outdated firmware or are still using the admin credentials they came with. Check this list from The Wall Street Journal showing vulnerable routers based on the top five manufacturers in the U.S. to see if you’re affected and follow the steps to update them immediately. The threat is real. At the very least, reset or update if you’re not sure. Your “one click to buy” purchases might get delivered to someone else’s front door.
- Have you been “pwned?” Find out if your email address is part of a larger data breach and what to do if it has been. Like rotating your mattress or giving the dog flea medicine, set family calendar reminders to change your passwords at least twice per year. Read the news at least weekly to stay informed about the latest threats, and sign up for alerts from credible, trustworthy websites like NIST (the National Institute of Science and Technology). If you’re in IT or security, make sure you opt-in to vendor updates about patches. You can even add RSS feeds to your Slack account to get real-time updates for industry vulnerabilities and patches. And for your sanity and mine, please, please, please don’t use the same password for multiple accounts. If the bad guys get it, they might have access to every website in your browser’s history.
Take security into your own hands, own your data and make sure you’re doing everything you can to keep your information private and secure. Good security starts with awareness and education. Ask yourself how many devices you and your family have connected to the internet. Have you changed your passwords lately? Updated your device and router software? Did you change the administrator settings on your internet garage door opener, Roomba or Xbox? If not, do it now!
Stay tuned for more security tips and ask questions!