Cybersecurity Q&A Series with Michael Marrano Part3

Part 3: Cybersecurity Protecting your family in a digital home and world

published
July 15, 2021
News

Welcome to the final installment of a three-part series on Cybersecurity. Protecting your sensitive data from theft or unintentional leaks continues to be a top risk to companies and governments alike.  In the first two installments we explored cybersecurity threats and is if your data safe as well as cybersecurity reulators and how they help you avoid cyberattacks.

Today we are taking a more personal look at cybersecurity. Digitally protecting your family has become pivotal and requires adaptive strategies.  To explore this topic further, we sat down with Michael Marrano, the founder of Riskigy, a Certified Information Systems Security Professional (CISSP), and a member of 4THBIN’s advisory board, to discuss cyber defense for your home and family.

 

Q: What is an IoT Device?

A: IoT, short for Internet of Things, is just a swanky term for smart devices that can connect to the Internet. These devices can be baby monitors, vehicles, network routers, farming devices, medical devices, environmental monitoring devices, home appliances, DVRs, CCTV cameras, headsets, or smoke detectors. By using IoT devices that connect to the internet, you can make TV morning shows or podcasts ready for when you get out of bed and get your oven to heat your dinner up for when you get home. You can control the temperature and air quality, lock the doors, and even keep an eye on the house while you away from home. Smart devices also connect your refrigerator, wash machine, coffee maker, heating system, and car to the internet and far beyond the physical security of your home. 

All the information and personal data stored on the devices and your IoT tech gadgets are also accessible. You will need to secure your network, but you will also need to ensure there are no weak links in your security by checking that each device is secure. It is important to treat smart devices in similar practice as your computer or smart phone, perform frequent software updates and when devices reach end of life you should plan a replacement.

 

Q: How should you handle home Wi-Fi?

A: You want to keep your Wi-Fi tuned up to prevent slow internet, signal congestion, router downtime, software issues, hardware limitations, or even the physical size of your home causing problems. Home Wi-Fi has never been more critical than now during the stay-at-home requirements of the COVID-19 pandemic. Our homes have been transformed into our workplace, classroom, and virtual family gathering places. In addition, our homes and home networks have also become the source for our entertainment, grocery shopping, and everything else we once did in person. 

Your device may simply need a periodic reboot of your cable modem and wireless router or a whole lot more such as a firmware update.  When updating your router’s firmware, you get additional features and enhancements of the new firmware. In addition, your router receives important security updates. 

Some ways to protect your home network include:

  • Adding the at-home students and kids on their own network and enabling Quality of Service “QoS” for critical services. This can keep the kids secure and out of trouble online, and it eases the burden on your bandwidth while they play video games, stream movies, and hopefully do their homework.
  • Setting up a different Wi-Fi router for guests or enabling your router’s “Guest Network” option. Guest networks are meant for visitors  and untrusted devices to connect to your home and who might need a Wi-Fi internet connection while it keeps your sensitive data and shared files private.
  • It may seem like common sense, but a complex Wireless passcode will keep snooping neighbors and rogue devices from connecting to your wireless network. Refrain from using your name (SmithFamily) or address (18MainStreet) as the network name because this is easily seen by anyone within range and potentially entice those with bad intentions. Also disable old and broken wireless security such as WEP and consider disabling SSID broadcasting.

 

Q: How do I ensure my family’s data privacy?

A: As the COVID-19 pandemic continues to push children’s social and educational lives home and online, digital privacy is more critical than ever. Corporations and social media companies are eager to monitor your children’s online behavior, not only to market to them but also for a whole host of purposes. 

Most online privacy threats are due to the collection of “persistent identifiers.” Similar to a license plate, persistent identifiers “PA” are a string of numbers and letters assigned to you and your device. They allow companies and other entities to track you across the internet. These identifiers may appear harmless by themselves, but when collected over time alongside other information about your actions, they allow others to learn information about your habits, interests, and demographics.

Every home office and remote worker should consider a Virtual Private Network (VPN) to stay safe online. Most VPN’s provide two services:

  1. Encrypting your data between two points 
  2. Hiding the IP address from where a general location can be derived where you're located.

If you're connecting to work and want to make sure you're taking all the precautions, you can if your employer hasn't given you a corporate VPN to use a Personal VPN service for protection and privacy. If you're connecting to websites that log connection information and don't want to leave tracks where you are or where your home is, you will want a VPN. If you want extra protection and privacy at home or when traveling, then a VPN is a good idea.

 

Q: What’s the problem with IoT Devices?

A:  Some devices are rushed out without paying sufficient attention to IoT security issues. When new products replace these devices, manufacturers don't always make much effort to support them with security patches. That's a glaring contrast to computer hardware and software, where we expect regular updates to address security vulnerabilities and improve operations.

The Mirai botnet hacked into IoT devices as long ago as 2016 and managed to create a swarm of 100,000 hijacked IoT devices. Your home can be a gold mine to hackers, who are seeking to capture your banking password, your online accounts, and your personally identifiable information, and entering and establishing a launchpad through an IoT device can be the low-hanging fruit.  Once they have a way into your network, people with malicious intent might be able to turn off your security cameras, access your personal information, or spy on you and your family. An insecure home network opens the door to burglary, identity theft, privacy violations, and more.

 

Q: Would a cyber insurance policy help protect against cyber risks?

A: As technology has become increasingly incorporated into people's lives, the risks that sensitive personal data could be compromised, including Social Security numbers and financial information such as bank and credit card information, has continued to rise. One way to protect yourself and your family financially against these risks is buying a personal or family cyber insurance policy, part of a growing insurance market for cyber protection services. 

Personal cyber insurance, also called “cyberattack insurance,” is often sold as an add-on to homeowners’ insurance and can cover an array of cybercrimes:

  • Cyberattack coverage pays for the elimination of a virus/malware or repair of desktops, laptops, smartphones, tablets, Wi-Fi routers, and other internet access points, such as smart home devices and security systems.
  • Cyberbullying coverage helps you deal with online harassment that results in wrongful termination, discipline from school, temporary relocation expenses, temporary private tutoring, lost wages, and legal expenses.
  • Cyber extortion coverage helps you recover from ransomware attacks that block you from accessing your personal data and demanding a fee to regain control. This coverage might include assistance from cybersecurity experts who can help you regain your files and reimbursement for any ransom paid, if approved by your insurance company.
  • Data breach coverage helps pay for services if personal data entrusted to you is lost, stolen, or published. For example, if you sell cookies for a local fundraiser and have credit card information from buyers on your laptop or tablet is stolen, this coverage will pay for services to the individuals who were affected by the data breach.
  • Online fraud coverage pays for direct financial losses due to problems like identity theft, unauthorized banking or credit card transfers, phishing schemes, and other types of fraud.

 

Q: And what about credit monitoring services?

A: Credit monitoring services can provide a lower-cost alternative to insurance and also provide you with early notice of potential fraud on your credit report, so you can take steps to protect your personal information. While these services are offered for “free” and paid subscriptions, either cannot actually prevent identity theft, they can keep you informed so you can take action if you notice something is wrong. A credit freeze is a service that prevents potential new lenders from accessing your credit report without you first lifting the freeze. It is a service used by victims of identity theft to help prevent new accounts from being opened in their name without their permission. 

While these services can alert you of changes to your credit file and help you fix any errors, it is important to understand what credit monitoring can and cannot do. You still must be proactive in taking steps to prevent identity theft. 

 

Final Words

Parents must make a habit of regularly talking to their kids about their experiences online. Find out what sites they are visiting, who they are interacting with, and how they are protecting themselves. The more comfortable they are discussing their digital lives with you, the more likely they will be to open when they encounter something dangerous or challenging.

Smart devices “IoT” are a modern convenience, need to gather certain types of data to work properly and improve their performance. But in many cases, too much information is being collected and shared with third-party companies. To protect privacy, maintain IoT assets, regularly review use, and attack surface impact.

Take your password’s security seriously, whenever you get a new device, change the default password immediately.  Use unique, hard to guess passwords with several characters, numbers, and letters on all of your devices

--------

About Michael Marrano:

Michael Marrano is the founder of Riskigy and a cybersecurity professional focused on providing Virtual CISO and Cybersecurity services for clients. With his boutique cybersecurity consulting and advisory firm, he provides high-quality services to organizations of all sizes. Michael has been honing his skills as a real-world technology and information security practitioner over the last three decades. Michael is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Certified Information Systems Auditor (CISA) with extensive experience in consulting, audit and business leadership roles. Michael is the author of “The Human Firewall Builder – Weakest Link to Human Firewall in Seven Days”, achieved a Cyber and Homeland Security MS  from Fairleigh Dickinson University (NJ) and previously held roles such as Senior Principal Cybersecurity Consultant, Managing Director, a former Chief Technology Officer (CTO) and Chief Information Security Officer (CISO).  Connect with Michael today on LinkedIn.

More News

News

E-Solutions USA Merges with 4THBIN for Expansion and Growth

We are excited to welcome E-Solutions USA into the 4THBIN family as part of the Ecotech Management group. Together we will expand our service offerings and continue to provide trusted, secure and environmentally responsible solutions to all our clients.

News

Join 4THBIN in Spring Cleaning with Purpose

Spring invites us to take a step back, reset, and refresh. It is a season built around renewal, and for businesses, that often means cleaning out more than just closets. As workspaces evolve and priorities shift, it is the perfect time to take a closer look at the technology you no longer use. Those outdated laptops, monitors, phones, and servers sitting in storage may not seem urgent, but they hold serious risks when left unmanaged.

News

Celebrate Earth Month with 4THBIN

April is Earth Month, and at 4THBIN, we see this time as an opportunity to double down on our commitment to protecting the planet. E-waste is the fastest-growing waste stream globally, and it’s not just a tech problem. Improper disposal of old electronics can leak hazardous materials into the environment, while also posing serious risks to your data security.

News

Empowering Education Through Responsible E-Waste Recycling with 4THBIN

As technology becomes more embedded in the educational experience, it’s crucial for students to not only understand how it benefits their learning but also how it affects the world around them. E-waste, the growing amount of discarded electronics, poses significant environmental and health risks, particularly when not recycled responsibly. As future leaders, students have the opportunity to take action and drive change by learning the importance of proper e-waste recycling.

News

Falling in Love with E-Waste Recycling

Valentine’s Day is all about love - whether it’s for a special someone, your favorite dessert, or just a good rom-com. But this year, why not show some love for something that actually gives back? We’re talking about e-waste recycling - the secure, sustainable, and responsible way to part with your old electronics.

Event

4THBIN and Broadway Green Alliance Team Up for a Spring 2025 E-Waste Drive
May 14, 2025
Drop-off Event

4THBIN and Broadway Green Alliance Team Up for a Spring 2025 E-Waste Drive

We’re excited to announce a Spring 2025 E-Waste Recycling Drive, happening on May 14, 2025, from 11:00 AM to 2:00 PM at Duffy Square, right by the red steps at 46th Street and 7th Avenue in collaboration with Broadway Green Alliance.

Join 4THBIN and PS 29 for a Spring Neighborhood Recycling Event
May 4, 2025
Drop-off Event

Join 4THBIN and PS 29 for a Spring Neighborhood Recycling Event

We're excited to invite you to a community electronic recycling event in partnership with PS 29! This is your chance to responsibly dispose of old or unwanted electronics - securely, sustainably, and for free.

Spring Into Sustainability: E-Waste Recycling Events in NYC
Drop-off Event

Spring Into Sustainability: E-Waste Recycling Events in NYC

This spring, 4THBIN is proud to continue our partnership with the Lower East Side Ecology Center to host a new season of free residential e-waste recycling events throughout New York City. These events are part of our 4THBIN 4ALL initiative, a citywide effort to expand access to responsible electronics recycling and encourage sustainable action in every neighborhood.