Part 3: Cybersecurity Protecting your family in a digital home and world
Welcome to the final installment of a three-part series on Cybersecurity. Protecting your sensitive data from theft or unintentional leaks continues to be a top risk to companies and governments alike. In the first two installments we explored cybersecurity threats and is if your data safe as well as cybersecurity reulators and how they help you avoid cyberattacks.
Today we are taking a more personal look at cybersecurity. Digitally protecting your family has become pivotal and requires adaptive strategies. To explore this topic further, we sat down with Michael Marrano, the founder of Riskigy, a Certified Information Systems Security Professional (CISSP), and a member of 4THBIN’s advisory board, to discuss cyber defense for your home and family.
Q: What is an IoT Device?
A: IoT, short for Internet of Things, is just a swanky term for smart devices that can connect to the Internet. These devices can be baby monitors, vehicles, network routers, farming devices, medical devices, environmental monitoring devices, home appliances, DVRs, CCTV cameras, headsets, or smoke detectors. By using IoT devices that connect to the internet, you can make TV morning shows or podcasts ready for when you get out of bed and get your oven to heat your dinner up for when you get home. You can control the temperature and air quality, lock the doors, and even keep an eye on the house while you away from home. Smart devices also connect your refrigerator, wash machine, coffee maker, heating system, and car to the internet and far beyond the physical security of your home.
All the information and personal data stored on the devices and your IoT tech gadgets are also accessible. You will need to secure your network, but you will also need to ensure there are no weak links in your security by checking that each device is secure. It is important to treat smart devices in similar practice as your computer or smart phone, perform frequent software updates and when devices reach end of life you should plan a replacement.
Q: How should you handle home Wi-Fi?
A: You want to keep your Wi-Fi tuned up to prevent slow internet, signal congestion, router downtime, software issues, hardware limitations, or even the physical size of your home causing problems. Home Wi-Fi has never been more critical than now during the stay-at-home requirements of the COVID-19 pandemic. Our homes have been transformed into our workplace, classroom, and virtual family gathering places. In addition, our homes and home networks have also become the source for our entertainment, grocery shopping, and everything else we once did in person.
Your device may simply need a periodic reboot of your cable modem and wireless router or a whole lot more such as a firmware update. When updating your router’s firmware, you get additional features and enhancements of the new firmware. In addition, your router receives important security updates.
Some ways to protect your home network include:
- Adding the at-home students and kids on their own network and enabling Quality of Service “QoS” for critical services. This can keep the kids secure and out of trouble online, and it eases the burden on your bandwidth while they play video games, stream movies, and hopefully do their homework.
- Setting up a different Wi-Fi router for guests or enabling your router’s “Guest Network” option. Guest networks are meant for visitors and untrusted devices to connect to your home and who might need a Wi-Fi internet connection while it keeps your sensitive data and shared files private.
- It may seem like common sense, but a complex Wireless passcode will keep snooping neighbors and rogue devices from connecting to your wireless network. Refrain from using your name (SmithFamily) or address (18MainStreet) as the network name because this is easily seen by anyone within range and potentially entice those with bad intentions. Also disable old and broken wireless security such as WEP and consider disabling SSID broadcasting.
Q: How do I ensure my family’s data privacy?
A: As the COVID-19 pandemic continues to push children’s social and educational lives home and online, digital privacy is more critical than ever. Corporations and social media companies are eager to monitor your children’s online behavior, not only to market to them but also for a whole host of purposes.
Most online privacy threats are due to the collection of “persistent identifiers.” Similar to a license plate, persistent identifiers “PA” are a string of numbers and letters assigned to you and your device. They allow companies and other entities to track you across the internet. These identifiers may appear harmless by themselves, but when collected over time alongside other information about your actions, they allow others to learn information about your habits, interests, and demographics.
Every home office and remote worker should consider a Virtual Private Network (VPN) to stay safe online. Most VPN’s provide two services:
- Encrypting your data between two points
- Hiding the IP address from where a general location can be derived where you're located.
If you're connecting to work and want to make sure you're taking all the precautions, you can if your employer hasn't given you a corporate VPN to use a Personal VPN service for protection and privacy. If you're connecting to websites that log connection information and don't want to leave tracks where you are or where your home is, you will want a VPN. If you want extra protection and privacy at home or when traveling, then a VPN is a good idea.
Q: What’s the problem with IoT Devices?
A: Some devices are rushed out without paying sufficient attention to IoT security issues. When new products replace these devices, manufacturers don't always make much effort to support them with security patches. That's a glaring contrast to computer hardware and software, where we expect regular updates to address security vulnerabilities and improve operations.
The Mirai botnet hacked into IoT devices as long ago as 2016 and managed to create a swarm of 100,000 hijacked IoT devices. Your home can be a gold mine to hackers, who are seeking to capture your banking password, your online accounts, and your personally identifiable information, and entering and establishing a launchpad through an IoT device can be the low-hanging fruit. Once they have a way into your network, people with malicious intent might be able to turn off your security cameras, access your personal information, or spy on you and your family. An insecure home network opens the door to burglary, identity theft, privacy violations, and more.
Q: Would a cyber insurance policy help protect against cyber risks?
A: As technology has become increasingly incorporated into people's lives, the risks that sensitive personal data could be compromised, including Social Security numbers and financial information such as bank and credit card information, has continued to rise. One way to protect yourself and your family financially against these risks is buying a personal or family cyber insurance policy, part of a growing insurance market for cyber protection services.
Personal cyber insurance, also called “cyberattack insurance,” is often sold as an add-on to homeowners’ insurance and can cover an array of cybercrimes:
- Cyberattack coverage pays for the elimination of a virus/malware or repair of desktops, laptops, smartphones, tablets, Wi-Fi routers, and other internet access points, such as smart home devices and security systems.
- Cyberbullying coverage helps you deal with online harassment that results in wrongful termination, discipline from school, temporary relocation expenses, temporary private tutoring, lost wages, and legal expenses.
- Cyber extortion coverage helps you recover from ransomware attacks that block you from accessing your personal data and demanding a fee to regain control. This coverage might include assistance from cybersecurity experts who can help you regain your files and reimbursement for any ransom paid, if approved by your insurance company.
- Data breach coverage helps pay for services if personal data entrusted to you is lost, stolen, or published. For example, if you sell cookies for a local fundraiser and have credit card information from buyers on your laptop or tablet is stolen, this coverage will pay for services to the individuals who were affected by the data breach.
- Online fraud coverage pays for direct financial losses due to problems like identity theft, unauthorized banking or credit card transfers, phishing schemes, and other types of fraud.
Q: And what about credit monitoring services?
A: Credit monitoring services can provide a lower-cost alternative to insurance and also provide you with early notice of potential fraud on your credit report, so you can take steps to protect your personal information. While these services are offered for “free” and paid subscriptions, either cannot actually prevent identity theft, they can keep you informed so you can take action if you notice something is wrong. A credit freeze is a service that prevents potential new lenders from accessing your credit report without you first lifting the freeze. It is a service used by victims of identity theft to help prevent new accounts from being opened in their name without their permission.
While these services can alert you of changes to your credit file and help you fix any errors, it is important to understand what credit monitoring can and cannot do. You still must be proactive in taking steps to prevent identity theft.
Parents must make a habit of regularly talking to their kids about their experiences online. Find out what sites they are visiting, who they are interacting with, and how they are protecting themselves. The more comfortable they are discussing their digital lives with you, the more likely they will be to open when they encounter something dangerous or challenging.
Smart devices “IoT” are a modern convenience, need to gather certain types of data to work properly and improve their performance. But in many cases, too much information is being collected and shared with third-party companies. To protect privacy, maintain IoT assets, regularly review use, and attack surface impact.
Take your password’s security seriously, whenever you get a new device, change the default password immediately. Use unique, hard to guess passwords with several characters, numbers, and letters on all of your devices
About Michael Marrano:
Michael Marrano is the founder of Riskigy and a cybersecurity professional focused on providing Virtual CISO and Cybersecurity services for clients. With his boutique cybersecurity consulting and advisory firm, he provides high-quality services to organizations of all sizes. Michael has been honing his skills as a real-world technology and information security practitioner over the last three decades. Michael is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Certified Information Systems Auditor (CISA) with extensive experience in consulting, audit and business leadership roles. Michael is the author of “The Human Firewall Builder – Weakest Link to Human Firewall in Seven Days”, achieved a Cyber and Homeland Security MS from Fairleigh Dickinson University (NJ) and previously held roles such as Senior Principal Cybersecurity Consultant, Managing Director, a former Chief Technology Officer (CTO) and Chief Information Security Officer (CISO). Connect with Michael today on LinkedIn.