Post-Holiday Cyber Safety: Adding New Devices to your Personal Internet of Things

January 13th, 2016
Reprinted from Wombat Security's Blog 

As students (and parents) settle back into “normal” routines post-holiday, it’s likely that new laptops, smartphones, tablets, and wireless “connectables” are part the mix. Whether first-time users or old hands, there are always cyber security considerations to adding new devices to your personal Internet of Things (IoT). These tips can help protect data, systems, and privacy, so be sure to share them with your coworkers, family, and friends.

1. Understand and mitigate the risks associated with IoT devices

It might be said that connectivity is king these days; plugs and wires have given way to USB cables, WiFi, and Bluetooth. Analyst firm Gartner projects that the IoT will expand to 6.4 billion connected devices globally this year and balloon to nearly 21 billion devices by 2020. These emerging technologies allow us to wirelessly control, track, and/or monitor everything from heart rates to sleeping babies to home security systems (and beyond). The advances continue and the conveniences abound.

But so do the risks.

The simple truth is that everything that connects to a network is a potential entry point for hackers. There have been plenty of documented takeovers of IoT devices and software, and public consciousness of the risks was heightened in 2015 following the FBI’s public service announcement about the IoT vulnerabilities. Beyond the creepiness factor (like strangers watching your sleeping children), hacking of these devices poses the potential for real harm to your personal data and even your physical being.

Chances are that one (or more) of the holiday gifts you or your loved ones received is part of the IoT. Don’t have a “connect it and forget it” mentality. Take appropriate precautions to help ensure your devices are as secure as possible:

  • Research your device online to identify any known security issues. If available, download and immediately install any available updates. (Manufacturers often identify vulnerabilities after product hits the shelves, so even brand new devices can be due for a security patch.) When possible, register your device and/or enable automatic updates.
  • Change default passwords ASAP. Many devices are programmed with a password that is standard issue (meaning every item of its kind has the same password). Even more concerning, these default passwords are often posted online (an easy reference for consumers and hackers alike).
  • Disable open WiFi connections, which can result in devices automatically connecting to unsecured networks. As a general rule, you should only connect to trusted, secured WiFi networks (IoT device or not).
  • If you can, make adjustments at the router level on your home network. Some routers allow you to set up multiple networks or guest accounts, which means you can separate IoT devices from your computers and create a layer of “insulation” should one of those devices be compromised. Hardware security experts also recommend that you disable Universal Plug and Play (UPnP) on your router because this protocol can be exploited to access many IoT devices.

2. Be vigilant about protecting your data

Three significant threats to personal data are found in sources that adults and children use daily (if not hourly): email, Internet, and mobile apps.

Phishing attacks — fraudulent email messages designed to trick users into downloading dangerous attachments, clicking malicious links, and/or revealing sensitive financial, personal, or business data — are a danger to every email account holder. The numbers are staggering: According to Securelist’s spam and phishing report for Q3 2015, the phishing alert was triggered more than 36 million times on computers that use Kaspersky Lab security software. This was 6 million more triggers than in the second quarter of 2015 — and Kaspersky Lab is just one anti-virus and Internet safety software platform (Norton and McAfee are other big players).

Fraudulent websites and applications often share the same goals as phishing emails: to steal personal date, install malicious software, or gain access to user names and passwords. Financial data and healthcare information are prime targets for scammers; according to the Identity Theft Resource Center, which compiles U.S. breach totals, more than 118 million financial, healthcare, and education records were compromised in 2015. If you have had your credit card data or other personal information stolen in a data breach, you know the incredible hassle associated with the aftermath.

As you set up new accounts and download applications (for yourself or your children), keep the following tips in mind; your actions play a significant role in maintaining cyber security. College-age students should be particularly careful as they begin to build their personal credit, but all users of mobile devices can benefit from additional security measures:

  • Think before you interact with an unsolicited email. Fraudsters like to create a sense of urgency using scare tactics, amazing offers, and other traps that trick users into clicking or download right away. (And if you’ve never talked to your kids about phishing, now is the time; otherwise, they’ll have no idea these types of scams exist.) This article about the risks associated with phishing contains additional pieces of advice.
  • Again, do your research. A simple Google search can quickly reveal red flags associated with mobile applications, unfamiliar websites, special offers, and more.
  • Be careful about the data you share and where you share it. Stores, websites, and social media posts often ask consumers to provide personal information in exchange for special offers; be selective and protective in these situations. (Parents, be sure to talk to your children about privacy and appropriate sharing.)
  • Maintain as much control over your financial accounts as possible. Limit the cards you use (designate a single card for online purchases, for example) and be very cautious of where debit cards are used since they pull funds directly from attached bank accounts.
  • Should your personal data be compromised, take advantage of any credit monitoring services offered and be diligent about identifying and addressing any anomalies on your accounts or in your credit reports. (You can find some additional post-breach advice here.)

3. Get smart about social media

The opportunities to share (and overshare) your life with your social media connections, whether it’s the latest leg of your Couch to 5K quest, a picture of the amazing dessert you’re about to scarf down, or that Candy Crush Saga level that you JUST.CAN'T.BEAT. But adults and children alike should always remember that the photos, observations, and activities they post on social media can have an impact far beyond their circles of online friends and followers. Younger kids in particular are likely to have little understanding of the ramifications of sharing too much on a public forum or the dangers of connecting with imposters.

The bottom line is that social media posts can have far-reaching consequences. According to Kaplan Test Prep 2014 survey, 35% of college admissions officers view applicants’ social media profiles to learn more about them, and 16% reported that their findings had a negative impact on a candidate’s likelihood of acceptance. The numbers only go up with prospective employers: the 2014 Jobvite Job Seeker Nation Study revealed that 93% of recruiters check candidates’ social profiles, and 42% of those recruiters have reconsidered an applicant based on what they’ve found.

Here are a few things to keep in mind with regard to social media safety:

  • Assume that everything posted on social media will be public and permanent. Any post on any social app can live for eternity and be shared with anyone — regardless of privacy settings and regardless of whether the post was deleted.
  • Don’t be fooled by platforms like Snapchat, where posts supposedly “disappear” after a few seconds.Screen captures and copy/paste functions can give items a life beyond the limits you think you’ve set.
  • Students should be particularly cautious of the personas they create for themselves online because of the potential future ramifications. (For more advice on this topic, check out the Mashable article, “12 Things Students Should Never Do on Social Media.”)