Estimated Reading Time: 5 Minutes
The line between our online and offline lives has become even more indistinguishable this past year. For many of us, our homes are now our offices and, in some cases, our schools. The number of — and time spent on — devices your customers & employees use to “virtually engage” can make thinking about security overwhelming. Each device that’s connected to the internet is a device that, unfortunately, can be compromised so it is important to protect each one individually. In line with the theme of this year’s Cyber Security Awareness Month (CSAM), “If You Connect It, Protect It,” this week we are providing three simple tips for you to share with your customers & employees to help them protect their devices. These are good reminders for all of us – businesses & consumers alike – to own our role in cybersecurity and reduce our individual and collective risk.
-
Create Unique, Strong Passwords and Set Up Multi-Factor Authentication
All IoT devices should be password protected and have a unique password that is creative, long, and, setting permitting, includes a combination of letters, numbers, and symbols. While, yes, it is tempting to “recycle” such unique passwords to remember them all, we increase our risk substantially by doing so. Cyber thieves have sophisticated techniques to track old passwords used on other sites or devices and modify them to guess new ones. Take the time to set up a system that will help you keep track of your passwords whether it be through a password manager, notes in a locked place, or good old fashioned mnemonic devices to help you recall phrases.
Setting up multi-factor authentication (MFA) is another key way to ensure you — and only you — can access your devices. By establishing two types of verification information, you reduce the success of malicious attempts to access your devices unknowingly. If you receive an alert on a secondary device that another device is being accessed, be sure to follow the instructions to report the nefarious activity immediately. Typically, 2FA is offered on IoT devices that can be enabled upon setup. You can also find the feature under the Settings or Security tabs on your device and set it up so that the unique code/number is sent to you via text/email/phone. Two-steps in the short term saves you multiple steps in the long run if your personally identifiable information is compromised.
Don’t forget – your home router is the device of all devices! Even if you are renting it from a telecommunications company, you may (and should!) change the password regularly. It is also a best practice to make the name of your network something non-descript that does not include personally identifiable information (aka Matt’s Place or The Taylor’s Home) so that cybercriminals cannot readily identify your home and/or personal information.
-
Install Online Data Protection
Cyber protection services such as antivirus, anti-ransomware, and anti-keylogging software are essential for all connected devices. Unfortunately, traditional antivirus software does not protect against ever-evolving methods such as monitoring/recording keys struck on a keyboard (keylogging) or restricting the victim’s access to personal data until a ransom is paid (ransomware). When installing online data protection software, do your research to ensure you have comprehensive protection for your data and devices.
It is equally important to remember that it’s not enough to just install the software. Make sure you’re being diligent and always check for and install updates immediately when prompted. Without regularly updating your IoT devices, you’re left vulnerable to cybersecurity threats and someone stealing your identity and/or personally identifiable information. As tempting as it may be to dismiss the notification dismiss or hit “remind me later” to the notifications on our IoT devices, oftentimes, the company is pushing out the update to address a found security issue that requires immediate attention. Don’t put off until tomorrow what can be protected today.
-
Be Mindful of Your Apps
Because of the immediate need and/or excitement that comes with downloading an app, the security settings are often overlooked — and apps become an open door for cybercriminals to gain access to your information and identity as apps can hide malware and other harmful software. The most important rule of thumb is to only download apps directly from the application store (Google Play, Apple App Store, etc.) and never from random links on a website or webpage. Take a few minutes to read the privacy policy and consider customer reviews before making the decision to download or install any application to your device. The privacy policy should tell you what data the app is collecting from you, how that data is stored, and if it is shared with a third-party. Be sure not to share data that isn’t required in order for the app to function properly. Remember, the more you share and let the app have access to, the more information there is available to exploit. If you don’t need it, don’t download it. If you do need it, protect it!
When logging into the app for the first time, be particularly mindful of the type of information apps are asking permission for – location services, microphone access, video access, etc. Some apps, by their very nature, do require the use of some of those features, but you should always be aware of which apps are running in the background and still collecting that data. Don’t let the excitement of using the app overtake your vigilance in protecting yourself.
Looking for even more #BeCyberSmart tips & tricks? Follow us on Twitter, LinkedIn, and Facebook, and check out our other 2020 CSAM blogs!