It’s October, which means it is Cyber Security Awareness Month! The entire month of October is dedicated to raising awareness for cyber security in our everyday lives, and I feel the next few weeks of blog entries should reflect that.
Cyber security isn’t just something we need to worry about in a corporate environment. Quite the opposite, by raising awareness of cyber security concerns that can hit the average person, they will be that much more diligent in their corporate lives as well!
This week is IoT Week, which is something a lot of people don’t necessarily think about since they generally purchase IoT devices to make things easier for themselves, rather than worry about them being potential threats to your safety. A common saying in security circles is that the S in IoT stands for security. Sadly this isn’t so much of a joke as a reflection of reality. Thankfully there are steps you can take to increase the security of these devices in your own home, and it’s not difficult to do.
Change Default Usernames and Passwords
Nearly all IoT devices that have any level of configuration likely have some type of username/password that you can use to log into the device to configure it. Some more expensive and reputable devices may only have an app that you need to install on your phone, but for those that do use a username/password, consult the documentation to see if you can change these from the default values from the factory. By changing these credentials, you are closing off a common attack path an malicious user may take when attacking these devices.
Use A Guest Network
In our last blog article, I spoke about setting up a guest network on your home Wi-Fi. A great way to secure the rest of your network (laptops, computers, tablets, etc.) is to put your IoT devices on this guest network as opposed to your main network. Typically these devices do not require a lot of bandwidth, so if you setup these devices to use this guest network you won’t see any degradation of performance but you will help increase the security of your home network in general.
Update The Firmware
Not all IoT devices have an option to perform updates, but for those that do, you want to take advantage of them! Some more expensive devices like the home assistants from Amazon, Google, etc., will often perform these updates automatically, while other devices like your Network Accessible Storage (NAS) devices may require some more manual effort. Stay current and patch these devices, just like we recommend patching your smartphone.
If you just bought a new IoT device, or if you receive one as a gift during the holidays, make this one of the first steps you take after setting it up to connect to your network.
NAS devices are a popular target amongst hackers, mainly because they are often designed to be accessible from outside the home. Keeping a close eye on updates is important, as can be seen by the number of patches for the QNAP NAS devices.
Only Connect To The Network If Necessary
IoT devices seem to be growing in popularity these days, with internet connectivity just about everywhere. One thing you should ask yourself is if you actually need to have that level of connectivity or not. While there may be a convenience to having your washing machine connected to your phone, I don’t plan on starting my wash while I’m on vacation, so I don’t see an immediate need to tie this machine to my home network. There is definitely risk in setting up connections that aren’t necessary, as was seen with a certain Bluetooth enabled hair straightener.
Use Strong Authentication With Your Accounts
For those IoT devices that you connect to via an app or website, be sure to follow the advice we gave regarding passwords and passphrases as well as using multi-factor authentication in previous blog articles. Earlier in 2020, there were quite a few people who had their Ring camera’s hacked, which could be traced back to people re-using passwords and not enabling multi-factor authentication on these accounts. Manufacturers should really be mandating the use of these technologies to better secure them, but for those that don’t, I implore you to enable them yourself.
Do Your Research and Purchase Wisely
We’re all on the lookout for a deal, but as the old saying goes, you get what you pay for. Purchasing an inexpensive, generic or off-brand device like a wireless security camera may actually be more harmful than helpful, especially if there’s no support for the camera from the manufacturer. Do your own research and see if you can download patches, change passwords, etc., on these lower-cost items before purchasing. A bit of research goes a long way, and the cost of not doing so can be the loss of your privacy.
Happy Cyber Security Awareness Month
Hopefully this week’s article provided you with some insights on how to better protect your IoT devices on your network! A lot of these devices do help improve our day-to-day lives by making things easier for us, but that should come at a cost of securing our homes and the data within them. Please share this with some non-technical people in your lives, since ultimately the better all of us can do, the better all our companies can do against cyber security threats. If you have any questions, please don’t hesitate to reach out to us. We’ll be more than happy to answer your questions.
– John
At EliteSec, we would be more than happy to discuss the security concerns you may have at your organization and how we can help to bridge those gaps. Contact us today and we’ll have a candid discussion on what pragmatic solutions we can come up with for your unique needs.