Cybersecurity Tips: Tales from the Crypt(ography)
Welcome to the end of Cybersecurity Awareness Month! Did you learn anything new? Make plans to add a security layer? Hear about any spooky stories of the gremlins lurking just around the corner?
In the spirit of the season, the first terrifying tale is our very own smart home assistant. Oh yes, it looked cute at the shop and when it came home. But we didn’t listen about not feeding it after midnight and it gobbled up all our conversations – especially when we read our credit card number out loud and said our password quietly to ourselves as we typed it out. Now that cute and helpful assistant has turned into something else entirely.
Next we look in our kitchen at our new toaster (the one that prints the weather on your toast). Little did we know that it has come alive! Now it has been assimilated into the botnet, joining millions of other devices to combine their computing power and launch attacks against other unsuspecting victims.
What can we do with all these internet of things items? Will we ever be safe in our own home or office again? The good news is yes, there is hope! Some simple steps can make a big difference. Turn off smart devices when not needed or when privacy/confidentiality is key. Change the default user name and passwords to something complex and unique. Update and patch the device’s software and do not use them past their end-of-life. Finally, keep them on a separate network so that if they become compromised, at least the infection will not spread to the rest of your devices. And for all your office equipment, don’t let them come back to life as zombies – take the right steps to handle and dispose of those items when the time comes!
The next threat is all around us but cannot be seen. It is not ghosts, but public Wi-Fi! This month the FBI released a public service announcement about the concerns with public Wi-Fi, especially at hotels as people travel or seek a change of scenery for remote work. It is full of treats to help you avoid the cybercriminals’ tricks. The best way to protect yourself from the dangers of public Wi-Fi is to not connect to it. It is difficult to tell whether a network is legitimate or just a clever ruse by someone else. Think about that pineapple I talk about at CLEs.
But even if you guess the right network, once you are on it you do not know who else might be there and may be monitoring it. The best practice would be to use a mobile hotspot that you own – whether it is a stand-alone hotspot or is broadcast from your phone. As a last resort, if you must connect to public Wi-Fi, be sure to use a virtual private network (VPN) to protect your information. Never go onto sensitive sites (banking, client portal, etc.) over public Wi-Fi without a VPN.
Poor Jennifer. Jeffrey Toobin. Alfono Merlos. These are not this year’s trending costumes, but rather are cautionary examples of how video calls can quickly go awry and lead to revealing more than what was intended. Fortunately, practicing some simple etiquette can also keep you secure! If you do not need to be on camera/microphone, simply keep those items muted. Consider a virtual background to avoid background actions from being broadcast. And finally, a super-techno solution: cover up the camera! There are covers, static stickers, and other options out there that are inexpensive and allow you to quickly cover/uncover your camera. You can use tape, but if you do try putting a small scrap of paper over the camera lens to prevent a residue being left behind blurring future calls.
And so as we end this year’s Cybersecurity Awareness Month with a socially-distanced Halloween. Whether you think about this topic regularly or only once in a blue moon, this is the perfect time to do so and I hope you have found some useful tips in preventing yourself from getting tricked and allow you to treat yourself to some peace of mind knowing you are more secure.
About the Author
Patrick is the Vice President of Enterprise and Operational Risk Management at Lawyers Mutual as well as filling the roles of Corporate Secretary and Director of Information Security. He is an NCSB board certified specialist in Privacy & Information Security Law and has been designated a Fellow of Information Privacy and a Privacy Law Specialist by the IAPP. He is always happy to talk about his collection of tinfoil hats or to discuss risk management advice and resources that you may find helpful - you may reach him at 800.662.8843 or firstname.lastname@example.org.Read More by Patrick >