Varonis has an interesting Christmas present for you this holiday season: a video series that takes you through what you need to do to better secure your home, devices and family members during your holiday break. We all have “honey-do” lists for the holiday season and some Bowl games to watch, but I’m suggesting that you watch these videos between football games to prepare your house for what is likely to be a nasty cybersecurity year in 2017.
Now most of you probably don’t need to view many of these videos, but I’m willing to bet that your kids or other family members may not be as well versed in how to behave safely — particularly why it is important to keep your smartphones and PCs patched.
Network and Device Exposures
The reason that we should consider these videos is because we are all under attack, and our kids and older relatives are particularly vulnerable. As we move to the Internet of Things (IoT), more and more of our stuff is connected and can be used to report on us or gain access to our network and our devices, like security cameras.
The Varonis Videos: Passwords and More
The first video is basically an overview of the segments, the background of the speaker, Troy Hunt, and what he is going to talk about.
The second video is on passwords and how to create a good one. Passwords are a hot button for me because they are inherently unsecure and people do stupid things like using PASSWORD, QWERTY, or more recently, ITSUCKS!. Apparently, when IT found that most employees were using that last password and said it could be used no more, employees just added modifiers, like ITSUCKSALOT. Hunt suggests a phrase that you can remember instead, and a different one for each service. To remember them, use a password manager. The best ones securely create unique passwords and recall them.
The third video is on how to know which websites to trust. The problem is that even branded websites may not be secure. The video walks you through what the padlock on the address in your bowser means and how you can use it to help determine whether a website is secure or not. No padlock: You can’t trust the page. You’ll learn how to use a VPN to tunnel through an unsecure access point to make sure someone doesn’t use a compromised or rogue access point to gain access to your PC. Next, the video moves to phishing emails, one of the most common ways of installing malware or getting your confidential information, and how to avoid getting hurt by one. Generally, don’t click on any links in an email, rather, go to the site by typing the address you know into your browser.
The fourth video is on why you need to do software updates. These updates improve the product, the improve its reliability (bug fixes), and patch security problems. To assure you are secure and your product remains reliable, Hunt recommends you install updates. This isn’t just updating your PC but your routers and all your IoT devices (including your car), as well.
The fifth video is about how to protect your smartphone from hackers. I’ve seen demonstrations where a remote attacker has activated cameras and microphones remotely to turn a phone into a listening device and even seen an Android phone caused to catastrophically overheat, destroying the battery. Hunt suggests you use biometrics to log into your phone, and prefers phones like the latest iPhones and my DTEK 60 from BlackBerry over those that don’t have it. Hunt then talks about apps that ask for too much access and suggests you avoid them because they may be funded by selling your personal information. If you don’t like the permissions, don’t load the app. Finally, don’t side load; always use the app stores because these apps have been curated.
The sixth video is on protecting your home from IoT devices that can open your home up to attack. Hunt spends a lot of time on webcams, like baby monitors, which have been infamous for being hacked, advising you replace default passwords or create passwords for those devices that don’t have them, particularly webcams. He gives examples of devices like the LIFX lightbulb, iKettle, Ring Doorbell (with built-in webcam), XiongMai webcams and DVRs (these were used to do DOS attacks on large websites), and the Nissan LEAF (no kidding), which aren’t secure and leak your Wi-Fi password to attackers. The big takeaway is not to connect anything that doesn’t need to be connected to the internet. A directly connected printer with Wi-Fi doesn’t need to have Wi-Fi connected, for instance. And make sure the information that is shared is okay. For instance, security cameras don’t monitor you, they monitor visitors. It is worth going to the end of this video for the story on the connected toilet.
Finally, the last video is a summary of what was covered before and, since I just gave you an overview, you likely don’t need to watch this one.
Wrapping Up: Staying Safe in a Connected World
I’ve watched these videos so you don’t have to watch all of them. I suggest you watch the one on phishing and the one on IoT devices, though, because you may not fully understand the exposures from my summaries. The password segment is important for anyone you know who just doesn’t get how unsecure passwords are.
As a side note, I had a guy over at the house from Geek Squad and he immediately found I hadn’t remembered to turn UPNP off on my router, which is a huge security hole, suggesting it may be wise for some of you to have a tech come over and make sure your routers and connected device settings are as secure as they can be made.
In the end, this is a great project over the holidays. You can do it from inside your home, you are protecting your family, and you can do a lot of this while you are watching football.
Have a wonderful, and safe, Christmas!
Rob Enderle is President and Principal Analyst of the Enderle Group, a forward-looking emerging technology advisory firm. With over 30 years’ experience in emerging technologies, he has provided regional and global companies with guidance in how to better target customer needs; create new business opportunities; anticipate technology changes; select vendors and products; and present their products in the best possible light. Rob covers the technology industry broadly. Before founding the Enderle Group, Rob was the Senior Research Fellow for Forrester Research and the Giga Information Group, and held senior positions at IBM and ROLM. Follow Rob on Twitter @enderle, on Facebook and on Google+