Don’t Let Your Connected Devices Ruin Your Holidays

Ah, December.

It’s the time of year when we go out and buy our friends, family and even ourselves (You know you’ve done it!!) brand new computers, phones, and *insert gizmo here*.

Connected devices, wearables, drones, and so many other tech gadgets are all making the holidays much more fun.

However if not configured or set up correctly, these devices could put your personal security and privacy at risk.  They could even expose important personal and financial information.

Default credentials

Many of these devices are shipped with default usernames and passwords. This means that the default username and password combination is well-known by the manufacturer, and support people. It may even be written in documentation posted on the Internet.

Yikes. Because of this, it is important to change the default password and even the username, if you can.

If the device will allow you to use a passphrase, then even better! This will prevent anyone from being able to access your device if someone gets on your home network, or if it accidentally gets connected right to the internet.

If your device also connects to the cloud or an online component (i.e. you log into the manufacturers’ website to use it) its a good idea to change this password as well!

Default configurations

Normally the default configurations these devices are shipped in, are ready for you to use immediately. This means that any barrier to the shortest setup-and-go has been turned off.

Often most security features may be turned off, or be optional. It’s a good idea to acquaint yourself with all the features of your new device – security and otherwise. Acquainting yourself will help in understanding what the implications to your personal security and privacy are when each one is turned on and off. Then make the decision on which ones to turn on.

Some devices will also include administration portals or some advanced network administration tools. If you don’t have any intent to use these, turn them off. This will ensure an attacker can’t use them.

Connected directly to the Internet

Most connected devices out there aren’t mean to be connected directly to the Internet.

It’s easy to assume that when you plug the cable into your Internet router or connect the device to your home WiFi that it is only accessible to your home network.

Have you ever actually checked?

It’s important to understand what the internet needs are for your device and make sure that your router and network is configured properly. Any extra port forwarding or other settings are removed if not required.

If your device is accidentally left accessible on the Internet it could be easily accessed or hacked. This could expose important personal and financial information, be used as a gateway to access or hack other devices or computers in your home, or be used as a staging ground to hack others.

Two things that can also be overlooked here. First, ensure you’re using a strong passphrase or password on your wireless network. A weak one will only put your connected devices (and everything else on your network) at risk.

Second, do not put your devices on a guest or public WiFi network. Where devices are concerned, these networks can be just as bad as the internet.

Cloud connectivity

Devices now often include some type of cloud connection capabilities within them. This capability could be for extra features, or at times is required to use the device.

When you have a device that includes cloud connectivity, it’s important to understand what information is being sent to the cloud. This is to ensure you know what it’s being used for and how it’s being protected.

If your device is collecting personal, location or other sensitive information and it isn’t protected well, there is a risk it could be lost in a breach.

Start by reading any manuals that came with the device, the manufacturer’s website and Terms of Service and Privacy Policy documents, to start.

Ensure other computers and phones are secure

Do you connect to your device via an app on your phone, or from your computer?

If an attacker can compromise your other computers, they can take advantage of them to then attack your connected devices.

Update your connected devices

Check if the manufacturer of your device releases software or firmware updates. If they do, update the software and firmware as often as possible.

Software and firmware are only as good as the humans who create them. It’s easy for humans to accidentally introduce errors and security holes while writing software. Because of this, when manufacturers find these errors, they normally create an update to fix the issue. Updating the software allows you to get these fixes and plug any holes that an attacker could use.

It also will ensure you have the latest set of security features. Sometimes additional features can be released after you’ve purchased the device.

Wrapping it up

Connected devices are becoming much more popular. Not only are they fun, but they can make life much easier. However, they need to be used smartly. If they also collect personal or sensitive information or are left unsecured, they could be putting your online security and privacy at risk.

Photo by Alex Knight on Unsplash

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?
CLICK HERE TO SIGN UP!

10 Tips for Being Back to School Cyber Secure

Back to school is almost here!

 

You know that that means – friends, textbooks, and late night study sessions, to start.

 

But did you also know It also means more devices, new accounts, and even more screen time?

 

Online security may not be the first thing you think of when it comes to back to school. However, with more students carrying laptops and more tech finding its way into the classroom, it’s becoming even more important to review how we protect the digital lives of ourselves and our families.

 

Even if you or your family aren’t heading to grade school or college, the beginning of a new school year is a great time for a cybersecurity refresher for the whole family. A refresher will make extra sure you’re still being cyber secure in your current digital lives and with all those extra devices and accounts you’ve collected so far this year.

 

To help you with that refresher, below are some tips to get you and your family ready for the school year.

 

Ensure your computer and devices have updated security software

The more out-dated software you have, the more holes available for viruses, malware, and other unfriendly things have to compromise your computer and devices.

 

Ensure that you’ve updated all the software on your computer and all your devices. This includes not just their operating systems but those apps too!

 

It’s also a good idea here to remove any software and apps that you no longer use and any data that they might contain.

 

Be careful with your purchases

When purchasing new computers, devices and software be wary of used items and online offers that seem too good to be true.

 

Used computers and devices purchased from sites like Kijiji or eBay could possibly come with malware and viruses pre-installed. It’s a good idea to wipe or do a factory reset on any used device you may receive.

 

Online offers that seem too good to be true could be adware, malware, a scam, or a hook to get your personal information.

Backup your stuff

As I am sure you’ve also heard, it’s important to back up all the data you have frequently.

 

What you probably haven’t heard, it’s important to go further than just one backup! Have at least two different copies of your backup on two different media formats. That way you will have no problems recovering if one of the media formats ends up becoming damaged or corrupt.

 

Pro Tip: Create a third copy of your backup. Store that copy in a secure location away from wherever the other two copies of your backups are stored.

 

Then, if something happens to the location the other two copies are stored (fire, flood, hurricane, etc.), you still have a copy to recover from.

 

Lock it up or take it with you

With people moving about on campus all the time, it doesn’t take long for a computer or device to go missing.

 

If you’re going to leave a laptop or device unattended, make sure you lock it up with both a physical lock (such as a laptop lock) and either shut it down or lock the screen.

 

Even better yet, take the laptop or device with you! If you always pack up your laptop and devices and take them with you, then you know they are safe and secure.

 

Encrypt, encrypt, encrypt!

If your computer or devices are stolen or accidentally lost, then all the data on them is lost as well and could potentially be in the hands of someone you wouldn’t want to have it.

 

One way to lower the risk of your data falling into the wrong hands in this situation is to ensure you’ve encrypted everything you have which will support it. This includes your computer, devices, and removable media.

 

Encryption helps because if your devices are encrypted and are lost or stolen, your data can not be easily accessed.

 

One thing important thing to remember here: If you lose your encryption keys, your data is lost forever. It’s important to do your research and understand exactly how encryption works for your devices before you encrypt anything.

 

Create or update the passwords for your computer, devices and online accounts

As I’m sure you’ve been told, using the same password for everything is never a good idea. Take this time to create new, unique passwords for computers, devices, and online accounts.

 

Ensure these passwords are long and strong and complex.

 

Pro Tip: If you have a hard time remembering passwords and shudder at the thought of creating a new one, try using a password manager. It’s a piece of software that securely stores all your passwords, and then all you have to remember is the one password to open the password manager. Simple!

 

Enable multi-factor for everything that supports it

 

More and more online services are starting to support multi-factor authentication. This adds an additional layer of security to your account by requiring you to provide something extra in addition to your username and password to login. Usually, this is in the form of a code or fingerprint.

 

Enabling multi-factor means that even if someone manages to get your username and password, they can’t login to your account without the additional factor, which you still have.

 

However, this doesn’t mean you can become complacent with your passwords… Strong and unique passwords are still important!

 

Watch your shoulders

On crowded campuses and packed buses, be conscious of who is around you and who might be watching your screen.

 

Someone watching your screen over your shoulder is actually called “Shoulder Surfing”.

 

Its when someone watches over your shoulder to steal valuable information from you as it is displayed on your screens such as your passwords, PIN numbers or credit card numbers.

 

The person who now knows tour information can use it for whatever they wish, including stealing your accounts, draining your bank accounts, or stealing your identity.

 

Be careful using public WiFi

Public WiFi should always be treated as an insecure network, just like the Internet no matter who is providing it and no matter whether it is password protected or not. You never know how its configured, and who might be watching or intercepting what you’re doing on that WiFi.

 

It’s a good idea to never access or share any type of personal or financial information over public WiFi. If you can, refrain from also accessing anything that requires a username and password in case your credentials might be intercepted.

 

If you do need to access or share any personal or financial information and you’re out and about or traveling, consider using a VPN (Virtual Private Network) service or a mobile hotspot on your phone, or a standalone hotspot device.

 

Be careful what you share

An innocent selfie or comment can reveal much more than you intended. Be careful not to over-share or share too much personal information.

 

Also, consider what you’ve shared in the past. One piece of personal information might seem innocent enough, but sharing a different piece many times often leads to the formation of a picture of your identity and location.

 

Another good thing to remember is that it’s not always possible to remove things from the Internet. It is entirely possible that a post or share today can affect your reputation tomorrow.

 

How to detect phishing emails

Phishing emails are emails attackers send which are designed to entice you to click a link or download an attachment. Once you’ve clicked or downloaded, one or both of two things can happen. You are enticed to give up personal or financial information, or malware is installed on your computer without your knowledge.

 

Whenever you’re checking your email, remember to check for some of the indications of a phishing email:

  • Fact Check

If the email seems like it is completely out of the blue, it very well might be a scam.

  • Check the “From” Address

Ask yourself: does it make sense that I’d receive an email from this address? Have I received an email from this address before?

  • Bad grammar and spelling

Is the email is full of bad grammar and spelling? Especially if it comes from a business, then this might be a phishing email.

  • A weird link

Phishing emails commonly include a link of some kind. They want to get you to go to another page and enter your details, such as usernames and passwords. If you’re not expecting a link, or it looks weird, don’t click it!

  • A sense of immediate urgency

Spammers want you to act without thinking. They want you to feel like there is no time to do anything but to do as they ask. Take a moment to think if the threat is practical.

  • It sounds too good to be true

If it sounds like it might be too good to be true, it probably is.

  • Trust your gut

If all else fails and you’re not too sure, or if it just feels “off”, then Don’t open the email. Don’t click on any links and don’t open any attachments.

 

Read more about detecting Phishing emails: Email Looking a Little Phishy? 7 Things to Look For…

 

Back to School might be stressful, but staying back to school cyber secure shouldn’t have to be! Putting these tips into practice and creating some new habits are all it takes to be safe and secure all year long.

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?
CLICK HERE TO SIGN UP!