We recently hosted a cybersecurity webinar series on protecting your accounts and securing your devices. It focused on how the actions you and your employees take in your personal lives can have major implications on the cybersecurity of your organization.
In short, cybersecurity training isn’t just for use in the office. Cybersecurity best practices need to be followed at home too.
I sat down with Bill Sorenson, Netgain’s Security Officer, to talk about these new-age threats and how we can protect our families and our employers.
Editor’s Note: Are you looking to improve the security posture of your organization? Download our FREE Cybersecurity Toolkit, which includes handy desk reference guides, posters and checklists that you can share with your teams.
Everything is Connected
Today’s interconnected world provides countless conveniences that weren’t available five or 10 years ago. Now, thanks to the rapid evolution of technology, everything seems to be interconnected. You can unlock a device with a quick glance, you can buy items with a simple voice command, or you can send money by bumping phones with a friend.
But, with all this convenience comes increased risk. Each of new connection you make gives bad actors one more access point. It only takes one leak for the entire dam to break, and if we’re not careful about how we’re adopting new technologies into our lives, we could be in big trouble.
Sometimes, that’s going to force us to sacrifice some of the available conveniences in the interest remaining secure. And as consumers, we are going to need to be okay with making those difficult decisions. A little inconvenience in our personal lives is nothing compared to a full-scale cyberattack that was caused by lax personal cybersecurity discipline.
Accounts, Accounts, Everywhere
If I asked you to count how many accounts you’ve created and never closed, how many could you list? 10? 25? 50? 100? The number is probably higher than you think. Do you still have a MySpace account that you opened and never got around to closing? Me too. LinkedIn, Google, eBay, Amazon, Netflix, Instagram, Hotels.com, TurboTax, MailChimp, Facebook. I lost track of my own list of still-open accounts somewhere around 65 accounts.
Good account hygiene is necessary in today’s technology landscape. Close old accounts, frequently change your passwords, review app permissions and device privacy settings. Doing these things will help minimize your exposure to cyberthreats.
Manage Your Device Permissions
Does your phone (and the apps on it) always know where you are? It shouldn’t. The default permission settings on many applications grant the app access to any number of core functions on your phone: your location, access to the camera and microphone, access to your health data, etc.
In most cases, this data helps improve the performance and experience within the app, but all this data is being stored and transmitted somewhere, which exposes you to risk. Lock down your permission settings so the apps only have access to the data that makes sense for the app, and that the data is only available while you’re using the app. Don’t put yourself at unnecessary risk.
Hacking Your Identity
Behind many breaches, you’ll find a hacker that focuses their attack on the “human factor.” They might exploit laziness or complacency when it comes to password and data management. They might take advantage of society’s “need” to overshare on social media. They might prey on our desire to always help others. Below is an example of a “vishing” (voice-phishing) attack. You can how easy the attacker disarmed the customer service representative to gain access to the victim’s account.
Beware of the Smart Home
As more devices in our home connect to the internet, there are more opportunities for hackers to infiltrate our lives. Hackers are now targeting internet-connected thermostats, light bulbs, garage doors, vacuums, doorbells, baby monitors and more.
Why on earth would they try to hack the WiFi-connected nanny cam or an electronic door lock? Because many smart devices have lax security protocols that make them easier to hack. This allows hackers to hijack the video feed or remotely unlock the front door. These are certainly concerning scenarios, but hacking these devices can lead to even worse outcomes.
Some of these connected devices with simpler security protocols have backdoors that allow hackers to infiltrate your home network and gain access to other connected components. For instance, a hacker might find the weak link in your home network by hacking into the internet-connected refrigerator so that they can access your email account. From there, might download sensitive data shared in an email or try to impersonate you in an attempt to phish your colleagues.
Protecting You Protects Your Work
It’s important to maintain the same professional approach to security at both work and home. So, if you’re using two-factor authentication to log into your applications at work, you should embrace two-factor authentication options for any of your personal accounts at home. The same goes for diversifying your login IDs and passwords and keeping your computers up-to-date with the latest patches and updates. And, just like how all your employees must frequently attend security training, make sure you train your family as well. Remember, it can only take one leak for the entire dam to break.
Tools to Protect You
There are several tools that Bill recommends using that will better protect yourself, your family and your employer:
- Malware protection: Malwarebytes
- Two-factor authentication: Duo
- Password manager: LastPass or OnePass
- Personal VPN: NordVPN
- Compromise check: HaveIBeenPwned.com