October is Cyber-Security Awareness Month – Week 2

October 2018

Here at Fortis, we believe cyber-security is of the utmost importance, and we have made cyber-awareness a top priority for our Clients, Colleagues and Friends.  October is National Cyber Security Awareness Month.  Fortis is promoting cyber security by sharing weekly tips and information during the month of October

Our House is a very, very, very SMART house

Image Source

Is your house too smart for its own good?

When Graham Nash of Crosby Stills and Nash wrote “Our House” in the 1970s I’m sure he never imagined that houses of today would be controlled by devices.

While I listen to you play your love songs all night long for me, only for me.’ – Is he talking to Alexa?

Life used to be so hard. Now everything is easy ‘cause of you.’ – Can you imagine life without a smart phone?

As technology continues to expand and grow, so do our choices for internet connected devices available for the home.  There are the obvious devices – cell phones, computers, and tablets.  There are many others you may not be as familiar with such as lights, light bulbs, thermostats, TVs, refrigerators, coffee makers, ovens, vacuum cleaners, smoke alarms, smart plugs, security systems, doorbells, door locks, HVAC systems, health devices, pet feeders, and even toothbrushes.  All of these components are referred to as the ‘Internet of Things’ (IoT).

Why should I be concerned with my household devices?  They make life easy and convenient.

Technology can make life a lot easier.  You have a video doorbell not only so you can see who is visiting but also to know that your children arrived home safely from school.  They open the door with an app on their smartphones.  They use an app to turn on the lights. They start chores with the app that runs the vacuum cleaner and another that feeds the pets.  Perhaps the refrigerator app on your phone alerts you that the last of the milk has just been consumed and it has been automatically added to your shopping list.  Another app alerts you that your child’s 1 hour TV time limit has been reached.  You are the Queen or King of the castle, controlling it all while 300 miles away at a work conference.

 Now consider that your child’s smart phone is stolen right out of his/her hands while walking home from school

Even if your child has a password to unlock the phone, when it’s stolen while active the thief can access all of the data, photos, contact information and apps.  The thief can check the doorbell app to find out what your street looks like, see a pattern of activity from the door lock app as well as lock/unlock your doors and change your code.  If the thief has the knowledge or connections he/she could possibly hack into your personal network and find out much more information about your family, their habits, and financial information.

What all Internet of Things have in common

One thing all IoT connected devices have in common is the ability to be hacked.   A North American casino was hacked through its internet-connected thermometer in an aquarium in the lobby of the casino.  The thermostat connected to a computer that regulated the temperature, food and cleanliness of the tank.  Once hackers accessed the thermostat they found a way to access other areas of the network.  A database of gamblers was extracted and sent to a device in Finland.

How can you protect your devices and your family?

  1. Before purchasing a product ensure it contains security measures such as password encryption.
  2. Secure your network.
    1. Be sure to turn on Wi-Fi Protected Access (WPA2) encryption protocol when setting up your Wi-Fi.
    2. Use a router that offers firewall protection whenever possible.
    3. Change the preset username and password. You can typically learn how to do this by going to your provider’s website and doing a search for “how to change Wi-Fi password.”
    4. You may also be able to create multiple network identities. Think about which devices you use to transact. If you shop and bank online, you could create one network for the devices you use to transact and another (“Guest”) for smart devices, which may have more vulnerabilities. This way if any smart device is infected, your computers or mobile devices on your main network remain safe.
  3. Secure your devices.
    1. Use strong passwords on all devices.
    2. Use multifactor authentication. Multi-factor or Two-step authentication adds an additional layer of security to passwords.  It can be a fingerprint verification, security key or a one-time code received by phone or text.
    3. Limit listening device (Televisions, Siri, Alexa) features to suit your comfort levels. Some devices are always “on” listening to conversations.  This can usually be adjusted in the Settings menu.
    4. Modify privacy and security settings according to your needs or comfort level.
    5. Install security software on your PC, Mac, smartphone, and tablets. Install the latest software versions when they become available.  The updates are often released in response to major threats that require the company to release patches.
  4. Connect only necessary devices to the network and place them behind a firewall.
  5. Keep your operating systems and software up-to-date.
  6. Secure your smartphone. Almost all IoT devices are controlled by a smartphone app so security of your smartphone is critical.
    1. Use strong passwords
    2. Use passcodes and/or fingerprint to lock your device.
    3. Read the Privacy Policy before installing apps. Limit privacy settings when possible.  Does the app for your fridge really need to access your contact list or photo gallery?  Why does it want to collect that data and what will it do with it?
    4. Ensure that your device locks after not being in use for a short amount of time.
    5. Familiarize yourself with your smart phone’s ability to erase all data when initiated.