More and more of our home devices (e.g. thermostats, door locks, alarms systems, security cameras, and etc.) are connected to the Internet. Although this connection enables us to control our devices via our smartphones from wherever, whenever, they also come with security concerns. If you do not apply basic security essentials to your home devices, attackers are able to leverage those vulnerabilities to take over your home and systems for their malicious intents. Therefore, we recommend you apply the 5 basic security practices below.
1. Secure your wireless (Wi-Fi) network. Your home’s wireless router and access point is a primary entrance for cybercriminals to access all of your connected devices. Therefore, it is important to make changes to the factory-set settings. This includes changing the default password and username for administrator and users as well as enabling WPA2. You can find additional guidance on this at https://www.sans.org/security-awareness-training/ouch-newsletter/2016/securing-your-home-network.
2. Enable stronger authentication. Always enable stronger authentication for an extra layer of security beyond the password that is available on most major email, social media and financial accounts. Stronger authentication (e.g. two-step verification which can use a one-time code texted to a mobile device and multi-factor authentication) helps verify that a user has authorized access to an online account. It goes without saying, that stronger passwords are a key part of stronger authentication. So, use unique passwords for each of your accounts, write them down in a secure tool (like a password manager app), and make your password a sentence. A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). Most websites and applications have been updated to now allow you to use spaces.
3. Keep a clean machine. Keeping your systems and devices clean requires you to keep software up to date, safely connected to the Internet, and secured from connections from external devices. Maintaining current and updated versions for apps, operating system and firmware for all your devices (e.g. laptops, mobile devices, networked devices – printers, gaming consoles, car audio), and web browsers, as soon as they are available will prevent attackers from being able to take advantage of known vulnerabilities. It is one of the best defenses against viruses, malware and other online threats. Many software programs will automatically connect and update to defend against known risks; therefore, turn on automatic updates if that’s an available option. Even with updated software, be vigilant when browsing, and only download and install programs or apps from trusted online stores. Additionally, use your anti-malware tools to scan any files you obtain from the internet.
Anti-malware software is also effective when connecting external devices. When plugging in USBs, hard-drives, or any other devices, scan them with the anti-malware software to remove any potential infection.
4. Know your apps. Be sure to review and understand the details of an app before downloading and installing it. Check to make sure the vendor or creator of the app is reputable. Be aware that apps may request access to your location and personal information. Delete any apps that you do not use regularly to increase your security.
5. Consider what you share. Limit the amount of personal information you share about yourself online. Your full name, phone number, address, school or work location, and other sensitive information should not be published widely. Disable geo-tagging features that let people online know where you are. Limit your online social networks to the people you know in real life, and set your privacy preferences to the strictest settings.
These are just some tips to keep you better secured. More best-practices can be found on CyberSafeNV.org. Another great resource to read is the newsletter from a co-SANS Instructor on creating a cyber secure home. https://www.sans.org/security-awareness-training/ouch-newsletter/2018/creating-cybersecure-home.