Every October since 2004, National Cybersecurity Awareness Month (NCSAM) has brought an extra emphasis on ways to safeguard networks and devices from online threats.
This year’s focus is on device security and how to keep computers, laptops, mobile devices, and IoT devices protected.
It’s vital to protect all devices that you use, and this includes all those smart gadgets that have been multiplying lately in homes and businesses, like IP security cameras.
Mobile devices are also posing a larger risk because they’re often used more than computers now to go online, access business apps, and for online banking. This makes them a big target for mobile malware, which is often delivered through malicious apps.
61% of organizations have experienced an IoT security incident.
This year’s NCSAM theme is “Do Your Part. #BeCyberSmart” and it emphasizes that device security starts with the device user and that everyone plays a part in cybersecurity.
Following are several safety tips to promote at home and at the office to help secure all the device endpoints connected to your network.
If You Connect it, Protect It!
When planning your device security, it’s important to remember that anything you connect to the internet can be at risk of being exploited by a hacker.
You may wonder, “What’s a hacker going to do with my smart coffee maker?” and while one particular device might not be holding much data (except the time you make your coffee), it still acts as a gateway to your network.
Once a hacker breaks into any device on a network, they can usually use that connection to get into other, more sensitive devices, like computers and smartphones.
Device security should include anyone that needs an internet connection, including:
- Desktop computers
- Smart voice assistants (Alexa, Google Home, etc.)
- Smart appliances
- Wearables (Fitbit, Apple Watch, etc.)
- Streaming sticks (Roku, Amazon Fire Stick)
- Game consoles
- Doorbell cameras (and other security systems)
- Any device that connects to your Wi-Fi
Here are several tips to help ensure your devices are protected and that they don’t invite online predators or malware into your network.
Keep Devices Updated
Last year, 60% of data breaches were due to an unpatched system vulnerability. Hackers often find weaknesses in operating systems, software, or firmware code and exploit that to compromise a device.
Manufacturers put out security patches as soon as they can to seal up a vulnerability, but often users don’t apply those patches in a timely manner and leave their devices vulnerable.
All devices should have updates for operating systems, software, and firmware applied regularly. Not all of these updates pop up a window or apply automatically. For example, to update router firmware, you typically need to log into the router settings to check for updates and download them.
Use a Good (not Free) Anti-Malware
The problem with grabbing a free anti-malware program for your mobile device or computer is that they can often contain malware themselves, such as one of the most popular types – ransomware. Free applications from unknown vendors are often a cover that phishing scammers use to hide malicious content.
You want to make sure that your computers and mobile devices all have a good anti-malware program running. It should be one that is not just signature-based, but that looks for suspicious behavior and has the ability to detect zero-day threats.
Change Passwords On IoT Devices
One of the quick ways that hackers break into newly connected security cameras, routers, or other IoT devices is by using a manufacturer’s default password. These are set on devices to allow users to access their settings for setup, but they’re meant to be changed.
IoT devices are often hacked in as little as 5 minutes after being set up.
You should change the default username and password for all IoT devices during the setup process to keep hackers from exploiting them and gaining access.
Use Device Tracking & Remote Lock/Wipe
For mobile devices, laptops, and any IoT devices that travel (like wearables) it’s a good idea to use either a “find my device” or an endpoint device manager (like Microsoft Intune) to give you the ability to locate a device that’s been lost or stolen.
It’s also important for any business devices, especially, to have the ability to remotely lock and wipe a device to keep a criminal from accessing all your accounts that your device may be logged into and accompanying data.
Only Download Trustworthy Apps
Malware like banking trojans, ransomware, and spyware is often hidden inside a seemingly legitimate app. For example, you may find a to-do list application that looks harmless enough and seems to work, but unbeknownst to you is a trojan that is allowing a hacker to gain access to your data.
You should only download trustworthy apps from one of the official app stores (Microsoft, Google, Apple). It’s also a good idea to delete any apps that you don’t use, because if you’re not using them often, you may also not be updating them regularly.
Keep Devices Secure & Maintained with MSP Services
Cris’s Tech Repair offers both business and residential MSP services that include patch/update management, maintenance, and other protections.
Learn more and sign up by calling 561-985-4961 or contacting us online.