Holiday Gifts

Security Brief: Holiday Warning: Santa Could Deliver Cybersecurity Risks, Seven Safety Tips

With the holidays upon us and more electronic gadgets to keep us entertained at home than ever, we want to share some tips to help make sure your holiday gifts don’t inadvertently introduce more than entertainment and convenience. I’m talking, of course, about cybersecurity risks.

Anything that you give (or even receive) that requires an internet connection can carry security risks. Connected devices topping gift lists this year include everything from video game consoles, drones, and fitness trackers, to all things smart home including TVs, lights, robot vacuums, locks, cameras, and more. Many of these devices are designed for fun and function rather than security. Few of us even realize just how many things in our homes communicate with each other and the cloud through our home networks. In fact, home networks themselves weren’t generally designed to maximize security, a challenge that’s been made all the more obvious as so many of us now work from home.

This merging of the home and work network, in fact, makes security concerns front and center this holiday season. Here are a few simple things you can do to protect yourself, your family, and even your employer when the wrapping paper starts flying – or better yet, when you’re making those last-minute gift decisions:

1) Reset the default usernames and passwords on your internet router and any wireless access points. Before you introduce new devices to your home network, examine your internet router or modem and any wireless access points you have to ensure you are following best practices. Too few people reset their default usernames and passwords and massive botnets are constantly scanning for vulnerable devices they can access by brute force. In addition, be sure you are running the latest security software. Consult your internet service provider (ISP) or router manufacturer’s main website for how to log in, run an update, and apply the most secure settings.

2) Segment your network on your router. Most routers allow you to split off parts of your network so that so-called Internet of Things devices, gaming systems, and the like can’t talk to computers or corporate devices that are also on your network. Segmenting makes it harder for a cybercriminal to move across your devices. Check with your ISP for ways to do it with your router.

3) Use a VPN whenever you connect work devices to the internet. This additional layer of security is critical to keeping your work safe from intruders.

4) Purchase products that allow easy firmware updates. When deciding on new devices – whether a new connected fridge or a sweet WIFI-enabled drone for the kids, make sure it’s easy to update the firmware. Most vulnerabilities in these devices can be traced back to bugs in their underlying software.

5) Change default passwords and usernames when you set up new devices. The same security considerations for router defaults apply here.

6) Beware of the permissions on the apps that work with these devices. Too often they ask your phone for excessive permissions, which could open the door to data theft.

7) Research where data from your devices and related apps is transmitted and stored. They may not be subject to privacy regulations you might expect.

So, remember Santa isn’t the only one watching whether you’ve been naughty or nice this year. Cybercriminals are watching too and they don’t need a chimney to get on your Wi-Fi. For more information on how to stay safe this holiday season, we’ve also outlined the five scams you might encounter and for enterprise security teams, we’ve created a kit you can use to educate your workforce.

Subscribe to the Proofpoint Blog