Post-Holiday Electronics Guide: Cybersecurity Tips for Parents and Students
Last updated: September 27, 2016
As students (and parents) settle back into “normal” routines post-holiday, it’s likely that new laptops, smartphones, tablets, and wireless “connectables” are part the mix. Whether first-time users or old hands, there are always cybersecurity considerations to adding new devices to your personal Internet of Things (IoT). The following tips can help protect data, systems, and privacy, so be sure to share them with your coworkers, family, and friends.
Understand and Mitigate the Risks Associated With IoT Devices
It might be said that connectivity is king these days; plugs and wires have given way to USB cables, WiFi, and Bluetooth. Analyst firm Gartner forecasted that the IoT would expand to 6.4 billion connected devices globally in 2016 and balloon to nearly 21 billion devices by 2020. These emerging technologies allow us to wirelessly control, track, and/or monitor everything from heart rates to sleeping babies to home security systems (and beyond). The advances continue and the conveniences abound.
But so do the risks.
The simple truth is that everything that connects to a network is a potential entry point for hackers. There have been plenty of documented takeovers of IoT devices and software, and public consciousness of the risks was heightened in 2015 following the FBI’s public service announcement about the IoT vulnerabilities. Beyond the creepiness factor (like strangers watching your sleeping children), hacking of these devices poses the potential for real harm to your personal data and even your physical being.
Chances are that one (or more) of the holiday gifts you or your loved ones received is part of the IoT. Don’t have a “connect it and forget it” mentality. Take appropriate precautions to help ensure your devices are as secure as possible:
- Research your device online to identify any known security issues. If available, download and immediately install any available updates. (Manufacturers often identify vulnerabilities after products hit the shelves, so even brand new devices can be due for a security patch.) When possible, register your device and/or enable automatic updates.
- Change default passwords ASAP. Many devices are programmed with a password that is standard issue (meaning every item of its kind has the same password). Even more concerning, these default passwords are often posted online (an easy reference for consumers and hackers alike). Hackers can exploit those passwords to compromise devices.
- Turn off WiFi when not in use. When you leave WiFi on all the time, you could end up automatically connecting to unsecured networks. As a general rule, you should only connect to trusted, secure WiFi networks (IoT device or not).
- If you can, make adjustments at the router level on your home network. Some routers allow you to set up multiple networks or guest accounts, which means you can separate IoT devices from your computers and create a layer of “insulation” should one of those devices be compromised. Hardware security experts also recommend that you disable Universal Plug and Play (UPnP) on your router because this protocol can be exploited to access many IoT devices.
Visit our website to learn more about our unique security awareness training methodology.
Be Vigilant About Protecting Your Data
Three significant threats to personal data are found in sources that adults and children use daily (if not hourly): email, internet, and mobile apps.
Phishing attacks — fraudulent email messages designed to trick users into downloading dangerous attachments, clicking malicious links, and/or revealing sensitive financial, personal, or business data — are a danger to every email account holder. The numbers are staggering: According to Securelist’s spam and phishing report for Q2 2016, the phishing alert was triggered more than 32 million times on computers that use Kaspersky Lab security software. The report indicated that 8.7% of unique Kaspersky Lab users experienced phishing attacks in the second quarter of 2016 — and Kaspersky Lab is just one anti-virus and internet safety software platform (Norton and McAfee are other big players).
Fraudulent websites and applications often share the same goals as phishing emails: to steal personal date, install malicious software, or gain access to user names and passwords. Financial data and healthcare information are prime targets for scammers; according to the Identity Theft Resource Center, which compiles U.S. breach totals, more than 14 million financial, healthcare, and education records were compromised between January 1 and September 20, 2016. If you have had your credit card data or other personal information stolen in a data breach, you know the incredible hassle associated with the aftermath.
As you set up new accounts and download applications (for yourself or your children), keep the following tips in mind; your actions play a significant role in maintaining cybersecurity. College-age students should be particularly careful as they begin to build their personal credit, but all users of mobile devices can benefit from additional security measures:
- Think before you interact with an unsolicited email, text message, or social media message. Fraudsters like to create a sense of urgency using scare tactics, amazing offers, and other traps that trick users into clicking or download right away. (And if you’ve never talked to your kids about phishing, now is the time; otherwise, they’ll have no idea these types of scams exist.) This article about the risks associated with phishing contains additional pieces of advice.
- Again, do your research. A simple Google search can quickly reveal red flags associated with mobile applications, unfamiliar websites, special offers, and more.
- Be careful about the data you share and where you share it. Stores, websites, and social media posts often ask consumers to provide personal information in exchange for special offers; be selective and protective in these situations. (Parents, be sure to talk to your children about privacy and appropriate sharing.)
- Maintain as much control over your financial accounts as possible. Limit the cards you use (designate a single card for online purchases, for example) and be very cautious of where debit cards are used since they pull funds directly from attached bank accounts.
- Should your personal data be compromised, take advantage of any credit monitoring services offered and be diligent about identifying and addressing any anomalies on your accounts or in your credit reports. (You can find some additional post-breach advice here.)
Subscribe to the Proofpoint Blog