 |
In this era of the Internet of things (IoT)—which I like to call the “Internet of Threats”—we are all inextricably connected. The same wonderful technology that educates our children, helps us to grow our businesses, and advances our efforts to modernize the globe has the power to destroy lives, ruin businesses, and run amok—wreaking havoc throughout our social fabric.
According to the Verizon Data Breach Investigative Report, nearly 60% of hacks in 2020 have been denial of service (DoS) attacks. According to other reputable resources, theses have shifted from attacking computers to IoT devices. We are taking about a whole host of IoT devices, such as:
The most common term for these is “smart devices.” Did you know that there is even a “smart” iron? Now, unless that device actually works the magic of eliminating the wrinkles out of your favorite dress shirt (but then, how many folks are wearing their dress shirts and suits these days), there is nothing smart about connecting one more thing to your home network to make you even more vulnerable.
The key word here is “smart.” As our theme this week suggests, “if you connect it, protect it.” The National Cybersecurity Alliance has provided a commonsense checklist for those of us who just have to deploy the newest gadget to their domain.
National Cybersecurity Alliance (NCSA) Checklist
THINK BEFORE YOU CLICK: Cyber-criminals are taking advantage of people seeking information on COVID-19. They are distributing malware campaigns that impersonate entities like World Health Organization (WHO), Centers for Disease Control and Prevention (CDC), and other reputable sources by asking you to click on links or download outbreak maps. Slow down. Don't click. Go directly to a reputable website to access the content.
LOCK DOWN YOUR LOGIN: Create long and unique passphrases for all accounts and use multi-factor authentication (MFA) wherever possible. MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.
CONNECT TO A SECURE NETWORK: Use a company-issued Virtual Private Network (VPN) to access any work accounts. Home routers should be updated to the most current software and secured with a lengthy, unique passphrase. Employees should not be connecting to public Wi-Fi to access work accounts unless using a VPN.
SEPARATE YOUR NETWORK: So your company devices are on their own Wi-Fi network, and your personal devices are on their own. Always keep devices with you or stored in a secure location when not in use.
KEEP DEVICES WITH YOU AT ALL TIMES OR STORED IN A SECURE LOCATION: When devices are not in use, set auto log-out if you walk away from your computer and forget to log-out.
LIMIT ACCESS TO THE DEVICE: Only the approved user should use the device (family and friends should not use a work-issued device).
USE COMPANY-APPROVED/VETTED DEVICES AND APPLICATIONS: Collaborate and complete your tasks. Don't substitute your preferred tools with ones that have been vetted by the company's security team.
UPDATE YOUR SOFTWARE: Before connecting to your corporate network, be sure that all Internet-connected devices—including PCs, smartphones, and tablets—are running the most current versions of software. Updates include important changes that improve the performance and security of your devices.
You can learn more by visiting the National Cyber Security Alliance (NCSA) website.
To get involved with the NCSA and NCSAM, click here.
Get Caught Up
