Whether a smartphone, computer, tablet, coffee maker, hoover or IoT device was given as a Christmas gift, there are a few important things to consider before putting the devices to work. Check Point® Software Technologies Ltd.(NASDAQ: CHKP), a global leader in cybersecurity solutions, points out the vulnerability of these devices to protect consumers, as well as businesses, from cyber threats.
The unbroken trends towards home offices and more and more smart devices in the home allow cybercriminals to jump from network to network via lateral movements. They have also shifted their focus from hacking individual devices to hacking applications that control IoT device networks. This gives them even more opportunities to access sensitive data. In just a few decades, IoT data has grown exponentially, and the numbers will continue to rise. IDC estimates that IoT devices will reach a global data volume of more than 80 zettabytes (or 80 trillion gigabytes) by 2025.
“Modern technology is playing an increasingly important role in our lives. For example, we have digital wallets on our mobile phones and use tablets for our work instead of computers. As a result, these devices hold a lot of sensitive personal and work-related information. They are therefore a tempting target for criminals. IoT devices pose additional risks. With smart toys, cybercriminals could eavesdrop on children, webcams could record users moving and voice assistants could spy on the home,” says Lothar Geuenich, Regional Sales VP Central Europe at Check Point Software Technologies. “Cybercriminals set traps and try to exploit every opportunity to target newcomers with various Christmas scams. That’s why it’s important to secure everything properly from the start. And when a child gets a new device, parents should carefully educate them about the benefits and risks and help secure the device. To do this, they need to understand what threats lurk on the internet and how to react in the event of an attack. In addition, adults should also talk to their children about the different parental control options, which are not meant to spy on them, but to encourage dialogue about threats and set clear boundaries.”
The need for IoT manufacturers to focus on protecting smart devices from attack has become more important. They are taking strong security precautions at the design stage of the software and the device itself, rather than adding security later as an afterthought. But users also need to be aware of the security and privacy risks when using their devices.
The following 13 tips will help secure the various devices to guard against cyber-attacks:
1. lock devices. Every device should always be locked with a password, pattern or perhaps a fingerprint or even facial recognition. If a device is lost or left unattended, no one can then access it.
2. Enable remote location. Most devices offer a remote location function that can be used to find a device if it has been stolen or lost. But you can also lock and wipe it remotely so that no unauthorised person can access the data stored there.
3. turn on backup of data. Users should switch on the function for backing up their data so that they can restore their information in the event of a ransomware attack, for example.
4. change default passwords. One should always change the default passwords that are preset on the device. Default passwords are often public knowledge and help with product support. In addition, IoT devices such as smart cameras, thermostats, baby monitors or routers are a worthwhile target for cybercriminals. Devices with default passwords can be easily found and exploited online. No one wants a stranger to connect to the devices in their own home. Such devices can then also become part of a botnet like Mirai and be used for cyber attacks around the world.
5. tips for setting passwords. Passwords should always be set that are difficult to guess but easy to remember. As with any other device connected to a network, it is recommended to always keep as many barriers active as possible and to use unique passwords consisting of upper and lower case letters, special characters and numbers. Strong passwords do not have to be complex. It is enough to have a password that others cannot guess, but that is easy for the user to remember. Various password managers can also be helpful.
6. never share login details. Users should never share login details and never use the same passwords. Most people use the same usernames and passwords for different accounts, which makes them a frequent target for phishing scams. This is because a number of services can be compromised by stealing a single password. Phishing emails and messages impersonate well-known brands, such as customer support specialists or even employers. Therefore, credentials should never be shared via email or text message.
7. use multi-factor authentication (MFA). The risk of a potential attack can be reduced by using MFA. When a user logs into the account from a new device, multi-factor authentication is required to ensure that no other person can access these services. If someone does try to log into the accounts, the user will be notified immediately and can take appropriate action.
8. Do not delay updates. The latest software version should always be installed on every device. Bugs are fixed and vulnerabilities patched in new versions. Using outdated software can allow intruders to access personal information.
Check privacy settings. Smart devices such as fitness wristbands, smart household appliances or even smart toys, drones and voice assistants collect all kinds of information. For this reason, users should always carefully check what privacy settings they are using. Users should also make sure that they do not disclose too much. All functions that are not needed or used should be switched off. 10.
10. do not download apps from unofficial sources and stores. But even the official apps are occasionally infiltrated by malware. Therefore, it is important to use a security solution that proactively finds threats and stops them before they can do any harm.
Remove unnecessary apps. Many devices contain a number of pre-installed apps. Vulnerabilities in apps can make it easy for cybercriminals to attack them. So if users remove apps they don’t use and don’t want, they reduce the risk of attack. Also, some apps ask for personal data, which they can further manipulate. Users should only use apps they trust.
Turn off automatic Wi-Fi/Bluetooth connections. By default, a smartphone can automatically connect to an available Wi-Fi network or Bluetooth device. This feature can be exploited by cybercriminals to gain access to the device. Therefore, the function should be switched off. While free Wi-Fi is attractive, it can also pose a serious security risk. Security experts often see hackers in airports or cafés waiting for someone to log on to a public Wi-Fi network. If possible, users should avoid unsecured Wi-Fi networks altogether. And if they do have to use them, they should at least not connect to personal accounts or sensitive data.
13. understand cybercrime. To protect yourself, it’s important to understand the tactics of criminals and the risks associated with cyberattacks. However, modern threats and scams are so sophisticated that many people are unlikely to recognise them.
That is why it is also important to use advanced security solutions and anti-ransomware. Consumers should also secure their mobile devices, because there is a lot of sensitive information on the phone. If an attack is successful, this information could also put everyone they know and care about at risk. Check Point Harmony Mobile, for example, protects corporate mobile devices from cyber-attacks and provides real-time protection against even the most advanced threats. Security software like ZoneAlarm Mobile Security also protects personal mobile devices from ransomware, data and login theft and dangerous Wi-Fi networks.