We live large portions of our lives online today – shopping, banking, communicating, working, creating and even playing. The dependence has been fueled by the increase in connectivity as well as the devices, apps and services that enable us to leverage that connectivity. Our digital footprint continues to grow. But what is this digital footprint that we speak of? The average American home today has about 22 connected devices. The average person uses 46 apps on their phone each month. The average app collects 24 pieces of information about us. Our digital footprint is the sum totality of the compute, network, storage power we own combined with the data we store, create and share. Put in perspective, the average smartphone we have today has thousands of orders of magnitude more storage, network and computing power than the computers on the Atlantis space shuttle.
We have always had a sense of danger about the powers of such ubiquitous computing in our lives thanks to the wide adoption of anti-virus solutions when personal computers came out. But in an age where computing power is worn or embedded into us as well as the tools we use such as televisions, cars and appliances, we appear to have collectively dropped our guard. 83% of home routers are vulnerable due to weak passwords or not being updated with the latest patches. Protecting our devices and data has become technically complex and time consuming. Our privacy posture is always a moving target with every update we get about privacy policies that we have clicked ‘Accept’ on. Hackers, data brokers and big technology companies have all pounced on this bounty. Cybercrime is now a $6 Trillion industry and the data brokers are a $230B industry. The impacts have already been felt and we need to take control with more collective awareness around the issues of cybersecurity and online privacy in the home.
Effective cyber hygiene has to accomplish two things:
- reduce risk for you
- increase cost of attack for the bad guy
Cyber safety in the home applies to 7 major categories that constitute the majority of the attack vectors and these are likely to expand into more as we see the growth of the metaverse and embedded devices.
- Password Safety
- Email Safety
- App Safety
- Social Media Safety
- Device Safety
- Gaming Safety
- Network Safety
So, how can we improve our cyber hygiene effectively for each of the categories above? Read on to find out
There are three key elements to password safety :
- 2nd factor
We have been told ad nauseum that we need strong passwords. But why? What is a strong password anyway? A strong password, in my opinion, is one that is at least 11 characters long and has a combination of upper case, lower case letters, numbers and symbols. Easily available password cracking tools like John the Ripper have gotten so efficient in the last few years that passwords that are 6 characters or less can be cracked instantly even if they are a complex combination! The power of exponential mathematics flexes its muscle in your favor at the 11 character size and increases that time to crack to 34 years. Complexity alone is not enough, let us keep varying the passwords as well by changing them at least twice a year (preferably every 90 days), at least for our key online accounts. Day light savings? Change your passwords and the batteries to your fire alarms! And yes in the spirt of increasing cost to the attacker, wherever possible, protect your accounts with a second factor (preferably not SMS) through an authenticator app from a reputable company.
Email is a big source of cyberattacks on each of us. We are all familiar with the Nigerian scammers and various phishing emails that we are inundated with. From a scammer’s perspective, email is cheap. They can attack thousands if not millions with it at the same time – a small percentage of people who fall prey is all they are looking for. How can you reduce your chances of being that one person?
- Use different email addresses for critical accounts such as banks, etc and for magazines, websites, social media and stores. Make sure to review your financial institutions opt-out policies on sharing your email with third parties.
- Use strong passwords for emails and ensuring you have a strong account recovery mechanism that is tied to a different email or communication channel.
- Use email anonymization services (like Apple’s Hide My Email) wherever possible for non-critical emails
Apps are omnipresent these days – not just on our phones but also on our smart TVs, smart appliances, smart speakers and more. Apps have a significantly higher level of access on your devices than what websites do and hence need a greater degree of care.
- Download apps from only trusted app stores – or at least the most prominent stores. Yes, I am aware that they are not the cleanest either but this is risk reduction
- Give apps access to only the settings they need
- Delete or uninstall apps that are not being used
- Do not install apps from USB drives or untrusted network shares or other means
- Protect your app logins with a second factor
- Regularly updating the apps with the latest patches
- Delete apps that have reported security breaches
Social Media Safety
Social media has become the biggest channel for phishing attacks – well above email.
- Make your connections list private
- Do not share travel or purchase plans or information on health conditions on public forums
- Remove the geolocation tag on photos posted
- Do not click on any links or forwards
- Lock down your account with minimal public-facing information
- No accepting friend requests from strangers
- No answering those quizzes that ask about your city of birth or mother’s maiden name, etc
Remember, if you connect it, protect it and teach that to your children as well. Devices are the direct conduit to your home network and also store your data.
- Install the latest patches and updates
- Change the default manufacturer passwords as soon as they are connected to the network
- Review and adjust all privacy settings
- Check on the FTC and the FBI sites about warnings related to the device or vendor
- Power off and unplug devices that are not in use
- Review and adjust all security settings
This is one of the most recent and most vicious of all attack vectors. Gaming includes the related chat and social media channels that are active during games. Target in this attack vector include children which makes it all the more nefarious
- Never download games from untrusted sources or stores
- Never click on any links in gaming chats or related channels
- Never reveal your real name, location, email or IP address
- Do not store payment information such as credit cards in an account related to gaming
- Do not download or at least be very untrusting of any free games
- Reduce game access to device settings such as geo-location, camera, contact list, etc
- Do not accept freebies such as game-cheat downloads or in game purchases from any one
The home router is the gateway to access to all of your devices, apps and websites. Home networks have remained monolithically simple over the years and the time has come for everyone to learn a few technical details to stay safer.
- Change the default manufacturer password on your home router. These default passwords are well known and available on all hacking forums
- Change the SSID of your home network to something other than the vendor name of the router
- Create a ‘Guest’ or ‘Secondary’ network and assign all non-critical devices such as televisions, smart speakers, gaming systems, etc to that network
- Remove access to remote administration tools e.g. apps that allow you to control devices from outside your home
- Set a very strong passwords and allowing access to remote administration tools from only specific devices
- Use multiple routers to further segment devices in your home network and assign more stringent firewall rules to the key devices. This is technically complex but feasible. For most router brands, there are very pointed online videos with instructions.
When automobiles came out, no one knew how to start them, let alone change the oil. We have learned to change oil, keep the tire pressure right and monitor the engine temperature. The growth of smart homes requires a similar growth in muscle memory in terms of cyber hygiene and cyber security posture. New challenges such as AI and the metaverse have already started to make an impact and future defense of the smart home will require a combination of hygiene, awareness and tools. Let us make sure we get started with the first two.
Written by Vikram Venkatasubramanian,
Founder and CEO, Nandi Security, Inc
Interesting Related Article: “How to Create a Robust Cybersecurity Strategy to Mitigate Threats“