Early in the year of 2019, CNN managed to access a variety of camera feeds using a search engine for IoT devices Shodan. They remotely watched children playing in a
middle school gym in Indonesia, a man getting ready for bed in a Moscow apartment, an Australian family coming and going from their garage and a woman feeding her cat in Japan. All of them seemed unaware of the fact they were broadcasting their lives online every second of the day. According to CNN, none of the cameras had had security checks and were open to anyone who knew the right address.
To avoid that this kind of situation happens to you, there are some technics, procedures and behaviours that should be adopted both by the IoT device developer and by the smart device user. Below you can see some measures to react and to prevent cyberattacks in all the layers that composes IoT devices.
As you can observe most of the privacy and security mechanisms for IoT should be implemented. IoT developers should focus their efforts in the creation of devicesthat are physically secured and protected with cryptographic algorithms, hardened gateway platforms, complex encryption, anti-virus, anti-spyware, anti-adware and advanced and updated security technics. Therefore, the user is dependable of the security mechanism already integrated in the IoT devices to secure their privacy and security. Nevertheless, there are some actions that you, as an IoT consumer, must be aware to overcome various IoT security and privacy threats:
1st – Read the security requirements and the privacy policy for the devices
Always choose an IOT device from a trustworthy and transparent manufacturer. You are entitled to know the security technics implemented in the IoT.
As well, you should always read the privacy policy of the device as you must be aware of how your IoT device works and the reasons your data are being collected and used by IoT smart devices. Put simply, before using an IoT device, you should be able to know if you can:
Access, view and remove the data collected from you via IoT;
Disconnect your IoT devices when you want to do so;
Consent to your personal data storage on the IoT device.
2nd – Stop using the default password!
The first thing you should do with your IoT device is to check if it allows you to change default passwords. Always use a strong unique password to each and every device that you own. Don’t forget to change the passwords of your Wi-Fi router as well!
3rd – Deactivate remote access (WAN) to the device
If you are at home right now, google “what is my IP address” on your computer. What you see there is your WAN IP address. This address is unique on the Internet at any given time. If you travel away from home, that IP address is what you can use to access your smart home devices remotely. If the devices are not secured, the IP address is all that is necessary for anybody who wants to access them. In fact, that was what CNN used to access a variety of camera feeds!
4th – Disable the features that are not used
A trustworthy smart device is a device that allows you to personalize its features. For example, if you are not using your smart watch to collect your latest workout data, enable the Bluetooth connection; or if you don’t need to record your jog path, enable the GPS and location track.
5th – Be a Super-Agent of Cybersecurity!
Did you know that 95% of cybersecurity breaches are due to human error? Therefore, cybersecurity literacy is the most important way to eliminate cyberattacks. In order to be a Super-Agent of Cybersecurity, you must master all the phases of the cyber awareness plan:
Whether you use Internet of Things devices in your daily life, or you are a business owner or manager that uses technology and Internet in day-to-day activities, you must heighten the chances of catching a security or privacy attack before it is fully enacted, minimizing damage and reducing the cost of recovery.
By now, you have all the basic knowledge to ace in the identification of threats and vulnerabilities, in the assessment of risk and in the device’s protection. But what if, despite all the prevention and carefulness, you are still a victim of a cyberattack incident while using Internet of Things? The answer relies on the 4 W’s: Who, What, When and Which.
WHO
Make a list of who to call in case of an incident. It’s critical that you know who will make the decision to initiate recovery procedures and who will be the primary contact with appropriate law enforcement personnel.
WHAT
Make sure you have a plan for what to do with your data in case of an incident.
This may include shutting down and rebooting your entire IoT systems.
WHEN
Determine when to alert emergency personnel, cybersecurity professionals, service providers or insurance providers.
WHICH
Your response plan should clarify the types of activities that constitute an information security incident. In regards of an organization, that include incidents such as your website being down for more than a specified length of time or evidence of information theft.
Don’t forget to involve your family, friends and/or employees in the cyber awareness plan, as cybersecurity is a responsibility of every IoT user!
Don’t forget to involve your family, friends and/or employees in the cyber awareness plan, as cybersecurity is a responsibility of every IoT user!
Early in the year of 2019, CNN managed to access a variety of camera feeds using a search engine for IoT devices Shodan. They remotely watched children playing in a
middle school gym in Indonesia, a man getting ready for bed in a Moscow apartment, an Australian family coming and going from their garage and a woman feeding her cat in Japan. All of them seemed unaware of the fact they were broadcasting their lives online every second of the day. According to CNN, none of the cameras had had security checks and were open to anyone who knew the right address.
To avoid that this kind of situation happens to you, there are some technics, procedures and behaviours that should be adopted both by the IoT device developer and by the smart device user. Below you can see some measures to react and to prevent cyberattacks in all the layers that composes IoT devices.
As you can observe most of the privacy and security mechanisms for IoT should be implemented. IoT developers should focus their efforts in the creation of devices that are physically secured and protected with cryptographic algorithms, hardened gateway platforms, complex encryption, anti-virus, anti-spyware, anti-adware and advanced and updated security technics. Therefore, the user is dependable of the security mechanism already integrated in the IoT devices to secure their privacy and security. Nevertheless, there are some actions that you, as an IoT consumer, must be aware to overcome various IoT security and privacy threats:
1st – Read the security requirements and the privacy policy for the devices
Always choose an IOT device from a trustworthy and transparent manufacturer. You are entitled to know the security technics implemented in the IoT.
As well, you should always read the privacy policy of the device as you must be aware of how your IoT device works and the reasons your data are being collected and used by IoT smart devices. Put simply, before using an IoT device, you should be able to know if you can:
2nd – Stop using the default password!
The first thing you should do with your IoT device is to check if it allows you to change default passwords. Always use a strong unique password to each and every device that you own. Don’t forget to change the passwords of your Wi-Fi router as well!
3rd – Deactivate remote access (WAN) to the device
If you are at home right now, google “what is my IP address” on your computer. What you see there is your WAN IP address. This address is unique on the Internet at any given time. If you travel away from home, that IP address is what you can use to access your smart home devices remotely. If the devices are not secured, the IP address is all that is necessary for anybody who wants to access them. In fact, that was what CNN used to access a variety of camera feeds!
4th – Disable the features that are not used
A trustworthy smart device is a device that allows you to personalize its features. For example, if you are not using your smart watch to collect your latest workout data, enable the Bluetooth connection; or if you don’t need to record your jog path, enable the GPS and location track.
5th – Be a Super-Agent of Cybersecurity!
Did you know that 95% of cybersecurity breaches are due to human error? Therefore, cybersecurity literacy is the most important way to eliminate cyberattacks. In order to be a Super-Agent of Cybersecurity, you must master all the phases of the cyber awareness plan:
Whether you use Internet of Things devices in your daily life, or you are a business owner or manager that uses technology and Internet in day-to-day activities, you must heighten the chances of catching a security or privacy attack before it is fully enacted, minimizing damage and reducing the cost of recovery.
By now, you have all the basic knowledge to ace in the identification of threats and vulnerabilities, in the assessment of risk and in the device’s protection. But what if, despite all the prevention and carefulness, you are still a victim of a cyberattack incident while using Internet of Things? The answer relies on the 4 W’s: Who, What, When and Which.
WHO
Make a list of who to call in case of an incident. It’s critical that you know who will make the decision to initiate recovery procedures and who will be the primary contact with appropriate law enforcement personnel.
WHAT
Make sure you have a plan for what to do with your data in case of an incident.
This may include shutting down and rebooting your entire IoT systems.
WHEN
Determine when to alert emergency personnel, cybersecurity professionals, service providers or insurance providers.
WHICH
Your response plan should clarify the types of activities that constitute an information security incident. In regards of an organization, that include incidents such as your website being down for more than a specified length of time or evidence of information theft.
Don’t forget to involve your family, friends and/or employees in the cyber awareness plan, as cybersecurity is a responsibility of every IoT user!
Don’t forget to involve your family, friends and/or employees in the cyber awareness plan, as cybersecurity is a responsibility of every IoT user!
-
Add a note