Securing Devices at Home and Work

by SEORG on October 12, 2020

Doing our part to #BeCyberSmart can feel overwhelming at times. This article can help each of us to break down exactly how we can protect our part of cyberspace. We will focus specifically on two areas where we have personal responsibility: securing devices at home and at work. We are dividing these tips into “at home” and “at work” categories. However, most will have a broader application.

Securing Devices at Home

When devices such as computers, smartphones, smart speakers, printers, baby monitors, are not secured, big problems can occur, like what happened in one Tennessee home. A hacker accessed a camera in the bedroom of three young girls. He played the song “Tiptoe through the Tulips” and told the little girls he was “Santa” saying, “It’s your best friend”. Stories like this are chilling. However, avoiding this outcome is possible by implementing some basic security measures.

If You Connect It — Protect It

Many devices have the option for automatic updates, which should be enabled if offered. If automatic updates are not offered, you will need to check for updates on a regular basis. One way to be certain you don’t forget to run updates is to set a reoccurring monthly alarm on your phone. This reminder will help you stay up to date and secure across all platforms and increase your security awareness.

Implementing antivirus software across devices is another simple way to further secure your connected devices. Such programs can perform automatic scans for you and alert you to any potential weaknesses in your system. Choosing an antivirus software for your needs requires a little research but is well worth the time.

Secure your Wi-Fi Network

Your home’s wireless router certainly falls under the category above; but is perhaps of even greater importance as it is one of the primary entrances for cybercriminals. Through this connection it is possible for attackers to reach other connected devices. Therefore, it is vitally important to change the factory-set password and username. Utilizing a password manager is the most secure way to store your unique passwords.

Password Manager

As stated above, utilizing a password manager is the most secure way to protect and store your account passwords. It can be difficult to remember a “secure” password, especially in the tech-friendly world we live in today. From social media accounts and streaming services, to banking accounts and patient portals, most of us have dozens of passwords. For these reasons, many people tend to use the same password and/or usernames across devices. This is a practice that can make it easy for cybercriminals to link your personal name to a username, password, or site you use. Using slight variations on passwords may not be a protection for you, as these patterns have the potential to be found and used against you.

Utilizing a password manager, then, is a simple way to keep your sensitive accounts protected. These managers use just one master password to retrieve passwords for specific accounts you add into it. The password managers also include password generation options, so you can ensure your password is unique and not easily guessed or linked back to you.

MFA

Enabling multi-factor authentication (MFA) is a straightforward way to ensure that the only person who has access to your account is you. At its core, MFA is a security enhancement that requires the user to present two pieces of evidence when logging in to an account. It adds an additional layer of security, which makes it harder for attackers to log in as if they were you. For example, many MFA securities will send a code to your mobile device for you to enter the site you want to access. Without MFA, the attacker would only need to bypass your password. However, if you enable MFA, they will have to obtain your password and (in most cases) your phone as well. This added layer of security won’t prove strenuous for you, the user, but will foil many attempts by attackers.

Securing Devices at Work

Many of the points discussed for at home devices can also be applied to your devices at work; and the reverse will be true for the following tips. Keeping your software up to date, enabling MFA and using password managers are all highly recommended for at work devices. Keeping this in mind, let’s look at some additional tips we can apply while using devices for work.

Treat Business Information as Personal Information

Attempt to view business information as personal information. When thinking of typical “business information”, things like company accounts, vendors, and internal emails may come to mind. However, “business information” also includes employee’s Personally Identifiable Information (PII) such as email addresses, date of birth, mother’s maiden name, and more. Strive to keep personal information like this private and do not share it with unknown sources.

Oversharing on Social Media

Something as simple as sharing information over social media can seem harmless. In reality, it is a major information source that attackers can search for and use. By running a few simple Google searches, they may be able to learn about your company’s partners and vendors, various corporate policies, and other useful pieces of information that can be leveraged in an attack. Because of this, it is vital that employees avoid oversharing on social media. If you want to post but are unsure if it is oversharing, run through the following checklist in your head:

- Am I revealing any Personally Identifiable Information (PII)?
- Will this post contain department names, reference corporate policies, or identify partners/vendors we work with?
- Does the post violate any social media policies my company has?
- Does the image display physical items such as, my badge, computer, uniform?
- Are there any clues to passwords or personal codes in the image? I.E. a sticky note with a password written on it.
- Are there location clues in the photo, such as street signs, location markers, or other such hints?
- Is my social media account publicly available for all to explore?

While this is not a comprehensive list of things to avoid posting, it does give you a starting point of things to look out for.

Do Not Click on Unknown Links

Many security breaches can be traced back to phishing emails. All it takes is for one employee to click on a malicious link. Most phishing emails today are not sent by a Nigerian prince and can therefore be more difficult to identify. Nevertheless, be wary of unusual sources and inspect unknown links carefully. One simple way to inspect a link is by hovering your mouse over it. While doing so, look to the lower left corner of your screen and you will be able to see the URL destination. If an email elicits a strong emotion in you and contains a link for you to click, pause. Take a moment to assess validity of the information before you. Taking that extra moment could be all that is needed to help you make a security-conscious decision.

Use a Virtual Private Network

While working you should always use a Virtual Private Network (VPN) to connect to corporate networks. A VPN creates a private network from a public internet connection. They establish encrypted connections that can keep your data secure. This added layer of security should be a staple in your work security measures.

Personal Awareness of Attack Vectors

We urge you to use the suggestions in this article as a starting point in your security awareness journey. Implementing measures such as securing your wi-fi connection, utilizing a password manager, using MFA and a VPN, are some simple ways to enhance your device security. Remain aware of what you post to social media, and always be wary of clicking on links from unknown senders. With these few steps you will have started on the path to protecting your part of cyberspace.

Sources
https://www.cisa.gov/publication/national-cybersecurity-awareness-month-publications
https://www.cisa.gov/sites/default/files/publications/NCSAM_YourDigitalHome_2020.pdf
https://www.cisa.gov/sites/default/files/publications/NCSAM_CreatingPasswords_2020.pdf
https://www.cisa.gov/sites/default/files/publications/NCSAM_WorkSecure_2020.pdf
https://www.nsa.gov/Portals/70/documents/what-we-do/cybersecurity/professional-resources/csi-best-practices-for-keeping-home-network-secure.pdf?v=1
https://www.forbes.com/sites/zakdoffman/2020/03/03/government-warns-parents-do-this-now-to-protect-your-baby-monitors-from-hackers/#4862f91a5148
https://blog.emsisoft.com/en/29702/choosing-antivirus-software-2018/
https://www.cnet.com/how-to/best-password-manager-to-use-for-2020-1password-last-password-more-compared/
https://whnt.com/2018/10/01/fraud-summit-held-in-huntsville-officials-warn-against-caller-id-spoofing/
https://www.nist.gov/itl/applied-cybersecurity/tig/back-basics-multi-factor-authentication
https://digitalguardian.com/blog/oversharing-your-biggest-security-risk-could-be-you-infographic
https://searchsecurity.techtarget.com/definition/personally-identifiable-information-PII#:~:text=Personally%20identifiable%20information%20(PII)%20is,data%20can%20be%20considered%20PII.
https://www.securitymetrics.com/blog/7-ways-recognize-phishing-email
https://www.social-engineer.com/new-phishing-attacks-are-increasingly-clever/
https://www.bbc.com/news/technology-50760103
https://us.norton.com/internetsecurity-privacy-what-is-a-vpn.html
https://www.pcworld.com/article/245213/7_ways_to_protect_your_business_printers.html
https://www.bbc.com/news/technology-51706631
https://www.social-engineer.org/general-blog/sectf-8-years-review-2010-2017/
https://us.norton.com/internetsecurity-iot-can-smart-speakers-be-hacked.html
https://www.pcworld.com/article/248963/how-to-tell-if-a-link-is-safe-without-clicking-on-it.html