CyberSecurity

    NCSAM WEEK 4 ; The Future of Internet Connected Devices

    A decade ago, the average household would not be able to answer their front door from miles away via a smartphone, or order dinner by simply speaking to a small box. These things may have been customary in Hollywood spy films, but now they can be found in nearly every home across America. These internet connected devices are what is known as the Internet of Things.

     

    The internet world is flourishing. It’s not just about computers, laptops, tablets, and smartphones anymore. There are now thousands of devices that are internet-connected. The list of devices has grown to washing machines, robotic vacuum cleaners, door locks, toys, and toasters. Because all of these devices are connected to one another through the internet, we must be more aware of these devices and their settings to protect our data and our privacy.

    New Internet-connected devices provide a never before seen level of convenience in our lives, but they also require that we share more information than ever. The cars we drive, appliances we use to cook, our watches we use to tell time, the lighting in our homes, and even our home security systems, all contain sensing devices that can talk to another machine and trigger other actions. We have devices that direct that control the amount of energy we use in our homes and the energy in our bodies by tracking eating, sleeping, and exercise habits.

    The security of the information users share with these devices is not always guaranteed. Once the device itself connects to the Internet, it is vulnerable to all sorts of risks. It is important than ever that we secure our devices, with more entering our homes and workplaces each day.

    Upgrading your organizations network devices is easier than ever with DTC

    Future Predictions about Internet Connected Devices

     

    There will be more than to 21 billion IoT devices by 2025.

    In 2016, there were more than 4.7 billion devices connected to the internet, and by 2021 it is expected to increase to nearly 11.6 billion devices.

    There will be more “smart” cities.

    Household consumers aren’t the only ones that use the power of internet connected devices. Cities and companies are also adopting smart technologies to save both time and money. Cities are able to automate, remotely manage, and collect data through things like visitor kiosks, video camera surveillance systems, bike rental stations, and taxis.

    See how some cities are using AI to help crisis management

    Artificial intelligence (AI) will keep growing

    Smart home hubs, thermostats, lighting systems, and even TVs collect data on your habits and patterns of usage. When users set up voice-controlled devices, the allow them to record what is said and store the recordings in the cloud. The data is collected in the creation of what is known as machine learning. Machine learning is a type of artificial intelligence that helps computers “learn” without someone having to program them. 

    Network routers become more secure and smarter

    Most internet connected devices exist in the home and don’t have security software installed, leaving them vulnerable to attacks. As manufacturers rush to get their products to market in a rapid manner, security becomes an afterthought. 

    The router is the entry point of the internet and gate keeper into your home, giving it the ability to provide protection to all of the connected devices. A conventional router provides some security, like password protection, firewalls, and the ability to allow only certain devices on your network. In the future, router manufacturers will continue to find new ways to increase security.

    5G Networks Will Drive IoT Growth

    Wireless carriers will continue to implement 5G (fifth generation) networks, promising increased speed and the ability connect more smart devices at the same time. Faster network speeds translate into increased data collected by your smart devices to be analyzed and managed, driving innovation and growth. 

    Cars Will Continue to Get Smarter

    The emergence of 5G will impact the auto industry like never before. The development of driverless cars and internet connected vehicles will advance from data moving faster. New cars will increasingly analyze your data and connect with other IoT devices, including other high-tech vehicles on the road.

    5G Connected Devices Will Open the Door to New Security Concerns

    Eventually, 5G internet connected devices will connect directly to the 5G network than via a Wi-Fi router, making those devices more vulnerable to direct attack. Devices will be more difficult for in-home users to secure when they bypass a central router.

     

    For more information on CyberSecurity & how to be #CyberSmart, visit the CISA website today:

    Click Here: https://www.cisa.gov/national-cyber-security-awareness-month

    Securing Internet-Connected Devices in Healthcare

    Now more than ever, the healthcare industry is depending on internet-connected devices to improve patient care, organizational productivity, response time, and patient confidentiality. With the recent COVID-19 outbreak, the development of telemedicine and patient portal apps has come to the forefront in the industry. Along with digital health records and internet-connected medical devices, the healthcare industry has also never been more vulnerable to a cyber-attack.

    As the global epidemic spread across the nation, doctors, dentists, and other medical professionals such as therapists were forced to rely on online visits with their patients. The increase in virtual appointments also brings new concerns of patient confidentiality. Patients want to know how safe is the information shared during these online visits. Are cybercriminals able to steal their personal information? Unfortunate, the answer is yes. The healthcare industry is vulnerable just as is any other industry. However, there are steps healthcare providers can take to protect patient privacy during virtual visits.

    Read more about how we help the healthcare industry with their IT needs.

    What are the privacy risks associated with internet connected healthcare?

    With virtual visits becoming more common place, cyber criminals are licking their chops. Hackers look to take advantage of these opportunities by stealing the private medical and billing information of patients. Cybercriminals could try intercepting emails or video chats with information about preexisting conditions or personal problems you may be having. Once the information is obtained, they could potentially sell it on the dark web, use it for blackmail, or sell it to drug manufacturers who overload customers with advertisements.

    Healthcare records are particularly valuable on black markets due to the information they contain can be used to steal your identity. The information they hold might consist of your birth date, Social Security number, medical conditions, height, weight, home address, and even a picture of you. Hackers can use this information to take out credit cards or loans in your name. 

    Providers may give their patients the option of ending their virtual visit by receiving health records through email or the medical provider’s online portal. Hackers may be able to steal the contents of your email messages or track the keystrokes you use to log onto your medical provider’s online portal. Just as medical providers are required to protect user information, so are all business entities. 

    Learn more about how we can help your business stay compliant.

    5 Ways to Secure Your Healthcare Connected Devices

    1. Control everything that connects into your network.  Managing network segmentation can help with risk mitigation and controlling a breach if one does occur. Network visibility is critical. And, in so many cases, the network acts as your key security mechanism to stop the spread of an attack. Network intelligence, scanners, and security solutions can all help reduce the risk of an attack or breach. 
    2. Create security based on context and layers. Your security platform must work for you and question devices coming in to really understand where they’re coming from. When it comes to IoT and connected devices, contextual security can help isolate IoT solutions to their own network. Set up policies to monitor anomalous behavior and even traffic patterns. Set up additional filters for extra security; like shutting the network segment down if there’s a sudden rise in traffic. 
    3. Centralize and segment connected devices. If you’re going to work with IoT and connected devices, create a separate network, monitor those devices properly, and set monitors to make sure you can manage all these connected tools and use IoT aggregation hubs that help further the control of devices. 
    4. Align users and the business when it comes to more connected devices in healthcare. Ensure there is complete alignment between business and IT leadership units. This is the best way to gain the most value out of these devices and ensure you don’t fall into an IoT device hole.
    5. Always test your systems and maintain visibility.  Never lose sight of your devices and build a good monitoring platform. The more things that connect into the network the harder it will be to monitor them all.

    A plan for guarding against ransomware in the healthcare industry

    So, what can hospitals, medical centers, dentists, and other healthcare providers do to guard against the threat of cyber-attack?  Here is a simple five-point plan that will go a long way to helping healthcare professionals secure their defenses.

    Stay up to date

    Make sure that servers and PCs are up to date with the latest operating systems and antivirus solutions.

     

    Retire unused IT assets

    Consider if older machines, which are beyond updates or support, could be replaced or retired. The cost of doing so, and inconvenience of replacing older equipment will probably be less than the impact of a data breach.

     

    Sell Your Retired IT Assets for Cash

     

    Educate employees

    Make sure everyone in the organization is familiar with ransomware methods and can recognize attempts to gain password credentials or circulate harmful links and attachments. Hospitals employ so many different and diverse professionals, covering a multitude of functions, that there needs to be a culture of vigilance across the entire organization.

     

    Be prepared for an attack

    Use different credentials for accessing backup storage and maybe even a mixture of file systems to isolate different parts of your infrastructure to slow the spread of ransomware. Healthcare organizations that follow the “1-10-60” rule of cybersecurity will be better placed to neutralize the threat of a hostile adversary before it can leave its initial entry point. The most cyber-prepared healthcare agencies should aim to detect an intrusion in under a minute, perform a full investigation in under 10 minutes, and eradicate the adversary from the environment in under an hour.

     

    Create an Airgap

    Three copies of your data, on at least two different media, with one stored offsite (e.g. cloud or tape) and one stored offline (e.g. tape). Having your data behind a physical air gap creates perhaps the most formidable barrier against ransomware. Tape can greatly speed up your recovery in the hours and days that follow an attack, especially if your primary backups have been disrupted. Tape is also supremely efficient for storing huge amounts of infrequently accessed medical records for a very long time. Tapes can also be encrypted so that even if they did fall into the wrong hands, it would be impossible for thieves to access or use the data.

     

    Learn more about how to create an Airgap

    NCSAM Week 2 ; Securing Devices at Home and Work

    Securing Devices at Home and Work

     

    According to a 2018 study by CNBC, there were over 70% of employees around the world working remotely at least one day per week. With the recent COVID-19 pandemic, many organizations have had to make full-time remote work an option just to stay in business. As full-time remote workers are progressively more common, there still aren’t many resources that focus on the cybersecurity risk created by working remotely.

    With the latest surge in working from home (WFH) employees, businesses are forced to rely on business continuity planning. This means that organizations must find ways to protect their customer’s sensitive data simultaneously granting workplace flexibility. Provided the current conditions we are all facing and in celebration of Cyber Security Awareness Month (CSAM), we thought we should share a few tips to help your business increase its cybersecurity.

    Security tips for the home, office and working from a home office

    Secure your working area

    The first and easiest piece of security advice would be to physically secure your workspace. Working remotely should be treated the same as working in the office, o you need to lock up when you leave. There have been way too many instances when laptops with sensitive data on them have been stolen from living rooms, home offices, and even in public settings such as coffee shops. Never leave your devices unattended and lock doors when you leave.

    See why laptop and home office security is so important. 

    Secure your router

    Cybercriminals take advantage of default passwords on home routers because it is not often changed, leaving any home network vulnerable. Change the router’s password from the default to something unique. You can also make sure firmware updates are installed so known vulnerabilities aren’t exploitable. 

    Use separate devices for work and personal

    It’s important to set separate restrictions between your work devices and home devices. At first it may seem like an unnecessary burden to constantly switch between devices throughout the day, but you never know if one has been compromised. Doing the same for your mobile devices, can decrease the amount of sensitive data exposed if your personal device or work device has been attacked.

    Encrypt the device you are using

    Encryption is the process of encoding information so only authorized parties can access it. If your organization hasn’t already encrypted its devices, it should. Encrypting the devices prevents strangers from accessing the contents of your device without the password, PIN, or biometrics. 

    Below is a way to encrypt devices with the following operating systems:

    • Windows: Turn on BitLocker.
    • macOS: Turn on FileVault.
    • Linux: Use dm-crypt or similar.
    • Android: Enabled by default since Android 6.
    • iOS: Enabled by default since iOS 8.

    Check that your operating system is supported and up to date.

    Usually, operating system developers only support the last few major versions, as supporting all versions is costly and the majority of users upgrade when told to do so. Unsupported operating systems no longer receive security patches, making your device and sensitive data at risk. If your device does not support the latest operating system, it may be time to look into updating the device.

    Here’s how to check if your operating system is still supported:

    • Windows: Check the Windows lifecycle fact sheet
    • macOS: Apple has no official policy for macOS. That said, Apple consistently supports the last three versions of macOS. So assuming Apple releases a new version of macOS each year, each release of macOS should be supported for roughly three years.
    • Linux: Most active distributions are well supported.
    • Android: Security updates target the current and last two major versions, but you may need to check that your manufacturer/carrier is sending the security patches to your device. 
    • iOS: Like macOS, Apple has no official policy for iOS but security updates generally target the most recent major version and the three prior. 

    Read more about Android security here

    Create a strong PIN/password only YOU know

    Everything mentioned prior to this won’t matter if you don’t use a strong password. A common tip for creating a strong password is to avoid using repeating numbers (000000), sequences (123456), or common passwords such as the word password itself.

    More tips on creating a strong password include:

    • Avoid using anything that is related to you
    • Avoid using your date of birth
    • Avoid using your license plate
    • Avoid using your home address
    • Avoid using any family members or pets’ names.

     

     A good pin/password should appear arbitrary to everyone except you. Consider investing in a password manager. A good password manager can help you create strong passwords and remember them, as well as share them with family members, employees, or friends securely. 

    Learn more about how to create a strong password

     Install antivirus software

    An antivirus software is a program that detects or recognizes a harmful computer virus and works on removing it from the computer system. Antivirus software operates as a preventive system so that it not only removes a virus but also counteracts any potential virus from infecting the device in the future.

    Authorize two-factor authentication

    Two-factor authentication is an authentication method where access is granted only after successfully presenting two pieces of evidence to an authentication mechanism.  This method has been proven to reduce the risk of successful phishing emails and malware infections. Even if the cybercriminal is able to get your password, they are unable to login because they do not have the second piece of evidence.

    The first and most common evidence is a password. The second takes many forms but is typically a one-time code or push notification. There are several applications that can be used for two factor authentication such as Google Authenticator. 

    Erase data from any devices you plan to sell

    This should be the number one rule on any cybersecurity list. It is only a matter of time until your devices are obsolete, and it is time to upgrade. The one thing you don’t want is to have a data leak because you failed to properly erase the data from your device before selling or disposing of it. Returning the device to factory setting may not always be enough, as some hackers know how to retrieve the data that has been “erased”. Before doing anything, always remember to back up your data to multiple devices before clicking that “delete” button. 

    Consult with your operating system to see how to properly reset your device to factory settings. If you are certain you do not want the data on your device to be accessed ever again, we can help with that. Here is a list of data destruction services we provide:

    Security tips for employers handling a remote workforce

    Train employees on cybersecurity awareness

    As cybercriminals are always looking for new ways to bypass security controls to gain access to sensitive information, cybersecurity isn’t something that can just be taught once. It must be a continual learning and retention. Here are a few things that a business can teach their staff in order to help thwart a cyberattack:

    • Avoid malicious email attachments and other email-based scams
    • Identify domain hijacking
    • Use operations security on their social media accounts and public profiles 
    • Only install software if they need to 
    • Avoid installing browser plugins that come from unknown or unidentified developers

    Use a virtual private network (VPN)

    A virtual private network (VPN) extends a private network across a public network, enabling you to send and receive data across shared or public networks as if you are directly connected to the private network. They do this by establishing a secure and encrypted connection to the network over the internet and routing your traffic through that. This keeps you secure on public hotspots and allows for remote access to secure computing assets. 

    Scroll to top