Welcome to the fourth part in our series containing short blogs from Twitter chats we took part in to mark the 14th National Cybersecurity Awareness Month (NCSAM). The National Cyber Security Alliance (@NatlCyberSecAlliance) is once again hosting a series of Twitter chats every Thursday in October using the hashtag #ChatSTC (moderated by @STOPTHNKCONNECT), in which ESET researchers are once again participating.

In our previous blog entries we covered Simple Steps to Online Safety and Cybersecurity in the Workplace. In the blog today we will be talking about some of today's predictions when it comes to the internet of tomorrow.

Today's Predictions for Tomorrow's Internet Thursday, Oct. 19, 2017, 3:00-4:00 p.m. EDT/12:00-1:00 p.m. PDT

 ____________________

Q1: How wide-reaching is the Internet of Things, & what are some examples of the many connected devices we use?

Bruce P. Burrell: No IoT things in use here in this house.  [Ok, one, but it's not connected to the 'Net.] Personally, I recommend against using such silliness.  I can set my thermostat manually, thank-you-very-much.  Connect our TV to my 3Mb DLS modem?  Uhhhh, no.

Aryeh Goretsky: Routers, thermostats/HVAC, lights + even garage door openers can be connected to the Internet.

David Harley: Way too wide-reaching. Mostly unnecessarily, so beware of unsafe defaults.

Lysa Myers: “We use” is the crux of the question: more & more devices are connectable, but how many connect & continue use? I suspect most-used devices are TVs, fitness & “smart” home devices. These know a lot about our spaces & habits!

Q2: What are some of the benefits of this ever-growing IoT?

Bruce P. Burrell: I don’t see any, and yes: I mean it.   I do see plenty of drawbacks, though.

"What could possibly go wrong?"

Aryeh Goretsky: Convenience?  Cool factor?

David Harley: In too many cases, what benefit there may be is to the vendor/marketer, not to the consumer. There may be benefits in the case of e.g. smart meters, if securely implemented.

Lysa Myers: Jury’s still out on that one. Convenience? Surveillance…er, “monitoring” capabilities? “Smart” functionality often an afterthought; adding “cool” factor without considering risk/benefit ratio.

Q3: How do the many systems, devices & apps we use at home interact with our personal information?

Bruce P. Burrell: I'll defer to colleagues who actually may use such claptrap.

Aryeh Goretsky: Very poorly, usually.

David Harley: Insecurely and unnecessarily, usually. Even the vendors rarely use the info as much as you might expect.

Lysa Myers: Varies from device to device. My advice: don’t add personal info if it’s not required, use junk info if it doesn’t compromise functionality.

Q4: What should parents consider & do to protect kids’ personal info in this always-on world?

Today's Predictions for Tomorrow's Internet

Bruce P. Burrell:

  1. Parental control software is an option, but beware: controlling parents doesn't help much.
    :-)
  2. … and if the parents don't understand the software, and check it on their kids' devices, the little rascals may have found ways to subvert it. "'Good luck with that!', randomly-selected parent!"
  3. Talk to your kids!
  4. Make rules and stick by them, but
    1. Change the rules as appropriate as your children get older
    2. Allow feedback from your kids. Maybe your rules really aren’t fair and need to be tweaked.
    3. Realize that, as they get older, you have to give them more freedom. [They'll get it anyway; help them to do it wisely.]

Aryeh Goretsky: Consider installing parental monitoring software + blocking to filter out objectionable content.

David Harley:

https://www.welivesecurity.com/2014/04/11/privacy-social-media-and-the-younger-generation/

https://www.welivesecurity.com/2016/12/05/child-safety-unexpected-radio-interview/

Lysa Myers: “Acceptable Use Policy” useful for families too: what is okay to share & with whom? What consequences for breaking rules?

Talk about your rules with friends and extended family too so they know what’s acceptable to share.

Q5: What are some things to consider before buying a connected car, & what should drivers do to keep vehicles safe?

Bruce P. Burrell: Always buy a stick shift.  [I know you think I'm kidding, but I'm not, and "Yes, I practice what I preach."  Note that this has an additional benefit as an anti-theft device.]

Aryeh Goretsky: Find out what the policy is for updates & fixes, and how long the car manufacturer will provided these for free.

David Harley: Drive-by-wire. What could go wrong???

Lysa Myers: Is the benefit worth the risk? What if maker stops support? What if you move far from available dealerships?

Does MFR have a responsible disclosure policy? What is their response to vuln disclosures? What update mechanisms?

Q6: What does this external network of data mean for us, & how can we be educated consumers & protect connected info?

Bruce P. Burrell: It means less and less privacy, if you allow it.  If you value your privacy, don't share personal information.  If an app is free, then YOU are the product ... so review carefully what the app does.  Of course, that goes even if you don't value your privacy.

Aryeh Goretsky: It means we are less in control of our financial and personal data than ever before + have to make smart decisions about adding such things in our lives.

David Harley: https://web-assets.esetstatic.com/wls/2014/11/AVAR2014-Harley-Bortnik.pdf

Lysa Myers: The more places we have sensitive data, the larger the attack surface. Research purchases, assess before adding connected data.

Q7: What are your top tips for protecting identities & data in this expanding, interconnected digital world?

Bruce P. Burrell: Don't provide any such data anywhere that's connected to the 'Net – certainly not in social media.  Encrypt your data.  Be suspicious so you aren't enchanted by an attractive lure offered by some itinerant phisherman.

Aryeh Goretsky: Remove un-needed apps from smartphones + tablets, don't take online quizzes. They both present ways to harvest information about you.

David Harley: Some sites want much more info than is necessary or ethical, and then fail to look after it. If you really need the service, maybe a little inaccuracy is acceptable. But use your discretion.

Lysa Myers: Stop & Think before entering data. Stop & Think before buying connectable devices. Stop & Think how functionality/services/data can be used AND misused.

Q8: What resources can help people protect themselves & their information in this rapidly advancing digital ecosystem?

Bruce P. Burrell: Use 2FA whenever possible.  Encrypt data.  Check what resources an app has access to and don't install the app if it demands resources that make no sense for its purported function: a "flashlight" app doesn't need access to your addressbook!  And of course check WLS and other trusted sources for tips and breaking news – some of which will alert you to new attacks against which you'll want to defend yourself.

[2FA = two-factor authentication]

Aryeh Goretsky: www.securingourecity.org + www.welivesecurity.com

Lysa Myers: Take steps to secure your router for devices in your home: https://www.welivesecurity.com/2016/11/08/secure-router-help-prevent-next-internet-takedown/

____________________

We encourage you to check out the chats on Twitter and other events, and take advantage of the commentary and advice offered by other players in the security industry. We also encourage you to check out a page put up by ESET offering lots of free cybersecurity resources to help you become more #CyberAware.

WeLiveSecurity will be back with the final entry in our Twitter chat blog series next week and we encourage you to keep an eye out for that.