Sign up to our newsletter
Welcome to the fourth part in our series containing short blogs from Twitter chats we took part in to mark the 14th National Cybersecurity Awareness Month (NCSAM). The National Cyber Security Alliance (@NatlCyberSecAlliance) is once again hosting a series of Twitter chats every Thursday in October using the hashtag #ChatSTC (moderated by @STOPTHNKCONNECT), in which ESET researchers are once again participating.
In our previous blog entries we covered Simple Steps to Online Safety and Cybersecurity in the Workplace. In the blog today we will be talking about some of today’s predictions when it comes to the internet of tomorrow.
Today’s Predictions for Tomorrow’s Internet Thursday, Oct. 19, 2017, 3:00-4:00 p.m. EDT/12:00-1:00 p.m. PDT
Bruce P. Burrell: No IoT things in use here in this house. [Ok, one, but it’s not connected to the ‘Net.] Personally, I recommend against using such silliness. I can set my thermostat manually, thank-you-very-much. Connect our TV to my 3Mb DLS modem? Uhhhh, no.
Aryeh Goretsky: Routers, thermostats/HVAC, lights + even garage door openers can be connected to the Internet.
David Harley: Way too wide-reaching. Mostly unnecessarily, so beware of unsafe defaults.
Lysa Myers: “We use” is the crux of the question: more & more devices are connectable, but how many connect & continue use? I suspect most-used devices are TVs, fitness & “smart” home devices. These know a lot about our spaces & habits!
Bruce P. Burrell: I don’t see any, and yes: I mean it. I do see plenty of drawbacks, though.
“What could possibly go wrong?”
Aryeh Goretsky: Convenience? Cool factor?
David Harley: In too many cases, what benefit there may be is to the vendor/marketer, not to the consumer. There may be benefits in the case of e.g. smart meters, if securely implemented.
Lysa Myers: Jury’s still out on that one. Convenience? Surveillance…er, “monitoring” capabilities? “Smart” functionality often an afterthought; adding “cool” factor without considering risk/benefit ratio.
Bruce P. Burrell: I’ll defer to colleagues who actually may use such claptrap.
Aryeh Goretsky: Very poorly, usually.
David Harley: Insecurely and unnecessarily, usually. Even the vendors rarely use the info as much as you might expect.
Lysa Myers: Varies from device to device. My advice: don’t add personal info if it’s not required, use junk info if it doesn’t compromise functionality.
Bruce P. Burrell:
Aryeh Goretsky: Consider installing parental monitoring software + blocking to filter out objectionable content.
Lysa Myers: “Acceptable Use Policy” useful for families too: what is okay to share & with whom? What consequences for breaking rules?
Talk about your rules with friends and extended family too so they know what’s acceptable to share.
Bruce P. Burrell: Always buy a stick shift. [I know you think I’m kidding, but I’m not, and “Yes, I practice what I preach.” Note that this has an additional benefit as an anti-theft device.]
Aryeh Goretsky: Find out what the policy is for updates & fixes, and how long the car manufacturer will provided these for free.
David Harley: Drive-by-wire. What could go wrong???
Lysa Myers: Is the benefit worth the risk? What if maker stops support? What if you move far from available dealerships?
Does MFR have a responsible disclosure policy? What is their response to vuln disclosures? What update mechanisms?
Bruce P. Burrell: It means less and less privacy, if you allow it. If you value your privacy, don’t share personal information. If an app is free, then YOU are the product … so review carefully what the app does. Of course, that goes even if you don’t value your privacy.
Aryeh Goretsky: It means we are less in control of our financial and personal data than ever before + have to make smart decisions about adding such things in our lives.
Lysa Myers: The more places we have sensitive data, the larger the attack surface. Research purchases, assess before adding connected data.
Bruce P. Burrell: Don’t provide any such data anywhere that’s connected to the ‘Net – certainly not in social media. Encrypt your data. Be suspicious so you aren’t enchanted by an attractive lure offered by some itinerant phisherman.
Aryeh Goretsky: Remove un-needed apps from smartphones + tablets, don’t take online quizzes. They both present ways to harvest information about you.
David Harley: Some sites want much more info than is necessary or ethical, and then fail to look after it. If you really need the service, maybe a little inaccuracy is acceptable. But use your discretion.
Lysa Myers: Stop & Think before entering data. Stop & Think before buying connectable devices. Stop & Think how functionality/services/data can be used AND misused.
Bruce P. Burrell: Use 2FA whenever possible. Encrypt data. Check what resources an app has access to and don’t install the app if it demands resources that make no sense for its purported function: a “flashlight” app doesn’t need access to your addressbook! And of course check WLS and other trusted sources for tips and breaking news – some of which will alert you to new attacks against which you’ll want to defend yourself.
[2FA = two-factor authentication]
Aryeh Goretsky: www.securingourecity.org + www.welivesecurity.com
Lysa Myers: Take steps to secure your router for devices in your home: https://www.welivesecurity.com/2016/11/08/secure-router-help-prevent-next-internet-takedown/
We encourage you to check out the chats on Twitter and other events, and take advantage of the commentary and advice offered by other players in the security industry. We also encourage you to check out a page put up by ESET offering lots of free cybersecurity resources to help you become more #CyberAware.
WeLiveSecurity will be back with the final entry in our Twitter chat blog series next week and we encourage you to keep an eye out for that.
Author David Harley, ESET