301.519.9237 exdirector@nesaus.org

11.1.21 – SSI –  Ken Whelan 

Though cybersecurity risk is an important conversation to have, it’s not always easy. Here’s how to talk to your customers about cyber hygiene.

‘The Birds and IoT:’ Are You Using Proper Protection With Your Devices?

Just as the “birds and bees” talk can be difficult, so can talking to your customers about IoT. If you are suppling and installing the devices, you know to use protection. We as an industry constantly talk about it and yet we still feel insecure about it. Are you customers thinking about it as much as we do? Here’s how to have that conversation.

We all love to save money and do it yourself when working on anything around the home or office. This can be a very great cost-saving and fulfilling task. But what task should you not take on? These days you have many playing armchair lawyer, doctor and even engineer. Anyone who went to years of school for these professions can tell you one thing, they still were not ready to do the job on day one. The years just prepared them for day one.

When it comes to IT, computers and electronics we are a world away from the VCR blinking 12:00 and not taping your favorite show (badly). Setting up your devices has become easier, and everyone is used to upgrading quicker and quicker.

Would you trust your brakes to an amateur? Would you fly with someone with only a handful of hours behind the stick? Would you want a chef preforming minor surgery just because they know how to use a knife? You would not put your physical life in the hands of the untrained, why do it with your digital footprint?

The Internet has been a great tool. We have smart things from phones, computers and tablets to juicers, washing machines and thermostats. You can even now buy a smart device robot to follow you around. But here is the thing, “things” on the Internet are not always nice.

Somewhere in the world, not in some dark basement or warehouse, but in a standard-looking office space, a hacker is toiling away like any other worker to exploit week spots for their gain. Sure, Microsoft and Apple have you covered. Sure, your IT department locked everything down. That is until that cheap, smart device you got off the Internet is set up on the guest network. Once you let them in, where are they stopped?

“Solid IT security has always been based in standards. Lack of uniformed standards with IoT makes it hard to keep up,” according to Joe Dorio, a CISSP-certified Network Engineer for Engineered Security. “As IoT increases and widens the threat paths, cybercriminals are raising the stakes.”

A key to any engineering design is to make it simple. Over-engineering hurts many projects. Unfortunately, when it comes to cybersecurity, nothing is complicated enough. The best defense to not being hacked is not having a device communicate with anything inside or out. This includes people.  Social hacking is the best tool in the arsenal and IoT devices are Trojan horses.

Dorio adds, “Most IoT devices have fewer processing and storage resources, making it harder to employ security to protect them.” Simple-to-use devices are great, but simple-to-setup can be dangerous. Auto-detecting devices can always be auto-rerouted. A great online video can be a great way to leave the backdoor open. A random sideload can be a death sentence.

Cybersecurity is so much more than protecting yourself. It is protecting society. Most of the worst cybercrimes have happened to larger targets, by finding soft, smaller targets to get to them. Larger companies in retail, supply chain, digital storefronts, Content-as-a-Service, SaaS and many others are being successfully attacked due to cybersecurity holes in their vendors’ systems.

Credit cards, social security numbers, passwords and other data are ripe for the taking or the attacker can just lock everything down and hold it for ransom. The Wayne family is safer walking down a dark alley after a show then you are connecting to the free WiFi in a café.

DDoS attacks are now coming from cameras and other equipment on a network. Virtual networks are great, but physical, separate networks are better. Being connected to the Internet and getting updates is convenient, but no outside-world connections are even better.

Having access to your data is wonderful, but it being incased in concrete at the bottom of the ocean, well, it’s not better, but it is safer. Constantly keeping your end users informed and educated on all these topics and more will help them understand how important it is to stay protected and that you are their key resources in doing so.

Ken Whelan is COO of Engineered Security.