This post comes to us from a non-technical colleague of ours who is new to the information security world. We threw him into a highly technical conference and inundated him with information. Take a look at his takeaways.
So I’m just a normal internet-loving dude who’s not particularly savvy in cyber security. I went to InfoWarCon to post live tweets from the SAC account about the event to inform others, and myself, about the importance of cyber security. I was blown away by how much the average web surfer should be aware of.
InfoWarCon is basically a gathering of experts with various backgrounds in politics, military and cyber-technology to discuss current and future possibilities of bad guys using cyber technology to do bad things and how to stop them.
Although the main topic of discussion, Cyber-Terrorism, seems like a distant problem that the average internet surfer doesn’t need to worry about, it can hit us close to home. Terrorists often swindle money with phishing schemes to fund their operations while ISIS is using social media as a recruitment venue and video as a weapon of mass destruction to amplify their propaganda.
What jumped out at me as particularly relevant to our modern day-to-day lives was The Internet of Things where everything has an IP address, which means everything is a potential target. Most people recognize that computers and laptops can be hacked, but we don’t think about protecting other items:
- Personal: smart phone, watch, wrist GPS
- Home: NEST, TV, refrigerator, thermostat
- Police: 911 systems, dispatch, smart guns, body cams, dash cams
- Cars: computers, GPS navigation systems
- Industrial control systems
In his talk “Reverse Forensics on The Internet of Things” Travis Hartman explained how evidence gathered from refrigerators, cars or other objects could lead to conviction in court!
It’s a little freaky to think about how many ways a criminal can hack us, but we have to accept some level of risk. We have to stayed informed, be aware of these threats and take precautions to protect ourselves online. Just remember: if it can connect to the internet, then it can be hacked. So make sure your network is protected!
So what do we do about it?
- Secure the wireless network with a Wi-Fi Protected Access II (WPA2). This is stronger than the Wired Equivalent Privacy (WEP) protocol.
- Use strong passwords. Make them complex and change them regularly.
- Don’t put personal information in your network name. This can make you vulnerable to social-engineering. Call it something random, like “The Millennium Cat” instead of “The Smith House.”
- Disable guest network access. Be strict about who is allowed on the network.
- Create two different Wi-Fi Networks. One for computers, laptops and smartphones to do banking and general internet activity, and other network for your other IoT devices.
Be informed. Be aware.