Paul Ducklin, principal research scientist at IT security company Sophos, offers some tips for keeping IoT devices and other connected computers secure at home – especially if you are working from home as well.
Ducklin says there are seven questions you should ask yourself about devices on your home network and about the setup of your network in general. Think of it as going through your very own Cybersecurity Awareness Month at home.
1. Do I actually need this device online? If not, consider removing it from your network. Or if you don't need it listening in or activated all the time, consider powering it down when you aren't using it. (Simply unplugging it from the wall socket is often all you need to do.)
2. Do I know how to update it? If not, find out how; if the vendor can't reassure you about security updates, consider switching products to a vendor that does (and see step 1).
3. Do I know how to configure it? Make sure you know what security settings are available, what they are for, and how to set them up (and see step 2).
4. Have I changed any risky default settings? Many IoT devices come with remote troubleshooting features turned on, which crooks may be able to abuse, and default passwords, which the crooks will definitely know. Check and change defaults before you make the device live (and see step 3).
5. How much am I sharing? If the device is hooked up to an online service, familiarise yourself with how much data the device is sharing, and how often. You may be happy to share some data, but never feel squeezed into turning all the options ‘to the max’ (and see steps 3 and 4).
6. Can I ‘divide and conquer’ my network? Some home routers let you split your Wi-Fi into two networks that can be managed separately. This is useful if you are working from home because it means you can put your home IoT devices on a ‘guest’ network and your work devices, such as a laptop, on another.
7. Do I know who to turn to if there's a problem? If your work has an IT department or offers access to tech support, make sure you know where to report anything suspicious. Ask them what information they are likely to need and provide it at the outset in order to speed up the process.
“By the way,” adds Ducklin, “if you're an IT department looking after remote workers, make it easy for your less-technical colleagues to reach out for cybersecurity advice, or to report suspicious activity, and take the attitude that there's no such thing as a stupid question.”
From the editor's desk: How electronics is shaping modern warfare Technews Publishing
News
From radar systems and encrypted communications to drones and cyber warfare, electronic devices have transformed the battlefield into a highly digitised and networked environment.
Read more...From the editor's desk: Can IoT innovation in SA be a thing? Technews Publishing
News
To support a cellular-based IoT industry, more needs to be done to address the cost and connectivity issues plaguing local players, and until that is done, SA will continue to remain at the back of the pack.
Read more...From the editor's desk: Challenges and opportunities Technews Publishing
News
Electronics manufacturing in South Africa is a sector of industry characterised by both significant challenges, and yet, promising opportunities. As the country continues to diversify, reducing its ...
Read more...From the editor's desk: Exciting times ahead? Technews Publishing
News
There are many subjects that excite me in this world, but two of the larger technical subjects are, firstly, renewable energy, and secondly, the idea of artificial intelligence as it continues to evolve ...
Read more...From the editor's desk: Funga: The unseen rulers of a new kingdom Technews Publishing
News
Up until a few weeks ago, our classification kingdoms were split into two parts; fauna and flora. I was amazed when I recently read that National Geographic has now changed this and has split the classification ...