Tag Archives: Home device security

Working from home: Cybersecurity tips for remote workers

One of the key measures to reduce the spread of Covid-19 is social distancing, which for many organisations means encouraging – or instructing– staff to work from home.

But moving at short notice from a trusted office environment to working remotely can create security risks. On top of this, nasty opportunist crooks are already using the coronavirus as subject matter for their phishing scams, hoping that the unwary will click through and hand over passwords or other data.

With the rapid increase in remote working in mind, European cybersecurity agency ENISA has set out a series of recommendation

ENISA’s other security advice for home working for employees also includes:

  • Ensure your Wi-Fi connection is secure. While most Wi-Fi is correctly secured, some older installations might not be, which means people in the near vicinity can snoop your traffic.
  • Ensure anti-virus is in place and fully updated.
  • Check all security software is up to date: Privacy tools, add-ons for browsers and other patches need to be checked regularly.
  • Have a back-up strategy and remember to do it: All important files should be backed up regularly. In a worst case scenario, staff could fall foul of ransomware for instance. Then all is lost without a backup.
  • Lock your screen if you work in a shared space: ENISA said workers should really avoid co-working or shared spaces at this moment and that social distancing is extremely important to slow down the spread of the virus.
  • Make sure you are using a secure connection to your work environment.
  • Check if you have encryption tools installed.

ENISA said employers should:

  • Provide initial and then regular feedback to staff on how to react in case of problems. That means info on who to call, hours of service and emergency procedures.
  • Give suitable priority to the support of remote access solutions. Employers should provide at least authentication and secure session capabilities (essentially encryption).
  • Provide virtual solutions. For example, the use of electronic signatures and virtual approval workflows to ensure continuous functionality.
  • Ensure adequate support in case of problems. This may require setting up special rotas for staff.
  • Define a clear procedure to follow in case of a security incident.
  • Consider restricting access to sensitive systems where it makes sense.

Now hackers can steal your ID and bank details from a coffee machine!

Abstract

A cyber security expert has predicted a surge in hackers stealing people’s personal information and bank details through coffee machines and smart TVs in their homes.

Vince Steckler, chief executive of security giant Avast, also said he refused to use instant messaging service WhatsApp on his phone because he believed it would put the privacy of his friends at risk.

New ‘smart’ coffee machines can be connected to the internet to allow homeowners to control them remotely using their phones. Users can even give the machines vocal commands if they are connected to virtual assistant software such as Amazon’s Alexa.

Reads more in

https://www.dailymail.co.uk/news/article-7045105/Now-hackers-steal-ID-bank-details-coffee-machine.html

CyberSecurity:D-Link Home Camera security problem

There has been growing concern about securities in home appliances. Recent news came from D-Link’s manufacturing company from Taiwan on home camera.

Consumer Reports finds that D-Link’s home camera sends unencrypted video without unique passwords

https://boingboing.net/2018/10/30/d-link-dcs-2630l.html

Home Camera is a new gadget everybody like to have it at home. I remember, in my childhood, people had craze of the radio and love listening to old songs. As technology advances, now people like to have IOT (Internet of things) devices at home. Even if someone wants Radio, they would prefer to have Radio as IoT devices. More connectivity port available in the devices, the better it is now. Bluetooth, WIFI, hotspot enablement etc are the basic features in any device.

IoT is more about connectivity and how people like to control their own stuff. As per wiki IoT definition:

“The Internet of things (IoT) is the network of physical devices, vehicles, home appliances, and other items embedded with electronicssoftwaresensorsactuators, and connectivity which enables these things to connect, collect and exchange data.”

These home appliances are slowly becoming spy devices. Would share in some other posts what are the spy devices & how are they spying on?. There are lots of guidelines & standard to implement them and use them in a way they are supposed to be used. But this thought is applied to everything. Like application security, data security, cloud security etc.

For more readings about IOT guidelines. The GSMA IoT Security Guidelines: 

GSMA IoT Security Guidelines and Assessment

Thoughts:

It is time for the consumer to ask for the security & basic questions. And, have an agreement with the vendor.  The following basic question must be asked:

  • What is the procedure they have to secure my data?
  • What is the information they are capturing? Does home appliance listen to the private conversation as well?
  • What if the consumer wants to delete the records?
  • Whom these videos or audios are being shared? How private info is secured?