Smart cities and counties, connected devices, digitized records, as well as smart cars and homes have become a new reality. This week’s cyber checklist is designed to remind citizens and government officials that their sensitive, personal information is the fuel that makes smart devices work. While there are tremendous benefits of using these devices, it is critical to understand how to use these cutting-edge innovations in safe and secure ways.
Today’s internet is the super-fast conduit that holds it all together. We must remember that it was initially built for very different reasons within a controlled and trusted environment. Today we marvel at all that we can do with our smart devices and related technologies. And we want even more!
However, there is a growing cloud of concern that hangs over us as we also become more conscious of the vulnerabilities to our secure personal and government information systems, which includes hacking, fraud, identity theft, and extortion.
The fact that one can operate in a completely anonymous environment where we can never be completely certain as to one’s true identity means that we may need to change this paradigm by way of policy, law, and technology. The National Institute of for Standards and Technology (NIST) is working on a Presidential Order to develop a Trusted Identities in Cyberspace ecosystem.
Despite predictions of the future of the internet, we still must be ever-vigilant and adhere to what the experts tell us what we should be doing today. Here are but 5 necessary actions to be aware of, as recommended by the Department of Homeland Security (see: https://www.dhs.gov/national-cyber-security-awareness-month)”:
1. Keep a clean machine.
Keep the security software, operating system, and web browser on your devices updated. Keeping the software on your devices up to date will prevent attackers from being able to take advantage of known vulnerabilities.
2. Enable stronger authentication.
Always enable stronger authentication for an extra layer of security beyond the password that is available on most major email, social media, and financial accounts. Stronger authentication (e.g., multi-factor authentication that can use a one-time code texted to a mobile device) helps verify that a user has authorized access to an online account.
3. When in doubt, throw it out.
Links in email and online posts are often the way cybercriminals compromise your mobile devices. If it looks suspicious—even if you know the source—it’s best to delete or, if appropriate, mark it as ”junk email.”
4. Make your passwords long & strong.
Use complex passwords with a combination of numbers, symbols, and letters. Use unique passwords for different accounts.
5. Secure your Wi-Fi network.
Your office and the home wireless router is the gateway entrance for cybercriminals to access all of your connected devices. Secure your Wi-Fi network, and your digital devices, by changing the factory-set default password and passwords.
Since the Internet of Everything is getting our attention, the following are some very useful best practices to incorporate that one should utilize for their own, personal devices:
Best Practices to Consider* (Policy & Practice)
- Research the capabilities and security features of an Internet of Everything (IoE) device before purchase.
- Perform an audit of IoE devices used on your network. Some refer to this as “Asset management”. It is amazing how much equipment cannot be accounted for!
- Change the default credentials on devices.
- Use a strong encryption method when setting up Wi-Fi network access.
- Many devices come with a variety of services enabled by default. Disable features and services that are not required.
- Modify the default privacy and security settings of devices according to your requirements.
- Disable or protect remote access to IoE devices when not needed.
- Use wired connections instead of wireless where possible.
- Regularly check the manufacturer’s website for firmware updates.
- Ensure that a hardware outage does not result in a unsecure state of the device.
Given all the advances in technology, the consensus remains that default passwords are still the biggest security weakness for devices. The password most commonly tried by attackers are “admin” and “password”. This means that attackers know what the default passwords are and that they most likely have not been changed. And the second greatest weakness remains us.
Throughout October, ICMA, in partnership with the Public Technology Institute (PTI), will offer a variety of cyber-checklists specifically aimed at the public manager. The goal of this partnership is to help you better understand the importance of cybersecurity and provide you with the tools to make your organization a safer and more secure environment. View the latest posts: Simple Steps to Online Safety: A Checklist For You and Your Staff and How Local Leaders Can Ensure A Safe and Secure Cyber Environment.
*Source: Kevin Haley, Director, Symantec Security Response. See Symantec’s 2016 Internet Security Threat Report: https://www.symantec.com/about/newsroom/press-kits/istr-21