The massive cyber-attack on October 21 that took down many popular websites across parts of the U.S. and Europe served as a wake-up call to the dangers of Internet of Things (IoT) devices and the potential fragility of the internet's infrastructure. Cybersecurity experts believe that malware-infected IoT devices such as web cameras, home routers, and DVRs were used to carry out a distributed denial-of-service (DDoS) attack against Dyn, an internet performance management company. These infected devices were used to send a crippling amount of web traffic to Dyn's managed DNS infrastructure, causing connection issues to many popular sites such as Twitter, Amazon, PayPal, and Netflix.
It is likely that most, if not all, of the IoT devices used in the October 21 attack were infected without their owner's knowledge. This attack should serve as a warning to anyone with internet-connected devices in their home or office. Now is the time to not only make sure your own devices are configured properly, but to make sure your friends and family are aware of the many dangers the internet poses if we're not careful about the devices we use, the software we download, and the personal information we share online.
What Issues Should I Focus On?
Talking to your friends and family about configuring their smartphone security settings or oversharing personal information on social media probably sounds like a boring or even daunting task. However, it's important to share your knowledge with the people in your life who may not have the same resources. We recommend focusing on the following issues when educating your family and/or friends on cybersecurity risks:
- Sharing personal information – Make sure they understand all the various places their information can live on the internet and how easily it can be stolen by hackers for malicious purposes. See our recent Cybersecurity Awareness Month alert, Protecting Your Online Identity
- Phishing and vishing scams – Educate them on how to identify and not fall victim to these types of scams, and what to do if they think they've become a victim. In particular, share with them some of the more commonly seen scams, such as U.S. tax season scams.
- Software updates and patches – Tell them that security issues are continually being found and fixed, and it's important to not let any of their devices become out of date. Make sure they keep the software on their computers, smartphones, and other internet-connected devices up to date where possible (it's important to note that some IoT devices cannot be patched). Have them enable automatic updates if possible.
- Endpoint protection and/or antivirus software – Have them check with their ISP to see if there is a complimentary or discounted license available to customers for this type of software. Make sure they keep the software up to date. See our recent webcast, Next-Generation Antivirus
- Software downloads – Have them avoid unnecessary software downloads, and only download software from reputable sources. Although free games for kids may be fun, they could contain malware or viruses that can steal information off the device.
- Wi-Fi security – Make sure they secure their home Wi-Fi networks properly. Educate them on the risks of connecting to public Wi-Fi in places like airports or coffee shops. See our tips on securing your home Wi-Fi network and public Wi-Fi best practices
- Strong passwords and multi-factor authentication– Educate them on the characteristics of a strong password, and how to enable multi-factor authentication when possible. Make sure they create a new password on every device they own, and lock the device when not in use. See our password strength best practices and our recent webcast on password management strategies.
- Internet-connected device security – Mobile and smart devices are a common target for hackers to install malware that can control your device and be used for malicious purposes, such as stealing your personal information. See our recent Cybersecurity Awareness Month alerts Protecting Your Data at Home and Being Smart About Your Smartphone
- Disposing of old devices – Make sure they don't throw away or recycle old devices without properly removing all personal data and using a secure recycling program. See the Federal Trade Commission's guidelines on mobile device disposal here. Have them contact their service provider to see if any other steps need to be taken to protect their personal data.
In addition to the resources listed above, the U.S. Department of Homeland Security's Stop.Think.Connect Campaign for National Cyber Security Awareness Month has compiled resources targeted toward the following demographics:
We hope you have found our Cybersecurity Awareness Month campaign to be informative and useful, both at the office and at home. If you have any questions, please contact your ACA Aponix consultant or email us at firstname.lastname@example.org.