Directive Blogs
Practice Healthy Password Habits on Everything
Your cybersecurity is only as strong as your weakest link, and in many cases, that starts with your passwords. As the Internet of Things continues to become more ubiquitous in our homes and businesses, we risk exposing our private lives to the public-at-large. When we don’t manage our ‘always connected’ devices, we may be placing the security of our businesses and homes at risk.
The Internet of (every)Thing.
IoT devices are devices that require a connection to the Internet to perform properly. Previously IoT devices were considered novelties, something for early adopters to play with, but no real world applications. However, as more devices have become ‘smart’, an increasing number of homes and businesses are finding themselves fitted with IoT devices.
Some examples of smart IoT devices are:
- Speakers, light bulbs and medical sensors
- Watches and fitness trackers
- Home Appliances
- Security devices (door locks, fire alarms, security systems)
Since these devices are connected to your network, they are another endpoint that needs to be kept in check to prevent security risks.
Password Security or Consumer Convenience
While there is little doubt IoT devices can be convenient, with convenience there must be vigilance and that's where some users fall short. Depending on the device, it may come factory-installed with a default username and password, or during the setup process, the user might just use a password that is easy to remember and type when connecting the new device to the network.
More often than not for the sake of convenience, many users will use the same password for multiple accounts or not change them when there is a risk of compromise.
Password Protection, More Important Than Ever
One of the latest examples of IoT device security being compromised is RING home security cameras. Recently RING users found their devices ‘hacked’, as strangers were able to hijack the camera and speakers. In one well-publicized incident, a hacker held a (very disconcerting) conversation with a child, while he watched her in her bedroom.
It was initially thought that Ring was hacked. Come to find out, the situation was similar to the Disney+ launch last November, and the problem was that users weren’t following password best practices. Basically, when users use the same passwords for different services and one is compromised, they all are. This allows hackers to gain access to a variety of accounts, even if the account itself wasn’t part of the original hack. However in this case, the original source of the compromised RING passwords may have been Amazon itself.
Amazon’s 2018 Data Breach
In November of 2018, Amazon suffered a massive data breach which exposed passwords and usernames, which most likely ended up on the dark web. Once there, they were captured and retained until there was an opportunity to use them. What may have happened is that despite Amazon warning victims their data may have been compromised, many didn’t take action. It is entirely possible that if the victims of the 2018 breach didn’t change their credentials, they allowed hackers in 2019 the opportunity to access their RING devices.
Regularly Change Your Passwords
Usually we would provide links to check whether or not your passwords have been compromised, but this time, we’re going to ask you to start off fresh and just change them. Here’s our Do's and Don’ts of Managing Your Passwords and tips on enacting NIST’s new password recommendations. Also, consider investing in a password manager.
If you’re a Chrome user, Google has created a basic password manager called Google Password Manager which comes with all you need to better manage your passwords. If you want to get away from Google’s ecosystem there’s Bitwarden, Password Boss, LastPass and many others; most of them offering a free version. So you have no excuse not to start better password management.
Passwords Are Your First Line of Defense
With ‘always connected’ technologies driving it, the IoT adoption is showing no signs of slowing down and in fact is gaining momentum. As the IoT becomes the new normal and permeates all aspects of our lives, it’s time we consider our responsibility to keep not only our data secure, but in the brave new world of IoT in our homes, our families as well. Your first line of defense will be a secure password and today’s the day to create one.
Finally, while it seems that IoT security issues are isolated to the home, in reality, particularly in offices which lack BYOD policies, a lack of IoT security can have a profound effect on the overall security of your business’ data as well. Security savvy businesses should take the opportunity to increase IoT awareness in their offices and give their team the training necessary to better maintain their IoT devices, which in turn helps increase the level of network security in your office.
If you’re ready to take your network security to the next level, including solutions for IoT devices, call Directive today. Our Network Monitoring & Management, Support & Maintenance solutions, combined with our Server Care plan, our Desktop & User Care plan, and our bullet-proof Disaster Recovery Device, ensures your IT infrastructure will be completely managed with support that rivals that of large enterprise corporations; priced for small businesses. Contact us today at 607.433.2200 to get started.