In this digital era, every thing is prone to security attacks. And as pointed out, people are the greatest vulnerability; we are the enablers of most of these attacks, especially the end users. The attacks are as a result of things we do and other things that we take for granted; at times accidentally or intentionally.
A lot of people only care about malware protection and other threats that modify data, attack computer system up to file levels and avoiding phishing attacks, but that’s not all when talking about security.
An ideal digital smart home comprises of the Internet of Things which are also vulnerable to security attacks. So, if one protects against malware, there are a lot of vulnerabilities that will remain untouched. Malware protection won’t help as most of them are brought by us. The first precaution is to make sure that we are not enablers of cybersecurity attacks. To do that, below are things that we do that make us vulnerable, we must avoid them to avoid the threats. Additionally, there are countermeasures for each of the mistakes.
Letting your Assistants be vulnerable
Nowadays, everyone is making their homes smart, and in a smart home, you won’t miss a digital home assistant from popular brands such as Google Home or Amazon Alexa. These intelligent assistants almost do every task with a touch of your smartphone or with pre-loaded instructions. Set them once and you’re done. These Assistants perform some tasks that make your security vulnerable; that’s through accessing the internet. Most people have no secure internet infrastructure and use the provided internet. Tasks such as shopping, background mic listening and some have even included a camera, are a security risk.
In Alexa, the 2015 and 2016 version, it was found that one can access debug pads and boot directly into the firmware. Then using, the shell the attacker could gain remote access to the always-on listening mics and gather all the info you are talking about. The attacker does this via an SD card and then can install malware on your device. The attacker must have access to the device. Good thing, the 2017 editions are safe from these attacks.
Since the Assistants are supposed to be on all the time, keep updating them or get the new versions since they have some bugs fixed and probably new security features. You should also ensure your network infrastructure is secure, i.e., you can use a VPN-enabled router so that all your IoT devices traffic is secure when they access the internet.
An exposed webcam
If you are keen on the internet, you might have noticed people like Mark Zuckerberg have their webcam covered and their mics on their laptops. Probably you never wondered why or you brushed that thought away. Well if you are reading this, place an opaque cover over your laptop’s camera if you are not using it. The reason being, the webcam is a straight open door to your life and what you probably do. The laptops may be spying you without your consent. It has been known that hackers can commandeer laptop webcams and then may blackmail you with that info collected or expose you. the bad thing, your camera won’t even notify you when its on.
To avoid this, take a little piece of an opaque masking tape and tape it over your camera, you can put also place a smaller soft paper before taping your camera to avoid glue sticking onto the lens. You have to remove it every time you want to face chat with someone. You can also cease giving people your machine or even your phone. Some people may have malicious motives that you might not be aware of. In smartphones, hackers may not access your camera, but they access your entire info through spying apps. Regularly check your apps to see if there’s some new app that you can’t recall installing.
Accepting terms and conditions of apps without reading them
There’s a virtue called patience, and lack of it is alarming, especially when you are a victim. When installing apps and programs, everyone clicks next, next, next and then install. Few people take time actually to read the app’s terms, conditions and even permissions it will have after installing. Some terms will even indicate openly that the app will collect your personal info, but of since you didn’t read the terms, you end up giving them your info freely; with your consent. It is even worse on smartphones, some apps ask for permissions they don’t even need, unless for stealing your data.
For example, a flashlight app will ask permission to access your location, camera and internet activity. This means one thing, the app will be tracking your every move and sending it to an attacker. Always review and read apps terms, conditions and permissions before installing them.
You don’t always log out of your accounts
Almost everyone has picked this habit from their smartphones and brought it to laptops. Unlike smartphones, its weird to put passwords in Laptops’ browsers unless you are using some password enabled apps. Nevertheless, most accounts are programmed in such a way that they can log you off if you are not active after some period. But we have made this option useless as we always click on the remember me/password feature. Although its convenience as you don’t have to log into the account several times, it also leaves you vulnerable. An attacker can simply steal the passwords and then modify your info or lock you out of your account.
To avoid threats but still make it convenient for you not to log in every time, use two-step verifications and filters. You can also set your machine to be the only authorized device that can access your account. You can add other devices later. With these mechanisms, you will be alerted if someone is trying to log into your account. If it’s not you, you can then revoke all signed in devices.
Turning off installing updates
Although they may take a huge bite out of your internet bundle, system updates are necessary as they fix vulnerabilities and exploits hackers may use. Always ensure you have the latest software in any of your devices.
By avoiding all the above mistakes, you will have minimized the chances of being a cybersecurity attack victim.