Ransomware – The Attack Du Jour!

Reading Time: 3 minutes

Ransomware is gaining traction among hackers; emboldened by financial success and anonymity using cryptocurrencies. In fact, ransomware is now considered a tried and true cyberattack technique, with attacks spreading among small and medium-sized businesses, cities and county governments. Coveware’s recent 2019 Q1 Ransomware Report notes:

  • Ransoms have increased by an average of 89% over Q1 in 2019 to $12,762 per ransom request
  • Average downtime after a ransomware attack has increased to 7.3 days, up from 6.2 days in Q4 of 2018, with estimated downtime costs averaging $65,645
  • Victim company size so far in 2019 is anywhere from 28 to 254 employees (small, medium, and large-sized businesses)

Let’s review how ransomware works and why it’s so effective. Ransomware is a type of cyberattack where an unauthorized user gains access to an organization’s files or systems and blocks user access, holding the company’s data hostage until the victim pays a ransom in exchange for a decryption key. As you can surmise, the goal of such an attack is to extort businesses for financial gain.

Ransomware can “get into” a system in different ways, one of the most common through phishing emails or social media where the human worker inadvertently opens a message, attachment, or link acting as a door to the network or system.  Messages that are urgent and appear to come from a supervisor, accounts payable professional, or perceived “friends” on social media are all likely ransomware actors disguising themselves to manipulate or socially engineer the human.

Near and Far: Ransomware Has No Limits

Many types of ransomware have affected small and medium-sized businesses over the last two decades but it shows no limitations in geography, frequency, type, or company target size.

  • Norwegian aluminum manufacturing company Norsk Hydro, a significant provider of hydroelectric power in the Nordic region, was shut down because of a ransomware infection. The company’s aluminum plants were forced into manual operations and the costs are already projected to reach $40 million (and growing). The ransomware name: LockerGoga. It has crippled industrial firms across the globe from French engineering firm Altran, and manufacturing companies Momentive, and Hexion, according to a report from Wired.
  • What was perceived as an unplanned system reboot at Maersk, a Danish shipping conglomerate, turned out to be a corrupt attack that impacted one-fifth of the entire world’s shipping capacity. Deemed the “most devastating cyberattack in history,” NotPetya created More than $10 billion in damages. To add insult to injury, the cyber risk insurance company for Maersk denied their claim on the grounds that the NotPetya attack was a result of cyberwar (citing an act of war exclusionary clause).  WannaCry was also released in 2017 and generated between $4 billion and $8 billion in damages but nothing (yet) has come close to NotPetya.
  • On Black Friday 2016, the San Francisco Municipal Transportation Agency fell victim to a ransomware attack. The attacker demanded $73,000 for services to be restored. Fortunately, speedy response and backup processes helped the company restore systems in 2 days—avoiding having to pay the ransom. In March 2018, the City of Atlanta experienced a ransomware attack that cost upwards of $17 million in damages. The Colorado Department of Transportation fell victim, too, left with a bill totaling almost $2 million.

These headlines are stories of a digital war that has no geographical borders or structured logic. No one is truly immune to ransomware, and any company that thinks that way is likely not as prepared as they think they are. Beazley Breach Response (BBR) Services found a 105% increase in the number of ransomware attack notifications against clients in Q1 2019 compared to Q1 of 2018, as well as noting that attackers are shifting focus to targeting larger organizations and demanding higher ransom payments than ever before.

Immersive cyber ranges – Protect Yourself, Your Business, Your People

If your own security efforts, staff practices, and business infrastructure are continuously hardened every time a new breach headline makes the news, the things that matter most to you and your company will be better protected. One of the ways to consistently harden security practices is via immersive and persistent training on gamified cyber ranges. Some benefits of using cyber ranges like this include:

  • Helping professionals of all skill levels learn and apply preventative measures such as: regular backups, multi-factor authentication, and incident response planning and analysis.
  • Understanding what ransomware looks like and how it would “work” if it infected their company’s network.
  • Cloud-based environments can scale to emulate any size digital system and help users “see” and respond to threats in safe spaces.
  • Providing user assistance and immediate feedback in terms of rewards, badges, and progress indicators, allowing organizational leaders who want to upskill their cyber teams to see the skills gaps and strengths in their teams and identify ways to harden their defenses.

When ransomware does come knocking at your business door, will you be ready to recover from the costly and reputational damages? If there is any shred of doubt in your mind, then it’s time to re-evaluate your cyber readiness strategy. As we’ve learned, even the smallest vulnerability or level of uncertainty is enough for a cybercriminal to take hold.

Photo by Michael Geiger on Unsplash and via website.

Cyber Security and the LGBTQIA Community

Reading Time: 2 minutes

While most of us recognize the inherent vulnerabilities of putting our personal information online, we may not think about how marginalized communities are at even greater risk of malicious attacks on the internet. The LGBTQIA (lesbian, gay, bi-sexual, transgender, queer, intersex, and asexual) community certainly understands the ramifications of sharing their lifestyles on the web, and it is of vital importance to consider how compromised online privacy can specifically impact these already vulnerable groups.

To understand the privacy risks for LGBTQIA individuals, consider how we all use the internet and create digital footprints. Here are some statistics from LGBT Tech, The Trevor Project, and a study released by GLSEN (the Gay, Lesbian, and Straight Education Network).

  • 81% of LGBTQIA youth have searched for health information online, as compared to 46% of non-LGBTQIA youth.
  • 62% of LGBTQIA youth have used the internet to connect with other members of the community in the last year.
  • More than 1 in 10 said they had first disclosed their LGBTQIA identity to someone online.
  • 1 in 4 youth said they are more out online than in person.
  • 42% of youth in this community have been bullied online versus 15% of the general public.
  • 27% of LGBTQIA members report not feeling safe online.
  • LGBTQIA youth are almost 5 times as likely to attempt suicide from harassment and isolation compared to heterosexual youth.

The internet can be a scary place for members of the LGBTQIA community, but it is often also a lifeline.  LGBT-identifying adults often need to find resources and places that will be welcoming and supportive, and mobile devices play a vital role in their day today.  For many individuals who are not yet comfortable revealing their sexual identity at home or in their communities, the internet is often the first tentative step for seeking both information and community belonging.

However, when privacy is breached, intentionally or unintentionally, for vulnerable populations, consequences can be catastrophic including loss of employment, damaged familial relationships or friendships, and even threats of physical harm or death.

Back in 2013, the National Cyber Security Alliance (NCSA) launched a collaboration with the LGBT Technology Partnership to highlight safety issues and increase focus on vulnerable populations. They created a sheet of specific tips and tricks for the LGBTQIA community for staying safe online based on the slogan STOP. THINK. CONNECT. which can be found here. Many of these tips are helpful for everyone looking to stay safe online, but when reviewing them, you can see just how cautious members of this population need to be in order to feel safe.

Ensuring that every person has equal rights and access to online safety is of the utmost importance. While many walk through life taking precautions to ensure their data is protected, we must be aware of how certain communities are at more risk than others and strive to practice our own safe behavior online so as not to put anyone else’s lives at risk.

We wish members of the LGBTQIA community a cyber safe Pride Month and risk-free access to the resources they need.

To ensure everyone stays safe online, we’ve developed a few educational videos to keep everyone informed about hacking methods and how to avoid them.
Watch the video series here.

 

Photo by Peter Hershey on Unsplash

Top 10 Cyber Myths

Reading Time: 1 minute

The top cyber security myths CISOs and security professionals fall victim to. Empower yourself with persistent training and skill building instead.

The Future of Cyber Security in the Wake of Standardized Workforce Development

Reading Time: 4 minutes

The implications of the Executive Order on America’s Cybersecurity Workforce and what it means for cyber workforce development going forward

The White House recently issued the Executive Order on America’s Cyber Security Workforce. This forward-looking executive order aims to close the cyber security skills gap and increase the number of cybersecurity professionals working in the field. This is a huge need for our critical infrastructure, national defense and modern economy. We are bound to see some changes across the industry with the passing of this bill. Although we don’t have a crystal ball to see the future, there are some implications we anticipate for the cybersecurity industry overall.

Improved Global Security from Nationally Recognized Standards

The executive order encourages widespread adoption of the cyber security workforce framework created by the National Initiative for Cyber Security Education (NICE). The use of the NICE framework will create some national standards in the industry and allow for more qualifying leverage. This will provide evaluation requirements used in contracts for IT and cyber security services.

Prioritizing Cyber Workforce Diversity

According to Cyber Security Ventures, there will be up to 3.5 million job openings by 2021 and currently, females represent less than 12% of the global cyber security workforce. This stat is crazy! To keep pace with sophisticated adversaries and develop technology that supports human cyber operator decision making, diversity of thinking and skill and approach should be a hyper-focus for the security industry.  Women are well suited for, and extremely talented at, technical fields such as information security, security engineering, and AI engineering; however, recruiting and retaining women in these fields is not where it needs to be. There is a long-standing stereotype that cybersecurity is too technical for women and that’s not the case. There are many critical skills that women bring to the table including an incredible attention to detail, problem-solving, and communication skills that are as important in cyber work as the technical know-how. Groups like Cyber Patriot, Girls Who Code, and more recently Women’s Cyberjutsu are wonderful organizations that inspire young girls and women to pursue careers in cyber and technology.

The aptitude for cyber security lies not only in the technical fields, but can also be found in many unexpected disciplines. Some of the best cyber defenders started their career out doing something completely different. We need this type of diversity and people with different backgrounds to join the industry. We need to improve thinking and skill, both technical and critical thinking skills to combat today’s adversaries.

New Methods of Cyber Security Training

In developing the workforce, we need to be cognizant of the need for new methods of training that inspire the next-gen learner. The traditional ways of learning in a classroom have worked in the past, but there are a lot of statistics that show traditional classroom settings alone aren’t the most effective in terms of applied skill preparedness and learning retention. Studies on the effectiveness of traditional classroom settings show that students lose  40% of what they’ve learned after 20 minutes and between 50 – 80% of what they’ve learned after one day, and 90% of what they’ve learned after six days.

Gamified learning approaches are currently being adopted federal agencies, banks, oil and gas and other infrastructure organizations as well as academic institutions such as the University of Colorado,  Divergence Academy, and Loudoun Public Schools. This form of active learning generally includes on-keyboard activities along with team collaboration and applying concepts to real-world scenarios, which has shown to improve retention to 75% compared to 5% through more passive learning methods like lectures with PowerPoints. Recently, a graduate student at the University of Colorado shared his experience after he played one of the cyber games in Project Ares, Circadence’s flagship learning platform. He mentioned that he liked the feeling the game created of a sense of impending danger from the robots and that made him think better and learn more as he worked to defeat them.

Pursuing ‘Cyber as a Sport’ to Capture Talent

We embrace the idea of “cyber as a sport” believing cyber security skill building can and should be fun, like sports. Cyber competitions are a great way to encourage skill-building plus they bring attention to the industry. These kinds of competitions should be happening from early school age (Girls Who Code), through high school (Cyber Patriot), and university (NCCDC), and then throughout the professional career. Competition categories can include individual and team-based events, software reverse engineering and exploitation, network operations, forensics, big data analysis, cyber analysis, cyber defense, cyber exploitation, secure programming, obfuscated coding and more.

Wicked6 Cyber Games, cyberBUFFS, SoCal Cyber Cup, and Paranoia Challenge are several examples of events where students can engage in healthy competition and skill-building among peers in an active, living lab setting. Circadence’s gamified training platform, Project Ares is used as the platform to deliver the competitive exercises though its immersive, gamified cyber range.  Realistic scenarios challenge players in mission-specific virtual environments using real-world tools, network activity and a large library of authentic threat scenarios.

Without continued effort to increase the cybersecurity workforce, our critical infrastructure, national defense and modern economy will be jeopardized.

The publication of this Executive Order is an indication that government is ready to proactively address our very serious cybersecurity challenges and is looking to new ways of training and skill building to meet the demands of today’s workforce.

To keep organizations better protected in the wake of digital transformation, legislative progress like this is a significant stepping stone to alleviating the industry’s largest challenges.

Nichols College Students Spearhead Cyber Security Education for the Entire Campus 

Reading Time: 3 minutes

Policy makers are now prioritizing data security over talent, efficiency and controlling costs. As students growing up and being educated in the digital age, we are just starting to understand the importance of cyber security to individuals and their companies. Taking part in a Research Associate Internship on campus at Nichols College, our eyes have been opened to the vast number of threats we face on a daily basis.

Oracle conducted a study titled “Security in the Age of Artificial Intelligence,” where 341 C-Suite executives and 110 policy makers were asked of their plans to improve their company’s security in the next two years. The top answer from this sample was to train existing staff. Human error poses the greatest risk to these companies (Oracle). In order to mitigate this risk, it is imperative to understand the opportunity cost of training employees on the importance of cybersecurity. Prioritizing training would prevent small mistakes, potentially costing a company much more in the long run.

A Nichols College Associate Professor of Accounting and Finance, Bryant Richards, noticed a gap in cyber security education, wanting to bring cyber to campus in a big way, stating “As cyber risks have become ubiquitous throughout the industry, it is our responsibility to provide some degree of cyber literacy to our business students. We must train our accounting students to be data and technology professionals who understand accounting. The realistic and experiential nature of Project Ares matches how our students learn and provides a transformative learning experience.” Richards along with the two of us, helped Nichols partner with Circadence to complete a three-month pilot program of their gamified cybersecurity learning platform Project Ares.

What We Found: Circadence did a great job with Project Ares, with an appealing, gamified user interface that sucks you in and is easy to use. As a student with no technical experience in the cybersecurity field, Project Ares proved to be both engaging and challenging. It provided an abundance of resources through its Media Center and Mini Games. Users can obtain a base layer of knowledge, progressing into education on concepts like the Cyber Kill Chain and how hackers utilize it. The interactive Battle Rooms provide real-life, technical lab environments where users can spin up virtual machines, explore real-world tools, build their confidence, and hone their skills.

What We Learned: You do not have to be a professional hacker to steal someone else’s information or gain access to their computer. Understanding the code is no longer enough; this is much more than an individual problem. If your own device is compromised, the hacker can steal your personal information, and steal information from your employer and worse. This harsh reality surprised us when we first commenced our research. From clicking a wrong link in an email, to accidentally tapping an advertisement banner on your phone; these small errors can seem harmless but are really detrimental to your overall security.

The gamification of cybersecurity training has allowed those of us with no prior knowledge, a chance to get a leg up. With increased demand to train existing staff, new training approaches must be made for the next generation of cybersecurity specialists. Gamifying the process made it easily digestible, directly benefitting any potential company or individual.

The first step in becoming educated on cybersecurity is understanding that there are threats present in our everyday lives. In the words of the man who gave us our initial walkthrough of Project Ares, Brad Wolfenden compared cybersecurity to buying a gallon of milk, saying:

“I believe that part of the disconnect around cybersecurity best practices comes from the assumptions we make as consumers in general – that what we’re buying is designed and sold with our best interests, and security, in mind … The food you buy and eat is certified by the Food & Drug Administration to indicate it has been safely grown/ raised and suitable for human consumption. When making technology purchases, we cannot take these same conveniences for granted.”

It is everyone’s ‘job’ to maintain high ethical standards and awareness when operating on the Internet nowadays. It is no longer up to one person or pre-installed software to protect your personal information. The more we are educated on the basic underlying principles of cybersecurity, the safer we will all be.

References

Oracle. “SECURITY IN THE AGE OF AI .” Oracle, 2018, www.oracle.com/a/ocom/docs/data-security-report.pdf.

Wolfenden, Brad. “A Rising Tide Lifts All Boats: Celebrating National Cybersecurity Awareness Month.” Circadence, 30 Oct. 2018, www.circadence.com/national-cybersecurity-awareness-month/.

*Students R.J. LeBrun & Lorenzo Secola guest authored this blog post as part of their Research Associate Internship at Nichols College 

 

 

 

Diversity in Cyber Security: Why It’s Important and How To Integrate It

Reading Time: 3 minutes

You may have heard that the cybersecurity skills gap is widening, and that there is a massive shortage of cyber professionals today. In fact, Cybersecurity Ventures predicts that there will be up to 3.5 million job openings in the field by 2021. In spite of the growing need for people in cyber, women continue to be underrepresented in the field.

According to major findings from the 2017 Global Information Security Workforce Study:

  • Women are globally underrepresented in the cybersecurity profession at 11%, much lower than the representation of women in the overall global workforce.
  • Globally, men are 4 times more likely to hold C-suite and executive-level positions, and 9 times more likely to hold managerial positions than women.
  • In 2016 women in cybersecurity earned less than men at every level.

It’s no surprise that women are the underdog across plenty of male-dominated industries. So why is it so important for women to close the gender gap in cyber?

We need diverse perspectives in cybersecurity

Firstly, cyber is an area that benefits greatly from utilizing people with diverse perspectives and histories to solve problems. As threat actors and black hat hackers often come from disparate backgrounds, the wider variety of people and experience that are defending our networks, the better the chances of success at protecting them.

Combat the stereotype that cyber is only for men

Secondly, as there are so many empty jobs in the field, it is ultimately detrimental for a factor like a gender to narrow the pool of people pursuing it. Unfortunately, the message is ingrained in women from a young age that tech and security are “masculine” professions, which results in a self-perpetuating cycle of unconscious bias against women in the field. These problems are difficult to fix because they are subtle and pervasive and often come back to issues in culture and education. In fact, an online survey, Beyond 11%, found that most women have ruled out cybersecurity as a potential job by the age of 15. This is unacceptable!

Everyone can learn cyber

Finally, there is a misconception that the cybersecurity industry is only for people with highly technical skills. Unfortunately, the “bad guy” hackers out there don’t require crazy technical skills to get to your personal information. Fortunately, being on the defensive lines don’t require them either. Cybersecurity is a highly trainable field and has a growing need for people in more positions than ever before, such as legal, marketing, and public policy – all of which women have proven to excel in. In fact, the communication skills, problem-solving and attention to detail skill sets needed to excel in cybersecurity are skills women possess and are really good at.

Introducing more women to cybersecurity


Programs and Events

Since many of these problems start for women from a young age and through somewhat unconscious societal and cultural constructs, it can feel like a daunting task to get women more involved in cyber. In order to combat these misconceptions, many programs and events have been put into place to provide young women with female role models in the cybersecurity field. Events such as the Women in Cybersecurity Seminar, Women in Cybersecurity Conference, and Cyber Day for Girls are just a small number of direct-action groups that companies like IBM have put in place to address the gender gap. Further cyber competitions like the Wicked6 Cyber Games, and organizations like the Women’s Society of Cyberjutsu and Girls Who Code are dedicated to introducing young women to cyber at that earlier age before they are told “it is not for them.”

Cybersecurity Mentorships and Internships

Mentorships and internships are another great way to introduce girls to other women in cybersecurity fields they may think are beyond their reach. Volunteers from tech companies have been going to summer camps specifically designed to encourage young girls to consider careers in STEM, such as the Tech Trek summer camp. Additionally, the Girl Scouts just introduced the first ever cybersecurity badge, which can be earned by completing curriculum and gamified learning around internet safety.

Persistent cyber career development

Another way we can support and retain women who choose cybersecurity roles is for companies have policies in place that ensure women do not miss out on opportunities to further their careers after having children. Things like flexible hours and the option to work from home can be key in maintaining a diverse and productive workforce. Hiring managers can also work to ensure equal employment opportunities when looking to hire for a new position. People from all backgrounds should feel welcome to apply for roles in this highly trainable and accessible field.

We need all hands-on deck now more than ever in cybersecurity, tech and STEM fields. Communicating to girls at a young age that technology isn’t just for their male counterparts, and that it can offer them a long and rewarding career, is essential in closing the gender and skills gap in cyber.

To learn more how to diversify the cybersecurity workforce from a strategic standpoint, read our other blog “Diversifying the Cybersecurity Workforce.” https://www.circadence.com/a-call-to-diversify-the-cybersecurity-workforce/

 

 

Healthcare Cybersecurity: In Critical Condition

Reading Time: 2 minutes

The digitalization of healthcare communication has greatly impacted how healthcare professionals use medical devices, perform patient care, and conduct internal operations. Electronic health record (EHR) mandates and widespread adoption of mobile devices has accelerated at such a rapid pace, healthcare cybersecurity companies are making mistakes that are inviting malicious hackers inside. Unfortunately, the healthcare industry has developed a negative reputation due to frequent data breaches, ransomware attacks, and security threats. It is time to revive the industry and get it on a path to a healthy recovery.

Healthcare Cybersecurity Statistics

  • More than 300 reported data breaches
  • More than 16 million Americans impacted
  • 62% of healthcare organizations have experienced a breach in past 12 months

Causes for these attacks like unencrypted, lost and stolen devices, outdated systems, and sheer lack of cyber professional personnel contribute to the health care industry’s demise. It allows cybercriminals to steal financial and billing information from hospitals, patient records, and even bank account numbers.

The following organizations have fallen victim to attacks. Their suffering gives us a glimpse into the severity of healthcare cybersecurity threats. It also sheds light on how healthcare cybersecurity spending can be re-directed to support cyber teams so they can better prevent an attack of their own.

  1. SSM Health in St. Louis: A former call center employee accessed 29,000 patient records including demographics and clinical information. The former employee did not have access to financial information, according to the statement.
  2. 21st Century Oncology of Fort Myers, FL: An unauthorized third party gained access to a company database, putting 2.2 million individuals at risk. Data stolen may have included patient names, social security numbers, physician names, diagnosis and treatment information, and insurance information.
  3. UNC Dermatology and Skin Cancer Center: A stolen computer contained roughly 24,000 patients with records detailing names, addresses, phone numbers, birthdates, Social Security numbers, employment status, and employer names.
  4. Sinai Health System in Chicago: A phishing scam affected approximately 11,350 people of the seven-member hospital system. The investigation reported no financial information was compromised but patient information may have been compromised.
  5. Henry Ford in Michigan: A cybercriminal accessed email credentials from a group of employees to view and steal the data of 18,470 patients. While the email accounts were password protected and encrypted, the hacker accessed patient names, dates of birth, medical record numbers, provider names, dates of service, health insurer, medical conditions and locations.

There is good news, however. These threats can be mitigated with the right “medicine.” How?

Stopping Healthcare Cybersecurity Threats

Cybersecurity starts and ends with humans. It is the people controlling the use and deployment of technologies who have the ultimate power to create a secure cyber environment. Therefore, we advocate for a “data privacy first” mentality that places people at the center of cybersecurity in the healthcare industry.

Cyber teams can engage in persistent learning and skill-building opportunities to learn how best to protect patients and minimize security risk and identity theft. Protected health information and patient security is of utmost importance to healthcare cybersecurity so if cyber professionals and non-cyber professionals like understand how to improve data security, patients and the facilities that house them will be better protected.

To learn more about preventative ways to stop healthcare cybersecurity threats and upskill your cyber team, download our infographic: “Cybersecurity in Healthcare.”

 

 

 

A Dialogue with Keenan Skelly – ISTP magazine

Reading Time: 1 minute

ITSPmagazine’s John Dasher chats with Keenan Skelly, Circadence VP of Global Partnerships & Security Evangelist, for a fascinating conversation on cybersecurity learning, training and assessment through their Ares and Orion products.

Circadence deploys gamification training to shrink skills gap – The Last Watchdog

Reading Time: 1 minute

One of the top innovators in the training space is Circadence®. The Boulder, CO-based company got its start in the mid-1990s as a pioneer of massive multi-player  video games. It then took its expertise in moving massive amounts of gaming data and applied it first to training military cyber warfare specialists, and, next, to training security analysts in the enterprise, government and academic communities.

The Internet of Things Ushers in a New Wave of Cybersecurity Needs

Reading Time: 3 minutes

The internet has changed rapidly since its inception in 1983. The way we communicate, consume news and media, shop, and collect data are just a few examples of the way the internet has changed the world. A term you may have heard crop up in recent years is IoT, or The Internet of Things. IoT is about extending the purpose of the internet from use in day to day devices like smartphones and computers to use as a host of connected “things.”

So why would we want to do that? When something is connected to the internet and able to send and receive information, it makes the device smart. The more smart devices we have, the more connected and controllable our environment will become. IoT provides important insights to businesses and people that allow them to be more connected to the world and to do more meaningful, high-level work.

While the Internet of Things holds incredible potential for the world, it also means opening up more avenues of vulnerability for hackers to tap into our infrastructure, our homes, and our businesses. On a large scale, the development of “smart cities” are cropping up, promising better usage of resources and more insights from data among other things. On the other hand, this could allow hackers higher access to critical infrastructure leading to potentially crippling instances of national and industrial espionage. On a smaller scale, things like parking meters can be hacked in order to cheat the system for free parking.

The rise in IoT security must match the explosive growth rates for these devices, which means that a new era of cybersecurity is being ushered in. Nearly half of U.S. companies using an IoT network have been hit by a recent security breach, and spending on IoT security will reach more than $6 billion globally by the year 2023.

Where does this leave us in a world with a seemingly bright technological future that holds such dark potential? As IoT continues to grow and evolve, it’s hard to say what specifics need to be put in place in order to keep it secure. However, there are some good general practices that can mitigate your personal and professional risk of being a victim of a breach.

  • Be aware when it comes to downloading apps. Always read the privacy policy of any apps you’re thinking of downloading to see how they plan to use your information and more.
  • Do your research before you buy. Smart devices collect a lot of personal data. Understand what’s being collected, how it’s being stored and protected, and the manufacturer’s policies regarding data breaches.
  • It seems obvious, but use strong and unique passwords for your device accounts, Wi-Fi networks, and connected devices (and update them often).
  • Use caution when utilizing social sharing features that can expose your location information and could let people know when you’re not at home. This can lead to cyberstalking and other real-world dangers.
  • Install reputable security software on your devices and use a VPN to secure data transmitted on your home or public Wi-Fi.

All these tips are focused on educating yourself as a responsible user of the internet and sharer of all things personal and professional. To protect yourself (and others around you), keep learning safer internet and cybersecurity practices. Cyber is always changing, just like the internet, and if we overlook a privacy policy or share a little “too much” on social media, we place ourselves at risk of exploitation and danger. It is up to us, the individuals who use this technology day in and day out, to create safer spaces online to communicate and continue to enjoy the internet in all its glory.

Eventually, there is hope that the IoT industry is able to revolutionize cybersecurity for itself, as compliance and regulation never seem to catch up to the pace required by cyber defense technologies. Since this is still such a new industry and constantly evolving, utilizing the aforementioned tips and tricks will help you stay safe while IoT security gets its footing. There is a lot to look forward to as IoT continues to revolutionize the way the world works, it’s just a matter of time before cyber teams are ready to take on this new wave of security needs.

Photo by Domenico Loia on Unsplash