Creating a Culture of Security in the Internet of Things

Cyber Attack, Hacking, Internet of things, IOT, malware, Password Security, Security, Security Threats, , , , , ,
30
Jan 2018

Hackers aren’t the only threat to the security of your organization’s Internet of Things (IoT), your employees can be just as culpable for security risks.

Let’s face it, the IoT is a relatively new phenomenon and, even though most of your employees will have smart devices at home, the majority of your workforce won’t be aware of the many security dangers. It’s this lack of knowledge which can lead to major security flaws which leave your network open to hackers and their accompanying chaos.

However, humans have a huge capacity for learning and if you can ingrain the basics of IoT security in the business culture, you’ll find that your employees are soon on top of things. And this knowledge can provide an extra layer of defense, so let’s take a look at how you can provide this.

Ban All Guest Access

Many organizations provide guest access to, at the very least, their Wi-Fi network so that visitors can check emails, liaise with their own staff and, more likely, check Facebook! However, whilst this is a generous gesture, it opens your network up to a whole host of security risks. If there’s a freely available guest network then it’s likely that everyone in your organization will know the password and it can be passed on to any visitors.

Now, you’re never going to know every single visitor to your company and, crucially, you’re never going to know how secure these visitors’ devices are. Therefore, it’s a highly dangerous move to allow your employees to grant free access to any section of your network. The simplest way to combat this and prevent bad security practices is to ban all guest access to your organization’s Wi-Fi. It may seem drastic, but it will really hammer home the security risk to your employees.

Improve the Password Culture

Passwords are one of the oldest forms of computer security, but they’re also one of the most effective. IoT devices, though, have a reputation for coming pre-loaded with highly weak default passwords, so the effort required to hack them is relatively low. Changing not only default passwords, but also regularly changing existing passwords remains a highly important task to secure your smart devices.

Your employees are likely to be highly busy, though, so changing their password will tend to fall down their list of things to do. This is where you, as an employer, need to ensure that regular reminders are sent out to your employees to indicate when passwords require changing. Ideally this should be between 6 – 12 weeks of the last password change and the best way to enforce this is by restricting access to applications if the password is not changed.

Whilst employees will initially grumble about having to change their password and remember a new one, these complaints will soon subside and employees will become compliant with the process.

Regular Training

As mentioned in my opening, the IoT is a new phenomenon and the collective knowledge of your employees will be limited. And that’s why you need to make sure that your staff are given regular training sessions on the importance of IoT security.

Ideally, the IT induction that all new starters take should include a section on IoT security; after all, almost of all your employees will bring a personal smartphone into work and, of course, certain employees will be issued with company laptops and smartphones, so the need for good security practices from the off are vital.

It may seem time consuming to complete inductions and regular refreshing training, but the enhanced knowledge among your workforce will ensure that your networks remain safe from the most simple (yet damaging) IoT security mistakes.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

60,000 BSNL Modems Affected by Malware

modem security, Password Security, Security, , ,
10
Oct 2017

Morden-Security

Your modem provides a gateway to the internet, but this entry point is highly vulnerable to hackers as 60,000 customers of BSNL have discovered.

Bharat Sanchar Nigam Limited (BSNL) is an ISP based in New Delhi, India with around 93 million customers, but even with these customer numbers they have been struggling in recent years due to the increased competition in the Asia telecommunications sector. And they now have an embarrassing malware incident on their hands, so these are certainly tough times for BSNL.

The attack which has affected BSNL is almost ridiculous in its simplicity, but it has the potential to cause huge damage for BSNL and its customers. It also carries an important lesson that every PC user can benefit from, so let’s take a look.

Hacking BSNL Modems

Using botnet attacks, the hackers were able to breach the National Internet Backbone (essentially a huge network making up the backbone of the internet in India) of BSNL and gain access to their internal modems and recently installed customer modems. From BSNL’s end, this meant that their broadband service was severely compromised with around 45% of internet connections suffering disruption. For customers using the recently installed modems, however, matters got much worse.

The malware affecting BSNL was able to change the passwords of BSNL broadband customers who had made the fatal mistake of not changing the modem’s default password of “admin”. As a result, around 60,000 customers have found themselves at risk of having their broadband connection compromised as their modem would not be able to log into the BSNL system. Affected users have reported a lack of internet access and the modems ‘red error’ LED switching on to indicate a fault.

Whilst BSNL were able to manually change the password details for their internal modems and stop any further changes to their customers’ details, they were unable to reset passwords for customers who had fallen victim to the malware. Instead, these users have to manually reset their modems and enter a new password, a task which isn’t particularly simple for your average PC user.

password-866979_960_720

The Importance of Password Changes

BSNL are rightly embarrassed about the breach that their systems have experienced and there’s still no mention of the attack on their official website. And the fact that this attack stemmed from a simple password flaw is astonishing, but not completely surprising. Many, many organizations still use the age old login name/password of Admin/Admin for gaining access to the administration side of computer systems; it’s easy to remember and provides quick access, but the problem is that every hacker knows this and will always try these login details early on in an attack.

It’s absolutely crucial that you protect your networks (and even your modems) by practicing good password security. It only takes a few moments to think of a new password and just as long to change your old one, so there really shouldn’t be any excuse. And that’s why you should always change default system passwords as soon as you’re given the chance. Otherwise, you’re at risk from being hacked and will only have yourself to blame.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

7 Security Tips to Keep Your Passwords Secure

Security, ,
04
Oct 2016

password-security

Passwords can easily be hacked and this seems to be happening more and more often, so understanding how to secure your passwords is vital.

Although passwords have come in for a lot of criticism recently, they still have a place in the security arsenal of all businesses. This is why it’s crucial that you don’t underestimate their potential for letting a hacker in the back door.

Aside from using a password manager, it’s actually surprisingly simple to keep your passwords secure, but you’d be surprised by just how many people fail to protect them. And, when this happens, you get hacked!

Let’s take a look at 7 security tips to help keep your passwords secure.

1. Don’t Advertise It!

Yes, that’s right, you have to keep your password secret or it defeats the point of a password! Don’t tell work colleagues what it is and don’t write it down on a post-it note!

2. Different Passwords for Different Accounts

It may seem simpler to use one password across multiple accounts, but this actually puts you at a huge risk of losing all your data. If, for example, a hacker gains access to your email password, their next step will be to try that password in every piece of software you log into.

However, by using different passwords across different accounts, you minimize just how catastrophic the theft of a password can be.

3. Combination Passwords

You should always make sure that you use a combination of letters, numbers and symbols to create your passwords. By using a mixture of these characters you’re ensuring that standard words from dictionary lists will be useless when trying to hack a password by brute force e.g. antarctica will be in a dictionary list, but antarctica247! most definitely will not be!

4. Don’t Make it Personal

It’s very common for people to use their personal details as the basis for their password e.g. name, date of birth, hometown information. However, although this is personal to you, it’s also very easy for hackers to research. And that’s why you need to give the hackers something harder to think about.

5. Longer Passwords are Better

4bf6f12437012926be9455d8b7fdd116

Hackers are able to employ software which uses brute force to check around 2 billion password combinations in one second. And, when you consider that a 6 letter password has just over 3 billion possible combinations, you can see that longer passwords offer more protection e.g using 8 letters produces a possible 208 billion combinations!

6. Regularly Update Passwords

Complacency is the biggest threat to your password’s security. Sure, you may have a password with no personal links and it’s 23 characters long, but give a hacker enough time and they’ll crack it. That’s why you need to regularly change your passwords to make sure that you keep resetting the progress of potential hackers.

7. Enter your Password Discreetly

Always make sure that no one is watching your fingers fly across the keyboard as you enter your password. Okay, no one wants to accuse their co-workers of any bad intentions, but insider threats to data security are a real thing, so always make sure enter your password safely.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Multifactor Authentication and Why You Need It

Security,
26
Apr 2016

19_MultifactorAuthentication_b2_l_v3

Many businesses are struggling to combat the increasing sophistication of hackers. However, the key to data security may lie in multifactor authentication.

When firms such as Apple are struggling to reduce the threat of hacks which spell disaster for their employees, it underlines the ease in which hackers can gain access to sensitive data. One way that you can put obstacles in the way of potential hackers is to implement multifactor authentication (MFA) into your business.

You may be wondering what MFA is, so let’s take a look!

The Basics of Multifactor Authentication

Whilst MFA may sound both a bit of a mouthful and incredibly technical, the truth is that it’s a simple concept. Whereas you may currently require your employees to log on to your system with a password, MFA takes it a little bit further.

What MFA demands is that at least two user credentials need to be combined to provide access. The credentials employed in MFA tend to center around the following categories:

  • Password – Yes, that’s right, the good old fashioned login/password combination still has a place in the 21st century!
  • Authentication Token – A small device which users carry such as a swipe card. Using this device will allow users to access your system.
  • Biometric Authentication – This is where things start to get really futuristic as it relates to forms of genetic verification e.g. retina scans and fingerprint recognition.

What’s Wrong with Just Passwords?

2015-12-29-1451425693-272677-Steal_password

Passwords have been in use with computers for as long as we can remember; we suspect that they will also continue to be here for some time. However, on their own, they represent a security risk.

The main problem with a reliance on passwords is that they have to be stored somewhere on a database. Immediately, this presents the threat of all your passwords being compromised if a hacker manages to access the database. And, as mentioned at the start of this article hackers are becoming very sophisticated.

It’s relatively simple for hackers to run software which attempts 1 billion passwords per second, so this demonstrates just how feeble a password on its own is. Therefore, integrating MFA is crucial for establishing a strong set of defenses against potential security attacks.

Benefits of Multifactor Authentication

multifactor

Let’s take a look through the benefits that MFA can bring to your business:

  • Physical credentials can’t be compromised by social engineering. Sure, it’s possible to get a password to someone’s bank account over the phone with a bit of trickery, but how are you going to talk someone out of their swipe card?
  • Hackers are instantly repelled by MFA as their time is better spent on less complex systems to break into.
  • MFA can be very cost effective if all it requires is for an employee to be sent an SMS message with a code.
  • There’s an increase in awareness of security breaches e.g. if an employee receives an SMS message advising that a login attempt has been made, but they haven’t tried to login, then they can alert your IT department.

Considering Multifactor Authentication?

If you’re trying to make your mind up on MFA then let us confirm the answer for you: it’s essential for your most important data and emails! Anything which creates a headache for hackers is an excellent deterrent and MFA achieves this effectively.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

No More Passwords: Could Passwords Become Extinct?

Security,
23
Feb 2016

No more passwords

We’re all used to creating and remember passwords when working with sensitive data, but could Google make the password a thing of the past?

Passwords are essential when it comes to working with PCs due to the amount of confidential data that they may contain and process. When it comes to business usage, it’s likely that you’re going to need several different passwords to access all your software and hardware needs.

Google, keen as ever to re-invent the digital wheel, has decided that perhaps it’s time to approach data security in a different manner. That’s why they’re trying to implement smartphones as the key factor in accessing data.

Let’s take a look at why Google are doing this and how they plan to achieve it.

The Problems with Passwords

Facebook-Password-Sniper-v1.2-Hack

You’re probably well aware that passwords are inconvenient. After all, the number of passwords you need to use on your PC at work can become disorientating, so it’s no surprise when you forget them. As a result you’ll tap in a couple of guesses and find yourself locked out. It’s then down to your IT team to manually reset your password.

Aside from this inconvenience, though, there are a number of reasons why passwords are not the best way of securing data:

  • Many users use the same password for all their accounts to avoid having to remember numerous passwords. It’s a nice, quick solution but if their password is hijacked then it compromises all their accounts
  • Hackers are able to use spyware and keystroke loggers to easily steal users passwords without them knowing
  • Password reset questions are often very easy to guess, so this offers an easy route into your systems for hackers

There are obviously problems with relying on the humble password, so how are Google going to take security to a new level?

No More Passwords

gmail-password-forgot

Google plans to eliminate the need for passwords to access your Google account by tapping into the modern obsession with smartphones.

Here’s how it’s going to work:

  1. You’ll head over to the Google sign in page and enter your email address as per normal.
  2. At this point your smartphone will receive a notification message asking you to confirm your login.
  3. Once you authorize this – with one tap of the “YES” button – your device (be it PC, tablet or smartphone) will be given access to your Google account.

And don’t worry if your smartphone has run out of battery or you’ve lost it. You’ll still have the option to use your password to login to your Google account.

What Does This Mean for Your Business?

Google’s vision paints an interesting future for your business and the way in which you protect your computer systems. It also highlights the lack of security behind passwords and how you need to ensure that your business is well protected from the threat of hackers.

If Google’s trial is successful then it’s likely that we’ll see this new approach to security filtering into the business world fairly quickly. And not only will it protect your data’s security, it will also reduce the amount of man hours spent resetting passwords.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 3 4 5 6