“Let’s hack and disable your cell phone. Start whistling in three, two, one, GO!”
Researchers at the University of Michigan and University of South Carolina claim to have discovered that music could be used to disable or, to a certain extent, even control some IoT devices. The researchers say they were able, through sound waves, to add steps to a Fitbit tracker and interfere with a cell phone app’s ability to control and access Internet of Things devices.
What does this mean? As IP enabled devices become more and more common, we are culturally on a course that the most likely device that we will use to control and interface with them is our cell phones. These IoT devices use chip based devices that are built upon the architecture of micromechanical systems (MEMs). Since these devices lack standards or shared design criteria, there is no governing body to say, “this is good or this is bad,” when a new product comes out.
Common examples where exploits are known and published include the interfaces between fitbits, drones and toy cars with your cell phone.
There are IoT devices in your workplace, today, whether you approved them or not. For example, I am wearing a Garmin watch that supports Bluetooth and wireless, and it is connect to our office public Wi-Fi. Since I know the logon information for the corporate Wi-Fi, I COULD put my watch on the private network, and, more likely than not, no one would know that it was a watch. After all, it has logged on with a valid username and password, and it is logging on from a known location-the office. What if my watch got hacked and became a proxy for, say, a server that was sending out inappropriate content?
Who is at fault? The network admin for not having enough security? Me, for not notifying the network admin that I have an IP enabled watch? Garmin, for making a watch that is hackable?
The IoT world is changing who we use technology. The lack of standards or the inability to track device proliferation shall make the news with ever growing frequency.
It is best to respond to this threat before it is a problem. Mobile Device Management can help. Learn more about TNT's Mobile Device options here.
Businesses are on the hook for customer information and data security, and we are not talking about credit cards.
In a recent court hearing, the Federal Trade Commission cited a company lacked “even basic precautions to protect the sensitive consumer information maintained on its computer system." It appears that actual harm from a data breach doesn’t necessarily need to be proven if the potential for harm exists. The ruling sends a clear and sobering signal to business owners: You must make significant, demonstrable efforts to protect yourself from data breaches or face the consequences.
In the ruling, the FTC stated, "Among other things, it (the company) failed to use an intrusion detection system or file integrity monitoring; neglected to monitor traffic coming across its firewalls; provided essentially no data security training to its employees; and never deleted any of the consumer data it had collected.”
The days of keeping all emails from a customer, including ones for order and purchase approvals, now represents a liability, not an asset or a CYA tool.
Too often, small businesses state, “Nobody is interested in the data we have. We’re not Sony or a government agency.” That thinking can now put you out of business.
Many IT leaders and business owners often think that there is a single product or service that they can subscribe to and this problem goes away. None exists. You need a managed security system that includes multiple products and offerings to address the gamut of requirements.
Lastly, there is no substitute for cyber security training for users. IT staff are not the ones who initiate the breaches-it is nearly always employees or innocent staff who don’t realize what they are doing.
The Network Team recently hosted a workshop on cyber security. As part of the workshop, we distributed handouts to help you help your employees strengthen the data security of your network. Fill out the form below to download the handout.
In ancient times, they city of Jericho was a modern Manhattan. It was the center of trade and commerce and known throughout all the Middle East as a crown jewel of civilization. Jericho’s leaders built a large wall to protect it from invaders. The wall was so big, that nearly none of the city’s occupants took the time to stay trained in the use of combat weapons like the villages who lived outside the city walls.
God’s people marched around Jericho seven times and the wall fell. Despite the size of their force being much smaller than the number of people living inside the wall, the city fell to the Israelites.
This was preventable, if Jericho’s leadership was like Webroot.
Most of our customers start with some over the counter firewall product that came with a $20 gift card to their favorite department store. They feel by using this firewall, they are as safe as the residents of Jericho. They do nothing to holistically protect the assets inside the company feeling that their firewall is doing all the hard work for them.
By using Webroot, you are doing the same thing as providing a wall not only around your city, but also around each of your assets. The best part, is that you don’t have to worry about bricks, concrete and training for your users as Webroot is a cloud-based product, meaning all the heavy lifting is done by smart guys (and gals) in a faraway place. The software that gets installed is minimalistic and does not require updating, meaning no matter who is attacking, the way automatically protects from the current attack.
In the past, TNT recommended products from Trend Micro, Barracuda and others for endpoint security. These products all had unique configurations with a need for maintenance, or they did not work. With Webroot, it is a set it and forget it technology, meaning once we set it up, there is very little for either of us to do. It is much like getting electricity installed in a new home.
You ought to try it out. It’s free for 30 days and costs only a couple of dollars a month per user after that.
Reach out today to learn more.
43% of cyber attacks target small businesses. Cyber criminals know that most small businesses can’t afford or don’t allocate resources for the level of protection of larger enterprises. For the criminals, it’s easier to infiltrate tens of thousands of small businesses with less security than to try to breach the sophisticated defenses of the large enterprises.
But despite the limitations, it is vital for small businesses to strengthen their defenses. The Network Team has put together a list of network security tips you may not have thought of that can help small businesses without adding too much to the bottom line.
- Use a separate computer for financial transactions. Email and web browsing are common attack vectors criminals use to compromise your computer through malware and phishing attacks. To help limit the risk of them also gaining access to your financial information, have a separate computer that is used exclusively for financial transactions. Ensure the computer is password-protected, and change the password every three to six months. You could also put the dedicated computer on an isolated Internet connection, separating it from the corporate local network.
- Use two-step verification processes for all organization-connected services. The FBI recommends Two Factor Authentication for security. Two Factor authentication, or 2FA, means using two components to access information online. Yes, it will mean an extra step for employees, but it will add a layer of security at little to no cost to your budget. A criminal will not have access to your second source of identification. It usually includes a password or PIN only the user knows and one of the following:
- A device like fob with a code that changes often
- The end user’s fingerprints
- The user’s location at the time of authentication
- Remind employees often of security measures. End-users are one of the biggest holes in cyber security. Small business owners can help close those holes by educating employees on basic security measures. These can include items like updating passwords often, training on how to spot fake websites and malicious emails, and company policy for reporting potential threats. This training should be a regular part of employee onboarding, with refreshers through company newsletters or at company-wide meetings.
If you’re unsure what network security tips need to be included in that employee training, you should attend The Network Team’s Tech Brews Cyber Security Workshop. The free event March 2, 2017 includes drinks, appetizers, and a discussion on cyber security trends, including practical tips on how to help employees keep your network secure. Click below to learn more and register for the event.