As a recurring concern highlighted in our ITFIRM.COM blogs, protecting your data and network systems is paramount. The survival of your business depends on the security of your data.
But what about at home? How’s your Cybersecurity there? Especially if you work from home full time or just occasionally, if you plug in remotely to your office network, then all connected things – including ‘Internet of Things’ (IoT) items can pose a potential risk. This applies not only to your office connection, but to your life.
Your business can be severely damaged or outright ruined by a data breach, but your own life can by devastated by Identity Theft. And it’s all the more likely in a Smart Home. If you do absolutely NO work from home, then your company’s IT support team is most likely no going to be able to help you.
A Smart Home is internet connected, and when cybercriminals are looking to score, they unerringly choose the path of least resistance, which is often seemingly innocent devices that have been overlooked in your security strategies. One popular avenue these days is the Internet of Things.
Most people wouldn’t think of a child’s toy as a vulnerability that cyber crooks would use to steal of your personal data, but this literally happens all the time. Every time a new connected device comes on the market, gadgeteers scoop them up and hackers look to exploit it.
But it isn’t only electronic theft - how about your trash can sitting outside? Is it a treasure trove for an identity thief trolling the neighborhood at night?
People tend not to think about the various kinds of everyday objects that can lead to identity theft, but instead focus on their computers and cloud accounts, which seem more important, and to a limited extent, they are. But the fact is, everything is important, so don’t overlook your connected gadgets. Crooks have hacked into smart HVAC systems and turned the heat to 100 degrees until a ransom in cryptocurrency is paid.
While it’s crucial to have strong passwords and use antivirus (AV), firewalls, and Multi-Factor Authentication (MFA) on your devices, you also need to be wary of other ways that hackers and thieves can get your personal data.
With that in mind, let’s look at few precautions – that should be ‘common-sense’ because they are fairly obvious, like not putting anything with any account information or your SSN (Social Security Number) in the trash, but with the technology available today, it’s wise to look at seemingly innocuous objects like anything with a wireless connection.
Here are six common things that criminals can use to steal your information:
Wireless Printers
These days, almost everything is wireless, including most printers. This means they are not just connected by a cable to your computer, they are part of your home or work network and the data they possess is ‘in the air’. Printing from another room is convenient, but the fact that your printer connects to the internet can leave your data at risk.
Printers can store sensitive documents in their queues and memory, such as contracts and tax paperwork. When putting data security protections in place, most people don't think about the printer. Just because you are not thinking about your printer, cyber thugs are – and they are looking for ways to hack them. When this happens, a hacker can not only glean data from the printer, but they could also leverage it to breach other devices on the same network.
Keeping your printer’s firmware updated is a good way to make sure it’s protected. Always install updates as soon as possible. You should also turn it off when you don’t need it, because when it’s off it’s not accessible by a hacker.
If you work from home and use the printer for work, your in-house IT services team or Managed Services Provider can handle this for you.
Old Smart Phones
Smartphones are replaced about every two and a half years, according to Statista. That means there are a lot of old phones laying around containing personal data.
So many people virtually live on their mobile phones, so think of all the personal information they hold. We have synchronized connections with cloud services. Phones also hold banking apps, business apps, and personal health apps. These are all handily stored on one small device.
As chip technology has advanced, smartphones have been able to store more ‘stuff’ than they used to, meaning that documents and spreadsheets can now be easily stored on them along with reams of photos and videos.
Simply by finding an old smartphone, a cybercriminal could easily strike data theft gold. You shouldn’t just throw electronics away like normal garbage – they contain varying degrees of toxic components, so you should also dispose of them properly. Make sure that you clean any old phones by erasing all data - at least remove the SIM card and destroy it.
USB Sticks
Have you ever received a USB drive by surprise in the mail or run across one laying around, or received one as a promotional give-away? Perhaps you thought you scored a free removable storage device or maybe you’re a good Samaritan and want to try to return it to the rightful owner. First, you need to see if the owner’s identity is in the flash drive – that requires plugging it in.
When you reach to plug a USB device of unknown origin into your computer, the hair on the back of your neck should stand up. This is an old trick in the hacker’s book, but it still works. They plant malware on these sticks and then leave them around as bait. If you plug it into your device, you can be infected even if you didn’t access any data on the drive. They depend on their potential victims’ human nature ignorance of the threat.
For more information, please browse through the previous warning on our ITFIRM.COM blog: 'Beware the Free Flash Drive'.
Old Hard Drives
Always make sure any device or piece of hardware is clean when it comes time to dispose of it – especially an old computer or removable drive. It isn’t enough to just delete your files. Computer hard drives can have other personal data stored in system and program files, which you can’t readily see.
Bear in mind that if you’re still logged into a browser, a lot of your personal data could be at risk. Browsers store passwords, credit cards, visit history, and more.
The smart move is to get help from an IT services professional to properly erase your computer drive. This will make it safe for disposal, donation, or reuse. Either that or get out the sledgehammer.
Trash Can
It doesn’t matter if the trash receptacle is ‘smart’ or not. We presume everybody knows not to put Personally Identifiable Information (PII) in a trash can outside, because identity theft criminals aren’t only online. They can also be scouting the neighborhood on trash day. Be careful what you throw out in your trash.
Garbage-enabled identity theft is much more common than you might think. The trash can include pre-approved credit card offers that you toss out as ‘junk mail,’ or voided checks, old bank statements, and insurance paperwork. Any of these items could have the information thieves need to commit fraud or pose as you.
It is well worth the cost to buy a shredder. You should shred any documents that contain personal information before you throw them out. This extra step could save you from a costly incident.
Children’s IoT Devices
More and more, everything is connected: electronic bears, smart watches for kids, Wi-Fi-connected Barbies – these are all toys that hackers love. Mattel’s Hello Barbie was found to enable the theft of personal information. A hacker could also use its microphone to spy on families.
Most kids nag their parents to get them these futuristic toys, and that’s the problem. Parents might think they’re cool, but don’t consider their data security. After all, what could be more innocent than a child’s toy? The issue with these smart toys is that they are usually easier to hack. Cybercriminals also zero in on these IoT (Internet of Things) toys, knowing they aren’t going to be as hard to breach.
You need to exercise caution with any new internet-connected devices you bring into your home - including toys! Anything connected is not necessarily benign. Install all firmware updates. Additionally, do your homework to see if a data breach has involved that particular toy.
Frequently Asked Questions
How do IoT devices get hacked?
One very popular method of attacking IoT devices is brute-forcing passwords on Telnet and SSH services that are not disabled. Once attackers gain access to these services, they can download malware to the device or get access to valuable information.
What is considered PII?
Personally Identifiable Information (PII), is sensitive data that could be used to identify, contact, or locate an individual.
What are examples of PII?
The most common examples include personal identification numbers: social security number (SSN), passport number, driver's license number, taxpayer identification number, patient identification number, financial account number, or credit card numbers, personal address information: street address, or email address, and personal telephone numbers.
How secure are shredders?
You should use a level P-5P or higher for highly sensitive information, such as a Social Security Numbers or financial statements. A P-5 shreds your document into 2,000 pieces, while for just a little more money, a P-6 shreds it into 6,000 pieces. A P-4 shredder is the minimum security level for sensitive information, but as it only shreds a document into 400 pieces, it does not deliver enough cuts to be considered high security – some crooks may be willing to piece 400 cuts back together.
How secure is your network?
As a longstanding, reputable member of the Charlotte IT Support community, ITFIRM.COM offers a FREE, no-risk network and Cybersecurity assessment. We perform a non-intrusive scan that allows us to deliver a comprehensive report of the state of your system and its vulnerabilities that is yours to keep. There are no strings attached, and you are under no obligation to ever use our Managed IT Services.
The two best defenses are next-generation Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.
We put our 100% Money Back Guarantee in writing, so there is no risk in trying us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Among the Managed IT services we provide:
IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)
Planning an Office Move?
Contact ITFIRM.COM today! We have the experience to ensure a seamless transition. After the move, your employees will arrive at the new location to find their IT infrastructure ready and open for business!
For more information on office moves, or to receive your FREE no-risk network and Cybersecurity assessment, just fill out the form on this page or call us at:
704-565-9705
