By Christopher Dawson, Threat Intelligence Lead at Proofpoint
Proofpoint recommends consumers follow the below tips to ensure security concerns are front and centre during the festive season:
1) Reset the default usernames and passwords on your internet router and any wireless access points. Before you introduce new devices to your home network, examine your internet router or modem and any wireless access points you have to ensure you are following best practices. Too few people reset their default usernames and passwords and massive botnets are constantly scanning for vulnerable devices they can access by brute force. In addition, be sure you are running the latest security software. Consult your internet service provider (ISP) or router manufacturer’s main website for how to log in, run an update, and apply the most secure settings.
2) Segment your network on your router. Most routers allow you to split off parts of your network so that so-called Internet of Things devices, gaming systems, and the like can’t talk to computers or corporate devices that are also on your network. Segmenting makes it harder for a cybercriminal to move across your devices. Check with your ISP for ways to do it with your router.
3) Use a VPN whenever you connect work devices to the internet. This additional layer of security is critical to keeping your work safe from intruders.
4) Purchase products that allow easy firmware updates. When deciding on new devices – whether a new connected fridge or a sweet WIFI-enabled drone for the kids, make sure it’s easy to update the firmware. Most vulnerabilities in these devices can be traced back to bugs in their underlying software.
5) Change default passwords and usernames when you set up new devices. The same security considerations for router defaults apply here.
6) Beware of the permissions on the apps that work with these devices. Too often they ask your phone for excessive permissions, which could open the door to data theft.
7) Research where data from your devices and related apps is transmitted and stored. They may not be subject to privacy regulations you might expect.