Even devices such as connected lights, doorbells -- even garden sprinklers -- are all at risk from attackers who can remotely, or even physically, access them to dump firmware, warns Nir Chako, security research team leader, CyberArk, a security software company.
With all the new ways we are working, collaborating, and consuming goods and services, data privacy and security are now more intertwined than ever.
The proliferation of remote working, especially, has made many more of us vulnerable to attackers seeking to compromise personal data and the data we interact with as part of doing our jobs.
The Data Privacy Day (celebrated January 28) is an international effort by the National Cybersecurity Alliance to empower individuals and encourage businesses to respect privacy, safeguard data and enable trust.
Here are some tips to keep your data safe and private:
1. Update your router so attackers don’t have an easy way into your home network
Being mindful of the security of your data is not just about being wary of phishing attempts and malicious Web sites.
Attackers can easily get into your home network through taking advantage of out-of-date firmware on Internet routers.
Firmware is the software that your router runs on, and old firmware contains many widely-known, easily compromised security vulnerabilities, so it's important to keep it regularly updated.
Making sure your router is up-to-date not only reduces the risk to your own personal information and devices on your home network, it also helps safeguard against attacks on your employer that might inadvertently come via your home network.
2. Is your laptop only paying lip service to security?
Sales of laptops have dramatically increased over lockdown and nearly all of them have some kind of security built-in when you buy them.
Similar to having a house alarm but not turning it on, security software on your laptops won't properly protect unless it is activated and up-to-date.
Whether you have Windows Defender or security software from any one of a number of third party software vendors, make sure that the product you are using is active and up-to-date with the most recent security fixes, so you are best placed to proactively identify and rectify any security issues before data becomes at risk.
3. User Access Control: Think before you click
Another threat to be aware of is that of malicious use of User Access Control (UAC).
UAC manifests itself as pop-up tool window that asks the user if they do indeed want to change something on their computer, for instance when installing new software.
In most cases it will allow the software that prompts the pop-up permission for elevated privileges.
When you grant permission, what you are doing is allowing the piece of software to have more access to more of your computer; essentially to have more power over it.
You can see why an attacker might want to fool you into allowing this, and indeed the trusted, familiar status of this pop-up means it is often spoofed by attackers in a bid to either install malware or steal credentials to infiltrate an individual's PC or a company's corporate network.
Employees must be vigilant to this threat and only interact with -- and grant privileges to -- UAC pop-ups when they expect them, such as when installing a new programme or piece of software.
If in doubt, don't do it, and flag any suspicious activity to your company’s security team.
4. Protecting against malicious URLs
Malicious URLs are Web links created with the purpose of either scamming, launching cyber attacks or perpetrating fraud, so any time you are fooled into clicking on one of these represents a clear and present danger to your data.
They are often used for phishing, whereby the victim is deceived into giving up data like bank details of passwords and other important credentials.
Malicious URLs can also host viruses and malware, run code on your laptop, or redirect a user to other Internet locations from which they can launch ransomware.
These types of URLs are a constant threat to both personal and business devices but are easy to avoid.
Be wary when you are asked to click on something unexpected. Check if your files and weblinks are safe before you visit them.
5. IoT devices: secure your digital home
IoT (Internet of Things) devices have become more popular in our homes, introducing unprecedented levels of convenience to our everyday lives.
It is well documented that we as individuals need to be careful about what information we share with our IoT devices, but what is less well-known is that they are also a route into our home networks for attackers.
Outdoor devices at home, such as connected lights, doorbells -- even garden sprinklers -- are all at risk from attackers who can remotely, or even physically, access them to dump firmware that allows them an entry point to our data.
These devices are Wi-Fi-enabled and, if compromised, can be used to access data, credentials and passwords from other areas of our home networks to steal information or plant malicious software.
Just as it is not good practice to use easy-to-guess or default passwords on our laptops, mobile phones or banking apps, IoT devices must also be secured.
Resetting default passwords, making sure security fixes are up-to-date, and taking a look at permissions to make sure they aren't too, well, permissive, are good steps to take.
For example, if you have a connected camera in your home for example, ensure that only specific users can access it.
The last year has brought many changes to our lives, not least in how we use, access and secure data.
Instead of thinking about our work computers much in the same way as we do about our office chairs or the work canteen, in that they are provided for us as employees and we don't have to put too much thought into how they get there or what is needed to maintain them, many of us have now had to take responsibility for all these aspects of the working environment.
Following the above tips can help you reduce the risk.