To keep your smart devices in your home secure, prevention measures are essential, but sometimes threats can get through an unseen gap in defenses or through methods outside of your control. Do you have extra layers in place to protect the data on your devices, including a contingency plan for if something gets through? When your smart home is compromised, being able to respond quickly and effectively is extremely important, and understanding the threats can help in creating a response plan.
Compromised Devices
If a device is lost or stolen, especially in a public place, the security threats go beyond what is just on the device itself. Access to your email account means that a hacker can change passwords for other accounts. Also, if your phone has a multi-factor authentication app or you receive text messages when logging in to accounts, those codes are now compromised as well. Sim-swapping occurs when someone gains access to your phone’s sim card, or impersonates you to your phone company in order to get a new sim card with your number. When this happens, the perpetrator can receive your texts and phone calls and use the information to steal more of your data and commit other types of fraud. In general, a lost, stolen, or otherwise compromised device poses a serious risk to both your data and the data of your contacts, social media friends, and the company you work for – not to mention any IoT items in your home connected to your missing device.
Here are some things you can do if your phone is lost or stolen and steps to locate or wipe a lost laptop.
Using a Remote Wipe solution is the most effective way to keep your data out of the wrong hands.
Malware
Malware or “malicious software” refers to a variety of software types that cybercriminals use to compromise user data, often for monetary gain. To avoid malware and its effects, keep your computer backed up, have effective antivirus protection, and run scans regularly. Any software you download should be from a trusted source, and be especially wary of free software.
Adware floods a user’s screen with pop-up advertisements. It sometimes masquerades as legitimate software, or it is included as part of a real software installation. Adware is annoying at best. The adware developers can often monitor your online behavior, and then either sell this information to a third party, or use it to give you more targeted ads. You might have adware if you are getting a ridiculous amount of advertisements, they are showing up where they should not be, or if your browser settings or appearance are randomly changed.
To remove adware, find the program in your control panel and remove it from there. If you are not sure which program it is, run a scan with your antivirus software. You may need additional tools to remove it permanently if it re-installs itself after you remove it.
Ransomware is something hackers use to encrypt a user’s hard drive, taking the data hostage and demanding payment for decryption. Ransomware is usually introduced through phishing emails or other social engineering methods, using malicious links or attachments that are disguised as something legitimate. It is usually clear when ransomware is installed, because you will be denied access to files or your whole system, and there will be a message explaining how to pay the ransom.
To deal with ransomware, the first rule is that you should NOT pay the ransom. This encourages the behavior, and there is never a guarantee your data will be restored. It is a good idea to contact an IT or cybersecurity specialist so that you can figure out the best action for your particular situation. Sometimes ransomware can be decrypted, but the solution will depend on the type of encryption used.
Spyware is just what it sounds like – a cybercriminal installs software on a device to monitor user behavior, violating the user’s privacy and maliciously accessing their hard drives and protected data. If your machine is slower than normal and your disk space is unexpectedly filling up, you might have some sort of spyware on your device. Spyware is designed to be incognito, so it can sometimes be hard to detect.
To remove spyware, you can use the same steps for removing adware (remove the program through your control panel or run a virus scan). If you think your computer has spyware on it, first disconnect from your network so the software cannot send data over the internet.
Network Attack
When a hacker gains access to your network, all devices connected to the network are at risk. A Denial-of-Service (DoS) attack floods a network with activity until eventually it is inaccessible by authorized users. While these attacks do not often target individual household networks, if your Internet Service Provider (ISP) is targeted, your network may be affected. A Botnet is a network of devices under the control of one malicious actor, often without the device users’ knowledge. It may not hinder your access or use of a device, but botnets are often used to carry out tasks on other networks, such as a DoS attack.
If you are unable to access your network, contact your network administrator to find out the source of the issue and for guidance on the next steps you can take. Also contact your ISP to see if the problem is specific to your network, or if you are just experiencing the results of an attack on their service or a regular outage.
Social Engineering
Some network security risks are dependent on user behavior more than technical security measures. One common way cybercriminals gain access to private data is through social engineering techniques. Awareness of what to look out for will help immensely in avoiding these threats.
Phishing is often used to either install malware on a user’s computer, or acquire login credentials or other sensitive information, such as credit card or bank account numbers, answers to security questions, and social security numbers. Phishing emails are urgent in nature, indicating an imminent threat or exciting opportunity to manipulate the recipient to act without thinking.
To keep your data safe, never give out passwords or other sensitive data through email, and hover over links (don’t click them) to check whether the actual destination is a legitimate site. Compare the domain of the sender to the company’s real domain.
If you are the victim of a phishing scam, change passwords immediately and report the phishing email to your email provider. Contact the company being targeted to make sure they are aware of the scam and to see if they can help you regain control of your account. Try to find out all possible information the scammer might have compromised, and inform the appropriate personnel if it includes other individuals’ private information or your company’s confidential data.
Here are a few resources to help with recovering from identity theft:
- IdentityTheft.gov is an FTC resource for reporting identity theft and enacting a recovery plan.
- The United States Department of Justice has some steps and resources.
- The Social Security Administration explains how social security fraud works and ways to manage the effects.
While you may not see your home network as a lucrative target for cybercriminals, weak security is effectively an invitation, and your devices contain data that can be sold on the dark web or used for identity theft. It is important to be aware of the threats, have preventative security measures in place, and plan how to respond if a device, network, or account is compromised. Effective cybersecurity for your smart home is essential to keep your personal data and devices safe. If you connect it, protect it!
Securing the IoT:
DriveStrike provides enterprise-level device and data security at a low consumer price. With features such as Remote Wipe, Lock, and Locate, and other device management options, DriveStrike is an essential part of any robust cybersecurity plan. Sign up for a free trial to start protecting your data today.
We are dedicated to the security of our customers and readers, so feel free to reach out if you have any questions about your options for keeping your data and devices safe, or about cybersecurity in general.
Do Your Part. #BeCyberSmart