5 ways to protect your IoT devices

, , , , , , , ,

Just a few years ago, smart appliances seemed like novelty products for rich business owners. Now, the Internet of Things (IoT) has become a viable solution for putting your business ahead of the curve. But whether it’s a smart fridge or a surveillance camera that connects to your phone, IoT devices should be treated and secured just like any computer in a network.

Set passwords
Many often forget they can set passwords for IoT devices. When this happens, they tend to leave their gadgets with default passwords, essentially leaving the door open for hackers. Make sure to set new and strong passwords — preferably with a combination of upper and lower case letters, numbers, and symbols — for each device connected to your network. Then, use a password manager to securely keep track of all your passwords.

Disable Universal Plug and Play (UPnP)
UPnP is designed to help IoT gadgets discover other network devices. However, hackers can also exploit this feature to find and connect to your IoT devices. To prevent them from getting to your network, it’s best to disable this feature completely.

Create a separate network
When you’re dealing with IoT devices, it’s wise to quarantine them in a separate network unconnected to your main office network. By doing this, user gadgets will still have access to the internet but won’t be able to access mission-critical files.

You should also consider investing in device access management tools. These allow you to control which devices can access what data, and prevent unauthorized access.

Update your firmware
If you want to keep your devices secure against the latest attacks, then you need to keep your IoT software up to date. Security researchers are always releasing security patches for the most recent vulnerabilities, so make it a habit to regularly check for and install IoT firmware updates. If you have several gadgets to secure, use patch management software to automate patch distribution and set a schedule to check for updates monthly.

Unplug it
Disconnecting your IoT devices from the internet (or turning them off completely) whenever you don’t need them significantly reduces how vulnerable you are to an attack. Think about it, if there’s nothing to target, hackers won’t be able to make their move. Turning your IoT devices on and off again may not seem like the most convenient strategy, but it does deny unauthorized access to your router.

Unfortunately, as IoT devices become more commonplace in homes and offices, more hackers will develop more cunning ways to exploit them. Getting into the above mentioned security habits can protect you from a wide variety of IoT attacks, but if you really need to beef up your security, then contact us today. We have robust security solutions that keep your hardware safe.

Published with permission from TechAdvisory.org. Source.

Worrying evidence of poor router security

, , , , , , ,

Adding to the list of reasons to outsource your network security to a certified IT provider, a recent CIA leak shows just how vulnerable most network routers really are. Read on to learn why this is such a big vulnerability and what you can do to fix it.

The Wikileaks CIA documents

For several months, the notorious website famous for leaking government data has been rolling out information it obtained from the Central Intelligence Agency. The documents detail top-secret surveillance projects from 2013 to 2016 and mainly cover cyber espionage.

In the most recent release, documents describe government-sponsored methods and programs used to exploit home, office, and public wireless routers for both tracking internet browsing habits and remotely accessing files stored on devices that connect to compromised networks.

Is my router one of them?

According to the documents, 25 models of wireless routers from 10 different manufacturers were being exploited by the CIA. They weren’t off-brand budget devices either; the list includes devices from some of the biggest names in wireless networking:

  • Netgear
  • Linksys
  • Belkin
  • D-Link
  • Asus

Those brands account for over a third of wireless routers on the market, which means there’s a good chance you’re at risk.

After WannaCry used a previous CIA leak to fuel its global spread, you need to worry about more than just being a target of government espionage too. Over the past few years, almost all of these leaks have quickly made their way into criminal hands.

Patching vulnerabilities

Fixing security gaps in hardware is tricky business, especially when they’re mainly used to monitor rather than corrupt. In most cases, there will be no visual cues or performance problems to indicate your hardware has been infected. As such, you should plan on regularly updating the software on your hardware devices whenever possible.

Accessing your router’s software interface isn’t a user-friendly experience for non-IT folks. Usually, to access it, you need to visit the manufacturer’s website and log in with the administrator username and password. If these are still set to the default “admin” and “password” make sure to change them.

Once logged in, navigate through the settings menus until you find the Firmware Update page. Follow the instructions and confirm that the firmware has been properly installed.

The CIA’s router leaks were vague, so we’re not even sure how recent they are. We are fairly certain, however, that all of the manufacturers have since patched the vulnerabilities. Regardless, updating your router’s firmware will protect from a number of cyber security risks. If you’re unable to finish the task on your own, one of our technicians can fix it, as well as any other firmware vulnerabilities, in a matter hours. All you need to do is call!

Published with permission from TechAdvisory.org. Source.

Outdated firmware is worse than you realize

, , , , ,

2017April18Hardware_CAs workplace IT gets more and more hi-tech, the average user gets further from the building blocks that keep it running. At times that seems like a good thing, but if you aren’t aware of the most basic aspects of your hardware, you could be vulnerable to a nasty cyber attack. Make sure you’re secure with the help of our firmware advice.

What is firmware?

Firmware is a very basic type of software that is embedded into every piece of hardware. It cannot be uninstalled or removed, and is only compatible with the make and model of the hardware it is installed on. Think of it like a translator between your stiff and unchanging hardware and your fluid and evolving software.

For example, Windows can be installed on almost any computer, and it helps users surf the internet and watch YouTube videos. But how does Windows know how to communicate and connect with your hardware router to do all that? Firmware on your router allows you to update and modify settings so other, more high-level, pieces of software can interact with it.

Why is firmware security so important?

Firmware installed on a router is a great example of why addressing this issue is so critical. When you buy a router and plug it in, it should be able to connect devices to your wireless network with almost zero input from you. However, leaving default settings such as the username and password for web browser access will leave you woefully exposed.

And the username and password example is just one of a hundred. More experienced hackers can exploit holes that even experienced users have no way of fixing. The only way to secure these hardware security gaps is with firmware updates from the device’s manufacturer.

How do I protect myself?

Firmware exploits are not rare occurrences. Not too long ago, a cyber security professional discovered that sending a 33-character text message to a router generated an SMS response that included the administrator username and password.

Unfortunately, every manufacturer has different procedures for checking and updating firmware. The best place to start is Googling “[manufacturer name] router firmware update.” For instance, if you have a DLink of Netgear router, typing “192.168.0.1” into a web browser will allow you to access its firmware and update process, assuming you have the username and password.

Remember that routers are just one example of how firmware affects your cyber security posture. Hard drives, motherboards, even mouses and keyboards need to be checked. Routinely checking all your devices for firmware updates should be combined with the same process you use to check for software updates.

It can be a tedious process, and we highly recommend hiring an IT provider to take care of it for you. If you’re curious about what else we can do to help, give us a call today!

Published with permission from TechAdvisory.org. Source.

6749 S. Westnedge Ave

Suite K, #128

Portage, MI 49002-3556

Southwest Michigan: (269) 290-7137

St. Louis: (314) 558-0623

Toll Free: (877) 288-5527