If you’ve turned your smartphone navigation app on, don’t be surprised if you’re dinged with a message from the store you passed by or shopped in yesterday. Same holds if you once opened the website of your favorite restaurant. You’re being electronically tracked and marketed by the global Internet of Things.
What’s that, you ask? In brief, IoT is the network of "things" embedded with electronics, software, sensors, and network connectivity, which enables these objects to collect and exchange data. Collectively, it’s called a “cloud.”
Can it be dangerous? You bet, and risks rise daily with IoT tech sophistication. So maybe, just maybe, you should divert some dollars stashed for Christmas presents to cybersecurity.
Almost two years ago, we shared five ways to cut your risk of being cyber-snared. They were collected from KPMG financial network, BAE systems, Symantec and others. Risks are far higher today. And now there’s a sixth risk — smart dust.
Your credit card is one of the easiest cash vaults to unlock and steal from. Best advice is to withdraw cash only from ATM machines at your local lending institution, not at remote ones or shopping centers. They are easy targets for “phantom” card readers slipped into the machines.
Most credit cards have transitioned to an embedded microchip and personal identification number to authorize payment transactions. Just remember, that chip and PIN may not protect you unless the retailer requires you to key in your PIN.
When you give a retailer or restaurant server your credit card, get a copy of the receipt back along with your card. That minimizes risk of your credit card being copied and used for a thief’s personal purpose or trafficking it to professional thieves for multiple uses.
Of course, your desktops and laptops are already protected with up-to-date antivirus software, right? But what about your smartphone or tablet? Think about it: Your mobile devices are exposed to new threat vectors everywhere you travel. You also store personal, credit card and business information on them — and you’re not protecting them with antivirus and security software?
Most cellphones and smartphones — androids and iPhones — include basic security options, such as a PIN you can set to lock the device. That may be enough to deter your family or friends from snooping. But a simple passcode won't protect your phone from viruses.
Protecting data on your phone with anti-malware software is vitally important, especially if you use mobile wallets like Apple Pay or Pay Pal. Apple’s closed-source operating system makes it a safer option than its Android counterparts, but it’s not invincible.
Anti-malware apps should automatically encrypt your files and alert you whenever someone tries to hack your device. That alert lets you reset your passwords before they’re cracked, keeping you a step ahead of cybercriminals.
Back to your PC security. Your best defense, according to Symantec’s Norton Security, is multilayered. It’s one of the best preventive tech investments you can make against phishers and scammers. Your financial and farm data software also should have separate usernames and passwords. Keep all of your security systems updated.
As pointed out before, six of every 10 people rely on noggin knowledge for all passwords. The top five secret passphrases, according to an Imperva analysis, are “123456”, “12345”, “123456789”, “password” and “iloveyou.” So much for the security secrets of 58% of all users.
Combining eight lowercase characters and digits dramatically improves your password security. Amit Klein, chief technology officer of Trusteer, an IBM security division, suggests creating three password tiers, using the most complex one for top security such as financial services. Avoid using the same passphrase with different sites.
For the top tier, start with an easy-to-remember phrase like “I love my 4020 John Deere.” The passphrase would be “Ilm4020JD” — very tough to crack. Make it even tougher by adding the financial institution’s initials.
On second-tier sites, social networks and other sites with personal information, use a different password or phase. Use yet another password for all other sites. And, keep a hardcopy (paper) list of all usernames and passwords — in pencil so you can erase and update as needed.
Online services have virtually exploded in recent years. All the information you transmit via electronic devices is stored in a cloud — someone else’s computer server — including your electronic banking information and farm digital data. Cybercriminals constantly try to find ways through these security systems. Fortunately, most of them fail.
As reported before, the cloud services by major agricultural companies tend to have the best client identification protection for many reasons. The best advice remains: Ask your cloud service provider how it’s protecting your identification.
This is where you have to use your head, instead of relying on protective apps. The more you use and shop the web, the more vulnerable you are to targeted attempts to steal your passwords and data, warns KPMG’s Stephen Bonner. That’s why you’re finding more and more junk emails in your junk folder.
One reason is that the cloud is a great hiding place, allowing opportunists (phishers and scammers — cybercriminals) to scrub traceability before landing in your email inbox. Sometimes, they fake you into believing it’s an email from a familiar person. The easy answer: Float your mouse curser over that email address; the real email address should pop up. If it’s unfamiliar, delete it; don’t open it.
Phishers and scammers also attempt to access your devices via emails from familiar companies you may or may not deal with. Again, float your curser over that email to see what the real address is.
That’s not iron-clad protection, though. Some may be Trojan horses for hidden software trying to extract valuable information from your device. When in doubt, knock it out.
Regular dust is “smart enough” to find its way through the tiniest crack. The latest IoT threat — smart dust — will be far more invasive, warns Thomas Pore, a cyber threat intelligence analyst at Plixer International.
Many of today’s communications devices come already infected with tiny microscopic sensors or encapsulated chips with malware known as smart dust. Pore contends they’re the darkest cloud of IoT security yet.
These low-bandwidth devices or bots (short for robots) can send GPS coordinates and more back to an internet host for further use. They can come in on that new Wi-Fi-linked refrigerator. Internet-facing DVRs pose an immediate risk since they’re often linked to TV and phone bundles.
As these bots proliferate and infection technologies advance, who will maintain the IoT platforms? Who will provide security patches? These and many other issues, contends Pore, have yet to be addressed by the IoT industry.
If there’s a bottom line to this analysis, it’s this: Always purchase devices that can access the IoT from highly reputable manufacturers — not just reputable retailers — and keep those security systems updated.