Danger, Will Robinson. Danger!
We often don’t think of the internet of being harmful to our health,
but with the growth of The Internet of Things (IOT), which refers to any
device that is connected to the Internet, it can be. For reference, here
are a few examples of IOT devices you can find in your home:
- Alexa (or other virtual assistants)
- cars
- cell phones
- lights
- medical devices
- TVs
- thermostats
Of large concern now are medical devices because if any of your home networked
devices gets compromised due to a virus or malware, the medical device
could also get compromised—the LAST thing you want is your WIFI enabled medical device(s) giving false
or no data, which could cause a health issue.
So how do we improve our Cyber Hygiene? One of the most important things
is to never share your password and question any time you are asked for
your password.
If you get an e-mail asking to verify your password; ask why? If you get a text message asking to verify your password; ask why? Sometimes
e-mails will look very legitimate and valid, but still ask why. I have
found that some e-mails are just trying to trick you into giving your password.
If an email is asking for sensitive data, pick up the phone and call to
verify the request; but never call the number in the e-mail—use
a number that you already have for the company asking. If you get an e-mail
about your credit card or bank account and it is asking you to verify
data, call your bank or credit card company, but never the phone number
in the e-mail as it might be fake.
Sometimes toxic e-mails come from the people closest to us. If a friend
sends you a funky looking e-mail, use caution as it could be that their
e-mail account has been compromised, and the threat actor is using their
e-mail to spread the love to you. Call your friend to verify the request
in the email.
Beware of e-mail attachments. Attachments are a very popular avenue to getting a virus or malware on
your phone or computer; and once that virus is on the device it could
then infect other devices on your home network.
TypeSquatting is very common. This is where the threat actor creates a malicious landing website for
people that miss-spell common websites. Transposing the “a”
and “i” in Gmail will get you to a scary website that asks
something like:
Your Computer was Disabled! Call the MS technical support number to get
this error resolved. NEVER call the number and never let them on your computer. Doing so will
be the start of your problems. To avoid this mistake, never use the “.com”
or “.net” or “.org” when searching in any search
engine (like Google). Just use the name.
Manage your passwords. Pretty much everyone writes down their passwords. If you are going to write
them down, then why not make them more secure and use a different password
for your more sensitive accounts? And if you are going to write them down,
then be really secure and use a PassPhrase. Password “wyoming307”
will take about three minutes to crack, but PassPhrase “wyoming
area code 307” will take about 5,500 centuries to crack. So if you
are writing down your passwords, why not write down a PassPhrase instead!
Navar Holmes is Campbell County Health’s Cyber Security Administrator
in Gillette, Wyoming. Navar has more than 23 years of Information Technology
experience and has been with CCH since September 2002. He was a
featured speaker at
Wyoming Cybersecurity Symposium 2018 and is serving as the Information Systems Security Association (ISSA) Wyoming Chapter President. In addition to this, he volunteers his time
and expertise to further the objectives of
Cyber Wyoming and
Made Safe in Wyoming.