Oct 31, 2016 | By Patricia L. Harman, PropertyCasualty360.com

Hackers are constantly scanning for vulnerable networks and personal devices to use them for a wide range of cyber attacks. (Photo: iStock)
Hackers are constantly scanning for vulnerable networks and personal devices to use them for a wide range of cyber attacks. (Photo: iStock)

The recent distributed denial of service attack on Domain Name Server provider Dyn Inc. illustrated just how vulnerable home networks and smart devices are.

While they provide numerous benefits to consumers, they present some very real risks, most of which can be managed with some basic steps.

Just like they protect their work networks with software and passwords, consumers need to transfer those same online practices to their homes to protect devices such as smart televisions, baby monitors, refrigerators and thermostats from being hacked.

“Many devices are built for speed and ease of deployment,” explained Eric Cernak, Munich Re U.S. cyber practices lead, “and a lot of times, especially with older devices, they are launched with default codes, passwords and user names that aren’t changed, exposing your IP addresses to the internet where hackers can find them.”

The danger arises when hackers exploit some of these security flaws and use them to breach home networks, computers, and smart and mobile devices.

“Once cyber criminals have access, they can steal personal and financial information, hold computer files for ransom, and hijack anything from webcams and thermostats to smart TVs,” Cernak said.

And, with 80 percent of consumers using home networks, the risk of a cyber attack is high.

It is possible that a personal device could be commandeered by a hacker and you would never realize it. Unlike a computer, where you would notice that it was running slower or access to your email might be locked, it is more difficult to tell if someone is nosing around your refrigerator or accessing the baby monitor.

“As you see other connected devices on the network, you might notice different things,” said Cernak, “like the light on your camera is on when you’re not broadcasting. Some devices control your physical environment like the connected thermostat that starts heating when you haven’t turned the heat on, or the refrigerator starts to thaw out and you’re not doing it — that could be a sign. The first indication that something is awry is that it’s not operating the way it should be.”

 

boy watching TV

Smart televisions have very real vulnerabilities and allow hackers and others access into a home without anyone being aware that they are being watched. (Photo: iStock)

How do hackers find your network?

 

Most hackers aren’t being discriminate when they look for networks or devices to hack, said Cernak. “They are just looking for sheer volume for DNS attacks. They have tools that will allow them to search the internet and they are just looking for mass quantities at this point.”

There are a variety of software programs that will allow hackers to find devices. “Cryptoware scans and looks for mass vulnerabilities,” he added. Most personal devices are just like mini computers so a lot of the same safety mechanisms you would apply to your computer also apply to your phone and other electronics.

The majority of attacks still occur through more traditional portals such as home Wi-Fi systems or clicking on the wrong link in an email, although now consumers use multiple devices to access the Web.

Some devices such as smart TVs provide an opportunity for ambient listening so a hacker could hear what’s going on in your house. It is possible to turn off this option, which frequently operates when the TV is turned on. Since the camera on the TV could be activated, this also becomes an invasion of privacy issue.

“It’s important for you to understand the risks you are assuming by deploying this type of technology,” said Cernak. “Most people would be appalled at the information that is collected and by whom.”

Recently, Hartford Steam Boiler Inspection and Insurance Co., which is part of Munich Re, and Chicago-based technology firm Prescient Solutions, hosted a “Home Hacker Lab” that demonstrated how cyber criminals access and use home networks and personal devices as part of a cyber crime.

Here are 10 tips to help homeowners keep their home systems safe:

Personal computing devices

(Photo: Shutterstock) 

1. Don’t forget those updates

 

It’s important to make sure that appliances, phones and other electronics have the latest updates and security patches, since they frequently fix vulnerabilities that have been discovered since the device was issued.

social media on multiple electronic devices

(Photo: Shutterstock) 

2.  Keep social media and financial activity separate

 

Clicking on the wrong link can allow a Trojan or other virus to enter your computer. Consider using one computer just for financial transactions like online banking and another for social media, email and other online activities.

home network router

Secure routers and other devices added to a home network to prevent unauthorized intrusions. (Photo: iStock)

3. Yes, security matters

 

Just like you would protect your network at work, the same basic computer hygiene also applies to your home. “If you’re using WiFi, don’t broadcast the network name,” cautioned Cernak. Make sure to change any default settings, names or passwords when installing new smart devices. Install new devices behind a firewall rather than linking them through a home computer.

The risks have also changed with technology. “Instead of hackers taking over and encrypting your computer, they can take over your thermostat and turn it down in the dead of winter and hold it for ransom until you pay the ransom,” he explained.

 

computer password login

(Photo: iStock) 

4. Set up authentication

 

Many online accounts from your email to financial organizations offer two-factor authentication — a password and a code sent to a mobile device or email to verify who is accessing the account. Setting up dual authentication provides an added layer of protection for your accounts. Make sure that passwords are complex (not birthdays or children’s names), difficult for someone to guess and include a combination of letters, numbers and symbols.

cell phone password

(Photo: iStock) 

5. Secure your smartphone

 

We do everything on our smartphones from online banking and shopping to buying movie tickets and more. If you have not password-protected your phone, set it up immediately. Many phones also offer a fingerprint access option as well.

Why is this important? Most smart devices have some sort of smartphone app that allows you to access it from your phone, making it a critical entry point to your house for anyone who commandeers your phone.

 

smart apps

(Photo: iStock)

6. Make smart app purchases

 

Cernak recommends only purchasing apps from recognized app stores such as Google, because those purchased from third parties may not have the same level of testing for flaws.

Also make sure to read the privacy policies so you know who has access to your information, what information is being accessed and who it will be shared with. Beware of downloading any apps that prompt you to do a quick download, because these versions may include malicious code or security flaws that would allow hackers access to your device.

smartwatch and Bluetooth devices

(Photo: iStock) 

7.  Turn off the Bluetooth option

 

When you’re not using the Bluetooth feature on a device, turn it off to prevent any ambient listening or access by unauthorized persons. Most mobile phones, tablets and other items offer this type of functionality. Devices such as baby monitors and smart speakers can then be hacked through the Bluetooth function.

purchasing a new cell phone

(Photo: iStock) 

8. Purchase new devices

 

“When buying IoT devices, purchase those that are unopened and unreturned from retailers,” cautioned, Cernak. Some people will buy devices, infect them with a security flaw or malicious code and then return them to the retailer. “Look at how the device is made, designed and how it is used, and change the passwords when you connect them,” he added.

password reset

(Photo: iStock) 

9. Wipe your information

 

If you’re purchasing a new device and disposing of an old one, wipe any data and reset it back to the factory default settings to make sure any personal information is removed and inaccessible to someone who might gain access to the device.

Homeowners insurance policy

(Photo: iStock) 

10. Check your insurance policies

 

In the event of a breach, Cernak recommends checking your homeowners’ or identity theft insurance policies or contacting your agent since the policies may help provide access to forensic and other experts who can help with the aftermath. In addition, some level of indemnification coverage may be available for identity theft or other effects from the breach.

Read on to see what to do if you are the victim of a hacker …

home network and IoT devices

Once a hacker accesses a home network, they may be able to control a full range of devices that manage the home’s environment. (Photo: iStock)

What to do after the cyber attack

 

If one or more of your devices are hacked, Cernak says to disconnect it immediately without altering any settings or running any scans. “Find a professional forensics firm who can help identify how far the attack went and what was impacted,” he advised. “You want to contain and remediate the situation without destroying the ability for a specialist to follow what happened.”

Who to report the breach to depends on the type of incident involved. In the case of identity theft, it may be necessary to file a police report and notify all financial institutions such as banks and credit card companies.

The bottom line, added Cernak, is to be aware of what you’re doing. “Understand the risks associated with deploying this technology and treat these devices like you would your computer.”

Tags: , , , , , ,