October, as I’m sure most of you know, is Cybersecurity Awareness Month. Unquestionably the most important month of the year…. Wait, you didn’t know it was Cybersecurity Awareness Month? You didn’t even know there was a such a thing as Cybersecurity Awareness Month? You are wondering why we don’t have a clever acronym for Cybersecurity Awareness Month so I could stop typing Cybersecurity Awareness month over and over again in order to make this joke work? I’m curious about that last one too.
Cybersecurity Awareness Month was launched by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) in October 2004 as a broad effort to help all Americans stay safer and more secure online. One of the themes this year is “Make Your Home a Haven for Online Safety” which I acknowledge is pretty cheesy. However it is a very real and very important goal. Your home network not only protects your personal assets and information. It’s also a major avenue of attack against corporate or government systems. Many, if not most people today work from home or access resources on our employers’ networks from our home computers. If an attacker can infect your home computer they can use that to capture your work credentials or even attack your employer’s systems. Compromised home computers can also be used to build “botnets”. Collections of thousands of computers controlled by a single person or group that can be used to crash websites or harvest bitcoins without the computer owner’s knowledge. So protecting your home network is important not just to you but to all of us.
The single most important thing you can do is to make sure every device you own has the latest updates installed. Recent studies have found that more than 80% of the attacks used by bad actors are effectively defeated by running the latest version of the attacked software. This should include your computer(s) as well as cell phones, tablets, and smart watches. In most cases, these devices will prompt you to install updates as they become available. Make sure you know what the update notifications look like and install any updates as soon as possible. For many devices, you can turn on automatic updates and you should do this whenever possible. Even with automatic updates turned on, make a recurring reminder in your favorite calendar or reminder app to check at least once a month to make sure all updates are installed and that automatic updates are turned on.
Windows 10 automatically downloads and installs updates to make sure your device is secure and up to date and Apple computers will get critical security updates automatically. In both cases you should still be checking at least monthly for other updates by looking in the applicable App Store. Remember that in addition to updating your Operating System you also need to update any applications you have installed. Applications installed from one of the major app stores will handle this automatically so whenever possible, you should get your applications from the store rather than downloading them directly from a vendor site. This is also a good way to make sure you are getting the “real” program you wanted and not an infected version that can infect your computer.
Instructions on how to enable automatic updates for your mobile devices can be found here:
Apple iOS: https://support.apple.com/en-us/HT202180
The second most important thing for you to update (and it is a close second) is your modem or router. This is your first line of defense against an attacker and is also your most vulnerable point. If an attacker can compromise your router, they can see everything on your network making it easy to gather passwords and other sensitive information. The exact process for updating your router will vary depending on the make and model you have. This article on WikiHow has a good set of general instructions with pictures that can help you figure out the right process for your specific system. https://www.wikihow.com/Update-Router-Firmware
You should also be updating any other “smart” devices in your home. This can include smart TVs, gaming consoles, lightbulbs, thermostats, baby monitors, security cameras, refrigerators, those cool video doorbells, etc. Anything you can control with your cell phone or get online content from. Most modern devices provide an easy way to install updates when needed, but some can be annoyingly complex. I’m not going to sugar coat this one. Updating all of your “things” is going to be a pain, but think of it like changing the batteries in your smoke detectors or replacing the fire extinguisher in your kitchen.
Side Note: I know right now a bunch of you are thinking, “When did I last change the batteries in the smoke detector? Do I even have a smoke detector?” And even more of you are thinking, “Am I supposed to have a fire extinguisher in my kitchen?” If you can’t remember when you last changed the batteries in your smoke detector, go change them now. Better yet, go out and get some of the newer ones that have a built in battery good for 10 years. If you don’t have smoke detectors you should get at least one on each floor of your home. You should definitely have a fire extinguisher in your kitchen. You don’t necessarily need the big red ones. You can get small aerosol can sized ones like the First Alert AF400 Tundra Fire Extinguishing Aerosol Spray.
There are some things we can do to make this easier though. And add some extra security to our home setup along the way.
If you want to go for extra credit, you can see if the product vendor offers a mailing list you can subscribe to that will notify you of updates. You might want to create a new email account or a special folder for these emails to go into so they don’t get lost in your email.
I know this sounds like a lot of work. But once you get into the habit and have things set up for automatic updates it will not be as bad as it seems. And the additional protection for you and your family is definitely worth it. Just like the smoke alarms and fire extinguisher.
There are a few things you can consider that will reduce the burden somewhat. The easiest and most effective is to really think about the kind of computer you need. The mobile operating systems like iOS and Android are much easier to update and keep current and are built with security in mind so tend to be less vulnerable. So if a tablet would meet your computing needs consider not using a PC at all. If you do still need a laptop but use it mostly for internet and email consider a Chromebook. ChromeOS, used in Chromebooks, is another very secure operating system which is automatically updated for you. If you are a heavy user of GMail and Google Docs, this may be the right solution for you. Especially for kids or casual users of the internet, one of these devices may be a better choice than a traditional laptop or desktop computer.
There are many other ways to improve your home security. Using strong passwords, setting up WIFI in a secure way, and having a reliable backup strategy for your information are all important parts of securing your personal information and protecting your home network. We’ll cover many of these topics in future posts, but making sure you are updating your devices in a timely manner will make a huge impact on your home network safety.
For more helpful tips from our good friends at US-CERT, check out the US-CERT Home Network Security Tips.