Importance of cybersecurity best practise in the Home digital eco-system

What is the home digital eco-system?

The home digital eco-system can be made up of a single user or many and how they interact with connected devices and services within the home. The focus of this blog post will be a single household. It is how a user interacts with services and software applications using their devices. The devices may be sole use or multi-use for a service, for example, a device like the Amazon echo dot is set-up for a single item while a smartphone can be used to control multiple devices and services. 
The home digital eco-system is not confined to the geolocation of the home as many of services need access to external assets. Thus, whilst the eco-system may include smart home devices, home banking, entertainment, home shopping, the root of many of these services are outside the home.

The services can be solely in used in-house whiles others need access to resources outside the house. For example, smart metering for utilities is stand-alone in that they report usage of resources and how much money has been spent. Apart from when they send meters updates to the utility company. In theory, they allow for better budgeting by allowing users to know accurately how much a household is spending on power or water. But a dedicated budgeting application needs to pull in data from a households banking services and other financial services the user might use often this is from the outside the house and can also be used outside the house.  The user(s) is (are) consumer(s) but may also be producer(s) (e.g. energy, applications, etc.) 

All these connected devices and services require security in order to protect the data and information that is generated by the devices and is used access the services used. For some services it is the responsibility of the user to ensure there devices are properly configured in order for them to be secure while other such as smart meters have the security built directly into them so do not require user intervention though when accessing utility account information that requires user responsibility to keep there details safe. 

Devices that need to be protected

So when deciding how to implement cybersecurity measures on devices within the home digital ecosystem you have to know which devices need to be taken into consideration. Generally, any device that can be accessed remotely through the internet or over a Wireless local area network (WLAN) you need to focus on implement cybersecurity measures. Firstly, the gateway between a house and the internet is often a router/modem. The option to set-up so only authorised devices and users can access the home network is a key step. In order to improve the security of a router there is a need for the user to take time to become familiar with the device and its settings otherwise they may not be taking advantage of the means to fully secure their home network. The user(s) should identify which devices connect to the home network and the internet and whether they need attention to ensure the correct security settings are being used. These could include traditional computers (laptops/desktop), smartphones, tablets, games consoles, Internet of Things (IoT) devices, smart TVs,  kitchen white goods etc, anything that can be connected to a local network or the internet. In order for a user to ensure these devices are using the correct security measures requires them to become familiar with the device settings and to take time, ideally when first setting them, to study the manual for these devices and to become familiar with their security settings. This should not be difficult for the vast majority of people since as long as a person can follow written instructions they should be fine to implement cybersecurity doesn't require a person to know about encryption or coding. For the people who struggle with setting up technology shouldn't feel bad but instead, ask for help from someone who has no problems with it.

Why they need protecting

The devices and services people use now within their home and will use in the future generate and carry large amounts of personal and sensitive data and information. The data includes a user's likes and preferences to billing information (debit/credit cards), their passwords and usernames. As the homes become more connected and more data is collected and collated about a user or household information such as when the house is empty or when they expect deliveries can potentially leave them vulnerable to attacks not just online but physically as well. In order to implement the means to keep this data information safe and protected the user has to familiar with what the devices and services they are connected or signed-up for gather about them. Ideally, there should be a balance between what is needed for the device or service needs to work correctly without problems and not just collecting data for the sake of it.

Threats and attacks

The main forms of attack are social engineering, fraud and potentially burglary. Social engineering involves taking advantage or tricking the user to gain access to there accounts and any data they hold. Fraud is similar though a malicious actor doesn't have to necessarily gain access to the user account itself just gather enough publicly available information in order to impersonate the user. Through data and information, a person shares online notable Strava has been linked to it a potential thief can identify what valuables a user has and when they are not home in order to carry out burglaries against households.

There are also other attacks which do not necessarily impact a user directly but can wider societal impact. These mainly include Distributed Denial of Service Attack (DDoS) since as more devices are connected to the internet mainly IoT based ones and they do not have strong or no proper security they can be hijacked by malicious actors to carry DDoS attacks against business and public services.

Summary of cybersecurity best practice for the home digital eco-system

There is some key but simple steps a home user can take to prevent or at the very least minimise these types of attacks from happening.

  1. Ensure the home router has a firewall turned on and/or implement a form of access control for services and devices.
  2. Run antimalware software on relevant devices e.g. computers and smartphones. 
  3. Keep software on all devices up to date.
  4. On social media be aware of the amount and type of information you are posting and who you are sharing it with.
  5. Regularly review and update account settings for social media and other service accounts. 
  6. Regularly review and remove old information you have entered on social media accounts and other services.  
  7. Be aware of which links you click on since they can hide downloads for malware which can compromise your devices. 
  8. Double check before carrying out an action online or giving away information. If something doesn't seem right or a message comes out of blue saying your account has probelms look it up or check the website itself not through the message. Taking time to be sure whether something is genuine or false can prevent a user from becoming a victim.

Comments

Popular posts

A personal interest post - Replacing the Tornado in the RAF

Personal Interest - Unbuilt fleets of the Royal Navy

Online sextortion within IoT a cybersecurity and privacy perspective