October has been designated Cyber Security Awareness month and the Department of Homeland Security has issued a series of weekly topical themes.
This week’s theme is “Today’s Predictions for Tomorrow’s Internet.” NACo, in partnership with the Public Technology Institute (PTI), has developed a series of useful checklists and commentaries that are specifically created for the county leader.
This week we will focus on what we can expect in the future — and how counties can help prepare for what lies ahead.
Yogi Berra has been credited with saying the future is not what it used to be, and we can certainly see that play out in the ever-morphing cyber universe. The Internet of Everything (IoE) is here and it is real: Just about everything imaginable is connected. Experts predict that there will be no fewer than 50 billion devices connected to — and through — the internet by 2050. Some experts say even sooner.
Smart counties, connected devices, digitized records, as well as smart cars and homes have become a new reality. This week’s theme is designed to remind citizens and county leaders that their sensitive, personal information is the fuel that makes smart devices work. While there are tremendous benefits of using these devices, it is critical to understand how to use these cutting-edge innovations in safe and secure ways.
Today’s internet is the super-fast conduit that holds it all together. We must remember that it was initially built for very different reasons within a controlled and trusted environment. Today we marvel at all that we can do with our smart devices and related technologies. And we want even more.
However, there is a growing cloud of concern that hangs over us as we also become more conscious of the vulnerabilities to our secure personal and government information systems, which includes hacking, fraud, identity theft and extortion.
The fact that one can operate in a completely anonymous environment where we can never be completely certain as to another’s true identity means that we may need to change this paradigm by way of policy, law, and technology. The National Institute of Standards and Technology (NIST) is working on a presidential order to develop a Trusted Identities in Cyberspace ecosystem.
Despite predictions of the future of the internet we still must be ever-vigilant and adhere to what the experts tell us what we should be doing today.
Here are five necessary actions, as recommended by the Department of Homeland Security
- Keep a clean machine. Keep the security software, operating system and web browser on your devices updated. Keeping the software on your devices up to date will prevent attackers from being able to take advantage of known vulnerabilities.
- Enable stronger authentication. Always enable stronger authentication for an extra layer of security beyond the password that is available on most major email, social media and financial accounts. Stronger authentication (e.g., multi-factor authentication that can use a one-time code texted to a mobile device) helps verify that a user has authorized access to an online account.
- When in doubt, throw it out. Links in email and online posts are often the way cyber criminals compromise your mobile devices. If it looks suspicious — even if you know the source — it’s best to delete or, if appropriate, mark it as ”junk email.”
- Make your passwords long and strong. Use complex passwords with a combination of numbers, symbols and letters. Use unique passwords for different accounts.
- Secure your Wi-Fi network. Your office and home wireless router is the gateway for cybercriminals to access all of your connected devices. Secure your Wi-Fi network, and your digital devices, by changing the factory-set default password and passwords. Since the Internet of Everything is getting our attention, Symantec, a NACo and PTI premiere corporate partner, has developed some useful best practices to incorporate when using your personal devices.
Best practices to consider
- Research the capabilities and security features of an Internet of Everything (IoE) device before purchase.
- Perform an audit of IoE devices used on your network. Some refer to this as “Asset management”. It is amazing how much equipment cannot be accounted for.
- Change the default credentials on devices.
- Use a strong encryption method when setting up Wi-Fi network access.
- Many devices come with a variety of services enabled by default. Disable features and services that are not required.
- Modify the default privacy and security settings of devices according to your requirements.
- Disable or protect remote access to IoE devices when not needed.
- Use wired connections instead of wireless where possible.
- Regularly check the manufacturer’s website for firmware updates.
- Ensure that a hardware outage does not result in an unsecure state of the device.
- Given all the advances in technology, the consensus remains that default passwords are still the biggest security weakness for devices.
- The password most commonly tried by attackers are “admin” and “password.” This means that attackers know what the default passwords are, and that they most likely have not been changed.
- And the second greatest weakness remains us.