Hacking Defense 101: Shut the Door

By: (Security+)

Publication: The Community Banker , Fall 2016

 

The Community Banker

Have you ever left your garage door open or forgot to lock the front door? It happens. When I was young, almost every day as we were on the way to school, my mom would ask, “Did I shut the garage door?” Sometimes we felt sure, but other times we turned around to go check. Now that I own my first house, I completely understand this frustration. It’s just not a thing I always remember to do.

The same goes for our virtual doors. Do we remember to close the door to our home wireless access points or our smartphone Bluetooth? It’s easy to forget. If you’re the kind to forget to close your doors, then the recent DEF CON event could have been a real doozie for you. At the beginning of August, the annual DEF CON event took place in Las Vegas. Even if you don’t know the name, you may be familiar with the premise. DEF CON is a massive hacker convention for anyone interested in anything that can be hacked. Speakers present on finding vulnerabilities, how people can exploit these issues, and ways to attempt securing your digital assets. Attendees participate in hacking competitions, with prizes often won by those with the most innovative techniques. This year, 22,000 people attended the 24th annual event. In short, it’s a lot of smart people doing smart things for fun. Whether white hat or black hat, the skills of these hackers are impressive.

This year there was a special focus on the Internet of Things. If you’re not familiar with this term, you will be soon. The Internet of Things is the term for all of our online devices. It’s your smart watch, your smart refrigerator, smart garage door, or smart thermostat. With increased connectivity comes increased vulnerability. As you can imagine hackers, such as those who frequent the DEF CON event, have a hay-day with the possibilities. The most obvious and simple thing we can do to avoid being successfully hacked: Shut the door.

Shut the door to your wireless access points, or Wi-Fi. To do this, turn off SSID broadcasting. That means whatever you’ve named your Wi-Fi will not be visible to your neighbors. Leaving SSID broadcasting on is equivalent to putting a sign in your yard that says, “Free Internet at CoolKid42.” By turning off SSID broadcasting, only people who know your SSID (i.e., WiFi name) can use it. Making this change is often very simple. First, access your router’s web-based setup page. Then, find the wireless settings for SSID Broadcast. This won’t stop someone who is highly qualified and targeting you, but it will hinder your neighborhood hackers from taking the first step into your network’s house.

Shut the door to your Bluetooth. Let’s be honest, we don’t want to do that. Sure, we could turn it off when we get out of the car and are done playing music and taking calls through the vehicle stereo. What about our smartwatches? Luckily, most of us don’t have very confidential information accessible through our smartwatches and they’re on us at all times, so we shouldn’t need to worry about an unscrupulous character getting our information. However, if you don’t have a device that needs to constantly be connected to your phone, just turn off the Bluetooth. And for goodness sake, password protect your phone.

For as long as we value interconnectivity, the Internet of Things will continue to be a part of our modern world. And as long as humans are required to run businesses, business data should be a concern when we’re using smart devices. When you buy a product to connect to other items, make sure you’re aware of all its doors and be considerate of when it’s time to shut those doors.

 

 

Leticia Saiid is a Security+ certified tandem Software Support specialist for CoNetrix. tandem is a security and compliance software suite designed to help financial institutions develop their Information Security Program and test their employees’ knowledge with tandem Phishing. To learn more about how CoNetrix can help you with these areas, visit our website at www.CoNetrix.com or email info@CoNetrix.com.