From the appliances and thermostats in our homes to apps and wearables that track our health and fitness to the vehicles we drive and the streetlights and traffic signals that guide us on the road, smart technologies are becoming increasingly interconnected with our everyday lives. A new ESET/National Cyber Security Alliance (NCSA) study1 on the Internet of Things (IoT) – the connectivity of a wide variety of “things” to the internet – reveals that 56 percent of consumers own up to three devices – not counting their computers and smartphones – that connect to their home routers, with 22 percent having between four and 10 additional connected devices and three percent owning more than 10. Despite the growing number of connected devices in the home, however, 43 percent of respondents reported either not having changed their default router passwords or not being sure whether they had done so. In Week 4 of National Cyber Security Awareness Month (NCSAM), NCSA, the U.S. Department of Homeland Security (DHS) and their partners in industry, government and the nonprofit sector are collaborating to educate the general public about the risks associated with smart devices and how everyone can better protect themselves and their information online.
“The Internet of Things presents tremendous opportunities for managing our health, homes and businesses, but we need to have our eyes wide open about the risks as well,” said Michael Kaiser, executive director of NCSA. “IoT technology is driven by personal information – it’s really an ‘Internet of Me’ – so it’s important to be proactive about understanding what information your devices collect about you, how that information is used, where it’s being stored and what kind of control you have over it. Additionally, it’s especially important to pay attention to the security of your mobile device if you are using it to control IoT devices – as well as your router, if you’re connecting devices to it.”
ESET/NCSA’s study and accompanying infographic, which examine consumers’ connected device use and habits and attitudes on IoT security, also found the following:
- A majority of consumers (88%) have thought about the fact that IoT devices (and the data they collect) could be accessed by hackers.
- Fifty percent of consumers have been discouraged from purchasing an IoT device due to concerns about cybersecurity.
- Nearly one in four respondents (24%) uses an app from their mobile device or computer to remotely access or control devices in their home (e.g., front door lock, home security system, TV, thermostat).
- Seventy-seven percent of consumers know that some cars may be vulnerable to hacking, and 45 percent are somewhat or very concerned that their cars could be hacked.
- A majority of consumers (85%) know that some computer webcams can be accessed by hackers to spy on them without their knowledge, and 29 percent are or have been afraid that someone might have accessed their webcams or video calls without their consent.
“The reality is, the bad guys go where the opportunities are, and data from IoT devices will increasingly become a golden opportunity for them,” said Andrew Lee, CEO of ESET North America. “That is why the education and awareness NCSA is bringing to the public is so important. It’s truly a reminder for people to stop and think before they connect.”
A NCSAM keystone event today at the Nasdaq MarketSite in New York City will bring together a group of key industry influencers. Topics will address the exciting opportunities presented by our ever-growing, cutting-edge world and how to secure our rapidly expanding ecosystem and build a future of security through modernization and trust. The event will also be attended by media guests and leaders in the private and public sectors. Panel discussions will focus on securely integrating smart tech into daily life and building a trusted, secure and connected enterprise and ecosystem. Sponsors of the event include Cisco, LifeLock and CompTIA.
“Every day, organizations face new opportunities and risks that technologies such as IoT create. While some leaders see the potential for improved business operations and financial gain, and see security as an enabler of those technologies, others consider security an obstacle,” said Anthony Grieco, senior director and trust strategy officer at Cisco. “Cisco understands how important it is to build a corporate culture that encourages all employees to take ownership of security so that new technologies can be seamlessly integrated without disruption. Organizations like NCSA and events like NCSAM are helping educate the public about critical aspects of cybersecurity that benefit both consumers and businesses.”
Rapidly advancing technology is making our lives easier and unlocking potential for the future, but it’s important to remember to STOP. THINK. CONNECT.™ NCSA recommends following these tips to enjoy the countless benefits of cutting-edge tech with more peace of mind:
- Learn how to maintain the cybersecurity of your IoT devices: Protecting smart devices like wearables and connected appliances might be different than securing your computer or smartphone; research the process for keeping IoT devices secure before you purchase them and take measures to safeguard your devices over time.
- Pay attention to the Wi-Fi router in your home: Use a strong password to protect the device, keep it up to date and name it in a way that won’t let people know it’s in your house.
- Delete when done: Many of us download apps for specific purposes or have apps that are no longer useful or interesting to us. It’s good security practice to delete apps you no longer use.
- Own your online presence: Understand what information your devices collect and how it’s managed and stored. Additionally, before adopting a new smart device, do your research to make sure others have had positive experiences from a security and privacy perspective.
- Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.
- Here’s new resource: You wear a seatbelt, use sunscreen and look twice before crossing the road, so why not layer up your login with MFA? Intel created this series of social media-ready gifs that illustrate the ways we layer up offline and online.
“Less than a decade ago, mobile devices came into our lives. Today, they provide convenience we cannot imagine living without. Because these devices are so vital to our daily lives, people may take them for granted and pay less attention to their security,” said Kaiser. “But when you start bringing devices into the home – a sanctuary and traditionally the most private place to most Americans – you want to be really thoughtful about when, how and what you connect to the internet. Additionally, you will most likely keep some of your IoT devices, like smart refrigerators or cars, much longer than you would have a smartphone or tablet, so it’s especially important to think about the security and privacy capabilities of these bigger-purchase connected items before making long-term investments in them.”
Check out the NCSAM Week 4 infographic for more information on leveraging your “Internet of Me” more safely and securely.
NCSAM Week 4 Resources for Navigating Your Continuously Connected Life
The following tools and materials can help you better understand cutting-edge technology, safeguard your devices and manage your personal information, security and privacy in the growing IoT.
- DHS Resources
- The STOP. THINK. CONNECT.™ Toolkit: This toolkit provides tip cards and other materials by topic and includes online safety tips for public Wi-Fi, mobile banking and payments, connecting to the Internet of Things and using mobile devices.
- CyberCorps®: Scholarship for Service is a program designed to grow and strengthen the cadre of federal information assurance professionals who protect the government’s critical information infrastructure. The program provides scholarships and stipends to undergraduate and graduate students attending participating institutions. The scholarships are funded through grants awarded by the National Science Foundation.
- Cisco Resources
- 2016 Midyear Cybersecurity Report: Attackers have days, months or even longer to lay solid foundations for attacks and devise innovative ways to maximize the impact. Defenders must reduce attackers’ time to operate. This report highlights how adversaries remain active and undetected and the challenges defenders must overcome to undermine attackers’ success.
- Cybersecurity Now and In the Future – Our Shared Responsibility: NCSAM is a good time to reflect on security issues, trends and best practices that every citizen and business should know. Read Cisco Senior Vice President and Chief Security and Trust Officer John N. Stewart’srecent blog to learn more.
- Logical Operations Resources
- CyberSAFE Readiness Test: End-users play a critical role in protecting their organization’s data, but they are often the weakest link in the security chain due to lack of awareness of potential threats. The CyberSAFE Readiness Test is a complimentary tool that can be used to measure the extent to which employees can recognize and avoid common cyber threats like phishing, malware, and non-secure websites.
- Complimentary NCSAM Kits: Help keep cybersecurity awareness front and center in your organization with a complimentary NCSAM kit. The kits, created by Logical Operations, include cybersecurity PSAs to hang up at your office, tent cards to place in breakrooms, web cam privacy covers and emails you can send to your employees.
- What is your phone telling your rental car?: When you rent a connected car and use its infotainment system, it may store personal information, and a rental car may also keep your mobile phone number, call and message logs or even contacts and text messages. If you decide to rent a connected car, the Federal Trade Commission’s (FTC’s) tips and video can help you protect your personal information both while and after you’re on the go
Upcoming NCSAM Events
- Security of Things Forum // Washington, Thursday, Oct. 27, 8 a.m. – 5 p.m. (EDT), JW Marriott, Washington, D.C.: The rapid spread of the Internet of Things inside America’s most critical industries is raising a new set of security concerns. Created by The Security Ledger and Passcode, this daylong event will bring together policymakers, experts and executives to explore the myriad risks associated with the industrial IoT and the best and most promising solutions for securing these new technologies. Learn more and register here.
- NCSAM Week 5 Keystone Event, Monday, Oct. 31, 9:45 a.m. – 12:00 p.m. (EDT), Jack Morton Auditorium, School of Media and Public Affairs, The George Washington University, Washington, D.C.: The George Washington University’s (GW’s) Division of Information Technology is hosting a keystone event to educate the community on the importance of cybersecurity and discuss public-private partnerships toward critical infrastructure protection and cybersecurity careers, scholarships and community programs. The event will feature remarks from representatives of GW, DHS, Cisco, Tripwire and NCSA. Learn more and RSVP here.
- National Initiative for Cybersecurity Education (NICE) Conference & Expo 2016, Tuesday, Nov. 1 – Wednesday, Nov. 2, Westin Kansas City Crown Center, Kansas City, MO: The NICE 2016 Conference and Expo features thought leaders from education, government, industry and nonprofits who are addressing the cybersecurity education, training and workforce needs of the nation. This two-day event includes face-to-face convening of public-private partners, an opportunity to signal NICE strategic directions and priorities and a forum to showcase best practices. Learn more here.
Throughout the month, you can follow the NCSAM conversation on social media using the hashtag #CyberAware (and tagging your own posts with #CyberAware, too!). Additionally, @STOPTHNKCONNECT is hosting weekly Twitter chats throughout October to discuss different topics and trends in cybersecurity. Tune in Oct. 27 and Nov. 3 at 3 p.m. EDT to join the conversation, and visit the STOP. THINK. CONNECT.™ website for the full chat schedule. NCSA has created sample social media posts, infographics, posters, memes and morethat encourage organizations and individuals to show their support for NCSAM and that can be downloaded and shared. You can also get the latest resources as they are available by registering as a NCSAM Champion. Finally, check out the Stay Safe Online blog for NCSAM posts from NCSA and partners during the month of October.
About National Cyber Security Awareness Month
National Cyber Security Awareness Month (NCSAM) was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. Now in its 13th year, NCSAM is co-founded and co-led by the U. S. Department of Homeland Security and the National Cyber Security Alliance, the nation’s leading nonprofit public-private partnership promoting the safe and secure use of the Internet and digital privacy. Recognized annually in October, NCSAM involves the participation of a multitude of industry leaders ‒ mobilizing individuals, small and medium-sized businesses, nonprofits, academia, multinational corporations and governments. Encouraging digital citizens around the globe to STOP. THINK. CONNECT.™, NCSAM is harnessing the collective impact of its programs and resources to increase awareness about today’s ever-evolving cybersecurity landscape. Visit the NCSA media room to learn more.
About the National Cyber Security Alliance
The National Cyber Security Alliance (NCSA) is the nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness. NCSA works with the U.S. Department of Homeland Security (DHS) and NCSA’s Board of Directors, which includes representatives from ADP; AT&T Services, Inc.; Bank of America; Barclays; BlackBerry Corporation; Cisco; Comcast Corporation; ESET North America; Facebook; Google; Intel Corporation; Logical Operations; Microsoft Corp.; NXP Semiconductors; PayPal; PKWARE; Raytheon; RSA, the Security Division of EMC; Salesforce; SANS Institute; Symantec and Visa Inc. NCSA’s core efforts include National Cyber Security Awareness Month (October), Data Privacy Day (January 28) and STOP. THINK. CONNECT.™, the global online safety awareness and education campaign cofounded by NCSA and the Anti Phishing Working Group, with federal government leadership from DHS. For more information on NCSA, please visit staysafeonline.org/about-us/overview/.
About STOP. THINK. CONNECT.™
STOP. THINK. CONNECT.™ is the global cybersecurity education and awareness campaign. The campaign was created by an unprecedented coalition of private companies, nonprofits and government organizations with leadership provided by the National Cyber Security Alliance (NCSA) and the Anti-Phishing Working Group (APWG). The U.S. Department of Homeland Security leads the federal engagement in the campaign. Learn how to get involved at stopthinkconnect.org.