Hello, and welcome back to this next TomCast from GuardSight; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints.
Today we are going to get away from the organizational viewpoints of cybersecurity or the business-related side of things and talk more personally. Let’s chat about personal cybersecurity. When you think about your network at home, do you think about making it or keeping it secure, or is it more of a set-it-and-forget-it type of setup?
With many people out there now working remotely or in hybrid roles, security in the home becomes more of a focal point. Many people out there don’t believe they have anything worth stealing, but this is not true. Threat actors aren’t just looking for your personal information, they can be looking for ways to access vulnerable equipment to use for their own purposes, or for ways to enhance their own malicious activities.
So, personal cybersecurity is a real concern that more people out there need to consider. Throughout the TomCasts of the past we have touched on physical and logical security, cyber awareness, social engineering, and lots more. Most of those contain content that involves some level of personal security, even though it is taken in a more business-related context.
Take your home Internet Service Provider, or ISP, connection as an example. Whether it be a Linksys router, a Docsis cable modem, a Netgear router, a Comcast modem, a Verizon FiOS modem, or whatever you happen to be using, these pieces of equipment come with setup instructions to get you onto the internet at home quickly and somewhat easily. Typically the setup instructions contain the already-configured usernames and passwords needed to set everything up. Those are known as default values.
So, thinking about your own network, how many of you out there have changed those default values? Or, when you connect to your home wireless network, does the network name look like Netgear3877, or Linksys2849, or some such? Threat actors that do reconnaissance look for these default-named networks, as the chances are usually pretty good that the usernames and passwords are default too. I mean, how hard is it to simply attempt to connect to a network and type in the username “Admin”, and the password “password” to see if they work?
These types of activities take very little time, and access to ones’ home network could be provided very easily. Again, thinking about your home network, what types of activities and devices do you have connected to it? Have you been using your home network equipment for over a year? If so, have you ever updated your router or modem’s software or firmware? Did you know you even needed to?
For some unspecified reason it is very easy to ignore the equipment at our own homes while complaining about the levels of security within our work environments. Take that same security lens home and start doing your part to protect your own assets and information. Check your home desktop or laptop to see if it needs updates or patches. Check your home network equipment like we just mentioned. Check your phones and the apps on those phones for updates. As a matter of fact, check every daggone device that is connected to your network to see if they could use updates or patches. If you looked at your home network as a set-it-and-forget-it type of setup, you will be more than likely very surprised at the amount of time and attention all the updates will require.
Think of your personally owned assets like anything else. They require routine maintenance to continue effective operation. Hopefully you don’t drive a car for extended periods of time without changing the oil, so take that mindset to your home network and assets and check for security updates routinely. Make personal security a higher priority if you haven’t already.
If you haven’t before, go to the GuardSight web page, highlight Resources, and select TomCast. There are several TomCast’s out there that can help you understand a bit more deeply different aspects of cybersecurity. Granted, most of them are truly organizationally focused, but the overarching themes and messages do apply at a personal level as well. Check out the awareness-related TomCast’s, the ones on Social Engineering, and any others that might pique your interest. We compose these for you, the listener, to become more aware and more security focused.
Also, if you are stumped about any particular facet of cybersecurity, reach out to us at GuardSight. Anyone within this organization would be happy to help you at anytime understand more about cybersecurity. From brand new analysts to seasoned Director-level personnel, every one of them could be excellent resources for you to understand cybersecurity better.
We here at GuardSight thank you for taking the time to listen to this TomCast. For more information on various cybersecurity tips head on over to our website and check out more TomCasts. Those are located over on www.guardsight.com/tomcast. Or, if you would like more information on what GuardSight can do for you, head on over to www.guardsight.com and contact us. There are several free cybersecurity tools out there that can help you improve your overall security posture. We’d love to hear from you! Thanks!