It’s no secret to anyone that cyber-crime is at an all-time high, and that those who perpetuate these crimes are becoming increasingly more complex in their means and their planning. Conversely, at a time when we should be working as hard as ever to secure our data, we seem to be doing all in our power to make things even easier for hackers by using easily-guessed passwords.
“Before we work on artificial intelligence why don’t we do something about natural stupidity?”
Steve Polyak
We live at a point in time where our friendly old appliances are being replaced by “smart” technology – air conditioners we can set remotely from an app on our phones, refrigerators with interactive cameras, and even dishwashers with voice controls that can detect food particles. All of these smart appliances have one thing in common: they offer their sci-fi level features by connecting to the internet. If you’re using an unsecured router – or one with a default or easily guessable password (like “passw0rd1”, you’re essentially leaving the door unlocked and asking to be robbed.
The beauty of the internet is also simultaneously it’s Achilles Heel: when everything is connected, anything on a network can serve as a door for hackers. A major US retailer found itself on the receiving end of a hack that wreaked havoc across its credit card system – one who’s initial point of entry was a store’s climate control system. If this already sounds difficult to comprehend, allow me to take you on a hypothetical journey:
You’re at a local electronics chain and run into a neighbor buying a new smart refrigerator, as part of the endless desire to keep up with the Joneses, you decided it’s time for an upgrade as well, you both opt to have these miracles of modern science delivered and installed – by a driver/tech employee who makes minimum wage (and isn’t happy about that, but has a plan). Later on, that night, the installation tech drives back with his laptop. Do you know that there are firewalls for smart devices? Most people don’t, and if you’re one of those people, this employee-turned-cyber-criminal just arrived in your home network via the fridge, hacked into your home computer and found your password list.
A quick Google Search while writing this article revealed that as of 2019, 65% of people used the same passwords for both personal and work accounts! In that same amount of time, your new best friend (he already knows everything about you) found your paperless pay stubs, AND that you’re a long-term employee at a financial firm downtown. Within a few minutes he’s got something far better than your family credit card – he has access to corporate financials of some of your clients, and all of the Personally Identifiable Information you work with for 40 hours a week. The sky, unfortunately, is the limit.
So, what do we do to protect ourselves? Besides my personal suggestion of “Don’t overspend on appliances and buy ones that can one day become self-aware,” there are some helpful options:
First and foremost, reset the password on your router! And PLEASE don’t make it the same password as your email address. Add in a special character (or two) it doesn’t have to make sense, just be sure you’ll remember it. Secondly, while you’re at it, change your router’s name too. You can make it fun but not obvious. “Jackson Family” is obvious, “My WiFi” not as much – feel free to have fun with it too, but we don’t want hackers to know the make and model of your hardware, that’s the point here. Finally, if you really want to confuse cyber thieves, have a separate router just for all of your stuff (sometimes referred to as the IoT, or “Internet of Things”, and save the security for your computers and phones. I don’t know if a washing machine can be equipped with a firewall and an antivirus, but I also know that until I buy a new one, I don’t have to know.
If you’re a business owner who is worried that I might be describing one of your employees in the previous story, do yourself a favor and set up a Multi-Factor Authentication (MFA) program for your systems. That same hacker would enter your employee’s username and password – and then be asked for a sign-on code from your employee’s phone – which would hopefully tip off said employee that something was wrong and nip this entire incident in the bud. MFA protection costs less than you think – and you’ll almost assuredly need it to keep your cyber liability carrier happy.
I’d like to go much further into the advantages of having MFA for your business, but if you’ll excuse me for a moment, I have some passwords I need to change!
