Daily Local News (West Chester, PA)
CISO perspective: Is anything safe from getting hacked?
Working in the information security field, I am often asked a rhetorical question like, “is anything safe from getting hacked?”
My answer is yes. But it is important to examine this a little closer to ensure you’re taking the proper precautions to protect yourself and your information.
Using devices and the internet safely
How useful would a phone be if it were not connected to a service provider? How useful would a tablet, PC, or laptop be if it did not have Wi-Fi or internet capabilities? Unless you are using a standalone application, the device itself is not going to be particularly useful. Once a device has some type of useful functionality, and a Wi-Fi and internet connection, it is susceptible to an attack.
Let’s take things one step further beyond traditional computing devices. What about IoT, which stands for Internet of Things? These are devices that rely on an internet connection to bring you — the consumer — the functionality you paid for.
Smart Speakers for example, are not especially useful without a Wi-Fi connection. How will you listen to your favorite podcast or news update? Truth is, it will not work.
How about your home networking devices? They need to connect to the internet so that you can surf the web or stream your favorite movie.
Aside from purchasing these devices, bringing them home and connecting them to the internet per the instructions provided, how much research have you done to really know how secure these devices are?
For example, many devices have services like remote access built into them. This is so the consumer or the vendor can remotely access the device for legitimate purposes. Well, if you and/or the vendor can remotely access the device, what is stopping a hacker from doing the same?
Some off the shelf home security monitoring services have been hacked. In one such case, the hackers had the ability to monitor the surveillance video of the home and even communicate with the members of the household over the audio feature!
Understanding the ins and outs of protecting yourself
The point is not to be fearful of these technologies, but to understand how they work and how to secure them. Read the manuals carefully! Most of the time they will provide instructions on how to change default passwords, and other network settings.
Here are some additional tips you can use to stay secure:
• Keep your device software up-to-date.
• Change any default device passwords immediately.
• Use two-factor authentication whenever available for an added layer of security.
• Make sure anti-virus and anti-malware software is up-todate and running properly.
• Make sure your home Wi-Fi is secured using WPA2 or WPA3, which provide a more secure internet connection than older WPA systems.
• Use a home firewall, which your internet service provider should be able to help with.
• Talk to the device manufacturers’ tech support if you have any questions about further securing the device.
If you’ve been hacked
Having a device or account hacked can be scary, but there are steps you should take immediately if you’ve been the victim to help limit damage, including:
• Have any compromised devices professionally wiped and change your usernames and passwords for all accounts, including your bank accounts, social media and online shopping.
• Have your bank and credit card companies freeze your accounts, report any fraudulent charges, and get new cards and account numbers.
• Have a fraud alert placed on your credit reports with Equifax, Experian and TransUnion.
• File a police or identity theft report, and consider filing a report with agencies like the Federal Trade Commission and Federal Bureau of Investigation who track these incidences as well.
Back to the question we started with, “is anything safe from getting hacked?” Yes, but more than likely, if it’s connected to the internet, you need to secure the device and do your research.
That is a CISO perspective.
Robert Eastwood is senior vice president, chief information security officer at WSFS Bank. He has more than 24 years of experience in the information security field, including nearly 20 years at WSFS, most recently as vice president, information security officer, where he developed and executed a multi-year strategic plan for information security. He also holds a number of professional certifications and memberships in the information services, IT and financial services fields.