Category: Information Security

26
Aug
2019

Time To Unplug Your Smart Ovens

The Verge reports that owners of the June smart oven have been experiencing some seriously concerning incidents recently involving the oven’s preheating without their owner’s knowing. This continues to raise questions about just how much control you want to give smart devices over your house and its critical systems. While I am not sure what the true cause of the issue is, it should make everyone re-think connecting so called “smart” devices that can cause serious physical damage if something goes wrong. An oven is a perfect example of this kind of device.

Smart ovens, locks, etc. all sound great until they are hacked, poorly programmed, designed poorly, etc. When your smart device can let a malicious person into your home, cause your food to go bad, burn down your home, track your movements, etc. then it is time to rethink just how smart you want your home to be. I know smart devices are the way of the future, I have many of them myself, but I never hook them up to anything that could physically damage my home. There is too much risk to take given that the health of you and your family are at stake.

I urge anyone considering these devices to evaluate why they are needed and if you can live without them. After all, preheating your oven is great, but not burning down your house is even better.

07
Apr
2019

New Breach Identification Service Launches

There is a new data breach identification service, Breach Clarity, that is the first of its kind to offer guidance on what a consumer should do if they are part of a breach. The service doesn’t replace the work that other sites like Have I Been Pwned do but complements it. Once a consumer verifies that their information has been exposed as part of a data breach through a site like Have I Been Pwned, they then can go and enter the name of that breach on the Breach Clarity site to determine what they need to do to protect themselves based on the data that was harvested.

This is a huge positive step in the fight to help protect consumers when their personally identifiable information (PII) has been disclosed. Up until now, there has not been a resource that gives real guidance on what to do if you were a victim of one of these breaches. The best you could do was know that you were a part of the breach and then if you read sites like Krebs On Security, you would know to freeze your credit reports. With Breach Clarity consumers now have a resource that provides real guidance on what to do when their data is no longer private. I strongly encourage you to check this site out and make sure that you have taken some of the steps it suggests if you have been part of a data breach.

As a reminder, some of the best things you can do whether you are a part of a current data breach or not are:

  1. Use a different password for every online account, never use the same one multiple times. You will need to find a password manager program like 1Password or LastPass to help you mange these.
  2. Freeze your credit reports – it is just a good idea to do that. There is no need to leave them unfrozen and if you know you are going to need to get a loan or have a credit check done, use a temporary thaw period.
  3. Disclose as little about yourself on social media as you can. Do you really need everyone to know your phone number, email addresses, addresses, etc? Protect that information and only disclose it to those that really need it. If you are using your mobile phone or email as a second factor of authentication on accounts, it is even more important to protect these details.
  4. Always use two factor authentication when a service provider allows it. Even better, use an app like Google Authenticator or Authy to provide the one-time passcodes for these services. Don’t use your phone number or email address unless there is not another option.

Stay safe out there.