What you need to know about cyber-security and data privacy as a consumer
by Plume Security TeamNovember 2020
Seven-in-ten Americans feel their personal information is less secure today than in the past. However, a much smaller percentage of people actually take the necessary actions to secure their privacy. This is called the “privacy paradox," a concept first studied about two decades ago. In a recent study, researchers found that despite being concerned about privacy, participants were willing to exchange some of it for the convenience afforded by an internet-connected device. Now, more than ever, we depend on connected devices to manage our lives, our homes, and our families. We've moved beyond news and entertainment services to personal finance, tele-medicine, grocery shopping via intelligent voice systems, sharing confidential documents and personal data, and setting up our kids to attend school. The more important the device or service, the more trust we place in service providers to respect our privacy and keep our data safe. Have they earned this trust? How dangerous is our collective complacency? Short answer: dangerous. Two decades since the privacy paradox was identified, and despite a great deal of research, there is still a mismatch between our stated privacy concerns and our protective behaviors. How can we improve this? First, we need to know the ins and outs of cyber-security and data security. Then we need to use that knowledge to protect ourselves.
What is cyber-security?
And why is it more of a problem in the smart home? Simply put, cyber-security is the sum total of all of the systems put in place to protect you from malicious activity online. Actual cyber-security software itself is constantly changing and evolving in order to stay one step ahead of anyone who might want to undermine it, but the principle it works on is always the same: ensure that all information is only available to those who are meant to have access to it. The nitty-gritty of cyber-security will look different depending on the context: the security procedures that protect online banks are different from the ones that keep your home WiFi system secure. The best way to understand what cyber-security can and can't do is to break it down to its essential elements and understand some of the most common threats we face.
What types of cyber-security threats are out there?
Though hackers are always looking for —and finding—new ways to access information illicitly, some of their most common methods include:
Malware is the general term used for any software that can disrupt, interfere with, or cause damage to an existing device or system. Generally speaking, malware has to be downloaded or opened on a device or in a network to work—meaning that many varieties of malware can be identified and filtered out before they have an impact. The most important step you can take to avoid malware is to never download any software from sources they don't trust. Once malware is downloaded, it can be difficult to stop.
Phishing scams are a bit less sophisticated technologically but no less damaging in their possibilities. These scams are most often deployed through phishing emails. The attacker poses as a trustworthy individual—or organization—that you already have some association with in order to convince you to give them valuable information. Social engineering attacks, such as the attack that led to a number of verified Twitter users losing control of their accounts , also fit into this category. Sophisticated phishing attacks can be difficult to defend against and avoiding them requires vigilance.
Ransomware is a specific type of malware that hijacks a computer or network until a certain action is fulfilled, usually a payment of some kind. If caught unprepared, companies can lose millions of dollars in ransomware attacks. Like all malware, the best way to avoid ransomware is by not downloading software from unknown sources. Vulnerable USB ports can also be a point of attack; the infamous WannaCry ransomware incident began at an exposed USB port.
Denial-of-service attacks make it impossible for users to access certain networks and are often used as a kind of ransomware, letting up once a payment is made. Advanced network solutions can usually safeguard against even the most advanced DoS attacks, such as in 2018 when GitHub suffered from the largest DoS attack of all time and remained online throughout.
Spam email is common to all inboxes, but not all spam is created equal. While some spam messages may be one-off, others can be part of a potentially debilitating stream of mail or may fraudulently ask for personal information. While email filters can tackle most of this, you should also be thoughtful about what to click on and what not to. If a message originates outside of your network, proceed with caution.
What are the elements of consumer cyber-security
Though cyber-security is always evolving, there are a few core elements that continue to inform all new developments in the field, such as:
Application security is likely what most of us think of when we think cyber-security: firewalls, anti-malware tools, and so on. Application security systems ensure that the core of any software system remains fully protected against any threats out there, securing the center of operations through procedures that make malfeasance extremely difficult.
Whereas application security protects the core functions of a given application, information security attempts to keep a lock on all data that flows throughout a digital network or system. This is often achieved through encryption, multi-level user verification, and proper data storage.
Network security is exactly what it sounds like — most applications have some kind of contact with larger, web-connected networks, and network security protocols ensure that these connections don't become access points for malware or infiltration. Network security is often the focus of IT teams and tools.
User education is by far the least “tech-y" of the core cyber-security elements, but it may well be the most important. The majority of security breaches are more often the result of user error or laziness than criminal genius, and user education proactively protects against potentially dangerous slip-ups.
What can you do to boost your cyber-security?
For most people, the cyber-security options available may seem relatively disparate and it can be hard to tell if you're doing all the right things. While companies have entire teams working to protect their digital operations, you simply don't have the time to do all of that for yourself — and yet you still need to find a way to stay protected. There's no simple solution to it all, but there are a few places to start:
Buy protective software
This is probably the first place your mind goes when you think of what you can do to boost your own cyber-security, but it has some limits. PCs and some mobile devices can be bolstered with antivirus software while other pieces of technology such as smart TVs and gaming consoles cannot. Check and see which devices you can purchase protective programs for—for the others, investing in a network-based security solution is the best option.
Invest in secure networks
WiFi is one of the most common entry points for hackers looking to harm you. Old-school, traditional routers simply won't cut it anymore; it's time to invest in modern WiFi networks, like Plume's Adaptive WiFi with built-in AI Security, that actively protect you against infiltration.
Move things to the cloud
Cloud-based storage companies generally have more advanced cyber-security protections in place than you could ever hope to have yourself. Instead of keeping everything clumsily sorted in files on your desktop, consider moving them to a cloud company that can give your data the protection it deserves.
Use proper password etiquette
There are a few simple rules of password etiquette — not too short, unique password for each account, etc, — that everyone should be following, full stop. If you struggle to think of new passwords, a random password generator may help . If instead you're worried about remembering all of them, there are several secure password managers that can help you keep track of them . Plume also allows different WiFi passwords to be given to your guests so you can feel secure even when guests connect their devices to your internet. Even the best passwords are crackable though, and let's face it: your password probably isn't that great to begin with. More and more organizations are offering multi-factor logins, or logins that require you to both input a password and perform some other verification task, such as answering a phone call or opening an email. It may seem cumbersome, but the extra security it provides is well worth the trouble.
Keep software updated
A user running old software is a hacker's ideal target. When providers update their software systems, it's often because they've caught bugs or backdoors that need to be sealed as soon as possible. This is especially true of IoT devices connected to the internet, where just a single out-of-date operating system can give someone access to your entire network.
Reduce device connectivity whenever possible
As convenient as it may be to have all of your devices hooked up together, this also greatly increases your risk for a widespread infiltration. Secure networks and regular updates can keep your connected devices protected, but be sure to keep your most sensitive information an arm's length away from it all. Some software, like Plume's, can actually quarantine devices if one is compromised so the threat doesn't spread to all of your connected devices.
Don't let your guard down
Once you have a sturdy cyber-security infrastructure in place, you might be tempted to just forget about it and let it run—don't. Know what connective devices are active in your home and what vulnerabilities they may have. Review all alerts generated by your security systems, periodically block spontaneous events, and always be thinking of what you could change to ensure that your home is as cyber-responsible as it can be.
Of all of the recent developments in cyber-security, none is more groundbreaking than the introduction of AI-powered security into the mix. Interest in AI-based cyber-security solutions has skyrocketed over the last several years, and some of the tech is finally making its way down to the consumer level.
Using AI security to bolster cyber-security
While big companies have the full force of their IT teams to protect their networks, most homes have little more than some store-bought antivirus software to rely on. Artificial intelligence is changing that. AI-based security systems seek to imitate the impact of a big team at a fraction of the cost. The extremely high data capacity of machine learning systems allows them to detect functionality anomalies almost instantly, stopping any potential intrusions in their tracks. While there are plenty of companies that specialize exclusively in AI security systems, the real development for consumers is the integration of AI into existing firms' platforms. If you're looking for cyber-security software that protects you with bleeding-edge tech, be sure to look for platforms that emphasize AI security capabilities as much as possible.
Understanding data privacy
If cyber-security is the bank vault, your data is what's being held inside. Data privacy is one of the most critical functions of cyber-security, and its importance in an increasingly digital world cannot be overstated. Keeping your data safe means understanding what needs to be done in order to protect it.
What is data privacy?
Data privacy consists of a set of rules, protocols, and attitudes intended to ensure that all data is handled properly. All users have a set of rights to which they are entitled when it comes to their data, and data privacy helps guarantee that those rights are protected during every step of the data transfer and storage processes.
What is data security?
Whereas data privacy focuses on following the rules around data protection, data security is about the brute force technology that goes into ensuring data doesn't fall into the wrong hands. Encryption, network firewall security, and activity monitoring all fall under the umbrella of data security, preventing data from reaching any unintended recipients.
Why is data privacy important?
In this day and age, your identity is always just a few digits away from being stolen. Someone with access to your credit card number, email password, or any number of other sensitive bits of information could wreak havoc on your life in an instant. Industry rules and data privacy laws force businesses and organizations to do everything they can to protect that data—protecting you in the process.
Ways to protect your data
Just because you have data privacy on your side doesn't mean that you can let your guard down. Here are some of the best ways to be vigilant:
Back your data up—securely
Someone else seeing your data isn't the only threat out there—it might be wiped entirely. Having a secure, regularly updated data backup is the only way to be fully protected against potential data annihilation.
Secure every device
A single vulnerable device can expose an entire network to unnecessary risk. Keep a running inventory of devices active in your home and be sure each is accounted for. Plug any potential leaks as soon as you can in order to maintain your network.
Use data encryption
Plenty of platforms from WhatsApp to Gmail use a built-in form of encryption when transferring information, but data encryption doesn't have to stop there. Before you adopt a new app or platform, carefully examine what encryption measures it takes — if any. Opting for encryption-heavy apps can make a huge difference in your aggregate data security.
Know the law
Every state, country, and company has different data security and privacy laws, regulations, and procedures that define who can handle your data and how. Though you can't simply trust that everyone is following the rules all the time — you need to know what rights you have regarding personal data privacy.
Audit your data
Data audits are generally reserved for big businesses, but small-scale audits can do a world of good for individuals as well. Intermittently look back through the data you have stored: what's sensitive and what isn't? What's outdated and what can be updated? What should you keep and what should you delete? Answering these questions can help you refine and better store your data in the long run.
Read user agreements
No one does it, but everyone knows they should: when you sign a user agreement, you're signing up for a whole bevy of policies that you need to know how to deal with. At the very least, find the section relating to personal data and make sure you thoroughly understand what the organization in question is doing to protect it.
Be wary of suspicious data requests
Never give up any data without a reason to do so. Suspicious data requests could easily be the result of bad actors, so take as few chances as possible. Everyone needs a network they know is going to protect their devices and data as much as possible. HomePass® from Plume is designed to do just that using the latest advancements in cyber- and AI-driven security. You need protection, and HomePass can give it to you. Check out our entire suite of Smart Home Services to see how we can meet your data privacy and cyber-security needs.