Is it October yet? Yes. And therein lie two things of great importance to the world. The first is the start of the NHL season. The second is Cyber Security Awareness Month. 

If you think you don’t need cyber security, the Distributed Denial of Service attack (DDoS) against DNS provider Dyn earlier this month was a reminder of how widespread the need is, even on the most mundane of devices, like, say, your web-connected thermostat. 

If you missed the news (and maybe you did since much of the internet spent Friday as dark as the New Jersey Devils' goal lamp), perpetrators used a botnet comprised primarily of Internet-of-Things (IoT) devices (e.g., web-connected televisions or security cameras) to attack Dyn and effectively break the link between URL and server location. The result was a widespread outage.

Like an open ice hip check cyber attacks seem to come out of nowhere and have visible impacts. And just like that hip check the internet was turned head over heels. (Can you tell I’m happy it’s hockey season?)

The attack took advantage of these types of connected devices and took down some of the biggest internet sites and services in the world including [emphasis mine]:

ActBlue

Grubhub

Seamless

Ancestry.com

Guardian.co.uk

Shopify

Atom.io

HBO Now

Soundcloud

Basecamp

Iheart.com (iHeartRadio)

Speed Test

BBC

Imgur

Spotify

Big cartel

Indeed.com

Squarespace Customer Sites

Blue Host

IndieGoGo

Starbucks rewards/gift cards

Box

Intercom

Storify.com

Braintree

Intercom.com

Survey Monkey

Business Insider

Kayak

The Verge

Cleveland.com

Livestream.com

time.com

CNBC.com

Netflix

Twillo

CNN

New York Times

Twitter

ConstantContact

NHL.com

Urbandictionary.com (lol)

Credit Karma

nimbleschedule.com

Vox.com

dailynews.com

Okta

Weather.com

Disqus

PagerDuty

Weebly

donorschoose.org

Paragon Game

Wikia

Elder Scrolls Online

PayPal

Wired.com

Etsy

People.com

Wix Customer Sites

Eve Online

Pinterest

WSJ.com

Eventbrite

Playstation Network

Wufoo.com

Fortune

Qualtrics

xbox.com

Fox News

Recode

Yammer

Freshbooks

Reddit

Yelp

FT.com

Runescape

youneedabudget.com

Genonebiology.com

Salsify.com

Zendesk.com

Github

SBNation

Zillow.com

   

Zoho CRM

 

I was shocked earlier this month to hear a friend say,  “I don’t even lock my car doors, why would I have a password on my phone?”

The concept was so foreign to me. My phone can provide a tremendous amount of information about me, my family, friends, business contacts and more. My phone, including the microSD card, is fully encrypted and has a boot password. Thankfully most people understand that phones should be secured.

Startlingly, most people do not realize every device that connects to the internet, no matter how mundane it may seem, needs security, passwords and regular upgrades. Hopefully after Friday’s attacks interrupted early weekend binge-watching plans, they'll be aware. 

And perhaps we'll all be more understanding of the small inconveniences that serve the greater good of protecting our interconnected lives.

Enterprise IT has gotten a bad reputation over time for many reasons, including downtime for patching. But you know what? It makes it possible to avoid that devastating hip check. Keep your head up and scan your surroundings. Enterprise IT has the right idea. Monthly updates help. Sadly, we don’t have a helpdesk to do this for us at home. It may seem like a great idea to connect your TV directly to the internet to stream the latest episode of [insert favorite show or hockey game highlights] but it’s really not, if you're not taking appropriate cyber security precautions.

Unlike your computer, which can and should be set to update automatically, your TV likely can’t. It’s probably running the same software as when it was manufactured. My 55” LED TV is five years old and has an Ethernet port to directly connect. Don’t worry, I don’t connect it. Even more worrying is WiFi. Your IoT devices' WiFi connections may be enabled and unsecured without you knowing it.

Luckily, as with all things, whether with cyber security or strange Halloween recipes, the internet can help you, assuming you can get to it. A Google search for “update DVR” returned 11,500,000 hits. It will take time to find the instructions for each device you have and even more time to do the updates. And unfortunately, one update isn’t going to be enough. Like exercising, it has to be done regularly. Fortunately, unlike exercise, you don’t need to spend 30 minutes a day on cyber security.

Here a few tips from enterprise cyber security to help defend your newfound home enterprise:

  • Build in cyber security from the start. Ask questions when you buy your device. Understand what—if any—precautions have been taken and ensure it's not able to connect directly to the internet, bypassing your router settings, out of the box.
  • Update the latest software/firmware when available and configure auto-update if possible. Time to update is a key component in maintaining cyber security.  
  • Create a schedule for updates and to review the cyber security posture of your devices. Just as you change the batteries for smoke detectors when daylight savings goes into and out of effect, check your cyber security every October as National Cyber Security Awareness Month rolls around.
  • Secure your router. Understand its firewall settings. Disable remote management. In short, follow what the U.S. Computer Emergency Readiness Team recommends. (Consider that a tip within a tip. You have enterprise IT now, educate yourself the way cyber security professionals do, by leveraging US-CERT's immensely helpful and imminently understandable guidance.)
  • Disable port forwarding, commonly found in Universal Plug and Play (UPnP). UPnP allows a device to bypass your router and connect directly to the internet. This is a bad idea. 
  • Don't use the default administrator names and passwords for your IoT devices and don't use the same usernames/passwords for devices that you use online.

As unfun as it sounds, checking the cyber credentials of a manufacturer before buying an IoT device and following the guidance above could save your credit report and keep Netflix up.

After all, what good is hockey season if you can't stream all 1,230 games?

About the Author CJ Johnson, Servicefront Solutions Architect

CJ Johnson is a senior solutions architect at NJVC and is leading NJVC's efforts to reinvent enterprise IT. She has solved IT challenges for the federal government across three continents and in four languages for more than 20 years. She is an ardent hockey fan (and is known to live stream games at 0230).