In This Issue

• Digital Assistants
• Smart Thermostats and Other Smart Home Devices
• Gaming Consoles
• Security and Privacy Tips for Smart Devices

From the desk of Jason Balderama, CISO, County of Marin

Have you ever wondered what it would be like to have smart home? You can remotely change the temperature in your house, tell your lights to come on, or ask your refrigerator if you need to get milk at the grocery store, all from the convenience of your phone. You can play video games and access all your streaming services from one device and know who is at your door from your connected doorbell.

The Internet of Things (IoT) has introduced these features into our homes by adding technology to everyday appliances and gadgets. As we add more smart devices to our daily lives, we need to consider the security and privacy risks that come with them.

Digital Assistants

Digital Assistants include devices like Amazon Echo and Google Home, and they also include the "Hey Siri" or "Hey Google" functions on smart phones. Digital Assistants analyze your past commands to try to anticipate your needs. They may be linked to accounts used to purchase goods or services, tell you your schedule for the day, read your email, or make changes in your house such as turning off lights and alarms. Amazon Echo can even provide a pet-sitter with instructions, which is a give-away that you are not at home.

Keeping these devices and apps secure is especially important given that they may allow someone with access to the device to complete purchases using your accounts, identify key information, and learn your habits.

Smart Thermostats and Other Smart Home Devices

Many homeowners are opting for a digital thermostat that allows them to control the temperature in their home remotely using an app. While digital thermostats do come at a premium, the vendor also makes money on data it collects on usage and habits. Smart light bulbs and smart doorbells also allow for data collection by the manufacturer.

Smart device manufacturers entice consumers with convenience and functionality by promising the world of the future through devices like those listed above. All the while, cybercriminals are finding that they can use these devices as pathways into your home network to steal your data and find out more about you. And yes, that includes using digital information to determine if the house is unoccupied and safe to rob.

Gaming Consoles

Gaming consoles from Sony, Microsoft, and Nintendo are in millions of homes across the United States. These devices rely on Internet connectivity to provide different forms of entertainment and include streaming video, interactive gaming, voice chat features, and apps that keep both the system and applications up to date.

One major risk is that most modern gaming consoles require subscriptions and user accounts for accessing online content. This makes the gaming console another device associated with an account that holds your personal and payment information.

Security and Privacy Tips for Smart Devices

• Do Your Homework: Before purchasing a new smart device, do your research. Check out user reviews on the product, look it up to see if there have been any security/privacy concerns, and understand what security features the device has, or doesn’t have.
• Change Default User Names and Passwords: Many smart devices come with default passwords.  Create long and unique passphrases for all accounts and use multi-factor authentication (MFA) whenever possible.  MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, facial ID, or a unique one-time code sent to your phone or mobile device.
• Put Your Smart Devices on a Guest Network: Why? Because if a smart device’s security is compromised, it won’t grant an attacker access to your primary devices such as laptops.
• Disable Features You May Not Need: Smart devices often come with features you will never need or use. If you can, disable those features to protect your security and privacy. If you don’t need to connect a device to the Internet, don’t. If a device isn’t connected, it isn’t as big of a security risk.
• Keep Software Up-To-Date: When the device manufacturer issues a software update, patch it immediately.  Updates include important changes that improve the performance and security of your devices.
• Think of Where You Put Them: Particularly for listening devices or ones with cameras, think strategically about where you place them in your home.  Do you want them in a child’s room or where you have sensitive work or family discussions?  Designate some of the areas of your home as “safe” rooms from smart devices.
• Review Privacy Settings Closely: Some vendors of Digital Assistants have a controversial history of recording and reviewing user's voice data without consent. Consider disabling the microphone when the digital assistant is not in use and adjust the privacy settings for your devices and apps based on your comfort level.
  • Amazon: Change Your Alexa Privacy Settings
  • Apple: Ask Siri, Dictation & Privacy
  • Google: Data security and privacy on devices that work with Assistant
• Don't Keep Old Technology: Replace devices when they are no longer supported by the vendor, as security flaws will remain unpatched.

Copyright © 2023 County of Marin, All rights reserved.

Disclaimer

The information provided in Marin CyberSafe News is intended to increase people’s awareness of cybersecurity and to help them behave in a more secure manner. Links in this newsletter are provided because they have information that may be useful. The County of Marin does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of County of Marin.