How can we make our homes less vulnerable to cyber criminals?Simon Newman, Head of Cyber and Business Services, Police Crime Prevention Initiatives
Over the past few years, the growth of affordable technology has meant that we can buy an increasingly wide range of products designed to make our lives easier. Whether it is the latest smartphone, tablet or other device, it's hard to underestimate the impact technology has on us. For example, we have one of the highest levels of smartphone ownership in the world. We watch television through online streaming services and we increasingly do our shopping and banking online. Even in our homes, we have embraced technology in a way that 10 years ago would have seemed impossible.
Smart meters, smart appliances and smart home systems are increasingly becoming commonplace and even fitted as standard in many new builds. Smart meters measure how much gas and electricity you use, as well as what it is costing you, and display this on your in-home display. Smart appliances and smart home systems connect your home, via the internet and in the future, via your smart meter to your provider, to better enable you to manage your heating and lighting remotely. This is useful as it helps you to make more energy efficient decisions, and through your smart meter, will help you understand the impact this will have on your bill.
But does the rapid growth in technology and in particular our use of smart devices, make us more vulnerable to cyber crime? And if so, what can we do about it?
The rush to bring products to market...
Whilst smart meters have a high level of security, this has often been a secondary consideration for many manufacturers of smart devices. Smart meters use a purpose-built smart metering network, designed with top cyber security experts, including the government's own security organisation, GCHQ to send our usage data to our supplier. Smart appliances on the other hand, are mass produced by suppliers based thousands of miles away, to keep costs down, and there are often fundamental security flaws in these devices that could expose users to a cyber attack. For example, many devices are installed with a default password. The password is not unique to each device, but is instead shared among many thousands of devices. This means if a hacker is able to obtain the default password from one device, they could easily gain access to others using the same password.
Furthermore, we may have been careful in following the manufacturer's instructions when setting up the device, but how often do we update the software once they have been installed? Recent figures from the Department for Digital, Culture, Media and Sport (DCMS) claim that 80% of successful cyber attacks are caused by outdated software that is no longer supported by the vendor. This makes it easy for the criminal.
Whilst we don't need to worry about smart meters storing our data, we often give little regard to the data stored on our devices when we decide to replace them with a newer version. Are we confident that all our data has been completely removed from the device before we throw it away, recycle it or trade it in for a replacement?
While the majority of cyber criminals are opportunists, the growth of internet-enabled technology makes the UK an attractive target for more organised criminals, including those sponsored by rogue states who seek to exploit flaws in security on a much larger scale. As larger organisations respond to this threat by constantly reviewing and improving their defensive capabilities, sophisticated criminals have inevitably shifted their focus towards easier targets. This might be small businesses involved in the supply chain or individual consumers with smart devices who provide a way in to large organisations through the data they share with them over the internet. The threat is constantly changing as criminals seek to find new ways to attack.
Five simple rules for keeping yourself safe…
The good news, however, is that we can easily reduce our vulnerability to cyber crime by following these five simple rules.
- Change default passwords.
Whenever you buy a smart device, always change the default password. If it isn’t clear how to change it, or you need help, pick up the phone to the supplier and ask them. Pick a password that is difficult to guess and try to avoid using personal references as they are easy for criminals to break.
The UK Government now advises we use a passphrase (three random words) as opposed to a combination of upper and lower case letters, symbols and numbers. A passphrase is significantly more difficult for a criminal to break thanks to the almost infinite combination of words in the English language. It can also make it easier for you to remember.
- Set up your device to automatically install updates:
Manufacturers regularly update software installed on their devices which may address a security flaw that has been uncovered. Whatever the reason, you should always update the software when prompted. Even better, set your device to update automatically.
- Be careful when buying a used device:
With top of the range smartphones costing in excess of £1,000, buying a second-hand device makes a lot of sense. However, it is important to exercise caution. We may not always be able to tell whether the software installed on the device is from a trusted vendor, which could expose our personal information to a hacker. If in any doubt, wipe the device clean before you use it.
- Do I really need my device to be connected to the internet?
Many smart devices designed for the home allow you to control them remotely. Turning the lights or heating on via a mobile app or unlocking doors through your smartphone might seem a good idea, but anything that connects to the internet potentially exposes you to a hacker if your device is insecure. Ask yourself whether it is really necessary to have it connected to a network. If not, disable it.
- Ask the supplier about the security of the device:
In 2018, the Government published the first Code of Practice for the Internet of Things (IoT). The Code sets out basic principles for manufacturers to follow when developing IoT products for the UK market. The Code sets a benchmark for security that will reassure consumers about the devices they are buying and is supported by a new Kite Mark which has been developed by the British Standards Institution (BSI).
Asking the manufacturer about security or whether they have a BSI Kite Mark is a good way of ensuring that ‘secured by design’ is at the heart of what they do.
Smart devices have revolutionised the way we live our lives, at home and at work. We can stop cyber criminals in their tracks if we follow simple, practical advice and constantly ask questions of manufacturers to make sure their devices protect us from the most common types of cyber attack.