LeeShanok IT News: Internet of Things (IoT)
Wikipedia describes the Internet of Things (IoT) as the network of physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators, and connectivity which enables these things to connect, collect and exchange data.0
The Gartner Group predicts 20 million "smart" devices in use by 2020, and this excludes PCs, tablets and smartphones. In their IoT Technology Discussions survey, IT Security was selected as the top barrier to IoT success. The exponential explosion of these devices "creates an attack surface that has never been seen before." 1
Last Friday, California Governor Jerry Brown approved the nation's first IoT Cybersecurity Law at the state level, which requires by January 1, 2020 that all "smart" device manufacturers design and deliver devices with "reasonable" security features appropriate to the nature and function of the device, and to any collected, stored or transmitted information. It also requires "reasonable" authentication, with a unique pre-programmed password, or a common password that must be changed at 1st boot. Security must be incorporated in the design phase to provide protection against unauthorized access, destruction, use, modification or disclosure. 2
There is concern about the ambiguous wording in California's bill, like "reasonable security features" and "reasonable authentication", which seems to encourage adding universal security features rather than reducing or removing specific vulnerabilities. Each device category has unique characteristics that require clear description of standards such that manufacturers know what is required and how their products will be evaluated for compliance. 3
Congress is evaluating multiple proposals relating to IoT that require manufacturers of any connected devices purchased by the federal government to supply 3rd-party verification that the devices are free from known vulnerabilities, can be patched, and have good authentication with a unique password per device, or where the user must change a common password at 1st turn on.
- Cybersecurity Improvement Act of 2017
- SMART IoT Act
- IoT Consumer Tips Act
- DIGIT Act
Overall, we believe the discussions taking place are vital for positive changes to occur, and as these bills are refined and become law we will all benefit.
Our team is available to discuss your IoT devices, your connection and security strategy, and to help you understand your unique situation.
Your Technology Partner,
The LeeShanok Team
Armis Inc - Buyer's Guide to IoT Security - View PDF
Gartner Group - The Death of IoT Security as You Know It
0 Internet of Things (IoT) - Definition
1 IoT Technology Disruptions: A Gartner Trend Insight Report
2 California's IoT Cybersecurity Law Sets Standards for Device Manufacturers
3 The Cybersecurity 202: California's Internet of Things cybersecurity bill could lay groundwork for federal action
LeeShanok Network Solutions will be hosting a booth at the Arizona Multihousing Association Phoenix Trade Show May 10, 2018.
Ransomware encrypts files and demands ransom. Malware-facilitated blackmail uses a different strategy, delivering trojan-class malware to mobile devices that gathers information and transmits it outside the network, then threatens to make public some private information unless you pay a fee, classic blackmail. More Information
In most cases, you can avoid malware by downloading apps only from Google Play Store, Microsoft Store and The Apple Store. But two apps in Google's Play Store (Wallpapers Blur HD, Booster & Cleaner Pro) were infected with malware that demanded $50 to stop a leak of photos, Facebook messages, web browsing history, emails, and location history to all contacts in the device and in breached cloud accounts like Facebook.
Before this malware initiates it's malicious activity, it must obtain permission to manage calls, read and send messages and have access to contacts. Why would a wallpaper app or an app that boosts a devices' performance need access to these areas? It doesn't, and should never have been given these permissions. Here is a familiar app and the permissions it has been granted:
So what can you do? First, read reviews of any app you are considering, though there can be fake reviews mixed in. Second, after download and installation, you will be asked to grant access permission to areas of your device and data. This is the time to stop, read and think through each granting. If any seem odd, then deny access and uninstall the app. Then do some research about the app, and only when satisfied should installation be completed. Third, mobile devices can be further protected with one of the free antivirus and firewall apps for Android and iPhone devices:
LeeShanok has been nominated for a second time to be part of the Cisco Small Business Executive Advisory Board (SBEE). Cisco executives and senior management teams will meet with board members to encourage quality, interactive dialogue on the development of small business products, solutions, services, marketing programs, tool and initiatives.
The cornerstone of the SBEE is the opportunity to influence Cisco’s overall strategy and future direction in the small business segment.
“This is a great opportunity to partner with Cisco Systems, a leader in the technology industry, in support of providing new technologies that makes sense to small businesses. Being part of SBEE is a great opportunity to allow us to be the spokesmen on the technology needs for small businesses to Cisco”, LeeShanok said.
About LeeShanok LeeShanok Network Solutions has provided professional IT consulting services in Arizona since 1997.
About Cisco Cisco (NASDAQ: CSCO) is the worldwide leader in networking that transforms how people connect, communicate and collaborate.
For more information, media contact: [Eric LeeShanok, LeeShanok Network Solutions (520) 888-9122, email@example.com]
The PCI Security Standards Council maintains and promotes security standards for the Payment Card Industry, providing tools to assess, train and certify companies involved in eCommerce. Credentialing of vendors help industries like Property Management reduce exposure by identifying PCI Compliant vendors. Don't worry, your selection of LeeShanok Network Solutions was a wise move, as we are PCI compliant and a member in good standing of The Compliance Depot.
On June 30, 2018, the eCommerce industry will say goodbye to SSL and early versions of TLS, and so should you.
SSL and TLS are cryptographic protocols used to create secure communications between two systems, authenticating them, and protecting the confidentiality and integrity of data passing between. SSL and early versions of TLS have vulnerabilites that cannot be patched and put organizations at risk of being breached.
Here is what you can do:
1. Attend a webinar to better understand the issue and recommendation, and if it affects your firm and payment card transactions - https://info.pcisecuritystandards.org/webinar-migrating-from-ssl-early-tls-video-2018 2. Enlist the help of your IT services vendor. If you are a Managed-IT client of LeeShanok, we've got you covered. If not, we can help you evaluate exposure and guide your conversion. 3. Migrate your devices to TLS 1.2, configure it securely, and keep it updated.
Contact us to discuss your situation, exposure and migration