Security

6 Steps to Securing IoT Devices and Taking Back Your Privacy

In today's world we are more connected than ever — not only to each other, but to our devices. For example, people now have the ability to open and close their garage doors and even start their cars directly from their phones. But what information do we put at risk when we do all of these amazing things?

Securing Internet of Things (IoT) devices and keeping personally identifiable information (PII) safe and secure these days is of the utmost importance.

IoT Information Collection

When you buy the latest IoT device, you need to be aware of two things: First, IoT devices collect your information, and second, that information is always accessible.

So, what exactly is information collection? Think of a common streaming service, like Netflix. Once you sign up, you'll start receiving emails from Netflix letting you know they’ve added a new TV show that you might enjoy. And the thing is, they’re usually right! That's because your viewing history and ratings have been transmitted through an algorithm to determine what else you’d be willing to watch, and thus, continue your subscription. Now imagine every device you have on your home network collecting this type of information. It's a scary thought!

Keeping Your Information Secure on IoT Devices

While technology enables you to control your life from your fingertips, your information is at everyone else’s fingertips as well. Security isn’t fun or flashy, and because of this, some companies do not give it the consideration it deserves before they bring their products to market.

Very often when you buy an IoT device or utilize a company’s service you have unknowingly allowed them to collect information about you. That agreement you have to sign before you can use any of their items is written by their lawyers, and unfortunately, without saying yes you can’t use that fancy new gadget. All of these companies know it, which is why hundreds of pages sit between you and your new purchase.

6 Steps to Protect Yourself and Your Devices

1. Change Default Passwords

On devices that are connected to your network you should always make sure you change the default password. It doesn't matter if it's a new security camera or a new fridge. Creating new credentials is the very first step in securing your IoT devices and protecting your privacy. Research has shown that a “passphrase” is safer than a password. What does this mean? It means 1qaz!QAZ is less secure than Mydogsliketochasethechickensaroundtheyard! which is also much easier to remember.

2. Automatic Patches and Updates

In today's "set it and forget it" society, many electronic devices can take care of themselves. Quite often technology has a setting that allow for automatic updates. This is an important setting to turn on when securing IoT devices.

3. Set-up Multi-factor Authentication (MFA)

MFA security settings are growing in popularity. This is as simple as receiving a text or code that you need to type in while signing on to a system. Often times within the account preferences of your device, you can set up an Authentication Application. If you can’t find this option call customer service, chances are it exists somewhere.

4. Utilize a Password Manager

Keep usernames and passwords unique. Most password manager applications can generate a random password for you, and will allow you to store them safely.

5. Update Default Settings

Check to see which settings are turned on by default, especially if you don't know what they mean. If you are unfamiliar with FTP or UPnP, chances are you are not going to use them, or even notice that they are off.

6. Avoid Public Wi-Fi

It may be convenient to connect to a public Wi-Fi, but think again! If the Wi-Fi network does not require a password, then anyone can listen in on your computer’s information. Some public Wi-Fi networks are deliberately set up in the hopes that people will use it so they can steal information or credentials.

Remember that just like you lock your front door to protect the valuables inside, these days you also need to lock your IoT devices to protect your information and your privacy.

A message from MS-ISAC May 2020 Volume 15, Issue 5

Online Banking Privacy & Security

Safeguarding your personal information when interacting with us via the Internet is extremely important. Profile Bank’s Online Banking has been designed with that in mind. Profile Bank will continue to enhance and maintain prudent security standards and procedures to protect against unauthorized online access or use of your nonpublic personal information and records, applying the same high standards in caring for your personal information as we do for transactions you conduct with us in person.

Secured Forms

Messages sent using the secure forms within our website are secure. Look for the icon of a padlock to verify a form’s security. We preserve the content of your message, your message address and our response, so that we can more efficiently respond to any follow-up questions from you. We also retain this information to meet legal and regulatory requirements.

Regular Internet E-mail is Not Secure. Please do not send confidential information such as social security or account numbers to us via regular e-mail. In instances where e-mail addresses are provided, they are provided for information inquiries of a non-sensitive and non-confidential nature. Since an Internet e-mail response back to you would not be secure, we will not include confidential information in an unsecured e-mail response.

Phishing & Identity Theft

“Phishing” refers to activities of cyber-criminals who create an imitation of an existing legitimate web page and trick people into providing sensitive personal information. We will never send an e-mail that provides a link to the Profile Bank Online Banking logon screen. The recommended best practice is to access the logon screen from the link on our website homepage at www.profilebank.com. 

In the worst case of phishing, you could find yourself a victim of identity theft. With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even driver’s licenses in your name. They can do damage to your financial history and personal reputation that can take years to unravel. But if you understand how phishing works and how to protect yourself, you can help stop this crime.

How it works

In a typical case of phishing, you’ll receive an e-mail that appears to come from a reputable company that you recognize and do business with, such as your financial institution. In some cases, the e-mail may appear to come from a government agency, including one of the federal financial institution regulatory agencies.

The e-mail will probably warn you of a serious problem that requires your immediate attention. It may use phrases, such as “Immediate attention required,” or “Please contact us immediately about your account.” The e-mail will then encourage you to click on a button to go to the institution’s Web site. In a phishing scam, you could be redirected to a phony Web site that may look exactly like the real thing. Sometimes, in fact, it may be the company’s actual Web site. In those cases, a pop-up window will quickly appear for the purpose of harvesting your financial information. In either case, you may be asked to update your account information or to provide information for verification purposes: your Social Security number, your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother’s maiden name or your place of birth.

If you provide the requested information, you may find yourself the victim of identity theft.

Note: Please be aware that Profile Bank will never contact you to request or verify information about account numbers, PIN’s, login ID’s, passwords or any other personal information regarding your accounts.

How to Protect Yourself

1. Never provide your personal information in response to an unsolicited request, whether it is over the phone or over the Internet. E-mails and Internet pages created by phishers may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure site. If you did not initiate the communication, you should not provide any information.
2. If you believe the contact may be legitimate, contact the financial institution yourself. You can find phone numbers and Web sites on the monthly statements you receive from your financial institution, or you can look the company up in a phone book or on the Internet. The key is that you should be the one to initiate the contact, using contact information that you have verified yourself.
3. Never provide your password over the phone or in response to an unsolicited Internet request. A financial institution would never ask you to verify your account information online. Thieves armed with this information and your account number can help themselves to your savings.
4. Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving, call your financial institution to find out why. If your financial institution offers electronic account access, periodically review activity online to catch suspicious activity.
5. Review your credit report at least annually to monitor for unfamiliar transactions. Contact www.annualcreditreport.com or call 1-877-322-8228 for your free annual credit report.
6. Report suspicious e-mails or calls to the Federal Trade Commission through the Internet at https://www.consumer.ftc.gov/features/feature-0014-identity-theft, or by calling 1-877-IDTHEFT.

What to do if you fall victim

Contact your financial institution immediately and alert it to the situation. Report all suspicious contacts to the Federal Trade Commission through the Internet at https://www.consumer.ftc.gov/features/feature-0014-identity-theft, or by calling 1-877-IDTHEFT. If you have disclosed sensitive information in a phishing attack, you should also contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file, which will help prevent thieves from opening a new account in your name. Here is the contact information for each bureau’s fraud division: