California’s New IoT Password Law. A Nice Try but…

California governor Jerry Brown recently signed a bill into law called the ‘Security of Connected Devices,’ or SB-327. Starting in 2020, the new law requires any California manufacturer of Internet-connected devices to equip every new device with a unique password or have a setup procedure that requires users to change the default password as part of the setup procedure.

The law is an effort to address a geometrically growing problem – customers that simply take their latest Internet-of-Things device, plug it in or connect it to their wifi, and then forget about it leaving default and hard-coded service passwords in place. This is how automated malware like NotPetya and WannaCrypt recently wreaked havoc around the world.

Like many government initiatives, there are good intentions but while the new law may provide some help it unfortunately misses the much larger problem; failure to update software. There are many ways to access an IoT device and a username/password is just one of them.

New security holes are discovered all the time and they usually take advantage of elements of the device whose operation is invisible to users.

It’s hard enough for Apple and Microsoft to get users to update their main computer systems, so imagine the difficulty in getting users to update a smart light bulb socket, a security camera, or a smart refrigerator? Or how about hundreds or thousands of devices in a home or business?

So what’s the takeaway? First, don’t rely on manufacturers to supply perfect products or products that update themselves. In fact, many self-updates create more problems than they fix (hey – some of this stuff is complicated!). And don’t look for a government magic wand to solve the problem. The new California law makes nice press and allows legislators to claim that they ‘did something about the problem,’ but understand that you have to take responsibility for what you connect to your network.

Especially at work, be extra careful. In addition to thinking twice about whether you really need that IoT device, we recommend deploying a system like our Ransomware Guardian that can restrict unknown and rogue IoT devices from functioning on your network.

Everyone stay safe out there!


 

Tips for Using WiFi Hotspots Safely

Having an available wifi hotspot can be incredibly helpful if you need to do some business on the road. But you should take some precautions to ensure that the person on the other side of that coffee shop isn’t stealing your identity, draining your bank account, or having a shopping spree with your credit card. Here are some of the safety tips we give our own customers.

  1. Make sure your laptop or tablet security is up to date. This would include having a fully supported OS with all patches applied, an updated web browser, a personal firewall turned on, and current anti-spyware/anti-malware.
  2. Be aware of the hotspot you’re using. The hotspot at Starbucks is preferable to one you just happen to come across while you’re sitting around the mall. And a hotspot that requires patrons to use a password is better still.A new trend to watch out for is ‘hotspot fishing’. The bad guys target an area where there are many people looking for wifi access. An airport is a great example. They setup with their own laptop with hacking software and then broadcast an unsecured wifi hotspot – sometimes with the name of a nearby store or the airport’s name to try and fool users into thinking its safe. Then they wait for unsuspecting users to connect. Once they do, everything they transmit can be intercepted.
  3. Protect your passwords. When a website or your browser asks if you’d like it to remember your password, we suggest saying ‘no’. For someone that’s frequently on the road, it’s better not to have your password data stored anywhere on your computer. The exception would be if you are using an encrypted password manager like KeePass.
  4. Change settings. The default behavior on Windows systems when connecting to a new network will be to ask you if the network should be trusted or not – choose ‘Public’ or ‘Public Network’. But if your computer doesn’t ask you for some reason, make sure you turn off file sharing.
  5. Use a VPN. A VPN can encrypt your connection to a home or work network so consider connecting this way if possible.
  6. Avoid financial transactions. If at all possible, just have these wait until you get home or to a secure network. If you do have to do some e-commerce shopping, make sure the sites are encrypted and secured. Secure sites begin with an ‘https’ in the address.
  7. Be aware of your physical surroundings. When you’re engrossed in some online work it’s easy not to pay attention of people coming and going around you especially if you’re in a busy location like an airport or coffee shop. Bad guys are in many of these public areas and are ready to grab a briefcase or purse left on the floor when the owner isn’t looking.

Everyone stay safe out there!

 


 

Tips for Selecting the Right Wireless Tech for your Network

Nearly every organization is now using wireless technology in their network. Here are some tips on how to do it safely and get great results.

Step 1Stay away from retail store products. The simple fact is that the $30 wireless router at Staples or Best Buy isn’t what you want. In fact, you almost certainly don’t want a router anyway – you want a Wireless Access Point (AP). And you want one that supports the latest 802.11ac standard. Consumer products at retail stores don’t have much horsepower and will just disappoint you in a business environment with multiple simultaneous users.

Business-class products support more simultaneous users, seamless roaming from one AP to another, and centralized management. One favorite of ours is the recently released HP M330 dual radio access point. We have special pricing on these if you’re interested – contact us.

Step 2Perform at least a basic wireless audit. Unless you have a one-room office with just a couple of people, you need to do some planning to make sure you cover all the work areas in your organization and also that you have enough capacity for the number of devices you’ll be supporting. Wireless signals don’t like metal and mass. Modern construction with steel stud walls as well as old buildings with brick and foil-backed insulation all greatly reduce wireless signal strength. There are low cost/free apps you can get for a tablet or smartphone that, while not true scientific tools, will allow you to observe wireless signal strength fluctuations as you walk through throughout your office. This will give you a basic idea of how far a wireless signal is likely to reach.

For capacity, a good rule of thumb with a decent quality AP is that it can support about 8 devices at a time.

And be realistic about the number of devices you’ll be supporting. In addition to the notebooks and laptops in your organization, what about everyone’s smartphones? And what about guests? There’s nothing worse that rolling out a new wireless network and finding out it’s maxed out on the first day.

Step 3plan. So once you’ve determined how many AP’s you’ll need, don’t forget that each one needs to be connected to a network jack. And each will need power. Some models have a plug-in wall transformer but many utilize Power-over-Ethernet (PoE) which requires adding a special type of network switch to your network.

Step 4Don’t forget security! Even the most casual non-techie knows that it’s important to secure wireless networks properly. Use at least WPA encryption, put guest wireless networks on a separate subnet, and consider using MAC address filtering. And if your organization is subject to HIPAA, CMR17, or a variety of other compliance laws, you have to get it right. If there’s any part of this you don’t understand, it’s worth getting an expert to help you.

 


 

6 WiFi Deployment Tips for Business

Thinking about offering your guests wifi access at your business? It’s a benefit your customers will really appreciate, so here are some tips to get you started.

  1. Given regulatory compliance and not having your customers use up all your bandwidth, consider getting a separate Internet service and dedicating it for customer or guest use. Keeping your business data, POS terminals, and all your customer’s credit card info separate from whatever your guests are doing is a smart idea that doesn’t cost much. We often have our customers pick up an inexpensive DSL or cable circuit just for this purpose.
  2. If your business layout is complex or has multiple floors, get a vendor in who specializes in wireless networking and have them do a site survey. This will ensure that you get adequate coverage for all areas and also that you have enough access points to handle the number of end-user devices to be supported.
  3. Speaking of the number of devices to be supported, 8 or 10 is a realistic limit for a decent business class wireless access point, so don’t undersize to try and save money. Everyone that comes into your business will have at least one wifi device – kids usually have several. It’s better not to offer the Internet at all rather than have intermittent or painfully slow service.
  4. Make sure you set up your guest wifi using the latest technology access points that support both 5 GHz and 2.4 GHz devices. This helps support older devices, balances loads, and customers with newer equipment will enjoy the greater performance.
  5. Make sure your access points are MIMO devices – multiple input and multiple output. These devices offer significant increases in range and data throughput compared to the last generation of wireless access points. They also support a variety of antennas so support specific building layouts and even outdoor use.
  6. If you’re not sure what you’re doing, get some help from a company that specializes in wireless networking.