Internet of Things?

An Internet Device is what is know as a IoT, or Internet of Things. This means the refered to object has been equipped with internet connectivity. This category includes items like smart refrigerators, smart TVs, baby monitors, and security cameras. These devices, commonly found in residential and commercial settings, typically connect to the internet via Wi-Fi or mobile networks like 4G or 5G. 

Before Purchasing an IoT Device

Before making a purchase, it's important to investigate various devices since manufacturers offer differing degrees of security. Compare similar products from multiple manufacturers to make an informed decision. Below are some factors to consider:

1. Is the product from a well-regarded, reputable company and sold through a trustworthy retailer?

Established companies are more likely to prioritize device security. Trustworthy retailers tend to carry products from reputable brands and maintain a more secure supply chain, ensuring you receive the device as the manufacturer intended.

2. Can you change the default password?

Changing your password is generally advisable, but it becomes especially important if the device comes with a weak default password. A securely designed device should feature unique, unpredictable, and complex passwords, as poor default passwords present an easy avenue for device compromise.

3. Does the manufacturer issue updates?

Ongoing updates to address vulnerabilities are crucial. If a device's software has known issues, or if new hacking methods emerge, updates are necessary to remedy these weaknesses.

4. What type of data will the device collect, and who will have access to it?

The manufacturer's website or privacy policy should clearly outline what data will be gathered and how it will be utilized. Also, consider the information that might be collected by any associated online or mobile apps.

5. Does the device perform only the functions you require?

Purchasing a device with capabilities beyond your needs, such as internet connectivity, could potentially compromise your security. Unneeded features can introduce additional vulnerabilities without offering any benefit to you.

Setting Up an Iot Device

When setting up your device, consider the following questions to enhance your network and data security:

1. Is internet connectivity essential for the device?

Just because a device can connect to the internet doesn't necessarily mean it should. Offline devices are less susceptible to hacking. If you won't be utilizing internet-dependent features, evaluate whether the device needs to be online.

2. Is the device situated in a secure location?

Place the device in a secure area to mitigate the risk of physical tampering. Treat your IoT device like any other valuable asset and store it in a locked space, if feasible.

3. Have I replaced the default username and password?

Ensure that you set a robust password or passphrase. If your device comes with a generic, easily guessable password, change it. Lists of default usernames and passwords are often available online, making devices with these settings more vulnerable.

4. Is my Wi-Fi network configured securely, with a strong password?

Strengthen your Wi-Fi network and router security to make it more challenging for potential attackers to infiltrate your device or network.

For added security, consider establishing a separate Wi-Fi network solely for your IoT devices. This is sometimes referred to as a 'guest' network on your router. If your IoT devices don't need to communicate with each other, activate the 'client isolation' feature. This will help ensure that compromising one IoT device doesn't expose your other devices or data.

5. Are unnecessary device features deactivated?

If the device includes features you don't need, such as cameras or microphones, disable them where possible.

For added precaution, examine settings that mention enabling remote access to the device's web administration interface, either from the local LAN or the wider internet. Make sure it's configured to local LAN access only, unless you specifically need remote access.

Maintaining an IoT Device

1. Restart Devices Periodically 

If your IoT device starts to lag or malfunction, it could indicate the presence of malware. Some types of malware are stored in memory and can be removed by rebooting the device—essentially turning it off and then back on. If issues persist post-reboot, consider performing a factory reset.
Note that a factory reset may erase your user data and customized settings.

2. Keep Software Up-to-Date

While some devices automatically update, others require manual intervention. Regularly check for updates from the manufacturer and apply them as they become available. If your device no longer receives updates, think about replacing it with a newer model that does. Outdated devices lacking security patches can become a liability, posing risks to your network, privacy, and data. 

3. Power Down Unused Devices

Keeping devices that are not in use powered on and connected to your Wi-Fi network for prolonged periods can heighten the risk of an attack. An automated solution for this is to use a timed power outlet that supplies electricity to the device only during predetermined hours. 

4. Monitor Internet Usage and Billing

A sudden spike in your internet consumption or billing may signal that your device has been compromised. To mitigate this, you can try performing a factory reset and updating the device's password.
Note that a factory reset may erase your user data and customized settings.

Disposing of an IoT Device

When you're done using a device and plan to discard or sell it, you should take precautions to ensure that your personal data doesn't end up in the wrong hands. Here are some steps to help you safely dispose of a device: 

1. Wipe Personal Data and Information 

The device's manufacturer should offer guidelines on how to securely erase all your personal data and information from both the device and any related apps. This step is crucial to make sure no one can access your personal data after you've gotten rid of the device. If you have an online account linked to the device that won't be needed anymore, delete that as well. 

2. Initiate a Factory Reset 

Executing a factory reset will delete local storage data and revert all settings, usernames, and passwords to their default states. Consult the device's user manual or the manufacturer's website for specific instructions on how to perform this task. 

3. Unlink from Other Devices 

Before getting rid of the device, make sure to disassociate it from any other connected devices, networks, or online accounts. This precaution ensures that nobody else can gain access to your other devices or personal information. Go through your various devices and apps to remove any established pairings or permissions that are no longer needed. 

4. Detach Removable Storage Media 

If the device has any sort of removable storage like USB drives or memory cards, remove these as well. These storage media can hold personal data that might not get erased during a factory reset. These should be physically removed and destroyed, and then disposed of separately to ensure your data's safety.

Account Types?

In the context of computer systems, accounts can have varying levels of control and access, typically divided into 'User Accounts' and 'Administrator Accounts.' Understanding the differences between the two is crucial for managing your device effectively and securely. 

User Account

A User Account is a type of account that has limited control over the computer system. Generally, it can't make changes that affect other users or the system at large. This account type is recommended for everyday tasks such as:

• Browsing the internet

• Editing photos or documents

• Using installed applications

The limitations are purposeful, as they add a layer of security. If malware infects a User Account, its capacity to harm the overall system is somewhat restricted due to these limitations.

Administrator Account

An Administrator Account, on the other hand, has full control over the system. It can make broad changes, including:

• Installing or uninstalling software

• Creating or deleting user accounts

• Accessing all files stored on the computer

• Changing system settings that affect all users

Due to the higher level of permissions, Administrator Accounts are more susceptible to attacks that can have system-wide consequences. Therefore, it's generally advised to use an Administrator Account only when necessary and to conduct most daily tasks using a User Account.

By understanding these differences, you can make more informed decisions about how to set up and use your computer system, improving both functionality and security. 

Risks of Using Administrator Account for Everyday Use

Utilizing an Administrator Account for daily activities presents a significant security risk. These accounts have the ability to make system-wide changes, install software, and access all files on the computer. If a cybercriminal gains control of an administrator account, they can wreak havoc on a system, potentially compromising all its data and functionalities.

Analogy: Master Key vs. Apartment Key

Using an administrator account for day-to-day tasks is akin to a building caretaker using a master key to enter their own apartment instead of using a dedicated key for their unit. While the master key might offer convenience, the risks associated with losing it are much higher. If misplaced, not only is the caretaker's apartment at risk, but so is the entire building. Similarly, using an administrator account for everyday tasks opens up the entire computer system to risks if it gets compromised.

How to Change Account Types

If you're currently using an administrator account for everyday activities, it's advisable to switch to a standard user account for increased security. Modification of standard user and administrator accounts can be done in System Preferences or Control Panel.  

Why Do I Need Antivirus Software?

Antivirus software serves as a shield against harmful and malicious software, also known as malware, thereby enhancing the security of your devices and safeguarding your personal data.

Malware has the potential to disable your computer, as well as steal, erase, or corrupt your files. It can also grant unauthorized access to your computer, putting your personal or business information at risk.

There are multiple ways your device could become compromised by malware, such as:

• Clicking links on compromised websites.

• Opening email attachments that are infected.

• Browsing sites that are contaminated with malware.

• Downloading apps or files from the web that are infected.

The consequences of a malware attack can be severe and wide-ranging. 

What Has Antivirus Software?

Your existing device probably already has built-in antivirus software. This is commonly the case with most modern Windows and Apple computers, as well as Android and Apple smartphones.

There are also third-party antivirus solutions available that may offer additional features not found in the free, pre-installed versions.

Some new computers might arrive with a trial edition of third-party antivirus software. If so, make sure to research both the product and its provider to fully grasp its capabilities and any undisclosed costs. For instance, a company might support their no-cost antivirus offering through advertising or by gathering and selling your information to other enterprises. Once the trial period ends, you may opt to subscribe or revert to using the built-in antivirus on your device.

It's crucial to note that antivirus software alone isn't the answer for all security threats. Its effectiveness is amplified when combined with sound security behaviors and protocols. To further safeguard yourself online, adhere to the ACSC's recommended guidelines.

• Windows Security

Devices running Windows 10 or Windows 11 come with an antivirus program known as Windows Security. You can access this by typing "Windows Security" into your computer's search bar or by clicking on the shield symbol located on the taskbar. 

• macOS, iOS, iPhone & iPad Security

Apple computers come with a built-in antivirus feature known as XProtect, which operates unobtrusively in the background without offering options for manual scans or settings adjustments.

Similarly, iPhones and iPads have integrated antivirus and security functionalities that work inconspicuously in the background. Apple also employs a rigorous screening process that generally stops harmful apps from appearing in the official App Store.

• Linux Security

Linux and its common distributions do not come with built in antivirus software. 

• ChromeOS Security

ChromeOS comes with built-in security features that operate behind the scenes. Intentionally, ChromeOS does not incorporate antivirus software. Generally, additional antivirus is not needed, as the system permits only the installation of software that has been approved by Google. 

• Android Security

Android mobile devices are equipped with background security measures. Typically, they also feature Google Play Protect, which scans apps for any malicious elements before you proceed with installation. 

Using Antivirus Software

Regardless of whether you rely on your device's pre-installed antivirus or opt for a third-party solution, there are essential actions you can undertake to enhance your device's security.

It's worth noting that based on your specific device and antivirus program, certain security measures may be handled automatically, eliminating the need for manual intervention.

1. Turn On Automatic Updates

To ensure optimal functionality of your antivirus software, it's crucial to keep both the software and your device up to date. Verify that both are configured for automatic updates, and periodically confirm that this setting remains active.

Antivirus solutions rely on a database of "signatures" to detect malware. Make sure that your antivirus is receiving these signature updates. If your antivirus subscription has expired, you may need to either renew it or transition to a free alternative to continue receiving the most current signature updates.

2. Ensure Your Antivirus Is Switched On

The built-in antivirus is usually activated by default; consult the information specific to your device for further details. If you're utilizing a third-party antivirus solution, confirm that it's properly installed and operational by opening the application on your device. 

3. Run A Full Scan

If you've recently configured a new device or have just installed and activated antivirus software, initiate a complete scan to ensure that your device is devoid of malware. 

4. Schedule Automatic Scans

Following the initial scan, configure your antivirus to perform automated scans on a regular basis. Depending on your specific device, this could happen automatically in the background or at predetermined intervals, like weekly. 

5. Familiarise Yourself

Certain types of malware may attempt to deceive you by generating false alerts that mimic those from your legitimate antivirus software. It's important to know what a genuine alert from your security software looks like.

To distinguish fake alerts, look for indicators like:

5. 1. • Urgency in the message

      • Request for money

      • Grammatical errors

      • Ambiguous language

Third-Party Antivirus

In certain situations, you might need enhanced security and features not offered by free, built-in antivirus software. Endpoint security is an alternative term for software that combines contemporary antivirus capabilities with a range of other features.

When deciding between a paid or third-party antivirus solution, evaluate your specific security requirements, circumstances, and budget. For instance, if you're managing a business that utilizes diverse devices and operating systems, an endpoint security package may offer additional functionalities beneficial for overseeing the security of these gadgets. Moreover, if your organization handles sensitive data like medical or financial records, third-party antivirus options can offer added layers of protection.

Features that may be useful to you or your organization in third-party antivirus and endpoint security solutions can include:

• Centralized monitoring and management of multiple devices

• Data loss prevention (DLP)

• Compatibility across various operating systems

• Advanced threat identification and safeguarding

• Protection against ransomware

• Efficient system scans and improved performance

• Anti-theft measures

• Live customer support options

Note that third-party antivirus suites may also bundle in unrelated features, such as VPNs or password managers. It's advisable to separately assess the quality and reputation of these additional functionalities.

The Importance of Securely Disposing of Your Device?

When you're ready to part with an electronic device—whether you're upgrading to a new phone or getting rid of an old laptop—it's crucial to handle the disposal carefully. Insecure disposal practices could inadvertently offer cybercriminals easy access to all the data stored on the device, including sensitive personal information, financial data, and other confidential materials. 

Risks of Insecure Disposal:

• Exposure of Personal Data: From emails to photos and web browsing history, your device holds a lot of information about you.

• Financial Risks: Saved passwords or stored payment details for online stores or apps pose a financial risk if they fall into the wrong hands.

• Identity Theft: Personal identification information could be used for fraudulent activities, impacting your credit score and causing a host of other problems.

Note: Even when following the right steps, your information may be able to be recovered. If the information on your device is particularly sensitive, you should consider using a data destruction service or asking an IT professional to help you dispose of it securely. 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Disposing of Laptops, Computers, Phones and Tablets

Getting rid of your old device is more than just throwing it in a bin or passing it on to a new owner. You need to make sure all your data and personal information are completely removed and secure. This comprehensive checklist outlines the necessary steps to ensure that you dispose of your devices safely. 

1. Back Up Your Data

Before wiping your device clean, make sure to back up important files and information. Store them securely either on a cloud service or an external storage device such as a hard drive or USB stick. Failing to back up your information could result in a permanent loss of important data. 

2. Transfer Authentication Applications

If you've been using authentication apps like Google Authenticator or Microsoft Authenticator for two-factor authentication (2FA), it's crucial to transfer them to a new device. Neglecting to do so may result in being locked out of accounts that are secured with 2FA. 

3. Update Your List of Trusted Devices

For accounts that keep track of a list of trusted devices, such as Apple ID or Google Account, remember to remove the device you are about to dispose of from that list. This step can usually be done through the account settings on the respective platform. Forgetting this could allow future users of the device to potentially gain access to your accounts. 

4. Remove All Connected Devices and Media

Don't forget to unplug any external storage devices, USB sticks, DVDs, or SIM cards attached to your device. These storage media could hold sensitive information that won't be erased when you factory reset your device. Cybercriminals could access this data if it gets into the wrong hands. 

5. Perform a Factory Reset

Lastly, a factory reset will wipe your device clean, deleting all your personal data and restoring the device's operating system to its original settings. Each type of device has its own method for performing a factory reset, which can usually be found in the user manual or on the manufacturer's website. 

Note: Sometimes, even when following the correct steps, there may be errors or some of your information may not be securely erased. If you are concerned or have any difficulty, you should consider contacting an IT professional. 

6. Remove Identifying Marks

Whether you are an individual or a business, it's easy to overlook physical identifiers on your device. These could include, name tags or labels, asset numbers, business logos or stickers, and any other markings that tie the device to you or your organization.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Disposing of Removable Media (Portable Drives, USB Sticks and SD Cards)

When disposing of removable media, it's just as important to follow secure procedures as when you're getting rid of devices. Here are some guidelines to ensure your data's safety: 

1. Back Up Your Data

Before taking any steps to dispose of your removable media, make sure to back up any important data. You can upload your data to a secure cloud storage service or transfer it to an external storage device. Failing to back up your data means that you risk losing access to it forever. 

2. Format the Device

Erasing the data from your removable media by formatting it is crucial, but the steps to do so differ depending on your operating system. 

3. Remove Identifying Marks

As with other devices, removable media like USB drives often have physical labels that can identify you or your organization. 

4. Consider Professional Destruction

If your removable media contains highly sensitive or classified information, it might be worth seeking out a professional destruction service or IT professional to ensure that the data is completely irretrievable. 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Disposing of Printers and Fax Machines

The disposal of printers and fax machines involves more than just unplugging and tossing them out. These machines often store sensitive information and can be a source of data breaches if not properly sanitized. Here's a guide on how to securely dispose of your printer or fax machine: 

1. Unplug External Storage and Clear Paper Trays 

Detach any external storage devices like flash drives, portable hard drives, and SD cards that may contain your personal data. Additionally, make sure to empty any paper trays, especially if they hold printed documents that could include sensitive information.

2. Conduct a Factory Reset and Wipe Your Data 

Printers and fax machines often store copies of recently processed documents and other data. Consult your device's manual or manufacturer for guidelines on how to securely delete all stored information and return the device to its factory settings. 

Note: That not all printers or fax machines provide an option for a secure factory reset. If that's the case, you may need to consult with your print service provider, a data destruction specialist, or an IT expert. 

3. Update Passphrases for Linked Accounts 

If your printer is configured to access your email or other online accounts, make sure to change those passphrases for added security. This acts as a safeguard in case the device wasn't properly sanitized. 

4. Remove Identifying Marks

Remove any labels, stickers, or other markings that could provide clues about your identity or the device's usage. 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Disposing of Gaming Devices

1. Save Your Game Data

Before you part ways with your gaming device, ensure you've saved any important data, like game progress, to a secure cloud storage service or an external storage medium such as a hard drive or USB drive. Failing to back up your data could mean you'll have to restart your games from scratch when you acquire a new device.

2. Unplug External Storage and Remove Game Media 

Disconnect any storage devices like portable hard drives, flash drives, or SD cards that you've used for additional storage space. Also, remove any game cartridges or disks from the device. 

3. Execute a Factory Reset to Erase Stored Data 

Initiate a factory reset to revert your gaming device to its initial, out-of-the-box settings. Failing to delete your stored information could provide hackers with a way into your personal accounts and financial information. 

4. Remove Identifying Marks

Take off any personal identifiers from the device, such as name labels, asset tags, or business logos. 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Disposing of an IoT Device

5. Wipe Personal Data and Information 

The device's manufacturer should offer guidelines on how to securely erase all your personal data and information from both the device and any related apps. This step is crucial to make sure no one can access your personal data after you've gotten rid of the device. If you have an online account linked to the device that won't be needed anymore, delete that as well. 

6. Initiate a Factory Reset 

Executing a factory reset will delete local storage data and revert all settings, usernames, and passwords to their default states. Consult the device's user manual or the manufacturer's website for specific instructions on how to perform this task. 

7. Unlink from Other Devices 

Before getting rid of the device, make sure to disassociate it from any other connected devices, networks, or online accounts. This precaution ensures that nobody else can gain access to your other devices or personal information. Go through your various devices and apps to remove any established pairings or permissions that are no longer needed. 

8. Detach Removable Storage Media 

If the device has any sort of removable storage like USB drives or memory cards, remove these as well. These storage media can hold personal data that might not get erased during a factory reset. These should be physically removed and destroyed, and then disposed of separately to ensure your data's safety.