It’s Cybersecurity Awareness Month–So Let’s Talk Automation and Home Security
At this point, anybody in the IT world would have to be living in a cave in the wilderness to not know that October is Cybersecurity Awareness Month. (And since there’s no Wi-Fi in wilderness caves, that scenario is admittedly unlikely.) This week, I wanted to take a closer look at a couple topics, one for work and one at home.
First, let’s talk about automation.
Automation is a must! There is no other way of saying it. Most security teams are understaffed and overworked, and when properly implemented, automation can do the work of many. For example, how long does it take to implement a recent acquisition’s intellectual property into your security processes? Months? Years? What if it could be done in less than a week, or even a day?
In today’s world, most software exposes APIs. This allows custom integration into your security processes. With the right resource, custom automation can be created to enhance any security program. It ensures that all of the requirements are being followed.
Application security can ensure that every single line of code checked into a repository is scanned, and results are shared on a common dashboard. Network security can ensure that any new resource added to the network follows company’s standards. Cloud security can ensure that resources are being used appropriately and not opened to bad actors.
Finally, security issues identified by your processes can auto generate work items in popular ticketing systems. This ensures that the issues identified do not fall through the cracks.
This is a good time to sit down with your teams and discuss the benefits of automation. Do not let this slip through the cracks.
Second, let’s look at securing your home.
Over the past several years, companies have changed their approach to software development. Today’s development atmosphere is focused on hitting deadlines. If any bugs or security issues are found, update the software accordingly and release it as an update or hotfix. How many times have you seen an “Update Now” or “Live Update” in your applications? Because of this, make sure that you regularly apply updates to your home devices or applications. This may be more complicated than you realize. Not everything is going to flash that ‘Update Now’ signal, and there are security risks in devices you might not even be aware of throughout your home. If you aren’t an IT professional (and, let’s face it, even if you are), many of these security risks may not be on your radar. Here are just a few of the routes that bad actors can use to compromise a network:
- Internet of Things (IoT) gadgets. In the era of the smart home, IoT devices are everywhere. We’re talking light bulbs, doorbell cameras, pellet smoker grills, automatic on/off timer switches, watering timers, and the list goes on. And all of these devices have firmware that needs updating.
- Printers. Does your printer support network connectivity? Is it enabled and connected to your network? If so, you need to keep the driver software updated.
- Internet routers and firewalls. When was the last time you updated the firmware on your internet router/firewall? If you are like most people, the answer is never
One more thing: Many of these devices are enabled for both Wi-Fi and Bluetooth connectivity, and both avenues need to be secured. Why? Because your WI-FI-enabled devices can be potentially compromised remotely, while your Bluetooth devices can be compromised within 30 meters of the device. Here are my recommendations for security best practices for your home:
- Keep your IoT devices on a separate network. In the event of a compromise, your exposure is limited to other devices – and not your computer or data.
- Regularly check for updates for both IoT devices and home office equipment such as printers, routers, computer software, and so on.
- Install anti-virus software on your home computers. Most internet providers will give you a free license for antivirus software. It’s not perfect, but it is certainly better than nothing.
- Report anything that does not seem right to the company that produced the device or software. If something is wrong, this will alert them to the issue sooner.
Learn more application security tips in our new white paper, “Top Tactics for AppSec Innovation.”
