By the end of 2023, reports estimate the world will have over 16.7 billion connected Internet of Things (IoT) devices. This means there will be a tremendous amount of potentially vulnerable targets if they are not properly protected. As the world continues to implement more networks, the importance of IoT security will grow in order to maintain confidence in such devices and systems.

What is IoT Security?

The Internet of Things (IoT) can be defined as the network of software-embedded objects that connect and exchange data with themselves and other devices. IoT security focuses on safeguarding connected devices and networks in the Internet of Things. In other words, this technology segment can be understood as a cyber security strategy.

The Importance of IoT Security

Because troves of valuable and private data flow through IoT devices, they are extremely at risk for cyber attacks. Every device added to a network expands its digital attack surface, which is the number of weak points where an unauthorized user can access the system. This constant exposure to potential data theft and other invasions makes the need for IoT security solutions even more crucial.

While efficient, the interconnectedness of IoT devices unfortunately adds to the threat. Through just one compromised device, a hacker can gain access to the whole system. In a corporate environment where IoT devices are deployed on the network, they have access to the company’s sensitive data and critical systems. Cyber criminals commonly target unprotected printers, smart lighting, and other office devices to gain access to the network and its data.

With IoT, the use of sensors and smart devices to collect data for smart automation specifically benefits the fields of civil engineering, urban planning, and smart cities. Understanding the impacts of the data collected can help with the safe distribution of energy, assist in new structural designs and upgrades, and support the secure interconnection of IoT within smart cities.

Who Is Responsible?

Global legislation defines who is accountable for IoT Security. In the United States, the IoT Cybersecurity Improvement Act requires government agencies to review their IoT-related risks. Agencies must also adopt best practices for security. IoT device companies are legally responsible for ensuring their products are as secure as possible. Manufacturers are at fault for compromises and vulnerabilities. Given that a company’s product developers are at the front end of these discussions, IoT security is an important skill to master. 

Any technical professional, from network security engineers to project managers, can benefit from learning about the valuable craft of IoT security. 

Is Your IoT Network Secure?

Ensure the reliability of your company’s IoT network! IEEE Educational Activities, in partnership with IEEE Internet of Things Technical Community, developed the course program All About IoT Security to provide insight for defending IoT networks from threats. Comprised of six courses, this online training covers the challenges and opportunities around IoT security, botnet detection, and malware forensics. The program also goes more in depth, looking at business case studies, blockchain applications, and directing network traffic.

Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization.

Interested in access for yourself? Visit the IEEE Learning Network (ILN).

 

 

Resources:

What Is An Attack Surface? Fortinet.

What Is IoT Security? Check Point.

H.R.1668 – IoT Cybersecurity Improvement Act of 2020. Congress.gov.

Sinha, Satyajit. (24 May 2023). State of IoT 2023: Number of connected IoT devices growing 16% to 16.7 billion globally. IoT Analytics.

In recent years, the automotive sector has undergone several rapid changes, including connected and autonomous vehicles, advanced driver assistance systems, and smart transportation. Although they have increased driver comfort and safety, these innovations are also associated with technological challenges—especially in the areas of data privacy and cyber security. According to The Business Research Company, the automotive cyber security market size is expected to reach US$4.16 billion by 2026, growing at a rate of over 19%. The good news is that automakers are adding hardware and software for better cyber defenses. The bad news is that criminal hackers are gaining more advanced capabilities. Furthermore, there are now more attack surfaces to hack and exploit.

It is important not to undersell the scale of this potential cyber attack problem. In 2021, only 32% of all American cars were “connected,” sending and receiving data on a regular basis. By 2025, that number may top 50%. Then in another ten years, the percentage of new US vehicles that will be connected is predicted to hit 95%. This expands the cyber attack playing field from just under a third of all new vehicles to almost all new vehicles.

Types of Attacks

One clear trend is the growth of remote hacks, which includes both web-based and nearby wireless attacks such as key-fob hacks. Remote hacks make up the majority, now accounting for about 85% of attacks. Upstream, a cyber security and data management platform, revealed that cyber attacks on cars have soared 225% in the last three years. They found that the most common automotive cyber attacks saw a data or privacy breach, followed by car theft or a break-in via the car’s wireless key fob mechanism.

“Without effective cyber security, everything from the infotainment system to the engine control unit is at risk. The issue is that the move toward connected, autonomous vehicles is outpacing automotive cyber security measures and regulations,” explained Charles Griffiths, Head of Technology and Innovation at IT of website AAG. Once carjackers enter a car with a cloned key, they can hack the engine control unit to turn the engine on and drive away. For cars in motion, hackers can tamper with settings like the auto brake or steering, potentially causing a serious accident.

Upgraded Technology Comes with New Threats 

The push towards more sophisticated levels of autonomy in the automotive sector is a challenge for security. Adding data-exchange and GPS signal-guidance to vehicles benefited drivers, but the extra technology increases the potential for significant cyber attack. Signals and data are weaknesses that we have intentionally introduced into vehicles in the last 20 years in favor of end-user benefits. And so far, these benefits have massively outweighed the risks.

Signal attack vectors are predicted to narrow over the next 20 years—making it harder for attackers and safer for drivers. Data interchange density problems and security weaknesses still exist, making vehicles the next version of the email hack (where there is unsecured data, there is money to be made from stealing that data). Currently, the responsibility for ensuring any such hack is unsuccessful is split between the individual vehicle component manufacturers, the overall vehicle manufacturer, and the seller of the vehicle. With the responsibility net unclear, unhardened security, and a vast array of potential data-targets, you have near perfect conditions for hackers.

Changing How We See Vehicles

Many technology-savvy people are very protective of their data. They’ll install the most impressive data security they can afford on their computer system, monitor their credit cards for fraud, and take other security measures. However, historically, people haven’t needed to think of their cars as a data-risk. As such, there isn’t a huge demand for ruggedized data security in vehicles. The connected car changes the very nature of what a car is, and mitigation of data-theft from connected cars has yet to mature. Until it does, high security is likely to remain a paid-for add-on for the foreseeable future.

Focus on Automotive Cyber Security

As the automotive industry continues to produce connected and autonomous vehicles, there is a need to better understand the safety and security of this technology. Automotive Cyber Security: Protecting the Vehicular Network is a five-course program that aims to foster the discussion on automotive cyber security solutions.

Contact an IEEE Content Specialist today to learn more about getting access to these courses for your organization.

Interested in the course for yourself? Visit the IEEE Learning Network.

 

Resources:

Bradley, Tim. (28 June 2022). Cyber attacks on cars up 225 percent: how hackers could be targeting your vehicle. Express.

Fyler, Tony. (21 July 2022). Cyber-Attack Vectors in the Automotive Sector – Part 1: Signal Attacks. TechHQ.

Fyler, Tony. (21 July 2022). Cyber-Attack Vectors in the Automotive Sector – Part 2: Data Attacks. TechHQ.

FWM. (August 2022). Evolution of the automotive sector – data privacy and cyber security. Financier Worldwide Magazine.

Juliussen, Egil. (29 June 2022). Automotive Cybersecurity: More Than In-Vehicle and Cloud. EE Times Europe.

Liao, Rita. (25 July 2022). Real Driverless Cars Legal in China’s Shenzhen. TechCrunch.

MRH. (27 July 2022). Smart Transportation Market Segments, Opportunity, Growth and Forecast by End-use Industry 2022-2030. This Is Ardee.

Straits Research. (25 July 2022). Advanced Driver Assistance System Market Size is projected to reach USD 57.90 Billion by 2030, growing at a CAGR of 18.3%. GlobeNewswire.

TBRC Business Research Pvt Ltd. (20 July 2022). Automotive Cybersecurity Global Market to Grow at Rate Of 19% Through 2026. EIN Newswires.

From healthcare to supply chains, the decentralized nature of blockchain has the potential to fundamentally restructure the way organizations do business. Once fully implemented, it will also make the internet far more secure against cyber attacks – and give users greater control over their personal data.

How Does Blockchain Make the Internet More Secure?

Centralized networks are often vulnerable to cyber attacks because they tend to have few IP addresses, which hackers can easily penetrate using relatively simple schemes such as phishing. Once in, cyber criminals can do extensive damage, as recently demonstrated by waves of ransomware attacks costing companies an average of $4.24 million USD. However, the decentralized nature of blockchain presents a possible solution, as these complicated networks are far more difficult for hackers to access.

“For those blockchain solutions utilizing proof of work validation methods (such as bitcoin), hackers have to gain control of a majority of nodes to compromise ledger transactions — something that is, by design, computationally expensive,” Robert Napoli, a business strategist who writes about cybersecurity and digital transformation, wrote in Forbes. “This computational cost can be extended to other types of operations in a security scheme, reducing the need for a trusted central authority.”

Transitioning internet domain name servers (IDNs), which link web browsers to websites, to the blockchain, for instance, would disperse resources “to multiple nodes, making it infeasible for hackers to control the database,” Napoli adds. He noted that blockchain can be secured even further with the help of artificial intelligence technology.

Blockchain, Decentralized Identity, and Digital Identity Wallets

Aside from making networks more secure, blockchain technology can also give users a decentralized online identity that shields their personal data against breaches. According to Deepak Gupta, a cyber security innovator, tech strategist, and cofounder of LoginRadius, writing in VentureBeat, a decentralized identity “is based on a trust framework for identity management. It allows users to generate and control their own digital identity without depending on a specific service provider.”

With a decentralized identity (DID), users have digital “identity wallets” that store proof of their identity in a single location, which they can use to grant or deny access to third parties on the network. Not only do identity wallets give users an easier, more secure way to share their information, they also give users greater power over their own data.

According to Gupta, authentication through decentralized identity and blockchain include the following steps:

1. 1. The identity wallet contains the user’s verified identity details, including their name, age, address, education, employment details, and financial data. This creates a foundation of trust and confirms the user is eligible for authentication.
   2. The decentralized identity feature uses the public key associated with the private key and publishes it onto a distributed ledger like blockchain.
   3. As the decentralized system delivers the public key to the blockchain, the identity wallet receives a unique decentralized identifier representing the user across the internet.
   4. The user shares this identifier with the service provider to get authentication.
   5. The service provider seeks the shared identifier in the blockchain. If and when this is found, the blockchain then sends matching data to the application. The user then completes authentication by adding a signature using a private key.

The service provider application verifies authentication, allowing the user to take action.

The decentralized nature of blockchain has the potential to revolutionize cyber security, but will also come with radical changes. Is your organization prepared to take on this complex technology?

Designing Blockchain Solutions

Get practical guidance for how to design a blockchain solution with the IEEE five-course program, A Step-by-Step Approach to Designing Blockchain Solutions. Developed by experts, this course program recaps the basics of the technology; the expected benefits of a blockchain solution; how a solution would benefit a prospect company; and more.

Contact an IEEE Account Specialist to learn more about how this program can benefit your organization.

Interested in getting access for yourself? Visit the IEEE Learning Network (ILN) today!

Resources

Gupta, Deepak. (5 March 2022). Decentralized identity using blockchain. VentureBeat.  

Napoli, Robert. (4 March 2022). How Blockchain Could Revolutionize Cybersecurity. Forbes. 

A recent report from the U.S. Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the Office of the Director of National Intelligence, warns of three major threat vectors that can potentially imperil 5G networks.

The report, titled Potential Threat Vectors to 5G Infrastructure, details outcomes from the 5G Threat Model Working Panel, which was launched under the National Strategy to Secure 5G to analyze weaknesses in 5G infrastructure. The panel examined current 5G projects for possible risks, identified, and created mock situations for 5G implementation. They then determined the risks, which include the following.

Policies and Standards

Within the policies and standards threat vector category, the report found a pair of sub-threat vectors related to open standards and optional controls when creating the foundation for 5G infrastructure. Standards developed by “adversarial nations” that include “untrusted technologies and equipment that are unique to their systems” could contain untrustworthy technology that might hinder competition and interoperability. The report also found that adopting optional security controls help to protect networks from hackers.  

“Nation states may attempt to exert undue influence on standards that benefit their proprietary technologies and limit customers’ choices to use other equipment or software,” the report states. “There are also risks associated with the development of standards, where standard bodies may develop optional controls, which are not implemented by operators. By not implementing these subjective security measures, operators could introduce gaps in the network and open the door for malicious threat actors.”

Supply Chain Risks

The report points to the 5G supply chain as a second vector threat, especially because the race to sell new devices creates a large market for counterfeiters. The report states that bad actors can use supply chains to “exploit information and communications technologies (ICTs) and their related supply chains for purposes of espionage, sabotage, foreign interference, and criminal activity.” 

Supply chain sub-threat vectors include components passed on from third-party suppliers, vendors, and service providers. Because flaws and malware introduced early in development are tricky to spot, lead developers may mistakenly approve flaws or malware. Malicious actors could later exploit these vulnerabilities. 

5G Systems Architecture

Despite IT and communication companies ramping up 5G security, cyber criminals can still exploit “both legacy and new vulnerabilities”. 

“For example, the overlay of 4G legacy and 5G architectures could provide the opportunity for a malicious actor to carry out a downgrade attack, where a user on a 5G network could be forced to use 4G, thereby allowing the malicious actor to exploit known 4G vulnerabilities,” according to the report. 

Additionally, 5G networks are utilizing a larger range of information architectures than ever before. Features of such architectures include configuration, spectrum sharing, software-defined networking, and multi-access edge computing. This can give hackers a greater ability to target systems and networks. For example, a firmware vulnerability could allow a hacker to penetrate the multi-access edge computing (MEC), swipe private data, and alter and even deny access to data.

5G Networks

As technology continues to evolve toward 5G, it’s vital for technical professionals and industry leaders to understand how to deliver on the 5G vision while meeting consumer demand for higher communication speeds. Is your organization ready? Consider training your team with 5G Networks, a three-course program from IEEE and Nokia.

Connect with an IEEE Content Specialist today to learn more about the program.

Interested in learning more about 5G for yourself? Visit the IEEE Learning Network today!

Bridging the 4G/5G Gap

Prepare your organization for 5G, the next generation of wireless network technology. The IEEE two-course program, Bridging the 4G/5G Gap: Telecommunications Roadmap for Implementation, provides a historical overview of 4G/5G technology, identifies what is needed for 5G integration in a 3G/4G world, and showcases the scientific evidence surrounding wireless facilities’ impact on property value and human health, and more.

Contact an IEEE Content Specialist today to learn more about getting access to these courses for your organization.

Interested in the course for yourself? Visit the IEEE Learning Network.

Resources

Kanowitz, Stephanie. (18 May 2021). 5G infrastructure faces foundational threats. GCN.

Currently, 200 million digitally “connected vehicles” are traversing the world’s roadways, according to a recent white paper from the 5G Automotive Association (5GAA). By 2024, real-time traffic updates will be possible thanks to road infrastructure that will be digitally connected. By 2026, advanced vehicle-to-vehicle (V2V) capabilities will help bring automated vehicles another step closer to reality.

Today’s vehicles contain more software than ever before, as well as a constellation of automotive systems in their power locks, brakes, windows, entertainment, steering, and other features. Future vehicles will come equipped with advanced autonomous capabilities and driver-assistance systems (ASAD) that will make them even more complex. 

These developments are happening rapidly. According to the research firm Frost & Sullivan, over 18 million new autonomous vehicles will be road-ready by the end of the decade. However, without appropriate regulations and advanced security features, these vehicles can become easy prey for hackers. With this in mind, many governments and automakers have already begun to take cyber security seriously. 

Standards and Regulations

The United Nations Economic Commission for Europe (UNECE) is in the process of developing automotive cybersecurity regulations. Known as WP.29, the regulation would enhance cyber security and software updates in vehicles. It will be mandatory for all vehicle manufacturers in the European Union beginning July 2024. While manufacturers in Korea and Japan have agreed to comply with WP.29 within their own timelines, manufacturers in North America won’t be required to adhere to them.

Additionally, the International Organization for Standardization (ISO) is working on ISO/SAE 21434, a standard that aims to establish “cyber security by design” from the initial phase of a vehicle’s design. The organization is also working to establish ISO 24089, a standard that would regulate software updates in vehicles.

Five Top Cyber Security Threats for Automakers

In order to ensure their designs are safe from cyber security threats, vehicle manufacturers have five main concerns they will need to consider, according to Security Intelligence. These include:

1. Complexity: Future vehicles will come equipped with interconnected architectures containing embedded telecommunications that will make them challenging to secure.
2. Attacks on the power grid: Recently, research has demonstrated that it would be possible for hackers to disrupt the power grid or trigger a blackout by attacking multiple electric vehicles that are charging at the same time. To prevent this, standards will need to be developed that require vehicles to undergo testing and come equipped with cyber security features.
3. Mobile devices: Increasingly, mobile phones are being used to control the various functions and features of connected vehicles such as windshield wipers, locks, and heat/air-conditioning. These devices pose a range of security threats, such as when a user inadvertently downloads malware, fails to update their operating system, or has a faulty password. If a hacker manages to take control of their phone, it wouldn’t be difficult for them to take control of the vehicle.
4. Untrained employees: In order to ensure cybersecurity is secure across all facets of a vehicle’s design, every employee engaged in the design process must be adequately trained in cyber security.
5. Securing financial features: Since many hackers will likely be motivated to steal financial information from drivers, special attention must be given to financial security features such as payment for fuel, tolls, and subscriptions.

Change is often difficult, but vehicle manufacturers will need to adjust to international regulations and standards in order to gain the public’s trust. By getting a head start in the process now, they can ensure their vehicles are safe when they’re ready to hit the roads.

Protecting Vehicles

As the automotive industry continues to work on intelligent and autonomous vehicles, there is a need to better comprehend the safety and security of this connected technology. Automotive Cyber Security: Protecting the Vehicular Network is a five course program that aims to foster the discussion on automotive cyber security solutions and requirements for not only intelligent vehicles, but also the infrastructure of intelligent transportation systems.

Contact an IEEE Content Specialist today to learn more about getting access to these courses for your organization. 

Interested in the course for yourself? Visit the IEEE Learning Network.

Resources

Dhami, Indy. (2 October 2020). Top 5 Threat Vectors in Connected Cars and How to Combat Them. Security Intelligence. 

Grau, Alan. (28 September 2020). Cybersecurity is Imperative for Connected Cars. Electronic Design.

Kohler, Arndt. (24 September 2020). Automotive Cybersecurity: New Regulations in the Auto Industry. Security Intelligence. 

O’Halloran, Joe. (10 September 2020). Connected vehicle association makes call for wireless spectrum to develop use cases. ComputerWeekly.com.

While autonomous vehicles are expected to be far less prone to accidents than driver-controlled vehicles once they’ve undergone substantial training, they may pose a more serious threat. Due to the over-the-air hardware and software updates these vehicles routinely require, experts believe they have the potential to easily come under attack from hackers who can use them to wreak havoc on the road, potentially turning them into weapons.

“Hackers, for instance, could remotely interfere with a connected vehicle and disrupt safety-critical systems and functions including the engine, brakes, and steering wheel, causing the driver to lose control. On a larger scale, a hacker could enter a single vehicle and access an entire fleet, as a fleet is only secure as its least-secure vehicle,” Moshe Shlisel, CEO at GuardKnox, told Help Net Security.

This cyber security threat means autonomous vehicles will need to undergo intense security vetting. 

Three Risk Levels to Consider

To better secure autonomous vehicles, three risk levels should be taken into account:

1) Critical hardware and software components that receive over-the-air updates must have supply chains that are adequately understood and protected.
2) The vehicle’s operating system must use an interface that is secure and equipped to repel cyber security threats.
3) Vehicle operating centers need to be secure.

Currently, there are no specific regulations mandating these considerations for autonomous vehicle cyber security. The SELF DRIVE Act, U.S. legislation surrounding the safety and innovation in testing and deployment of autonomous vehicles, requires a cyber security plan only for highly automated vehicles. Additionally, the U.S. Department of Transportation has not provided specific security regulations for advanced driver-assistance systems.

In Europe, the United Nations Economic Commission has been working on cyber security regulations for autonomous vehicles in the 54 countries it oversees. Under UNECE, regulations will mandate a Certificate of Compliance for Cyber Security Management Systems.

According to Shlisel, regulations are vital to ensuring autonomous vehicles are protected from cyber security threats, especially as these vehicles grow more connected and autonomous.

“Federal lawmakers should enact legislation–with the input of cyber security experts–setting uniform safety standards across the board for these vehicles. We see the beginnings of this in the U.S., as several bills–such as the SPY Car Act and AV START Act–have been drafted surrounding connected and autonomous vehicles, but no bill has yet succeeded,” he said. 

Potential Security Risks of AV Crowdsourcing

Crowdsourcing platforms like the Japanese-based group Autoware can help speed innovation in the autonomous vehicle industry. However, information sharing within crowdsource environments, which have multiple contributors, pose potential cyber security threats. While crowdsourcing may speed solutions, it’s important to ask these questions: 

• How will unknown contributors be validated?
• In what ways should the contributor be trusted, especially when it comes to their competence?
• Is the contributor actually acting as an enemy?
• Is it smart to unveil the code to anyone who can see it, particularly those who may have bad intentions?
• Validation will be expensive — who will pay for it?

One potential solution is to rely on smaller consortia instead of larger crowdsourcing platforms, writes Rahul Razdan for Forbes.

“It would seem that for safety critical systems smaller trusted consortia which make the active engineering trade-off between innovation velocity and validation costs makes a great deal of sense,” Razdan wrote, citing the Automotive Grade Linux as an example. “In addition, in this structure, contribution equity and consortium stability issues can be much more easily managed. When this process can reach ‘escape’ velocity in terms of the producers/consumers,  there is a potential path to a more open system.”

Understand Autonomous Vehicle Technology

Prepare your organization for the latest developments in autonomous vehicle technology. Offer training in foundational and practical applications of autonomous, connected, and intelligent vehicle technologies. Developed by leading experts in the field—including Steve Vozar, CTO and co-founder of May Mobility—the IEEE Guide to Autonomous Vehicle Technology is a seven-course online training program.

Connect with an IEEE Content Specialist today to learn more about purchasing the program for your organization.

Interested in purchasing the program just for yourself? Access it through the IEEE Learning Network.

Resources

Razdan, Rahul. (9 May 2020). Open Source And Automotive Safety Critical Systems: What Are The Tradeoffs? Forbes.

Razdan, Rahul. (2 May 2020). Tesla Decepticons ? Is Automotive CyberSecurity A National Defense Issue? Forbes.

Zora, Mirko. (15 April 2020). Are we doing enough to protect connected cars? Help Net Security.

You are most vulnerable to cyber attacks when you are traveling. According to a recent research report conducted on behalf of IBM Security, those who are traveling do not take all of the necessary precautions, connecting to unsecured public Wi-Fi, charging their devices at public USB stations, and using their private information on publicly accessible computers.

What should be especially worrying to companies is that people are more likely to engage in these risky behaviors when traveling for business rather than for pleasure, with only 13% saying that they have never connected to public wifi. Because employees often work while traveling, many business travelers connect to public hotspots and surf the web.

More than 1 in 7 travelers surveyed admitted to having their information stolen while traveling.  In 2017, the travel and transportation industry was the tenth most targeted industry for cyber attacks, but the rankings have shifted dramatically. Recent data shows that attempted attacks on IBM customers revealed that in 2018, it was the second-most targeted industry.

Here are 15 tips to help you avoid putting your personal and business data at risk while traveling:

1. 1. Know your rights and the local laws before you go to a foreign country. Your local privacy rights, not to mention your federally protected rights as a citizen of your country, disappear at the border. If border guards request access to the digital contents of your laptop, you may have no choice but to provide it. Plan ahead and know your legal rights in that country and the rights the country may have to your data.
   2. Before leaving, reset all of your frequently used passwords. This includes PINs for a safe or security box in your hotel room. Take the effort to make sure your personal information is safe. Avoid using easy phrases or numerical sequences, including the all-too common “123456”. In the National Cyber Security Centre’s worldwide analysis of passwords belonging to breached accounts, 23.2 million accounts used this code. And if you’re a big music-lover or superhero fan, try to stay away from “blink182” and “superman”, the most common musical artist and fictional character used in passwords.
   3. Set up temporary email and cloud storage accounts. When it’s necessary to use a computer that doesn’t belong to you, work from these throwaway accounts. This is especially important if you plan to use hotel business center computers, which are clear targets for malware, keystroke recording equipment, and other cyber attacks while traveling.
   4. Leave personal data at home. Chances are, all your data is stored in the cloud. Before traveling, delete the local copy after disabling the sync feature on your laptop, so that there’s no important data left on your laptop. Make all your updates and edits on cloud-based copies while you’re away and re-enable the local cache when you return home.
   5. Protect copied data. Encrypt your information using products like Microsoft’s Active Directory Rights Management Service to make sure others cannot access it. Even if border guards or thieves gain access, it’s unlikely they’ll be able to view it later.
   6. Disable auto-connect on your phone. Although it’s a handy feature when used at home, it’s risky to use auto-connect while abroad. Before traveling, change this setting on your device so that you must manually connect each time you connect to the internet.
   7. Install anti-virus protection, host-based firewall, and host intrusion prevention software. This is one of the most effective ways to keep your personal data secure while aboard. Use a trusted brand of security software and update it regularly as new versions become available to make sure all security patches are applied. Also, turn off any file or network sharing features.
   8. Only work on secure network options. No matter where you go, steer clear of free Wi-Fi connections. Free internet access is appealing, but it’s also particularly vulnerable to security issues. If you must use internet cafes and free Wi-Fi hotspots, make sure it is not a fake Hotspot set up by hackers and do not log into personal accounts or use sensitive data.
   9. Disable Bluetooth connectivity. If Bluetooth is left on, nearby assailants can connect to your phone and potentially hack into your device.
   10. Make sure all your web surfing is protected by TLS-enabled HTTPS. Try to connect to secure websites only and avoid those trying to put fake digital certificates on your computer, which is a common practice among hackers. Remember that your two-factor authentication (2FA) methods may not work while you are out of the country due to the changes in your service plan.
   11. For business, Use your corporate VPN. If your company’s VPN connection uses split-tunneling, ask a member of the IT team to explain which traffic is secure and which is not secure. You can even use your own personal VPN router when traveling to make sure all connections are secure.
   12. Use a good privacy screen over your laptop display. This will keep wandering eyes off of your screen.
   13. Lock your computing devices anytime you’re not using them. This applies even in your hotel room when showering. Change the PIN numbers you regularly use on your phone, computer, and any other device you plan on accessing. This will help prevent a security breach should you misplace any of your devices.
   14. Be wary of accepting that free flash drive. Although malicious thumb drive attacks are generally uncommon, you may want to think twice about plugging in a USB drive that someone hands to you at a conference. All untrusted media should be approached with caution.
   15. Don’t share your current location with the world. Excessive sharing can create security threats in both your hotel room and at home. Think twice before using social media to advertise that your hotel room is empty while you’re out eating dinner or that your spouse and kids will be home alone for the next week. Wait until you return home to post about your travels so you can protect your assets and your loved ones.

Improve Your Security Techniques

Keep your staff members from making careless and costly mistakes that could put your organization’s information at risk while traveling. Cyber Security Tools for Today’s Environment, an 11-course program, is designed to help businesses improve their security techniques. It’s ideal for professionals in IT, computer science, and related fields who need to stay up-to-date on how to protect enterprise networks from potential threats. Connect with an IEEE Content Specialist today about training your organization on how to stay secure.

 

Resources

8 cyber security tips for business travelers. Norton.

Barlow, Caleb. (21 May 2019). How Cyber-Secure Are Business Travelers? New Report Says Not Very. Security Intelligence.

Grimes, Roger A. (1 Jul 2016). 11 essential data security tips for travelers. CSO.

Picheta, Rob. (23 August 2019). How hackable is your password? CNN Business.

Grauer, Yael. (30 October 2015). Should You Plug That USB Drive Into Your Computer? (Beware Of Malware). Forbes.

With the amount of personal information you have saved in your electronic devices, browsing unsecured websites and enabling settings can expose you to a cyber attack.

Leaders at the Forbes Technology Council recently shared the following tips on what to be aware of and what to change in order to boost your cyber security and better protect your data, both online and off:

9 Cyber Security Tips

1. Apple iCloud Restores
   iCloud backups are not encrypted end-to-end. Because Apple encrypts your iCloud backups, it can also decrypt your backups. Prefer not to expose your backup data to Apple? Disable iCloud backups and encrypt iTunes backups locally instead.
2. Wi-Fi Hotspots
   Wi-Fi hotspots are convenient, but many are easy to hack. Plus, it’s even easier to set up a fake hotspot. Even if a Wi-Fi network looks legitimate, use a VPN if possible connect to keep your data safe from prying eyes.
3. Unread Terms and Conditions
   While you may not care about giving certain companies access to some of your sensitive data, that does not mean you want unknown third parties accessing it through a cyber attack. Make sure you read the Terms & Conditions when you subscribe to a service and try to monitor news about these services.
4. Two-Factor Authentication
   Be sure to enable two-factor authentication (2FA) on every site that offers it. It’s also a good idea to enable 2FA on your smart devices when available.
5. Unencrypted Media
   Prevent thieves from accessing the data on your lost or stolen laptop. On a Mac, keep important files and information in FileVault, that requires a password to access your encrypted disk. For Windows PCs, consider using Bitlocker for removable drives since they already have data encryption by default.
6. Wireless Mice and Keyboards
   Beware of “mousejacking” with your wireless devices connecting to your device. This allows someone within about a football field’s range away to take over a computer. Employees in sensitive industries such as healthcare or finance may want devices with attached keyboards.
7. Outdated Software
   Hackers can exploit out-of-date software. Be sure to make sure you always have the most recent update on your device by allowing automatic updates.
8. Phishing Emails
   Some tips for avoiding phishing emails include 1) checking the sender’s email address and verifying the domain, 2) alerting colleagues of any potential phishing emails you see, and 3) examining the context of the email before opening it or clicking on links.
9. Human Error
   Often, human-related vulnerabilities are the biggest security issues. For example, an unwitting participant might accidentally download malware to their device. It’s important to provide staff training on IT security best practices in order to prevent breaches caused by human error.

Playing Defense

Give your team the training necessary to defend your organization from hackers with Cyber Security Tools for Today’s Environment, an 11-course program from IEEE. Produced and vetted by leading industry experts, this program will help your employees enhance their knowledge and stay current in the field of cyber security. Upon successful completion, they’ll receive valuable CEUs/PDHs that can be used to maintain professional licenses. Connect with an IEEE Content Specialist for a quote today.

 

Resources

(19 Apr 2019). 9 Cyber Security Issues That Could Be Leaving Your Data Vulnerable To Attacks. Forbes.

Following several recent high-profile cyber attacks, it is more critical than ever for organizations to evaluate their cyber defenses and ask themselves a number of basic cyber security questions to assess their vulnerability.

Each year brings new technological developments that improve people’s lives. At the same time, these advances also introduce new cyber security threats and more attack surfaces.

Moreover, dwindling resources, slow budget growth, increasingly hostile threats, the evolution of the Internet of Things, and expanding ransomware are major reasons why it is becoming more difficult to keep up with the changing threat landscape. Such reasons highlight the need for renewed organizational attention to cyber security. Is your organization vulnerable to a breach or cyber attack?

To evaluate readiness, here are some of the cyber security questions every business should be asking.

• Do You Require Employees to Use Strong Passwords?
  Weak passwords cause of more than half of all data breaches, yet just 24% of small businesses enact policies requiring employees to have a strong password. It is critical to have a strict password policy in place to protect your network.
• Are Your Employees Required to Change Their Passwords Regularly?
  Employees must be required to change their passwords regularly to protect data. Nearly 65 percent of businesses do not strictly enforce their password policy, despite having one in place.
• When Possible, Does Your Business Use Two-Factor Authentication?
  Wherever possible, you should add an additional layer of data security by enforcing two-factor authentication, such as SMS authentication.
• Are Employees Using Their Personal Smartphones for Work Purposes?
  Personal phones and devices significantly increase the chance of malware attacks when employees use them on the office network.
• Do You Back Up Your Files?
  A cyber attack can make confidential files completely inaccessible. Protect them by keeping local backups of all critical files and storing copies on an offsite server.
• Does Every Company Device Have Antivirus and Malware Software Installed?
  Make sure your organization installs the most up-to-date versions of antivirus and malware software on all organizational devices, and that they run properly.
• Do You Limit the Number of Employees with Administrative Access to Only Those Who Need it?
  Administrative access rights should be assigned sparingly and given only to those employees who absolutely need it to conduct their jobs. Additionally, employees who are granted admin access must be trained and well-educated on security issues.
• Do You Encrypt Databases and Customer Information?
  Without encryption, your organization’s sensitive data and customer information is accessible to hackers. To reduce data vulnerability, take steps to ensure all your information is encrypted.
• Have You Trained Your Employees to Recognize Phishing Emails?
  Phishing emails account for nearly half of all cyber attacks, and employees often fail to spot them. It is crucial that every business train their employees to not respond to suspicious emails.

How does your organization prepare to handle a cyber attack? Are you looking for ways to strengthen your organization’s cyber security? If you identified gaps in any of these areas, IEEE provides cyber security and ethical hacking training to help organizations prepare. Learn more about organization pricing and request a quote here.

References:

Bose, Shubhomita. (2017, August 28). 11 Cyber Security Questions Every Small Business Should Ask. Small Business Trends.

Gillin, Paul. (2017, January 30). Two-Factor Authentication: A Little Goes a Long Way. IBM Security Intelligence.

IEEE Cybersecurity Vulnerability Navigator, 2017.

Lindros, Kim. (2016, September 7). A Small Business Guide to Computer Encryption. Business News Daily.