IoT encompasses everything connected to the internet but mostly the term is used to describe devices that "talk" to each other, from simple sensors to phones and wearables, all connected together.


Many households now have at least one digital assistant (Alexa, Siri, Google Assistant) and many of us have Wi-Fi enabled CCTV and doorbells – which are all examples of IoT.


Other IoTs include: robotic hoovers that move around without needing a person on the other end, automated robots in factories and sensors that monitor temperatures in buildings. There are already more than 50 billion IoT devices in use globally.


Wi-Fi, 4G and more recently, 5G have made it possible for designers to simply assume wireless connectivity, anywhere.


What are the cyber security risks within IOT?

IOT devices connect to the internet to provide enhanced features. The problem is that there is the possibility of them being accessed remotely by criminals for malicious intent. Any device on the internet means that it sends information and receives information via the internet. If the information travels ‘unencrypted’, there is always the chance that someone with the right skill set and array of cyber tools, may be able to intercept and download the signals, possibly viewing them as a live stream of CCTV for example. Thankfully, many devices encrypt transmission at source – but do you know if yours do?


Did your CCTV come with the standard User = “Admin” and Password = “Password”? (or can you do a search on Google for the default username and password for your device?)


If you haven’t changed the default password, what is stopping an inquisitive hacker seeking out your camera’s IP (Internet Protocol) address and seeing if they can gain access to the main control unit – using the default username and password?


IoT and business?

Are your automated control systems designed to be internet safe or just internet enabled?


The difference is that a simple internet-enabled control system may be able to send and receive information via the internet, enabling remote control and monitoring but is the device really internet safe?


Many controllers have a ‘smart’ control unit that has been bolted onto them, making a ‘dumb’ controller ‘smart’. If you have never considered how vulnerable your company is to cyber espionage, maybe it is time to have a look?


State actors are trying to gain access to UK companies and organised crime gangs are always trying to find ways into companies’ networks. This could be via the mail server, trying to bypass the company firewall, or it may be via a piece of equipment that runs old software that is no longer patched.


When it comes to safety, all companies know they have to be certified to comply with regulations for electricity and they make sure all fire exits and emergency routes are known, and practiced.


However, when it comes to Cyber Security, do you know what damage the IoT devices you have installed could cause to your intellectual property?


Could they provide the entry route into your network to enable a ransomware attack?


Have you looked at Cyber Essentials (https://www.ncsc.gov.uk/cyberessentials/overview) or taken a Penetration test to find out where the cyber weak points are in your cyber security?


Have you carried out an inventory of all the IoT devices in your business, and do you know if there are any ‘known weaknesses’ that they could be harbouring?


Have all the latest patches been applied to the software and hardware of your IoT devices?


One thing is for sure, IoT is here to stay, and properly managed it can help assist your business. However, like anything, you need to keep it up to date and understand any potential security threat it may pose to your business.



Detective Constable Gareth Jordan has been a police officer for 13 years and prior to that, was employed in the IT and Pre-Press and Print sector.

Gareth is now based at Police HQ in Carmarthen and has been involved in investigating all forms of crime that have a cyber-element to them.

He has a wealth of knowledge regarding Cyber Security and continues to expand this by being involved in the day-to-day investigation of cyber-based crimes.

Gareth knows about the latest cyber scams and can explain how they are carried out – and more importantly – how you can avoid falling foul of them.


#TARiANEXPERTiSE #cybersecurity #cyberwatch

4 views

If a criminal can find out information from you due to lax privacy settings, or possible over-sharing of information, think how easy it is to start making themselves look like your company.


We have all become accustomed to the word ‘digital’, now used so frequently, we just accept it.

Looking back, some readers will remember the incredible invention of ‘the digital watch’ - bright red LED’s appearing as if by magic on a watch face?


OK, we have come a long way since those heady days:

Music being transferred from ‘analogue’ records to digital format.

Film becoming digitised to allow it to be captured on magnetic platters and many other workflows in industry have now been converted from a mechanical/analogue format to digital (plan drawings and documentation etc.)


So what is ‘The Digital You’?

A term that is massively over used and conveys many things to many people but for cyber-security purposes, the digital you is normally your digital footprint.


The digital footprint is something that your interaction with devices leaves behind, each time you interact with them.


You log onto your Gmail account – Google has a record of your interaction – including time, date, machine, operating system – and possibly much more.


You log onto your Facebook Account – Facebook has a record of your IP address, date, time operating system and platform. Then each page you visit, it is all recorded again, and again, and again.


You head off to YouTube and watch a few videos – again, your details are noted similar to above.


You go to a different website and land back on Facebook – and all of a sudden, you are prompted with an advert based on things you have just been looking at.


It is time to face facts; our devices give us such a wealth of opportunities but this comes at a price – and that price is the data we allow big tech companies to have, in exchange for providing us with ‘free’ access to so much data.


If you think it is bad at the moment, wait a few more years as we see Artificial Intelligence (AI) become an even bigger player in our lives and customer service departments becoming almost fully automated.


People want to speak with people, and AI is starting to allow that to happen more easily – except the ‘human’ you are speaking to is in fact a ‘Digital Human’.


AI has it’s imperfections and limitations, but these are gradually getting ironed out.

Self-driving cars, Digital Humans – well it’s happening, so no use sticking your head in the sand – learn to adapt.


One website states that by 2025, AI will power 95% of all customer interactions…

“Right now, digital humans are being deployed as brand ambassadors, digital influencers, customer support representatives and healthcare advisors to name a few. Everything from their unique appearance to their personalities are being co-designed to create the most positive, lasting impact on users.” (https://digitalhumans.com/)


So back to the present, if you know you are being tracked, does it bother you?

If it does, what steps do you take to prevent big tech companies tracking and identifying you?


If you dislike it, are you willing to go without? For instance, limited internet search options, limited social media interactions, limited compatibility with other systems in the future.


So the decision as to how much you want to be tracked and how much effort you want to make to limit the amount you are tracked, does come down to you and how much ‘easier’ you want to make your life. It may necessitate looking at implementing more cyber-security protocols than you have at present. It may mean subscribing for services such as Private Virtual Networks and using Password Manager Apps. It will certainly involve you looking at all of the online accounts you are affiliated with and deciding whether you really need them anymore.


Have you checked your web-presence recently?

What does your website say about you and how much information does it relate personally back to you and your employees?

Do you need individuals’ email addresses on the company website – or would a ‘contact@mycompany.com’ be sufficient for enquiries. By implementing this one simple step, you force all emails generated by bots crawling the web to send email to that designated email address, where you can apply specific filters and rules to ensure you find the malicious content way before it gets through to an employee’s mailbox.


Your website name – is it unique?

Have you looked to see if there are other domains that can be bought by criminals so they can be made to look almost identical to yours?

Why not purchase those URL’s and prevent criminals the opportunity?


Email Rules.

That is not a statement of how good Email is. Email ‘Rules’ or ‘Filters’ are by far the most frequently utilised area for criminals to spy on your emails. If a criminal has been able to get into your email – either by a weak or often used password – or a password gleaned from a breached website, then they can create rules that will ‘BCC’ them all of your email in the future. So although you may have realised that your account had been compromised, and you changed the password – did you check if there were any rules or filters put in place?


So take a few minutes, have a think about your digital footprint and look at how you can minimise it, but also look at how to make sure you and your employees are a bit more cyber aware of where those footprints are left.


Have a Cyber Spring-Clean, you will be safer for it!



Detective Constable Gareth Jordan has been a police officer for 13 years and prior to that, was employed in the IT and Pre-Press and Print sector.

Gareth is now based at Police HQ in Carmarthen and has been involved in investigating all forms of crime that have a cyber-element to them.

He has a wealth of knowledge regarding Cyber Security and continues to expand this by being involved in the day-to-day investigation of cyber-based crimes.

Gareth knows about the latest cyber scams and can explain how they are carried out – and more importantly – how you can avoid falling foul of them.


#TARiANEXPERTiSE #cybersecurity #cyberwatch

2 views

The main rule to avoid being a victim of cyber-fraud is one of the general rules of life; if it looks too good to be true, it probably is.


If your gut instinct tells you there is something a bit ‘fishy’ about a friend request; or an offer that you need to respond to within 10 minutes or it will expire, then listen to your gut.


Cyber-criminals socially engineer us by putting us under pressure to perform in a certain way, to benefit them, within a short time slot.


If this happens, you should adopt the Take Five approach.


This could be waiting five minutes, five days or five weeks, before reacting to the pressure, while you take all the time that you need to consider if it is a genuine offer or not.


Does the website address take you to where it says it is going to take you, or to a long-winded address you have never heard of?


When we look up items and information online on Amazon, for example, we can often find that when we open another tab to check our Facebook or Instagram page, an advert pops up that is relevant to the exact thing we have been looking at buying on the apparently unrelated Amazon website, just moments before.


This can appear to the untrained eye as just being ‘a bit spooky’.


But it is not a coincidence; it is engineered through code and you revealing your own shopping behaviour.


It is all part and parcel of the internet keeping cookies and traces about you and your interests through your browser history and it can make life easier for cyber-criminals who can access your data.


Your browser history traces where you have been and whom you have bought from previously. Fake websites can mimic the popular online shopping ones and lure you in to make transactions.


We can get used to the fact that we get offers that are very relevant to us. In turn, because we are so used to this happening, it no longer comes as a surprise if someone phones us up out of the blue and starts to talk about things we are interested in and we then make a ‘connection’ with them.


But this stranger on the phone, claiming to share common ground based on random tit-bits of information to gain our trust, may actually be a hacker trying to steal our assets. They could have connected up to us as a friend, through a few mutual friends, on Facebook or Linkedin for example.


Who can honestly say that they really know all their friends, colleagues and contacts on all of their social media sites?


A combination of a quest for more contacts, frequent interaction and openness on social media platforms, has allowed this to happen. So when we find that criminals are now tracking us too, a lot of the blame comes down to ourselves.


You don’t leave your car unlocked, or your front door open for burglars.


You shouldn’t leave your internet channels open and without unique and secure passwords either.


If you leave your social media settings open, without attending to the privacy settings, any cyber-criminal, anywhere, can possibly find out where you live and work and access your identity and potentially your passwords too.


When it comes to stopping criminals taking our assets and preventing companies from tracking us to target us for sales, a lot of the responsibility comes down to ourselves.


Fraud and cybercrime have been rising during the Covid 19 pandemic.


Some of this is because burglaries and drug dealing have become harder for criminals in lockdowns, when most people have been confined to their houses and movement has been restricted.


If you want to make sure you are completely cyber-safe, you should look at how you can completely lockdown your social media life to strangers.


If you want to stay on social media to maintain contacts, it could be best to filter them down to the select and trusted few.


And adjust your privacy settings on every platform that you use, especially if an app has been upgraded because sometimes the privacy settings change.


For example, the Facebook app on your phone can change every two weeks and they can alter areas that affect your privacy settings.


Why not have a ‘spring clean’ of your social media contacts? There are bound to be a few in there that you don’t really need.


Take the time to check all of your privacy settings on all of your devices and all of your accounts. Make sure they are closed and secure from strangers.


Treat internet security in a similar way to home security; you make sure all of the windows and doors are locked before you go to bed, so make sure all your accounts are safe and secure as well



Detective Constable Gareth Jordan has been a police officer for 13 years and prior to that, was employed in the IT and Pre-Press and Print sector.

Gareth is now based at Police HQ in Carmarthen and has been involved in investigating all forms of crime that have a cyber-element to them.

He has a wealth of knowledge regarding Cyber Security and continues to expand this by being involved in the day-to-day investigation of cyber-based crimes.

Gareth knows about the latest cyber scams and can explain how they are carried out – and more importantly – how you can avoid falling foul of them.


#TARiANEXPERTiSE #cybersecurity #cyberwatch

0 views
© 2021 Tarian Technology Limited
Company Number: 11248922
Registered Office Address: 4 Ravenscroft Court, Buttington Cross, Welshpool, Powys, SY21 8SL, Wales