Everything Needs to be Secured

5.1 Security in the Digitized World

  • Data Changes: The quantity, volume, variety, and immediacy of generated data have changed significantly.
  • Personally Identifiable Information (PII) or Sensitive Personal Information (SPI): This is data relating to a living individual that can be used on its own or with other information to identify, contact, or locate a specific individual.
  • Informational Data: This can also contain sensitive information concerning corporate secrets, new product patents, or national security.

Why is Security So Important?

  • Types of Data: Includes personally identifiable information (PII), sensitive personal information (SPI), and corporate or national security data.
  • The Good Guys:
    • Legitimate companies that have an agreement to use collected data, often agreed to in "Terms and Conditions" or "Terms of Service and Agreements."
    • White hat hackers who test security to help protect data.
  • The Bad Guys:
    • Black hat hackers who want access to collected data for nefarious reasons, including:
      • Accessing user IDs and passwords to steal identities.
      • Accessing data to commit crimes.
      • Selling information to third parties.
      • Modifying data or disabling device functionality.
      • Disrupting or damaging the image of legitimate companies.
      • Creating political unrest or making political statements.

Data in the Wrong Hands

  • Login credentials and personal data from over one million Yahoo and Gmail accounts have been offered for sale on the dark web.
  • Cybercriminals penetrated Equifax (EFX) in July 2017 and stole personal data of 145 million people.
  • A breach of MyFitnessPal affected 150 million users.
  • Ransomware attackers stole 57 million drivers and rider accounts from Uber.

Security Best Practices

  • Outside perimeter security: on-premise security officers, fences, gates, continuous video surveillance, and security breach alarms.
  • Inside perimeter security: continuous video surveillance, electronic motion detectors, security traps, and biometric access and exit sensors.

Protecting the Corporate World

  • Physical Security:
    • Outside perimeter security measures like security officers, fences, video surveillance, and alarms.
    • Inside perimeter security measures like video surveillance, motion detectors, security traps, and biometric access.

Challenges of Securing IoT Devices

  • Increasing Number of Devices: The number of interconnected sensors and smart devices is growing exponentially, increasing the opportunity for attacks.
  • Non-Traditional Location of Devices: Some connected IoT devices can interact with the physical world.
  • Lack of Upgradeability: IoT sensor-enabled devices may be located in remote or inaccessible locations, making human intervention or configuration difficult.

Safe Wi-Fi Usage

  • Steps to ensure safe use of Wi-Fi includes keeping firewalls on, managing your OS and browser, protecting all your devices, and using antivirus and antispyware.

Protecting Devices

  • Keep the Firewall On
  • Manage Your Operating System and Browser
  • Protect All Your Devices
  • Use Antivirus and Antispyware

Securing Personal Data and Devices

Smart Homes

  • Smart sensors in homes increase the potential for security issues.
  • Sensors could provide a way for hackers to access the home network and connected PCs and data.
  • Researching the developer and security/encryption protocols is crucial before purchasing home security systems.

Public Hotspots

  • Safety rules when using public or unsecure Wi-Fi hotspots:
    • Do not access or send sensitive personal information.
    • Verify that your computer requires user authentication with encryption for file and media sharing.
    • Use encrypted virtual private network (VPN) tunnels and services.
  • Bluetooth can be exploited by hackers to eavesdrop, establish remote access, distribute malware, and drain batteries; turn it off when not in use.

VPN on Smartphones

  • Set up a VPN on your smart phone.

Chapter Summary

  • The quantity, volume, variety, and immediacy of generated data has changed.
  • Personally Identifiable Information (PII) or Sensitive Personal Information (SPI) is data relating to a living individual that can be used on its own or with other information to identify, contact, or locate a specific individual.
  • Informational data can also contain sensitive information concerning corporate secrets, new product patents, or national security.
  • White hat hackers test security to help protect data.
  • Black hat hackers want access to collected data for many nefarious reasons.
  • Outside perimeter security involves on-premise security officers, fences, gates, continuous video surveillance, and security breach alarms.
  • Inside perimeter security includes continuous video surveillance, electronic motion detectors, security traps, and biometric access and exit sensors.
  • Challenges of securing devices on the IoT include:
    • Increasing Number of Devices: The number of interconnected sensors and smart devices is growing exponentially, increasing the opportunity for attacks.
    • Non-Traditional Location of Devices: Some connected IoT devices can interact with the physical world.
    • Lack of Upgradeability: IoT sensor-enabled devices may be located in remote and/or inaccessible locations where human intervention or configuration is almost impossible.
  • Know the steps to protect your company’s wireless network.
  • Steps for protecting your own devices:
    • Keep the Firewall On
    • Manage Your Operating System and Browser
    • Protect All Your Devices
    • Use Antivirus and Antispyware
  • Smart sensors in our homes increase the potential for security issues.
  • Safety rules to follow when using a public or unsecure Wi-Fi hotspot:
    • Do not access or send any sensitive personal information
    • Verify that your computer is configured with file and media sharing, and that it requires user authentication with encryption.
    • Use encrypted virtual private network (VPN) tunnels and services.
  • Set up a VPN on your smart phone.