[music]
Wendy Battles: Welcome to the Bee Cyber Fit podcast, where we're simplifying cybersecurity for everyone, where we cut through confusing cyber speak and make cybersecurity simple and easy to digest. I'm one of your hosts, Wendy Battles.
James Tucciarone: And I'm James Tucciarone, together, we're part of Yale University's Information Security Policy and Awareness Team. Our department works behind the scenes to support Yale's mission of teaching, learning, and scholarly research.
Wendy Battles: Ready to get cyber fit with us?
Hey, everyone. Welcome to another episode of the Bee Cyber Fit podcast. We're excited you're here and hope you're ready to get cyber fit with us. If you're a new listener, welcome aboard. This is the place to come for information and inspiration to stay safe online and outsmart cybercriminals. This podcast is one of the many tools in our toolkit that we use at Yale University to help our faculty, staff, and students build their cyber muscles.
James Tucciarone: Today's episode is all about protecting our devices and device security. And Wendy, I think you've got a pretty interesting story to share with us about a time you lost your cell phone in a boot at a shoe store.
Wendy Battles: Oh, James, don't remind me of that nightmare. It was a disaster, but it taught me a valuable lesson about device security. I'm going to spill the beans in just a couple of moments.
James Tucciarone: And we'll also be diving into why it's so important to keep our devices secure. But first, Wendy, let's give our listeners a little teaser of our buzzword of the day, the Internet of Things or IoT for short.
[music]
Do you use Internet-connected devices for automation of your home? Even if you don’t have a fully automated smart home, chances are you’ve come across or even used some of these devices. Today, we are diving into the Internet of Things often called IoT. Stay tuned to find out more about what it is and how it might be the wave of the future and a security nightmare waiting to happen.
Wendy Battles: James, let me tell you the story of how I lost my phone, the panic that ensued, because these days we can barely survive without our devices within our sight. And what happened after that? So, I had been shopping for winter boots. Unbeknownst to me, I had left my phone at the store. I realized later when I got home, I couldn't find it. And I searched everywhere. Nothing. Looked through all the bags in the car, nowhere to be found. I thought of calling this store and they were very nice and searched for it exactly where I was sitting. Couldn't find it. But then I remembered the location services on my phone and it said it was at the store. So, I couldn't figure out why they couldn't find it.
So, next day, I decided I should drive over there and have a look for myself. I mean, could they somehow have missed it? Did it drop on the floor between two cushions or something like that? Anyway, I get there, I search. Of course, it's not there. And then they asked me, “Do you remember what you were trying on when you were here?” And I told them that I was trying out of some different boots in a size eight and a half. So, they go to the storeroom, they bring out some boxes. We search through the boxes and lo and behold, James, my phone is inside the box, inside the boot, and completely dead. So, because I noticed I could no longer find it when I did the location services. But would you believe that it was actually that complicated to find it?
But that reminded me of why it is so important that we consider our devices and we think about device security. Because imagine if my phone was lost for good. Imagine if all of the photos and data on that phone wasn't backed up. Imagine if the phone was on and it didn't have any security on it and someone could access my personal information. That's why device security is so important, and that's why we're delving into ideas for what you can do to keep your device secure in our episode today.
James Tucciarone: That's really a crazy story, Wendy, and you're right. It really does talk to why device security is so important. And you mentioned our personal information. But lots of us also use our devices to access our work data as well, which is another reason why it's so important that we're keeping them as secure as possible.
Wendy Battles: James, you're so right about our devices and the Yale information we might have on them. Whether it's our own personal device with Yale information or it is a, for example, a Yale phone with information on it, it's really important that we protect those devices. And you probably can imagine that it could open us up to the potential for data breaches or identity theft and generally giving someone unauthorized access to the information on our devices. And that's certainly what we want to prevent.
James Tucciarone: You're absolutely right, Wendy, and that's why we need to be so careful to not lose our devices. But talk to me a little bit about why it's so important for us to take update notifications seriously as well.
Wendy Battles: Update notifications? Oh, my gosh. Have you ever received one, James, at an inconvenient time, and you're thinking, well, I'll install it later or I'll ignore it. But really, the reason why those updates are so important is that it fixes security vulnerabilities. Over time, software develops holes, so to speak, that cybercriminals can sneak into to access our information. So, it makes sure that those holes are closed up. It patches any bugs there might be in the software and it also improves our overall device performance. So, updates matter. They're not that hard to do and they can make a real difference in protecting our devices.
James Tucciarone: That's so true. Wendy, we say a lot within the cybersecurity awareness program here at Yale that applying updates is the number one way to keep our devices safe. In fact, 57% of cyberattack victims said a breach could have been avoided with an available update. And to make updating a little bit easier, we can also enable automatic updates. This can make updating a little more convenient, because automated updates are often scheduled to happen overnight when most of us aren't using our devices. Also, really helpful in helping to protect our devices is antivirus software. Wendy, do you have antivirus software on your personal computer?
Wendy Battles: I do James and I think it's really important to have that. So, sometimes we might buy a personal device like a laptop for our home use, and it may already come with antivirus software or perhaps we purchase antivirus software, but there are always new viruses. And when we have that software, it's that added layer of protection. I think of it as akin to brushing your teeth. You brush your teeth every day to be preventative, to avoid cavities, we use antivirus software and update it regularly to avoid some kind of virus that could compromise our data in some way. So, it's really important.
James Tucciarone: Wendy, I really love that analogy of brushing your teeth. And I'll actually take it a step further and say that antivirus software is almost also like a mouthguard. Because it also protects us against malware by alerting us of potentially malicious software that we may be trying to install, so it blocks it before it even gets in.
Wendy Battles: James, I love that mouthguard analogy. Yes, right. It's this added layer of defense, and that's what we need these days, because cybercriminals are so sophisticated in what they do that we have to be proactive. And I'll just add this one more thing that I know when we're at work at Yale or at school at Yale, we have the benefit of all of this advanced technology we have in the information security office to help everyone keep their systems as safe as possible. Of course, there's a human aspect to it too, but there are many things we do to make it easier for people to keep their devices up to date. However, what I find is that I don't have that same robust level of protection with my home devices, so I have to work hard to make sure that they're secure.
So, James, we talked a lot about what we can do to be proactive. We talked about updates, we talked about antivirus software. So, let's pivot for a moment because it's not just about cyber threats, although that is a big portion of it, but it's also about physical security. And we really need to think about what we can do to safeguard our iPad or our phone or our computer. What are some things that we can do?
James Tucciarone: Well, Wendy, the tips around physical security are really pretty practical, like storing our devices in secure locations, for instance, a locked drawer or safe, maybe using a physical cable lock where appropriate, and also configuring screen locks are an easy way to make sure we don't leave our data vulnerable to unauthorized access of our devices.
Wendy Battles: Those are great tips, James, and I know they might not be top of mind, but really helpful things to be thinking about. That one, two, three punch of keeping our devices safe, and that physical security is just as important. With that, let's transition to hearing more about IoT, the Internet of Things in our buzzword of the day.
[music]
James Tucciarone: Here's the buzz on the Internet of Things, also called IoT. We were all probably familiar with doorbells that not only ring, but also provide a video feed showing us who is there even when we’re miles away. And that’s just one common example. IoT is the name for everyday objects like thermostats, refrigerators, or even toys that are equipped with tiny computers and connected to the Internet. IoT devices are useful and convenient tools that allow us to manage, monitor, and automate our homes. Your coffeemaker can be triggered to start brewing when your alarm goes off, or you can start preheating your oven so you're ready to cook when you get home, or maybe you want to turn your house lights on as you pull into your driveway. But like any device connected to the Internet, using IoT devices also introduces security challenges.
In many cases, these devices are not very secure and can be vulnerable to hacking. Imagine someone hijacking your thermostat and turning your heat off in the middle of winter or using your doorbell camera to snoop on your activities. Cybercriminals can also use these devices as stepping stones to access our home network and our other devices that contain more sensitive data. That's why it's important to be mindful when we bring IoT devices into our homes and to make sure they have strong security features. By following some simple tips, we can enjoy all the benefits of IoT without putting our privacy and security at risk. Do your research before buying an IoT device, and investigate its security features, like whether the default password can be changed and whether the device gets regular security updates. Use strong and unique passwords for IoT devices.
Don't leave the devices vulnerable with default or easy-to-guess passwords. Use a network just for IoT devices, consider configuring a dedicated part of your home network so that a compromised gadget doesn't put your entire home network at risk. Keep your IoT devices updated just like our phones and computers. IoT devices need regular software updates to fix security vulnerabilities. And don't forget to keep listening to the Bee Cyber Fit podcast, where we simplify cybersecurity and help you to be aware, to be prepared, and to be cyber fit.
Wendy Battles: James this was a brief but action-packed episode about device security. Let's do a quick review of what we talked about. We always want to keep our devices updated to protect against the latest threats. So, being assured that we are applying our updates, we also want to use a reliable antivirus software and perform regular scans, a simple way to make sure that our devices are virus-free and we are protected. And finally, we talked about securing our devices physically and protecting them with something like a password or some type of biometric, like an iScan. With that, we have a few calls to action we'd like you to think about. First, we encourage you to enroll in automatic updates. I'm talking about your personal devices, people, iPads, phones, personal laptops, all those good things. Make sure your automatic updates are turned on.
Number two, we want you to get in the habit of locking your screen as soon as you step away from your computer. James, I think this is especially true these days because many of us work in a hybrid format. So, we might be working at home solo during several days of the week, and then we might go into the office where we're surrounded by lots of different people. So, we want to get in the habit of locking our computer when we get up to go to the bathroom or go to lunch. It's just the safe thing to do, and it's a pretty simple habit to form. And then finally, we couldn't have this episode without adding in a little bit of fun. We have created a device defense self-paced trivia game.
How much do you know about defending your devices by keeping them safe and upping the security? You can put your knowledge to the test with this fun trivia puzzle.
James Tucciarone: And that wraps up today's talk on device security. So, until next time, as always, I'm here with Wendy Battles. And I'm James Tucciarone. We'd like to thank everyone who helps make this podcast possible, and we'd also like to thank Yale University, where this podcast is produced and recorded.
Wendy Battles: Thanks so much for listening, everybody. We truly appreciate it. And remember, it only takes simple steps to Bee Cyber Fit.
[Transcript provided by SpeechDocs Podcast Transcription]
