If companies like Amazon, Google, or Facebook fail to provide adequate protections, they could face lawsuits and government crackdowns over their technology
Alexa, Google Home, and Apple's Homepod are the convenient smart speakers that do our bidding within our homes, but who has access to the data we provide? Concerns over surveillance and data breaches have generated alarm over the amount of personal information we store in home technology, including our location, our home layout, and our voice. Such wariness is understandable, with Google Home Mini initially listening to its owners in the bathroom and uploading the data to Google's servers. After it was exposed as a glitch, the fault was quickly corrected, but the tech's capability of listening in when deactivated is proven.
However, Jake Williams, founder and president of cybersecurity firm Rendition Infoseek, says the average user isn't likely to be targeted by hackers. "Would-be attackers] don't care what you're talking about at home, they're looking to monetize data." He adds, "The level of effort to do it is too high in the vast majority of cases. Your average American just isn't that interesting."
In order to steal data from a home device, a would-be hacker would need "undetectable audio commands, eavesdropping software and targeting devices connected on a network." Since home tech doesn't store information as sensitive as credit card information, social security numbers, or passwords, it's simply not worth the effort. Of course, there are exceptions, as hackers could opt to target individuals in order to extort ransom payments for the data, but these instances are unlikely and rare.
Of greater concern is a massive data breach at one of the company clouds where customers' information is stored. While individual users can set up two-factor authentication and limit the number of external services they link to their home devices, once the information is collected and stored it's up to the company to provide protection. If companies like Amazon, Google, or Facebook fail to provide adequate protections, they could face lawsuits and government crackdowns over their technology, according to Bloomberg Law. Class action lawsuits, regulatory enforcement, and publicity damage could obviously harm company revenues if a data hack were not prevented.
Melissa Kern, piracy and information security law partner at FrostBrown Todd LLC,said, "If there is a security breach that results in unauthorized access to the personal data they have collected, whether due to a security flaw or not." As a result, Amazon and Google run product security tests to check for major flaws. Large tech companies also test the data transfer between personal devices and the cloud, in order to curb vulnerabilities to hacking.
Of course, there are steps consumers can take to protect their information. The straight forward protections include the smart user management. As consultants advise, "For those who are concerned that Google Bots are listening to everything you say, you might find some comfort in knowing that Google Home listens and even processes who is talking locally. It uploads information to the cloud when the wake word, 'OK, Google' or 'Hey, Google,' is spoken or when you long press the touch interface at the top of the device (except for Mini)." Google Home also has indicators that alert you when the device is listening in.
Ultimately, it's up to the consumer to make smart and secure choices with their data. Limiting how many devices are linked to private accounts is an easy but powerful first step. The data clouds hold all the information the device interprets, whether insignificant, unintentional, or highly sensitive.
You know the old saying — an ounce of prevention is worth a pound of cure. Doubly so on the internet.
Having one's digital life hacked is a little like death: We walk through daily life, blissfully unaware of its possibility, while all the while it dangles over our heads like the Sword of Damocles.
Rather than be caught unawares, surrendering bank account information and sexy selfies to nefarious, faceless internet criminals, follow these steps now to protect yourself. You know the old saying — an ounce of prevention is worth a pound of cure. Doubly so on the internet.
Use better passwords
That means no pet names, no birthdays, no kid names. Get creative with a complex string of upper and lowercase letters, numbers, and symbols. You might even think of this as an opportunity to give yourself a motivational phrase like, "Youarebrilliantin2019!" Set up passwords — and different ones! — on your voicemail, Wi-Fi, and individual apps for banking and email.
...and use a password manager
Password managers like 1Password and LastPass make logging into websites simple without leaving yourself vulnerable to problematic browser autofill. One master password gains access to all the others, so you want it to be long and complex with numbers and special characters so not even the most determined hacker can guess it. From there, the password manager takes care of all your other password.
Employ multi-factor authentication
Sheera Frenkel, who writes about cybersecurity for The New York Times, says that a password manager and multifactor authentication "are the bare minimum of what we should all be doing. And even with all that, I just assume I'm going to be hacked any day." Here's how to set up multi-factor authentication on Apple, Google, Instagram, and more.
Keep your operating systems up-to-date
Most successful hacks exploit vulnerabilities of out-of-date operating systems. When Apple or Android tells you an update is ready, download and install it. Ditto with apps. Keep them up-to-date to protect against data breaches, and be mindful which ones you download. No longer using Shazam or Tinder? Delete 'em.
Use "Find My Phone"
You can set your phone to automatically erase itself after a certain number of incorrect passcode attempts. You can also use Apple and Google's "find my device" services, which can locate your phone on a map, remotely lock it, make it ring or the nuclear option — delete it entirely.
Beware open wifi
The danger isn't in your local Intelligentsia — though you shouldn't log into your bank accounts on any open networks — but if you're ever unsure about a wireless network, stick with your phone's mobile internet connection or use a VPN, which routes your activity through a private encrypted connection. Here's a recent rating of VPN services by PC Mag to help you choose.
There's no such thing as 100% security but following these steps will keep your digital data as safe as a citadel.
Is it even worth changing your password?
As threats to personal cybersecurity become more and more acute, many websites have created mandatory password update policies, forcing users to switch their login info every few months. This is true of most universities and certain brands of operating systems–Microsoft is notorious for regular prompting password changes. The theory as to how this helps keep you secure is simple. By regularly changing your passwords, you limit the amount of time other people who've stolen your password can access your account. Unfortunately, there does not seem to be much evidence that repeatedly changing your passwords actually works to make your accounts more secure.
With high tech security measures becoming the norm, you'd think we'd be a lot safer.
From smartphones to smart cars to smart hotels, the market for interconnectivity has never been higher. The ability to control the majority of one's home from an app– everything from the thermostat to the alarm system– is ubiquitous. There are definitely benefits to this tech; speed, comfort etc.- but are our attempts to make everything smart leaving us vulnerable?