Cybersecurity policy for digital homes

It sounds like something belonging to companies and executives, but no, not this time. This time we talk about the computer systems or technology that is growing in many of our homes. We are making some progress. Spain and European countries in general have a very high level of ICT penetration whilst many of latin countries, such as Colombia, Mexico, Chile or Perú among others, are advancing a lot.

Increasingly we have more sophisticated equipment at home, with dozens of IP devices (TVs, game consoles, computers, routers, tablets, smartphones, etc..) that take many time to maintain, protecting the assets of our homes that protect our information, our life. I have to take into account: my daughters’ Tuenti (note: Spanish most used social network among youngsters), my wife’s Facebook, my bank accounts, digital photos taken with my great reflex that now, not having to take them to a photo shop to reveal can have any kind of content, the list of friends of my daughter even with geotagged photos, the access to that little camera IP I installed to guard when I’m not at home, and a long list of additional systems that for us and our families are confidential personal information and and even family critical infrastructures…

If we go further, in a few years we will see video entry systems with advanced functions that integrate home automation and can, for example, turn off the lights remotely and even open the door without us physically at home.

Given this, the truth is that we parents have little help when protecting our homes against voayeurs, evildoers or evil people in general.

We find some partial recommendations: get an antivirus and keep it updated, do not use cracked programs, be careful with P2P, and set WAP encryption on your WIFI. WAwhat? All of this can become a hell for ordinary mortals. It is to me and I have work in ICT for many years…

In short, a situation clearly worrying that not only affects home systems but also, directly or indirectly jeopardize corporate networks because nowadays it is very difficult, if not impossible, separate professional and personal technological environments. Thus, technological threats at home can become security threats to the corporate environment so we must be ready to get a really safe digital society, because otherwise I fear that even with all the technology in the world protecting our corporate networks, it will be very complicated.

We return to the same problem over and over again. One of the most effective investments in the field of cybersecurity is training and awareness, but the one that works: practice. It is not the only thing we have to do, but at this point, I think it should be the first thing we must do because people don’t have a clear perception of risk. Yes they do with the physical risk and hired security companies services with monthly payments, but they do not have the same perception of risk in the virtual world.

I have no idea if someday those who dedicate to security (such as me) will be able to educate our fellows of the digital risks or even if we will be able to have a sufficiently attractive offer to make people contract digital security services such as they do with of phisycal guards.

Certainly, I don’t know. However, we are obliged to propose you to apply a basic cybersecurity policy for digital homes that we will try to develop in the following Decalogue and progressively over time and make it simple as possible. Take into account that applying these rules does not absolutely guarantee anything; it simply mitigates partially the risk, reducing directly the likelihood of an digital incident.

If you need professional help, contact with private specialized centers of digital security or public centers devoted to security incident response such as CERTS.

And now, let’s see some of these basic rules of the cybersecurity policy for digital homes:

  • Always change the router password. Never leave nor password nor user default. The “evin ones” know them.
  • Passwords should not be shared. Each member of the family unit must have its own user and their passwords with the privileges appropriate to each person by age and knowledge.
  • A password must be a real password. Potato is a tuber. JM are the initials of my name. “S2” the company where I work. None of them are passwords.
  • The administrator password of shared computers on the network family should be known by mother, father or the head of family and no one else.
  • All computers must have updated antivirus. Some are free for personal use that are great, such as AVG.
  • All computers must be updated. Updates are not an annoying task that take a long time. They are activities of Software manufacturers absolutely necessary for our security.
  • Access to the home wifi network must be protected with the MAC filter if possible. This is not a thing hard to do. It is part of the minimum knowledge that we have to have to manage the security of our home.
  • The wifi key should not be related in any sense with our usual passwords, especially if I’m going to let friends to connect to it (and thus provide them with the wifi key).
  • I don’t give my friends my computer’s password. If they need to access it I type the password without them looking at it. And the same goes for email, social networks, etc.
  • When a file is deleted with the delete key it really does not erase the file. It can be recovered. If you need a file to really disappear from a storage device you must use a secure erase tool (eraser for example)
  • If I have to access the corporate computer from home I always have to ask the IT department in order to do it safely.
  • The installation at home of P2P programs such as emule, Ares, torrent or similar involve many risks. Be very careful with this type of programas.
  • Hacking elements that connect to the network to play online or to download programs of any type introduces a very high risk. Do not break the protections of this type of systems and above all do not let our children surfing with hacked devices.
  • We do not disconnect the Windows firewall just because it is annoying. Try to find out the reason that prevents any program to operate. There are always ways to keep the firewall working and the programmes are correctly working.
  • And above all, use common sense. Most network risks can be controlled with a good dose of common sense and a bit of distrust.

Surely many of you have recommendations of this type that we could use extend the list above. Help us make this list more useful through their comments. We commit ourselves to analyze them and to incorporate them into a set of universal measures of security for our homes and our families, and to publish it in HD (hijosdigitales.es, only in Spanish) and SAW (SecurityArtWork.es) so everybody can use it. They must be simple recommendations that can be applied to non-technical people that need to implement certain standards at their homes. They can be simply resources in the network or small useful applications.

Please, note that this is a post we publish in both HD (hijosdigitales.es) and SAW (SecurityArtWork.es). In first case, we have included it because we have many readers, parents, who are concerned about the safety of their children and their homes in general. In the latter because I firmly believe that to improve the security of our corporations and businesses of all types and colors we have no choice but to promote training and safety awareness of people who are part of them and their environments common technology, including of course their homes. Let’s therefore get to work. Let’s work for a Digital Society safer for our businesses, our homes and our families.