Are You Inviting Hackers & Thieves Into Your Home or Office?

Posted on May 6, 2014 by debmcalister

Illustration of man reading on iPad by Susan MurtaughI admit to being something of an IT security geek — a direct spin-off of having been fortunate enough to work with Zone Labs (now part of CheckPoint), McAfee, Trend Micro, and Catbird. And I thought I understood the mechanisms that hackers use to penetrate corporate networks.

And then I saw Andrew Hay’s amazingly detailed blog post about how the failure to read the documentation that comes with printers is leaving many networks with a wide-open backdoor that hackers are using to mount phishing attacks that simply by-pass network security.

One of the realizations that Andrew Hay’s article gave me is that I might be broadcasting to the world the exact brand of computer, printer, smartphone, and other devices that are connected to my home network. That seems somewhat akin to posting a sign that says, “Thieves can get a pawnable iPad by breaking into this house.”

So whether you’re a small business owner, run a home-based business, or are part of a corporate IT department, take a few minutes and review the steps that the OpenDNS Security Lab recommends to secure your network from this kind of attack. It’s worth the effort, I think!

If the geek-speak in the original article is over your head (I admit some of it is over mine after 20 years “in the field”), here’s the bottom line: printers, scanners, and other connected devices have to be secured just like computers and laptops. And don’t forget iPads, iPods, Android tablets and smartphones, and other mobile devices.

I helped Breezy write an overview of how to deliver secure mobile printing — you can download a free copy of the ebook at this link — and I’ve been writing often about secure printing for the Breezy blog.  But Andrew Hay’s article put it into a new perspective for me — and if it doesn’t scare you, then you’re not paying attention.

As the Canadian security expert wrote in his blog post: “The old adage of “measure twice, cut once” is solid advice that is often ignored in the digital world. We at OpenDNS, however, believe that when talking about IP-enabled devices, a new and more targeted adage should be followed:

“Read [the documentation] twice, connect [the device] once.” – Andrew Hay

“Here’s why. We all live busy lives. So busy, in fact, that many believe that computer printers haven’t really changed much over the years to warrant reading the instructions. Sure, many newer models can be connected to your local network but that’s only for internal network connectivity, right? Unfortunately, that is not the case.”

What that means is that ANY device connected to the Internet can become a pathway for hackers to access your network — and the computers attached to your network. So if you haven’t taken a look at your security lately, now’s a good time.

 

Illustration credit: The illustration of the man reading on iPad was created in SketchBook by artist Susan Murtaugh, and offered on Flickr under a Creative Commons License.

 

 

About debmcalister

I'm a Dallas-based marketing consultant and writer, who specializes in helping start-up technology companies grow. I write (books, articles, and blogs) about marketing, technology, and social media. This blog is about all of those -- and the funny ways in which they interesect with everyday life. It's also the place where I publish general articles on topics that interest me -- including commentary about the acting and film communities, since I have both a son and grandson who are performers.
This entry was posted in Family, Law, Social Media and tagged , , , . Bookmark the permalink.

4 Responses to Are You Inviting Hackers & Thieves Into Your Home or Office?

  1. b mac says:
    September 9, 2014 at 11:18 am

    Breezy download site requires several scripts to be turned on, and requires personal info. Not “well behaved” but passable.

    Not kosher is the potential cross-site scripting (XSS) error that gets flagged by the security settings in my browser.

    So, will have to seek the info elsewhere, I guess. 😦

    Reply
    • debmcalister says:
      September 9, 2014 at 10:41 pm

      I would be happy to forward any Breezy document you want. The cross-site scripting is, I believe, imposed by Hubspot, which is the marketing tool the company uses.

      I’m sorry that it caused you not to download the document!

      Regards, Deb

      Reply
  2. Lisa Halliday says:
    May 6, 2014 at 12:47 pm

    Thanks, Deb. Scary and not normally something you think of. Makes me glad I still have my old (but still wonderful) Canon printer, which isn’t network-enabled and that I only turn on about once a month when I actually need to print.

    Reply
    • debmcalister says:
      May 6, 2014 at 1:14 pm

      Hi, Lisa —

      Yes, you’re right. I run a high-quality security package (Zone Alarm, of course!), and generally think I’m pretty well protected.

      Then I realize that I have a 13-year-old who has a school-issued Netbook with security settings I can’t even see, let alone monitor, and he’s connected to my printers, home network, back-up drives and so forth. And suddenly I realize I may be more vulnerable than I think.

      I added the IP addresses noted in Andrew Hays’ excellent blog post to my system, and am adding antoher layer of protection today as well. Certainly woke me up — and I’ve always been pretty paranoid about this stuff.

      Regards, Deb

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.