Extended assets

Besides the data stored on or accessed through the home devices, we also have a growing volume of confidential information that now exists outside the house walls. Consider how many websites out there have access to your personally identifiable or financial information – your social security number, birth date, credit card numbers and security information are routinely stored by banks, utility companies, retailers and streaming media sites.

Additionally, large volumes of your home data may be backing up to external cloud services like iCloud, OneDrive or Carbonite. While we can’t really control the security of these external entities, we can usually control which and how many we use and what information we put there.

We can also control the strength and uniqueness of our login credentials. While most of us understand the importance of having strong passwords, many of us, myself included, have been guilty of using the same username and password across different websites.  This creates an instant vulnerability. Over the last couple of years, multiple high-profile data breaches have exposed exposed hundreds of millions of consumer accounts. The JP Morgan breach alone exposed over 65 million user accounts. The Anthem health insurance breach exposed 80 million.

We can’t prevent such breaches, but we can ensure that our stolen logon credentials can’t be used by hackers on other sites. One common hacking tactic is to try the stolen usernames and passwords on dozens of popular banking, email and social media websites. This is simple to prevent – just use a different password for all of your accounts, and use a password manager program to manage them.

The threat

How real is the threat at home? After all, we are just an average family – hardly worth the effort for someone to hack. This might have been true ten years ago, when hacking required considerable expertise, time and custom software. Today, sophisticated hacking tools are easy to use and widely available online for free, and websites like Exploit DB provide ready reference on thousands of vulnerabilities and exploits for common devices and the software they run.

This wide availability and sophistication of hacking resources attracts armies of hackers for whom private targets require much less time and effort than the corporate ones. FBI’s Internet Crime division reports that in 2015 they have received over 288,000 reports of internet-related crime, with reported losses of over $1Bn. They also estimate that only around 15% of internet fraud cases ever get reported.

Today’s households are subjected to a variety of attacks, with the following being common in 2016:

• Ransomware – hackers encrypt the files on your computer and prevent you from accessing them until you pay a ransom
• Extortion/blackmail – Hackers gain access to your private files or eavesdrop on your private life or communications and threaten to publish this information on the web unless you pay them
• Fake technical support scams – hackers pretending to be employees of one of the major computer or software vendors (Dell, Microsoft, etc) contact the computer owner and convince them to download and install malware under the pretense of fixing a computer issue. The malware is then used to spy on the computer owner or steal information.
• Identity theft – hackers use your basic personal information and social engineering to steal your financial and ID information for the purposes of fraud and other types of financial gain
• Botnet infection – in this case, the user is not the primary target of the crime. Instead, his or her device is infected and used without their knowledge as part of a “zombie army” to perform crimes against other targets