How to Protect Your Home’s Smart Technology

From Google assistants to lights, cameras, door locks, and thermostats, smart home technology is based around devices connected to the Internet of Things that can be remotely monitored from anywhere.

According to Statista, by the end of 2019, there will be about 42 million smart homes in the U.S. alone; and while they offer convenience, smart devices also welcome digital thieves and hackers into your home.

Here’s some useful ways how you can secure your smart devices that will go a long way toward protecting you and your home.

Use passwords

First, if you are able to protect any of your smart devices with a password, it is best to do so. Remember, keep your passwords hard to guess and don’t reuse a password that you already use somewhere else.

Start with the router

The router serves as the main connection between your smart devices and the outside world, so hackers can exploit it to gain access to your wireless gadgets. It is best to protect your router with and home Wi-Fi with a password.

Don’t rely on the default code that came with the router, instead, choose a new password to reset the router’s security. This will deter malicious hackers from accessing the device. For extra security protection, switch out the code on a regular basis.

Update your devices regularly

This may seem like a no-brainer, but it’s important to download and install updates as and when they appear. This patches your devices against the latest security bugs and keeps them as well-protected as possible from outside interference.

First, if you can protect any of your gadgets with a password, then do it. Remember, don’t reuse a password that you already have in place somewhere else.

Use two-factor identification

Another way to further secure your smart home devices is to implement two-factor identification. This prompts you to enter a code (which is sent to you via another device) each time you log into an app. It’s just an added layer of protection to prevent someone from accessing your accounts. Security experts also suggest rebooting your smart-home devices weekly as an added security measure. The reboot will automatically download new security and privacy settings as it reconnects to the internet.

It’s no surprise that smart technology has changed the way we operate our homes and lives. With that said, consumers need to be proactive, rather than reactive, about their smart-home security. By implementing a few of these simple measures, you can protect your privacy and your family from potential harm.

Password Fatigue: What It Is and How to Beat It

According to The 2019 State of Password and Authentication Security Behaviors Report, the average person spends almost 11 hours each year entering and resetting online passwords. As we create more and more profiles and accounts and live our lives online, it’s no wonder that so many people suffer from what’s known as “password fatigue.”

Password fatigue describes the feeling of annoyance and stress people feel with having to craft, remember, and enter tens or even hundreds of passwords at work or school and in their personal lives. Mobile devices have made password fatigue even stronger, as typing on touch screens can be difficult for some users.

As a result, many users choose the simplest passwords possible and often use the same login credentials across numerous accounts. Many sites require passwords to meet criteria like length, numbers, capitals, and letters. Unfortunately, though, hackers have taken advantage of this fatigue with breaches to some of the world’s largest systems. Even worse, a study by Norton found that 40 percent of users don’t bother to create complex passwords or change their passwords regularly.

So, how can we beat password fatigue while keeping sensitive data secure?

On an individual level, commit to creating more complex passwords and changing them often. You can also use a password management software that securely stores all of your passwords in one place, accessible by entering just one master password. Remembering one password is much less tiring and stressful than keeping track of hundreds.

Identity and access management (IAM) professionals are also constantly coming up with innovative alternatives to traditional password login systems. More companies are beginning to adopt two-factor authentication, although it is still far from the norm. Some in the IAM industry believe that biometrics will replace passwords in the future. Fingerprints and face recognition would both strengthen data security and reduce password fatigue by requiring a simple touch or look.

We may even see the implementation of physical security keys to protect data. At work or school, you would receive a device to insert into your computer, which then gives you access to your documents and other information without having to enter any login credentials. When the device is removed, nothing can be accessed. While this strategy is not foolproof, in cases when the key is lost or stolen, for example, it could be the future to eliminating password fatigue completely.

The Internet of Things: What it Is and What it Means for Security

The Internet of Things (IoT) might sound like a complicated, futuristic idea. While there are complex aspects, understanding the main idea is actually quite easy. The IoT is a network of devices that are web-enabled and use the internet to make our lives easier. 

By communicating with each other, internet connected objects streamline an almost infinite number of processes for both work and play. Most of us know about IoT devices like digital assistants, doors you can lock from your cell phone, and watches that track your physical activity. In addition to these everyday devices, IoT helps industries like farming, healthcare, air travel, oil drilling, and more to work more safely and efficiently.

While the IoT has made the world a lot easier for almost everyone, it also comes with risks. The more connected devices we use, the more personal data we put out into the world and the more vulnerable we become. Data like your home address, banking information, birth date, gender, and other identifying information may be stored in IoT devices. Even scarier, downloading apps and software onto your devices is a major way that hackers are snatching people’s data. From GPS trackers to sound recording software, bad actors are finding new and terrifying ways to invade users’ privacy, steal their information, and use it for their own gain, Today’s data thieves have more opportunities than ever before to steal your personal information.

So how do you protect yourself without giving up the convenience of your IoT devices? 

First, choose more secure login methods instead of passwords if you can. Using your fingerprint or facial recognition to authenticate reduces your risk of being hacked. Look for devices and programs that require two-factor authentication, too. Receiving a secondary, temporary password to enter after you log in lowers your risk of a data breach. 

One of the easiest ways to secure your data is to connect all of your IoT devices to a “guest” network at home and use your regular network for your phone and computer. Doing more sensitive activities (like online banking or shopping) on the regular network protects your data. And if your guest network is compromised, it won’t act as a gateway to your personal information.

As IoT becomes more mainstream, more and more platforms are focusing their innovations on security. A stronger focus on maintaining users’ privacy on web-enabled devices and better data management could make living in our ever-connected world even more convenient.

Reddit Security Breach and Other Forum Digital Security Breaches

On Wednesday, August 1st, Reddit announced that it had uncovered a data breach, according to NBC News. Hackers were apparently able to access a database containing email addresses linked to user accounts, including email addresses from some current accounts as well as a 2007 database backup that included old passwords that had been “salted and hashed” (in layman’s terms, they were scrambled for digital security protection).

Hackers were also reportedly able to access email addresses and public and private messages in the old database, Mac Rumors and other outlets reported.

Reddit reportedly sent an email to all affected users, which was mainly people who joined Reddit in 2007 or before. That’s a great proactive step, and it’s certainly better for those who might have been affected by the security breach to know sooner rather than later.

But this breach is clearly very serious, especially for a site that allows users to be fairly anonymous in their correspondence if they choose to be. It is possible that a database of emails connected to Reddit usernames could make it easier to link anonymous accounts to people’s identities, NBC News pointed out.

So what should you do if you were impacted by the Reddit security breach, or if this ever happens on another online forum you’re a member of?

The truth is, you can’t just delete your Reddit account and hope for the best. The information is out there, but there are steps you can take to protect your account on the site or on any sites where this could happen (and really, it could happen anywhere).

Reddit is recommending that users who are using passwords similar to the ones they had in 2007 should change them, but it’s probably not a bad idea to change your security login info even if you know you’ve changed your password and such since then.

Reddit also recommended that users enable two-factor authentication; take advantage of that extra security step is important whenever it’s available. Even if you weren’t specifically impacted by the Reddit breach, changing your password and setting up the authentication is a definite better-safe-than-sorry move.

Running a dark web scan to see if any of your information, like your phone number or email address, are floating around the web, and monitoring your identity online is never a bad idea either. If you’re not sure how to do all of that, a digital security expert can help.

It’s a good idea to always be careful about what you share online, but security breaches happen. The best thing you can do after they occur is take proactive, appropriate steps to protect your information and identity, on Reddit or any other corner of the web.

How To Keep Even the Most Basic Email Account Secure

Today, it seems there’s no shortage of stories about email hacks or online data security breaches. Just recently, Lifelock — which is meant to help consumers protect their identities online — was the victim of a massive customer email address exposure, according to Mashable.

If you know very little about email security, those stories can make you feel hopeless when it comes to trying to protect your information and identity. With that said, there are steps you can take to better protect your email account.

daniel-falcao-418398-unsplash (1)

Password Security

Password security, and more specifically, the complexity of the password you use to protect your email account, is significantly important. Don’t just throw together part of your name and birthday and call it a day. Make sure to use numbers, symbols and uppercase and lowercase. Consider also making your password long, as opposed to a short string of a couple characters. Lastly, consider using password generators to provide a complex, multi-character password that will be more difficult to break.

As one final note for strong digital security best practices, do NOT reuse your password across multiple digital platforms. The reality is that if and when a web service you use is hacked and the password you use on that platform compromised, if you had used the same password on other platforms, they will now be at risk as well. Yes, it takes extra work and remembering multiple passwords is never fun, but this mitigates a lot of extra digital security risk.

Security Questions

First and foremost, if your email platform allows for 2-step verification, always turn it on. This verification process is highly important in increasing the security of your account.

Outside of that, most email platforms have a security answer question process to recover accounts or gain access to them. In the same vein, your security question answers shouldn’t be obvious for just anyone to come up with either. If you’re friends with your mother on Facebook, and she lists her maiden name, and one of your security question answers is her maiden name, that is incredibly easy for someone to work out with very little research. The answer to a good security question shouldn’t be easy to guess, and should be something you’ll remember — even if it’s an answer that doesn’t actually make sense with the question. If you’ll remember it, and someone else wouldn’t know it or be able to research it, that’s really what matters.

You should also always be sure your recovery options are up-to-date. Don’t just leave it to fill out later. If someone gets into your account, and you’re alerted, you’re going to want to have a recovery option like your personal phone number set up so you can fix it ASAP. Check out your recent activity often, too. If it looks like someone has tried to log in from somewhere strange, that’s something to flag, and means it’s time go in and change your password just for good measure.

The technological challenges of e-mail security

E-mail security continues to be a problem for users at all levels. The baffling array of attacks, including phishing, whaling and business e-mail compromise, shows no sign of letting up in 2018. IT professionals, for the most part, have taken a laissez-faire approach: train users more in ways to avoid e-mail attacks and hope for the best.

But how do you train users when two-thirds of inbound phishing attacks use the company’s own domain name? That makes such scams extremely difficult to detect, according to an article published on the IDG Contributor Network.

Since e-mail is now used by as many as half the humans on the planet, according to research by Radicati, it remains the most effective and inexpensive way to reach out to friends, family and business contacts.

So if it’s clear e-mail isn’t going anywhere, how do we solve its inherent problems?

matthew-fournier-487802-unsplash

Security Made Easier

I have spent the last 25 years studying web-based issues and have a number of patents in the cybersecurity area. More recently, I’ve been focusing my efforts on e-mail security and working to comprehensive solutions that are compatible with existing systems, but at the same time improves e-mail security and functionality.

Let’s face it: e-mail is in dire need of an update since the existing design and architecture allows for virus attacks, spam abuse and other major security concerns.


Spammers are becoming more creative in their ways to get you to click on their links, including using dummy web pages that look like the real thing and then encouraging you to enter your user name and password. You need to be more careful than ever, checking the e-mail address in the from field and rolling over the link with your mouse to see if the web address is legitimate. Keep in mind, most financial institutions will never send you e-mail with links; they usually call or send a letter.

Advances in my patents include: the secure transfer of e-mail messages through existing clients and without necessitating changed e-mail addresses. That’s critical since most other secure e-mail systems (Hushmail, Proton, etc.) require you to use their domain address.

In addition, the system can track all actions performed in connection with an e-mail transmission and has the ability for a recipient to view information about an e-mail message, optionally including information about how other addressees have responded to it, before deciding whether to retrieve and open the e-mail message or not.

The Authentication Route

Experts believe e-mail authentication will become more mainstream in both the public and private sectors, shifting from merely deploying authentication to enforcement, where a domain’s published e-mail policy directs mail servers worldwide to block unauthenticated e-mail. In the private sector, this shift will be driven by marketing departments, who view authenticated email as a brand protection tool, as it can also increase e-mail deliverability.

Authentication may seem like a complex route, but it’s already in use by banks, credit card companies and secure cloud services, so why wouldn’t we authenticate the most fundamental form of communications that business uses today — the simple e-mail message?

fancycrave-530798-unsplash

How We’re Making E-Mail Better, From Security to Productivity To Addressing Junk Mail

us07783711-20100824-d00000

E-mail. It’s way better than snail mail – faster and more efficient, and you don’t have to worry about rooting around for a stamp when you want to send the traditional kind of non-digital message or card or letter.

But in other respects, sometimes you kind of yearn for tradition.

Like, when was the last time you got a hard copy letter in your real mailbox from a Nigerian scamlord? And I’m betting you easily get ten times the “special offers” and other types of junk mail in your in-box (despite the best filters) than your friendly neighborhood letter carrier carts around to hand-deliver to you.

For all the drawbacks of e-mail, it’s become a ubiquitous and vital tool, one that keeps us connected and communicating more effectively than anything else that humankind has come up with. After all, what other tool can lay claim to 3.7 billion global users who send 269 billion messages every day?

We just have to make it better

us07783711-20100824-d00001.png

That’s what a lot of people are doing, addressing the different points of pain that make the user experience something that’s not as optimal as it should be, when you think about it. It has been nearly 25 years since it became one of the first major transformations of the Internet Age. Isn’t it time?

Optimization is what one e-mail innovator, Rahul Vohra, has sought to accomplish with Superhuman. This app is not just super looking, but it’s faster than a speeding bullet. The idea is to enhance productivity, not just through speed, but also by bundling features like read statuses and undoing sends. It negates the need for all those browser extensions.

Edison is a different take, an automated e-mail assistant that interacts with Edison (the AI) and does everything from unsubscribing from junk mail lists to managing your contacts and bills. It’s another e-mail productivity tool.

On a different front are a series of handy tools to save you from those annoying e-mail trackers that add immensely to your junk mail overload. (How bad is it? Over 40 percent of all the e-mails sent every day are tracked.) One is called Senders. It requires no special software or plugins, intercepting e-mails, scanning for tracking codes and scrubbing when they are found. Another app, Ugly Email, detects and highlights messages in Gmail boxes embedded with tracking software.

us07783711-20100824-d00002

Some of the patents around email communication that I have worked on are designed to address a much broader expanse of issues – with improved security at their heart. Working in tandem with all e-mail clients, we enable secure messaging transfer and tracking, for example, along with “for your eyes only” features and a configurable, cryptographic engine for storage.

Today’s e-mail system may not be perfect, but we are seeing many innovations that are making our use of it faster and better and more secure. Yes, it is about time.