A Lesson from Recent Security Breaches: Default Settings
Technology can make life simpler and easier. But you need to know how to use it properly; otherwise, the potential dangers technology can pose are real and possibly life-altering. Your private lives could unexpectedly be made public and your data compromised at some point during your lifetime.
What lesson can we learn from recent security breaches?
Recently, articles by Data Breach Today and Info Risk Today reported on a security flaw built into a wide variety of routers. The flaw allows hackers relatively easy access to networks. Once they have access to the router, they have the ability to access any unsecured device attached to the network. As the Internet of Things expands, so too will the number of connected devices that hackers will try and access.
So what is this great flaw, this blunder of cataclysmic proportions?
Manufacturer default settings.
Sometimes the router itself is the focus of an attack. Servers and routers can be bombarded with communication requests, in what is known as denial-of-service (DoS) attack. If successful, the attack can prevent legitimate communication requests, or even cause a server to shut down.
If a client cannot connect to their online bank, they cannot pay their bills or move funds electronically. If an online store or gaming site is down, companies can lose money. Losing service time means losing money. And if a site is down long enough, or customers are skittish, a company can lose major profits when consumers take their business elsewhere.
How can companies and individuals guard against such attacks? They do so by ensuring that all new computers and machines attached to a network are immediately secured.
Some typical default user names include admin, Administrator, the name of the Internet service provider, or even nothing at all.
Some typical default passwords include 0000, 1234, admin, or even nothing at all. Any grade school kid can find manufacturer defaults online. A hacker's easiest target is the company or person who doesn't bother changing these credentials.
Most big companies have an IT department that will take care of such matters and constantly monitor the network for threats. But what can a medium to small business do to correct this flaw — or the average home user, for that matter?
When tech reps from a store or an Internet service provider arrive to set up new equipment, have them give a walkthrough on how to change the default security settings with you. Once you know how to do so, change this information every 4–6 months.
While on the topic of default settings, it would also be prudent to switch the default settings of all printers, computers, smartphones, NAS devices, servers, and any other device that is connected to a network with Wi-Fi or Internet access.
Should manufacturers be forced to ship with more stringent defaults in place? Should retailers be responsible for changing defaults before signing a product over to consumers? In an ideal world, this would perhaps be the case.
Security breeches may seem like such a simple mistake to avoid. Yet, as recent news surrounding security breaches has shown, we haven't learned our lesson. Information is half the battle. Securing your network is the next step.