When most people think of home security, locks, alarms and big dogs come to mind. Substitute security with privacy, and images of curtains and blinds, or unlisted phone numbers spring to mind. While those are all (still) valid, over the last decade of digitalization, we have seen “the home” – long regarded as a refuge for privacy and safety – transformed into a battleground over what is private and secure. To recognize these shifts, ESET decided to focus on the “Protect IT” component during the 16th annual National Cybersecurity Awareness Month and, together with the National Cyber Security Alliance (NCSA), carried out a survey to uncover where people in the United States and Canada stand with the main themes connected to protection.
In the time it took for modems to give way to routers, and routers to then broadcast Wi-Fi, our identities as residents and as digital citizens have moved considerably closer together. And now, as IoT and the wider explosion in numbers of smart devices and attached services that have followed enter homes en masse, another reimagining of home, privacy and security unfolds.
So, how do North Americans see their “homes” and what makes them safe and secure? If that answer doesn’t involve digital, then trouble could be ahead. Take a quick look at our recent poll results to get a picture of the digital home in the popular imagination.
Home entertainment
Ditching VHS and DVDs for streaming has enabled us to binge watch more effectively than ever before. In our poll of 4,000 respondents (2,000 Americans and 2,000 Canadians), 25% streamed via Apple TV or Roku, 17.9% on a connected (smart) TV, and 23% via their mobile device, with PC users adding in another 16.7%. But amidst all the juicy content, is there space for viewers to think about security?
We asked whether respondents were concerned that connected TVs could be targeted by cybercriminals - allowing them to access or control the TV remotely from the internet? The results were stark. Roughly 21% had concerns, while 41.6% didn’t worry about it despite the fact that there are valid concerns about connected TVs being targeted by cybercriminals. For example, TVs can fall prey to ransomware and coinminers like ADB.Miner, which hijacked the computing power of thousands of Android devices.
Devices don’t judge
While some of us successfully segregate our business and personal devices, ultimately it is their polyfunctionality that makes all of them useful for so many tasks. In either case, when using either business or personal devices at home, most of us leverage our home network that traces to the router. But have you ever wondered if it is safe and private?
Only 40% in the survey changed their default router credentials during the initial setup at home. When default usernames and passwords for routers are one click away from discovery with a Google search, these are open networks ripe for easy plunder. Guarding the heart of your home network – your router – is an indispensable step before even thinking about the security settings of each connected IoT device.
Many may not even realize that their home router may be providing a separate public Wi-Fi network for their ISP’s travelling customers. Around 37% of respondents in the survey certainly didn’t know. So, it’s like we said, devices don’t judge. It’s up to you, the home user, to think about listing off all your connected devices at home and what you can do to keep safe, starting from the router on up.
With your router central to the connected home you are building, whether accidentally or not, you are also likely adding new technologies and risks to the sanctuary of your home. Along with your very powerful mobile computer aka smartphone, you may have wanted to try out a few, more recently introduced devices?
Enter smart thermostats, smart speakers and… home assistants. While these items began marching into homes as early as 2007, with the Ecobee smart thermostat, concerns and competitors were not far behind. However, until the introduction of home assistants, like Alexa, which can communicate with multiple smart home devices, impacts were mostly theoretical. The conversation has now become much more realistic as many cases of devices giving away location data, listening and recording, or taking actions without consent have been documented.
Among users of these devices, concern seemed muted as only around 30% of both our U.S. and Canadian respondents felt affected by these issues, almost equal with 26% of U.S. respondents who claimed they were unconcerned. Canadians unconcerned with these issues amounted to approximately 21%, with 43% reporting that they do not own these device types.
While device makers still have work cut out for them to get assistants in homes and “speaking with’” other smart home devices, the main issue for people holding out doesn’t seem to be insecurity.
Returning to the router as ground zero, the adventurous among you who have been considering smartening up your home, might want to revisit those passwords. A great second step is auditing the number and type of connected devices you have in your home. Polled respondents in Canada who reported having “no connected devices” numbered 18.5 %, with their neighbors in the US posting 20.3%. A big jump among those with 1-5 devices occurs among both Canadians and Americans with 44 – 45% falling in this range. The numbers of power users are also similar, with Canadians holding 15-plus devices coming in at 8.5% and those in the US with 7.8%.
While the similarities in tech deployment may surprise some, what stood out is the shared number on both sides of the northern border who claimed that they “could name all the devices” in their caddies, with 42.4%!
Well, it’s a brave new world, people. And for a last peek at our survey: Have you ever purchased a device with connected features that you did not connect to the internet? If so, why? Well, 5.1% of Americans and 7.5% of Canadians just didn’t have time to set up connectivity, that’s my case too – I tell myself I am safer that way. Some 17% on average in both groups “didn’t care about the features” … probably a better answer than telling yourself you’re safer.
What do the numbers reveal? It might be best to use this year’s poll as a baseline. For all that convenience and potential usefulness that every smart device may bring, each also brings responsibilities (passwords, proper setup, potentially security updates) and risks (threat surface, poor security by design, potentially clumsy-or-no security interface). Before buying in, commit to addressing those realities.
So, do yourself a favor, get some practice and start by securing your router. (Indeed, an older ESET test showed that a whole lot of routers are unsecured.) Check and see if you are securing your network with the default password. Then, audit what’s connected.
Since October is recognized as National Cybersecurity Awareness Month (NCSAM), you may also want to check out the whole trio of NCSAM’s themes – Own IT. Secure IT. Protect IT.
A note on the survey’s methodology: The ESET and NCSA Privacy Survey was conducted between September 10-15, 2019 via a Google Consumer Survey. ESET and NCSA polled 4,000 consumers (2,000 Americans and 2,000 Canadians) in four separate surveys of 1,000 consumers each. The surveys have a margin of error of +/- 3.2%.