“Hacker Lab” Event Shows How Cyber Criminals Attack Homes — and How to Stop Them
HSB and Prescient Solutions Offer Cyber Defense Tips
At a recent “Home Hacker Lab” event sponsored by Hartford Steam Boiler (HSB), part of Munich Re, and Prescient Solutions, an ethical hacker revealed how cybercriminals work — and what consumers can do to protect themselves.
The October 13 workshop in New York City mounted a remote cyber-attack on an Internet-connected model home inside the American Modern Insurance Group claims training facility in Ohio. The event demonstrated in real time how hackers choose their targets, enter a system, and the harm they can do once they infiltrate a home.
Key takeaways for homeowners included:
- Most attacks happen via traditional means, through home Wi-Fi systems, emails and computer browsers.
- Hackers are quickly finding new entry points through smart Internet of Things (IoT) technologies.
- Roughly 80 percent of consumers report using a home network connected to the Internet. One in ten consumers have experienced a cyberattack via their connected home systems.*
The Hacker Lab was presented by HSB, a leading specialty insurer of data and information risks, and Prescient Solutions, a Chicago-based IT outsourcing firm. The lab was designed to help educate and provide home cyber defense ideas for consumers.
“Hackers are exploiting common security flaws and using them to breach home networks, computers, IoT and mobile devices,” said Eric Cernak, vice president and cyber practice leader for Munich Re. “Once cyber criminals have access, they can steal personal and financial information, hold computer files for ransom, and hijack anything from webcams and thermostats to smart TVs.”
Jerry Irvine, chief information officer of Prescient Solutions and member of the U.S. Chamber of Commerce’s Cybersecurity Leadership Council, agreed that consumers face a real threat and need to increase safety protections in their home networks and connected devices.
“The good news is that homeowners can take steps to protect themselves from destructive criminal intrusions,” Irvine said. “Understanding what hackers look for and how they premeditate an attack are critical to building up a home defense system. The important thing to remember is that hackers are imperfect and can be disrupted.”
The Home Hacker Lab also featured a risk management discussion with Cernak and Timothy Zeilman, vice president and counsel for HSB. The discussion included insights about ways to prevent a cyber-attack; the financial costs; and what consumers must do if/when they’re hacked.
HSB and Prescient Solutions provided the following risk-management tips (PDF, 301 KB) to secure home systems:
- Keep systems updated with patched and security updates. Install the most current Windows, OS/iOS, updates/patches and applications. Regularly update firmware on routers and all other devices.
- Separate social media from financial activity. Use a dedicated device for online banking. Use a different device for email and social media. Otherwise, just visiting one infected social site could compromise your banking machine and your financial accounts.
- Secure the network to which the devices connect. Don’t broadcast your wireless router/network name. Change default usernames/passwords on home routers and smart devices. Activate wireless router encryption, use WPA2, not WEP. Do not connect smart devices directly to the Internet linked to home computers, but rather through a separate IoT firewall.
- Set up two-factor authentication for all online accounts. Create complex passwords (nothing that can be easily guessed, such as children’s names, birthplace, etc.). Use secondary authentication; this sends a secret code to your phone verifying your identity.
- Secure your smartphone. Many people still do not use passcodes to lock their smartphones. Don’t be one of them. Almost all IoT devices are controlled by a smartphone app, so phones have become key entry points to homes.
- Think before purchasing or installing apps on smartphones or tablets. Make sure you read Privacy Policies before downloading. Do not download any apps that prompt you to quickly download, as they may contain malicious code and security flaws designed by hackers.
- When not using Bluetooth, turn off the feature. Mobile phones, tablets and many new smart items in the home have Bluetooth functionality (smart speakers, set-top boxes, baby monitors, etc.). Such devices have recently been hacked into because their owners left on the Bluetooth option.
- Purchase only new devices in unopened packaging from reputable retailers. As with any expensive device, there is a black market for counterfeits that have limited security protections. Do not be tempted to buy such devices.
- Wipe/reset to factory defaults. When replacing connected devices or selling a home, devices should be restored to factory default settings. This will ensure that personal information contained on the devices is removed.
- Check insurance policies closely. While a typical Homeowners Policy may cover the costs of the resulting damage (theft, spoilage, etc.), they generally do not respond to costs associated with restoring the systems that have been compromised in the attack.
*Research by Zogby Analytics and HSB Group.
Note for the editorial staff
Hartford Steam Boiler (HSB), a member of Munich Re’s Risk Solutions family since 2009, is a leading specialty insurer providing equipment breakdown, other specialty coverages, inspection services and engineering-based risk management that set the standard for excellence worldwide. We focus on clients and partner with them to craft inventive insurance and service solutions to cover existing and emerging risks posed by technological change. Today, as throughout our 150 year history, our mission is to use our engineering knowledge and insights to help clients prevent loss, advance sustainable use of energy resources and build deeper relationships that benefit business, industry, public institutions and consumers. HSB holds A.M. Best Company’s highest financial rating, A++ (Superior). For more information, visit www.hsb.com and connect on LinkedIn, Twitter and Facebook.
Prescient Solutions is a Chicago-based IT consulting company that provides onsite, remote, managed and cloud-based services to small, mid-sized and global organizations, as well as government entities. For more than 20 years, its expert team has advised organizations on best practices in IT and cyber security, and guides executives in IT decision-making and implementation across all systems and networks. For more information call +1 (888) 343-6040, or visit http://www.PrescientSolutions.com.
Munich Re stands for exceptional solution-based expertise, consistent risk management, financial stability and client proximity. This is how Munich Re creates value for clients, shareholders and staff. In the financial year 2015, the Group – which combines primary insurance and reinsurance under one roof – achieved a profit of €3.1bn on premium income of over €50bn. It operates in all lines of insurance, with over 43,000 employees throughout the world. With premium income of around €28bn from reinsurance alone, it is one of the world’s leading reinsurers. Especially when clients require solutions for complex risks, Munich Re is a much sought-after risk carrier. Its primary insurance operations are concentrated mainly in the ERGO Insurance Group, one of the leading insurance groups in Germany and Europe. ERGO is represented in over 30 countries worldwide and offers a comprehensive range of insurances, provision products and services. In 2015, ERGO posted premium income of €17.9bn. In international healthcare business, Munich Re pools its insurance and reinsurance operations, as well as related services, under the Munich Health brand. Munich Re’s global investments (excluding insurance-related investments) amounting to €215bn are managed by MEAG, which also makes its competence available to private and institutional investors outside the Group.
Hartford, Connecticut, October 19, 2016
The Hartford Steam Boiler Inspection and Insurance Company
One State Street
P.O. Box 5024
Hartford, Connecticut 06102-5024