BID® Daily Newsletter
Jun 5, 2024

BID® Daily Newsletter

Jun 5, 2024

Your Smart Devices May Be an Invitation to Hackers

Summary: Wi-Fi-enabled smart devices are convenient, but they can also provide hackers an avenue into your system. Learn which devices are most vulnerable and how to protect them from cyberattacks.

To simplify maintenance of a casino’s fish tank, the casino owners installed sensors connected to a PC so they could remotely manage feeding, temperature, and cleanliness. Then, a scammer hit the jackpot when he managed to hack the fish tank and from there slip into the casino’s other computer systems, stealing a treasure trove of data before being discovered.
While you spend your time and energy guarding your community financial institution’s (CFI’s) central systems and technology against direct attacks by hackers, a back door into your systems may be vulnerable in ways you never imagined. Any device with an internet connection is potentially hackable. With the proliferation of smart devices, these back doors are multiplying.
The spread of smart devices has resulted in a host of new vulnerabilities. Often called the Internet of Things (IoT), these modern conveniences have been recognized as potential security problems. But those worries are often overlooked or downplayed. It’s hard to imagine a fish tank as a security threat. There are actually quite a few seemingly harmless smart devices that pose a risk to your CFI, if you haven’t taken steps to secure them.
The Problem with Printers
One of the top IoT device concerns at the moment is the office printer. Modern printers are far more advanced than earlier versions, offering myriad ways to print, scan, and copy, among other tasks. These multi-function printers are also typically connected to the internet, which can be a source of trouble: 61% of organizations dealt with data loss through their printers in 2023.
While your CFI may deploy a system of firewalls and anti-virus software elsewhere, the defensive strategies often aren’t as robust — or don’t exist at all — with printers. When hooked up to Wi-Fi, these multi-function printers can provide a direct path into your central computer system.
Hackers who break in through your printer can inject malware, disrupt other devices, steal data, and perhaps even launch attacks against customers and partners.
The Vulnerabilities in Card Readers
Card skimming is an important hacking method to look out for, because according to the FBI, customers and financial institutions lose over $1B every year to this form of theft. It not only leaves financial institutions and their customers vulnerable, but also small business customers whose card readers are compromised with card skimmers.
Financial professionals are likely familiar with the ins and outs of card skimming. Hackers have been adding them to ATMs and POS terminals at various retailers to lift PIN numbers and credit card information from users for many years now. They’re especially common at gas stations and nonbank ATMs inside stores.
Hackers use a skimming device that’s placed on top of the card reader that will read the card’s strip information and store customer data for wireless transfer. Other common methods are placing a fake keypad over the real one to capture PINs or installing cameras to watch cardholders put in their PIN numbers. For chip reader cards, hackers have found a way to gain access to that data, too: the process is called shimming, and the devices they use to read the microchips are small and harder to spot.
The Security Issues with Cameras
Security cameras can also fall prey to cyberattacks. Wi-Fi cameras are the most vulnerable due to their connection to the internet — even if hackers can’t get a direct connection to the camera, cloud-based security cameras can have their servers hacked to gain access to that footage.
Hackers commonly gain access to security cameras through the wireless networks they’re connected to. Unfortunately, some security camera systems are all too easy to hack because the customers and businesses that purchase them either never change the default username and password or their credentials become compromised.
Other Susceptible Smart Devices
As offices incorporate more smart devices, the security around them should increase, because all of them can be hacked. Thermostats, coffee makers, and even smart refrigerators can be hacked through their wireless connections. Smart bulbs that can be remotely operated can also be remotely hacked.
When smart TVs get hacked, it’s not just digital assistants connected to other devices that become vulnerable, but also the built-in cameras and microphones; hackers can listen in to conversations and record video, too.
How To Protect Your Smart Devices
What can be done about all these vulnerabilities?  The FBI offered some tips about securing IoT devices so that you and your customers can use these devices without the fear of being hacked. 
  • Always use strong passwords. One example is a passphrase, which is a long password that can be created from a phrase or a sentence.
  • Make sure the devices connect through a well-secured router. 
  • If the router gives you the option of putting your device on its own network, use it. This can help block hackers trying to break into your more sensitive networks.
  • Always protect your Wi-Fi networks with firewalls and monitoring methods.
  • When shopping for smart devices, look for manufacturers that offer devices with strong security and that update frequently. 
If your financial institution branches have smart devices connected to the internet, you could be vulnerable to cyberattacks. Take inventory of your smart devices and make sure they are all properly secured to protect your data, systems, and customers.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

DORA as a Guideline for Heightened Cybersecurity
As European financial institutions prepare to adhere to the EU’s Digital Operational Resilience Act, CFIs may find value in using these rules and regulations to help shape cybersecurity initiatives.
API Security Helps Keep Your Data Safe
APIs are a standard part of every CFI’s technical tool kit. They’re also a potential opening for cyberthieves. API security measures can help keep CFI data safe.