Security Risks With Amazon Sidewalk

Amazon’s new Sidewalk application is a low bandwidth, long-range communications protocol for sharing your internet connection with your neighbors. Amazon Sidewalk is embedded into several ECHO generations, ECHO Dot for kids, and Ring floodlight devices. The program is turned on by default.

Amazon describes these devices as a “bridge” to get other devices onto the Sidewalk network. Amazon operates Sidewalk. It is a simple procedure to disable Sidewalk from your device. However, how many non-computer people will think about or even know how to disable the service?

Sidewalk is an application that binds all the Amazon devices together, making life a lot easier for all of us. However, security is already a concern for a lot of people. With the constant barrage of hacking, has Amazon created a secure network or a nightmare?  

  •       The Network
  •       Sinister Predictions
  •       Promising Technology

Amazon reiterates that privacy and security were the focus from the beginning of the project. Data must travel through multiple layers of encryption before hackers have any chance of doing harm. Another security procedure is rotating device IDs reducing info about specific users.

Sidewalk is described as the glue that holds the network together, making each device smarter and eliminating downtime. The company has issued a whitepaper explaining security procedures. Which seems a lot like; “concerns on security for Sidewalk are already out of the bag.”

CO1- Data stream computer hacking concept with Text: LI Tech Solutions logo with 3 bullet points

The Amazon Sidewalk Network

Amazon describes the proprietary Sidewalk network as a mesh between Bluetooth and Wi-Fi, both of which are not invincible to hackers. 

Extending the range at which people can still use their devices outside the home network is a significant feature of Sidewalk.

Sidewalk uses the 900 Mhz band of the radio spectrum, and the band ranges from 902 to 928 Mhz and is used primarily for local communications. The wavelength is used primarily by amateur radio.

Amazon sees the application extending far beyond ECHO and Ring with Sidewalk enabled devices finding pets or valuables. Smart security,  lighting control, and talking to smart appliances are all part of the plan.

Any connected device must communicate back to a management console or manufacture support services for direction. All this potential data could become readable by Amazon.

Devices such as home automation or IoT collect mounds of information on users’ behaviors and activities, called telemetry data. All this data could be transmitted back to Amazon or others connected to the network.

CO2- Data stream computer hacking concept - Text: The Network with 3 bullet points

New York’s Best Managed Security Service Provider (MSSP): Sinister Predictions

A sinister prediction comes from Engin Kirda, a professor of computer science at Northwestern. Who says, “It could also be possible for Amazon and others to use the network to identify individuals.”

Another sinister motive, special equipment could be brought in to identify a device from a specific signal. The movement of these signals could be tracked for geolocation and possibly advertisement targeting.

As an example of the dangers of using signals to pinpoint devices, Amazon has developed a smart tag for finding pets. If your dog runs away and there are enough Sidewalk users, your neighbor’s application picks up the signal, and your dog is found.

Locating a signal could also tell someone the frequency, duration, and destination of your dog walks.  Tracking a signal seems harmless; however, combining that information with all the other data, problems could arise.  

With all things digital in the modern era, it is essential you have not accidentally opted back into the network. Innocuous terms of service, hitting a checkbox on your shopping cart when checking out, or maybe missing one of those all-important memos from Amazon.

CO3- Data stream computer hacking concept- Text: Promising Technology - Assurances are being made by Amazon  

Promising Technology | Long Island Tech Explains

The theory behind Sidewalk looks promising to homeowners and businesses who get to sell more devices. However, users should remember that Amazon is not introducing Sidewalk to benefit users but to benefit Amazon.

Like all new technologies, Sidewalk is being promoted with a host of positive use cases, such as finding your pet. However, sharing networks and internet connections across a neighborhood has its detractors.

Mesh networks like Sidewalk only work well when sufficient user devices are trusting Amazon. This feature explains the default downloaded setting of Sidewalk as on, rather than opt-in. It also explains the phrase, privacy and security are foundational.

Users should be concerned Amazon feels privacy and security mean the same thing.  

Assurances are being made by Amazon and third-party device sellers as to the overwhelming security of Sidewalk. 

Experts are warning homeowners and organizations to opt out of any Sidewalk enabled devices until researchers and policymakers have a chance to evaluate the offering fully. Including liability questions in the case, someone can hack your Sidewalk network and gain access to your neighbor’s home. 

Know the Risks of Not Having BDR for Your Business

Experts estimate that humans produce 2.5 quintillion bytes of data every day.1 That is a lot of information. However, having a poor backup strategy can wipe out all or vast portions of your data in a single click. From accidental deletions and malicious attacks to natural disasters, there are multiple ways by which you can lose your business data. Therefore, make sure a robust backup and disaster recovery (BDR) solution is an integral part of your business.

When you lose crucial data permanently, the consequences can be devastating. Some costly aftereffects of data loss are:

It is your responsibility to equip your business with an effective backup and disaster recovery solution, irrespective of your business’s size, industry or location. Let us take a look at how significant backup and disaster recovery is to the following business industries:

Importance of BDR in Healthcare Industry

There can be severe complications when data loss happens in the healthcare industry:

  1. If a patient’s health records go missing when needed, a life-saving surgery could get delayed or denied.
  2. Without the billing records, a hospital cannot process payments.
  3. Regulatory bodies like HIPAA slap hefty fines on hospitals for carelessly handling data. HIPAA can impose penalties anywhere between $100 to $50,000 for an individual violation, with a maximum fine of $1.5 million per calendar year of neglect.4

Alarmingly, the healthcare industry was the worst-hit industry by cyberattacks in 2020.3 Therefore, backup and disaster recovery are critically important in the healthcare industry.

Finance 

A robust backup and disaster recovery solution is an important part of any financial institution’s growth and survival.

Financial institutions must comply with requirements put forward by:

  1. Regulations like the Gramm-Leach-Bliley Act (GLBA)
  2. Financial agency regulatory agencies like the Financial Industry Regulatory Authority (FINRA)
  3. International regulators such as the Financial Conduct Authority (FCA)
  4. The Securities and Exchange Commission (SEC)

An effective BDR solution is a mandatory requirement highlighted by all the concerned authorities mentioned above. Additionally, having one in place helps these institutions protect employee productivity and ensure customers quickly regain access to essential services following a data-loss event.

Hospitality

The information generated in the hospitality industry is in a precarious position. This is because the hospitality industry often invests less in backup and disaster recovery than other industries.

That said, survival in the hospitality industry can be tough. We live in an era where people check public ratings of a hotel room, even if they only plan on staying just one night. A minor dent in reputation could be an enormous blow to a hospitality business.

All critical data like credit card information and customers’ Personally Identifiable Information (PII) must be handled with care to avoid satisfaction issues and regulatory fines. Hence, backup and disaster recovery are an essential part of hospitality.

Adopt BDR for Your Business Before It Is Too Late

Avoiding data loss at any cost is vital for your business to survive and thrive. It is, therefore, highly recommended to have the right BDR provider to maintain control of business-critical data. If you are confused about how to take the first step, do not worry. We are here to help. Our BDR expertise can help your business sail smoothly without being caught in the whirlpool of data loss. Contact us now to learn more.

 

 Article curated and used by permission.

 Sources:

  1. net
  2. IDC Report
  3. IBM Cost of Data Breach Report
  4. National Library of Medicine

 

Business Continuity Plan 101

If you want your business to remain competitive even during a business disruption, you need to self-reflect.

What’s your plan against the unexpected?

The truth is, that numerous threats can halt your business operations at any time. If your employees cannot quickly pivot to ensure business continuity, you won’t just struggle with competition, but with survival.

The simple solution is a business continuity plan (BCP).

What Is a Business Continuity Plan?

Techopedia defines BCP as:

“A business continuity plan (BCP) is a plan to help ensure that business processes can continue during a time of emergency or disaster. Such emergencies or disasters might include a fire or any other case where business is not able to occur under normal conditions. Businesses need to look at all such potential threats and devise BCPs to ensure continued operations should the threat become a reality.”

 Benefits of a BCP

BCP empowers your business to respond to disruption(s) that could potentially affect business operations. It minimizes the impact of disruptions while also enabling you to quickly get mission-critical processes up and running with minimal or no data loss. 

Being able to deliver services/products to customers despite calamities paints your business in a positive light among customers. 

Essentially, BCP safeguards your revenue and reputation during a business disruption.

BCP will play an important role in a post-pandemic world. It’s likely your business will have to operate with a hybrid infrastructure, where half your employees will work from the office and the other half from pretty much anywhere.

Components of a Business Continuity Plan

A healthy business continuity plan should have the following components:

BCPs vary based on the requirements of an organization’s industry and the unique needs of the business. However, there are a few components every healthy BCP should have.

  1. Recovery personnel

A dedicated individual should be assigned to manage the recovery process to get systems back up and running quickly.

  1. Recovery procedure

The recovery procedure outlines the strategies to restore key business functions and helps to prioritize assets critical to business operation. These assets include equipment, IT systems, and contact lists. To protect critical assets, classify them based on their criticality to the business and define recovery objectives such as Recovery Point Objective (RPO) and Recovery Time Objective (RTO). 

  1. Data backup

Your BCP should establish how to back up data as well as the methods used for backup and recovery. Depending on RTO and RPO, as well as the granularity of recoveries required (i.e., restoration of individual files), your methods may vary.

Business Continuity Testing

BCP testing gives you insights into how prepared your employees are in case a disruption occurs. It is a risk-to-reality simulation in which employees need to work together to find a solution and recover lost data, communications technologies, or damaged property.

To keep everything running smoothly, your business should test BCP at least once a year. However, the frequency of your testing largely depends on the nature of your business, turnover rates, rapid process changes, or new regulations.

The Reality of BCP Testing

On the surface, manual testing is important to maintain a business continuity plan that works during an actual disruption. The reality is that businesses struggle to match manual BCP testing with the frequency at which cyberattacks occur.

Confused about how to move forward with your business continuity plan and testing? Don’t worry. We can help. Contact LITech Solutions now to learn more.  

Navigating Backups and Training During Unprecedented Times

The surge in cybercrimes against businesses during the COVID-19 pandemic proved how flexible nefarious cyber players are. They are ready to twist and turn according to a situation to make profits out of a business’ failure. Remember that it could happen to any organization, including yours. if you do not arm your business with robust backups and regular security awareness training, you are at risk.

It’s alarming that phishing shot up by 67 percent since the start of the pandemic. Initially, this turn of events stunned the world and businesses struggled to adapt to the new normal. Hackers pretending to be the World Health Organization (WHO) duped people into clicking on malicious links or sharing sensitive information. Such evil tricks, if not tackled, can easily violate your business network and lead to a terrible disaster, compromising invaluable data.

For instance, in November 2020, the Internal Revenue Service (IRS) issued a warning regarding an SMS-based phishing scam through which hackers cheated citizens in the name of a ‘COVID-19 TREAS FUND’. When someone clicked on the link provided, they were redirected to a website identical to www.irs.gov and the site collected their data. This scam is just the tip of an iceberg of phishing scams that unfurled in 2020. What if one of your employees fell prey to such a scam? A careless mistake like that could result in a successful cyberattack on your business that can have severe repercussions like data loss, downtime, hefty penalties, lawsuits, or even permanent closure.

The sudden appearance of COVID-19 caused a sense of panic among businesses. With the virus spreading like wildfire, the work-from-home model was the only available option to maintain a safe working environment. However, the unprecedented scale of remote work has endangered the security of several businesses, including yours. If you do not fix the gap between the preparedness and efficacy of your backup and security defenses, data loss could just be the first of many problems you could face.

Why Backups and Security Awareness Training Matter

Backups can be a lifesaver for your business by protecting your valuable business data from being deleted or altered by malicious cybercriminals. Although the pandemic acted as a catalyst for backup adoption, only 41 percent of businesses back up their data at least once a day. That is not a very healthy practice.  You must make sure proper policy development, regular testing, and continual reviews fuel your backup strategy.

Other than protecting your sensitive data, backups can help reduce severe downtime. They improve your business’ reputation and act as a single access point for your entire database.

Even if you have all your backups in order, a negligent employee can still be a threat to your business data. In 2020, the San Jose Federal Court convicted an employee from a global MNC for carelessly deleting business-sensitive data. Thus, the only way to tackle the factor of human error is through regular security awareness training.

Always bear in mind that backups and security awareness training are equally important when it comes to your business successfully warding off cyberattacks that can result in downtime, data loss, and more. Selecting one over the other can dilute your business’ counter-threat strategy. Undoubtedly, by meticulously implementing a robust backup and regular security awareness training, your business can deal with harsh times like the current pandemic as well as cyberthreats that exploit such difficult periods.

Empower Your Business Now

If there’s one lesson the pandemic has taught businesses, it’s that it’s better to be safe than sorry. The business world is at a critical juncture and your proactive approach can make or break your business’ future. While a world without cybercriminals would be great, such a utopian world unfortunately does not exist. The only way forward is through the smart implementation of the best strategies to protect your business data, processes, systems, and people. And for that, you must empower your business by integrating backups and comprehensive security awareness training.

Remember, you don’t have to take the first step to a safer tomorrow alone. The right partner by your side can make your journey easier and more successful. It all begins with a simple email to us. Get in touch with LITech Solutions today!



Article curated and used by permission.

 

Data Sources:
• Security Magazine Verizon Data Breach Digest
• Security Magazine
• Help Net Security Magazine
• Bloomberglaw.com