Posts Tagged ‘security’

Cyber Threats Right Here At Home

Wednesday, January 3rd, 2018

Smart home


A page in The Costco Connection for January 2018 is devoted to “some of the smart tech you may want to invest in over the coming months.” The image above suggests 10 different smart technologies – lighting, windows, temperature, door locks, etc.

Note that I said “Costco.” This wasn’t Wired or Popular Science, which you might expect to have articles about the very latest in high-tech gadgetry. No, we’re talking mainstream.

So, back to the array of smart tech devices.

Maybe you already use some smart tech devices in your home?

Or you got one as a Christmas present?

Or better yet, gave one to your children?

Here’s a better idea of how smart the technologies are:

  • Smart phones – Shoot 4k video so you can play it back on your TV; recognize your fingerprint as password; track your blood alcohol level; find your car; diagnose why it’s not starting.
  • Smart watches – Receive text, email and tweets from friends; capture your fitness info; give you directions or track your run via GPS; lock, unlock, and start your car.
  • Smart homes – Respond to voice or touch commands to adjust air and water temperature, lights, locks and cameras; “learn” family habits and schedules; report on current traffic conditions along your route to work; read and adjust solar panels; start the laundry.
  • Smart TVs – Connect to social media platforms; follow voice and gesture commands; display photos and videos from your phone.

These all fall under the heading Internet of Things, the IoT.

The IoT — a mind-boggling composite of convenience and just plain cool stuff!

With one little problem: security.

Here it is reflected in one sentence from ISO Online, in an article about DEF CON 2017:

“At the IoT Village, hackers found 47 new vulnerabilities in 23 IoT devices.”


Even if you don’t understand exactly where the threats lie, you can probably recognize just how these vulnerabilities come about.

  • Like every other product, IoT products are hurried to market to beat the competition. (Think Apple.) They don’t have time to spend on developing sophisticated layers of security that interact with every other device’s layers of security.
  • Device manufacturers may be as interested in selling information about you and how you use the product as in selling the product in the first place. So, they conveniently overlook certain aspects of security. (Remember the TVs that were capturing info about their viewers’ choices? And the “Talking Barbies” that stored and transmitted what the children said to their dolls?)
  • Many IoT products are complex, combining software, hardware and services often provided by more than one supplier. Not infrequently, one or more of the suppliers sells out or even goes out of business somewhere along the line. A broken link in the chain is a hacker’s opportunity.
  • And IoT users – that is, us consumers – are not following smart security practices!

Now last month our Advisory reviewed home and business security systems – all of which were internet connected — and in doing that research I read many, many advertisements and reviews. Not one had anything to say about security. The Costco article didn’t mention security either!

But when I dug into broader background on the Internet of Things, I got a whole load of warnings.

So, in our ongoing effort to improve awareness and understanding about all areas of preparedness, here are . . .

Seven recommendations for your personal IoT devices as of January 2018.

1-Enable security features on all smart devices.
Not sure if there ARE security features? If the device connects to your home network, there better be usernames and passwords that you can change from the default! In fact, the instructions should remind you to make those changes. Remember that default usernames and password combinations are published online and thus easily available to hackers.

2-Use strong passwords.
Are your children using the devices? Don’t give them an easy password so they can operate the thing. A simple password makes it easier for every hacker to break into the device!

3-Check for and reconnect or remove dead devices.
Some IoT devices are treated by the family or employees as toys, and after a while they lose interest in them. These neglected devices are precisely the ones that may provide an opening for a hacker. Take a regular inventory and clean up your IoT.

4-Schedule battery replacement.
Many of these devices operate using battery power. Batteries die – and when they do, you could cause a security risk. (Door lock won’t open? Fire alarm won’t go off?) Check all devices regularly until you know just how long their batteries will last, and then build a schedule for ongoing maintenance – with dates and numbers and types of batteries required.

5-Update firmware (operating systems) and apps.
If you find the updates on your phone or computer to be a nuisance, imagine having an entire collection of devices with apps that need updating! But it’s through updates that holes are stopped up and vulnerabilities are fixed. Watch for updates and apply them. (Not sure exactly how you’ll be notified of updates? Find out, so you don’t miss out.)

6-Be sure updates and/or network communications are encrypted.
You don’t want strangers listening in on your baby monitor, measuring your blood pressure or noting the hours when the house is empty! If your smart device sends unencrypted info across your home network and the internet, you are vulnerable.

7-Are any ports left open?
Some devices – particularly hubs or routers – need open ports to allow connections to the internet. The more ports that are open, the more vulnerable you may be to hackers. By and large, your firewall software will allow or block connections based on the profile you’ve set up. If you haven’t set up firewall software, do it. (If you aren’t sure how to find out about the status of your ports, you can get additional software to check on them.)

A next step for non-tekkies.

If you’re interested in getting a lot more familiar with IoT and IoT Security, plan on either spending a lot more time online or spending some money on one or more of the books available via Amazon or other book stores. Most of these books seem to be directed to IT professionals and have professional prices.

The Internet of Things: A Look at Real-World Use Cases and Concerns

However, I did find this inexpensive book that looks intriguing for ordinary consumers. In it, the author turns the IoT from focusing on the THINGS (as we have done in this Advisory) to focusing on how the CONNECTIONS are going to empower people and businesses. His case studies make it clear how this can happen.

(FYI, according to the back of the book cover, the author was born in 1981. He got his first computer at age 7, wrote his first software application at 9, and has built and sold “several” technology businesses since he was 18. That gives me a comfortable feeling about his level of expertise!)


This Emergency Plan Guide Advisory is aimed at households. Naturally, much of it also applies to the business world, or at least to the small business world. Earlier in 2017 we drafted an Advisory and a checklist/questionnaire on Cyber Security for Business. If you overlooked them, you may want to check them out again. We’ll be updating this info regularly, but don’t wait for the update!

In the meanwhile, pay attention to your Things and don’t let them get you into trouble!

Your Emergency Plan Guide Team

P.S. This is the kind of information that everyone should be aware of. Please forward this Advisory to friends and family and share with your neighborhood group. If just a few people take a few actions they will be safer than they were before.

P.P.S. What really got my attention from the DEF CON article was the report of a wheelchair being hacked . . .!

Secure Your Space

Tuesday, October 4th, 2016

The Great ShakeOut Hits California

Our community is “celebrating” the annual earthquake drill here in California on October 20. We are joining a crowd of 9.4 million participants (so far).

Secure Your SpacePlus, just two days ago we emerged from a heightened earthquake alert resulting from a swarm of 140+ small quakes near the base of the San Andreas Fault. That’s the seismic fault that’s going to give birth to the long-overdue “Big One.”

So it seems time to take another look around the house to Secure Your Space, as the ShakeOut people say.

We put together a worksheet for our neighbors, and I thought it would be a good tool to share with all our Emergency Plan Guide readers.

(The form I created for our neighborhood group has a space for recommendations to be made by a handyman that we’ve engaged to go to people’s homes. The version shown at the left in this Advisory is a little different. It figures YOU will be making the changes, hence the “to-do list” terminology!)

No and Low Cost Recommendations for Quake Safety

These are all pretty straightforward. It just takes setting a time for a “walk-through” and then making obvious changes to your living space.

As you do your walk-through, look at furniture placement, and not just heavy or decorative items that could fall and break.

When we returned home after the San Francisco quake in 1989, one of the most dramatic things that had happened was we couldn’t get into the bedroom because a bookcase had fallen over, completely blocking the door.

Handyman Help for Quake Safety

You may or may not already be a handyperson, so some of these suggestions may require that you get a few simple tools. Generally, the idea is to stand in the middle of the room and imagine that everything loose starts flying at you.

How do you tether or fasten down the items that could hurt you?

Keep in mind:

• Flexible fasteners may be better than stiff ones, which can break in a large jolt.
• Rubberized pads may stop heavier items from shooting across the room, but of course won’t keep them from falling to the floor.
• A wire barrier or a lip may keep items on a shelf as long as the shelf stays on the wall.

This Secure Your Space list is aimed at simple things you can do to improve your chances. It doesn’t get into major improvements, like blocking and strapping your water heater, or reinforcing your foundation. We’ve covered some of those elsewhere.

Today, let’s just take care of a few items that should not be left unaddressed.

Need a shopping list of earthquake safety items?

Here are some items from Amazon. You could click on the links, order them all, or items like them, get them delivered within just a couple of days, and have everything you need for an earthquake safety family activity!

Picture or Mirror Hanger

The usual hardware or hobby pack of picture hangers is designed for light pictures, but the sawtooth version of a hanger, or any hanger that counts on simple gravity to hold the wire on the hook, will not be adequate in an earthquake. You are looking for something that can carry 50, 70 or maybe even 100 pounds, and keep it on the wall!  Here are some ideas for hanging heavy items.

Hangman 3-Inch 100-Pound Walldog Wire Hanger (WDH-100-2)

And the wire to go with it . . .
Hillman Fasteners 121128 Mirror Hanging Set Heavy Duty

Big Stuff on Shelves

When it comes to electronics on the shelves in our office, we start with rubberized mats under our printers and computers. We also have a mat under the one desktop tower that is still on the desk. (The other tower is on the floor.) I also use rubberized shelf paper in the kitchen under my plates, and actually between some of the serving platters.

I really love this stuff. Get enough of it because you’ll find many uses for it.

VViViD Non-Slip Rubberized Plastic Mesh Shelf and Drawer Liner Non-Adhesive Sheets (12″ x 20ft, White)

Appliances and Furniture

I said above that for our computers, we “start” with rubberized mats. The next step is to fasten all appliances and furniture down with flexible safety straps, so they won’t go anywhere when the world starts shaking.  Of course, what you use to fasten things down depends on their size, their weight, where they are located (how far to a wall stud), etc.

TV monitors are probably the most likely thing to fly in an earthquake. Tie ’em down! Next most important are bookcases, appliances and other furniture. Here are several models of straps and cables to consider.

QuakeHOLD! 4520 Universal Flat Screen Safety Straps

Quakehold! 4163 15-Inch Furniture Strap Kit, Beige

Quakehold! 2830 7-Inch Steel Furniture Cable

And one model of strap (not from Quakehold!) that seems to be all-purpose:

TV and Furniture Anti-Tip Straps | Top Quality Heavy Duty Strap, All Metal Parts | All Flat Screen TV/Furniture Mounting Hardware Included | Lifetime Guarantee (2 Pack, Black)

Objets d’art and Collectibles

Every home has a shelf or cupboard with beloved figurines, plates, vases, whatever. If the shelf falls, or the cupboard opens, these precious items will be destroyed. So, some suggestions:

  • Can you place these objects in a closed cupboard instead of on an open shelf?
  • Run a wire or fishing line barrier along the front of the shelf to keep books from falling.
  • Add a simple lock to be sure the cupboard or cabinet door won’t swing open in an earthquake. (Check under “child-proofing your kitchen.”)

Most important, “glue” treasures down with museum wax from your local hardware or craft store. It holds!

Quakehold! 66111 2-Ounce Museum Wax


I mentioned above what we found in the bedroom when we got home after the 1989 earthquake. In the kitchen was an astonishing mess of broken dishes, broken jars of pickles and peaches, flour and spices, appliances and potted plants.

Again, all kitchens are slightly different. Do a kitchen walk-through. What could fall or move? What will happen if cupboard doors come open? Moving heavy items to lower shelves is the obvious first step. Selectively applying child-proof locks or safety straps may be the next best improvement.

A Weekend’s Worth of Work

Doing the appropriate moving, measuring, drilling and installing will take more than 5 minutes. Depending on your level of skill and interest, it might take all day or even all weekend.

But all it would take is one good shake and EVERYTHING ON THIS LIST  — mirrors, pictures, bookcases, furniture, computers, cupboards, TVs, food, glassware, souvenirs, collections — could end up in a jumble of broken trash in the middle of the room. And you’ll be lucky if you aren’t in it somewhere.

So, join in your own region’s Great ShakeOut and make some safety improvements. You’ll sleep better for your efforts.

Your Emergency Plan Guide Team

I mentioned some articles on more serious infrastructure improvements for your home. Check these out:



Are Your Employee Communications a Disaster Waiting to Happen?

Thursday, August 4th, 2016

Many companies are being forced to set up or beef up their emergency employee communications plans. Those that don’t may be courting liability.

Being sued for no disaster plan

Being sued . . .

Read on.

In today’s news, we learn from a simple press release that “The Boston Globe is making customized comprehensive safety guidelines available to all employees via a mobile app.” (That’s my emphasis.)

What does this have to do with YOUR company?

Start with these questions:

  • What has your company done about emergency response and emergency communications? Does it have a plan?
  • Is your company keeping up with what others are doing?
  • Is it meeting its legal responsibilities?


Managing emergency communications is an ongoing challenge.


1 – You face threats today that may never have been threats in the past.

Again, recent news stories tell of oil train explosions, once-in-a-lifetime flooding, live shooter events and cyberattacks that can cripple entire enterprises.

Is your workplace communications system set up to respond to “new” disasters as well as the usual ones? When did you last do a “risk analysis?”

2 – New technology means the world may hear about your emergency before your front office does.

What’s your procedure for making sure employees get instructions and the public – including suppliers and customers – gets factual information that will staunch rumors?

As Paul Barton, a business communications specialist says, “Rumours are created for a specific reason: they fill in the information void. If an organization does not tell staff what is going on, they will make up their own story.”

And today, that “story” will be out via YouTube and Twitter before the smoke has a chance to clear!

In the past, companies usually assigned one person to be the spokesperson in an emergency. Today, every employee can instantly reach a huge audience. You can’t stop that, but you can train employees in how to communicate.

3 – Employee turnover means your “communications plan” must be continually updated and employees must be regularly trained or they won’t be able to use it.

Not only does your workforce change, but the company premises themselves change. You may change your phone system, switch to a different internet provider or IT set-up, add a new website or a new office, invest in mobile devices for the whole staff, etc.

All these give the business and employees new communications options that must be considered in the emergency communications plan.

4 – Don’t overlook the families.

You may expect your employees to be ready to step up to protect the business and pitch in to get it back on its feet in an emergency.

Guess what. You may be wrong.

Over and over again in disasters, employees – even First Responders! – have abandoned their posts because they were desperate to find out if their families were safe.

If you can reassure employees about their families, your business continuity plan has a much better chance of working.

What this means is your emergency communications plan has to put family communications right up at the top. It must ask and help answer questions like:

  • How will the company communicate with employee family members regarding the status of the business and the employee?
  • What plan does the family have to get in touch with each other in an emergency?
  • Does the family have an out-of-state family contact person?
  • Has the family designated a place to go if they get separated and/or they can’t get back to their home?


5 – What responsibility does the company really have?

The “Prudent Man Rule” (now probably referred to as the “Prudent Person’s Rule”) has been around in the financial world for nearly 200 years. It says that someone responsible for another’s interests should exercise the same care, skill and judgment that other “prudent men” in that position would exercise.

When articles like the one about The Boston Globe appear in the daily news, you must ask yourself,

“If others are setting up new ways of communicating with employees during emergencies, could we be found deficient or even negligent if we haven’t updated our own plans?”

Here at Emergency Plan Guide we’re not offering legal advice. But we do know that businesses and particularly owners get sued. We believe they can improve their chances of coming through the legal system safely by demonstrating that their decisions with regards to emergency response planning are consistent with good practice.

Two more resources.

Action Item:  If your company’s emergency response plan needs updating, take a look at these for inspiration.

This article reviews the different groups that may sue you after a disaster, and suggests three steps you can take immediately to protect yourself from legal fallout.

If you haven’t thought about physical security, this article will list some “prudent steps” that other companies are taking in this regard.

Once again, this isn’t legal advice, but I hope it falls into the category of “good business” advice.

Your Emergency Plan Guide Team


Don’t miss any of our free Advisories. They’re a quick read and come right into your email box. Sign up below.



Security, Safety at Home with Exterior Lighting

Sunday, October 4th, 2015

Suddenly, it’s October, and . . .

Getting darker much earlier.

Have you noticed?

Solar lights

Controls for motion-activated light

Our streetlights give the minimum legal light as part of our city’s attempt to lessen urban light pollution. That’s fine – but when I come home at night, I want to see the porch steps!  And, I don’t want to imagine someone standing outside looking in.  So we have installed several different night lights.

Hard-wired lights

One big light on the porch stays on all night long (hardwired energy-saver bulb). It’s bright enough that anyone coming up on the porch can see to navigate the steps safely.

In the carport, at the back door, we have a hard-wired motion-activated light. It goes on when we pull in or when anyone walks by.

I like this light!  The bulbs are big and bright (although not energy efficient) and we can adjust and have adjusted everything – direction of the sensor, aim of the lights, etc. In fact, the light is so powerful that we had to restrict its “sensitivity” because it was picking up people walking their dogs on the other side of the street. (It reaches out to 70 feet.)

Battery-operated motion-activated lights

It’s not easy to drill holes and run hard wire everywhere where we want it, so we’ve also tried a variety of small, battery-operated motion-activated lights for other areas around the outside of the house. (Most of these lights have been about the size of a TV remote.)

Some of these worked well, and they were pretty inexpensive ($10-$15). Most, unfortunately, seem to need constant attention, which is a nuisance since we have to get out a ladder to adjust them or replace the batteries. I don’t feel I can recommend any of these.

Solar-powered motion-activated light

So here’s the third option – a rechargeable battery-operated light that gets its power from the sun!

There are three pieces to this light.

First, there’s the solar panel.  It’s a thin-film panel and generates electricity best in bright sunlight, but also even when light is dim or it’s cloudy. Just be sure to mount the panel, which is about 7 ½ in. wide by 6 ½ in. tall, where it won’t be shaded. (Eaves and leaves are tricky this way, and change with the seasons! Check carefully before you decide where to put the panel.) The panel is weather resistant.

Second, the panel comes with 15 ft. of connecting wire.

Third, the light itself. It is made up of the light panel at the top, with 80 LED bulbs, the battery compartment in the middle, and the sensor at the bottom. (There’s another version with 60 LEDs.) The LEDs are powered by the rechargeable battery that has been charged by the solar panel.  (The battery will have to be replaced at some point, hard to say exactly when.  Depends on how often the unit is used.)

The sensor isn’t as powerful as the one on our hard-wired light (adjusts to 30 feet) but works fine for where we want the light.

The light actually has several adjustable components: the bracket that attaches to the wall, the sensor, and on the bottom of the sensor, three control buttons.  (Shown in my photo.)

The first button sets how dark it has to be before the light will go on. The second control sets how long the light will stay on each time it is set off.  The third control adjusts the range of motion detection.  (You may want to start by setting the lighting to a dusk condition at first, so you can set the rest of the controls while you can still see!  Then, readjust to full dark.)

The light was easy for Joe to put up. (I helped by pointing out potential shade!)  We followed the instructions to fully charge the battery before using it for the first time. And so far, it’s worked just as expected.

I consider light a safety feature (for us and for guests). Having some lights that stay on and others that go on also makes the house look “busier” than it might otherwise, which can act as a deterrent to unwanted visitors.

If you could use extra lighting, here are direct links to Amazon for the two lights I’m recommending.  Note that they come in different colors, different wattage, and sometimes have bulbs included and sometimes not. But if you click on a link you’ll get to the right place.

Hard-wired motion activated: Heath-Zenith 180 Degree Motion Activated Security Light with 2-120 Watt Bulbs

Solar-powered motion activated: Sunforce 82080 80-LED Solar Motion Light

And if you have tried some of the small motion-activated lights, and found them satisfactory, please let us know by leaving a comment!

Your Emergency Plan Guide Team



Gated Community Keeps People Out

Sunday, August 2nd, 2015

Gated communityWhat about First Responders?

Gated communities are more popular than ever. People seem to agree that the gates are a symbol of security and exclusivity.

That’s all well and good until there’s an emergency and suddenly the gates become not a symbol but an actual barrier to entry for residents and First Responders.

Run a quick search online and you will find, like I did, some outrageous stories of people inside their gates, waiting and waiting for help while police or the fire department waits outside — powerless to get in.  In fact, you’ll find stories of people who died, waiting.

The problem of emergency access to your gated property may never have been discussed because no emergency has ever arisen. But if you live in a gated community,  have gated parking at your workplace, or know someone who does, part of your emergency preparation is to . . .

Get the answers to these 5 questions.

  1. Mechanism. How do First Responders open your gates? Is there some sort of lockbox requiring a physical key? An electronic card reader? A punch-in-the-code pad? A remote that requires batteries? A system that responds to light or sound (siren) frequencies?
  2. Updates. If you have a key-pad, who reports updates or changes in the code to the authorities? In two of the stories I read, the management company for the community had changed. The new company changed the code. Nobody reported the changes to the local dispatch.
  3. Keys. If you have a lock-box system with a unique key, who manages the keys to your community? Does each gated community in your area have a different key, requiring First Responders to have a huge key ring? What assurance do you have that the key has not been compromised or illegally duplicated?
  4. Knox Box. A common lock-box system is called the Knox Box. (Open the box to get to a switch that opens the gate or to a key to open a gate, a home, etc.) All boxes in a local area operate off the same key. If you have a Knox Box, how do First Responders keep track of their master key? Is it floating around somewhere in the cab of the fire engine?
  5. Power outage. And the most important question of all: What happens to your gates when the power goes out? Do your gates have a fail-safe override mechanism that allows a gate that isn’t working properly to be manually pushed open so that vehicles or people are neither locked in nor locked out?

Some years ago I lived in an apartment building in Northern California that had parking under the building. I drove in through a gate that raised up when I pressed my “clicker.” When the power went off, the gate remained down. It was way too heavy to lift by hand. If I had the key to the “pedestrian gate,” I could park outside the building and get in through a locked gate near the pool. Otherwise, I was stuck standing outside on the street.

Now I live in a gated community in Southern California. (Don’t worry, I’ve lived in other states too!) Several years ago we upgraded our unmanned gates to the Click2Enter system.  Residents get a battery-powered clicker; First Responders open the gates with a click of their mobile or portable radio transceiver (which has to be programmed with specific frequencies).  First Responders enter with no noise and no fuss. (That’s our gate in the photo. You can see the blue and white Click2Enter box attached at the left side of the center column.)

When the power goes out temporarily, our gates can continue to operate on back-up battery power. (We can count on several power outages a year.) In an extended outage, the gates will open and then remain open.  (This has caused our Emergency Response Group’s security committee to make special plans to keep strangers from entering. That’s another post for a later day.) .

Since we’ve had no problems, we had no idea of what to expect until we began to dig into the issue.  I suggest you dig into the details of your own gates before something happens in your community or at your workplace. The fact that there seem to be few if any building standards for gate operation means you may come up with a surprise!

Your Emergency Plan Guide team


 Don’t miss a single Advisory. Get them automatically in your inbox by signing up below. If you have friends who need this information, forward the email to them so they can sign up too.

Can You Spot a Terrorist Before Something Goes Down?

Friday, January 18th, 2013

(First of a three-part series on terrorism.)

Before we jump into this subject we need to clarify what we mean by “terrorism.”  When most people think about terrorism, they’re really envisioning attacks by jihadists or other non-state actors like those who perpetrated the 9/11 attack.  In reality, we need to broaden our definition to include domestic terrorism and terrorist acts perpetrated by individuals or groups that are motivated by political or domestic “causes” . . . and persons who are mentally unstable.

Pre-Incident Indicators

From the standpoint of frequency of events, the domestic terrorism poses a greater threat than that perpetrated by international groups.  With that in mind, let’s explore some of the “signs” – or, Pre-Incident Indicators (PIIs) of a possible, impending act of terrorism at a target location . . .


Possible surveillance?

Serious terrorists – even would-be ones – are most likely to visit the target area in advance, conducting surveillance and even taking photographs to aid them in their planning.  It is often difficult to differentiate between terrorists and tourists since both are interested in the features of the location, but with just a bit more attention, you can notice these traits:

  • Tourists are likely to take photographs at random of the more interesting features.
  • Tourists often take photos with themselves or their friends in front of the interesting features.
  • Terrorists will likely be more systematic, taking multiple or series of photographs of areas of ingress and egress.
  • Terrorists will be making notes about security coverage, monitoring activities, drawing floor maps, drawing diagrams of the location, using a recording device, etc.

Elicitation (attempts to get information)

Everybody has questions and asking questions in unfamiliar surroundings is normal.  Would-be terrorists, on the other hand, will be interested in more than the casual answers.  While their conversation at first appears ordinary, they will attempt to gain  more detailed information to determine security procedures, vulnerabilities, etc.  Elicitation attempts are not always made in person.  They can be made by telephone, mail or email inquiry or research at a library, etc.

Examples of unusal questions might be, “When does the next shift (of security guards) come on?” or “Where are the electrical shut-offs?”  Surely a question like one of these should capture your attention!

Please watch for the next post in this series. Part two will cover the logistics of terrorism and the third part will delve into the tests of security, dry runs, etc.