Cyber Security and Neos: the need-to-knows

Man browsing on a laptop

Cyber security is a growing concern for everyone. With the increasing dependency on the Internet and a wide range of connected devices being deployed around us – it’s not just businesses and organisations who are falling victims of unscrupulous hacker attacks – it’s us, the consumers, who will start being on the receiving end of black-hat hackers.

The ransomware attack that crippled NHS in May, as well as thousands of other businesses worldwide, was probably one of the most highly publicised hacking stories of recent times. However, let’s not forget the Mirai botnet that infected hundreds of thousands of CCTV cameras, routers and other devices only a few months ago.

As more and more devices in our homes become ‘connected’, the ability for us to prevent someone from compromising the security of our home or stealing our personal data will become very critical.

As CTO of Neos, I take physical and cyber security extremely seriously. I’ve spent considerable time and effort ensuring that the service we provide and our customers’ data are as safe and secure as possible.

You can break down our security considerations into two basic groups; the hardware we deploy into homes and the cloud system that our hardware connects to. Here are just some of the security measures we take to make sure systems and data are kept secure:

Neos indoor wireless camera on table

Hardware:

  • Encrypted messages between hardware devices locally in the home
  • Strict firewalling on the hub (to combat common exploits such as Mirai)
  • Bleeding-edge SSL ciphersuites and certificate-based authentication on hub-to-cloud links

Cloud and Apps:

  • Web Application Firewall to protect from DDoS, SQL injection and general suspicious requests
  • Strict HTTPS rules means all requests are encrypted with SSL
  • Our data centres comply with various industry standards, including: ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate, Sarbanes-Oxley (SOX)
  • We don’t store user passwords, only one-way encrypted hashes
  • Protection against Cross-Site Scripting attacks
  • Comprehensive logging and monitoring suites to detect and respond to any performance or security incidents
  • App-side SSL pinning to ensure certificate integrity

Browsing and hitting 'settings' securely online

The thing is, no matter how hard we try to keep things secure, the most common exploits are still not technical ones. These types of attacks rely on a weak link common to all computer systems – human beings. With that in mind, here’s some really basic tips to help you stay safe in the digital world  (whether you’re a Neos customer or not!)

  1. Email is insecure, never send sensitive information such as credit card details over email.
  2. Phishing is still one of the most common types of fraud. If someone you don’t know calls you and asks you to identify yourself, always hang up and call them back on a number you know is real. The same applies to texts and emails you receive asking you to click on a link or call a number. If they try and give you a number to call them back on, ignore it. Find a number you can verify is real (for example from the company’s website) and call that instead. If they legitimately work for that company, they won’t mind.
  3. Use secure, unique passwords! At Neos, we don’t store your password in plain text, but some people still do. That means if a hacker gets hold of that password and you use it everywhere, they have access to all of those services too. We recommend using a password manager such as 1Password, LastPass or DashLane. These services securely generate and store unique passwords so you don’t have to remember them all! They also have a ton of great guides and resources about staying safe online.
  4. Use a virus scanner and never download attachments from emails you don’t recognise.
  5. If the service you’re using supports it, enable Two Factor Authentication. Here’s a great article if you’re not sure what 2FA is. 2FA can be a pain, we know, but it’s a really powerful tool to stay safe online, especially when you combine it with a password manager.
  6. Backup your data!!! Yeah, three whole exclamation marks after that one. Ransomware is becoming really popular these days, but the great thing is that with regular backups you’ve got nothing to worry about. If you get attacked by a ransomware virus, just restore from the latest backup. No need to pay, no lost data. Here’s a great list of backup software for Windows and one for Macs too. So grab yourself a cheap USB hard drive, and run regular backups (this is good practice regardless of the ransomware threat.)
  7. Keep your software up to date. Most of the common exploits that lead to widespread hacks like WannaCry rely on people running old, out of date software. Keep on top of updates – they’re there to fix the types of security holes viruses use to take control.
  8. Common sense. It might seem obvious, but common sense is your best defence for staying safe in the digital world. You don’t need to be a computer whiz to work out that this email isn’t really from a Nigerian Prince who wants to wire you a million dollars. And all he needs is your credit card details? Sounds pretty suspicious. So always remember: if it sounds too good to be true, it probably is. Think before you click, and you’ll stop a ton of potential attacks in their tracks.