When we think about securing our home, we start with the basics. Locks on doors, a fence around our yard, perhaps other physical security elements like locks on windows or landscaping features mean to deter burglars. We might even consider our dog to be a key part of our home security strategy. Home security systems are increasingly common as installation, maintenance, and use of those systems has become easier.
From Ring doorbells and video cameras to compete home security systems from your cable and internet provider, it’s easier than ever to add a complete security and monitoring system to your home thanks to companies like ADT, SimpliSafe, and others. I happen to use FrontPoint Security which is powered by Alarm.com. It gives me an alarm system, video cameras, smart locks, and more to protect my home and control everything from my phone through an app.
The issue provoking the question of the title of this post comes into play due to the very nature of these systems. They are connected to the internet, accessible from anywhere, and access is gated by the account you use to manage it all, either from a computer or your phone. This means that someone could hack your account from anywhere in the world, at any time by gaining access the the same account that you use to manage the system. A new risk and something you need to consider.
I awoke on a Saturday morning to a text message on my phone indicating that there was a failed login attempt on the account that I use to manage my home security system. Since the alert came in at 1:30 in the morning (and I was asleep at the time), it caught my attention. The worst case scenario immediately crossed my mind. Someone was trying to login to my account but had failed at guessing my password. The best case would have been that another FrontPoint customer simply fat-fingered their username triggering the alert.
Since there was only one failed login attempt, either scenario could be possible but it got me to thinking… Was my account as secure as it could be? This is a really important question considering that we count on these systems to protect our home and our families. We wouldn’t want someone gaining access to the account along with the ability to manipulate our locks, thermostats, video cameras, or any other smart devices that we have tethered to the system. It’s scary.
Here’s what you can do…
- Make sure you are using a strong, unique password to manage the master account on your home security system.
- Change your password if you suspect that it has been targeted by a bad actor.
- Enable two-step (multi-factor) authentication if available on your system.
- Configure notifications for account activities that will alert you to suspicious activity.
- Make sure your contact information is up to date on your account so your provider can contact you is there is an issue.
Don’t simply assume that because you have a security system, that your home is secure. It’s up to you to make sure that your account is locked down just like your doors.
That’s #SimpleSecurity.
