BSidesSLC 2025 | Cybersecurity at Home – Protecting Your Family in a Connected World | Kody Lundell

So, if you're here for cyber security at home, you're in the right spot. If you don't care about cyber security at home, you're in the right spot. My wife told me not to tell any jokes during this, but that's just who I [Laughter] am. Who here is at Bides for the first time? Whoa, that's a lot. Well, how are you liking it? You saved the best talk for last, right? I think Bides did that. Didn't know where to put me. All right, we'll go ahead and get started. Why not? All right, a little bit about me. I'm a senior security engineer with a company called Podium. Um, I've got a wife and three boys. They keep me busy. They're all

into video games and sometimes it drives me up the walls just because I have to try and secure them in their video games, which is why I wrote this. Um, I love technology. Last year I presented about quantum computing. Um, if you were here for the CISO discussion, they talked about quantum computing and AI and how much we've come since just last year where we were, you know, 10 years away from quantum computing and now we're, you know, Microsoft's releasing a chip with their kind of quantum computing in it. So, it's getting crazy, but I love technology. All right. So, we all have dealt with security and business. Whether you're on the security side or you're on the side

that complains about the security side, um, we all deal with security and business. Um, but what about our homes? What steps do we need to take to protect ourselves, our homes, our families, loved ones? um could be your neighbors, could be, you know, just just anybody that you want to share with, which is why I'm here. I want to share with everybody. Um so, who here has a banking account? There's a couple who don't. I get it. Keep that cold hard cash under your mattress. Makes sense. Um, but how would you feel if that got breached because somebody malicious was on your home network? How would that make you feel? I know I'd feel a little upset

going from the $50 in my bank account to zero, but that's just me. So that's why it's important to keep yourself and your home safe. Whether that's an actual home, whether that's an apartment, whether that's, you know, a community center, wherever it may be. Just got to be safe. Um, so we'll start with personal devices. We've got strong passwords. We're not talking about password one, two, three. you know, the password every sales rep uses for their every account. Um, we're talking about whatever you want that makes it longer, makes it more unique. So, for example, you could have, let's say you love Alienware computers and you love horses. So you could make your password like Alienware

horse 23 because you love Michael Jordan and then throw in some special characters in there if you want, but make it a passphrase, something that's easy for you to remember but harder for an attacker. Um multiffactor authentication. If you don't have multiffactor authentication with your bank, look into it. It's just an added step for securing your bank account. Make sure your password's long. Make sure you have multiffactor. Obviously, there's bypasses for multiffactor, but it makes people work for it. Um, make sure your devices are updated regularly. I uh went to a relative's house the other day and they needed help with their computer. turn it on. We're sitting there with Windows XP on the machine. He said, "Do you need the

password?" And I said, "No, I do not."

So updates for your applications that you install on your computer because if there's an application that's not updated but it has vulnerabilities on it, it can be accessed. Encrypt your device. If your laptop gets stolen, if your phone gets stolen, make sure it's encrypted so that they can't get the data off of it. Because how would that be? You've got your tax returns saved on your computer for whatever reason you have it saved on your computer for and somebody comes and steals it and they can just pull it right off. Like there goes your tax information, your social stuff you hold, precious, whether it's your $5 return or your thousand return. Keep it keep it

safe. All right. Home networks. Who here knows how many devices they have connected to their home network? How many? 113 23 Can anybody beat 23? 24 Do I hear 25? So that's great that you know how many are on your network. Who here doesn't know how many devices are on your network? Yeah, it's okay. It's okay to not know. you really should know um not only how many devices, but what devices are connected. So maybe your uh neighbors freeloading off of your internet because you did password one 123 as your Wi-Fi connection. Um but when I go to a relative's house and their Wi-Fi is really crappy, I will see if they have their default password.

I will change their channel and make the Wi-Fi better. Um, but that's that's one of the reasons why you change the password. If somebody goes and plugs into the port, they go to uh whatever you have it set it to 10.0.0.1, what whatever you have it set to, and uh they log in, they can then change your password to your Wi-Fi. They can do whatever they want. Connect to your devices. So, change your default passwords. When you have your Wi-Fi all set up, go for WPA3. If you don't have WPA3, go for two. If you don't have two, get a new router. Um, but another thing to look into are how many network segments you can

create. So, obviously you've got your main network, your 5G, the one that you use for your gaming, for your work, um the one that you don't want your kids to be on because it'll clog it up. But there's also the guest Wi-Fi. So you need to look for routers and and all that where you can create different SSIDs, different networks so that you can segment off, you know, your children, what they're doing for school, your printers. Um, if your router has the ability to create an IoT network that's separate from your guest network, that's even better. I just found that on mine recently with a new update. I thought, man, this is awesome. Get my

freaking Ring doorbell off of my network. Um, and then also, who here uses a VPN? That's a lot more than I thought it was going to be. Um, VPNs are great, uh, especially if you have to travel, going to the airport where they have their Wi-Fi that everyone is connected to. And, uh, also when you're traveling outside the country, VPN, there's countries where they monitor your data that goes through their networks. And that's just that's just those countries. They want to see everything. Um, so VPNs, they're great virtual private networks. If you don't have one, look into it. They're relatively cheap. There's even free versions, but uh, you get what you pay for. Social engineering. Who here has gotten that

text about their UPS package? Yeah. Or your car's extended warranty. Not Not as much. more the UPS. Okay. [Laughter] Um, so there's obviously different methods. There's emails, texts, phone phone calls. Um, you've heard the phone call scams where they call and they're asking relatives for money, like, "Hey, I'm in jail. Send me bail money." And those are the things that, you know, we know to watch out for. But do our loved ones know to watch out for that? I have a neighbor who fell for one of those scams and um they're just going through a hard time just because that person now has their money, their information. And it's quite sad to see it, especially when, you know, they're

targeting, you know, an older age group for certain things and they're targeting young ones for certain things. And those are the things that we need to teach others about. We know it, but we need to share it. Sharing really is caring for those who remember the Carebears. I like the rule pause and think. When a message comes in and it's got a link, I always stop and think. I always sit there and say, "Am I expecting a link?" If it's a bank messaging me, like, "Why are they sending me a link?" If you question the link, go to the actual website of the company. Don't just click on it all willy-nilly and then try and backtrack.

Sometimes that does not turn out well. I'm not going to tell you how I know that. Social media privacy. Who here honestly has no social media footprint? Awesome. Got a couple. So, social media, you have social media. They know everything about you. Everything you share on there, it's out there. Um, which is one of the things I've been teaching my my family, my my extended family. When you're on vacation, don't post that you're on vacation. Stop doing that because now everyone knows your house is empty. They can go access your [Laughter] network. Yes, that's all they want is your network. Um, and then your privacy settings especially for younger kids, if you feel the need

to put them on social media for whatever reason, um, think about your privacy settings. Is your social media open to anybody to see? Can people go and stalk you? That's something to think about. All right, this one's more for protecting children online. I know we're all children at heart, so we're part of this as well. Um, parental controls. There's different things we can put out there, filters, um, just different things we can put in the firewalls, but we really need to educate the children about how they behave online. Because there was a kid once, very young played Runescape, gave away his password to somebody and lost his Runescape account. It was very sad for that little boy. He

eventually got his account back, but he learned a valuable lesson. Um, monitoring and communication. So yes, we are monitoring just like at work we monitor employees, but we need to help people understand that it's not big brother monitoring. Explain to them that it's for protection. That the monitoring is not just for them, it's for us as well. Because we all need to be secure. We all need to know that security matters and we need to work as a family to achieve that. Um, gotta include stranger danger. Cut off the photo, man. Knew I shouldn't have edited that from my phone. Um, Stranger Danger. Who remembers Stranger Danger from back in the day? Yeah, you got

uh Scruff McGruff telling us all about Stranger Danger. Um, that's still a big thing. Stranger Danger. Make sure that your kids because online stuff like who here has played Roblox or has a family member who plays Roblox? Yeah, there's communication in Roblox and there are predators in Roblox. I'm not saying Roblox is bad. Like my boys love playing Roblox, but you need to educate them. somebody tries to talk to you in the game, don't respond. There's also a software company um KDAS. Anybody heard of KDAS? Yeah, I learned about them last year. They have actually moved into this space where they monitor that kind of stuff. They can monitor um voice chat communications, text communications

um to monitor what your kids are putting in and let you know like, hey, they've disclosed this to a complete stranger. So, shout out to KDAS for the progress they're making. Um, I think that they're going to do great things, especially now with AI coming into the world and just I expect them to do great things. If they don't, please don't come back at me. All right. Internet of Things. Who here has an IoT device? Tons of people. Social media Red Clues has IoT. Shame on [Laughter] you. Oh, gotcha. Gotcha. All right. So, IoT devices, the main thing is they all come with the same stupid password. Mainly because people forget the same stupid password. Um, but that's something that

we need to change is change the password. Who here has a password manager? Amazing, right? Yeah. Um especially the ones that allow you to share passwords so you and your spouse or your kid can have separate accounts and you share what they need. And it's just amazing but also it's dangerous to uh share passwords. So, be careful of what you share. Segment your IoT devices off of the network. Um, I've already talked about that. Why do we need to talk about that even more? Um, because of how important it is. We all heard those horror stories about people getting into the baby cams or the baby monitors and watching and listening to people. It's creepy.

Um, if you're a malicious person who does that and you're listening to this is creepy. Stop doing it. It's weird, illegal. Um, but also there's some IoT devices that ask for certain permissions. So we need to make sure that we limit whatever permissions that they do have so that they don't end up like employees at our companies with privilege creep more than what they need. Cyber security hygiene. So, obviously we need family rules or house rules um because some of us live with roommates or um you have guests over, you need to create those rules and make sure that everybody knows the rules because it's one of those where you know you break a law. Are you guilty

if you don't know it's a law? Yes, you're guilty because it's a law. So that's what we need to establish our rules and you can discuss them as a family. Create them as a family so that everyone feels involved. Um and then have cyber checkups whether it's monthly, quarterly, semianually or if you don't care annually. Um, just check up, make sure everyone feels okay, feels safe, and make sure everyone's following the rules. See if you need to change any of the rules because rules can change. People grow up, people become more security conscious. Um, you have people who, you know, are exploring the web more. So sometimes you need to change the rules to adapt.

All right. So, in conclusion, you got to stay v vigilant. You've got to raise the bar because how many companies are like, "Oh, man. We've got an 80% fishing rate, so let's just lower the bar and put our next uh our next goal as, you know, 60%." No, the industry standard is like 6% right now. you're way off. So raise the bar and find out how to reach that goal. Whether it's you need to train them on this, whether you need to train them on that, whether you need to implement something that helps you reach that, raise the bar. And cyber security is a personal concern. Obviously, we've talked about family, but it's all personal because we care about it.

You're obviously here, so you care about it, so go out of your way to share it. All right. Does anybody have any questions? Right here.

Yeah. Uh so the encryption is when you're setting up the actual network portion. Um it'll give you a choice to use WPA3 or WPA2. Um anything else? Get a new [Laughter] router. Any other questions?

I will endorse a home router once they pay me. Um but but it also depends on you know who you use as a provider. I know some providers out there um if you use your own router they will throttle your your devices and networks. So it it depends. So

Yeah. So, Brian over here, great man, great in cyber security. He said, "If you want an enterprise level router, PFSense, they're affordable and they're great."

Yeah, it's P is in Paul, F is in Frank, and then sense is S E N S E. Yep. PF sense. Any other questions? All right, we'll leave it at that. If you want to connect, feel free. I love networking. I love connecting with new people. And you can always reach out with any other questions you have. Thanks everyone.