As broadband internet becomes more readily available, an increasing number of devices are being built with sensors and Wi-Fi capabilities. The interconnectedness of these devices has been dubbed the Internet of Things (IoT), and it is changing the way we work, live, and do business. Companies big and small have a lot to gain from embracing IoT devices, and a lot to lose by ignoring their potential. The IoT is about more than "smart" fridges and coffeemakers. In 2016, 5.5 million new things got connected every day, and 6.4 billion connected things came online worldwide, a 30 percent increase from 2015, according to Gartner. By 2020, that figure will reach 20.8 billion. That is a whole lot of connected things.

IoT solutions help small businesses reduce operating costs, better understand their customers, and even launch new products and services. Let's take a closer look.

Increasing efficiency and saving money

Small businesses can save money by using IoT technologies to monitor their use of resources, much like homeowners do, explains Ruben M. Mancha, Ph.D., an assistant professor at Babson College who researches how digital technologies affect business innovation and strategy. For example, the Nest Learning Thermostat personalizes a schedule based on energy usage, automatically turns the temperature down when people leave the office, and connects with mobile phones so you can control it remotely. You can make your office even more efficient with "smart" lights, such as Wemo lights, which are compatible with Nest products and turn off automatically when the thermostat goes into Away mode.

EnerTalk is an energy data analytics platform that connects to a fuse box and measures electricity consumption. Using its app, you can break down energy consumption by device to identify ways to reduce expenditure, such as turning off certain devices at the end of the day or updating old equipment, and estimate monthly utility costs.

Another popular IoT device for small businesses is the connected security camera, says Dr. Mancha. Nest Cam sends an alert to your phone when it detects activity. Canary allows you to sound a siren in your workplace via its app should you detect something suspicious.

Streamline the ordering of office products (or household goods) with Amazon Dash, which syncs to the SKU of products you purchase frequently. Out of paper towels? Simply push the button to trigger a re-order.

Using data to improve the customer experience

"IoT can be a game changer as it delivers unparalleled access to real-time data and analytics, which gives businesses critical insight into their processes," says Arsalaan Kashif, director of marketing, IoT Center of Excellence at Happiest Minds, a global IT company that specializes in emerging technologies.

For example, small business owners use sensors, cameras, and radio-frequency identification (RFID) tags to improve warehouse inventory management. RFID tags are the IOT's take on barcode labels and allow users to more accurately track items. Business owners use handheld RFID readers to scan the tags, which then use radio waves to transmit the data back to warehouse management software. Improvements in inventory management are a good thing for customers, too, as you can then more accurately communicate about shipment statuses.

Business owners can install in-store beacons which use Bluetooth technology to communicate with shopper's mobile phones. Then, companies can serve them personalized content while they shop, such as a coupon based on which aisle they are in. They can also analyze customer behavior by collecting data on how people navigate the store.

Kashif notes that "the next generation of consumers will have been raised entirely on the internet." They are comfortable with technology and expect it to be used to simplify their shopping experience. A popular manifestation of the IoT for small businesses is mobile credit card readers like Square, which transform smartphones and tablets into card readers and improve the customer experience by sending a receipt right to their email address.

How the IoT Facilitates Innovation

For entrepreneurs, the IoT could even mean a new business opportunity. Bttn, a small, button-shaped device, is a versatile hardware interface that supports customer actions, such as accepting orders or messages. Logistics companies use bttns at customer premises to signal a pickup need. Alder & Sound, a small legal firm in Finland, distributes bttns to their customers as a convenient way to reach around-the-clock legal counsel. A small coffee shop roaster in Finland distributes bttns to cafes so they can order more coffee quickly, with a push of the button.

Anglr Labs, a small business based in Western Pennsylvania, uses connected technologies to improve--of all things--fishing! Fishing may seem idyllic, but enthusiasts "spend copious amounts of time planning meticulously, studying their environment, and evaluating different kinds of bait while also ensuring they repeat everything they did when they made a 'big catch,'" explains Kashif. The AnglrTracker attaches to a fishing rod to record factors like location, weather, and water levels. The data is then relayed back to an app where users can analyze and share it.

Safety Considerations for the IoT

The IoT has the potential to help you improve your small business, but you need to keep some security concerns in mind. Before purchasing an IOT-enabled device, be sure you understand what data will be collected and how the device manufacturer plans to protect it. The voracious volume of data that these devices generate is like catnip for cyber criminals, who could steal it and hold it hostage for ransom or use it to run subsequent schemes, such as identity theft. But the onus isn't just on the manufacturer. To protect your devices, consider the following best practices:

• Always use encrypted networks to connect IoT devices to the internet.
• Segment and firewall IoT devices from the rest of your network.
• Perform data backups regularly.
• Perform all recommended software updates.
• Use strong and complex passwords, and do not use the same passwords for every device.
• Look into data breach insurance to protect your business and your data.

As we look to the New Year many of us make resolutions – getting healthier, learning a new skill, saving money, or making more time for family and friends. With 2018 just around the corner, the challenge now is to stick to that resolution and this is where many of us fail. Often the goal is too broad, or we don’t have a plan for achieving it. As security professionals we’re always resolved to look for ways to mitigate digital risk to our business and 2018 is no different. The trick to achieving this goal is to determine how to get the biggest return for our efforts and develop an action plan. To do this, let’s start by considering what the threat landscape will look like over the next 12 months and focus on two areas that will continue to present opportunities for attackers.

Supply chain and third-party vulnerabilities. These types of attacks have been common in 2017 and will continue to be a fruitful method for cybercriminals in the next year. Of note, intrusions resulting from the compromise of software suppliers have been the most detected. Software supply chain attacks that were reported in 2017 alone included the June 2017 NotPetya attacks, the ShadowPad backdoor that was distributed through NetSarang software, the distribution of trojanized CCleaner software and modification of the Windows event log viewer called EVlog. Suppliers are attractive initial targets as they either have privileged access to customer networks, or provide regular software updates to customers. This means compromised software versions (containing malware) will be whitelisted or overlooked by customer security teams and systems.

Wormable malware. Some of the biggest cyber incidents in 2017 revolved around the issue of self-replicating malware that can spread between networks. WannaCry and NotPetya were examples of this. We’ve also see the Bad Rabbit ransomware that reportedly spreads via a combination of Windows Management Instrumentation (WMI) and Server Message Block (SMB) protocol. A wormable Trickbot banking trojan was also reported in Jul 2017. We can expect malware modified with self-replicating capabilities to continue in 2018, particularly given the disruption caused by WannaCry and NotPetya which is inspiring similar attacks.

With these two types of threats likely to continue into 2018, here are five concrete things you can do to focus your efforts and keep your resolution to mitigate digital risk.

1. Hold suppliers to certain standards. Suppliers and third parties are often seen as easier entry points for attackers, especially as many do not have adequate security maturity levels. Define a supplier management policy that classifies vendors and identifies appropriate controls based on access granted to sensitive data and critical systems. Regularly audit and enforce these security measures.

2. Apply privilege management measures. Suppliers are often given much broader access to company networks than internal users are offered. Instead, organizations should apply privilege management measures. For example, separation of duties ensures no single individual can perform all privileged actions for a system, and least privilege provides only the bare minimum level of access to perform their jobs.

3. Address vulnerabilities. Patching is an important part of your defense strategy and failing to do so opens the door wide for adversaries. For example, Microsoft has issued a patch that prevents the exploitation of the SMB network service for lateral movement within target networks. In addition, disabling unneeded legacy features will reduce the scope of work and further mitigate risk.

4. Restrict communications. Network isolation, segmentation and limiting communication between workstations can keep supply chain traffic separate from other internal traffic. This approach can also prevent attacks, like WannaCry and NotPetya, from propagating across networks to reach their intended target.

5. Understand and backup data. Categorize data based on organizational value and then physical or logical separation of networks can be created for different business functions. For critical data and systems, use cloud-based or physical backups and verify their integrity. Ensure that backups are remote from the main corporate network and machines they are backing up.

Remember that cybercriminals will shift targets and evolve their tactics, techniques and procedures (TTPs) throughout the year. Plan to proactively monitor the open, deep and dark web for mentions of your company or industry to know if you’re being targeted. Also monitor for suppliers’ names to uncover if threat actors have set their sights on key partners and if such activity may put your organization at risk.

Whatever happens in 2018 and beyond, cybercrime will continue to be a problem. We can improve our chances of sticking to our resolutions by focusing our efforts in a few manageable areas. Even just one of these activities can help you better manage your digital risk. And with continuous monitoring, when something bad does happen, you will know quickly and can deal with it more effectively.

Scammers, hackers and identity thieves are looking to steal your personal information - and your money. But there are steps you can take to protect yourself, like keeping your computer software up-to-date and giving out your personal information only when you have good reason. Update Your Software. Keep your software – including your operating system, the web browsers you use to connect to the Internet, and your apps – up to date to protect against the latest threats. Most software can update automatically, so make sure to set yours to do so.

Outdated software is easier for criminals to break into. If you think you have a virus or bad software on your computer, check out how to detect and get rid of malware.

Protect Your Personal Information. Don’t hand it out to just anyone. Your Social Security number, credit card numbers, and bank and utility account numbers can be used to steal your money or open new accounts in your name. So every time you are asked for your personal information – whether in a web form, an email, a text, or a phone message – think about why someone needs it and whether you can really trust the request.

In an effort to steal your information, scammers will do everything they can to appear trustworthy. Learn more about scammers who phish for your personal information.

Protect Your Passwords. Here are a few ideas for creating strong passwords and keeping them safe:

• Use at least 10 characters; 12 is ideal for most home users.
• Try to be unpredictable – don’t use names, dates, or common words. Mix numbers, symbols, and capital letters into the middle of your password, not at the beginning or end.
• Don’t use the same password for many accounts. If it’s stolen from you – or from one of the companies where you do business – thieves can use it to take over all your accounts.
• Don’t share passwords on the phone, in texts or by email. Legitimate companies will not ask you for your password.
•  If you write down a password, keep it locked up, out of plain sight.

Consider Turning On Two-Factor Authentication. For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in to your account. The second piece could be a code sent to your phone, or a random number generated by an app or a token. This protects your account even if your password is compromised.

Give Personal Information Over Encrypted Websites Only. If you’re shopping or banking online, stick to sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for https at the beginning of the web address. That means the site is secure.

Back Up Your Files. No system is completely secure. Copy your files to an external hard drive or cloud storage. If your computer is attacked by malware, you’ll still have access to your files.

When HDMI first arrived on the scene, everyone rejoiced at no longer having to use bulky SCART connectors, or the confusing component video cables, ever again.

Instead HDMI offered high definition video with a connector that was just a little bigger than a standard USB plug.

Over the years the HDMI standard has seen continuous improvement, with extra features being added as the needs of televisions have changed.

HDMI 2.1 is the next step in that process. The headline feature here is support for 8K content at 60fps, but there are also a number of minor features that add up to a much more capable standard such as support for Variable Refresh Rates, Dynamic HDR, and Quick Media Switching, which should make it faster than ever to change between the devices attached to your television.

Higher resolutions and refresh rates

The new HDMI 2.1 cables will allow faster refresh rates, including 8K resolution video at 60 frames per second and 4K at 120 frames per second – and it's that second feature that will be the real selling point for gamers and home cinema geeks, at least at first.

"We've increased resolutions and frame rates significantly," Jeff Park, Director of Marketing at HDMI Licensing, said at CES 2017, adding that the Tokyo 2020 Olympic Games are going to be a driver for 8K TV content.

"NHK [Japan's national public broadcaster] is going to push 8K120 as an actual broadcast stream, and many consumer electronics manufacturers want to hit that target, so we're laying the pipe to give the industry flexibility. It's practical stuff."

Although it's about keeping HDMI at the bleeding edge, HDMI 2.1 actually goes ever further, supporting resolutions as high as 10K at 120Hz.

When will be see the first HDMI 2.1-ready TVs?

With the new standard having been confirmed as late as November 2017, it's unlikely that TV manufacturers will have time to implement the new technology in 2018's televisions (most of which are due to be announced at CES 2018 in January).

Does it matter if your next TV has HDMI 2.1 or not? For most of us, probably not; an 8K at 60Hz-capable television isn't going to be of much use for a while yet. But for gamers and movie-lovers, the prospect of a 4K 120Hz TV supporting scene-by-scene dynamic HDR will be tempting.

A file containing hundreds of thousands of RootsWeb users' email, login information, and passwords was found externally exposed, genealogy site says.

Ancestry's RootsWeb.com server, which hosts a free genealogical community site, exposed a file containing emails, login information, and passwords of 300,000 users, Ancestry stated in a blog post over the weekend.

An outside researcher informed the company of the exposed file on Dec. 20, according to Ancestry.  And while the 300,000 accounts were affiliated with RootsWeb.com's surname list service that it retired earlier this year, 55,000 of the user names belonged to both the free RootsWeb.com site and also to Ancestry.com, which charges for some of its genealogical services.

The company noted that 7,000 of the emails and log-in credentials belonged to active Ancestry.com users.

RootsWeb does not host sensitive information like credit card and social security numbers, the company stated, further noting it has "no reason to believe that any Ancestry systems were compromised."

The company is currently in the process of notifying all affected customers and is working with law enforcement on the matter. Ancestry.com subscribers who had their information exposed will need a new password to unlock their account, according to the company. Additionally, RootsWeb.com has been taken temporarily offline to enhance its infrastructure, the company notes.

Although the company is seeking to retain all the data on RootsWeb.com, it notes it may not be able to preserve all the user-supplied information that is hosted on the free community site. However, RootsWeb's email lists will not be affected by the temporary shutdown of the site, according to a report in the Legal Genealogist.

Read more about Ancestry's security incident blog post here.