Keeping your personal information safe is a must in today’s age of identity theft. While you likely have strong passwords, shred paper documents and keep a close eye on your online banking and investment accounts, you also need to think about the features of your home that could be compromising your confidential data. Our tips for keeping your personal information safe at home will help.

1. Be Mindful When Placing Home Security Cameras

Home security cameras provide a sense of security to homeowners. Many of today’s top models enable you to keep an eye on your home using an app so that you can monitor your home from virtually anywhere at any time. But, if you place your security cameras incorrectly, you put your valuable personal information at risk if hackers manage to access your system.

For example, do not put your home security camera in a location that points toward your home desk or computer screen. Hackers easily could get their hands on your account numbers, Social Security numbers or other confidential data simply by seeing it through the lens of your hacked camera. For personal privacy, it’s also best to avoid putting security cameras in your bedroom or bathroom.

2. Protect Your Home Wi-Fi Network

Virtually everyone has a Wi-Fi network at home with a wireless router. It’s critical for you to protect your home security and personal data from hackers by securing your home network with passwords. Begin by changing the generic username and password that your router came with if you haven’t done so already. It is far too easy for hackers to use generic names and gain access to your system.

Also, change the network name that appears on other people’s smartphones and devices when they are in the vicinity of your network. For instance, manage your privacy by using a name other than your last name or address.

According to PCMag, one of the best ways to protect your personal information at home is to encrypt your wireless router. Go to the security options in your router’s settings and turn on the WPA2 Personal option. Set the encryption type to AES and enter a password, or a network key, for the encrypted Wi-Fi. Keep in mind this password is different from the one you use to connect devices to your Wi-Fi, so make your password a sentence that’s at least 12 characters long. You can use capital and lowercase letters, punctuation, symbols and even spaces!

3. Remember Baby Monitors and Smart Appliances When Protecting Personal Information

The smarter our baby monitors and home products become, the more diligent we need to be about protecting them. After stories about hacked baby monitors were published, parents began to worry about protecting their children and themselves.

Fortunately, companies today offer high-security, password-protected mobile streams to parents’ smartphones to enhance privacy and provide an extra layer of security.

Homeowners also should consider smart appliances when thinking about protecting personal information. Some smart home products are easy to hack, which puts your home Wi-Fi network and confidential data at risk. The best thing you can do is use our previous advice for securing your home network, including disabling the guest network access, consistently changing passwords and creating two different Wi-Fi networks – one for computers, tablets and smartphones and another for smart appliances and devices. You also can disable remote management of your smart devices and only connect them to your network when using them.

You need to secure your personal information just as you secure your home. Lock down your confidential data by keeping home security cameras away from your home desk and computer screens and encrypting and password-protecting your home Wi-Fi network. It’s also important to keep baby monitors and other smart devices in mind when thinking about hacking risks.

The application’s developers, however, might not be of North Korean origins themselves, the security researchers say. They also suggest that the tool could either be only an experimental application or could attempt to trick researchers by connecting to Kim Il Sung University in Pyongyang, North Korea.

Once the discovered installer is run, it copies a file named intelservice.exe to the system, which is often associated with cryptocurrency mining malware. The arguments the file is executed with reveal it is a piece of software called xmrig, a program already associated with wide campaigns exploiting unpatched IIS servers to mine Monero.

Analysis of the file revealed both the address of the Monero wallet and the password (KJU, possible reference to Kim Jong-un) it uses, as well as the fact that it sends the mined currency to the server barjuok.ryongnamsan.edu.kp server. The use of this domain reveals that the server is located at Kim Il Sung University, AlienVault says.

AlienVault's security researchers also discovered that the specified address doesn’t resolve, either because the app was designed to run on the university’s network, because the address used to resolve in the past, or because it is only meant to trick security researchers.

“It’s not clear if we’re looking at an early test of an attack, or part of a ‘legitimate’ mining operation where the owners of the hardware are aware of the mining,” AlienVault says.

The sample was also found to contain obvious messages printed for debugging as well as fake filenames meant to avoid detection. According to the researchers, if the software author is at the Kim Il Sung University, they might not be North Korean.

“KSU is an unusually open University, and has a number of foreign students and lecturers,” the researchers explain.

North Korean attacks focused on Monero mining have been spotted before, such as those associated with Bluenorroff and Andariel hackers, who are generally considered as being part of the Lazarus group. However, AlienVault hasn’t discovered evidence to link the newly found installer to the previous attacks.

“The Lazarus attackers have capable developers, and craft their own malware from a library of low-level code. Given the amateur usage of Visual Basic programming in the Installer we analyzed, it’s unlikely the author is part of Lazarus. As the mining server is located in a university, we may be looking at a university project,” the researchers note.

On the other hand, with the country hit hard by sanctions, crypto-currencies could easily prove highly valuable resources, and a North Korean university’s interest in the area wouldn’t be surprising.

In fact, the Pyongyang University of Science and Technology recently invited foreign experts to lecture on crypto-currencies, and the recently discovered installer might be a product of their endeavors, AlienVault suggests.

An electronic toy-maker has agreed to pay $650,000 to settle charges from the Federal Trade Commission that it collected personal information on hundreds of thousands of children without their parents knowing. VTech Electronics, whose North American operations are based in Arlington Heights, says it did notify parents and the allegations are based on technical provisions of a children’s privacy law.

The company also allegedly failed to protect the data it collected, allowing a hacker to gain access in late 2015, according to the complaint.

The children’s privacy case was FTC’s first involving internet-connected toys, said Tom Pahl, acting director of the FTC’s Bureau of Consumer Protection. It shines a light on the growing market, which is expected to reach $15.5 billion by 2022, up from an estimated $4.9 billion in 2017, according to a report from England-based Juniper Research.

“(This) sends a message to parents,” Pahl said. “Parents should read a company’s privacy practices, make sure that companies get their permission to collect their children’s information and be aware of their other rights.”

Hong Kong-based VTech makes toys such as smart watches and handheld smart devices for kids.

The FTC alleges that the Kid Connect app used with some of VTech’s toys collected information on children without notifying parents or getting their consent. That practice is required for children under age 13 by the Children’s Online Privacy Protection Act.

VTech also collected information from parents via its online platform Learning Lodge Navigator, where the Kid Connect app was available for download. As of November 2015, parents had registered and created accounts with Learning Lodge for almost 3 million children, including about 638,000 Kid Connect accounts.

VTech spokeswoman Kaleigh Steinorth said the company did give notice and get parents’ consent and designed Kid Connect in a way that ensured parents knew how the system worked and what information would be collected.

The allegations were based on technical requirements of the Children’s Online Privacy Protection Act regarding how parents must be notified “and how companies must verify that the consenting person is the parent,” she said in an email. “We have taken steps to ensure compliance with these technical requirements,” Steinorth said.

The Consumers Union, a nonprofit organization that does product testing and research, has asked the FTC to look into privacy and security concerns related to smart and connected toys.

“Parents have a right to know and a right to choose how their children’s personal data is collected,” Katie McInnis, technology policy counsel for Consumers Union, said in a statement.

The FTC launched its investigation in late 2015 after the hacker gained access to VTech’s networks, exposing the information, photos and audio of Kid Connect users. The FTC also alleged that VTech falsely stated in its privacy policy that personal information would be encrypted when it was not.

As part of the settlement, VTech is required to put a data security system in place that will be subject to independent audits for 20 years.

“There’s not a consistent practice over time of companies making sure they are always staying one step ahead of the hackers,” Pahl said. This settlement will help “to make sure that kind of program they develop is in place and works.”

Worried your business may be at risk? Contact us for a free security assessment! Florida officials say hackers may have accessed the personal information and medical records of up to 30,000 Medicaid recipients two months ago.

The state's Agency for Health Care Administration said in a Friday evening news release that one of its employees "was the victim of a malicious phishing email" on Nov. 15, and on Tuesday, agency leaders were notified about the preliminary findings of an Inspector General investigation. It found that hackers may have partly or fully accessed the enrollees' full names, Medicaid ID numbers, birthdates, addresses, diagnoses, medical conditions and Social Security numbers.

The agency said it "has no reason to believe" this information has been misused, but enrollees can call an agency hotline at 844-749-8327.

Meanwhile, the agency said it's training all employees on proper security protocol.