Subscribe to Monitoring Matters RSS Feed

Monitoring Matters

by: Ginger Hill - Wednesday, July 8, 2020

I’m always fascinated when I see articles stating that the top passwords of the year were “password” “1234” or “qwerty” or even “abc” in conjunction with the millions of articles about data breaches that offer easy-to-do actions for people to take to protect their personal data, either personal or work. Why are the exact same, weak passwords being used over and over when people know and understand that data can and most likely will be hacked? I recently attended “The Psychology of Passwords” webinar, hosted by the National Cyber Security Alliance with Gerald Beuchelt, CISO, LogMeIn, who presented the third annual LastPass research, to find out. 

Approximately 3,250 people around the world —Australia, Brazil, Germany, United Kingdom, the United States and Singapore — (and based on this research, presumably more people like you and I) are caught in the cognitive dissonance trap of not protecting themselves from security risks even though they know they should. Even having a security-conscious mindset does not translate into taking the actions needed to protect against cybercriminals. But, why?

Believe it or not, the most common reason is fear, the research found. People are afraid they’ll forget their passwords, which is logical, thinking about the barrage of passwords a single person uses in a day from email to banking to social networking and simply creating a user name and password to read favorite news media. However, by using the same password over and over, all it takes is one time for a hacker to gain access to a single account and then BOOM! … they have access to ALL accounts.

In my opinion and to take the fear of forgetting off the table, the safest way to remember and protect passwords is the pen and paper method: list the website in one column and the strong, robust password in the adjacent column, and then store in a fire-proof safety box. Not too exciting, but effective. 

Going along with the fear of forgetting is the act of memorizing, but seriously, if using strong, robust and different passwords for each account, only a superhero could memorize them. Besides, memorizing isn’t working anyway … how many times do you reset your password because you forget it?! That would be me! 

(Confession: In the past, I have even used variations of the same password for my various accounts and “memorized” them, only to forget which password variation went with which account. Then, I’d have to reset my password just to access a single account, and then of course, I’d forget the “new” password, only to reset it again the next time I accessed the account. Ah, the never-ending password-reset-cycle begins!)

On a positive note, LastPass research also found that people are doing some things right: 

  • Using multifactor authentication more often on personal accounts;
  • Trusting biometrics: of those surveyed, 65 percent said they trust fingerprint or facial recognition more than tradition text passwords; and
  • Protecting financial and email accounts more often: 69 percent of those surveyed create stronger passwords for their financial accounts and 47 percent for email while 62 percent use multifactor authentication on financial accounts and 45 percent of email.


Here are some other things to do to secure your accounts: 

  • Make sure passwords are 20 characters or more, randomly generated, containing a mix of lower and uppercase letters, digits and symbols. 
  • Turn on multifactor authentication for all accounts that offer it. 
  • Monitor data with credit monitoring and/or dark web monitoring services.
  • Keep software up-to-date. 
  • Watch for phishing attacks, which are highly prevalent these days.
by: Ginger Hill - Wednesday, July 1, 2020

COVID has taken the physical world virtual. As stay-at-home orders abounded, and quite frankly, should still be observed, along with wearing masks, social distancing and washing of hands, colleagues, family, friends, clubs and other groups hit the virtual world to do business, stay connected and attempt to have some sort of calmness amid pure chaos. At the same time, threat actors and cybercriminals were at the ready, armed with a playbook of schemes to run interference. 

The platform of choice quickly became Zoom, offering free and cost-effective paid options, positioning Zoom to not only become more of a household and corporate name, but as a huge target for cybercriminals looking to gather information and data to use in phishing, vishing and mishing attempts, ransomware attacks and other virtual crimes. And, at first, due to Zoom’s lax security, intrusive videobombers were successful and a barrage of privacy breach lawsuits followed to which the CEO vowed to fix security issues in 90 days, starting April 1st. 

Well, it’s July 1st, exactly 90 days out, so is it time for Zoom to take a bow or “zoom” away into extinction? 

Based on Zoom’s CEO’s blog, I’d say, Zoom is here to stay. Here’s the progress Zoom has made toward a safer, more secure platform:

1. Enactment of a 90-day freeze on all features not related to privacy, safety or security and released over 100 features, such as meeting defaults including passwords, waiting room and limited screen sharing.

2.  Worked with a group of third-party experts to review and enhance the company’s products, practices and policies. 

3.  Prepared a transparency report detailing information related to requests for data, records or content. 

4.  Developed a Central Bug Repository and related workflow processes. 

5.  Launched a CISO council to facilitate ongoing dialogue about security and privacy best practices.

6.  Engaged in a series of simultaneous white box penetration test to identify and address issues. 

7.  Hosted 13 webinars every Wednesday since April 1st featuring company executives and consultants who took live attendee questions.

Just as the security industry has and is learning how to pivot, companies like Zoom are also having to pivot in order to stay safe and relevant during COVID and beyond. Being a part of the security industry and in my opinion, we understand this pivoting process and how it creates trust, integrity and fosters strong relationships; therefore, maybe we can all give Zoom a second chance.

Here’s some security tips to consider when using Zoom:

1.  Always join Zoom meetings through a web browser, not desktop software since the web browser version gets security enhancements faster. 

2.  When hosting a Zoom meeting, ask participants to sign in with a password, making Zoom-bombing less likely. 

3.  Don’t use social media to share conference links! Trolls find this information there and can easily figure out how to bomb your meeting. 

4.  Enable the waiting room feature so that participants wait until the host approves each one, giving control over who joins the meeting. 

5.  Limit screen-sharing ability only to the participants who need to share their screens. 

6.  STOP. THINK. ACT. THEN SPEAK. Consider what and how you say things during a Zoom meeting and what perception it will convey to others. Remember, people can actually SEE your facial expressions, but not necessarily your body language, which can interfere with how messages are received. Also, close all other windows on your computer screen to prevent others from seeing what else you’re up to, especially if you happen to be looking for another job or buying a surprise gift for someone! 

by: Ginger Hill - Wednesday, June 17, 2020

I feel like I should start this week’s blog post with “once upon a time …” yet that phrase typically fosters good memories of childhood fairy tales that usually led to happy endings, where the prince and princess live happily ever after. The tale I have for you today, unfortunately, is that of cybersecurity nightmares.

Getting right to the point, our very own Central Intelligence Agency (CIA), the group that should be outfitted with the top echelon of professionals who seek to serve the federal government of the United States by gathering, processing and analyzing global data, was hacked, releasing 34 terabytes of data, approximately 2.2 billion pages of information, where all eyes were privy to “secret” information. 

What’s worse? If that data had not been published, the CIA’s elite hacking unit — Center for Cyber Intelligence — would probably never have learned of the breach. 

Let that sink in for a moment.

Instead of securing systems already in place, the CIA’s team of elite hackers — sophisticated people who secretly access cameras and microphones on foreign targets’ smart devices and hack into adversary’s systems to steal design plans on advanced weapons that could later be used on the United States or our allies — were more enthralled with building cyber weapons. This decision snowballed into what U.S. officials have said was the biggest unauthorized disclosure of classified information in CIA’s history, causing the agency to shut down some intelligence operations and alerting foreign adversaries to the United States’ spy techniques.

According to a leaked report, the breach was an insider job, allegedly committed by a CIA employee, due to security procedures being “woefully lax” within the Center for Cyber Intelligence. The report also discovered that:

  • The United States’ most sensitive cyber weapons were not separated into parts; 
  • System users shared administrator-level passwords; 
  • No effective thumb drive controls were in place; and 
  • Historical data was available indefinitely to users.


I’m by no means a lawyer nor a politician, but seems like at the core of this debacle is a simple case of not implementing checks and balances that came back to haunt. And, while most princes are “charming,” I must say, Joshua Schulte, former CIA employee who worked at the Center of Cyber Intelligence and is on trial accused of stealing this data, is not charming in the least.

by: Ginger Hill - Wednesday, June 10, 2020

The struggle is real in this COVID-19 world we’re all living in with so many uncertainties, concerns, distracted thinking, working from home … the list goes on and on. A huge concern that employers and employees must realize is that to enable continued, gainful employment and the ability to work from home, technology/hardware has to be protected from threat actors and processes have to be in place to fend off cyberattacks. 

First, thinking must shift to that of protection, then the light-bulb realization that cyberattacks have and can destroy companies must be understood, followed with proper action taken now. 

Easy access - phishing

People working from home may be stressed and distracted — one of their family members or friends has tested positive for COVID; the dog barks at every slight noise; kids screaming, running around the house; spouses/partners working from home; trying to figure out what to make for dinner; doing laundry; loading/unloading the dishwasher between emails; etc. People are literally “half thinking,” putting themselves in cruise control when it comes to work duties. The bad guys know all of this and are taking advantage of and preying on you and other work from homers. (Doesn’t that tick you off? It makes me furious!) 

What are the bad actors doing? Deploying phishing campaigns that look very real and even “feel” real to recipients. These are known as “client-side” attacks and some are so well-done they can fool anyone!

What can employers do? Ramp up efforts on phishing awareness training and simulations. Encourage work from homers to “go phishing” by sending fake phishing emails to see which employees take the bait. Offer prizes to employees who don’t fall for it, such as awarding grocery store gift cards to the first 5 employees who email a certain person within the organization saying they discovered a phish!

What can employees do? 

  1. Separate devices for work/personal use, if possible. 
  2. Consider using direct Ethernet connection. 
  3. Ensure wireless connection is not open and is very secure. 
  4. Use VPN to access/interact with employer systems/data. 
  5. Upgrade router and modem firmware. (Usually internet and/or cable providers will upgrade modem firmware but verify this with them).

Mobile devices – where have you been? 

Eerily, iOS devices keep a record of all location data, so obviously Apple, third parties, whomever the data is sold to, bad actors who want to stalk or harass others, etc. can access this data. 

In other words, bad actors can determine exactly where you’ve been, physically, and likely to return to at a later date! 

Check this out: on your iOS device go to settings – privacy – location services – system services – significant locations = a list of all past locations you’ve been!

All I can say is: Turn. It. Off.

Smart devices in the home 

Remember, all services tied to smart/IoT devices are accessed through the cloud and a lot of people use the same credential across various accounts. If the cloud is hacked, threat actors gain access to your login information and then use this credential to try to hack all your devices or systems. So, if you’ve heard it once, you’ve heard it a thousand times … “make sure your passwords are robust and use different passwords/credentials for every account you have.”

Should a threat actor gain access to your smart devices, he or she can use knowledge gained or videos of you in your home as blackmail or extortion. And, remember, most of these devices allow sound as well, so bad actors could be listening to conversations you are having with your employer, co-workers, clients, etc. 

What employees can do? When having confidential and/or work-related conversations at home, unplug your cameras, then you don’t have to worry about anything! 

by: Ginger Hill - Wednesday, May 13, 2020

The #SSNTalks’ Team is passionate about recognizing diverse, talented, young security professionals representing the next generation of industry leaders via our yearly “40 under 40” awards. We are thrilled to currently be seeking our “40 under 40” Class of 2020, comprised of consultants, integrators, monitoring professionals and end users. Submit nominations online here.

“I have always considered SSN’s ‘40 under 40’ the ‘gold standard’ in our industry and being recognized really made my family and I proud that colleagues that I worked with valued my work and wanted to have me recognized,” Randy Guarneri, vice president of Loss Prevention, Fresh Value Supermarket and SSN’s Class of 2019 award-winner, told SSN

The “40 under 40” Class of 2019 recognized many with military and law enforcement backgrounds, who showed how the IT sector is drawing young talent into the security industry. The Class of 2019 also gave advice on how to help diversify the industry and many were bullish on cloud, AI, machine learning and analytics. 

“When I received word from Ginger Hill, managing editor of SSN, that I was selected to this illustrious group, to me, it was like a sports hall-of-famer getting that call that they were inducted into the sport they played Hall of Fame,” Guarneri remembered. “Only the ‘best of the best’ can enter this prestigious class each year.” 

The SSNteam is excited to see what the Class of 2020 brings to the security industry in terms of talent, leadership qualities, business acumen, tech-savviness and commitment to our industry, as well as celebrate them accordingly with: 

·      A special ceremony at SecurityNext

·      A personalized profile on our website and in the October and November 2020 issues of Security Systems News

·      A special logo to use in email signatures, on social media, etc., establishing them as part of our Class of 2020; and 

·      Opportunities to be interviewed and quoted in our future endeavors to help further establish them as industry thought-leaders.

“Colleagues, friends and even yourself should nominate for this renowned award that recognizes hard work, leadership, integrity, dedication to their field and true passion for that is done in the field day in and day out, while being committed and making a huge influence in the field,” Guarneri encouraged. “A person can have one year or 25 years on the job to exhibit some of the characteristics listed to enter SSN’s ’40 under 40’ Class of 2020.”

To be eligible for SSN’s ’40 under 40’ Class of 2020, nominees must have been born in 1980 or later; work at a system integration firm, alarm installation company or central monitoring center; work in a security professional role for an end user; or be a security industry consultant; and complete/submit the online nomination form.

“Each year a special and entirely new class enters,” Guarneri explained. “The award is far from a ‘life-time’ achievement award, but rather an award that recognizes ‘best’ in class by those that are ‘best in class.’”

*Questions regarding this prestigious award can be directed to SSN Editor, Paul Ragusa, at [email protected] or SSN Managing Editor, Ginger Hill, at [email protected]

by: Ginger Hill - Wednesday, April 29, 2020

I venture to say that the “corona-crisis” is not the first “crisis” you’ve had to deal with as a business owner, employee, parent, son, daughter, brother, sister, grandparent, aunt, uncle … nor will it probably be the last. That’s not thinking negatively, either; that’s just based on the uncertainty of life and the human inability to predict the future. 

So, here’s the deal … we are all coping with the same coronavirus crisis right now and that is the one common denominator that we all have with each other, the “crisis connection,” if you will. But, it’s how you communicate with others during this time that will deem you a success or a failure, professionally and personally.

I recently sat in on a SIA MarketShare webinar with Janet Fenner, SIA Membership and Marketing Committee and member, SIA Board of Directors; Kevin Friedman, principal, Maize Marketing and Jody Ross, vice president of sales, AMAG and member, SIA Board of Directors, and their overall combined message really resonated with me as they emphasized the importance of being empathetic.

“We’re learning as we go,” Friedman said, “it’s really about empathy and being empathetic toward our customers and our employees and our sales staff, and showcasing this is one thing we’re all in together.” 

When I was a teacher, I learned that a student doesn’t care what you’re trying to teach them or say to them, if the student doesn’t feel, know and understand that you generally, authentically care — nothing else you try to do with that student matters. A barrier has been placed, blocking all efforts. And, trust me, if you fake it, they know. The same holds true in all human-to-human relationships. 

“Instead of trying to go for the sale, go for checking in on them [customers]," Fenner said. “Make sure that they’re okay; they’re families are okay; and the more you speak with them, you learn about what their ‘after normalcy’ is going to look like, so you know how to support their efforts.” 

Ross added the importance of listening. “You have to listen to them [customers] and again, empathy,” she said. “You can’t be a bulldog moving forward and pushing them [customers] right now. Everyone is struggling. So, you have to listen.” 

So, what exactly is empathy? It’s simply the ability to understand and share the feelings of another. We’re all going through the same coronavirus situation; this common denominator gives us the ability to literally understand what others are going through. People are craving connection right now, and it’s the companies and businesses who take the time to authentically reach out and listen, hear and understand what others are saying that will come out of this pandemic ahead with strong partnerships and relationships in place.

This isn’t the time for simply “hi, how are you?” with the typical reply of “I’m good.” Nor is it “about pushing product down throats; it’s about checking in … let’s just talk in ‘normal,’” Friedman said.

by: Ginger Hill - Wednesday, April 15, 2020

I’ve been hearing and seeing the use of the word “nimble” lately when it comes to security businesses continuing their success during this trying time of the coronavirus, working from home and social distancing as our new norm. A recent example comes from an online panel organized by Arcules in which Ryan Schonfeld, founder & CEO of RAS Security Group and SSN “40 under 40” class of 2019 said: “ … I think being able to be nimble and adapt to changes quickly is going to be critical.” 

What does “nimble” actually mean and how can it be used in business? 

According to Merriam-Webster, nimble is an adjective that means quick and light in motion, like being agile as well as marked by quick, alert, clever conception or resourcefulness, responsive and sensitive. 

For me, the word nimble brings back memories of nursery rhymes  — “Jack be nimble; Jack be quick; Jack jump over the candlestick.” Which, you’re jumping over fire, it’s a good quality to be “light in motion, agile.” 

Let’s suppose for a minute that the candlestick in full flame in this age-old “rap” is 6-foot-tall and represents the coronavirus and let’s pretend you’re Jack, a well-dressed, savvy, security-industry business man (or woman, “Jackaline”). The only thing holding you back from your next million-dollar deal is a 6-foot burning candle right in front of your face. 

You can see the wax melting, drip by drip and feel the heat from the flame. You have no room to back up and gain momentum as you run forward to leap over it; there’s no room on either side to sneak past; there’s no way under it; there is no sort of hoist to lift you over dangling from the ceiling … it’s just you and a 6-foot burning candle. What are you doing to do? 

Simple. Be nimble. Be quick, agile, clever and resourceful. Be responsive yet sensitive. 

  1. Quick – fast in development … make/devise a plan. 
  2. Agile – well coordinated in movement … effectively execute the plan.
  3. Clever – mentally bright, sharp intelligence … use the things you’ve learned in the past, and don’t be afraid to try and learn new things.
  4. Resourceful – capable of devising a way … don’t second guess yourself; once you’ve made a plan, stick to it, but also be “responsive” to your plan. 
  5. Responsive – being prompt and willing … ready and inclined to take charge and make changes if necessary to your plan, business, personal life, etc.
  6. Sensitive – aware of and responsive to the feelings of others … consider your employees and customers needs, and do whatever you can to help. 
by: Ginger Hill - Wednesday, April 8, 2020

One thing I’ve noticed throughout this whole COVID-19 pandemic is the increase in cybersecurity hardening tips, tricks and solutions promoted on social media, adding to the already seemingly constant mentioning and discussion of data breaches taking place all over the globe. The more people see or hear of something, the less likely they are to take notice and actually do something.

Take the car alarm as an example. When this technology first became popular, very few people had heard the sound that a car alarm makes, so when it went off, people took notice. Now, in present day, car alarms are hardly even noticed, perhaps only when one is going off outside our bedroom window at 2 a.m. 

Therefore, it’s easy to understand how people can become fatigued with cyber breaches and why complacency can result. Of course, this is right up cybercriminals’ alleys. As consumers become more and more desensitized to data breaches, the more each becomes just “noise,” and not a thing to take seriously.  

I recently sat in on a virtual Women in Cybersecurity (WiCyS) panel discussion, “Cyber Breach Fatigue,” to gain more information. Panelists included Rhonda Bricco, service delivery manager and Cat Goodfellow, cyber engineering director, both at UnitedHealth Group and at Optum, Deb Doffing, information security, technology management professional and Sue Perkins, general management director.

Fact: During Q1-Q3 of 2019, 5,183 cyber breaches were publicly disclosed, resulting in 7.9 billion exposed records.

“A billion, a trillion … I don’t think the number of exposed records moves the needle anymore,” Goodfellow said. “I doubt there’s an adult today who’s personal information hasn’t been inadvertently released.” 

The thing is, unless you’ve been personally affected by a data breach and/or suffering a painful experience as the result, then, more than likely, reports seen about data breaches in all media outlets become just meaningless background noise. 

“A lot of [people] out there are becoming apathetic and despondent, and these breaches are becoming the norm, especially when the breaches are caused from a huge range of skills, from teenagers to very sophisticated teams extracting or manipulating information,” Doffing said. 

And, now for the “elephant in the room,” COVID-19. This pandemic has prompted breaches and phishing campaigns like never before seen. 

“We really need to pay attention and educate how important it is to be diligent during this time because people are really getting damaged personally, just with a click of the mouse,” Bricco warned. 

In the current virtual landscape and moving into the future, we all must fight cyber breach fatigue and complacency. It’s time to once and for all acknowledge that data breaches will happen; they impact lives; and there are actions to take to prevent personal data from getting breached/stolen, so complacency isn’t an option. 

“Understand the cost [not just financially] of potential breaches … and the risk of that breach,” Perkins said, “understanding these two components helps people understand what needs to be done.” 

Make now the time you took control of your personal information by taking action:

  • Demonstrate good password hygiene by using strong, different passwords for each log in.
  • Use different user IDs for each of your accounts. 
  • Don’t click on unknown URLs.
  • Be careful what you put out there about yourself and your family, including pictures, on social media platforms. 
  • Be mindful on what ads you click on. Cybercriminals watch these habits, learn what you like and then use that against you, for example, via a phish, vish or smish
  • Become more cybersecurity minded by asking for and researching security tool recommendations from trusted colleagues and friends.
by: Ginger Hill - Wednesday, March 18, 2020

I refuse to give the coronavirus power by using it as click bait in my blog title; however, staying true to my blog, “Monitoring Matters,” I do see that education is necessary during this time of our lives. I feel that the more people understand and know what to do, the better we are prepared to handle any situation, whether that be a pandemic of any kind, a major cyberattack, etc. So, before we get started, I want to first sincerely thank you for reading my blog and I hope that you not only enjoy the content but find it helpful and useful. 

In my opinion, all the security industry associations are doing a great job at keeping their members as well as the security-related press well informed about the state of our industry at this time; offering up-to-date information about business continuity; etc. 

There’s also a whole other aspect to contend with when it comes to this time of social distancing, quarantining and working from home: cybercriminals! In my lifetime, this is the first time for such an influx of people working digitally; I can picture it now … cybercriminals rubbing their greedy little hands together, excited to attack digitally! Think about it … if you were a cybercriminal, wouldn’t you find it the best time to strike with some businesses and their employees struggling to keep “business as usual,” some even digitally working for the very first time? 

Additionally is the influx of scams already taking place, from people physically knocking on doors of seniors’ residents pretending to be Red Cross representatives offering coronavirus testing for money and/or robbing the individual(s) to unscrupulous online offerings for products to treat or cure COVID-19 (which do not exist at this time) to phishing scams via phone, text and email. 

Here are some quick “to-dos” to immediately enhance your, your business and your loved ones’ security: 

  1. Do not post pictures of the inside of your home on social media. Working from home can feel isolating and while it seems fun and entertaining to post pics of yourself working from home, things that show up in the background of pictures gives a preview of all the valuables you own to possible robbers. 
  2. Change all passwords into passphrases using a series of numbers, letters and symbols. Use a password manager or write the new passphrases onto a piece of paper and keep in a secure place, such as a locked desk drawer, file cabinet or fire-proof lockbox. 
  3. Don’t leave any accounts “open.” When you’re finished with a program or website that requires a login, be sure to physically take your mouse and click to logout. 
  4. If you receive an email, work or personal, from someone you don’t know or recognize, do not open it. Instead, send a group email or use your company’s recommended communication tool, such as Slack, to ask if anyone sent out an email regarding keywords used in the subject line of the questionable email. 
  5. Do not open your door to strangers or people you do not know, and remind senior relatives and friends to do the same. 


**Here are some FREE, reliable, valuable resources to have at your fingertips, specific to COVID-19, business continuity, scams, best practices, etc

by: Ginger Hill - Wednesday, March 11, 2020

The more I think about it, the more I realize I’m a “house purist.” I like my home to be as free as possible from “extra” electronics of any kind. Sure, I have a laptop, smartphone and a rebuilt iPAD from 10 years ago, and I’m connected to the Internet, but I don’t have cable TV and quite frankly, I refuse to put a voice assistant of any kind in my home … ever! It creeps me out that some random person can be listening, inserting themselves into my daily existence at any time. 

Recent research backs up my no-voice-assistant decision: 75 percent of U.S. households will be at risk to get hacked via voice assistants by 2025 and inaudible, invisible commands can be injected into voice-controlled devices simply by shining a laser at the device; no spoken words needed. 

Researchers at the University of Michigan and the University of Electro-Communications found that light can be converted to sound using a microphone. This means that a remote attacker standing several meters away from a device, most of which are embedded with the common MEMS microphone, can inject arbitrary audio signals to the target microphone by aiming a laser at the microphone’s aperture, covertly triggering the production on an acoustic pressure wave. Basically, the microphone responds to the laser light as if it were sound. 

So, what devices are vulnerable to this attack, now known as LightCommands? The researchers demonstrated this attack on many commercially available voice-controllable systems that use Siri, Portal, Google Assistant and Alexa. They successful injected LightCommands at a maximum distance of more than 100 meters while penetrating clear glass windows. 

The researchers concluded that additional compromises of third-party hardware, such as lock and cars, can be vulnerable to LightCommands attacks and they believe that the heat caused by lasers can also be an effective way to inject false signals into sensors. 

If you still choose to have voice assistants in your home, at this point the only protection against LightCommands attacks is to: 

  1. Keep all voice assistants non-visible from the outside by physically blocking them from sight from windows; and 
  2. Because LightCommands allows attackers to inject commands as a legitimate user, avoid giving voice assistants access to every single connected IoT device/sensor that you have invited into your life as hackers can hijack any digital smart systems attached.