Chances are you have at least one Internet of Things (IoT) device in your house. If you have a DVR, smart thermostat, smart light bulb, smart plug, smart door lock, smart sprinkler control, smart pet feeder, or a wearable fitness monitor then you’re in the IoT club. Just like you keep your home computer and network safe, you should ensure safety of these devices as well.
IoT devices are vulnerable to botnets – a network of hijacked computers under the control of a hacker. A breached device could result in a slower wi-fi connection, could expose you to spying, and could allow a hacker to breach other devices on your network, such as your computer.
The challenge with IoT devices is unique. Andrew Tannenbaum, IBM’s chief cyber security attorney, summarizes the issue by saying:
“The problem is that many IoT devices are not designed or maintained with security as a priority.”
Here are a few steps you should take to keep your gadgets safe:
- Take Inventory. First, take an inventory to note all of your – and your family’s – devices. An inventory will help you as you take the following steps.
- Create a Unique Network. Connect your IoT devices to a different Wi-Fi network than the one you use for your computer or mobile devices. This helps ensure that a breach of your IoT device does not mean a breach of your computer and mobile devices. One way to implement this is by creating a separate “guest” network on your router and using this guest network for your IoT devices. Consult the manufacturer’s guide for your router to see if it supports creation of a guest network.
- Create Passwords. Change the default password that comes with your device. And, just as you do with your computer, use strong passwords for each IoT device and use a unique password for each device.
- Keep Updated. Stay updated with device firmware. Manufacturers usually release updates to address security vulnerabilities. Check for updates every few months – again, this is where your IoT inventory comes in handy! – or, if available, configure your device to automatically download patches.
- Consider Installing a Security Appliance. Solutions from Norton and Bitdefender and Dojo help you protect all of your devices.
- Disable Universal Plug and Play. Plug and Play is when your device automatically connects to the internet or other devices, such as your smartwatch connecting automatically with your smartphone when it is within range. Printers, routers, cameras, and other devices may also offer the option to automate connection. This creates a vulnerability that can be exploited by hackers. Disable this option on your router.
- Remember the Basics. Use anti-virus software, backup your computer and mobile devices, and do not open suspicious emails or attachments within emails.
Provide Feedback and Do Your Research
As you use or buy devices, provide feedback to your devices’ manufacturers if you encounter a security bug. If customers report security bugs, manufacturers can work to address the issue by releasing a security patch for the bug. Hence, providing feedback is extremely important.
The next time you are looking to buy an IoT device, McAfee recommends you do your research on smart home devices, and choose the most secure one you can get your hands on.
“Not only do many manufacturers not include security features in their product development, it’s not even in their scope of thought,” says Radware’s David Hobbs. He recommends asking several questions before buying to delve into issues such as how the device firmware can be upgraded and what personal information is stored on the device.
By following the tips in this blog post, doing your research in advance of a purchase, and selecting manufacturers wisely, you can help ensure your gadgets – and you – remain safe.