In the connected home, it is essential that families are aware of cyber risks and act appropriately to avoid jeopardizing the security of local networks. Intelligence in homes is supported by sensors and systems that analyze data but can also be the gateway to vulnerabilities. Studies on cyberattacks have shown how webcams, thermostats, refrigerators, and other connected items can become attractive targets for cybercriminals.
This optimal technology can also expose users’ personal information to unwanted cyberattacks. Attacks range from using baby monitors to spy on families to significant financial risks. Hackers can steal personal information (credit card details, date of birth, and even social security numbers) to put users in life-threatening situations. Personal data is vulnerable if transmitted or stored on an IoT device without encryption.
Existing Vulnerabilities
“Consumers should have the right to assume when purchasing an IoT device that it is secure and guaranteed by laws and regulations. However, currently, there are almost no laws regulating the security of IoT devices,” said Dean Collins, Senior Director of Business Development at DigiCert. While manufacturers are not experiencing pressure from governments to incorporate security into the development of IoT devices, that leaves a lot of responsibility in your hands as the end user to make your devices more secure.
Regardless of what regulators or manufacturers are doing, consumers need to be more aware and responsible for securing their IoT devices. Below, DigiCert offers users some tips to secure their smart home devices:
1. Do your research before you buy
It’s important to do some research before selecting a device, to determine what the common vulnerabilities are, what type of data is collected, and how it is protected and shared. It’s paramount to read the privacy policy and see how much control you have over your data and how it is used. If possible, avoid purchasing products with a history of security; Since it is crucial to prioritize privacy over price. If all consumers did this, manufacturers would have no choice but to make security a priority.
2. Never use default passwords
Default passwords are passwords that are pre-set on the device by the manufacturer, sometimes even written in the user manual. Whenever the manufacturer provides default passwords, consumers should change them and use good password practices. Even with strong security features, using default passwords can put your device and data at risk because it makes it an easy target. Instead, it is essential to opt for long, strong passwords and change them every six months or so. It is also important to use two-factor or multi-factor authentication whenever possible. You can also consider using a password manager and authenticator app, which will make it much more difficult for the hacker to break into your network.
3. Update the software
Software updates help your device run the latest security and safety patches. Some devices offer automatic updates, but it is important to check if you will need to update your devices manually. This is critical because as hackers evolve and find new vulnerabilities, software updates provide security patches. When updates are released from the manufacturer, you should make sure you install them and are running the most up-to-date software.
4. Check permissions
It’s important to disable any settings you don’t need, such as remote access or location settings. You should only allow permissions for settings that are necessary, and don’t automatically connect your device to the network unless you need to. Just because your device can connect to the Internet doesn’t mean it should, and you shouldn’t connect devices to public or suspicious networks either; public Wi-Fi isn’t always safe.
5. Don’t forget your phone
Many smart devices connect to apps, so make sure you protect your smartphone. If your phone is lost or stolen, you clearly don’t want anyone to be able to access your smart home through your apps.
6. Keep track of your devices
Know what and who is connected to the network. Every new device connected to the home network is a new vulnerability, and it only takes one vulnerable device to compromise the network. That’s why it’s important to use only what is needed and make sure to remove old and outdated devices from the network. When the user decides to get rid of old devices, they should make sure to reset them to factory settings so that the next user cannot access the data or network.
7. Separate networks
If the user has the technical expertise to do so, they can create a separate secure network for their IoT devices. They can separate the networks on which the smart refrigerator and laptop with sensitive information are running for added security.
“In the future, manufacturers will be expected to act responsibly and build security during the device design stages. Manufacturers can and should do more to ensure the security of their devices,” added Dean Coclin.
In the meantime, taking these steps can help protect IoT devices carried around the home or in personal spaces. Even entities such as cyber departments or entities such as the police in Latin America recommend and reiterate the importance of protecting IoT devices.
Ultimately, IoT devices can be very useful and benefit the lifestyle of users, however, they can also present risks. This does not mean that they should not be used, just that you need to be smart about how they will be used and do the right thing to ensure that the benefits outweigh the risk.