The internet of things (IoT) has introduced many smart devices with features that make our lives considerably more convenient by applying connectivity to everyday tasks. However, these conveniences also introduce both security and privacy concerns that need to be proactively addressed such as data and credential theft, spying and manipulation via device settings/functions. The following are best practices you can use to address the security concerns presented by IoT devices:
- Immediately change default credentials. Malicious actors know or can easily obtain the manufacturer’s default credentials.
- Enable MFA (multi-factor authentication) on all devices which support it as MFA will further protect your devices if your credentials are compromised or stolen.
- Review device default privacy and security settings – these settings are chosen by manufacturers, make sure they work for you and reset as/if necessary.
- Disable features you don’t plan to use – doing so minimizes the device’s attack surface or potential for manipulation.
- Keep device firmware up-to-date – apply updates/patches promptly as malicious actors seek to exploit known vulnerabilities which are addressed by patches.
- Do not connect IoT devices to untrusted networks such as public WiFi networks – malicious actors may target devices connecting to these networks.
- Secure your home WiFi network.
- Use long and unique passwords for each device. For password tips please see the following Connect article, Under Lock and Passphrase.
- Set up a firewall at your router to act as a barrier between your devices and possible threat actors.
- Consider disabling SSID broadcasting. This prevents automatic transmission of your network name or SSID into the open air. If disabled, users will have to know your network name to connect to it. For more information, please see the following article from Lifewire: Disable SSID Broadcast to Hide Your Wi-Fi Network.
Additionally, for tips on router security, see the following NYU IT Security News & Alerts blog post: Home WiFi Router Security: What You Should Know.