In furtherance of the NCSAM theme for this month “Own IT. Secure IT. Protect IT”, the following are cybersecurity considerations and recommendations for IoT devices in your home.
According to a 2017 Internet Security Threat Report published by Symantec “At times of peak activity, the average IoT device was attacked once every two minutes.”
Smart/Internet of Things (IoT) devices are tremendously convenient, but also present security/privacy concerns as they collect a lot of personal data, which can be used to create robust personal profiles. As consumers continue to call for greater connectivity and convenience, devices geared to consumers will continue to push convenience over privacy. Individuals need to proactively assess risks associated with connectivity to ensure that these risks are not greater than their risk tolerance. IoT devices can not only track personal details based on interaction and usage, but they can also potentially aggregate data, with data coming from other smart devices. Using IoT devices safely to manage these risks is key.
The following are some steps you can take to protect yourself when you begin using a new device:
- Identify all of your IoT devices. Consider whether each device needs to be connected. What are the advantages? For example, do you want to interact with the device remotely or do you want to activate remote maintenance with the device provider? If you don’t need the options connectivity affords, turn off the device’s connectivity.
- Protect your home wireless network(s) with strong password management, and reset default passwords on all connected devices. Additionally, find out what what the default security settings are and determine whether you need to reset them based on your preferences.
- Find out how your devices are patched/updated, and be sure to regularly perform updates as updates address known vulnerabilities.
- Use two factor authentication for an added layer of security on all devices which offer it.
- Be sure that outages do not result in an insecure state for your IoT devices.
- Consider isolating your IoT devices by creating a separate WiFi network on your home router with a complex and unique password. Having your IoT devices on a separate network will prevent an attack on IoT devices from impacting your entire home network.
For additional tips on building a more secure smart home, and for specific examples of how IoT devices are vulnerable, please see the following article, Norton, 12 Tips to help secure your smart home and IoT devices
Additional Resources:
Cnet, The best password managers of 2019 and how to use them
Connect, Under Lock and Passphrase