Consumers are connecting 5.5 million new Internet of Things devices every day around the world. This despite high-profile, successful cyberattacks like the distributed denial-of-service (DDoS) assault on domain-name service provider Dyn in early 2017. In that attack, hackers took advantage of security vulnerabilities in IoT devices like smart refrigerators and toys to create a massive botnet that temporarily shut down Netflix, Twitter, Spotify, and Pinterest.
When it comes to a smart home filled with these vulnerable IoT devices, just the risk of being hacked can be nerve-wracking. The convenience of existing and future IoT products are tremendous, and they’ll only become more valuable as their underlying technologies and cybersecurity mechanisms improve.
For smart home early adopters, the challenge is really the sheer number of vulnerabilities that exist in the Internet of Things sphere. But there are several easy-to-implement security steps you can take to increase the security profile of your smart home.
1. Understand terms of service
The first step toward securing your data is understanding what you’re agreeing to each time you connect a new IoT device. Read the terms of service carefully, and don’t be afraid to ask questions. A simple web search about an unclear phrase will likely reveal forum responses and blog posts dedicated to your question.
If you can’t find what you’re looking for, contact the company and ask them to clarify anything that’s making you uneasy. Find out what types of data they collect, how the company uses your information internally, and what they share with outside partners.
In some cases, you may be able to limit the information a device tracks, and you may choose to use that ability liberally. Some people are willing to trade their privacy for convenience, and that’s their decision. We all value privacy to varying degrees, and one person’s threshold for giving out personal information may be much higher than another’s. But it’s a choice you should make with eyes wide open, and that begins with clearly understanding the terms of service.
2. Use secure passwords
Hackers are becoming more sophisticated all the time, but don’t make their jobs easy. When creating new passwords, do not use a common string of numbers and avoid obvious choices such as “admin” or your kids’ names. Assume that hackers have access to personal data about you, and steer clear of any names and numbers associated with you like phone numbers, addresses, family names, and so on. Instead, make complex, tough-to-crack passwords and use different ones for each of your accounts and devices.
When possible, add another layer of security such as multi-factor authentication or biometric verification. These might include having a code texted to your phone to ensure that you’re the person trying to sign into a device, or using your fingerprint to unlock your phone. It’s well worth adding these to your security protocols to add an extra layer of protection for your home devices.
3. Update your software regularly
Yes, it’s annoying to perform software updates, especially when you receive multiple update alerts each week. But software updates aren’t just about cool new features. They often include security updates as well, and you don’t want to expose yourself to hackers simply because you didn’t have the time to run an update.
If you see that you have several update notifications, batch them. Set them all to begin at a time when you don’t need your computer or when you won’t be on your phone, such as while eating dinner or relaxing with your family. You might even set a reminder to do this at the same time every few days or once a week. Then it becomes routine, so you feel less hassled but are also using the most secure versions at all times.
4. Secure the perimeter
Because individual IoT devices often contain security vulnerabilities, one strategy is to “secure the perimeter.” That is, focus on improving the security and setup of your home Wi-Fi network. There are several actions you can take to do this:
- Use the strongest Wi-Fi security protocols your Internet router supports. The older WEP protocol offers less security than newer protocols like WPA2.
- Disable guest network access, which simply provide another potential weak point in your security.
- Give your Wi-Fi network a name that doesn’t reveal information about you, your home, or your location.
Taking these steps presents another layer of defense that hackers would have to compromise.
5. Secure devices that control IoT devices
Around 33% of smartphone users don’t password protect their phones, creating another potential point of vulnerability that hackers can use to access your home network and connected devices. Most IoT devices in a smart home are controlled by smartphone app, so protecting the device running the app is a no-brainer.
6. Create two Wi-Fi networks
Another strategy for protecting your home from an online attack is to create two Wi-Fi networks. Limit access to the first network to only your smart devices like tablets, laptops, and smartphones; these are the devices that are storing and accessing important data like online banking and medical records. The second network is used solely by smart home IoT devices. If any one of these devices become compromised by hackers, they are not able to use the network to access your personal devices.
7. Change default usernames and passwords
Here’s another quick and easy step for protecting your smart home from hackers. Most IoT devices are sold with default usernames and passwords. Hackers that access IoT devices already know the manufacturer default settings, and thus can easily take over control of a given device. Changing those defaults takes away that option and makes hacking a device considerably harder.
8. Turn off inactive devices
Here’s a win-win security step. Turn off devices when they’re not in use. A powered down device can’t be accessed remotely, limiting your security vulnerability, and also uses no power, lowering your energy consumption. This won’t apply for gadgets that need to be left on 24/7, like smart blinds and thermostats. But hardware like wireless printers and smart TVs can be safely powered down at night when not in use. Consider plugging these devices into timers that automate this for you—it is a smart home after all!
Taking these 8 steps will add more cybersecurity smarts to your smart home. And be sure to check out Entefy’s article, Smart homes make smart spies, for additional insights about IoT security.