This is the third in a series of articles promoting security awareness. The first two related to security within organisations.
Social Engineering – common techniques and how to prevent them
How to measure the success of your security awareness programme
This article focuses on the internet-connected devices in your home – called smart home devices, or you may be more familiar with Internet of Things (IoT).
Like anything connected to the internet, these smart home devices are at risk in the same way as your PC or Mac are and can be sabotaged. But IoT devices have their own unique security issues too:
- They can be used to attack others’ smart home devices
- They can become infected and lock you out
- Vendors can gather information about you and your activities
For example: Baby monitors have been hijacked and used to spy on people using the webcams and cyber criminals have accessed smart thermostat data to figure out when people are away. In 2016, websites including Spotify, Netflix and PayPal were temporarily shut down due to a botnet attack; the processing power of hundreds of thousands of compromised IoT devices were used to launch the cyber-attack.
Here’s how to protect smart home devices
Well of course this is the best way to protect yourself but it’s not realistic – or convenient. We like to use cameras to confirm all is well at home or even see who is ringing the doorbell. So instead, connect only what you need and when you need it. Lights and cameras secure your home from physical attacks so they are vital. Your Nest thermostat helps save you money. But your cooker or weighing scales? They can be disconnected when not in use.
Like in your business life, ensure passwords are strong and be sure to change any default password. And of course, make sure your Wi-Fi password is also strong and unique.
Buy from a reliable source
Purchase devices from a reputable manufacturer and make sure they are highly secure and enable automatic updates.
Your Google Home or Alexa can record what it hears so think about where you put them.
Make sure you install updates as soon as they become available and preferably enable the device to update automatically.
Separate your networks
You may wish to connect your home devices to a different network from your phone and pc. This means that if they become infected, it doesn’t pass to your PC, and vice versa.
Disable features not needed
Smart home devices come with a variety of services including remote access. These are often enabled by default and might not be needed.
Limit information collected by manufacturer
Go to the device settings and restrict or disable the amount of information collected by the vendor. This will help secure you further.
If your devices offer two factor authentication (2FA), use it.
Symantec’s 2017 Internet Security Threat Report found that at peak time, the average IoT device was attacked once every two minutes. So be safe, be secure and be sure to protect smart home devices.