The responsibility to design cyber secure consumer IoT products falls on manufacturers of smart and connected devices. Regulators around the world have issued guidelines and recommendations to align practices by manufacturers in this space. At the same time, we as consumers need to understand the risks that these new technologies can pose when they are brought inside of our homes. There are several precautions that we can take to ensure our devices are safe from potential cyber attacks, and as more IoT devices make their way into our everyday lives, we need to adapt our behavior to ensure these technologies can’t act against our best interest. The following small steps can help ensure our products are safe from potential attacks and that we are able to use the products we buy in the way they were intended.
Secure your home network
Try to keep your coverage area limited to your house by placing your router as close to the middle of your space as possible, rather than placing near windows.
Give your router an anonymous name not associated with your name, your address, or any personal identifiers.
Make sure that every device on your network, including routers, computers, smartphones, and smart devices, have updated software and operating systems to keep your entire network protected.
Use wireless encryption. First, make sure you enable the SSL encryption in the settings of the sites you visit (like your email). Second, visit the secure HTTPS version of sites and not the unsecure, regular HTTP site by simply adding an ‘S’ to the website’s URL.
Use strong authentication methods
Use strong passwords. Websites such as “Have I Been Pwned?” can be useful to check whether your email address and password have been exposed in a security breach.
Use two-factor authentication (2FA), for example, using both a password and a fingerprint or email verification.
Many Internet devices are shipped with default login codes making them easy to hack (e.g. 1234) – make sure to change default usernames and passwords.
Use your devices and the applications installed on them securely
Install an antivirus to block malicious software designed to acquire your personal information. You can find both free and paid-for antivirus options online. Trade media are reliable sources to check for the best options available.
Turn on the firewall on your PC, router, and any other devices that have one.
Consider apps’ requests to access your information (photos, location, address book, camera or even other apps) carefully. Each time you should ask yourself, what is this app for and why does it need that permission?
Unplug devices when not in use.
Update your IoT devices’ software and firmware in a timely manner when instructed by the manufacturer.
Let your visitors know that you have smart devices or turn them off to protect others’ privacy and security.
Be careful when connecting to a network
Avoid unsecured public Wi-Fi networks (those that can be connected to without any type of security feature like a password or login).. On public Wi-Fi networks, cyber attack techniques such as “Man in the Middle” can be used to intercept web traffic between a user’s device and the destination by making the victims’ device think the hacker’s machine is the access point to the Internet. You can turn the public connection into a private one by using a Virtual Private Network (VPN). The first step is subscribing to a VPN. Here is a guide that can help you pick the right one. A VPN prevents hackers from viewing your web traffic and your personal data, like your bank account number and passwords. You can also use a VPN on your phone. Here is how.
Use more than one router so that your IoT devices are on a different network to that of your main PC. This will protect the information on your PC in case your IoT devices are compromised. You can check this guide on how to connect two routers on a home network.