Security Best Practices for the Internet of ThingsPosted on September 12, 2018 by T&M Protection Resources, LLC
As mentioned in a previous blog post, Internet of Things (IoT) devices make up the core functionality of a smart home. While IoT devices are fun to use and offer hands-free, on-the-go or remote convenience to the user, a degree of care is needed when configuring and maintaining them to be cyber safe. T&M’s cyber experts offer the following best practices and recommendations for you to implement with your devices.
IoT refers to the network of devices, appliances and other items that are embedded with electronics, software, sensors and/or network connectivity. These electronic features enable the device to be “smart.” Sensors and software allow the device to take in information about itself or its surroundings. This information can then be shared through the network to other IoT devices, or back to a central computer or phone.
IoT devices come in all shapes and sizes, covering a broad spectrum of uses and providing the user with a range of convenience-based functionalities. They can be present in areas such as:
- Virtual assistants (Amazon Alexa, Google Home)
- Smart home appliances (dishwashers, washing machines, dryers)
- Automation devices (Roomba, garage door openers)
- Smart entertainment devices (smart TVs with internet connectivity built in, other “dongle” devices like Chromecast, Roku or Apple TV)
- Home security (cameras, alarms)
- Home utility management (thermostats, water heaters, utility regulators, vents)
To be cyber safe when configuring and using these devices, T&M recommends that you:
- Register the device with the manufacturer if possible.
- If an email address is required for set-up or usage of the device, create a separate and unique email address (with a unique password) specific to that device such as: lastname-SmartThermostat@gmail.com. Too many times, T&M has seen clients use the same email and password for all their smart home devices, get hacked, and then have all their devices compromised. A unique email address and password will help ensure that if one of your email addresses or associated passwords becomes compromised, everything else may still be secure. Thinking that this will create too many inboxes to manage? Don’t worry! All these email addresses can be combined and managed into a single inbox, regardless of email platform.
- Don’t bypass the set-up! Go through the various settings associated with each device. Each device will be different but pay special attention to any security/privacy options. For example, make sure your device is connected to your network.
- Be mindful of features that share your data with other users or the manufacturer.
- Get into the habit of performing bi-weekly or monthly checks of all devices for software updates and always opt to perform updates so that your devices are running the latest software.