Did you hear about the hacker who alerted a guy in Arizona that his security camera wasn’t secure? This hacker was a good guy but most aren’t, so the safe bet is to learn how to secure IoT devices to guard against malicious intent.
Personal use of smart devices has exploded, largely because they make our lives easier by helping with things like managing home energy consumption and security, tracking physical activity, and checking up on loved ones. It’s important to remember that these benefits are possible because, as “smart” devices, these products have sensors that collect data about you, your environment and your loved ones, and send that data for processing in the cloud. Collecting and distributing all this data over the Internet raises two critical issues – privacy and security. Any device that uses a wireless connection – like your home office WiFi – faces the risk of an IoT device security breach of one kind or another. If an unauthorized person gains access to your network or device, they can manipulate the functioning of the device or even access your private conversations and information from your home.
9 steps for how to secure IoT devices in your home office
Although any device can introduce risk, there are specific steps you can take toward securing IoT devices – those connected on the so-called Internet of Things. Consider these tips for protecting your data and privacy.
1. Think before you buy.
- Consider whether this device needs to be connected to the Internet
- Look for “secure by design” to source software that was designed with security in mind
- Reconsider buying or using products that are not secure or can’t be updated
2. Set up your router securely.
Since IoT devices almost always rely on WiFi to communicate, locking up access to your router and personal WiFi is an important first step.
- Change the default name of your router
- Use a strong password
- Use the highest available level of encryption
- Check the security of Universal Plug and Play (UPnP).
- Some older routers with UPnP do not authenticate that a device is secure before allowing it to connect to the home network. Since IoT devices communicate on the Internet (outside the home network), it is possible that your router could allow an infected device or a malicious actor to connect to your home network and access your devices. Research alternatives before you turn off UPnP. Alternatives require using a VPN or manually configuring port forwarding.
3. Set up a separate network for IoT device security. This can prevent a hacker from using access to one IoT device to tunnel through your network and gain access to other devices – like your work computer, which may hold access to sensitive business information.
4. Configure the security settings on all devices.
- Use strong passwords, here, too
- Review and limit privacy settings. Manufacturer’s default settings generally share a lot of data, but you have the option to share less and still be able to use the device features. Remember that the “Always On” feature of home hubs such as Alexa and Echo means that there is a chance that any conversation could be recorded.
- Disable any features you don’t use (like voice recognition, Bluetooth, etc.). This limits the entry points into your home, reducing a hacker’s options to get in.
5. Update products regularly. If possible, set updates and patches to install automatically, and check them regularly on your router, securing IoT devices and any other hardware connected to your network.
6. Use multi-factor authentication (MFA). Having two locks on your door is stronger than one. Multi-factor authentication is similar – like having two passcodes for an account; but instead of remembering a second password, you get an emailed code or use a fingerprint scan for the second lock. Using two different “keys” provides better protection. Use MFA on any account that has it.
7. Secure any personal cloud technology you use on your business devices. Any data you have saved in the cloud needs to be protected from unapproved access. In addition, some online platforms will mine and sell your data for advertising and purchases. If you want to block this practice, look in the privacy settings for the app or service.
8. Avoid public WiFi networks.
- You might want to manage your IoT device security through your phone or tablet from a coffee shop across town. If you’re on public WiFi – generally not a good idea – use a VPN to protect your privacy.
- Understand how your wearables such as FitBits use WiFi before allowing them to connect to public WiFi networks.
9. Retire risky or less-useful devices.
- Fewer devices mean less risk, so evaluate the usefulness of your devices from time to time and get rid of any you don’t need.
- Before retiring any device, check its memory. It may have a wealth of information that should be wiped before giving it away or recycling.
Securing IoT devices for data sharing and collection
Another consideration when deciding how to secure IoT devices is the information you’ll be sharing vs. collecting from others. Privacy issues with IoT devices generally fall into these two categories.
Data Sharing
By default, your devices are designed to collect information about you. So with each device, it’s a good idea to consider what data is being collected and how you feel about others having access to it. Amazon, Google and Apple have all admitted that they hire humans who sometimes listen to digital assistant commands to improve interpretation and services. Users don’t know which commands are interpreted by humans but do usually have control over which recordings are saved.
IoT devices are not the only ones who collect our data. Google tracks all our online searches, as well as purchases made with a Gmail account. Netflix knows what shows we watch. And Internet Service Providers are allowed to track and sell our browsing history. Does it matter that these companies are collecting our information? That’s up to you and your company’s IT department to decide. Consider the trust you place in these major corporations when allowing them on the same network as your office-issued devices compared to what you’re willing to sacrifice for the convenience of using their devices and services. Then configure your devices accordingly.
Data collecting
If you ever have guests in your home, then your devices may collect information about other people. For example, anyone in a camera’s field of vision will be captured on video if the camera is on. Any saved video also may be accessed by someone you do not want to see it. This raises the issue of privacy.
Some governments have specific laws at the state or national levels that limit where you can place and how you can use recording devices. You may also be required to inform people that they may be recorded or ask permission before sharing video or audio that features anyone other than yourself.
Security is a big issue with the IoT, and so far the industry’s track record has been extremely poor. Not until recently has securing IoT devices involved widespread cybersecurity safety standards. Until now, companies have repeatedly prioritized speed to market over security, meaning a majority of devices currently for sale have limited security features built into the design.
Secure your smart offices with security awareness training
While employees have always been the first line of defense in protecting business systems from invasion by hackers, their importance has been magnified by the necessity of home offices over the past year. Annual security awareness training is more important than ever with employees and clients interacting on personal wireless networks with potentially multiple unsecured personal devices connected, as well, giving hackers a plethora of entry points to exploit.
With ransomware and ransom costs on the rise, don’t hesitate to secure your home office and ensure your subordinates stay cyber aware. Contact a Global Learning Systems representative today for more information on cybersecurity training.