This past holiday season, Amazon’s biggest sellers included plenty of IoT (Internet of Things) devices. Their Echo Dot and Echo Show voice-activated assistants were big sellers, along with other internet connected smart devices like the Fire TV Stick with Alexa voice remote and the Wyze Cam indoor smart security camera.
From smart home theater systems to internet connected thermostats and lighting, smart devices make life easier, but they also offer a big security vulnerability if they’re not properly secured.
Any endpoint to your network can let in unwanted parties to infect your system and connected devices with malware, or worse. There was an unfortunate story in the news recently related to IoT device security. A Ring camera that was set up in a child’s bedroom was breached, and the hacker was able to speak to the family’s 8-year old directly through the device.
As these smart devices continue to populate our homes and offices, securing them becomes of paramount importance because they can just as easily be used to gain access to your sensitive data as a computer or smartphone.
Important Tips for Securing Your Smart Devices
According to a Threat Intelligence Report by NETSCOUT, the average amount of time it takes for an IoT device to be attacked after it’s first connected to the internet is just 5 minutes.
Hackers are at the ready waiting to prey on new smart devices that aren’t typically getting the same security scrutiny as network connected computers and servers.
Here are several best practices to secure your IoT devices as they’re being set up.
Change the Default Device Name
If you leave your device name at the default (i.e. Linksys AC1900), hackers know exactly the device you have and can easily look up its vulnerabilities.
For additional safety, when choosing a name for the device don’t choose one that identifies your address or use any other personally identifiable information that a hacker could potentially use for a phishing attack.
Change the Default Password
Leaving the device password at the default – even for just a little while – is one of the main ways that hackers can tap into your new smart doorbell camera, internet connected whiteboard, or other IoT device.
15% of IoT device owners never change the default password.
While 15% don’t change their IoT device’s default password, there are plenty of others that mean to change it after they get it set up, but don’t right away. But remember, it takes just an average of 5 minutes after your device is connected to the rest of the world for hackers to start trying to get in. So, change the default password during setup to protect your network.
Use Strong Passwords
It’s tempting to want to use an easy password for a new smart gadget that everyone can remember, but it’s just as important to use a strong password for IoT devices as it is for your banking login or email account.
Use a combination of letters, numbers, and symbols, and include both uppercase and lowercase letters.
Check and Adjust Privacy and Sharing Settings
Some IoT device manufacturers may have privacy settings that are sharing data “for quality purposes” that you don’t want shared. Any sharing connection could be exploited by a hacker, so be sure to look over privacy settings thoroughly so you understand them and can adjust them for added security.
Disable Features You Don’t Need
Some smart gadgets will come with additional settings that you might not need, such as remote access. Turning off any features you don’t use can reduce areas of breach vulnerability.
Keep IoT Devices Updated
Just like operating systems on computers, IoT devices also regularly receive updates to patch found security vulnerabilities. Be sure to include your smart devices in your update and patch management plan and update them regularly to avoid a potential issue being left unchecked.
Use Two-Factor Authentication Where Possible
Two-factor authentication is one of the best defenses against a breach due to a stolen or hacked password. This puts an extra step in the login process, such as the entry of a PIN sent to your phone, and helps keep unauthorized parties from tapping into your IoT devices using a breached password.
Disable UPnP Features
Universal Plug in and Play (UPnP) is a popular feature of many smart gadgets that allow other devices to find and connect to them automatically. This is feature is exploited often by hackers to gain access to a smart device.
While it may take a little more effort to configure devices that you’d like to have connected without UPnP, it’s worth it to reduce your risk that UPnP will be used against you.
Call Two River Computer to Secure Your IoT Devices
Don’t leave your network security to chance, ensure your IoT devices are included in your IT security strategy to reduce your risk of getting hacked. Two River Computer can help with a comprehensive and all-inclusive security plan.
Contact us to set up an IoT security consultation today. Call 732-747-0020 or contact us online.
