By 2025, it is estimated that there will be more than 41.6 billion internet-connected devices. Be sure to keep cybersecurity at the forefront of your mind as you connect daily. Before purchasing a device or online product, do your research. When you set up a new device or app, consider your security and privacy settings and update default passwords. Cybersecurity should not be an afterthought.
Security Considerations for Buying Smart Home Devices
As a result of the ongoing smartification process, a new security challenge is in the works. Over the past few years, the world has observed a steadily increasing number of attacks on smart home devices, like baby cameras, televisions, wireless switches, and lights. When buying a smart home device you need to not only consider how much it costs to secure the device, but also the cost of time for performing other tasks to ensure these devices continue to function. Some of these tasks may include updating firmware, identifying dead devices, re-connecting and attaching devices, replacing batteries, checking connections, diagnosing technical issues, reconfiguring access, updating apps that control devices, and so forth.
- Ask Yourself: Does the smart device provide authentication? Does the smart device, for example, require a username or password for access? Many smart devices have no means of providing authentication. A well-designed smart device will have some type of authentication capability that will let you, as the owner, properly control access to it. Several smart device manufacturers have chosen not to provide any authentication on their products and rely instead on other means. Some manufacturers even assume that your local WiFi network should be able to provide this security. Unfortunately, this leaves smart devices significantly more susceptible to attacks, since anyone who has access to the local WiFi network can intercept, monitor, or attack devices with greater ease.
- Ask Yourself: During initial installation, does the smart device require me to change my username and password? During the initial setup, a well-designed smart device will require you to change its default access credentials. Changing the default credentials prevents an attacker from accessing your device using published default username and password combinations. It’s common to see smart devices with a username set to “admin” and with a default blank password. In other instances, the usernames are identical to the passwords. Once a device is initially deployed and operating—barring any technical issues—it’s highly likely that it won’t be reconfigured for some time. With the default weak credentials, coupled with a lack of password change enforcement during initial setup, it’s easy to understand how vulnerable these devices can be.
- Ask Yourself: How well does the smart device keep itself updated? Is the device able to automatically update itself? Does your device notify you that it’s out of date? How complicated is the process of updating the device? Device updates keep your smart devices functioning properly and securely, but the way you receive these updates can be a challenge. Updating a device is currently both the responsibility of device manufacturers and consumers. You have to consider how the update process will affect you, including the complexity and the time it takes to do the update.
- Ask Yourself: Does the smart device properly encrypt its firmware updates and network communications? Even though a smart device may advertise the use of encryption, some may not implement encryption properly or fully. Make sure to Google the device model for any possible historical security issues. Many smart devices don’t properly implement the use of encryption when communicating across the network or protecting their periodic firmware updates. As an example, Belkin’s initial release of the WeMo baby monitor failed to use encryption when transmitting data.This lapse left their devices open to monitoring, controlling, and even alterations by an attacker.
- Ask Yourself: How well does the manufacturer manage their device vulnerabilities? How many published vulnerabilities does the device have? How many have the manufacturer fixed? What is the average time it takes for the vendor to respond with a fix? Just like with PCs, tablets, and smartphones, other types of smart devices have software vulnerabilities. Vulnerabilities give malicious individuals and cybercriminals an opportunity to exploit your devices. How manufacturers and vendors resolve these issues can either save you from or expose you to further risks. You can simply Google the manufacturer and device model to understand any potential issues relating to that device.
SIMPLE TIPS TO PROTECT IT
- Own Your Online Presence. Every time you sign up for a new account, download a new app or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Your mobile device could be filled with apps running in the background or using default permissions you never realized you approved—gathering your personal information without your knowledge while also putting your identity and privacy at risk. Check your app permissions and learn to just say “no” to privilege requests that don’t make sense. Regularly check these settings (at least once a year) to make sure they are still configured to your comfort.
- Keep A Clean Machine. Keep all software on internet-connected devices – including personal computers, smartphones, and tablets – current to reduce the risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available.
- Back It Up. Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup. Use the 3-2- 1 rule as a guide to backing up your data. The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.
- If You Connect It, You Must Protect It. Whether it’s your computer, smartphone, game device, or other network devices, the best defense is to stay on top of things by updating to the latest security software, web browser, and operating systems. If you have the option to enable automatic updates to defend against the latest risks, turn it on.