10 Tips To Secure Your New Christmas Devices

If Santa brings you a bunch of new electronic toys for Christmas, take an extra moment to secure them properly.  Many new devices will work fine straight out of the box, but this usually means they are set up with very insecure manufacturer defaults.  Here are our tips:

  • Default passwords – Always take a moment to replace the default user name and password (often just “admin” and “password”) with something more secure.  Passwords should be at least 12 characters long.  If the device is never leaving the building, such as a smart thermostat or wireless router, I have no problem with affixing a label with the login information to the device as a memory aid.  If your attacker can read the label, you have bigger problems to worry about.
  • Remote administration – If your device allows for remote support and administration, turn this feature off unless it is absolutely necessary.  If remote administration needs to be enabled, then choose an especially good user name and password combination.
  • Non-privileged account – Only use the administrator account for performing administrative functions.  It is much safer to create a non-privileged or non-administrative user account for general use.  This is especially true if your device is connecting to the Internet.
  • Configure securely – When setting up your device, use the most secure settings that are available.
  • Sharing – Take a close look at any configuration for information sharing, and restrict sharing to applications where it is absolutely necessary.
  • Location – Many devices are location aware, and report their location to an online resource of some sort.  Determine if this is necessary to the operation of your device, and if not, turn it off.
  • Device locking – Make your device require a password or pin when starting or accessing a device for use.  This is especially important for portable devices such as phones, tablets, and laptops.  If you can just power it up and use it without a password, so can the guy who just stole it.  Or your snoopy in-laws.
  • Remove unneeded apps – Many devices come with a bunch of pre-installed applications.  Flaws in applications can provide an exploitable vulnerability an attacker can use.  Removing apps you don’t use will reduce the attack surface.
  • Patch and update – Patches and updates usually provide security enhancements.
  • Secure IoT devices – Internet of things devices such as smart thermostats, web connected security cameras, baby monitors, and wireless routers have enough memory and processing power to be used as part of an botnet.  We saw the power of the Mirai botnet earlier this year.  Make sure your IoT devices are configured securely, too.

Here’s hoping you have a very electronic Christmas, and a secure and safe New Year!

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment