Securing Your Smart IoT Devices

It seems that everything you can buy comes with a smartphone app and an Internet connection.  As cool and shiny and modern as this is, every Internet connected device is one more place for a cyber-attacker or criminal to get onto your network and into your business.  There are steps you need to take to protect these cool toys from exploitation.

These devices include security cameras, refrigerators, thermostats, light bulbs and light fixtures, routers, watches, fitness monitors, and so on.  The list is endless.  Let’s just say if the device is at home or the office and you are watching it on your smartphone, that would be another one.

Here are some guidelines for setting up your new devices.

  • Change the default user name and password, if it is possible.  You may need to log into a web interface as we did in Wednesday’s post by entering the name of the device or IP address in a web browser.  See the setup guide and user manual.
  • Update the device firmware, if you can.  The latest firmware will include patches for earlier security failures.  This is something to do periodically, like once or twice a year.
  • Check the default features for your device.  There may be included features you don’t need or even want.  Features like storing everything it hears  in a cloud location perhaps?  Also, if you can disable UPnP, you may want to do that too.  UPnP makes it easier to connect to phones and other devices, but also makes it easier for bad guys to connect remotely too.
  • Avoid devices with peer-to-peer capabilities.  P2P has been a constant source of security headaches and deficiencies.  P2P devices will work at finding networks to connect to, with our without your permission.  Just say no!
  • Connect IoT devices to a different network.  Keep them on a network that is separate from your computers and all your personal information.  This could be the Guest Wi-Fi network, or a wireless network you set up just for these devices.
  • Avoid Internet connections unless you really need them.  Do you really need your fridge connected to the Internet?

And that wraps up our week.  It requires extra levels of diligence to keep from being victimized over the Internet these days, and securing your smart devices is certainly one place that extra diligence is important.  Take a few minutes to lock these devices down and keep yourself out of trouble.


About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.