Securing Your Smart IoT Devices

It seems that everything you can buy comes with a smartphone app and an Internet connection.  As cool and shiny and modern as this is, every Internet connected device is one more place for a cyber-attacker or criminal to get onto your network and into your business.  There are steps you need to take to protect these cool toys from exploitation.

These devices include security cameras, refrigerators, thermostats, light bulbs and light fixtures, routers, watches, fitness monitors, and so on.  The list is endless.  Let’s just say if the device is at home or the office and you are watching it on your smartphone, that would be another one.

Here are some guidelines for setting up your new devices.

  • Change the default user name and password, if it is possible.  You may need to log into a web interface as we did in Wednesday’s post by entering the name of the device or IP address in a web browser.  See the setup guide and user manual.
  • Update the device firmware, if you can.  The latest firmware will include patches for earlier security failures.  This is something to do periodically, like once or twice a year.
  • Check the default features for your device.  There may be included features you don’t need or even want.  Features like storing everything it hears  in a cloud location perhaps?  Also, if you can disable UPnP, you may want to do that too.  UPnP makes it easier to connect to phones and other devices, but also makes it easier for bad guys to connect remotely too.
  • Avoid devices with peer-to-peer capabilities.  P2P has been a constant source of security headaches and deficiencies.  P2P devices will work at finding networks to connect to, with our without your permission.  Just say no!
  • Connect IoT devices to a different network.  Keep them on a network that is separate from your computers and all your personal information.  This could be the Guest Wi-Fi network, or a wireless network you set up just for these devices.
  • Avoid Internet connections unless you really need them.  Do you really need your fridge connected to the Internet?

And that wraps up our week.  It requires extra levels of diligence to keep from being victimized over the Internet these days, and securing your smart devices is certainly one place that extra diligence is important.  Take a few minutes to lock these devices down and keep yourself out of trouble.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.