Securing Your Smart IoT Devices

It seems that everything you can buy comes with a smartphone app and an Internet connection.  As cool and shiny and modern as this is, every Internet connected device is one more place for a cyber-attacker or criminal to get onto your network and into your business.  There are steps you need to take to protect these cool toys from exploitation.

These devices include security cameras, refrigerators, thermostats, light bulbs and light fixtures, routers, watches, fitness monitors, and so on.  The list is endless.  Let’s just say if the device is at home or the office and you are watching it on your smartphone, that would be another one.

Here are some guidelines for setting up your new devices.

  • Change the default user name and password, if it is possible.  You may need to log into a web interface as we did in Wednesday’s post by entering the name of the device or IP address in a web browser.  See the setup guide and user manual.
  • Update the device firmware, if you can.  The latest firmware will include patches for earlier security failures.  This is something to do periodically, like once or twice a year.
  • Check the default features for your device.  There may be included features you don’t need or even want.  Features like storing everything it hears  in a cloud location perhaps?  Also, if you can disable UPnP, you may want to do that too.  UPnP makes it easier to connect to phones and other devices, but also makes it easier for bad guys to connect remotely too.
  • Avoid devices with peer-to-peer capabilities.  P2P has been a constant source of security headaches and deficiencies.  P2P devices will work at finding networks to connect to, with our without your permission.  Just say no!
  • Connect IoT devices to a different network.  Keep them on a network that is separate from your computers and all your personal information.  This could be the Guest Wi-Fi network, or a wireless network you set up just for these devices.
  • Avoid Internet connections unless you really need them.  Do you really need your fridge connected to the Internet?

And that wraps up our week.  It requires extra levels of diligence to keep from being victimized over the Internet these days, and securing your smart devices is certainly one place that extra diligence is important.  Take a few minutes to lock these devices down and keep yourself out of trouble.

1

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Comments

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.