Securing Your Smart IoT Devices

It seems that everything you can buy comes with a smartphone app and an Internet connection.  As cool and shiny and modern as this is, every Internet connected device is one more place for a cyber-attacker or criminal to get onto your network and into your business.  There are steps you need to take to protect these cool toys from exploitation.

These devices include security cameras, refrigerators, thermostats, light bulbs and light fixtures, routers, watches, fitness monitors, and so on.  The list is endless.  Let’s just say if the device is at home or the office and you are watching it on your smartphone, that would be another one.

Here are some guidelines for setting up your new devices.

  • Change the default user name and password, if it is possible.  You may need to log into a web interface as we did in Wednesday’s post by entering the name of the device or IP address in a web browser.  See the setup guide and user manual.
  • Update the device firmware, if you can.  The latest firmware will include patches for earlier security failures.  This is something to do periodically, like once or twice a year.
  • Check the default features for your device.  There may be included features you don’t need or even want.  Features like storing everything it hears  in a cloud location perhaps?  Also, if you can disable UPnP, you may want to do that too.  UPnP makes it easier to connect to phones and other devices, but also makes it easier for bad guys to connect remotely too.
  • Avoid devices with peer-to-peer capabilities.  P2P has been a constant source of security headaches and deficiencies.  P2P devices will work at finding networks to connect to, with our without your permission.  Just say no!
  • Connect IoT devices to a different network.  Keep them on a network that is separate from your computers and all your personal information.  This could be the Guest Wi-Fi network, or a wireless network you set up just for these devices.
  • Avoid Internet connections unless you really need them.  Do you really need your fridge connected to the Internet?

And that wraps up our week.  It requires extra levels of diligence to keep from being victimized over the Internet these days, and securing your smart devices is certainly one place that extra diligence is important.  Take a few minutes to lock these devices down and keep yourself out of trouble.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.