Securing Your IoT Devices

Written by: Jack Loomis, Cyber Security Specialist

You may not have heard the term IoT – or Internet of Things – but I can guarantee you that you or someone you know uses it almost every day. IoT devices in their most basic definition are any devices that can connect to the internet. Nowadays, things like your car, microwave, washing machine, refrigerator, and almost anything else you can think of has this capability. When you connect a Ring doorbell to your home network, you have added an IoT device.

These devices are amazing, and they help make our busy lives so much easier. Being able to start, stop, lock, or unlock my car from anywhere in the world has proven to be an invaluable tool; especially on those cold winter mornings when I would normally have to trudge outside and start my freezing cold car. Ring doorbells have been an amazing addition to people’s homes, allowing them to monitor their front door from anywhere in the world and even talk to people through them as well. I have a couple of friends who make use of the IoT thermostats to make sure their house is set to the desired temperature as soon as they leave for work. These devices are designed to be intuitive and easy to use for non-technical people. While that’s an amazing thing, it also comes with a big concern: how do we keep these devices secure?

When you buy an IoT device and begin to set it up, what you need to remember is that the device you’re connecting to your network should be just as secure as your computer is. The more things that are connected to a network, the more doors that are left potentially open for would-be hackers. Here are a few things to keep in mind when setting up your IoT devices:

• Always change the default password. Most of these devices will give you a default password to use during initial setup. These are passwords that are well known on the Internet, and because of that hackers will use this as an opportunity to easily make their way into your network. By changing the default password to a complex password – much like you should be doing already on your home and work computers – you prevent the easiest access to unauthorized individuals.
• Enable automatic updates. No device is perfect, and sooner or later someone is going to discover a vulnerability. When these vulnerabilities are discovered, the software team will release a security update to prevent your device from being affected by the vulnerability. Making sure you’re always up to date on the latest firmware version for your IoT device is key to preventing any surprise attacks from something that was patched months ago. The easiest way to do this is to allow the device to update itself automatically. While there can be a slight risk of a bad update that breaks something, chances are that you’re much more likely to be affected by a vulnerability before that happens.
• Manage the privacy settings on the device. Most of these devices will allow you to edit the privacy settings for it. This can change who is allowed to look at certain settings, how much information is shared on the Internet, and more. The process of doing this is different for each device, but when you’re setting it up it can’t hurt to go through these settings to see if there’s anything that you don’t need and disabling it. The first step in the hacker’s killchain is reconnaissance, and a lot of that comes from open source intelligence that they can get for free from your social media. 

Using IoT devices can definitely make your life easier, and I would encourage anyone curious about them to simply try one out. While they are a great addition to our lives, they can also be a serious security flaw if left unchecked. If you have any further questions about how to secure your IoT devices, or would like to speak to someone more about security don’t hesitate to contact Southshore Managed IT Group at (219) 226-3386, option 1. 

Check out this week’s security tip video here to learn more about how you can protect and secure your devices and information!