Security of IoT: Do Your Devices Compromise Your Home Privacy?
In light of recent events in the news with Facebook, Cambridge Analytica, and the emerging idea of big data collection, concerns about personal data privacy and its collection are on the rise. How do you protect your personal data when using smart devices like Alexa or Google Home Assistant in your home? We talked to technology and security experts to gather their tips and insights on how to keep your home secure and private.
A Checklist for IoT Data Security
You don’t need to be afraid of technology, just be smart with it. There are some security measures you can take so that your IoT devices (and your home) don’t fall prey to a hacker.
- WiFi router—Wired Equivalent Privacy (WEP) protocol is outdated security that’s easily hacked. Use WiFi Protected Access II (WPA2) protocol, with all the security settings turned on, and set up a strong, complex password. Name your WiFi signal with non-identifiable information, not your surname.
- Guest network—Most WiFi routers have guest networking so an internet connection can be made without gaining access to network devices. Put IoT devices on the guest network if you are unsure about their security.
- Passwords—Don’t reuse passwords. If a hacker gains access to one device, an attempt is often made to hack the other devices with the same password. Also, don’t use the WiFi password that comes on the router manufacturer box. There isn’t any regulation or standard for security protocols of IoT devices, which means the manufacturer password is only as strong as what the manufacturer believes is necessary.
- Universal plug and play (UPnP)—Although UPnP is an easy way to network devices, it does so without configuration and makes it easy for hackers to discover all your network devices from beyond your local network. Turn off UPnP.
- Personal information—Limit the personal information that you provide to only what you are comfortable making public.
- IoT connections—Make sure your IoT devices have all security settings enabled to minimize risk of unauthorized access. Only link IoT devices to the internet if absolutely necessary.
- Smart Speaker/Home Assist—Products like Amazon Echo and Google Home are always listening. “Mute” the device when you have a sensitive conversation to prevent the device from recording conversations. Use any web service’s settings to limit how it can use your data.
- Default settings—Many IoT devices come with services such as remote access default-enabled. Turn off features and services that you don’t need.
Wired connections—Wired connections are harder to hack. Use wired vs. wireless connections when possible. - Firmware updates—Check the device manufacturer’s website regularly for firmware updates. These are security patches that fix vulnerabilities. Set your devices for automatic updates when possible, or manually check for updates frequently
Firewall—Install a firewall for the network with a stand-alone appliance or software that comes with the router. This restricts incoming connections. - Unified threat management appliance (UTM)—Install a UTM if you have an extensively networked home. This can detect and prevent breaches, manage the internet gateway and offer network antivirus protection.
- Secure authentication—Use two-step or facial authentication when possible. This added layer of security helps prevent hacks.
- Security software—Install such software on mobile devices used to control IoT devices. It’s easier for hackers to access an IoT device, such as a smart thermostat, via a malicious app versus hacking the device directly.
