Internet of Things (IoT): "Smart" may not be safe


 Garage door…
     Washer and dryer…
      Home entertainment system…
       Baby monitor…
        Home security system…
         Smart home assistance…
          …How many of these devices do you have?

Internet innovation has transformed the way we conduct commerce, secure our homes, manage our daily lives, and access entertainment. While the advancements have likely improved the quality of life for many, the convenience should be weighed against the risk to your personal information and safety. Symantec published an article to help consumers secure Internet of Things (IoT) devices. The following recommendations are adapted from a Symantec Security Center article (full citation at the end of the article):

Give your device a name.

All devices are assigned a default name by the manufacturer—it might identify the make or model. Rename the device something unique and not identifiable to your location and identity.

Use a strong encryption method for Wi-Fi.

When you establish your home wireless network, select a strong encryption method like WPA2, to protect your network and communications.

Set up a guest network.

Keep your Wi-Fi account private. Visitors, friends, and relatives can sign in to a separate network that does not tie into your IoT devices.

Change default usernames and passwords.

Cybercriminals probably already know the default passwords that come with many IoT products. That makes it easy for them to access your IoT devices and, potentially, the information on them.

Use strong, unique passwords for Wi-Fi networks and device accounts.

Avoid common words or passwords that are easy to guess, such as "password" or "123456." Instead, use unique, complex passwords made up of letters, numbers, and symbols, if possible.

Customize the settings for your devices.

Your IoT devices might come with default privacy and security settings. You might want to consider changing them, particularly those that allow the manufacturer to collect and transmit your information.

Disable unneeded features.

IoT devices come with a variety of services such as remote access, often enabled by default. If you don't need it, be sure to disable it.

Keep your software up to date.

When your smart phone manufacturer sends you a software update, do not put off installing it. It might be a patch for a security flaw. Mobile security is important, since you may connect other devices through your mobile device. Your IoT device manufacturers may also send updates to your devices—or you might have to visit their websites to check for them. Be sure to download updates and apply them to your device.

Periodically review your IoT devices.

It could be time to upgrade older devices. Routinely check for newer models that might offer stronger security.

Do the two-step.

Two-factor authentication (2FA)—such as a one-time code sent to your cellphone—adds a layer of security that can thwart criminals. If your smart-device apps offer 2-FA, please consider using it to protect your information.

Avoid public Wi-Fi networks.

You might want to manage your IoT devices through your mobile device in a coffee shop across town. If you're on public Wi-Fi—generally not a good idea—use a VPN.

Watch out for outages.

Ensure that a hardware or power outage does not restore the default manufacturer settings, leaving your device in an unsecure state.

Copyright © 2019 Symantec Corporation. Symantec Security Center, 2019, "12 tips to help secure your smart home and IoT devices (Adapted from the following publication: